For some reason if I say p2p on HN it's not appreciated.
Note how the vast majority of people who use or interact with cryptocurrencies converge around a few centralized options. Even a ton of the technical people who develop cryptocurrency-related systems do.
If it's about the PRs and comments, and pipelines, then those are features specific to Github so where is the fault for acting unhealthy?
If you have a local copy. I imagine that if you have 1800+ repositories on Github, there'd be at least a few you probably didn't have installed anymore, because you knew you could always get them back from Github.
Any of the workflow automation stuff might be more difficult to replace, but I haven't had an especially good experience with it anyway. I don't know about everyone else, but it's been pretty unreliable and fragile. Even the Azure integration, which ought to be first-class, is pretty opaque. I really wanted to lean into that stuff, but for now, I'm happy running my own.
Git is flexible. I'm kind of surprised at how ubiquitous GitHub is given how easy it is to host your own repositories and set up a mailing list to accept patches and discussion on.
I think gittorrent was the right name for the concept, really, hard to beat that. But that one withered on the vine: https://github.com/cjb/GitTorrent
(disclaimer: work for MS, not on GitHub, also hi again superkuh)
Not your keys, not your repo!
1. Remain calm
2. Tweet at your 66k followers
3. Briefly wait while the dozens of those that work at GitHub trip over each other getting your account reactivated
Moving off github is a good idea anyway, since they took away source code search for non-signed-in-users. I experience that annoyance every time I need to find the source of an error string in someone's github project.
It could be done in part for cynical registration metrics reasons, but I'm guessing search is probably costly and this helps reduce automated activity. I also imagine they might face issues with bots searching for certain patterns to identify vulnerabilities and leaked credentials. Why is it unacceptable for you to register an account to make your debugging process easier?
This incident alone means no company should have github as a mission critical component of their software development.
I know of no reason why a company should use public GitHub for private business.
Every company I have contracted or worked for, all used on-prem GHE.
A lot of the stuff I care about on there is backed up elsewhere, but not everything. I even have a tool for this: https://datasette.io/tools/github-to-sqlite - which exports issues, issue comments etc to a SQLite database via the GitHub API.
I do at least trust GitHub not to delete everything, but to instead put my account in some kind of soft-deleted state - and I'm reasonably confident I could get it reinstated via my network. But still, scary.
Why do I have everything on GitHub? Because I genuinely do trust them - they have a 15+ year track record of NOT breaking, and I know that my repos are backed up to three different continents automatically.
This is one of the reasons I don't use Github: I am deeply uncomfortable putting so much power over me in their (or most companies') hands.
Even if they're entirely trustworthy and reliable right now, any company is just an acquisition away from that no longer being the case.
The folder with the mirrors is then uploaded to a backup provider, in my case Borgbase [2]
1. https://github.com/go-gitea/gitea 2. https://www.borgbase.com/
Always use email address and password (with 2FA where possible) to ensure you have ultimate control over your base account.
If Google chose to just ban my account, the downstream ramifications of me losing access to linked sites that use that account for auth would be very damaging.
github just became a business risk and a software supply chain risk.
I recently worked for a very large company that was 100% all in on github.
And now its clear that in an instant and single developer or perhaps the entire organisation can be finished as far as github goes.
Any CTO would now be negligent to have an organisational dependency/risk on github.
The future has to be companies getting out of the cloud, getting out of vendors who can inflict major business damage in an instant with no recourse on the basis of entirely unknowable decisions.
Likewise, if the concern is that Github automatically bans you without a recourse, then my preferred solution is that they do introduce recourse. This could even be a paid option: I think it's entirely reasonable for them to ask an administration fee for the appeal process, just to cover the costs of having a human look at what's going on and providing a good explanation.
It's really scary to have a single platform be able to take away what is essentially your portfolio, resume, social profile, webhost (github pages) and collaboration platform all in one go, with no explanation or recourse available. It shouldn't be that way.
We're inching towards a Radicle v1.0 release that will provide some stability and a basic feature-set for hosting and collaboration in a fully "sovereign" way. If you're interested in helping out or learning more, feel free to drop me an email: cloudhead@radicle.xyz or come by our Zulip[1].
[0]: https://radicle.xyz
I don't really know how this should be dealt with.
...or maybe it shouldn't. And we should just accept that random minority will have their livelihoods destroyed. After all, it wouldn't be the first time when society disregarded injustice of few for the convenience of the many
does anyone have a public mirror of the tweets?
That - you can't ban an account unless providing clear, direct and irrefutable evidence of serious nature such as pornography, hate speech or terrorism etc.
This should be applicable to every online service provider.
radicle.xyz is the only p2p alternative that exists and it's neat. give it a try.
I have no intention of leaving and don't expect any issues myself, but it made me realize I have a lot of stuff there that I don't have local backups of anymore.
