return to table of content

Nginx has moved to GitHub

azzentys
83 replies
3d3h

Recently, I was browsing an open source project I use a lot. "Sign in to search code on GitHub" was kinda discouraging to see.

Sure, I can clone it and run grep/ripgrep - but sometimes I like the ability to search the code on the browser.

Is it only GitHub where this is a restriction or GitLab is similar?

aseipp
53 replies
3d2h

There are some alternatives like https://grep.app or https://sourcegraph.com/search if you want fast live search, but at the end of the day these are services offered by companies, and rather expensive ones especially for free anonymous users, so you should probably at least accept that service providers can and do change things like this.

You can also run something like your own copy of Zoekt and then ingest repositories on demand though it isn't quite as instant. But if it's code you're already using extensively, it seems like it might be worth it. Maybe you can write some boondoggle to automatically ingest repos based on dependency metadata, even.

amiga386
52 replies
3d2h

Github managed to provided search to free anonymous users since its inception in 2007, to mid-2023 when they introduced this new code search.

I would submit that this change is entirely business-related: it's a power-play to make people create accounts and stay logged in so they can track you better. It is not that they cannot afford it, it is that they are enshittifying the service to further their interests.

If they were really worried about money, they could lock it down completely so only paying customers could use the service at all... and then they'd lose a huge chunk of customers and lose all the prestige they build in convincing a huge pile of the world's free/open source software to use them as their hosting. So they don't do that - they keep all the prestige and the network effects by seeming _quite_ open, but they'll lock down _parts_ of the experience to try and force specific behaviour.

you should probably at least accept that service providers can and do change things like this.

Indeed, you should. It should serve as a wake-up call that other people's services/platforms aren't under your control, and you can't rely on them to meet your needs.

arp242
21 replies
3d2h

I would submit that this change is entirely business-related

Developers working on it have said it's due to performance reasons. I don't have a link handy, but it's in some HN thread.

amiga386
19 replies
3d1h

They claimed the new search requires logins due to performance reasons... they have no reason, other than they want to use both the carrot and the stick in driving signups and logins, to take away their existing search, the one they didn't have a problem offering for 16 years, completely.

arp242
18 replies
3d1h

So those people are outright lying through their teeth? Got it.

You're just reasoning from negativity and cynicism. No evidence for anything. Other than "zomg they're bad".

amiga386
17 replies
3d

I didn't say they were lying. It can be true that their new search is better but costlier to run. They can focus on that in their PR, along with how shiny and new the shiny new search is, to distract you that they are removing anonymous search and making the site worse.

Nobody made them turn off the old search, they chose that, and they bundled the two together in one PR push.

Fancy new search = carrot. Remove anonymous search = stick. Carrot and stick work together to drive more signups, more logins, more data tracked, more data sales, more money.

pcl
15 replies
2d23h

I completely understand where they're coming from.

Maintaining two separate search stacks for different user groups sounds like a nightmare. Multiply that by every feature that increases in complexity enough to bubble up on the cost-center metrics, and it for sure makes sense to prune complexity at the cost of secondary-feature functionality for anonymous requests.

Alupis
14 replies
2d23h

Besides all of that - Github has zero obligation to provide Free services to users, let alone non-users.

The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free. That's some wild entitlement.

The disconnect here is unreal...

nicce
7 replies
2d21h

The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free.

To be fair, definition of free depends. OPs argument was that they pay with data. That is not free if you think that you lose something. It is different question do we value it similarly.

Alupis
5 replies
2d20h

Ok then, so that's like going to a restaurant and complaining the food costs money. Metaphoric "duh".

Dylan16807
3 replies
2d19h

That's not accurate. GitHub is still getting lots of data from people without accounts, and providing open access helps them get more users in general.

If we have to do a restaurant analogy, it's like going to a restaurant (buffet?), opting out of premium, and still wanting access to a particular food item. It's not automatically ridiculous.

Alupis
2 replies
2d18h

The OP is literally standing outside the restaurant looking through the window and complaining about not being allowed to eat for free.

GitHub is still getting lots of data from people without accounts

This doesn't matter. If you want code search, you must log into a free account. Why is this controversial? Github isn't a charity - they don't exist to benefit freeloaders that won't even create a free account. Life doesn't need to be this hard folks...

Dylan16807
1 replies
2d16h

Your version of the analogy makes no sense, because the people with accounts are also eating for free.

If data is payment, then both groups are paying.

If data isn't payment, then what is? Please elaborate on what distinguishes the groups, and how people with free github accounts fit into the analogy.

tekknik
0 replies
3h42m

you two both have missed the obvious that recently it was deemed legal to scrape public sights, and GH has all the code, and other code based AI tools need training.

