Hi, I’m the author. I don’t think that this post is high-quality enough to put on Lobste.rs, but I guess it’s here (and also the domain is now allowed I guess?)
I never really understood either the generalized fixation nor the disappointment on GitHub.
It gained critical mass but there have never been lack of abundance of alternatives. Both for free hosting and self hosting. Supporting git or other VCSs. Heck, doesn’t git even come with a simple built-in web frontend for exposing the repo on webpage? I might be confused.
Host it on your website, use gitea, gitlab, gitblit, bitbucket, gogs, fossil, trac, redmine, and so on… How is publishing a git repo not a trivial problem to solve?
Why do people care so much about GitHub stars or a web UI for merging someone else’s branch? Not saying these things are completely useless, but they certainly are not of primary importance.
I wish herd mentality would be less prevalent among engineers.
“publishing a git repo” is not the problem here, problems are:
tracking issues (that’s not built into git, so you need a separate database)
user auth: a rando from the internet should be able to file an issue against your project without a email round-trip to create an account
review UI (l’ve been using git for some time, and the best way I’ve found to review changes locally is git checkout $branch && git reset (git merge-base), I don’t believe “review branch before merging” is a sufficiently built-in workflow to be obvious for new users. Actually, how folks review changes locally? Is there anything better than what I do?)
tracking comments on reviews.
CI
Any project on GitHub solves these issues adequately by default. For projects not on GitHub, it’s a hit and miss. I, for example, don’t report KDE bugs, because their issue tracker is inscrutable. I don’t think you can pick arbitrary solution and expect it to be adequate.
GitLab seems adequate, even if even more bloated than GitHub, SourceHut is positively nice.
I was quite surprised by how much other people seem to like the social bits of GitHub. I’d always considered them irrelevant fluff for desperate attention seekers but I spoke to several people that use them to discover interesting things and who follow people on GitHub to see projects that they can learn from.
The main advantage that GitHub has is the network effect. If you host your own Bugzilla instance, for example, it will be inundated by spam. You end up having to do a lot of anti-spam work on signups and add friction to people posting bug reports. In contrast, if you’re on GitHub then most potential contributors have an account (even me, and I resisted for years) and so it’s trivial for them to report issues and only slightly harder to raise PRs. I moved a project that I maintain from Savannah to GitHub 10 or so years ago and saw a big jump in the number of contributors and especially drive-by contributions (‘hey, I spent a few hours root-causing this weird bug, here’s the simple fix’).
DVCS… decentralized version control system. But with so many having bought into a proprietary offering that requires an account, you can’t have a decentralized experience unless the author knows they should publish alternative methods for sending patches & fixes. Especially with businesses buying into it, you can host your own stuff on the alternatives but you’ll be required to interactive with the big, closed-source, for-profit entity.
Perhaps it’s better to think of Git as a not-necessarily-centralized version control system. Decentralization is a property that can be used to different extents by different users, and that’s okay.
you can’t have a decentralized experience unless the author knows they should publish alternative methods for sending patches & fixes.
A lot of authors don’t want to deal with Git’s archaic email-based workflow, just as a lot of contributors don’t want to.
Matter of taste, and I hope that’s you’re implying this is your taste, but using the “pull request model” locked behind a Microsoft login as the only option to contributions is far from inviting either.
I really wish that we could move past the “how dare people train AI on code that we gave away for free” thing.
Imagine, if you would, that Microsoft used cheap labor in Elbonia (some fictional nation, cribbed from the days when Dilbert was something to have on your cube wall) to implement copilot. In this thought experiment, these people spend all day reading code, getting some facility with it (arguable), and then mechanical turk questions submitted using knowledge gained by their reading.
If that’s okay, or okayish, we need to find some other reason to be upset about our current reality where we have replaced the Elbonians with AI–and I think that there is probably a good argument, but dear Lord I haven’t seen it presented as of yet.
I really wish that we could move past the “how dare people train AI on code that we gave away for free” thing.
Only public domain / CC0 code is given away for free. When I give away my code under the MIT license, it is on the condition that you acknowledge me when you create a derived work or build anything from my code. If you create anything that is a derived work of my code then you have a legal obligation to credit me.
Imagine, if you would, that Microsoft used cheap labor in Elbonia (some fictional nation, cribbed from the days when Dilbert was something to have on your cube wall) to implement copilot. In this thought experiment, these people spend all day reading code, getting some facility with it (arguable), and then mechanical turk questions submitted using knowledge gained by their reading.
If you pay a team of Elbonians to create derived works of my code without attribution then I would have standing sue you. If they read my code but then produced things that are independent creative works that are not derived works then I would not have standing to sue you.
The question for the courts is which of these the current systems are more like.
