Welcome to GitHub, Brought to You by Microsoft – InApps Technology 2022

So, as anyone who writes code and has a pulse already knows, Microsoft is in the process of buying GitHub. No money has actually changed hands yet, but the sale is expected to wrap up by the end of this year. GitHub joining the Microsoft $2 billion+ Acquisition Club — whose roster includes LinkedIn, Minecraft/Mojang, and Yammer (remember Yammer? Yeah me neither) — is basically a done deal. And many of the 28 million open source developers who call GitHub home are freaking the fuck out.

As am I. Well, at least at first, anyway, but I’ve calmed down enough now to start thinking things through. Because my spidey senses are tingling, despite reassurances that “GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries.” Or so says the press release. Anyway, we are supposed to believe in this new, benevolent Microsoft, the one that has embraced open source to the point where it has become the number one contributor to GitHub, having made more than 2 million commits.

Under that, WE ❤OPEN SOURCE conference swag t-shirt, however, still beats the same proprietary closed-stack heart that helped Microsoft become the largest software company in the world in the first place. Like I have to tell you this, but despite Microsoft’s recent much-promoted turn to aggressively embrace everything open source, the tech giant has a long history of opposing open software.

As in, FLOSS — free software and open source movements — were seen as a threat to the company’s business model as a commercial software company creating proprietary products. To the point where then-CEO Steve Ballmer referred to  the trend of developers creating open source projects to be found and shared on sites like GitHub, and Linux in particular, as “a cancer,” adding that it “went against the American Way.” This all supposedly changed in 2014, when Ballmer stepped down and Microsoft’s new CEO, Satya Nadella, announced the company would “embrace” the open source community. Oh? Like, how a python “embraces” its breakfast? Just this past weekend, open-source developer Jamie Kyle accused Microsoft of stealing code.

Notice the impetus behind @Jamiebuilds finally deciding to speak publicly. Kyle didn’t raise a stink when it first happened. The tl;dr version of which is, Kyle — whose formidable open source pedigree includes contributing to Babel, Flow, Yarn and membership on the TC39 steering committee — built Lernajs, a svelte tool to organize and manage JavaScript packages across projects. Read the Twitter feed for the entire tale, but the upshot is that a team from Microsoft apparently mirrored the Lernajs codebase and renamed it Rushjs. They didn’t fork it, which would be a totally legit open source thing to do. Instead, it appears — according to Kyle’s timeline of events, which is very convincing and oh yeah publicly documented on GitHub — that Microsoft employees essentially copy/pasted Lernajs.

Like a grownup, Kyle tried to figure out what happened, approach the other party, and collaborate on a resolution to the issue. Basically, Kyle just wanted was public acknowledgment of Rush’s origins. “So I reached out to people I knew at Microsoft. This was probably a year ago now. They were shocked and apologized. But since then nothing has happened,” Kyle wrote. “Oh wait yeah, something did happen. The commit history of Rush was messed with and a lot of the code was moved around, functions renamed, rewritten… Instead of just updating a license or even just adding a footnote, they went through all that trouble.”

Notice that Kyle, who in addition to being an open source superhero is also clearly a class act, finally spoke up in response to the devs who shrugged off the news that GitHub would now be in the hands of Microsoft. Not partnered with, but fully owned by. Spurred by tweets like:

My post-announcement experience was similar to Kyle’s. I was not surprised when developers I know expressed concern about GitHub’s acquisition. But a stunning number seemed completely unbothered by the news: That everything will be fine, nothing is going to change, after all, GitHub was hemorrhaging money and something like this was inevitable and it least Oracle or IBM wasn’t the new owner. And, hey, look at Microsoft being all open source cuddly’n’stuff:

“Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation,” Nadella said in a press release announcing the deal.

To me, this feels like we were sailing along on the Good Ship GitHub when the Dread Pirate Microsoft attempts to board. Instead of fighting off the incursion, or at least hammering out conditions of mutual conduct, these people are all like, “Hey, they might be bloodthirsty pirates with a history of taking what they want, yeah, but look! They’re like us! They also like sailing and swimming and singing sea chanties. We will be friends. Things are going to be just fine!”

Maybe they will. It would be so awesome if Microsoft indeed simply puts a financial net under GitHub and otherwise leaves the center of the open source universe spinning as before. And this optimism does have some genuine foundations: Under Nadella, Microsoft been increasingly utilizing OS tools in its proprietary products. So wrecking GitHub, a company that has become a key part of the way Microsoft writes its own software, would make no sense. Furthermore, Microsoft now even has offerings which support many flavors of Linux — that once-decried “cancer” — and has used open models on some significant cloud and developer products.

Maybe it won’t, though. And that is why we in the open source community have to be clear-eyed and vigilant about this. First, there are your low-level concerns, like GitHub will likely now have be getting banner ads (annoying) and tracking (annoying and evil). And that Microsoft would begin sluicing GitHub users toward integrated Microsoft products — for example, if building a cloud native project and GitHub offers one-button hotwiring to Azure, the path of least resistance will be to push that button. Also: Hello VSCode! And byebye Atom, don’t let the exit door hit ya where the good Lord split ya.

All that stuff is likely, but navigable. The largest worry, for me and other people really trying to think through what this means and what might come, is Microsoft now being in a position of being the custodian of the intellectual property of everyone using GitHub to host their code, whether public or private. There have been many reassurances along these lines: “We will never, ever peek at your code!”

For most of us, this is not much of a concern: like I’m really worried Microsoft is going to hork my learn-JavaScript-by-building-things ToDo List app. But what about organizations that bought into the GitHub ethos and elected to host even proprietary code there in private repos?  Microsoft now will have full access to your innermost secrets. That can’t feel so good. Furthermore, what if some government agency orders Microsoft to turn over a competitor’s source code? Or even their own? Then there’s the whole issue of how this is one more landmark event for an increasingly monopolistic tech industry. (Or, as Kyle pointed out via tweet: “If you trust a handful of corporations with your entire toolchain and expect them not to fuck you over I’ve got a bridge to sell you.”)

What it all boils down to is, yeah Microsoft has changed its tune considerably over the past four years. And I like Nadella. But this is a tectonic shift in the landscape of open source development. Pretending otherwise is to be willfully naive. I’m certain Microsoft is loaded with great people who have contributed a great deal to the open source ecosystem. But these great folks work within a multiplicitously headed, very-much-for-profit hydra, with its own lengthy history of piratical practices. That is an insane amount of momentum for a few good devs to push back against. And, again, look at Jamie Kyle’s very recent experience: it appears there are still entire teams inside Microsoft who have zero ethical issues working that way.

I’m not saying I’m moving my code to GitLab, stat. The words “frying pan” and “fire” come to mind with that kind of knee-jerk jump. And I genuinely love GitHub and don’t want to break up. So I’m trying to keep my mind open to the possibility that this all could actually work out to benefit both the world’s largest/richest software company and the open source ecosystem.

But I am also keeping my eyes open. Aaaand creating a GitLab account.

Michelle Gienow’s Code n00B appears every other Froiday, only here on InApps Technology.