The parent complaining about creating a free account can just keep complaining, or create one, I don’t care. But this nonsense about cost for search is not the issue.

amiga386
0 replies
2d6h

It's like going to a museum that houses all the world's great treasures because it's funded by billionaires and they outbid all the smaller, shabbier publically-owned museums that _could_ be housing them in their own countries.

The treasures belong to humanity, not the museum, but they get the honour of hosting them, and that glory reflects on their reputation (which they use to sell commercial artifact-hosting services).

Entry is completely free, and for 16 years they gave you a map as you entered. But now some marketing genius has decided you don't get a map unless you give them your name and address and join their "friends of the museum" marketing programme.

These are not good signs for someone who wants to be custodian of the world's great treasures. I would argue it would be better for the world if the treasures were housed in local museums instead.

kelnos
0 replies
2d14h

Sure, and if they don't want to pay with data, then they don't get to use the free search. While I don't love it, it's well within GitHub's rights to set those terms. They pay the bills, they get to decide who uses it, and how.

The real problem is that a company like GitHub (now owned by Microsoft, of all companies, sheesh) has a strongly market-leading position in the idea of "publicly-hosted git repositories". Even if they were giving away everything fro free, and not tracking users, that would still be concerning.

justinclift
1 replies
2d16h

Github has zero obligation to provide Free services to users

If they didn't, most (all?) of the major OSS projects that use them would have to find an alternative.

Those major OSS projects are why Github is the "central" OSS hosting place.

If they move on, then it's unclear if GitHub would remain all that central after a few years. "Probably not" is my thought, though I could be wrong. :)

tayo42
0 replies
2d18h

I have an account but github with forced 2fa is annoying to login with when I'm logged out. When your in the middle of something and suddenly have to go through a login flow, password manager, 2fa, just to look something up, maybe small, but I find it annoying

smcnally
0 replies
2d19h

One day I’m going to share stories here of how the "Columbia House Record Club" worked to watch people assume the foetal position and rock themselves to horrified sleep.

pelasaco
0 replies
2d21h

Its not hard to understand why a service like exercism has no money. People want everything for free

fragmede
0 replies
2d23h

Same with Twitter, tbh

smcnally
0 replies
2d19h

I don’t begrudge them requesting an authorized user account for some cases. YMMV. They balance this against allowing more open access to other projects, features and functions. Their balanced approach seems reasonable.

inferiorhuman
0 replies
2d22h

The developers have also said that the new UI is an improvement. And yet…

HellzStormer
20 replies
3d2h

Personally, I don't think this is a valid case of enshittifying. Products that you pay for that loses features or break or become more painful to use are enshittifying.

A free feature that stays free but requires you to make a free account (no credit card needed), I can see at least one very valid reason: if the feature heavier than a simple page (which is the case here), then it's an open door for DDOS attacks. Being able to track and ban/block the users that appear to participate in such an attack is totally valid.

The alternative is having to do captchas and the like to use those features anonymously, which is a pain both for user and for the devs/UI, and does feel more like the overall enshittification you are mentionning (even if it's a valid reason)

amiga386
19 replies
3d2h

The alternative is having to do captchas and the like to use those features anonymously

This is not the case. You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search. Billions of people use this search daily. And yet, they will throw a captcha at you, or even just say "you're a bot, stop bothering us" whether you're logged in or not, if their signals have detected what they consider abuse.

Clearly, their signals are not as naive as "anonymous user, require captcha / logged-in user, no checks required". Preventing DDOS != requiring login.

They like you logged in because they can add more data to their verified user identity and activity datasets and sell them for more money. They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.

Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?

dsr_
7 replies
2d22h

For the last seven months, Google has pushed every non-login search from my house network through a captcha; the image captcha is typically five to infinite repetitions. Audio captcha works after a single run-through, except that it is frequently "unavailable" now.

I don't know why. Google won't tell me. They just started doing the same for YouTube: "Please login because we have detected malicious behavior from your network".

I know I'm not DDOSing them; I can see all our network traffic. They're just encouraging me to avoid using them.

smolder
1 replies
2d22h

You're probably blocking ads or blocking tracking in some fashion and denying them signals their naive models use to evaluate whether you're bot-or-not. It could be somewhat intentional but I'd lean towards it being an edge case they just don't care to address.

Dylan16807
0 replies
2d19h

It's a big enough edge case that not caring to address it makes it intentional.

pjsg
1 replies
1d20h

In my case, they block me on IPv6 since I use a Hurricane Electric IPv6 tunnel. It certainly used to be the case that my IPv6 connectivity was better and more performant down the tunnel than using my ISPs native IPv6. I have no idea what the situation is today.

My solution was to use a filtering DNS that always returns no AAAA records for domains ending in google.com. This works great and essentially solves the problems. I have to do the same for various netflix domains as well.