Besides @david_chisnall’s excellent answer (which to me is the main one), I feel like there’s also a fundamental difference in scale. Similar to arguments about “it’s just metadata” and mass surveillance, I believe that there’s a phase change that occurs somewhere along the way once things get big enough. A few Elbonian’s reading some code here and there to learn to programmight be one thing. Million’s of Elbonian’s memorizing every line of code ever published on GitHub might be something else.
There’s also something that feels kind of skeevy about taking my free code and then selling it back to me as a service. I put my code out there because I want to see people make cool stuff with it and only ask that they give me credit for my part in their success. If someone wants to use my code as a component in an app (where the thing the app does is much more than just my code) with attribution, that’s one thing. A for-pay service that’s built around just selling that code back to me or to someone else without attribution is another thing entirely.
I think people can be upset with things regardless of what things they’re not upset at.
It’s fine to posit different scenarios but as soon as you make that scenario a discrediting argument then you are using a bad faith argument tactic known as a whataboutism. (It’s also a logical fallacy).
When I see argument tactics my brain short circuits and I get a bit sad. I want a community where we can hear others and express our opinions without these tactics. Can you consider reframing your thought experiment as a personal one rather than one that is discrediting OP?
I agree with your experiment as posed, but let me make a small twist: “In this thought experiment, these people spend all day reading code, getting some facility with it (arguable), and then cut-and-paste excerpts of the code to answer questions submitted using knowledge gained by their reading.” To me that’s not OK.
What if the elbonians read the code out verbatim? That’s the main problem here.
The second problem is that the ai model is a derivative work of the code it was fed; at least some of that code is agpl and the model has not been open sourced under the agpl.
I really wish that we could move past the “how dare people train AI on code that we gave away for free” thing.
Okay, here’s my presentation of it: I think that a machine learning model trained on my code is a derivative of that work. Most of my code is released under licenses that require reciprocation, so training proprietary models on that code is a violation of its license.
Microsoft / GitHub have fundamentally betrayed the trust of the community that created, used, and promoted GitHub in the open source / free software world.
I don’t think we should move past it, and in fact, I think that wherever possible, we should withdraw our support. I only maintain a GitHub account to contribute to open source projects that remain there; otherwise, I’m on Soucehut now, like the author.
Recently I noticed if you try to search a project’s “code” on Microsoft GitHub while unauthenticated, you’ll get ? results and be prompted to log in to see anything.
I tried out Sourcehut a bit and I liked it mainly because of their “unlisted” repo feature.
However, in this case considering OP’s strong opinion about “a” platform, I believe hosting their own git server is the right thing to do. If longevity and absolute autonomy is the goal, hosting your own git server achieves that purpose with very little friction.
I did actually try running my own git server. It did not work out. It kept going down, and I needed something more reliable than self-hosting. Keep in mind that my server consists of a decade-old laptop in my dorm room.
You can rent a VPS for cheap and get very workable availability. If you need redundancy in case the VPS host dies, you can mirror to your less-available laptop-at-home server, and use that to set up shop elsewhere when the need arises.
It would be a large time-sink to both set it up and maintain it. I do enjoy having CI, and that’s difficult to set up on a free-tier VPS.
I’m a student, so I don’t have very much money, so paying for a VPS is out of the question. I’m already using the free-tier VPSs for more essential things (like forwarding a static IPv4 address to my server). There is also the bit about trust. I don’t trust the free VPSs to protect my data and not be scummy. In the event that they are, I don’t want what I use for schoolwork to go down.
Perhaps you can pay for a VPS with some classmates/buddies that feel the same way about hosting? Then all of you can host all your projects there. It doesn’t have to be just for yourself!
Edit: Regarding CI - you could still use something like the free tier of TravisCI or CircleCI if setting all that up is too difficult/expensive.
SourceHut offer a few extra things that have appeal aside uptime. Having a CI set up, mailing lists, issue tracker, and IRC bouncer are a small suite of things that you’d probably also want high uptime + reliability on as well like OP mentioned. At least the goal isn’t engagement or loss-leader with VC cash (and it’s all open source, and open for contributions). I’d be curious what the git send-email web GUI will look like because it’s certainly a barrier to many–and I also hope FOSS tools like himalaya can help bring modern usability features to e-mail that it seems many clients have lost.
I really found their openness about financial position [0] incredibly commendable. I studied accounting, I have a soft spot for financial reporting but in accounting we also learned about “signaling theory” [1] (in relation to corporate ethics). Open-Source technology-based businesses that are so transparent about their finances without being forced by regulation will always have my absolute respect.
It’s time to say goodbye to every monopolistic endeavor.
https://ploum.net/2023-02-22-leaving-github.html
Hi, I’m the author. I don’t think that this post is high-quality enough to put on Lobste.rs, but I guess it’s here (and also the domain is now allowed I guess?)
