Recently, I was browsing an open source project I use a lot. "Sign in to search code on GitHub" was kinda discouraging to see.
Sure, I can clone it and run grep/ripgrep - but sometimes I like the ability to search the code on the browser.
Is it only GitHub where this is a restriction or GitLab is similar?
What's the state of nginx nowadays? Last I heard the original core team had fractured and formed two different forks while F5 continued to develop OG nginx, so there's three nginxes being developed in parallel now. Have the forks gained any traction?
The state of nginx is fine, similar to pfsense. Both made a "Plus" enterprise support offering, open source clones were forked, the originals remain dominant for enterprise and free users anyways. Not to detract from the great projects that are being worked on, like freenginx and opnsense.
the originals remain dominant for enterprise and free users anyways.
I'm a former pfSense user that reluctantly moved to OPNsense a handful of years ago after a lot of bad press around Netgate started circulating widely causing me to believe that support for the community offering might wane over time. I was under the impression that many people had moved off of pfSense for home use. I'm surprised by your assertion that it "remains dominant" for free users, and I wonder how you might know this?
OPNsense has been rock solid for me, btw. I was reluctant to switch only because of the time sink and perceived risk. Nobody wants to spend a weekend debugging VLAN tagging on their WAN port or some such. Luckily for me, there were no such issues when switching over.
pfSense maintains some momentum due to name recognition, but anyone who digs a little deeper will see that they're clowns and go with OPN instead.
Can you please cite some recent examples of this clownlike behavior?
Try compiling pfSense.
No, here's an even simpler task: try compiling packages for pfSense.
The clowns from Netgate made it unbelievably difficult, for no good reason other than being antagonist to the open source community.
Meanwhile, I've never tried building OPN but it looks well documented and can be added to a vanilla FreeBSD install. https://github.com/opnsense/core
They harassed the OPNsense team, registering a domain to besmirch them and then pretended to have nothing to do with it until ICANN got involved
Oh, and they knowingly shipped a broken and insecure Wireguard to their customers, and tried to use their FreeBSD commit status to force it upstream
This is the most recent one I'm familiar with. Jason D even had to get involved and there was a lot of bad blood.
Out of curiosity I googled 'pfsense clown' and found this thread: https://old.reddit.com/r/opnsense/comments/1ct683k/clown_mom...
OPNsense has been rock solid for me, btw
Well, it works.
But try to add some custom parameters to a daemon, which aren't listed on the page. Or try to run more routers than one. Or diag network states even on 4k monitor.
There are a thousands cuts using OPNsense in anything more than a home router. Despite ten years of trying this year I ripped it off where it was installed and replaced back with pfSense.
I did the same and while I never had any issues with pfSense staff being rude or condescending, I had experience such attitudes on multiple occasions with OPNSense staff, and that included my bug reports with fixes provided. I was scratching my head a lot wondering if “I was me, not them” but no, I saw this with others, too, and then realized there’s something wrong there. I don’t even bother reporting anything anymore because of that.
This is all very ironic because that kind of attitude was the main drive for many to move away from pfsense.
You know, for most projects, I'd think that'd be pretty...bad. Given that nginx only recently got dynamic module support, I'm curious how many people are out there having grown to build it from source, letting them switch upstreams a bit more easily. perhaps. maybe.
Pretty much every major nginx deployment I’m familiar with has been from source. Dynamic modules aren’t really that new but certainly post-date a lot of deployments. But also bigger deployments tend to want full control of which in-tree modules are compiled into nginx, which dependencies they pull in (for security and deployment reasons), and how quickly patches and security releases can be updated.
It also has a fairly simple from-source deployment with a fairly solid build script.
"new" is subjective -- I'll catch up with the times eventually, I'm sure :)
but yeah, I've had to write said script due to needing to compile in proprietary modules.
It's just a bit of CI glue, pretty straightforward and quick build -- thanking to it being written in C rather than C++.
nginx is one of the building blocks inside Kubernetes. I'd say it's doing okay and probably will for the foreseeable future. I've had the chance to look into the code base and it's relatively easy to read and work with, I doubt there will ever not be funding to have people contribute.
Nginx is not one of the building blocks of Kubetnetes. It's just an Ingress controller
And albeit Nginx ingress might be most popular, I see more Traefik and Envoy around me.
