First, they restricted code search without logging in so I’m using sourcegraph But now, I cant even view discussions or wiki without logging in.

It was a nice run

  • @[email protected]
    link
    fedilink
    English
    9010 months ago

    The only thing surprising is that it took Microsoft almost three years to turn on the shit-spigot.

  • Scrubbles
    link
    fedilink
    English
    7410 months ago

    Honestly for selfhosters, I can’t recommend enough setting up an instance of Gitea. You’ll be very happy hosting your code and such there, then just replicate it to github or something if you want it on the big platforms.

    • @[email protected]
      link
      fedilink
      13810 months ago

      Just so you’re aware, Gitea was taken over by a for-profit company. Which is why it was forked and Forgejo was formed. If you don’t use Github as a matter of principle, then you should switch to Forgejo instead.

      • Scrubbles
        link
        fedilink
        English
        5010 months ago

        Damnit of course it was. Thanks for letting me know, now I’ll have to redo my 100+ repos.

        • @NightAuthor
          link
          English
          310 months ago

          If there’s a fork, it’ll probably be an easy migration/in-place upgrade.

        • @lambchop
          link
          110 months ago

          My understanding is the fork isn’t doing much but waiting to see if gitea turns to shit, pushing all their changes upstream. If you use docker I’ve heard you can just pull the new image and it simply drops in, no migration needed.

    • @MigratingtoLemmy
      link
      2210 months ago

      Forgejo for you chap.

      Honestly I’m kind of surprised that Gitea is still being recommended on Lemmy, it’s been a while since Gitea was acquired and the community has been raging since. Lemmy is regressing

      • @superbirra
        link
        1410 months ago

        Lemmy is regressing

        it is not lol, you are just realising that you are not part of any elite for the simple reason of using it

      • @Disregard3145
        link
        210 months ago

        Its pretty good, for most people there isn’t anything missing

        Actions can’t be triggered by workflow dispatch

        Pull requests can’t wait for status checks

    • @[email protected]
      link
      fedilink
      210 months ago

      +1 for Gitea. It’s super lightweight, and works really well! I recently switched to Gitlab simply because I wanted experience with hosting it, but Gitea is much lighter and easier to use.

      • @MigratingtoLemmy
        link
        2610 months ago

        Forgejo please. Gitea was acquired by a for-profit company

        • @[email protected]
          link
          fedilink
          110 months ago

          I had no idea what Forgejo was and assumed you were calling me a derogatory term 😂 thanks though, I’ll look into Forgejo next time I need to switch Git platforms

  • @TootSweet
    link
    English
    4810 months ago

    I moved all my open source projects to Gitlab the day Microsoft announced they were acquiring Github.

    (I wish in retrospect I’d taken the time to research and decide on the right host. I likely would have gone to Codeberg instead of Gitlab had I done so. But Gitlab’s still better than Github. And I don’t really know for sure that Codeberg was even around back when Microsoft acquired Github.)

    • @[email protected]OP
      link
      fedilink
      23
      edit-2
      10 months ago

      My first impression of gitlab was offputting because I was using hardened firefox and couldnt get past through cloudflare so I ended up using github. It was also better ui wise but now its just a mess

      Edit: slowly i’m starting to move everything to codeberg

    • @grue
      link
      English
      1410 months ago

      I’m OOTL. Why is Codeberg better than GitLab?

      • @[email protected]
        link
        fedilink
        11
        edit-2
        10 months ago
        1. It is FOSS while GitLab EE is not.
        2. It supports a lot of atifact repository formats while GitLab only docker registry.
        3. It is a non-commercial project.
      • @TootSweet
        link
        English
        3
        edit-2
        10 months ago

        I’m not really sure it is. I just wish I’d shopped around before jumping to Gitlab, really.

        It kindof feels like Gitlab’s aims are more commercial and Codeberg’s are more in line with the FOSS movement, but that’s just a vague sense I have based on things I’ve seen but no longer remember specifically.

        CalcProgrammer1’s response to my post seems pretty informative and apropos, though.

      • @TootSweet
        link
        English
        410 months ago

        Ah. Good to know. I don’t feel so bad about going with Gitlab now.

      • @BurnoutDV
        link
        310 months ago

        I registered there june 2020 so longer than that

    • @akrot
      link
      610 months ago

      The landscape is changing so fast thanks to LLMs, everything is becoming gated behind logins. Thanks ChatGPT.

