Could they use the blurb of text at the top to give me like... a noun to describe what this is? It just says some vagueness about the future and investigating and exploring.
Is it a conference? A team? An initiative? How does it work?
Whatever this is supposed to be selling me on, they're doing a terrible job because I can't figure out what it is!
It's a sexy name by some middle manager somewhere, or some executive3 that got a good idea while taking a morning duce, to come up with an exciting new project that will juice their resume and hopefully get them promoted before it comes to the front that they do nothing and their objectives are entirely fluff.
It's an old trick first called out in The Dilbert Principle that you get promoted by being associated with sexy sounding projects, the best case is a sexy sounding project that has vague objectives.
Given the blurb above it sounds like there is very little substance to this and lots of style. Expect it to be sunset or fade into obscurity in 3-5 years.
EDIT: For context their stated mission is
> GitHub Next investigates the future of software development.
We explore things beyond the adjacent possible. Tools and technologies that will change our craft. New approaches to building healthy, productive software engineering teams.
Notice the lack of anything that will actually be produced, key words that you are dealing with BS is "explore", "approaches", and "change our craft" without any details on what any of that means. If they were producing or doing something they'd say that. As is it's meaningless marketing drivel that could translate better as "We've made up a fake job to play with cool tech, write ill-informed meaningless blog posts about what the next cool thing everyone should do is. We're also light on technical skills so we are going to focus on teams and projects not actual tech"
I don't begrudge them the fact they weaseled their way into this job good for them, but I don't expect much, and If I am wrong and these are actually super smart talented individuals that finally got the freedom to make something happen then I apologize for my dismissiveness. That being said when companies get acquired by MS they don't tend to be known for their innovation and ground breaking research going forward.
"
GitHub Next investigates the future of software development.
We explore things beyond the adjacent possible. Tools and technologies that will change our craft. New approaches to building healthy, productive software engineering teams.
"
That explains what it does (somewhat vaguely), but not what Github Next is and who makes it up. Is it a team at GitHub that employees work on full time? It it some kind of initiative where GitHub employees spend part of their time working on it? Is it a community effort? Am I able to join in?
I don't have such high expectations for websites. It's just a showcase, and it really looks like a showcase site, so the description seemed good enough
Regarding visualization of codebases, something I've wanted for a long time is a graph of function calls across an entire project.
I want to know all the callers and callees of every function. This shouldn't be too hard, we already have find references via LSP.
Turning this into a graph would make it significantly easier to manage the entry and exit points of a code base and inform architecture decisions, refactors, type checking, hot paths etc.
This isn't really what you're asking for, but since no-one else has mentioned it, the call hierarchy feature built into most IDEs gets about 50% of the way there. The obvious limitations are that this usually only works for one function at a time, and shows a tree not a graph.
I ended up doing this for our python codebases at work.
The AST module was super handy as you'd expect. The script would optionally take some filters to reduce the size of the generated graph, and then it sent all the info to Graphiz (it emitted DOT, too, so it could be version controlled!!)
Doxygen has the ability to generate these with its CALL_GRAPH/CALLER_GRAPH config, at least from each function individually. It can look quite funny when the depth isn't limited: https://i.imgur.com/3LMV71N.png
It's coming at it from the wrong end, but I do a lot of this with kcachegrind, particularly for tracking down hot paths in Ruby, which is so dynamic that static analysis of nigh impossible. At least for the purposes of checking hot paths, it's quite useful.
That’s a cool idea. I don’t know much about ASTs or anything but I know you are right about LSP being able to find most everything I am searching for in the mostly statically typed languages I’ve worked with. Would be fun to try that out over a weekend or three.
I have been looking for something like that for a while and your reply made me look again. I just came across Codemap (haven’t tried): https://codemap.app/
> GitHub Next investigates the future of software development.
Yesterday I tried to use Datadog's Github integration for stacktraces and it asked me for "access Github on my behalf".
It's been the same since the beginning of Github - they leave integrators with no better options, and users with an ambiguous UI dialog / docs that downplay the scope being granted.
Sooooo maybe fix your own stuff before making such grandiose claims?
Why wouldn't this be done over git? It seems almost ridiculous for this to be a GitHub-specific API and authentication mechanism instead of merely authorizing an SSH key from Datadog (which would then allow whatever this service is doing with the source code to also work for any other source code hosting solution).
Because DataDog's GitHub integration does in addition to git data also take GitHub data into account to provide a better user experience. E.g. for giving "this action broke this thing" insights giving you a clickable link to a GitHub PR instead of just providing you with a git SHA hash.
They also provide a direct git integration, which as far as I can tell just is a reduced version of the GitHub one, with a featureset that seems reasonable if they only have the pure git data.