TEngine might be the most well-known fork
That ones new to me, I was aware of Angie and Freenginx which are both led by former nginx developers who left F5 after the acquisition. TEngine looks to be a much older fork but I can't find much recent discussion about it, though that may be because it's an Alibaba/Taobao project with a primarily Chinese userbase judging by the GitHub issues.
I wonder how the interim process is handled? They're accepting mailing list updates until the end of the year.
Does someone take the mailing list updates and manually PR them into Github? I've never actually used a mailing list so I'm curious how it works.
Remember Linus created git to help deal with an ever escalating inbox full of patches.
You have your history wrong here.
No I don’t. You’re confusing motivation with requirements. I’m talking about requirements.
But of advice. Outside of TV programming, when an American is talking about why a tool was created, they almost always mean its purpose, not its origin story. That inspiration story on TV is aimed at inventors. The people who use the tools don’t care, and it’s an anecdote for the rest of us.
I suspect that has something to do with that illusion we maintained of American Ingenuity. I don’t need the back story, what’s it for?
But of advice. Outside of TV programming, when an American is talking about why a tool was created, they almost always mean its purpose, not its origin story.
It's so bizarre you're giving advice here based on such strong assumptions. There was absolutely no need to bring nationality into this discussion at all.
You’re confusing motivation with requirements. I’m talking about requirements.
Or, they just disagree with your statement. It would have been better they say why though.
I'm sorry people are being dismissively snide and downvotive about this reasonable characterization of things (see: https://marc.info/?l=linux-kernel&m=111288700902396) because they think knowing the factoid that linux used bitkeeper is some kind of "epic own".
cough BitKeeper cough
Probably the same as with Mercurial before. Mailing lists are just regular emails that are automatically remailed to multiple recipients.
No, git is an email driven program, not a terrible-webapp driven program. You pipe the email into git am (if it's from mercurial insert hg-patch-to-git-patch into the pipeline, which iirc just rewrites date formats mainly?)
With a mailing list you download a patch and apply it with "git am", then push it to the repository -- as you are presumably the maintainer who has permission to do that, and assuming the patch is good. You basically just do code review through email and reading the patches with some git functions. It completely sucks in my opinion, but some people like it, or it's how they do things in those parts, etc. When in Rome...
Having done a similar rodeo in the past -- migrating a project to an actual code review tool that enforces some more rigid structure, over plain patch files -- the interim process will probably be something like:
- Previously, some key people were allowed to commit to trunk directly.
- They would read emails/patches, do code review, apply, and push them to trunk.
- For now, you can keep emailing people your patches like you did before. Nothing will change.
- But at a certain point, you'll have to use this new Other Method.
- So, you should probably get familiar with Other Method early, by using it in the meantime, so you can be ready.
- At some point, no more patch files will be accepted and you will have to use Other Method.
- In the meantime, the maintainers will do double-duty and handle both venues.
Most projects are small enough where the double-duty isn't so bad. Most people will switch quick enough and you probably aren't dealing with 1,000 patches. It sucks but the payoff is considered worth it.
Eventually once this is completed you can do things like stop pushing directly to trunk and handling all patches to main through the Other Method. But you don't have to do that. It does sound like they'll stop accepting email patches, though.
Around 15 or so years ago, when a lot of projects were moving from cvs/mailing lists to git, there were a plethora of perl scripts and other tools which automatically took the code and sent the commit to git, usually taking a "rules" file as input which stipulated how to match various email headers with git tags etc. No idea how many of them are still around or used, but there should be some
Centralise all the things.
There is too much stuff of GitHub. From a resiliency point of view and from a monopoly point of view this is bad.
Source control is not like other systems. It's (largely) a backup of stuff that is stored elsewhere. Resilience/ monopoly concerns are much less.
You must surely know that people use Microsoft GitHub for far more than source control, right?, with issue tracking, email notification, CI, and GitHub Actions.
I recently tried to get a small FOSS project to switch to Codeburg. The answer was "no" because the free CI for them let them catch some MacOS on Apple Silicon bugs (the devs don't have that hardware locally), and because they are already used to GitHub, making it easier to onboard people and review PRs.