Feel free to ask me things.
Proof: https://ersei.net/en/contact-me/pgp-key.txt
Cool idea, but it’s definitely sufficient to link to your website in your profile, which you did. :)
Interesting use case of OpenPGP to link accounts. Reminds me of https://keyoxide.org
Sometimes I forget that GitHub is 15+ years old.
I never really understood either the generalized fixation nor the disappointment on GitHub.
It gained critical mass but there have never been lack of abundance of alternatives. Both for free hosting and self hosting. Supporting git or other VCSs. Heck, doesn’t git even come with a simple built-in web frontend for exposing the repo on webpage? I might be confused.
Host it on your website, use gitea, gitlab, gitblit, bitbucket, gogs, fossil, trac, redmine, and so on… How is publishing a git repo not a trivial problem to solve?
Why do people care so much about GitHub stars or a web UI for merging someone else’s branch? Not saying these things are completely useless, but they certainly are not of primary importance.
I wish herd mentality would be less prevalent among engineers.
“publishing a git repo” is not the problem here, problems are:
git checkout $branch && git reset (git merge-base), I don’t believe “review branch before merging” is a sufficiently built-in workflow to be obvious for new users. Actually, how folks review changes locally? Is there anything better than what I do?)Any project on GitHub solves these issues adequately by default. For projects not on GitHub, it’s a hit and miss. I, for example, don’t report KDE bugs, because their issue tracker is inscrutable. I don’t think you can pick arbitrary solution and expect it to be adequate.
GitLab seems adequate, even if even more bloated than GitHub, SourceHut is positively nice.
I don’t think even 1% of the repositories use those features. CI wasteven there until recently.
I was quite surprised by how much other people seem to like the social bits of GitHub. I’d always considered them irrelevant fluff for desperate attention seekers but I spoke to several people that use them to discover interesting things and who follow people on GitHub to see projects that they can learn from.
The main advantage that GitHub has is the network effect. If you host your own Bugzilla instance, for example, it will be inundated by spam. You end up having to do a lot of anti-spam work on signups and add friction to people posting bug reports. In contrast, if you’re on GitHub then most potential contributors have an account (even me, and I resisted for years) and so it’s trivial for them to report issues and only slightly harder to raise PRs. I moved a project that I maintain from Savannah to GitHub 10 or so years ago and saw a big jump in the number of contributors and especially drive-by contributions (‘hey, I spent a few hours root-causing this weird bug, here’s the simple fix’).
DVCS… decentralized version control system. But with so many having bought into a proprietary offering that requires an account, you can’t have a decentralized experience unless the author knows they should publish alternative methods for sending patches & fixes. Especially with businesses buying into it, you can host your own stuff on the alternatives but you’ll be required to interactive with the big, closed-source, for-profit entity.
Perhaps it’s better to think of Git as a not-necessarily-centralized version control system. Decentralization is a property that can be used to different extents by different users, and that’s okay.
A lot of authors don’t want to deal with Git’s archaic email-based workflow, just as a lot of contributors don’t want to.
Matter of taste, and I hope that’s you’re implying this is your taste, but using the “pull request model” locked behind a Microsoft login as the only option to contributions is far from inviting either.
I really wish that we could move past the “how dare people train AI on code that we gave away for free” thing.
Imagine, if you would, that Microsoft used cheap labor in Elbonia (some fictional nation, cribbed from the days when Dilbert was something to have on your cube wall) to implement copilot. In this thought experiment, these people spend all day reading code, getting some facility with it (arguable), and then mechanical turk questions submitted using knowledge gained by their reading.
If that’s okay, or okayish, we need to find some other reason to be upset about our current reality where we have replaced the Elbonians with AI–and I think that there is probably a good argument, but dear Lord I haven’t seen it presented as of yet.
Only public domain / CC0 code is given away for free. When I give away my code under the MIT license, it is on the condition that you acknowledge me when you create a derived work or build anything from my code. If you create anything that is a derived work of my code then you have a legal obligation to credit me.
If you pay a team of Elbonians to create derived works of my code without attribution then I would have standing sue you. If they read my code but then produced things that are independent creative works that are not derived works then I would not have standing to sue you.
The question for the courts is which of these the current systems are more like.
“code that we gave away for free as long as you follow these rules” - that’s where a lot of the concerns and unhappiness is coming from
Besides @david_chisnall’s excellent answer (which to me is the main one), I feel like there’s also a fundamental difference in scale. Similar to arguments about “it’s just metadata” and mass surveillance, I believe that there’s a phase change that occurs somewhere along the way once things get big enough. A few Elbonian’s reading some code here and there to learn to programmight be one thing. Million’s of Elbonian’s memorizing every line of code ever published on GitHub might be something else.
