Translate post

_includes/projects.html

@@ -14,7 +14,7 @@
           <div class="card-body">
             <h2 class="card-title">{{ project.title }}</h2>
             <p class="card-text">{{ project.description }}</p>
-              {%- if project.github -%}
+              <!-- {%- if project.github -%}
               <div class="github-icon">
                 <div class="icon" data-toggle="tooltip" title="Code repository">
                   <a href="{{ project.github }}" class="stretched-link"><i class="fab fa-lg fa-git gh-icon"></i></a>
@@ -26,7 +26,7 @@
                 </span>
                 {%- endif %}
               </div>
-              {%- endif %}
+              {%- endif %} -->
           </div>
         </div>
       </a>

_includes/projects_horizontal.html

@@ -8,7 +8,7 @@
       <div class="card-body">
         <h3 class="card-title">{{ project.title }}</h3>
         <p class="card-text">{{ project.description }}</p>
-        {%- if project.github -%}
+        <!-- {%- if project.github -%}
         <div class="github-icon">
           <div class="icon" data-toggle="tooltip" title="Code repository">
             <a href="{{ project.github }}" class="stretched-link"><i class="fab fa-lg fa-git gh-icon"></i></a>
@@ -20,7 +20,7 @@
           </span>
           {%- endif -%}
         </div>
-        {%- endif -%}
+        {%- endif -%} -->
       </div>
     </div>
   </a>

