Code is already being cloned off the platform. Gitlabs is so slow right now that basic operations take several minutes.

Seriously? Half a year isn't enough time for you to migrate before the deal closes?

When you are talking a site with a few million projects leaving it to the last min to migrate going to be a problem. Half a year is not that much time when you divide by 1 million let alone 10 million.

Their shareholders would crucify them

Really all the other times Microsoft has taken something over and stuffed it up does not agree with the statement. Microsoft share holders rarely crucify Microsoft no matter how badly they stuff things up.

Because M$ pays dividends like clockwork.

As many have said, this wouldn't work and it'd be the quickest way to alienate the bulk of users for whom they just paid so much.

I also regard a pay wall in a similar vein, although I could foresee ads.

I'm surprised at the lack of creativity in the discussion, thus far. There are all kinds of (mostly devious) ways they could monetize github. Pushing more people towards Azure is pretty obvious, and already covered. So, let's not dwell on that one.

Github has a certain social network aspect. It'd certainly be worth something to advertisers and corporate PR firms to know who are the big influencers.

What about leveraging deep data about developers to augment their LinkedIn property? They could sell enhanced recruiting services to employers. What if some of the most talented, effective, and collaborative open source developers start getting picked from obscurity and their contributions and energies redirected into confidential and proprietary code bases?

Not devious enough? How about watching your activity and scoring the quality of your code, your dependability, and how well you work with others? Maybe you don't even get to see it. A bit like a credit score or... a certain Social Credit Score? Besides for employers and recruiting, perhaps they could also use this data to market online courses and job-seeking services to the hapless and desperate.

Maybe they want to play in the IP space, looking for IP infringement? To this end, they can sell services not only to corporations, but also perhaps try to find open source license violations in proprietary code, serving to coerce corporations into a sort of IP protection racket.

Imagine what you could do on the security exploits front? Perhaps they could develop tools and heuristics (including fuzzy things like who wrote or touched a bit of code) to produce security scores for each project and sell this as another service to both good guys and bad guys alike.

Finally, I wonder if there's a more explicit AI play, in all of this. Like, if there's some way they might harvest all of the hosted code to find patterns and extract building blocks to more easily enable higher-level, AI-assisted development tools.

This still might not even scratch the surface... (no pun intended)

The main risks I see are this:
1: Microsoft tries to force license changes on code and play for ownership. This is beyond difficult due to licenses like the GPL requiring consent of every contributor, though they could attempt to limit the ownership change to builds containing at least one NEW commit, and consider those versions legally to be forks.

2: MS requires copyright assignment on NEW projects. This is easy to handle: all new projects go elsewhere.

3:MS allows devs to offer binary dowloads built on the Github servers and bundled with crapware. This is what made Sourceforge permanently untrustworthy and calls into question any and all binary downloads from them to this day. Source is harder to play this game with, comparison to a mirror would make it impossible unless the malicious party could control the mirror too.

4:MS shitcans free accounts or requires identity verification e.g mobile phone numbers.

5:MS tries to push ads to users of the website, calling into question the security of the site-and the future of all projects there owned by devs who block ads. One bad quarter and you could see Forbes/Yahoo Mail style counterblocking deployed. Nobody is going to want to stay on a git repo where they have to play whack-a-mole with MS adservers to maintain access. I still remember when Hotmail decided to first ask, then demand that users "add a phone." I refused, and eventually the redirected all logins to the add a phone page. I had to break into my own account (using a later in the process URL I already knew), copy out all needed data, and close the account all in just one session. I have never dealt with MSN again beyond folks on it gettting emails from my replacement account on a non-US, non ad supported server.

Gitlab has a problem too: When you go to the site with NoScript in your browser, you find them attempting to serve Google ads.
I consider Google every bit as bad as Microsoft, and any site that depends on Google to stay in business may as well be owned by Google. Of course, Gitlab's code is open source and you can run it on a server of your own with no ads at all, yet you should be able interact with other Gitlab projects so long as access by those who block ads is permitted. Of course, push/pull/merge/branch/commit access by the command line is not vulnerable to Google Ads at all.

Github does use Google Analytics (which also should be blocked), but I have never seen an attempt to inject ads. Of course, that goes out the window if MS decides to start serving ads on Github.

A paywall will of course cause me to close my Github account, and if I cannot access them while blocking a future round of ads I will walk away from the inaccessable site. Every repo I have is mirrored locally and could be sent literally anywhere, including putting a physical server of my own online

Well, microsoft has written off more than that. Remember Nokia? Just after one year.