    • gian
      link
      fedilink
      English
      510 months ago

      Make the move from Gitlab to Codeberg in the last few days: really simple to do, give it a try ;-)

      • @TootSweet
        link
        English
        110 months ago

        Yeah, good thought. The only reason I haven’t is just because I worry that moving constantly might deter people from using any of my FOSS projects. Just seems like it could be considered a red flag (a sign of a “bad” or poorly-managed project) to some. (And… well… given that I didn’t do the research when I moved those projects, it wouldn’t be an entirely inaccurate conclusion to draw.)

        Oh, I guess also I’d need to log back into my Github and change everything that says “moved to Gitlab” to say “moved to Codeberg” and update links. (I literally force-pushed to overwrite the entire history of my Github projects with a single commit each with just a README that says it moved to Gitlab with a link.)

        Plus, if I really looked into it, I might decide I’d prefer to self-host on something like Gitea.

        I guess all that to say I’d definitely want to put more thought into it before migrating any particular place a second time. Doing the actual move is indeed the easy part, but there’s a lot of thought and research to do before that. And a lot of meta-considerations to take into account.

        Sounds like you like Codeberg, though. Just out of curiosity, what sold you on Codeberg?

        • gian
          link
          fedilink
          English
          110 months ago

          Sounds like you like Codeberg, though. Just out of curiosity, what sold you on Codeberg?

          Basically the fact that they are in Europe and for now they are free (even if I am planning to contribute some euros) and without all the “every site need to be a social network” facade (like Github).
          All the features I need are present and I were not using the missing one anyway (like the CI). And I like to support an EU company ;-)

          Additionally it is a couple of years that I am trying to move away from US companies for every service I use, the move from Gitlab to Codeberg is the last one and came natural.

    • @[email protected]
      link
      fedilink
      510 months ago

      I still left my old and unmaintained projects on GitHub but I moved all my active projects to GitLab and any new projects go there too. I have them auto mirrored back to GitHub though as the more mirrors the better. I also recently set up a Codeberg mirror for some of my projects, though GitLab’s CI is what is keeping me on GitLab even though they nerfed the shit out of it and made it basically a requirement to host your own runners even for FOSS projects a year or two back. Still hate them for that and if Codeberg gets a solid CI option, leaving GitLab would make me happy. They too have seen quite a lot of enshittification in the years since Microsoft bought GitHub.

      • Baron Von J
        link
        310 months ago

        nerfed the shit out of it and made it basically a requirement to host your own runners even for FOSS projects a year or two back.

        Did they just reduce quotas (minutes?, cache storage?) or did they remove features? I’ve always used self-hosted runner

        • @[email protected]
          link
          fedilink
          210 months ago

          Drastically nerfed the quotas. FOSS projects with a valid license used to have GitLab Premium access to shared runners and now even FOSS projects with a valid license get a rather useless 400 minutes. They also require new accounts to add CC info just to use that paltry sum which means FOSS projects can’t rely on CI passing on forks to ensure a merge request passes the checks before merging, as even if you have project specific runners set up forks don’t use them and neither to MRs.

          I wish companies didn’t offer what they can’t support from the beginning rather than this embrace, extend, extinguish shit. I guess in GitLab’s case there was no extend, it was just embrace FOSS projects and let them set up CI pipelines and get projects depending on the shared CI runners as part of merge request workflow for a few years and then extinguish by yoinking that access away and fucking over everyone’s workflow, leaving us scrambling to set up project side runners and ruining checks on MRs.

          • @superbirra
            link
            110 months ago

            They also require new accounts to add CC

            just FYI you can still register w/o a cc but the option is hidden, only reachable via ‘sign in’ and then ‘register’: https://gitlab.com/users/sign_up

            that said they’re shit and need to die

  • youmaynotknow
    link
    fedilink
    3910 months ago

    I’m honestly blown away by whomever finds this surprising. This is Microsoft we’re talking about. Everything they touch turns into this. Taking what is not theirs, using it for profit, and not even giving credit where credit is due.

  • @inspxtr
    link
    24
    edit-2
    10 months ago

    Hold up, are you sure you can’t view Discussions or Wiki? Which sites can you not view them?

    I’m fine viewing them for public repos that I usually visit.