Metadata lives in the API, not the git repo. I would argue a github app with rotating hourly tokens which datadog seems to support is better than a users ssh key or an ssh key with access to many repos.
> GitHub Copilot is trained on billions of lines of public code.
> In one instance, GitHub Copilot suggested starting an empty file with something it had even seen more than a whopping 700,000 different times during training–that was the GNU General Public License.
This indicates that they are training it on github's public repositories and at the very least including 700,000 GPL licensed projects or code files. Since the GPL is one of the most "restrictive" open source licenses one can assume they are not caring about the licenses much.
It's infuriating, when you are large enough you can get away with anything when it comes to copyright violations but I remember the crazy pushback on things like format and time shifting against private individuals.
This should absolutely be litigated to stop the blatant laundering of copyright under the guise of fair use.
Copilot's API is surfacing snippets of work without licensing information attached alongside. It can be shown in discovery that Copilot does access the origin work.
The sooner this is slapped down, the sooner we can avoid addressing the even more troubling question that exists today: is someone who used Copilot to throw together a bunch of code infringing copyright of works where those portions originate?
This is a complex problem with no satisfying conclusions... how could one be violating copyright if they never accessed the 'copied' work to copy? Copyrights aren't patents. Infringement requires copying.
Using Copilot launders the user's awareness of the origin works, yet making the Copilot users liable for widespread "accidental" copying would be troubling.
It's not complex at all: if you use Copilot to generate code for you you are engaging in copyright infringement.
That you got the code from and entity that stole it somewhere else doesn't really matter. Generative models should respect copyright for their sources, and using a generative model to create new works that you intend to claim copyright on is stupid: someone may well show up one day with ironclad proof that you used their code without permission.
Except every attorney that has taken a look disagrees with you. So it is complex and unless you have any standing or new data I think it's safe to dismiss your entire argument.
Until then all you have is opinions, mine is pretty straightforward: if the generative model can be made to work without first training it on other people's code then it isn't copyright infringement, if not then it is transforming one set of works into another.
The only thing that might let GitHub off the hook is their terms of service, but that might mean mass exodus from GitHub because if they interpret you using GitHub to host your code as a blanket permission to do with that code whatever they want then that's clearly not the original intent of the service.
If Microsoft buying GitHub claims that gave them a blanket license to do as they please with the contributions of millions of FOSS contributors then they are still just as bad as they were in the past.
Almost every GitHub repository comes with a license file, even GitHub should have to abide by that license, otherwise the whole thing is pointless.
Unless you have specialized training in copyright law, your opinion is unfortunately invalid when compared to actual experts in the field. You're making assertions that you clearly cannot substantiate coupled with the fact that we're not seeing an influx of litigants. Personally, I'm yet to see any news of even a single litigant challenging copilot. Also, the outcome of cases in the US are in many cases decided by a jury, not a judge.
I've fielded a couple of copyright lawsuits and won them, obviously the lawyers of the defendants thought they had an excellent case. I may not be a lawyer but I do know a thing or two about copyright law and as far as I'm concerned if you claim that you have created something because you took someone else's copyrighted content and pushed it through a machine of sorts that does not create an original work. There is plenty of settled caselaw around this. So that much we can establish off the bat. Which means if you use this to create your own copyrighted work you may have a problem anyway. Whether or not it is infringing or not is largely a matter of the length of the segment produced and whether or not it matches the original in some non-trivial way. The mechanism in the middle doesn't really matter.
If Microsoft/GitHub want to field the argument that they own the rights to all of the code uploaded to GitHub then I'm perfectly fine with that, the only problem I see with that defense is that it will likely kill GitHub overnight.
As for the jury argument: that's fine, but juries aren't lawyers either. I'm not sure if that should weigh as a positive or a negative for Microsoft.
Finally, regardless of the legality: there is such a thing as ethics and in my book you don't appropriate a large body of work from a whole community without so much as a by-your-leave. There have been other threads on HN regarding this and it is interesting to see the various opinions, even so if Copilot is challenged legally than I'll be cheering on the party bringing the suit.
A reminder that copyright infringement vs fair use is in part dependent on the amount of the copyrighted material that’s being used, the nature of that use and the transformativeness of the infringing work. Just because co-pilot suggests code snippets that can be found in a copyrighted work does not mean that the resulting produced product is in fact an infringement of that copyright.
Also a reminder that outside the copilot debate, the online rights movement has largely been pushing for scraping, deep linking and transforming scrapped data to not be considered copyright infringement, regardless of any TOS on the site being scraped.
To me, co pilot is a exactly that, a scraper that has scraped public websites and is now presenting me the scraped data in an alternative and often transformed form. It’s my responsibility as a developer to ensure that my released product complies with applicable copyright law, but copilot and the use thereof is not in and of itself copyright infringement.