_posts/2022-11-24-github-copilot-en.md

@@ -0,0 +1,77 @@
+---
+layout: post
+title: GitHub Copi­lot
+date: 2022-11-24 17:39:00
+description: Progress or risk?
+---
+
+It's a tool from GitHub or, as Microsoft advertises, an _AI pair programmer_, which provides code suggestions as you code. These suggestions can be received by starting to write a part of the code or by adding a comment in natural language describing what you are trying to do. This latter point, particularly, gives it a positive differential compared to its potential competitors such as IntelliSense, which only provides code completion, or Tabnine, which does the same as IntelliSense but uses AI, but does not have as much generation power as Copilot.
+
+### How does it work?
+
+It uses OpenAI Codex, which, in short, is a system that translates natural language into code.
+
+{% include figure.html path="assets/img/copilot.png" class="img-fluid rounded z-depth-1" %}
+
+> GitHub Copilot Flow
+
+It is a direct descendant of GPT-3 (_generative pre-trained transformer_), which aims or main task is the generation of natural language in response to a message, as redundant as it may sound, in natural language. Therefore, based on an initial text, it can produce text that continues it and is, of course, related to the initial one. Codex, in addition to having the natural language processing feature, can produce functional code.
+
+Codex has a memory of 14KB, compared to its predecessor which only has 4KB. This makes it take into account 3 times more contextual information. The contextual information arises from the comments and code being developed both in the current file and in the rest of the files of the project being carried out (that is, files located in the same folder).
+
+According to [OpenAI](https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs), Codex was trained with both natural language and millions of lines of code, coming from millions of public repositories on GitHub. In addition, with this training, Codex gives the correct answer to problems in 28.8% of cases.
+
+### Is it useful?
+
+It depends. Many people argue that it facilitates the process, but others think quite the opposite: it slows it down. For me, after doing several tests and using it daily, most of the time it slows down the production of code. Why? Simply because while in some particular cases it can give you the code snippet you need (instead of, for example, going to sites like Stack Overflow and copying the needed code from there), it is not good for understanding the code as a whole and could potentially generate bugs that, the more this tool is used, the harder they would be to find. To prevent this, the use of this tool requires a great knowledge of the language and what you want to program; therefore, having this knowledge, I doubt that one really wants to use this tool.
+
+A similar case worth mentioning is that of translations. In some companies, translators have been forced to put what they want to translate into a tool like Google Translate and then correct it (instead of translating the text directly). This, as in the case of GitHub Copilot, undoubtedly can bring certain improvements in the total translation time; however, it is necessary to consider that it could bring decrements in the overall performance if the tool in question does not work properly.
+
+### Security-related issues
+
+Because Codex could generate any code, it must be taken into account that it could precisely cause vulnerabilities or some [malicious code](https://arxiv.org/pdf/2108.09293.pdf). That is why OpenAI recommends running this code in a sandbox first, to ensure that it is not actually malware. This, again, requires a great effort and knowledge of the programmer to read and reread the generated code and thus study its possible vulnerabilities. In this way, time is still lost and it precisely goes against what this tool tries to solve.
+
+One might think that the more this tool is adjusted (that is, the more it is updated and improved), this would not continue to happen, but, curiously, the opposite would happen. If the tool were to be improved, it would produce more powerful code and, therefore, with a much greater risk of having vulnerabilities or containing malware.
+
+### License issues
+
+As we saw, GitHub Copilot is trained with public repositories from GitHub. This brings serious problems regarding the different [OSS licenses](https://opensource.org/licenses) (_open source software_), since it could make parts of open-source code be used in proprietary code projects.
+
+Some OSS licenses do not allow reproduction if the same license is not maintained ([copyleft](https://www.gnu.org/licenses/copyleft.en.html)), that is, its code cannot be used in a proprietary project unless the latter changes its license. The problem is that GitHub Copilot does not take this into account, since, at least in the version released on 11/24/2022, it only recommends code regardless of the license of the project from which it was obtained. Furthermore, as if that were not enough, GitHub washes its hands by leaving _copyleft compliance_ to the users. But, however, another question arises: how can this be done if users don't directly know where the code came from?
+
+On the other hand, another problem that may arise with the use of this tool is the weakening of open-source communities, as it makes many programmers get code quickly without seeing where it came from. So the programmer-to-programmer contact is lost.
+
+Because of all this, Microsoft received a [lawsuit](https://githubcopilotlitigation.com/) from a group of people in the USA. The group alleges that several legal rights are violated in relation to OSS licenses, and Microsoft's own terms of service and privacy policies, among other things.
+
+Precisely because of all this, many open-source projects (and particularly [SFC](https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details)) are leaving GitHub. Microsoft thinks that by providing code hosting it is already its owner and, therefore, can do whatever it wants with it.
+
+I would like the curious reader to think about this topic and reflect, at the same time, whether it is not a good option, and even ethically responsible, to leave GitHub and use other alternatives like GitLab, SourceHut, CodeBerg, or, if they indeed have the necessary knowledge (and the proper hardware), try to host an SCM system themselves.
+
+### References
+
+- [https://arxiv.org/pdf/2107.03374.pdf](https://arxiv.org/pdf/2107.03374.pdf)
+- [https://arxiv.org/pdf/2108.09293.pdf](https://arxiv.org/pdf/2108.09293.pdf)
+- [https://openai.com/blog/openai-codex](https://openai.com/blog/openai-codex)
+- [https://github.com/openai/human-eval](https://github.com/openai/human-eval)
+- [https://www.fast.ai/posts/2021-07-19-copilot.html](https://www.fast.ai/posts/2021-07-19-copilot.html)
+- [https://github.com/features/copilot](https://github.com/features/copilot)
+- [https://docs.github.com/en/copilot/overview-of-github-copilot/about-github-copilot](https://docs.github.com/en/copilot/overview-of-github-copilot/about-github-copilot)
+- [https://www.theregister.com/2021/07/06/github_copilot_autocoder_caught_spilling](https://www.theregister.com/2021/07/06/github_copilot_autocoder_caught_spilling)
+- [https://www.youtube.com/watch?v=SGUCcjHTmGY](https://www.youtube.com/watch?v=SGUCcjHTmGY)
+- [https://medium.com/analytics-vidhya/github-copilot-all-you-need-to-know-8e6fc1d5ccc](https://medium.com/analytics-vidhya/github-copilot-all-you-need-to-know-8e6fc1d5ccc)
+- [https://en.wikipedia.org/wiki/GPT-3](https://en.wikipedia.org/wiki/GPT-3)
+- [https://en.wikipedia.org/wiki/OpenAI_Codex](https://en.wikipedia.org/wiki/OpenAI_Codex)
+- [https://betterprogramming.pub/ai-review-github-copilot-d43afde51a5a](https://betterprogramming.pub/ai-review-github-copilot-d43afde51a5a)
+- [https://thenewstack.io/github-copilot-and-open-source-a-love-story-that-wont-end-well](https://thenewstack.io/github-copilot-and-open-source-a-love-story-that-wont-end-well)
+- [https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details](https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details)
+- [https://choosealicense.com/licenses/agpl-3.0](https://choosealicense.com/licenses/agpl-3.0)
+- [https://opensource.org/faq#copyleft](https://opensource.org/faq#copyleft)
+- [https://www.gnu.org/licenses/copyleft.en.html](https://www.gnu.org/licenses/copyleft.en.html)
+- [https://techcrunch.com/2022/07/01/open-source-developers-urged-to-ditch-github-following-copilot-launch](https://techcrunch.com/2022/07/01/open-source-developers-urged-to-ditch-github-following-copilot-launch)
+- [https://githubcopilotinvestigation.com/#what-does-copilot-mean-for-open-source-communities](https://githubcopilotinvestigation.com/#what-does-copilot-mean-for-open-source-communities)
+- [https://github.blog/2021-06-30-github-copilot-research-recitation](https://github.blog/2021-06-30-github-copilot-research-recitation)
+- [https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs](https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs)
+- [https://matthewbutterick.com/chron/this-copilot-is-stupid-and-wants-to-kill-me.html](https://matthewbutterick.com/chron/this-copilot-is-stupid-and-wants-to-kill-me.html)
+- [https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers](https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers)
+- [https://thestack.technology/microsoft-github-sued-over-copilot](https://thestack.technology/microsoft-github-sued-over-copilot)
+- [https://dl.acm.org/doi/pdf/10.1145/3442188.3445922](https://dl.acm.org/doi/pdf/10.1145/3442188.3445922)