I'm dreading having to switch over to native IPv6 -- I don't even know how many /64s will be allocated to me (and how stable they will be).

dsr_
0 replies
5h8m

This could very well be the answer. I'll go check.

xcdzvyn
0 replies
2d3h

I feel this. Recently _some_ company, I have no idea which, has decided my IP is malicious and refuses to serve my requests. This has effectively banned me from a few websites, including a government service I pay taxes for.

noAnswer
0 replies
2d17h

The joy of CGNAT.

LtWorf
0 replies
2d20h

Well maybe someone in your network or subnet is doing some abuse.

Alupis
5 replies
2d23h

They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.

How mighty of you, a freeloading user in this specific situation, to assert Github has made "enough" money and therefore should offer you services at their own expense... you know, because you want it and therefore are entitled to it.

Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?

So what's the issue here, really? Make a free account and move on with life. Or clone the repo and search it locally if you need to. Or decide to take some principled stance and refuse to work with projects hosted on Github. It's your choice.

tourmalinetaco
4 replies
2d21h

It’s Microsoft, one of the most successful companies in human history. A poorly formed moralistic argument about “entitlement” is absurd. They certainly feel entitled to every aspect of my life, as do most other Fortune 500 companies, I think I can safely desire not needing to log in during a damn search.

Alupis
3 replies
2d20h

So again, because Microsoft has more money than you do, it entitles you to their services for free?

Where else in life does this logic apply?

Perhaps you waded into a conversation without even understanding the core complaint. You can search on Github without a user account, entirely for free. However, they do not provide context-based code search to non-users, despite it still being free.

If for whatever reasons you cannot possibly be bothered to create a free user account out of some irrational fear Github will sell your codebase search history to advertisers (laugh out loud, literally), then you don't get to use that feature. Clone the repo and search it yourself, or find a different deep-pocketed service that lets you mooch everything for free.

tldr; Why are freeloaders always the loudest complainers?

Dylan16807
2 replies
2d19h

"more money than you" is a pretty crazy strawman of the actual comparison they made.

The general idea of imposing more user-friendliness on very large corporations is not a bad one.

Alupis
1 replies
2d18h

The general idea of imposing more user-friendliness on very large corporations is not a bad one.

This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!

"more money than you" is a pretty crazy strawman of the actual comparison they made.

Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.

The service is free. A user account is free. It doesn't get more simple than this.

The naivety to believe the lack of a Github account somehow safeguards your browsing data is as hilarious as it is sad. Further, believing the creation of an account and searching code repositories somehow results in more ads is beyond hilarious.

This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.

Dylan16807
0 replies
2d16h

This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!

They don't need an account to be a user, as you seem to acknowledge later in your comment: "The naivety to believe the lack of a Github account somehow safeguards your browsing data"

Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.

They said "one of the most successful companies in human history".

That has nothing to do with the parent's amount of money. It's not a human-comparable amount of money.

If the company had ten million dollars the parent wouldn't be making the same argument about size.

This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.

I have an account. That doesn't change how companies should work. And I find no "difficulty" in having a little discussion.

You are not owed anything

Yeah I am. They make mass market money and they use public infrastructure. If the population wants to impose rules on them, the population gets to. Like forcing them to pay taxes. That's money they owe me indirectly.

I don't get to make the decisions on my own, but I can say if I think a theoretical rule would be good.

kelnos
1 replies
2d13h

The entire point of Google Search is to take in everyone, serve ads, and drive people to use other Google properties. Every user that has to jump through hoops in order to access Google Search is a net loss for them.

GitHub doesn't really care all that much if random anonymous users can use their search. Anon users can view source trees, wikis, etc. and check out code, which is more than enough for most people.

Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?

I think you and I don't know anything about what's going on there internally. I'm usually quick enough to assume the worst about actions Microsoft (of all companies!) takes, but even former GitHub employees have commented here that the new search system is much more resource-intensive than the old, and bots and scrapers were causing real problems. I choose to believe people who seem credible instead of playing the cynic and assuming everything is done with evil intentions and that everyone is lying to me.

Sure, they could build a big sophisticated system to figure out who to serve CAPTCHAs to, or who to outright ban, but why spend the time and money on that when they can just require a login, and the people they care about won't really care.

And sure, this move very well might drive some new signups. Maybe that's a net win for them. So what?

amiga386
0 replies
2d6h

Maybe that's a net win for them. So what?

It raises the question of what will they hobble or take away next to fatten their bottom line. Will they continue to be good custodians of the real treasure, which is the projects that they host?

You may remember SourceForge was a popular hosting site. Ultimately, what caused a mass exodus was that they decided to let malware creators pay them money to wrap around the installer packages of the software they were hosting.

If you're not hosting your own project, there is always this risk. Question the motives of someone who offers to host your stuff "for free" ... and then alters the deal some point down the line.

winkelmann
0 replies
2d22h

The new GitHub search has some more advanced features than Google, Bing, etc. do, such as Regex: https://docs.github.com/en/search-github/github-code-search/...

