Nginx has moved to GitHub(mailman.nginx.org) |
Nginx has moved to GitHub(mailman.nginx.org) |
I'm a former pfSense user that reluctantly moved to OPNsense a handful of years ago after a lot of bad press around Netgate started circulating widely causing me to believe that support for the community offering might wane over time. I was under the impression that many people had moved off of pfSense for home use. I'm surprised by your assertion that it "remains dominant" for free users, and I wonder how you might know this?
OPNsense has been rock solid for me, btw. I was reluctant to switch only because of the time sink and perceived risk. Nobody wants to spend a weekend debugging VLAN tagging on their WAN port or some such. Luckily for me, there were no such issues when switching over.
It also has a fairly simple from-source deployment with a fairly solid build script.
Sure, I can clone it and run grep/ripgrep - but sometimes I like the ability to search the code on the browser.
Is it only GitHub where this is a restriction or GitLab is similar?
There is too much stuff of GitHub. From a resiliency point of view and from a monopoly point of view this is bad.
I recently tried to get a small FOSS project to switch to Codeburg. The answer was "no" because the free CI for them let them catch some MacOS on Apple Silicon bugs (the devs don't have that hardware locally), and because they are already used to GitHub, making it easier to onboard people and review PRs.
In my project a considerable amount of stars come from blank accounts, that like also non-paying projects to avoid detection.
I moved to codeberg now for my non work projects.
Does someone take the mailing list updates and manually PR them into Github? I've never actually used a mailing list so I'm curious how it works.
The real economic reason to open source part of your product.
Mercurial has many neat features, and I much prefer working with it. I don't think Git is all bad, but I do feel sad that it has basically become an expectation that you use it, to the exclusion of all other options.
If GitHub becomes shit I'm moving my projects off of there and that's that.
You can also run something like your own copy of Zoekt and then ingest repositories on demand though it isn't quite as instant. But if it's code you're already using extensively, it seems like it might be worth it. Maybe you can write some boondoggle to automatically ingest repos based on dependency metadata, even.
I would submit that this change is entirely business-related: it's a power-play to make people create accounts and stay logged in so they can track you better. It is not that they cannot afford it, it is that they are enshittifying the service to further their interests.
If they were really worried about money, they could lock it down completely so only paying customers could use the service at all... and then they'd lose a huge chunk of customers and lose all the prestige they build in convincing a huge pile of the world's free/open source software to use them as their hosting. So they don't do that - they keep all the prestige and the network effects by seeming _quite_ open, but they'll lock down _parts_ of the experience to try and force specific behaviour.
> you should probably at least accept that service providers can and do change things like this.
Indeed, you should. It should serve as a wake-up call that other people's services/platforms aren't under your control, and you can't rely on them to meet your needs.
I think that sourcegraph maintains a similar quality OSS code search that can be searched for free but I have not personally used it.
Logins are per domain and per device, so I end up dealing with this 4x per day if I'm using GitHub heavily. It's unnecessary.
git clone --depth 1 ...GitLab has had this long time.
They chose to take the existing search away from anonymous users to drive signups and logins. "Sign up and log in to get improved search" is not as compelling as "sign up and log in to get any search at all"
Having done a similar rodeo in the past -- migrating a project to an actual code review tool that enforces some more rigid structure, over plain patch files -- the interim process will probably be something like:
- Previously, some key people were allowed to commit to trunk directly.
- They would read emails/patches, do code review, apply, and push them to trunk.
- For now, you can keep emailing people your patches like you did before. Nothing will change.
- But at a certain point, you'll have to use this new Other Method.
- So, you should probably get familiar with Other Method early, by using it in the meantime, so you can be ready.
- At some point, no more patch files will be accepted and you will have to use Other Method.
- In the meantime, the maintainers will do double-duty and handle both venues.
Most projects are small enough where the double-duty isn't so bad. Most people will switch quick enough and you probably aren't dealing with 1,000 patches. It sucks but the payoff is considered worth it.