That a tool can be used to create infringing work or infringe on copyright in general is no more a valid argument against co pilot than it is against CD burners, de-drm tools, vcrs, kodi or plex, scanners or any number of day to day items that have the ability to infringe copyright if the user uses it for that purpose.
Maybe, but then every large AI project is also committing copyright violations because as Microsoft notes this is currently a common practice in the AI research community.
Microsoft has been super litigious in the past when it came to copyright violation starting all the way back with Bill Gates' letter in Byte magazine about those pesky pirates. To see them do this makes pirating MS software fair game from here on. They could have asked nicely, instead they just took.
It is. Laws are adapted based on widespread technological capabilities and progress.
As an example, if it is easy to create real voice or signature using AI models - they should no longer be considered effective evidence for contractual reason instead of enforcing that it is illegal to forge it. That is not going to work.
Your example is not good. Speeding is not a technical innovation that require any fundamental change. It is enforced in automated fashion and it is beneficial for the safety of public at large if reasonably implemented.
All laws are made in interest of someone.
Does the copyright apply to AI models since they are out of scope and weren't widespread when it came into force?
Does the proposed benefit in the original law apply in practice?
Are they more beneficial than the progress allowed by AI models who use them as training data?
Is the copyright law practically enforceable on output generated by AI models?
Copyright law is what it is today. Like it or not doesn't really matter. And yes, copyright law is practically enforceable, regardless of how copyright is broken. That's what the Berne Convention is all about.
If Copilot reads copyrighted code to learn, and it‘s copyright violation…
Does the same apply to a human? Do we now define copyright violation differently for computers? I don‘t know the perfect answer here. But I‘m not so sure we should have standards that change depending on if a program is doing it or a human is doing it. Perhaps a bad standard to begin with.
I do tend to learn towards thinking „company uses publicly available, open source code in product“ is somewhat of a nothing-burger though.
Framing this as learning is unhelpful. Copilot isn't just learning. It can reproduce code it saw during training verbatim. It will even reproduce the GPLv3 licence itself. If you copy-paste code from a GPLv3-licenced sourced without attribution, it's a copyright violation. Why should it be different for Copilot?
EDIT: After more reading on the subject, I'm willing to accept that copyright infringement is unlikely here. This link [1] was the one I found most convincing.
However, I would still shift the goalposts and look at this ethically, and I still think it's wrong that Microsoft is profiting from code with licences like GPLv3. This is a whole other topic, though.
why not train it on copyright material also? whats the prima-facie reason for not doing so? i mean if you are doing "all public repos", why not everything else?
there is public DB of windows code out there, if "cant" is the word then let users submit the injest code and let it train on it.
if "wont" is the word then who gave them the permission?
The reason is that GitHub, being GitHub, has a lot of search indices and existing analytics on the code that is hosted on GitHub.
It was easier, at least - but probably gives some nice guarantees about the statistics of "public" code, with the norms and conventions you're "used to", because you're used to the internet's coding norms.
Company code can be pretty bad, even at Microsoft, often riddled with hyper-verbose variable names and strange design patterns.
imagine in 10-20 years, software engineers as we know it will be obsolete.
I've heard people saying this since the mid-70's.
I lump it into the same trash bin with flying cars and orbiting space hotels, and "90 minutes from New York to Paris — undersea by rail." Things envisioned by artists that will never happen in my lifetime, or yours.
Lots of other languages, tools, libraries, and frameworks have already made SWEs orders of magnitude more productive over the course of the last 40+ years. I don't think there's any indication of the field shrinking or slowing down as a result of that though.
Yea because in the future everyone will write code and things like
Copilot get us there. You’re probably an engineer who likes making way more than average. So you’re biased
If the web implementation of git could be as federated/decentralized/open as git is so that GitHub didn't exist, that would be my ideal "GitHub-Next". Please eliminate yourselves.
I really don't like the two trends Github is pushing for:
1. Code editor is full of telemetry and costs money, only accessible over the internet.
2. Code regressing into lots of boilerplate and automatically copied stack overflow answers by copilot, programmers using less critical thinking skills.
Will they be innovating in ways that we get to use for free? Or are they creating new ways to get in-between the coder and the machine? E.g. Copilot is a paid subscription.
By enabling increased complexity (via Language Server Protocol, Copilot, and even GitHub itself) devs get locked-in to the MS ecosystem. It reminds me of Braess's paradox ("adding one or more roads to a road network can slow down overall traffic flow through it" https://en.wikipedia.org/wiki/Braess%27s_paradox ).
Increasing our ability to generate (but not comprehend) complex systems is also intrinsically dangerous (beyond the "rent seeking" of MS) because complexity itself is a kind of cost or overhead. This is not to say that the more complex system cannot result in efficiency gains that outweigh the cost to maintain that complexity. (If that were true there would be no multicellular life, eh?) It means complexity should be carefully justified in terms of economic/engineering considerations.