Of course, they could have kept the old search (without advanced filters) open, but there is at least a sensible explanation why the new search requires being signed in.

kbolino
0 replies
2d6h

As far as I can tell, mainline web search engines are mostly serving cached/canned responses these days. They get updated periodically but it's not the same as the late 90s or early 2000s when every search was run against large-scale content indexes. You can occasionally stack keywords or form unique enough queries that you force the engine to do real work, but getting this right seems to get harder and harder over time and their pool of content that's indexed seems to be broad but shallow now.

GitHub code search is still doing real searches and so is much more expensive to run.

HellzStormer
0 replies
2d5h

You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search.

Are you saying you want adds in GitHub search's results? Google, Bing, etc. make money showing you adds. Adding barriers of entry is much less in their interest. Their budget to optimize the search engine is likely much bigger than GitHub's one.

ZoomerCretin
7 replies
3d2h

it's a power-play to make people create accounts and stay logged in so they can track you better

Github doesn't even serve ads. What exactly are you worried about? Your throwaway email being primary key #78,000,000 and having your visited repositories stored in another table?

VancouverMan
2 replies
2d22h

I've never had any success creating a GitHub account with a throwaway email address.

The last time I tried, I'm pretty sure the email address was rejected right away, and the account couldn't be created.

Not being able to reasonably create an account there is certainly annoying when it comes to performing simple searches.

It has also prevented me from submitting new bug reports and adding information to existing bug reports for a number of open source projects over the years.

I'm always disappointed when I see an open source project using GitHub, because it makes contributing to that project more or less impossible.

tourmalinetaco
0 replies
2d21h

I’ve gotten by with AnonAddy, so you may have success there too (unless they’ve blocked the domain since).

encom
0 replies
2d21h

I deleted my account and moved my stuff when Microsoft took it over, and never looked back. A project on Github is a project i will not interact with. People have very short memories.

jen20
1 replies
3d2h

Microsoft serves ads though. I haven't looked through the terms and conditions, but I'd be amazed if it wasn't permitted for GitHub to give whatever they can glean from your data to their corporate overlord.

eesmith
0 replies
3d1h

Yes, they send personal data to Microsoft for advertising purposes. https://docs.github.com/en/site-policy/privacy-policies/gith...

Affiliates: Personal Data may be shared with GitHub affiliates, including Microsoft, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.
fph
0 replies
3d2h

Yes. Microsoft is already siphoning data everywhere they can, why should I give them more?

Most people have their real name and e-mail there because they use it to sign code in trusted repositories, so it's easy to combine these data with other sources.

authorfly
0 replies
3d2h

It's a change in direction, one by one these things change, one day, there are Ads, or your github repo search journey is being used to train the AI programmer to replace you in those very libraries and repos you develop expertise in.

There's no good to come of requiring people to log in for the consumer. Online Tracking is never good for the consumer.

sjshn
0 replies
2d20h

As a fairly recently departed GitHub employee, I know with certainty that this change is primarily related to abuse. The search infrastructure (both old and new) is complicated and expensive to run, and anonymous search was abused at a remarkably large scale. DDoS against the anonymous search service was a big problem, but another was the presence of many very large search botnets that constantly scraped the site for secrets and other confidential data inadvertently made public. Long time users might remember that anonymous search was aggressively rate-limited on a per-IP basis, but the size of the search botnets grew to a scale that made this ineffective.

My personal opinion is that most enshittifying changes on GitHub are due to the proliferation of middle managers who are evaluated almost exclusively on speed-shipping net-new features at the expense of maintenance and incremental improvement of existing features.

eblume
17 replies
3d3h

It's worth mentioning here I think that github's code search is really quite good. I'm not trying to say that github can do no harm or that github "owning" OSS code hosting is a good thing, but the github search bar is a utility that IMO is worth the price of admission.

I think that sourcegraph maintains a similar quality OSS code search that can be searched for free but I have not personally used it.

AlotOfReading
15 replies
3d2h

The problem is that GH makes it the login process as painful as possible. Login tokens expire frequently, necessitating new logins. Logins require 2fa every time, which makes them extremely flow-breaking. Post-login you're not returned to the file you were on, so now you need to navigate back to search.

Logins are per domain and per device, so I end up dealing with this 4x per day if I'm using GitHub heavily. It's unnecessary.

plorkyeran
7 replies
3d

This is not at all my experience with Github? I go through the 2fa flow maybe once a year, if that. I have to go through the SSO flow for my employer's private repositories once a day (which is my employer's policy, not Github's), but that properly redirects to the page I was trying to access.

Does your employer have a SSO flow that requires 2fa every time and doesn't redirect properly afterwards? That would be pretty annoying, but it's not Github's fault.