_posts/2022-11-24-github-copilot.md

@@ -49,29 +49,29 @@ Me gustaría que el lector curioso piense sobre este tema y reflexione, a su vez
 
 ### Referencias
 
-- https://arxiv.org/pdf/2107.03374.pdf
-- https://arxiv.org/pdf/2108.09293.pdf
-- https://openai.com/blog/openai-codex
-- https://github.com/openai/human-eval
-- https://www.fast.ai/posts/2021-07-19-copilot.html
-- https://github.com/features/copilot
-- https://docs.github.com/en/copilot/overview-of-github-copilot/about-github-copilot
-- https://www.theregister.com/2021/07/06/github_copilot_autocoder_caught_spilling
-- https://www.youtube.com/watch?v=SGUCcjHTmGY
-- https://medium.com/analytics-vidhya/github-copilot-all-you-need-to-know-8e6fc1d5ccc
-- https://en.wikipedia.org/wiki/GPT-3
-- https://en.wikipedia.org/wiki/OpenAI_Codex
-- https://betterprogramming.pub/ai-review-github-copilot-d43afde51a5a
-- https://thenewstack.io/github-copilot-and-open-source-a-love-story-that-wont-end-well
-- https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details
-- https://choosealicense.com/licenses/agpl-3.0
-- https://opensource.org/faq#copyleft
-- https://www.gnu.org/licenses/copyleft.en.html
-- https://techcrunch.com/2022/07/01/open-source-developers-urged-to-ditch-github-following-copilot-launch
-- https://githubcopilotinvestigation.com/#what-does-copilot-mean-for-open-source-communities
-- https://github.blog/2021-06-30-github-copilot-research-recitation
-- https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs
-- https://matthewbutterick.com/chron/this-copilot-is-stupid-and-wants-to-kill-me.html
-- https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers
-- https://thestack.technology/microsoft-github-sued-over-copilot
-- https://dl.acm.org/doi/pdf/10.1145/3442188.3445922
+- [https://arxiv.org/pdf/2107.03374.pdf](https://arxiv.org/pdf/2107.03374.pdf)
+- [https://arxiv.org/pdf/2108.09293.pdf](https://arxiv.org/pdf/2108.09293.pdf)
+- [https://openai.com/blog/openai-codex](https://openai.com/blog/openai-codex)
+- [https://github.com/openai/human-eval](https://github.com/openai/human-eval)
+- [https://www.fast.ai/posts/2021-07-19-copilot.html](https://www.fast.ai/posts/2021-07-19-copilot.html)
+- [https://github.com/features/copilot](https://github.com/features/copilot)
+- [https://docs.github.com/en/copilot/overview-of-github-copilot/about-github-copilot](https://docs.github.com/en/copilot/overview-of-github-copilot/about-github-copilot)
+- [https://www.theregister.com/2021/07/06/github_copilot_autocoder_caught_spilling](https://www.theregister.com/2021/07/06/github_copilot_autocoder_caught_spilling)
+- [https://www.youtube.com/watch?v=SGUCcjHTmGY](https://www.youtube.com/watch?v=SGUCcjHTmGY)
+- [https://medium.com/analytics-vidhya/github-copilot-all-you-need-to-know-8e6fc1d5ccc](https://medium.com/analytics-vidhya/github-copilot-all-you-need-to-know-8e6fc1d5ccc)
+- [https://en.wikipedia.org/wiki/GPT-3](https://en.wikipedia.org/wiki/GPT-3)
+- [https://en.wikipedia.org/wiki/OpenAI_Codex](https://en.wikipedia.org/wiki/OpenAI_Codex)
+- [https://betterprogramming.pub/ai-review-github-copilot-d43afde51a5a](https://betterprogramming.pub/ai-review-github-copilot-d43afde51a5a)
+- [https://thenewstack.io/github-copilot-and-open-source-a-love-story-that-wont-end-well](https://thenewstack.io/github-copilot-and-open-source-a-love-story-that-wont-end-well)
+- [https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details](https://sfconservancy.org/GiveUpGitHub/#ICE-contract-details)
+- [https://choosealicense.com/licenses/agpl-3.0](https://choosealicense.com/licenses/agpl-3.0)
+- [https://opensource.org/faq#copyleft](https://opensource.org/faq#copyleft)
+- [https://www.gnu.org/licenses/copyleft.en.html](https://www.gnu.org/licenses/copyleft.en.html)
+- [https://techcrunch.com/2022/07/01/open-source-developers-urged-to-ditch-github-following-copilot-launch](https://techcrunch.com/2022/07/01/open-source-developers-urged-to-ditch-github-following-copilot-launch)
+- [https://githubcopilotinvestigation.com/#what-does-copilot-mean-for-open-source-communities](https://githubcopilotinvestigation.com/#what-does-copilot-mean-for-open-source-communities)
+- [https://github.blog/2021-06-30-github-copilot-research-recitation](https://github.blog/2021-06-30-github-copilot-research-recitation)
+- [https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs](https://help.openai.com/en/articles/5480054-understanding-codex-training-data-and-outputs)
+- [https://matthewbutterick.com/chron/this-copilot-is-stupid-and-wants-to-kill-me.html](https://matthewbutterick.com/chron/this-copilot-is-stupid-and-wants-to-kill-me.html)
+- [https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers](https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers)
+- [https://thestack.technology/microsoft-github-sued-over-copilot](https://thestack.technology/microsoft-github-sued-over-copilot)
+- [https://dl.acm.org/doi/pdf/10.1145/3442188.3445922](https://dl.acm.org/doi/pdf/10.1145/3442188.3445922)