Eventually once this is completed you can do things like stop pushing directly to trunk and handling all patches to main through the Other Method. But you don't have to do that. It does sound like they'll stop accepting email patches, though.
but yeah, I've had to write said script due to needing to compile in proprietary modules.
It's just a bit of CI glue, pretty straightforward and quick build -- thanking to it being written in C rather than C++.
Thankfully, jujutsu exists so I can use a good version control system and still interoperate with the misguided who don't realize just how bad Git sucks.
If they remove some of that stuff, that would be worth complaining about. Until then, seems smart to take advantage of what GitHub is offering. Their CI isn't even super proprietary, you can basically just write bash scripts.
The phrase "pretty annoying/expensive to self host" highlights the source of those concerns.
How could one "just write bash scripts" to support macOS if you don't have Apple hardware, as in my example?
By then it’s too late, because there’s no alternative.
But of advice. Outside of TV programming, when an American is talking about why a tool was created, they almost always mean its purpose, not its origin story. That inspiration story on TV is aimed at inventors. The people who use the tools don’t care, and it’s an anecdote for the rest of us.
I suspect that has something to do with that illusion we maintained of American Ingenuity. I don’t need the back story, what’s it for?
It's so bizarre you're giving advice here based on such strong assumptions. There was absolutely no need to bring nationality into this discussion at all.
Or, they just disagree with your statement. It would have been better they say why though.
Oh, and they knowingly shipped a broken and insecure Wireguard to their customers, and tried to use their FreeBSD commit status to force it upstream
No, here's an even simpler task: try compiling packages for pfSense.
The clowns from Netgate made it unbelievably difficult, for no good reason other than being antagonist to the open source community.
This is all very ironic because that kind of attitude was the main drive for many to move away from pfsense.
Well, it works.
But try to add some custom parameters to a daemon, which aren't listed on the page. Or try to run more routers than one. Or diag network states even on 4k monitor.
There are a thousands cuts using OPNsense in anything more than a home router. Despite ten years of trying this year I ripped it off where it was installed and replaced back with pfSense.
Does your employer have a SSO flow that requires 2fa every time and doesn't redirect properly afterwards? That would be pretty annoying, but it's not Github's fault.
Do you perhaps have a browser setting that nukes cookies/session data by any chance? Or perhaps use a VPN that might be tripping some sort of account protection mechanism?
I'm probably not doing the same stuff as you. It's sudo/elevated mode that really gets you I think, if you have no fast flow. Admittedly I don't add keys or anything like that very often.
Not sure why GitHub expires tokens so quickly, but I can replicate it across every device I own and multiple accounts. Maybe they just don't like me?
Of course then you can do everything with your never expiring ssh keys and application tokens… but that doesn't count :D
Can I ask what country you're from? Maybe that has something to do with it?
Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.
What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.
Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.
What I do have, and I expect is relevant: frequent ~weeklong gaps where I don't access GitHub at all in this browser profile. I assume there's some medium-lived token that's refreshed when you access the site.
This feeling could also be exasperated though since while I only use a personal GitHub account, I access it frequently from the browser and app on numerous devices.
I can definitively say though that I need to login more than twice a year on any one device.
My personal opinion is that most enshittifying changes on GitHub are due to the proliferation of middle managers who are evaluated almost exclusively on speed-shipping net-new features at the expense of maintenance and incremental improvement of existing features.
Developers working on it have said it's due to performance reasons. I don't have a link handy, but it's in some HN thread.
You're just reasoning from negativity and cynicism. No evidence for anything. Other than "zomg they're bad".
Github doesn't even serve ads. What exactly are you worried about? Your throwaway email being primary key #78,000,000 and having your visited repositories stored in another table?
There's no good to come of requiring people to log in for the consumer. Online Tracking is never good for the consumer.
Most people have their real name and e-mail there because they use it to sign code in trusted repositories, so it's easy to combine these data with other sources.