So what's the problem? GitHub gives you a bunch of free stuff that would be pretty annoying/expensive to self host. Seems like a good deal.
If they remove some of that stuff, that would be worth complaining about. Until then, seems smart to take advantage of what GitHub is offering. Their CI isn't even super proprietary, you can basically just write bash scripts.
I pointed out that any "Resilience/ monopoly concerns" must consider more than source hosting.
The phrase "pretty annoying/expensive to self host" highlights the source of those concerns.
How could one "just write bash scripts" to support macOS if you don't have Apple hardware, as in my example?
If they remove some of that stuff, that would be worth complaining about.
By then it’s too late, because there’s no alternative.
^^ This. Git is a beautiful thing. Thanks again, Linus.
Quite the opposite, depending on how it’s used it is THE authoritative system for the code, which gets exponentially more valuable with more contributors
GitHub is pretty obviously more than just a git repo on a server.
Ah no it's great. I'm waiting until they fuck something major up and will start an off-boarding consultancy.
No different to SourceForge of the 90's apart from it had a kind of a community feel.
The worse headache is I would say there's a low two digit number of even engineers that when you say "git", they say, "github"?
I think it would've been a better choice to move to something they host like gitea or gitlab. nonetheless it's a step in the right direction, nobody should use mail+git in this day and age.
cough" Linux Kernel cough*
Just because Linux is still using it doesn't mean it's any good.
Ayup. Which is why it is heartbreaking to see Nginx move from Mercurial which is good to Git which sucks.
Thankfully, jujutsu exists so I can use a good version control system and still interoperate with the misguided who don't realize just how bad Git sucks.
Or it is good in that case, but that is true for very few projects.
Also thought this was a lost opportunity to favor gitlab. It's arguably a better choice overall.
wow! about time... weren't they using mercurial for the longest time too?
They could have moved to Sourcehut instead and kept using Mercurial.
I don't see that going well.
I like Sourcehut and I've very glad it exists. I almost personally detest its email-driven workflows. I don't claim that they're bad. Rather, I personally don't like that way of working at all. I'd far rather use GitLab or some random dev's Gitea/Forgejo server.
I think the point is to go where the community is, not further away from it.
Help me understand: they just migrated and already have 21k stars?
It was previously a read-only mirror.
Yup, here I was wondering why I already had it starred if this move only happened today, but then reached the same conclusion that it was probably a mirror repository before.
No, it looks like it's been available on GitHub for a while, but development wasn't done there: https://star-history.com/#nginx/nginx&Date
Stars on github are completely meaningless, since there are services online you can hire to increase stars.
In my project a considerable amount of stars come from blank accounts, that like also non-paying projects to avoid detection.
I moved to codeberg now for my non work projects.
does anyone use mercurial anymore?
Prosody, at least: https://hg.prosody.im/
And we're very happy with the choice :)
Mercurial has many neat features, and I much prefer working with it. I don't think Git is all bad, but I do feel sad that it has basically become an expectation that you use it, to the exclusion of all other options.
Big corpos like Google and Meta (sort of, at least)
I think it's disappointing that the default toolchain for collaborating on free and open source software includes GitHub which is very much not free and open source, and is backed by Microsoft which has a mixed history in regards to it's relationship with open source software.
I use it because its good right now. I used Windows until it turned bad (8) and Linux was easier.
If GitHub becomes shit I'm moving my projects off of there and that's that.
Hopefully your projects aren't too ingrained in the github ecosystem for migrating to be an issue. It's a bug tracker, a feature request tracker, a patch tracker ,a wiki, a release repository, plus an onramp to all sorts of azure functionality with gh actions.
Last time I checked Gitea can import PRs and issues!
I loved the tech design of Nginx when it came out. However eventually its Russian provenance became too risky for my use cases. Plus I began a moral boycott of all things Russian... where I can easily enough anyway. Plenty of other choices now for web servers compared to late 90s or early 2000s.
What do you use instead?
Is the dream of hg dead? It feels like everyone has "solved" the git-is-complicated problem by using essentially gui webtools to deal with it, but the point of the hg people was to make a tool that is simpler on the surface than git.
Sad day for everyone, but it was probably inevitable with the original devs gone and the project managed by suit-types. No one gets fired for buying Microsoft and all that.