There’s also something that feels kind of skeevy about taking my free code and then selling it back to me as a service. I put my code out there because I want to see people make cool stuff with it and only ask that they give me credit for my part in their success. If someone wants to use my code as a component in an app (where the thing the app does is much more than just my code) with attribution, that’s one thing. A for-pay service that’s built around just selling that code back to me or to someone else without attribution is another thing entirely.
I think people can be upset with things regardless of what things they’re not upset at.
It’s fine to posit different scenarios but as soon as you make that scenario a discrediting argument then you are using a bad faith argument tactic known as a whataboutism. (It’s also a logical fallacy).
When I see argument tactics my brain short circuits and I get a bit sad. I want a community where we can hear others and express our opinions without these tactics. Can you consider reframing your thought experiment as a personal one rather than one that is discrediting OP?
I agree with your experiment as posed, but let me make a small twist: “In this thought experiment, these people spend all day reading code, getting some facility with it (arguable), and then cut-and-paste excerpts of the code to answer questions submitted using knowledge gained by their reading.” To me that’s not OK.
What if the elbonians read the code out verbatim? That’s the main problem here.
The second problem is that the ai model is a derivative work of the code it was fed; at least some of that code is agpl and the model has not been open sourced under the agpl.
Okay, here’s my presentation of it: I think that a machine learning model trained on my code is a derivative of that work. Most of my code is released under licenses that require reciprocation, so training proprietary models on that code is a violation of its license.
Microsoft / GitHub have fundamentally betrayed the trust of the community that created, used, and promoted GitHub in the open source / free software world.
I don’t think we should move past it, and in fact, I think that wherever possible, we should withdraw our support. I only maintain a GitHub account to contribute to open source projects that remain there; otherwise, I’m on Soucehut now, like the author.
Is it ok? I think that we have pretty heavyweight procedures for clean room engineering because it’s not ok.
Recently I noticed if you try to search a project’s “code” on Microsoft GitHub while unauthenticated, you’ll get
?results and be prompted to log in to see anything.It’s been like that for a couple of years at least
I vaguely remember this was because of people running token scraping operations from unsecured public repositories.
I tried out Sourcehut a bit and I liked it mainly because of their “unlisted” repo feature.
However, in this case considering OP’s strong opinion about “a” platform, I believe hosting their own git server is the right thing to do. If longevity and absolute autonomy is the goal, hosting your own git server achieves that purpose with very little friction.
I did actually try running my own git server. It did not work out. It kept going down, and I needed something more reliable than self-hosting. Keep in mind that my server consists of a decade-old laptop in my dorm room.
You can rent a VPS for cheap and get very workable availability. If you need redundancy in case the VPS host dies, you can mirror to your less-available laptop-at-home server, and use that to set up shop elsewhere when the need arises.
It would be a large time-sink to both set it up and maintain it. I do enjoy having CI, and that’s difficult to set up on a free-tier VPS.
I’m a student, so I don’t have very much money, so paying for a VPS is out of the question. I’m already using the free-tier VPSs for more essential things (like forwarding a static IPv4 address to my server). There is also the bit about trust. I don’t trust the free VPSs to protect my data and not be scummy. In the event that they are, I don’t want what I use for schoolwork to go down.
Perhaps you can pay for a VPS with some classmates/buddies that feel the same way about hosting? Then all of you can host all your projects there. It doesn’t have to be just for yourself!
Edit: Regarding CI - you could still use something like the free tier of TravisCI or CircleCI if setting all that up is too difficult/expensive.
Student is a good excuse.
gitea on free cloud server and backups at home? https://paul.totterman.name/posts/free-clouds/
I’m already using the free Oracle VMs. Backups are also going to rsync.net.
SourceHut offer a few extra things that have appeal aside uptime. Having a CI set up, mailing lists, issue tracker, and IRC bouncer are a small suite of things that you’d probably also want high uptime + reliability on as well like OP mentioned. At least the goal isn’t engagement or loss-leader with VC cash (and it’s all open source, and open for contributions). I’d be curious what the
git send-emailweb GUI will look like because it’s certainly a barrier to many–and I also hope FOSS tools likehimalayacan help bring modern usability features to e-mail that it seems many clients have lost.I really found their openness about financial position [0] incredibly commendable. I studied accounting, I have a soft spot for financial reporting but in accounting we also learned about “signaling theory” [1] (in relation to corporate ethics). Open-Source technology-based businesses that are so transparent about their finances without being forced by regulation will always have my absolute respect.
[0] https://sourcehut.org/blog/2023-03-27-2022-financial-report/
[1] https://en.wikipedia.org/wiki/Signalling_theory