AlotOfReading
6 replies
2d23h

Happens even with my personal GitHub account across multiple browsers/operating systems.

mh-
2 replies
2d23h

Mine too. It wasn't always like this, but nowadays if I haven't accessed the site in a handful of days there's a good chance I'm logged out when I go. And it requires logging in, then mobile 2FA. It's very annoying.

Alupis
1 replies
2d22h

Just to put this out there - but this doesn't actually sound that unreasonable.

Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.

What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.

Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.

mh-
0 replies
2d22h

Totally agree with all of that, and still find it (perhaps irrationally!) annoying when it happens.

Alupis
2 replies
2d23h

Counter-anecdote. I cannot even remember the last time I was asked to log into Github, at the office, at home, on my laptop, and even on my phone.

Do you perhaps have a browser setting that nukes cookies/session data by any chance? Or perhaps use a VPN that might be tripping some sort of account protection mechanism?

mh-
1 replies
2d23h

Counter-counter, I share his experience as well and don't have any of those things. Just bog standard Chrome with no extensions.

What I do have, and I expect is relevant: frequent ~weeklong gaps where I don't access GitHub at all in this browser profile. I assume there's some medium-lived token that's refreshed when you access the site.

jaktet
0 replies
2d19h

My experience is similar to yours, though I seem to have to login every other week or so it feels like (maybe it’s once a month I don’t know).

This feeling could also be exasperated though since while I only use a personal GitHub account, I access it frequently from the browser and app on numerous devices.

I can definitively say though that I need to login more than twice a year on any one device.

aseipp
4 replies
3d2h

To me, ordinary login is one of the things they've genuinely improved over time I feel? I absolutely never deal with logins more than once a day per machine? With stuff like Passkey support now, I basically click two buttons in 1Pass and I'm logged in instantly on ~everywhere. I also feel like I never have my tokens expire.

I'm probably not doing the same stuff as you. It's sudo/elevated mode that really gets you I think, if you have no fast flow. Admittedly I don't add keys or anything like that very often.

AlotOfReading
3 replies
3d2h

GH Enterprise and public GH don't share tokens, so 1 login/day automatically becomes 2. Then, logins aren't shared across devices and 2 additional devices (phone and personal computer) makes 4 logins/day.

Not sure why GitHub expires tokens so quickly, but I can replicate it across every device I own and multiple accounts. Maybe they just don't like me?

samcat116
0 replies
3d1h

I have never experienced this. I almost never have to log in after the initial login.

aseipp
0 replies
2d13h

Yeah. I think they just don't like you. I log in probably once every 3 months or something, on every device. Nowhere close to every day.

Can I ask what country you're from? Maybe that has something to do with it?

LtWorf
0 replies
2d20h

It's to be more secure!

Of course then you can do everything with your never expiring ssh keys and application tokens… but that doesn't count :D

kelnos
0 replies
2d13h

That's strange; I've been logged in to GitHub without having to re-log-in for.... a year or two now? I cannot remember the last time I had to log in. Maybe I visit the site more often, though, and that has something to do with it? Or the network you visit from is for some reason flagged as high-risk?

acheong08
0 replies
3d2h

What? My login tokens haven’t expired in years. I don’t think I’ve had to sign in twice on the same computer ever

magnio
4 replies
3d2h

You can change github.com to github1s.com to get VSCode in browser with fairly capable search without logging in. E.g. https://github1s.com/nginx/nginx

nullify88
2 replies
3d2h

Alternatively the official site is vscode.dev.

bityard
0 replies
2d22h

That requires you to sign into github to open a github repo, which is what the OP was trying to avoid.

KTibow
0 replies
2d12h

Or github.dev

PhilipRoman
1 replies
3d2h

I believe it was added when they made their search more advanced and presumably more resource intensive.

amiga386
0 replies
3d2h

And yet, nothing stops them from continuing to offer their existing search to anonymous users. The search they have offered since inception.

They chose to take the existing search away from anonymous users to drive signups and logins. "Sign up and log in to get improved search" is not as compelling as "sign up and log in to get any search at all"

zaik
0 replies
2d19h

If you find searching locally cumbersome, you should know that you can do a "shallow" git clone which only downloads the most recent commit and is much faster than cloning the whole repo.

    git clone --depth 1 ...

nicce
0 replies
3d2h

Is it only GitHub where this is a restriction or GitLab is similar?

GitLab has had this long time.

corytheboyd
0 replies
3d2h

Do you have to be logged in to open a repo with the web version of vscode on GitHub? If not, that could make for a Good Enough search interface. Try pressing `.` on a repo page to see if it works

jsheard
19 replies
3d3h

What's the state of nginx nowadays? Last I heard the original core team had fractured and formed two different forks while F5 continued to develop OG nginx, so there's three nginxes being developed in parallel now. Have the forks gained any traction?