Most of all, we can't wait to see all of your contributions, discussions and feedback, as we move into this next chapter for NGINX.
The real economic reason to open source part of your product.
There are some alternatives like https://grep.app or https://sourcegraph.com/search if you want fast live search, but at the end of the day these are services offered by companies, and rather expensive ones especially for free anonymous users, so you should probably at least accept that service providers can and do change things like this.
You can also run something like your own copy of Zoekt and then ingest repositories on demand though it isn't quite as instant. But if it's code you're already using extensively, it seems like it might be worth it. Maybe you can write some boondoggle to automatically ingest repos based on dependency metadata, even.
Github managed to provided search to free anonymous users since its inception in 2007, to mid-2023 when they introduced this new code search.
I would submit that this change is entirely business-related: it's a power-play to make people create accounts and stay logged in so they can track you better. It is not that they cannot afford it, it is that they are enshittifying the service to further their interests.
If they were really worried about money, they could lock it down completely so only paying customers could use the service at all... and then they'd lose a huge chunk of customers and lose all the prestige they build in convincing a huge pile of the world's free/open source software to use them as their hosting. So they don't do that - they keep all the prestige and the network effects by seeming _quite_ open, but they'll lock down _parts_ of the experience to try and force specific behaviour.
Indeed, you should. It should serve as a wake-up call that other people's services/platforms aren't under your control, and you can't rely on them to meet your needs.
Developers working on it have said it's due to performance reasons. I don't have a link handy, but it's in some HN thread.
They claimed the new search requires logins due to performance reasons... they have no reason, other than they want to use both the carrot and the stick in driving signups and logins, to take away their existing search, the one they didn't have a problem offering for 16 years, completely.
So those people are outright lying through their teeth? Got it.
You're just reasoning from negativity and cynicism. No evidence for anything. Other than "zomg they're bad".
I didn't say they were lying. It can be true that their new search is better but costlier to run. They can focus on that in their PR, along with how shiny and new the shiny new search is, to distract you that they are removing anonymous search and making the site worse.
Nobody made them turn off the old search, they chose that, and they bundled the two together in one PR push.
Fancy new search = carrot. Remove anonymous search = stick. Carrot and stick work together to drive more signups, more logins, more data tracked, more data sales, more money.
I completely understand where they're coming from.
Maintaining two separate search stacks for different user groups sounds like a nightmare. Multiply that by every feature that increases in complexity enough to bubble up on the cost-center metrics, and it for sure makes sense to prune complexity at the cost of secondary-feature functionality for anonymous requests.
Besides all of that - Github has zero obligation to provide Free services to users, let alone non-users.
The person you are responding to doesn't even want to make a free account yet expects to be able to use all of Github's services for free. That's some wild entitlement.
The disconnect here is unreal...
To be fair, definition of free depends. OPs argument was that they pay with data. That is not free if you think that you lose something. It is different question do we value it similarly.
Ok then, so that's like going to a restaurant and complaining the food costs money. Metaphoric "duh".
That's not accurate. GitHub is still getting lots of data from people without accounts, and providing open access helps them get more users in general.
If we have to do a restaurant analogy, it's like going to a restaurant (buffet?), opting out of premium, and still wanting access to a particular food item. It's not automatically ridiculous.
The OP is literally standing outside the restaurant looking through the window and complaining about not being allowed to eat for free.
This doesn't matter. If you want code search, you must log into a free account. Why is this controversial? Github isn't a charity - they don't exist to benefit freeloaders that won't even create a free account. Life doesn't need to be this hard folks...
Your version of the analogy makes no sense, because the people with accounts are also eating for free.
If data is payment, then both groups are paying.
If data isn't payment, then what is? Please elaborate on what distinguishes the groups, and how people with free github accounts fit into the analogy.
you two both have missed the obvious that recently it was deemed legal to scrape public sights, and GH has all the code, and other code based AI tools need training.
The parent complaining about creating a free account can just keep complaining, or create one, I don’t care. But this nonsense about cost for search is not the issue.
It's like going to a museum that houses all the world's great treasures because it's funded by billionaires and they outbid all the smaller, shabbier publically-owned museums that _could_ be housing them in their own countries.
