When was the last time a big feature that people are actually clamoring for was added to GitHub (and let's not pretend LFS fits that description)? Meanwhile you have the maintainers of the most popular projects publicly begging for changes they've been waiting years for, startups like ZenHub innovating on TOP of GitHub in the form of browser extensions, and then startups like GitLab poised to eat GitHub's lunch as soon as they figure out how to capture the social aspect.
I'm not sure what GitHub is spending the money on, but it sure as hell isn't on the core platform itself or keeping it's most active users happy.
That seems to be a common theme when startups try to grow.
GitHub raised $250 million last year and, as you mentioned, there's nothing externally visible to show for it (as consumers of their public platform). (random guess: the $250 million could have been $150-$200 million in cashing out stock to individuals (like crooked groupon shenanigans) then maybe $50 million for operations? How many billions of dollars does it take to write an issue tracker with more features than redmine from ten years ago?)
Same comments were making the rounds months ago too: https://news.ycombinator.com/item?id=10165681#up_10166913
All this gets back to a bigger trend we see these days: closed platforms are like governments (google, apple, github, twitter). We don't allow (sane, first-world) governments to exist without citizen representation. We must demand user-level representation in corporations running global scale closed platforms everybody relies on. Community powered social platforms don't exist without the community, and private corporations exercising extended "we don't give a crap about the users even though we have millions (or hundreds of millions) of them" patterns must be... corrected.
No Computation Without Representation.
I completely agree, I've never been able to take github seriously as a GUI -- (e.g. there is still no way to search commits).
> All this gets back to a bigger trend we see these days: closed platforms are like governments (google, apple, github, twitter).
I don't think it's the same to include Github into these, the main facility provided by github is simply a centralized host for your git repo, Git is FOSS and there are a number of alternatives.
Just an FYI. I've implemented commits search among other things for GitHub. You can learn more about it here:
Note the latest GitSense version doesn't include branch level code searching. I'm still testing this out, and I'll be releasing another GitSense update very soon, which also includes support for BitBucket.
And sometime next week, I'm going to start looking for beta testers for my indexing engine, which is what makes all of this possible. If you have 10,000 or less commits in your repository, you'll be able to install and use the indexing engine for free. However the free version won't include diff indexing, as that greatly increases the number of moving parts.
So doesn't that mean that your project is living on borrowed time? Why not build upon an open platform instead, one that you can control, one that can't be ripped out from under you?
Again, I don't mean this as criticism, I'm just very curious, because I don't understand.
- There is the indexing engine which was insanely hard to develop and is what makes my solution unique.
I've also uploaded some screenshots that shows how I monitor/manage indexing. Right now, my indexing engine can easily process 10s of thousands of repositories with millions of branches on a single machine. The indexers are designed to scale horizontally and developing them was insanely hard and that's what I'm really selling. There is a reason why GitHub stopped indexing commits a few years ago. And why Bitbucket has a 5 year old ticket about code searching:
Should the worst happen and I get shut out by GitHub and Atlassian, there is always GitLab, Gogs, etc. For now, I'm more than happy to build on top of GitHub and ensuring my solution works with their Enterprise offering.
The browser extension is nifty, but Connect provides a proper API for embedding custom views in the Bitbucket UI if you want something a bit more robust (i.e. it will still work even if we decide to change the DOM at some point in the future).
Somebody from Atlassian has reached out to me and I'll get back to them next week to see what can be done to get this working with the Connect framework.
I guess you mean commit messages, because you can search
the code on Github.
For the messages, if your repository is public you can use Google like this:
> Search all branches of all crawled repos for "change license"
> "change license" site:https://github.com/*/*/commits
> Search master branch of all crawled repos for "change license"
> "change license" site:https://github.com/*/*/commits/master
> Search master branch of all crawled twitter repos for "change license"
> "change license" site:https://github.com/twitter/*/commits/master
> Search all branches of twitter/some_project repo for "change license"
> "change license" site:https://github.com/twitter/some_project/commits
Just slapping a GUI to the command line interface wouldn't scale but given that they already support code search I don't understand why the don't support commit message search either.
The big difference here is "Community powered social platforms" don't pay a tax like citizens of the government do.
And, like some of us are trying to undo today, representation in a government/corporation skews heavily towards those that pay the bills.
I mean, when hasn't github been suffering from systemic internal issues? Drama is practically their whole schtick.
I don't think the fact that others have built tools on top of github means that github is lacking features, in the same way that the existence of github doesn't mean that git is lacking features.