0x1ch
10 replies
3d2h

The state of nginx is fine, similar to pfsense. Both made a "Plus" enterprise support offering, open source clones were forked, the originals remain dominant for enterprise and free users anyways. Not to detract from the great projects that are being worked on, like freenginx and opnsense.

nicholasjarnold
9 replies
2d21h

the originals remain dominant for enterprise and free users anyways.

I'm a former pfSense user that reluctantly moved to OPNsense a handful of years ago after a lot of bad press around Netgate started circulating widely causing me to believe that support for the community offering might wane over time. I was under the impression that many people had moved off of pfSense for home use. I'm surprised by your assertion that it "remains dominant" for free users, and I wonder how you might know this?

OPNsense has been rock solid for me, btw. I was reluctant to switch only because of the time sink and perceived risk. Nobody wants to spend a weekend debugging VLAN tagging on their WAN port or some such. Luckily for me, there were no such issues when switching over.

SpecialistK
6 replies
2d20h

pfSense maintains some momentum due to name recognition, but anyone who digs a little deeper will see that they're clowns and go with OPN instead.

luckman212
5 replies
2d15h

Can you please cite some recent examples of this clownlike behavior?

guiambros
1 replies
2d11h

Try compiling pfSense.

No, here's an even simpler task: try compiling packages for pfSense.

The clowns from Netgate made it unbelievably difficult, for no good reason other than being antagonist to the open source community.

SpecialistK
0 replies
1d15h

Meanwhile, I've never tried building OPN but it looks well documented and can be added to a vanilla FreeBSD install. https://github.com/opnsense/core

IntelMiner
1 replies
2d13h

They harassed the OPNsense team, registering a domain to besmirch them and then pretended to have nothing to do with it until ICANN got involved

Oh, and they knowingly shipped a broken and insecure Wireguard to their customers, and tried to use their FreeBSD commit status to force it upstream

SpecialistK
0 replies
1d15h

This is the most recent one I'm familiar with. Jason D even had to get involved and there was a lot of bad blood.

justsomehnguy
0 replies
1d22h

OPNsense has been rock solid for me, btw

Well, it works.

But try to add some custom parameters to a daemon, which aren't listed on the page. Or try to run more routers than one. Or diag network states even on 4k monitor.

There are a thousands cuts using OPNsense in anything more than a home router. Despite ten years of trying this year I ripped it off where it was installed and replaced back with pfSense.

cromka
0 replies
2d7h

I did the same and while I never had any issues with pfSense staff being rude or condescending, I had experience such attitudes on multiple occasions with OPNSense staff, and that included my bug reports with fixes provided. I was scratching my head a lot wondering if “I was me, not them” but no, I saw this with others, too, and then realized there’s something wrong there. I don’t even bother reporting anything anymore because of that.

This is all very ironic because that kind of attitude was the main drive for many to move away from pfsense.

chrsig
2 replies
3d2h

You know, for most projects, I'd think that'd be pretty...bad. Given that nginx only recently got dynamic module support, I'm curious how many people are out there having grown to build it from source, letting them switch upstreams a bit more easily. perhaps. maybe.

ComputerGuru
1 replies
3d1h

Pretty much every major nginx deployment I’m familiar with has been from source. Dynamic modules aren’t really that new but certainly post-date a lot of deployments. But also bigger deployments tend to want full control of which in-tree modules are compiled into nginx, which dependencies they pull in (for security and deployment reasons), and how quickly patches and security releases can be updated.

It also has a fairly simple from-source deployment with a fairly solid build script.

chrsig
0 replies
3d1h

"new" is subjective -- I'll catch up with the times eventually, I'm sure :)

but yeah, I've had to write said script due to needing to compile in proprietary modules.

It's just a bit of CI glue, pretty straightforward and quick build -- thanking to it being written in C rather than C++.

Narhem
2 replies
2d14h

nginx is one of the building blocks inside Kubernetes. I'd say it's doing okay and probably will for the foreseeable future. I've had the chance to look into the code base and it's relatively easy to read and work with, I doubt there will ever not be funding to have people contribute.

nouney
1 replies
2d12h

Nginx is not one of the building blocks of Kubetnetes. It's just an Ingress controller

morbicer
0 replies
2d6h

And albeit Nginx ingress might be most popular, I see more Traefik and Envoy around me.

stepupmakeup
1 replies
3d2h

TEngine might be the most well-known fork

jsheard
0 replies
3d2h

That ones new to me, I was aware of Angie and Freenginx which are both led by former nginx developers who left F5 after the acquisition. TEngine looks to be a much older fork but I can't find much recent discussion about it, though that may be because it's an Alibaba/Taobao project with a primarily Chinese userbase judging by the GitHub issues.

xeromal
11 replies
3d3h

I wonder how the interim process is handled? They're accepting mailing list updates until the end of the year.