The treasures belong to humanity, not the museum, but they get the honour of hosting them, and that glory reflects on their reputation (which they use to sell commercial artifact-hosting services).
Entry is completely free, and for 16 years they gave you a map as you entered. But now some marketing genius has decided you don't get a map unless you give them your name and address and join their "friends of the museum" marketing programme.
These are not good signs for someone who wants to be custodian of the world's great treasures. I would argue it would be better for the world if the treasures were housed in local museums instead.
Sure, and if they don't want to pay with data, then they don't get to use the free search. While I don't love it, it's well within GitHub's rights to set those terms. They pay the bills, they get to decide who uses it, and how.
The real problem is that a company like GitHub (now owned by Microsoft, of all companies, sheesh) has a strongly market-leading position in the idea of "publicly-hosted git repositories". Even if they were giving away everything fro free, and not tracking users, that would still be concerning.
If they didn't, most (all?) of the major OSS projects that use them would have to find an alternative.
Those major OSS projects are why Github is the "central" OSS hosting place.
If they move on, then it's unclear if GitHub would remain all that central after a few years. "Probably not" is my thought, though I could be wrong. :)
They should already be finding an alternative IMO: https://sfconservancy.org/GiveUpGitHub/
I have an account but github with forced 2fa is annoying to login with when I'm logged out. When your in the middle of something and suddenly have to go through a login flow, password manager, 2fa, just to look something up, maybe small, but I find it annoying
One day I’m going to share stories here of how the "Columbia House Record Club" worked to watch people assume the foetal position and rock themselves to horrified sleep.
Its not hard to understand why a service like exercism has no money. People want everything for free
Same with Twitter, tbh
I don’t begrudge them requesting an authorized user account for some cases. YMMV. They balance this against allowing more open access to other projects, features and functions. Their balanced approach seems reasonable.
The developers have also said that the new UI is an improvement. And yet…
Personally, I don't think this is a valid case of enshittifying. Products that you pay for that loses features or break or become more painful to use are enshittifying.
A free feature that stays free but requires you to make a free account (no credit card needed), I can see at least one very valid reason: if the feature heavier than a simple page (which is the case here), then it's an open door for DDOS attacks. Being able to track and ban/block the users that appear to participate in such an attack is totally valid.
The alternative is having to do captchas and the like to use those features anonymously, which is a pain both for user and for the devs/UI, and does feel more like the overall enshittification you are mentionning (even if it's a valid reason)
This is not the case. You may have noticed that Google Search, Bing, etc. don't require login or captcha to do a search. Billions of people use this search daily. And yet, they will throw a captcha at you, or even just say "you're a bot, stop bothering us" whether you're logged in or not, if their signals have detected what they consider abuse.
Clearly, their signals are not as naive as "anonymous user, require captcha / logged-in user, no checks required". Preventing DDOS != requiring login.
They like you logged in because they can add more data to their verified user identity and activity datasets and sell them for more money. They already make enough money to run the service despite all the anonymous usage, but they'd like more money, you see.
Github managed to offer anonymous search for 16 years before one day Microsoft took it away. Do you think it was due to DDOS attacks, or do you think it was a power-play to attract more sign-ups and logins?
For the last seven months, Google has pushed every non-login search from my house network through a captcha; the image captcha is typically five to infinite repetitions. Audio captcha works after a single run-through, except that it is frequently "unavailable" now.
I don't know why. Google won't tell me. They just started doing the same for YouTube: "Please login because we have detected malicious behavior from your network".
I know I'm not DDOSing them; I can see all our network traffic. They're just encouraging me to avoid using them.
You're probably blocking ads or blocking tracking in some fashion and denying them signals their naive models use to evaluate whether you're bot-or-not. It could be somewhat intentional but I'd lean towards it being an edge case they just don't care to address.
It's a big enough edge case that not caring to address it makes it intentional.
In my case, they block me on IPv6 since I use a Hurricane Electric IPv6 tunnel. It certainly used to be the case that my IPv6 connectivity was better and more performant down the tunnel than using my ISPs native IPv6. I have no idea what the situation is today.
My solution was to use a filtering DNS that always returns no AAAA records for domains ending in google.com. This works great and essentially solves the problems. I have to do the same for various netflix domains as well.