On the other hand, seemingly ignoring your adoring fans asking for small changes is a bad move.
That said, still worth the money.
* Code browsing is terrible and without `octotree` I don't know what I would do.
* Organization view is a joke; once you have 50 repos, good luck finding anything there.
* There is no way of managing anything on higher level, only per repo. I can live with that but there are people who want to track issues across the projects. And then one ends up with JIRA for issue tracking (the horror!).
* Edit: code search is also a joke or even an insult
After all these years in business, GitHub website doesn't offer any insights into your git repo over git command line and is probably worse than command line for many use cases. That is simply disappointing.
Oh give me a break and get over yourself. An insult? Are you serious?
The 'brogrammers' just carry on as normal and some of their work is now adding features to help support enterprise requirements. Unless your sitting a cold calling sales rep next to my desk then who cares? Someone has to pay for that foosball table and fridge full of beers, let the sales people on a different floor do their job.
In a similar vein, enterprise customers tend to want different things than smaller customers do. This means that the features the teams have to work on will change, and some people may not be as interested in working on stuff they have no interest in using themselves.
A million times this. I currently work at an enterprise software firm, and this is exactly what happens with each new client.
In addition to the compressed timelines and ridiculous feature requests that must be honored... in terms of the product itself, you have to do one of the following:
1) Maintain separate codebases for each client, or
2) Build the application so it can handle different features for each client, since each client will want different things.
Neither course of action is nearly as pleasant as having products that are the same for all customers.
Engineers: "There goes our sprint"
Product Managers: "I'll be updating my resume..."
Maybe this is a trope from the 90s and 2000s or from a Scott Adams cartoon, but I disagree this is representative of most enterprise sales these days. Maybe I'm just spoiled, but every company I've worked at the past decade has had a knowledgeable sales force. I've been asked plenty of times, "can you add this feature for a huge customer?" and been able to say "no, that is not realistic for us to complete in a reasonable amount of time."
Every sale matters when you don't have customers, and if it means a little back-breaking work to get that first bit of revenue, I know very few companies with the fortitude to say 'No'.
Once the product has established a foothold, reputation, or repeatable sales process that works, product managers get an idea of exactly what it is that customers want, and across more than one data point. From that, they're able to communicate the exact value they provide to the sales team, and that sales team is able to approach customers with an actual, legitimate, proven value proposition.
It isn't until the product team really knows what they have that those requests become easier to turn down.
(Or at least, that's been my experience.)
They weren't promising Ferarris when we were building Maseratis, but they were definitely throwing in the undercoating and floor mats. Even now when I'm building and selling my own software products I do it. I literally do it to myself. In the end it helps evolve the product if you make a responsible claim you can get to.
It's the same old story: OS/2 was superior to DOS, Netscape was better than IE, Dreamcast was amazing, Amiga was ahead of its time, etc.
It's not just software. Shakespeare wasn't a popular playwright in his time, but now he's considered an icon. Were his plays therefore not great because, at the time they were written, no one wanted them?
Many good things are not popular or well-known. They are no less good.
In my experience, this happens because sales people come to the engineers and say "can we do [mad thing]?" and, engineers being engineers, go "yeah, sure, [possibly adding detail and constraints but the sales people stopped listening at 'yeah']". I've seen this many, many times.
Default answer out of any engineer's mouth should be "No." with optional coda of "But if you can tell me more about it, we might get to maybe."
Good thing this isn't some voluntary project but a massively funded commercial company. Since when must employees love every little thing they're doing?
This kind of BS culture is what runs companies into the ground the moment they need to actually build something that isn't "fun".
Without VC money, startups are led by "culture" (i.e. collective personality and desires of each member of the team). It has amazing results in the long-term.
With VC money, startups replace their culture (seen as irrelevant) by short-term expectations. Pressure , competition and hierarchy are built. Good for short/medium-term valuation. Terrible for long-term commitment.
The actual OP article at the top of this HN post doesn't have too much information. It is not new information (or at all unexpected) that there is some internal tension in GitHub over the companies growth. If it's a "crisis" now I'm curious, but the linked article does not provide much to back that up -- sounds like the paywall'd article might? The actual linked article is useless.
Here's your average glassdoor post:
Weh! Weh weh weh weh weh! Mih mih mih! Boo hoo! Poopy!
Six of one, half a dozen of another.