> Affiliates: Personal Data may be shared with GitHub affiliates, including Microsoft, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.
The last time I tried, I'm pretty sure the email address was rejected right away, and the account couldn't be created.
Not being able to reasonably create an account there is certainly annoying when it comes to performing simple searches.
It has also prevented me from submitting new bug reports and adding information to existing bug reports for a number of open source projects over the years.
I'm always disappointed when I see an open source project using GitHub, because it makes contributing to that project more or less impossible.
A free feature that stays free but requires you to make a free account (no credit card needed), I can see at least one very valid reason: if the feature heavier than a simple page (which is the case here), then it's an open door for DDOS attacks. Being able to track and ban/block the users that appear to participate in such an attack is totally valid.
The alternative is having to do captchas and the like to use those features anonymously, which is a pain both for user and for the devs/UI, and does feel more like the overall enshittification you are mentionning (even if it's a valid reason)
This is not the case. You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search. Billions of people use this search daily. And yet, they will throw a captcha at you, or even just say "you're a bot, stop bothering us" whether you're logged in or not, if their signals have detected what they consider abuse.
Clearly, their signals are not as naive as "anonymous user, require captcha / logged-in user, no checks required". Preventing DDOS != requiring login.
They like you logged in because they can add more data to their verified user identity and activity datasets and sell them for more money. They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.
Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
How mighty of you, a freeloading user in this specific situation, to assert Github has made "enough" money and therefore should offer you services at their own expense... you know, because you want it and therefore are entitled to it.
> Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
So what's the issue here, really? Make a free account and move on with life. Or clone the repo and search it locally if you need to. Or decide to take some principled stance and refuse to work with projects hosted on Github. It's your choice.
I don't know why. Google won't tell me. They just started doing the same for YouTube: "Please login because we have detected malicious behavior from your network".
I know I'm not DDOSing them; I can see all our network traffic. They're just encouraging me to avoid using them.
GitHub code search is still doing real searches and so is much more expensive to run.
Are you saying you want adds in GitHub search's results? Google, Bing, etc. make money showing you adds. Adding barriers of entry is much less in their interest. Their budget to optimize the search engine is likely much bigger than GitHub's one.
GitHub doesn't really care all that much if random anonymous users can use their search. Anon users can view source trees, wikis, etc. and check out code, which is more than enough for most people.
> Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
I think you and I don't know anything about what's going on there internally. I'm usually quick enough to assume the worst about actions Microsoft (of all companies!) takes, but even former GitHub employees have commented here that the new search system is much more resource-intensive than the old, and bots and scrapers were causing real problems. I choose to believe people who seem credible instead of playing the cynic and assuming everything is done with evil intentions and that everyone is lying to me.
Sure, they could build a big sophisticated system to figure out who to serve CAPTCHAs to, or who to outright ban, but why spend the time and money on that when they can just require a login, and the people they care about won't really care.
And sure, this move very well might drive some new signups. Maybe that's a net win for them. So what?
Of course, they could have kept the old search (without advanced filters) open, but there is at least a sensible explanation why the new search requires being signed in.
It raises the question of what will they hobble or take away next to fatten their bottom line. Will they continue to be good custodians of the real treasure, which is the projects that they host?
You may remember SourceForge was a popular hosting site. Ultimately, what caused a mass exodus was that they decided to let malware creators pay them money to wrap around the installer packages of the software they were hosting.
If you're not hosting your own project, there is always this risk. Question the motives of someone who offers to host your stuff "for free" ... and then alters the deal some point down the line.
Where else in life does this logic apply?
Perhaps you waded into a conversation without even understanding the core complaint. You can search on Github without a user account, entirely for free. However, they do not provide context-based code search to non-users, despite it still being free.