_projects/calbuilder-github.md

@@ -0,0 +1,55 @@
+---
+layout: page
+title: calbuilder-gh
+description: GitHub action to build Arch Linux packages.
+github: https://git.slc.ar/slococo/calbuilder-github
+importance: 8
+category: personal
+---
+
+GitHub action to build a package, analyze it with `namcap`, and output the package file (signed or unsigned) and its `.SRCINFO`.
+
+This action supports PKGBUILDs that have AUR dependencies.
+
+## Inputs and outputs <a name="inputs-and-outputs-"></a>
+### Inputs:
+* `pkgDir`: relative path to the PKGBUILD directory.
+* `gpgPublicKey`: GPG public key that will be used to sign packages.
+* `gpgPrivateKey`: GPG private key.
+* `gpgPassphrase`: GPG passphrase of `gpgPrivateKey`.
+
+It is recommended to store `gpgPrivateKey` and `gpgPassphrase` as secrets (see [Usage](#usage-)).
+
+None of these inputs are required. 
+
+### Outputs:
+* `srcInfo`: Generated `.SRCINFO`.
+* `pkgFile`: Built package file.
+
+## Usage <a name="usage"></a>
+```yaml
+name: CI
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - id: calbuilder
+      uses: santilococo/calbuilder@master
+        pkgDir: "libxft-bgra"
+        gpgPublicKey: "199980CE93F18E62"
+        gpgPrivateKey: "${{ secrets.GPG_PRIVATE_KEY }}"
+        gpgPassphrase: "${{ secrets.GPG_PASSPHRASE }}"
+    - uses: actions/upload-artifact@v2
+      with:
+        path: |
+          ${{ steps.calbuilder.outputs.srcInfo }}
+          ${{ steps.calbuilder.outputs.pkgFile }}
+```
+
+## Note
+
+Also, if you're working with Woodpecker CI, consider using my Woodpecker plugin, offering similar functionality. Check it out [here](https://git.slc.ar/slococo/calbuilder-woodpecker).