Their only real competitors were Bitbucket (which was originally Mercurial and was late to the git party) and Google Code (which was taken to pasture along with Wave and Reader). Bitbucket is not targeted at individual users. It is targeted at teams and companies. Atlassian has played in the small business/enterprise market for a while. As evidence by Atlassians "defeat" of FogBugz. http://movingfulcrum.com/why-fogbugz-lost-to-jira/ Google just kind of gave up on Google Code and closed the doors because it wasn't the biggest kid in the playroom.
Also the explosion of repo/package tools (Bundler, npm, cargo) and automation lead people towards browsing repos instead of static assets. Github provides a ton of tools to deploy to package managers like npm or PaaS's like Heroku dead easy. Github is not just a code repo, but a base for Continuous Deployment/Integration. "
Github would benifit from the platform route over the software route. A cloud based software repo isn't particularly special. A one stop for managing code, deploying software, working tickets, hosting docs, and more is special. Github has great tooling around pushes/commits but not issues/docs. Markdown is great if you're a browsing a repo, but isn't nice for non programmers. I would much prefer something like readthedocs.org integrated in.
Also github could look into offering services for enterprise customers. Github is fairly self service right now. They stand to make a fair amount of money charging for setting up deployments to AWS or Travis for you. Enterprise customers definitely overpay for simple stuff that could be done in an hour with proper docs.
When GitHub (which has always been cash-flow positive) took VC money, they said that it wasn't because they needed the money. Rather, they said that the money would be used to fund new projects and directions, and because it brought the VCs in as strategic partners.
Maybe the money did change things -- but the new directions weren't positive, and the strategy suggested by their partners wasn't as beneficial as they thought?
Running a local svn or git server is fairly trivial.
Okay, I guess that makes as much sense as anything really. I can see the advantage in something turnkey.
But yeah, I'd rather run GitLab.
Administrative assistants make coffee for the whole company still, and most of us bring in our own lunch and warm up in the lunch room (those that don't, either go get lunch, or don't eat it) - if you have plants at your desk, you do end up watering them yourself.
Yes, we do have contractors who clean the building for us, and a travel agent (as well as administrative assistants) to help us book travel.
If you're an technology oriented company, it was hard for me to fathom why running your own source control is too hard (we do, svn) - I hadn't considered the additional value-add from the github provided tooling.
Re: hiring & sales - on a semi tangential noet
Honestly, when I visited GH last year and met the very (few) women that worked there (they were all in marketing), (it was the UE4 workshop with like 3 women in attendance, great workshop, but I noticed more and more of the staff at happy hour (their bar) was filled with lots of marketing/sales people -- something I hadn't really experienced other times I visited, usually its more devs than those folks (marketing/sales).
It's basically a social networking site.
For real work, every company I've worked for in the past 5-10 years has used Atlassian tooling, either cloud-based or self-hosted. I have plenty of complaints about Bitbucket, but Atlassian OWNS the enterprise. And quite frankly, although it lacks GitHub's network effect for open-source projects... a lot of people prefer Bitbucket's interface, tooling, and pricing model for corporate team development (i.e. the situation for most PAYING users).
On this question, at least, I certain have used Atlassian's products. Jira I've used at a good handful of gigs, both contract and full time. And I have enjoyed using Bitbucket when I've had the chance - frankly I even prefer its interface that of Github. But the culture that has grown around Github makes it difficult to ignore if you're involved in open source, or if you want to share code publicly; it is the "go to" spot.
1: better Jira integration
2: no limit on number of projects
The second reason makes it very popular among small design/dev shops.
The perceived stagnation is likely a side-effect of scaling the operation to fit with increased demand and the growth and expectations of their private & enterprise (paying) customers, who have become notably more high profile as the years roll on. With it comes the difficulty and expense of providing a dependent, secure infrastructure and a more refined and audited code base to fit the needs.
It's a diverse community here and while some groups consistently demand feature freeze (hating on 'bloat', 'features coming from marketing', focus on 'core product'), others are only convinced that a products relevancy is based only on cutting edge features ('we need feature a, because b', 'product c is irrelevant because product d offers a'). To offer refinement that appeals to both camps is a delicate tightrope.
Meanwhile you have market speculation that would use in part a forum like this as a sounding board for some kind of consumer sentiment index.
The complaints with GitHub seem fairly incidental, people airing their grievances on the incumbent because the cost of moving is considered either a hassle or a big-deal. But moving is an option, and the perceived stagnation is building a better competition (that they fulfill the promise without other expenses is always the gamble). GitHub isn't without problems, and it does seem like some obvious community complaints that have stagnated, but once released it'll probably just be a case of 'finally, thanks, no love lost'.