    Asking to make sure that Github is not slowly rolling out this lockdown.

    • @[email protected]OP
      link
      fedilink
      510 months ago

      Most probably. I was viewing discussions about podman, I could view them if directily opened from a link but it required login when navigated to linked pages and wiki

  • e$tGyr#J2pqM8v
    link
    fedilink
    13
    edit-2
    10 months ago

    I’m not a developer so I’m not very familiar with this world. But it kind of amazes me that the code for so many open source projects are hosted by Microsoft. Isn’t there a FOSS alternative? edit: seems Gitlab is an alternative. Then the question is, why are people using microsoft products?

    • @[email protected]OP
      link
      fedilink
      1910 months ago

      Github started independently and was amazing service(and still is except now its going downhill) but Microsoft acquired it it 2018

    • DacoTaco
      link
      10
      edit-2
      10 months ago

      The power of git ( the backbone of github ) comes in that you can easily take a repository and move it to a different server. Its like, 3 commands? ( git vlone, git add remote, git push ). So if people would leave github, nothing is lost :)

      • @[email protected]
        link
        fedilink
        English
        4
        edit-2
        10 months ago

        Github is designed to centralize git (as the word “hub” suggests). You can still migrate away code, issues and wikis, but contributors, followers, wiki editors, issue subscribers, visibility in general and github stars are locked in. Discoverability matters to projects trying to attract contributors.

        • DacoTaco
          link
          1
          edit-2
          10 months ago

          Agreed there, but its still a source control platform. Its still git. I’d argue the code is the most important part and followers, subscribers and stars (whatever those may do) are a secundairy functionality that a developer doesnt necesarily care about. The most important part is the git repo and everything linked with it imo

  • @[email protected]
    link
    fedilink
    1310 months ago

    They also broke some stuff with some javascript, I think. I’m using KDE’s web browser (Falkon) and it used to work well.

  • mozz
    link
    fedilink
    1110 months ago

    I’m still stuck on why I have to create a password-equivalent API token, and then store it on my hard drive if I want an at-all-convenient workflow.

    “We made it more secure!”

    “How is storing it on my hard drive more secure”

    “Just have it expire after a week!”

    “How is it more secure now, seems like now there are two points of failure in the system, and anyway I keep hearing about security problems in github which this hasn’t been a solution to any of them”

    “SHUT UP THAT’S HOW”

    • ISometimesAdmin
      link
      fedilink
      2210 months ago

      An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.

      Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.

      Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.

      And that’s just the tip of the iceberg. Lmk if you have questions, though.

      • mozz
        link
        fedilink
        -410 months ago

        Oh, API tokens in general, I think are great. As an additional layer of security between “I need my program to be able to access this API” and “I type my password”, they are great. My issue is with the specific way that github has implemented them.

        An API token is more secure than a password by virtue of it not needing to be typed in by a human.

        Remind me. When I create my API token, how do I provide it to git?

        Am I, more or less, forced to save my token to persistent storage in a way I wouldn’t be with a password? I realize that most people store either one in a password manager at this point. My point is, if you’re going to store your password-equivalent in a password manager, how have you achieved greater security as compared with storing a password in the same password manager? How is that not just adding another compromise vector?

        Phishing

        Remind me. Does making a system significantly more complex mean that phishing gets easier? Or harder?

        As an example, if someone can phish my password from me to compromise my security, is that better or worse than if they can either phish my password or else compromise my tokens? I remember this compromise for example, but I can’t remember whether it involved passwords or tokens.

        writing down passwords

        Remind me. Help me understand. Can someone write down their github password if the API token system exists? If they have to use it sometimes to log in to the web site anyway?

        and the fact that API tokens can have restricted scopes

        Yes. API tokens are a good system, in general, and restricting the scope of what they can do and making them time-limited are good reasons why.

        My argument is that, in general, (a) adding an additional point of access to a system without doing anything to disable the existing point of access, and (b) saving a password equivalent to someone’s system instead of having the “standard way” be for them to retype their password to authenticate each session but not have it saved anywhere, are both overall reductions in security.

        I get the motivation that github sometimes protects really critical stuff, and so it needs to be more secure. I am saying that their particular implementation of API tokens led to an overall reduction in security as opposed to an increase.

    • @[email protected]
      link
      fedilink
      110 months ago

      Never used it in GitHub, but in GitLab it is not password equivalent, you can restrict its usage.