I'm dreading having to switch over to native IPv6 -- I don't even know how many /64s will be allocated to me (and how stable they will be).
This could very well be the answer. I'll go check.
I feel this. Recently _some_ company, I have no idea which, has decided my IP is malicious and refuses to serve my requests. This has effectively banned me from a few websites, including a government service I pay taxes for.
The joy of CGNAT.
Well maybe someone in your network or subnet is doing some abuse.
How mighty of you, a freeloading user in this specific situation, to assert Github has made "enough" money and therefore should offer you services at their own expense... you know, because you want it and therefore are entitled to it.
So what's the issue here, really? Make a free account and move on with life. Or clone the repo and search it locally if you need to. Or decide to take some principled stance and refuse to work with projects hosted on Github. It's your choice.
It’s Microsoft, one of the most successful companies in human history. A poorly formed moralistic argument about “entitlement” is absurd. They certainly feel entitled to every aspect of my life, as do most other Fortune 500 companies, I think I can safely desire not needing to log in during a damn search.
So again, because Microsoft has more money than you do, it entitles you to their services for free?
Where else in life does this logic apply?
Perhaps you waded into a conversation without even understanding the core complaint. You can search on Github without a user account, entirely for free. However, they do not provide context-based code search to non-users, despite it still being free.
If for whatever reasons you cannot possibly be bothered to create a free user account out of some irrational fear Github will sell your codebase search history to advertisers (laugh out loud, literally), then you don't get to use that feature. Clone the repo and search it yourself, or find a different deep-pocketed service that lets you mooch everything for free.
tldr; Why are freeloaders always the loudest complainers?
"more money than you" is a pretty crazy strawman of the actual comparison they made.
The general idea of imposing more user-friendliness on very large corporations is not a bad one.
This is not a "user-friendliness" issue by it's very definition. The OP is not even a user!
Perhaps you didn't read the conversation. The parent literally made the argument that Microsoft (ignoring that Github is a separate company) has plenty of money and therefore should provide this service for free even to non-users.
The service is free. A user account is free. It doesn't get more simple than this.
The naivety to believe the lack of a Github account somehow safeguards your browsing data is as hilarious as it is sad. Further, believing the creation of an account and searching code repositories somehow results in more ads is beyond hilarious.
This entire thread is pure insanity. Life doesn't need to be this difficult people. Create a throwaway account if you are so worried... or find some other service. You are not owed anything by Github - yet despite that they have made it trivially easy to benefit from their services at no cost to you.
They don't need an account to be a user, as you seem to acknowledge later in your comment: "The naivety to believe the lack of a Github account somehow safeguards your browsing data"
They said "one of the most successful companies in human history".
That has nothing to do with the parent's amount of money. It's not a human-comparable amount of money.
If the company had ten million dollars the parent wouldn't be making the same argument about size.
I have an account. That doesn't change how companies should work. And I find no "difficulty" in having a little discussion.
Yeah I am. They make mass market money and they use public infrastructure. If the population wants to impose rules on them, the population gets to. Like forcing them to pay taxes. That's money they owe me indirectly.
I don't get to make the decisions on my own, but I can say if I think a theoretical rule would be good.
The entire point of Google Search is to take in everyone, serve ads, and drive people to use other Google properties. Every user that has to jump through hoops in order to access Google Search is a net loss for them.
GitHub doesn't really care all that much if random anonymous users can use their search. Anon users can view source trees, wikis, etc. and check out code, which is more than enough for most people.
I think you and I don't know anything about what's going on there internally. I'm usually quick enough to assume the worst about actions Microsoft (of all companies!) takes, but even former GitHub employees have commented here that the new search system is much more resource-intensive than the old, and bots and scrapers were causing real problems. I choose to believe people who seem credible instead of playing the cynic and assuming everything is done with evil intentions and that everyone is lying to me.
Sure, they could build a big sophisticated system to figure out who to serve CAPTCHAs to, or who to outright ban, but why spend the time and money on that when they can just require a login, and the people they care about won't really care.
And sure, this move very well might drive some new signups. Maybe that's a net win for them. So what?
It raises the question of what will they hobble or take away next to fatten their bottom line. Will they continue to be good custodians of the real treasure, which is the projects that they host?