In the end, Git by nature is decentralized, easily self hosted, and both GitLab and Phabricator provide interesting open-source environments. It's not exactly a one way street.
But maybe it was always going to be a tough market to corner? My prediction.. more posts on HN describing migration to a different system and how it solved everything.. and then the followup 12-24 months later. Oh well.
I wonder how much of a halo effect the enterprise contracts get from the open source community. People flock to github for their personal projects, and then recommend it at work when the need comes up because that is what people are familiar with.
I suspect the community is more of a golden goose than some people think. Kill the community and you'll kill the site. It's not like it's difficult to clone and upload a repository to some other site.
Oh my goodness. Is this article just plain wrong, or does a large enough subset of Silicon Valley & friends actually do this that they mistook that behavior as including the other 99% of the software development world?
That's a nice crisis to have.
That doesn't mean I'm not glad they all sit clear on the other side of the office in a quarantined section where they can extrovert at each other all day and leave the rest of us to code in peace.
This is hilarious and I am going to have to steal it! XD
Welcome to reality, GitHubbers. Not sure how else you expect a 500+ person company to run itself.
Where I work now, engineering is roughly a quarter of the company. The rest is made up of legal, compliance, business development, people ops and some other miscellaneous.
You know what? It's great. There are more extroverts in the office, people who go out to parties and invite me to things. Our happy hours are more lively. We play more beer pong instead of Halo. There are more women in the office. There is more laughter.
Bring in the enterprise. The company will make more money and grow and succeed, and the people will have a wider, more enjoyable variety of experiences.
And if people really don't like the mingling, they can choose to sit at the far side of the office in the dark by themselves, being passively sarcastic at others in IRC. They'll eventually leave and be replaced by happier people.
I work at a company where the dress can be anywhere from hoodies to jeans and collared shirts.
We have sales people who are really awesome and extroverted, yet they come in wearing hoodies, or hawaiian shirts on hawaiian shirt day, but also know how to dress more formally when necessary.
Let's be relaxed AND conforming at the same time!
Indeed. If anything, the beer culture has penetrated deeply in the startup world. I'd even say that it seems almost contrived at this stage, as if there's something amiss if there isn't beer in the fridge. Maybe the cargo cult extends to beer: "Everyone else is doing it, so we have to do it to."
Mind you, I have no problem with beer being made available in the office. But I wonder, at times, about why it happens.
I've spent time in small startups and large enterprises myself. An introvert, who chose to work in a sales-oriented Fortune 500 environment, could often write a very similar rant in reverse. Not only referencing plenty of sexism, but adding in a lot more racism and homophobia hints to boot.
Sorry your last gig wasn't a fit. Glad your new one is. Don't paint with too broad a brush.
I'm just hoping that, should GH fail, it hold off on failing until I learn Ruby sufficiently well to review the entire GL code base so I can deploy it with confidence.
EDIT: Yes, "with confidence" is a very important qualifier that is drastically important to the meaning of that sentence. It's not a prerequisite for deploying at all, but without reviewing the entire codebase I cannot feel confident about its security.
Where did I ever say I use Github with confidence?
I've answered this several times below: I use software all the time that I do not feel confident about.
My statement was about hopefully being able to use GitLab with confidence, which is a goal that is only attainable because I can deploy it on my own hardware. It's made easier by the fact that GitLab is open source.
If GitHub melted tonight, I'd jump on GitLab tomorrow, but I wouldn't feel confident about the security of my infrastructure.
That doesn't mean I feel confident about GitHub. AT ALL.
I'm not attacking GitLab.
I'm not inflating GitHub's security or importance.
All I'm saying is that I'll hopefully have the opportunity to review it before a nuclear GitHub meltdown forces me to blindly deploy it and not feel confident about it.
Can we all agree that that's an uncontroversial notion? Or is that too much to ask?
This thread has been a land mine of accusatory reactions, so I apologize for painting yours in a similar brush.
> I have seen people have a bias towards the quality of open-source software even though the closed-source alternative is opaque
Reverse engineering isn't hard, it's just a speed-bump.
I work on a lot of open source projects. At the risk of sounding self-promotional to on-lookers, I'd like to talk about one in particular:
Random_compat has been downloaded almost 2 million times (according to Packagist), incorporated into WordPress, Laravel, Symfony, etc. It's by far the most collaborative project that Paragon Initiative Enterprises has produced for the open source community.
Yet, until the most recent release, the documentation referred to a MCRYPT_CREATE_IV constant that does not exist. The correct constant is MCRYPT_DEV_URANDOM. Somehow, we all missed it.