      • @superbirra
        link
        310 months ago

        it’s obviously the same in github OP don’t know what is talking about lol

    • JackbyDev
      link
      fedilink
      English
      110 months ago

      Because of someone gets your API token they can only push and pull. If someone gets your password they can do anything

      • mozz
        link
        fedilink
        0
        edit-2
        10 months ago

        Let’s go over the attack vectors involved for different common workflows. I’m going to use the specific case of how I use git.

        1. Store passwords in pass, have them memorized and type them anew every time
        2. Store passwords in pass, store API tokens in OSX keychain

        Which is more secure? The thing that you’re saying is better-protected because it’s limited, doesn’t exist in workflow #1. The tokens aren’t limited to push and pull, because they’re limited to nothing.

        If someone gets my password in case #2, they can still do anything. That’s my central point – you haven’t removed any point of vulnerability, you’ve created another point of vulnerability and then mandated that people use it. And this isn’t an abstract issue; there are several compromises of github data stemming from people’s API tokens being compromised. My assertion is that in some of those cases, using case #1 instead of storing the API tokens would have prevented the compromise. Maybe I am wrong in that. I know that password compromises happen too. But my point is, you’re not preventing anybody from getting their password compromised. Someone can still steal my password out of pass. Someone who puts a keylogger on my computer will have the passwords to my OSX keychain and pass, both. You’re simply introducing another point of compromise, additional to password compromises, and mandated storage of your new password-equivalents on storage where before you at least had the option of memorizing them and typing them every time.

        Edit: And just to say it again, I have no problem with API tokens. If someone’s got an automated workflow set up, such that they have to set up a password-equivalent on their script that accesses github, they should absolutely create a usage-restricted API token and use that instead. I’m talking more specifically about the decision to ban people from typing their passwords when they want to interact with github, pretending that somehow that makes compromising the un-usage-restricted password impossible (when it doesn’t at all), and forcing people to store auth tokens in their local storage when they’d rather type their password every time.

  • UnfortunateShort
    link
    1110 months ago

    Compared to Gitlab, it definitely is shit already. And that has nothing to do with the artificial restrictions. God I hate this website. I appreciate their service, but the UI is genuinely trash.

  • @PoliticalAgitator
    link
    1010 months ago

    You don’t need the question mark. If something is for-profit (or can be used for profit) then sooner or later it will be enshittified.

    They have teams of people whose entire job is figuring out ways to wring a few more cents from somebody. Put them at the helm of a company that’s stood for 1000 years and they’ll be thrilled at how easy it will be to use that name to sell plastic dogshit at a premium price.

  • @10_dollar_banana
    link
    810 months ago

    What about the time they fired their artists and then immediately wrote a blog post congratulating themselves for making AI art from a model trained on the ex-employees’ art. Inspiring.

  • dinckel
    link
    410 months ago

    I don’t really feel like self-hosting a Git instance is a good idea for me personally, but I’ve been really happy with Gitlab for around 8 years now

    • asudox
      link
      1410 months ago

      Why? That’s a good thing.

      • @[email protected]
        link
        fedilink
        110 months ago

        You don’t need the question mark. If something is for-profit (or can be used for profit) then sooner or later it will be enshittified.

        They have teams of people whose entire job is figuring out ways to wring a few more cents from somebody. Put them at the helm of a company that’s stood for 1000 years and they’ll be thrilled at how easy it will be to use that name to sell plastic dogshit at a premium price.

        No. I am able to decide for myself, whether or not I need 2FA. A code via E-Mail is enough for me. If you feel like you need 2FA; feel free to enable it for yourself…

        • gian
          link
          fedilink
          English
          110 months ago

          A code via E-Mail is enough for me.

          Which basically is another type of 2FA…

            • gian
              link
              fedilink
              English
              010 months ago

              You are right. It is much worse, but hey, who am I to say to you how to protect your data ?

        • asudox
          link
          -1
          edit-2
          10 months ago

          Not sure how a company can turn a public digital key or a mathematically calculated number (both of them completely unlinked to your real identity in any way) to profit. But you do you I guess.

          • @[email protected]
            link
            fedilink
            210 months ago

            Well, I never said that. It just generally shows the direction, they are heading. They are literally FORCING you to enable that. I am not a baby. I don’t need a babysitter.