You may remember SourceForge was a popular hosting site. Ultimately, what caused a mass exodus was that they decided to let malware creators pay them money to wrap around the installer packages of the software they were hosting.
If you're not hosting your own project, there is always this risk. Question the motives of someone who offers to host your stuff "for free" ... and then alters the deal some point down the line.
The new GitHub search has some more advanced features than Google, Bing, etc. do, such as Regex: https://docs.github.com/en/search-github/github-code-search/...
Of course, they could have kept the old search (without advanced filters) open, but there is at least a sensible explanation why the new search requires being signed in.
As far as I can tell, mainline web search engines are mostly serving cached/canned responses these days. They get updated periodically but it's not the same as the late 90s or early 2000s when every search was run against large-scale content indexes. You can occasionally stack keywords or form unique enough queries that you force the engine to do real work, but getting this right seems to get harder and harder over time and their pool of content that's indexed seems to be broad but shallow now.
GitHub code search is still doing real searches and so is much more expensive to run.
Are you saying you want adds in GitHub search's results? Google, Bing, etc. make money showing you adds. Adding barriers of entry is much less in their interest. Their budget to optimize the search engine is likely much bigger than GitHub's one.
Github doesn't even serve ads. What exactly are you worried about? Your throwaway email being primary key #78,000,000 and having your visited repositories stored in another table?
I've never had any success creating a GitHub account with a throwaway email address.
The last time I tried, I'm pretty sure the email address was rejected right away, and the account couldn't be created.
Not being able to reasonably create an account there is certainly annoying when it comes to performing simple searches.
It has also prevented me from submitting new bug reports and adding information to existing bug reports for a number of open source projects over the years.
I'm always disappointed when I see an open source project using GitHub, because it makes contributing to that project more or less impossible.
I’ve gotten by with AnonAddy, so you may have success there too (unless they’ve blocked the domain since).
I deleted my account and moved my stuff when Microsoft took it over, and never looked back. A project on Github is a project i will not interact with. People have very short memories.
Microsoft serves ads though. I haven't looked through the terms and conditions, but I'd be amazed if it wasn't permitted for GitHub to give whatever they can glean from your data to their corporate overlord.
Yes, they send personal data to Microsoft for advertising purposes. https://docs.github.com/en/site-policy/privacy-policies/gith...
Yes. Microsoft is already siphoning data everywhere they can, why should I give them more?
Most people have their real name and e-mail there because they use it to sign code in trusted repositories, so it's easy to combine these data with other sources.
It's a change in direction, one by one these things change, one day, there are Ads, or your github repo search journey is being used to train the AI programmer to replace you in those very libraries and repos you develop expertise in.
There's no good to come of requiring people to log in for the consumer. Online Tracking is never good for the consumer.
As a fairly recently departed GitHub employee, I know with certainty that this change is primarily related to abuse. The search infrastructure (both old and new) is complicated and expensive to run, and anonymous search was abused at a remarkably large scale. DDoS against the anonymous search service was a big problem, but another was the presence of many very large search botnets that constantly scraped the site for secrets and other confidential data inadvertently made public. Long time users might remember that anonymous search was aggressively rate-limited on a per-IP basis, but the size of the search botnets grew to a scale that made this ineffective.
My personal opinion is that most enshittifying changes on GitHub are due to the proliferation of middle managers who are evaluated almost exclusively on speed-shipping net-new features at the expense of maintenance and incremental improvement of existing features.
It's worth mentioning here I think that github's code search is really quite good. I'm not trying to say that github can do no harm or that github "owning" OSS code hosting is a good thing, but the github search bar is a utility that IMO is worth the price of admission.
I think that sourcegraph maintains a similar quality OSS code search that can be searched for free but I have not personally used it.
The problem is that GH makes it the login process as painful as possible. Login tokens expire frequently, necessitating new logins. Logins require 2fa every time, which makes them extremely flow-breaking. Post-login you're not returned to the file you were on, so now you need to navigate back to search.
Logins are per domain and per device, so I end up dealing with this 4x per day if I'm using GitHub heavily. It's unnecessary.
This is not at all my experience with Github? I go through the 2fa flow maybe once a year, if that. I have to go through the SSO flow for my employer's private repositories once a day (which is my employer's policy, not Github's), but that properly redirects to the page I was trying to access.