Visualising a Codebase: This sounds very interesting, it looks like similar graphics as what CodeScene creates.
The dependency between the modules seems like a nice addition to me. I don't think CodeScene has that one. Can't wait to try this on our bigger projects.
I never found a really good way to visualize large codebases and the dependencies between the modules, does somebody have something for this?
Yup! When Jason departed, we couldn't be an OCTO without a CTO soooo rebrand! but the mission remains the same. Prototype things to figure out what should be!
Used to be that way! But actually for security reasons, it was better for us to operate out of a separate domain. The github.com domain is very locked down for good reason.
Also, various boring realities around SSL termination made deployment difficult in a github.com domain. This was the expedient solution. Not phishing!
This happens all the time because setting up an entirely new domain yourself is way less work than asking the internal IT team to set up a subdomain for you. If the GitHub IT team is reading this then yes, that means you failed.
I'd imagine it's less about setup complexity and more about reducing the attack surface of the main domain where any number of mistakes on the subdomain could expose a vulnerability for the main domain as well.
co-pilot used to generate react code with a GUI visualization tool. Boy am I excited for the amount of money people will be paying for ongoing maintenance for this brave new world.
We're thinking about review experiences! We're developers too, and we're keenly interested in how to make code more reviewable, how to help developers _make_ code more reviewable, and alternative interfaces to the notion of changesets.
If anyone on the team at GitHub who built this site sees this --
Heads up, that page has no `<title>` tag so the browser tab is `githubnext.com/`. That is a _VERY_ minor nit, but still an SEO ding (you're github, that doesn't matter much), and a rough edge that could be buffed out.
Long time ago I read/skimmed the specification, but I think the DOCTYPE preamble is the only _required_ element in a HTML5 document. The specification allows you to omit <head/> if it's empty, and if that's allowed, then it should be allowed to not having any <title/> elements as well.
> Note: The title element is a required child in most situations, but when a higher-level protocol provides title information, e.g. in the Subject line of an e-mail when HTML is used as an e-mail authoring format, the title element can be omitted.
> If it's reasonable for the Document to have no title, then the title element is probably not required. See the head element's content model for a description of when the element is required.
So strictly speaking, if it's meant to be used as a traditional web page, you should really have it (obviously), but it's not strictly required.
It’s not that you’re allowed to omit the head element (you’re not, and you can’t), but that its start and end tags are optional. Same with the html and body elements. (These remarks apply to HTML syntax only; in XML syntax, which is certainly still a thing, you can (if you care not for validity) omit whatever elements you choose to, only needing some root element.)
The normative reference on the necessity of <title> is in the content model for the head element:
> If the document is an `iframe srcdoc` document or if title information is available from a higher-level protocol: Zero or more elements of metadata content, of which no more than one is a `title` element and no more than one is a `base` element.
> Otherwise: One or more elements of metadata content, of which exactly one is a `title` element and no more than one is a `base` element.
For the rest, you’re correct: the DOCTYPE is the only always-mandatory thing in a valid HTML document.
If you omit writing <head> and </head> in HTML syntax, there will still be a head tag in the parsed result.
(This is different from XML syntax, where omitting the start and end tags means omitting the element as a whole so that there will be no head tag in the parsed result.)
> If the document is an iframe srcdoc document or if title information is available from a higher-level protocol: Zero or more elements of metadata content, of which no more than one is a title element […].
> Otherwise: One or more elements of metadata content, of which exactly one is a title element […].
So it is required, not just suggested, for a web page, but not for all kinds of html documents; TIL. The parser still tries to parse head contents before body contents even if you omit the head tags, so a doctype followed by title is the shortest valid full page.
I didn't mention the doctype because I believe it isn't strictly speaking an element, just a preamble, but you're right, it's required as well.
> I didn't mention the doctype because I believe it isn't strictly speaking an element, just a preamble, but you're right, it's required as well.
Funny thing, when I read “the only mandatory element in a valid HTML5 document”, I interpreted “element” in its generic English sense (piece, thing) rather than its HTML sense (node of type element, as distinct from text/comment/doctype/other-types-only-found-in-XML-syntax nodes).
True, I guess I would too if I were a native English speaker. Even when the words are almost identical in my language, I read them as programming jargon before plain English.
I noticed that twitter.com also has no <title> tag, the title gets set once the JS loads. Kinda surprising to me that such a popular site like Twitter doesn't have such a basic HTML tag.
Is it a conference? A team? An initiative? How does it work?
Whatever this is supposed to be selling me on, they're doing a terrible job because I can't figure out what it is!