"Open source is automatically more secure" is a fallacy. I just happen to like open source better, personally.
Aside: despite being downloaded ~1.9 million times, a grand total 30 people outside of Paragon have contributed to its development in some way so far. The "many eyes" are actually quite sparse, especially when it comes to security expertise. (I think it's reasonable to say those 30 represent much of the the upper 0.01% of security talent in the PHP community.)
It is unlikely that Gitlab has endured the kind of scrutiny Github's code has.
I will say that, as a rule, I don't believe I can ever trust Github, regardless of how good their team is. I treat every packet I send as "completely public" and every packet I receive as "possibly malicious", just like every other website on the Internet.
GitLab: it's at least possible for me to trust (i.e. if I self-host it).
(But I really do need to pick up Ruby sometime soon.)
I already answered this. Quoting my post above:
> so I can deploy it with confidence
Emphasis is important.
Background: I do application security consulting. Do you expect me to trust the code that other developers write without verifying that it's not a pile of lacey Swiss first?
Also, if I do find any bugs, I'll report them upstream (since they are open source) so my paranoia is probably going to be beneficial to other GitLab customers some day.
Not to speak badly about any of my peers in particular, but I've come in after other security auditing teams and found really obvious bugs that they've overlooked.
Though I usually give them the benefit of the doubt and omit my feelings when I write my report. Maybe it was a time constraint or a scoping issue that prevented them from seeing it? I have no way of knowing.
So, kudos for not having a single point of failure.
And you've never missed one, right?
Aside from this, your behavior in this thread is a very loud warning about working with you, particularly telling someone to learn to read below by linking to an app. Handle being questioned a bit better, if you can, and understand that seeing this immediately talks me out of using your services. (Even if you're an oracle who never makes a mistake, as you imply. I'll take my chances with someone a bit more professional.)
Have I overlooked really obvious bugs? None so far that I've been informed of.
I'm not careless when I get paid to audit a project. Of course, I know I'm not perfect either.
One time, I was writing a PoC implementation of AES-CBC and forgot to authenticate the IV (which was included in the message). Luckily, someone called me out on it very early on. (As a result, I'm also more likely to catch this kind of mistake in someone else's work.)
Making mistakes is part of the learning process. Making mistakes when assessing someone else's security is a very real danger. That's why I give GitLab kudos for using multiple organizations.
The moral to the story I was telling, albeit poorly, is that "I think you're doing the right thing by having multiple teams look at your project". But that was my fault for not expressing this clearly enough.
> Aside from this, your behavior in this thread is a very loud warning about working with you, particularly telling someone to learn to read below by linking to an app.
Nobody who contacts my employer deals with me directly. The person who handles clients has people skills. I do the technical heavy lifting.
So, please rest assured, that any "very loud warning" you're reading won't translate into the quality of services we provide, even if I am an asshole on my personal accounts.
> Handle being questioned a bit better, if you can, and understand that seeing this immediately talks me out of using your services. (Even if you're an oracle who never makes a mistake, as you imply. I'll take my chances with someone a bit more professional.)
I don't mind being questioned. I mind people demonstrating a blindness to the qualifiers I explicitly include in my statements.
And yet here I am, mentally blacklisting your company. Weird, right? Almost like team matters, and you carry a 'C' in your title, allegedly, so...
It was just informal advice to rein yourself in. Take it or leave it.
Okay, I'll take it. It's just really frustrating that this keeps happening even though I take care to choose my words very precisely. Especially qualifiers.
I don't know how to be more explicit than totally explicit. That doesn't even seem possible. Maybe I'm the idiot here.
This is a fallacy. You're putting words in my mouth, because I did not make that argument.
I do not use any software WITH CONFIDENCE that I haven't reviewed the entire codebase of.
I still use software I don't feel confident about using every day.
> How about the browser you're reading this with?
Use it, just not with confidence. I'm ready to wipe this computer's hard drive at the drop of a hat if it lets me down.
It's not an empty word, it's a very important semantic detail about what I was actually saying. It was chosen specifically and purposefully to transmit that information. If you dismissed it as "an empty word", then the fault of this miscommunication is on your end.
> You answered my question but first you prefaced with asking me why I can't read your mind.
You chose to discard the information I already provided. You don't need to read my mind when every clue you need to piece together the intended meaning is written on the screen in front of you. (Or, if you're blind, maybe you experienced it as an audio stream?)
Maybe this app will help?
That's not how you English.