If for whatever reasons you cannot possibly be bothered to create a free user account out of some irrational fear Github will sell your codebase search history to advertisers (laugh out loud, literally), then you don't get to use that feature. Clone the repo and search it yourself, or find a different deep-pocketed service that lets you mooch everything for free.
tldr; Why are freeloaders always the loudest complainers?
The general idea of imposing more user-friendliness on very large corporations is not a bad one.
Nobody made them turn off the old search, they chose that, and they bundled the two together in one PR push.
Fancy new search = carrot. Remove anonymous search = stick. Carrot and stick work together to drive more signups, more logins, more data tracked, more data sales, more money.
Maintaining two separate search stacks for different user groups sounds like a nightmare. Multiply that by every feature that increases in complexity enough to bubble up on the cost-center metrics, and it for sure makes sense to prune complexity at the cost of secondary-feature functionality for anonymous requests.
The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free. That's some wild entitlement.
The disconnect here is unreal...
My solution was to use a filtering DNS that always returns no AAAA records for domains ending in google.com. This works great and essentially solves the problems. I have to do the same for various netflix domains as well.
I'm dreading having to switch over to native IPv6 -- I don't even know how many /64s will be allocated to me (and how stable they will be).
This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!
> "more money than you" is a pretty crazy strawman of the actual comparison they made.
Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.
The service is free. A user account is free. It doesn't get more simple than this.
The naivety to believe the lack of a Github account somehow safeguards your browsing data is as hilarious as it is sad. Further, believing the creation of an account and searching code repositories somehow results in more ads is beyond hilarious.
This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.
They don't need an account to be a user, as you seem to acknowledge later in your comment: "The naivety to believe the lack of a Github account somehow safeguards your browsing data"
> Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.
They said "one of the most successful companies in human history".
That has nothing to do with the parent's amount of money. It's not a human-comparable amount of money.
If the company had ten million dollars the parent wouldn't be making the same argument about size.
> This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.
I have an account. That doesn't change how companies should work. And I find no "difficulty" in having a little discussion.
> You are not owed anything
Yeah I am. They make mass market money and they use public infrastructure. If the population wants to impose rules on them, the population gets to. Like forcing them to pay taxes. That's money they owe me indirectly.
I don't get to make the decisions on my own, but I can say if I think a theoretical rule would be good.
To be fair, definition of free depends. OPs argument was that they pay with data. That is not free if you think that you lose something. It is different question do we value it similarly.
The real problem is that a company like GitHub (now owned by Microsoft, of all companies, sheesh) has a strongly market-leading position in the idea of "publicly-hosted git repositories". Even if they were giving away everything fro free, and not tracking users, that would still be concerning.
If we have to do a restaurant analogy, it's like going to a restaurant (buffet?), opting out of premium, and still wanting access to a particular food item. It's not automatically ridiculous.
The treasures belong to humanity, not the museum, but they get the honour of hosting them, and that glory reflects on their reputation (which they use to sell commercial artifact-hosting services).
Entry is completely free, and for 16 years they gave you a map as you entered. But now some marketing genius has decided you don't get a map unless you give them your name and address and join their "friends of the museum" marketing programme.
These are not good signs for someone who wants to be custodian of the world's great treasures. I would argue it would be better for the world if the treasures were housed in local museums instead.
If they didn't, most (all?) of the major OSS projects that use them would have to find an alternative.
Those major OSS projects are why Github is the "central" OSS hosting place.
If they move on, then it's unclear if GitHub would remain all that central after a few years. "Probably not" is my thought, though I could be wrong. :)
> GitHub is still getting lots of data from people without accounts
This doesn't matter. If you want code search, you must log into a free account. Why is this controversial? Github isn't a charity - they don't exist to benefit freeloaders that won't even create a free account. Life doesn't need to be this hard folks...
If data is payment, then both groups are paying.
If data isn't payment, then what is? Please elaborate on what distinguishes the groups, and how people with free github accounts fit into the analogy.
The parent complaining about creating a free account can just keep complaining, or create one, I don’t care. But this nonsense about cost for search is not the issue.