Does someone take the mailing list updates and manually PR them into Github? I've never actually used a mailing list so I'm curious how it works.

hinkley
6 replies
3d2h

Remember Linus created git to help deal with an ever escalating inbox full of patches.

layer8
3 replies
3d2h

You have your history wrong here.

hinkley
2 replies
3d1h

No I don’t. You’re confusing motivation with requirements. I’m talking about requirements.

But of advice. Outside of TV programming, when an American is talking about why a tool was created, they almost always mean its purpose, not its origin story. That inspiration story on TV is aimed at inventors. The people who use the tools don’t care, and it’s an anecdote for the rest of us.

I suspect that has something to do with that illusion we maintained of American Ingenuity. I don’t need the back story, what’s it for?

ruthmarx
0 replies
2d8h

But of advice. Outside of TV programming, when an American is talking about why a tool was created, they almost always mean its purpose, not its origin story.

It's so bizarre you're giving advice here based on such strong assumptions. There was absolutely no need to bring nationality into this discussion at all.

jraph
0 replies
2d12h

You’re confusing motivation with requirements. I’m talking about requirements.

Or, they just disagree with your statement. It would have been better they say why though.

juped
0 replies
3d2h

I'm sorry people are being dismissively snide and downvotive about this reasonable characterization of things (see: https://marc.info/?l=linux-kernel&m=111288700902396) because they think knowing the factoid that linux used bitkeeper is some kind of "epic own".

aryonoco
0 replies
3d2h

cough BitKeeper cough

layer8
0 replies
3d2h

Probably the same as with Mercurial before. Mailing lists are just regular emails that are automatically remailed to multiple recipients.

juped
0 replies
3d2h

No, git is an email driven program, not a terrible-webapp driven program. You pipe the email into git am (if it's from mercurial insert hg-patch-to-git-patch into the pipeline, which iirc just rewrites date formats mainly?)

aseipp
0 replies
3d2h

With a mailing list you download a patch and apply it with "git am", then push it to the repository -- as you are presumably the maintainer who has permission to do that, and assuming the patch is good. You basically just do code review through email and reading the patches with some git functions. It completely sucks in my opinion, but some people like it, or it's how they do things in those parts, etc. When in Rome...

Having done a similar rodeo in the past -- migrating a project to an actual code review tool that enforces some more rigid structure, over plain patch files -- the interim process will probably be something like:

- Previously, some key people were allowed to commit to trunk directly.

- They would read emails/patches, do code review, apply, and push them to trunk.

- For now, you can keep emailing people your patches like you did before. Nothing will change.

- But at a certain point, you'll have to use this new Other Method.

- So, you should probably get familiar with Other Method early, by using it in the meantime, so you can be ready.

- At some point, no more patch files will be accepted and you will have to use Other Method.

- In the meantime, the maintainers will do double-duty and handle both venues.

Most projects are small enough where the double-duty isn't so bad. Most people will switch quick enough and you probably aren't dealing with 1,000 patches. It sucks but the payoff is considered worth it.

Eventually once this is completed you can do things like stop pushing directly to trunk and handling all patches to main through the Other Method. But you don't have to do that. It does sound like they'll stop accepting email patches, though.

aryonoco
0 replies
3d2h

Around 15 or so years ago, when a lot of projects were moving from cvs/mailing lists to git, there were a plethora of perl scripts and other tools which automatically took the code and sent the commit to git, usually taking a "rules" file as input which stipulated how to match various email headers with git tags etc. No idea how many of them are still around or used, but there should be some

badgersnake
11 replies
2d22h

Centralise all the things.

There is too much stuff of GitHub. From a resiliency point of view and from a monopoly point of view this is bad.

abraae
7 replies
2d22h

Source control is not like other systems. It's (largely) a backup of stuff that is stored elsewhere. Resilience/ monopoly concerns are much less.

eesmith
3 replies
2d22h

You must surely know that people use Microsoft GitHub for far more than source control, right?, with issue tracking, email notification, CI, and GitHub Actions.

I recently tried to get a small FOSS project to switch to Codeburg. The answer was "no" because the free CI for them let them catch some MacOS on Apple Silicon bugs (the devs don't have that hardware locally), and because they are already used to GitHub, making it easier to onboard people and review PRs.

TillE
2 replies
2d17h

So what's the problem? GitHub gives you a bunch of free stuff that would be pretty annoying/expensive to self host. Seems like a good deal.

If they remove some of that stuff, that would be worth complaining about. Until then, seems smart to take advantage of what GitHub is offering. Their CI isn't even super proprietary, you can basically just write bash scripts.

eesmith
0 replies
2d13h

I pointed out that any "Resilience/ monopoly concerns" must consider more than source hosting.

The phrase "pretty annoying/expensive to self host" highlights the source of those concerns.

How could one "just write bash scripts" to support macOS if you don't have Apple hardware, as in my example?

badgersnake
0 replies
2d

If they remove some of that stuff, that would be worth complaining about.