Does your employer have a SSO flow that requires 2fa every time and doesn't redirect properly afterwards? That would be pretty annoying, but it's not Github's fault.
Happens even with my personal GitHub account across multiple browsers/operating systems.
Mine too. It wasn't always like this, but nowadays if I haven't accessed the site in a handful of days there's a good chance I'm logged out when I go. And it requires logging in, then mobile 2FA. It's very annoying.
Just to put this out there - but this doesn't actually sound that unreasonable.
Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.
What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.
Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.
Totally agree with all of that, and still find it (perhaps irrationally!) annoying when it happens.
Counter-anecdote. I cannot even remember the last time I was asked to log into Github, at the office, at home, on my laptop, and even on my phone.
Do you perhaps have a browser setting that nukes cookies/session data by any chance? Or perhaps use a VPN that might be tripping some sort of account protection mechanism?
Counter-counter, I share his experience as well and don't have any of those things. Just bog standard Chrome with no extensions.
What I do have, and I expect is relevant: frequent ~weeklong gaps where I don't access GitHub at all in this browser profile. I assume there's some medium-lived token that's refreshed when you access the site.
My experience is similar to yours, though I seem to have to login every other week or so it feels like (maybe it’s once a month I don’t know).
This feeling could also be exasperated though since while I only use a personal GitHub account, I access it frequently from the browser and app on numerous devices.
I can definitively say though that I need to login more than twice a year on any one device.
To me, ordinary login is one of the things they've genuinely improved over time I feel? I absolutely never deal with logins more than once a day per machine? With stuff like Passkey support now, I basically click two buttons in 1Pass and I'm logged in instantly on ~everywhere. I also feel like I never have my tokens expire.
I'm probably not doing the same stuff as you. It's sudo/elevated mode that really gets you I think, if you have no fast flow. Admittedly I don't add keys or anything like that very often.
GH Enterprise and public GH don't share tokens, so 1 login/day automatically becomes 2. Then, logins aren't shared across devices and 2 additional devices (phone and personal computer) makes 4 logins/day.
Not sure why GitHub expires tokens so quickly, but I can replicate it across every device I own and multiple accounts. Maybe they just don't like me?
I have never experienced this. I almost never have to log in after the initial login.
Yeah. I think they just don't like you. I log in probably once every 3 months or something, on every device. Nowhere close to every day.
Can I ask what country you're from? Maybe that has something to do with it?
It's to be more secure!
Of course then you can do everything with your never expiring ssh keys and application tokens… but that doesn't count :D
That's strange; I've been logged in to GitHub without having to re-log-in for.... a year or two now? I cannot remember the last time I had to log in. Maybe I visit the site more often, though, and that has something to do with it? Or the network you visit from is for some reason flagged as high-risk?
What? My login tokens haven’t expired in years. I don’t think I’ve had to sign in twice on the same computer ever
Interesting blog about how it works: https://github.blog/engineering/the-technology-behind-github...
You can change github.com to github1s.com to get VSCode in browser with fairly capable search without logging in. E.g. https://github1s.com/nginx/nginx
Alternatively the official site is vscode.dev.
That requires you to sign into github to open a github repo, which is what the OP was trying to avoid.
Or github.dev
I believe the search there uses Sourcegraph, so you can also search directly at https://sourcegraph.com/search. E.g. https://sourcegraph.com/search?q=repo:github.com/nginx/nginx...
I believe it was added when they made their search more advanced and presumably more resource intensive.
And yet, nothing stops them from continuing to offer their existing search to anonymous users. The search they have offered since inception.
They chose to take the existing search away from anonymous users to drive signups and logins. "Sign up and log in to get improved search" is not as compelling as "sign up and log in to get any search at all"
If you find searching locally cumbersome, you should know that you can do a "shallow" git clone which only downloads the most recent commit and is much faster than cloning the whole repo.
This thread from 9 months ago has a bunch of discussion on this. https://news.ycombinator.com/item?id=38432261
GitLab has had this long time.
Do you have to be logged in to open a repo with the web version of vscode on GitHub? If not, that could make for a Good Enough search interface. Try pressing `.` on a repo page to see if it works