By then it’s too late, because there’s no alternative.

game_the0ry
0 replies
2d22h

^^ This. Git is a beautiful thing. Thanks again, Linus.

fieldcny
0 replies
2d7h

Quite the opposite, depending on how it’s used it is THE authoritative system for the code, which gets exponentially more valuable with more contributors

badgersnake
0 replies
2d22h

GitHub is pretty obviously more than just a git repo on a server.

minkles
0 replies
2d22h

Ah no it's great. I'm waiting until they fuck something major up and will start an off-boarding consultancy.

doublerabbit
0 replies
2d22h

No different to SourceForge of the 90's apart from it had a kind of a community feel.

delfinom
0 replies
2d1h

The worse headache is I would say there's a low two digit number of even engineers that when you say "git", they say, "github"?

jacooper
5 replies
3d2h

I think it would've been a better choice to move to something they host like gitea or gitlab. nonetheless it's a step in the right direction, nobody should use mail+git in this day and age.

patmorgan23
3 replies
3d2h

cough" Linux Kernel cough*

jacooper
2 replies
3d2h

Just because Linux is still using it doesn't mean it's any good.

bsder
0 replies
2d21h

Ayup. Which is why it is heartbreaking to see Nginx move from Mercurial which is good to Git which sucks.

Thankfully, jujutsu exists so I can use a good version control system and still interoperate with the misguided who don't realize just how bad Git sucks.

Dr4kn
0 replies
2d23h

Or it is good in that case, but that is true for very few projects.

gchamonlive
0 replies
2d17h

Also thought this was a lost opportunity to favor gitlab. It's arguably a better choice overall.

randomman1131
4 replies
3d2h

wow! about time... weren't they using mercurial for the longest time too?

gpvos
3 replies
3d2h

They could have moved to Sourcehut instead and kept using Mercurial.

lagniappe
1 replies
3d2h

I don't see that going well.

kstrauser
0 replies
2d22h

I like Sourcehut and I've very glad it exists. I almost personally detest its email-driven workflows. I don't claim that they're bad. Rather, I personally don't like that way of working at all. I'd far rather use GitLab or some random dev's Gitea/Forgejo server.

dewey
0 replies
3d2h

I think the point is to go where the community is, not further away from it.

pachico
4 replies
3d2h

Help me understand: they just migrated and already have 21k stars?

ak217
1 replies
3d2h

It was previously a read-only mirror.

quectophoton
0 replies
2d21h

Yup, here I was wondering why I already had it starred if this move only happened today, but then reached the same conclusion that it was probably a mirror repository before.

LtWorf
0 replies
2d20h

Stars on github are completely meaningless, since there are services online you can hire to increase stars.

In my project a considerable amount of stars come from blank accounts, that like also non-paying projects to avoid detection.

I moved to codeberg now for my non work projects.

insane_dreamer
4 replies
2d23h

does anyone use mercurial anymore?

MattJ100
0 replies
2d20h

And we're very happy with the choice :)

Mercurial has many neat features, and I much prefer working with it. I don't think Git is all bad, but I do feel sad that it has basically become an expectation that you use it, to the exclusion of all other options.

incognito124
0 replies
2d22h

Big corpos like Google and Meta (sort of, at least)

gamepsys
3 replies
3d2h

I think it's disappointing that the default toolchain for collaborating on free and open source software includes GitHub which is very much not free and open source, and is backed by Microsoft which has a mixed history in regards to it's relationship with open source software.

lionkor
2 replies
2d22h

I use it because its good right now. I used Windows until it turned bad (8) and Linux was easier.

If GitHub becomes shit I'm moving my projects off of there and that's that.

gamepsys
1 replies
2d21h

Hopefully your projects aren't too ingrained in the github ecosystem for migrating to be an issue. It's a bug tracker, a feature request tracker, a patch tracker ,a wiki, a release repository, plus an onramp to all sorts of azure functionality with gh actions.

lionkor
0 replies
2d11h

Last time I checked Gitea can import PRs and issues!

syngrog66
1 replies
2d19h

I loved the tech design of Nginx when it came out. However eventually its Russian provenance became too risky for my use cases. Plus I began a moral boycott of all things Russian... where I can easily enough anyway. Plenty of other choices now for web servers compared to late 90s or early 2000s.

ruthmarx
0 replies
2d7h

What do you use instead?

noobermin
0 replies
1d9h

Is the dream of hg dead? It feels like everyone has "solved" the git-is-complicated problem by using essentially gui webtools to deal with it, but the point of the hg people was to make a tool that is simpler on the surface than git.

juped
0 replies
3d2h

Sad day for everyone, but it was probably inevitable with the original devs gone and the project managed by suit-types. No one gets fired for buying Microsoft and all that.

djha-skin
0 replies
2d18h

Most of all, we can't wait to see all of your contributions, discussions and feedback, as we move into this next chapter for NGINX.

The real economic reason to open source part of your product.