Hacker News new | comments | show | ask | jobs | submit login
GitHub is apparently in crisis again (businessinsider.com)
162 points by walterbell 417 days ago | hide | past | web | 148 comments | favorite

I've been on GitHub since the earliest days, and I've definitely noticed that there's something going on -- or the lack of anything going on more like it.

When was the last time a big feature that people are actually clamoring for was added to GitHub (and let's not pretend LFS fits that description)? Meanwhile you have the maintainers of the most popular projects publicly begging for changes they've been waiting years for, startups like ZenHub innovating on TOP of GitHub in the form of browser extensions, and then startups like GitLab poised to eat GitHub's lunch as soon as they figure out how to capture the social aspect.

I'm not sure what GitHub is spending the money on, but it sure as hell isn't on the core platform itself or keeping it's most active users happy.

Agreed. There seems to be a lot of low-hanging fruit just... hanging there still waiting.

That seems to be a common theme when startups try to grow.

The trick is, I think GitHub stopped being a software company. At some point (after Tom left), GitHub was taken over by finance people to just pump money out of the VC system. Is there any other explanation for why GitHub The Corporation has completely stopped interacting with GitHub The Community?

GitHub raised $250 million last year and, as you mentioned, there's nothing externally visible to show for it (as consumers of their public platform). (random guess: the $250 million could have been $150-$200 million in cashing out stock to individuals (like crooked groupon shenanigans) then maybe $50 million for operations? How many billions of dollars does it take to write an issue tracker with more features than redmine from ten years ago?)

Same comments were making the rounds months ago too: https://news.ycombinator.com/item?id=10165681#up_10166913

All this gets back to a bigger trend we see these days: closed platforms are like governments (google, apple, github, twitter). We don't allow (sane, first-world) governments to exist without citizen representation. We must demand user-level representation in corporations running global scale closed platforms everybody relies on. Community powered social platforms don't exist without the community, and private corporations exercising extended "we don't give a crap about the users even though we have millions (or hundreds of millions) of them" patterns must be... corrected.

No Computation Without Representation.

> GitHub raised $250 million last year and, as you mentioned, there's nothing externally visible to show for it

I completely agree, I've never been able to take github seriously as a GUI -- (e.g. there is still no way to search commits).

> All this gets back to a bigger trend we see these days: closed platforms are like governments (google, apple, github, twitter).

I don't think it's the same to include Github into these, the main facility provided by github is simply a centralized host for your git repo, Git is FOSS and there are a number of alternatives.

> there is still no way to search commits

Just an FYI. I've implemented commits search among other things for GitHub. You can learn more about it here:


Note the latest GitSense version doesn't include branch level code searching. I'm still testing this out, and I'll be releasing another GitSense update very soon, which also includes support for BitBucket.

And sometime next week, I'm going to start looking for beta testers for my indexing engine, which is what makes all of this possible. If you have 10,000 or less commits in your repository, you'll be able to install and use the indexing engine for free. However the free version won't include diff indexing, as that greatly increases the number of moving parts.

I don't want to pooh-pooh anyone's hard work--please don't misunderstand me--but I am legitimately curious: why put so much effort into building a house of cards upon a foundation of shifting sand? Your project is completely dependent on GitHub's reliability, integrity, and goodwill. It could implement its own version of your enhancements and render yours obsolete. Arguably, it should do that, because what's the point of relegating useful enhancements to third-party products?

So doesn't that mean that your project is living on borrowed time? Why not build upon an open platform instead, one that you can control, one that can't be ripped out from under you?

Again, I don't mean this as criticism, I'm just very curious, because I don't understand.

You have a valid point, but what isn't obvious is my technology isn't really dependent on GitHub. The only thing that can cripple me is Git becoming less vogue. There are two parts to my technology:

- There is the front end which is 100% JavaScript and this is important since it allows me to build on top of existing web solutions like GitHub

- There is the indexing engine which was insanely hard to develop and is what makes my solution unique.

I've attached some screenshots that shows how I'm using my JavaScript technology to integrate with Bitbucket here:


I've also uploaded some screenshots that shows how I monitor/manage indexing. Right now, my indexing engine can easily process 10s of thousands of repositories with millions of branches on a single machine. The indexers are designed to scale horizontally and developing them was insanely hard and that's what I'm really selling. There is a reason why GitHub stopped indexing commits a few years ago. And why Bitbucket has a 5 year old ticket about code searching:


Should the worst happen and I get shut out by GitHub and Atlassian, there is always GitLab, Gogs, etc. For now, I'm more than happy to build on top of GitHub and ensuring my solution works with their Enterprise offering.

Nice one! Looks very slick. I'm a dev attached to Bitbucket, I'm curious if you've seen the Bitbucket Connect framework:


The browser extension is nifty, but Connect provides a proper API for embedding custom views in the Bitbucket UI if you want something a bit more robust (i.e. it will still work even if we decide to change the DOM at some point in the future).

I looked at Bitbucket Connect, but it looks like everything is done via iframe for obvious security reasons. This doesn't appear to be the case with Bitbucket server.

Somebody from Atlassian has reached out to me and I'll get back to them next week to see what can be done to get this working with the Connect framework.

That's very interesting. Thanks.

The same can be said of anything built on top of the Twitter's and Facebook's of the world. Of course there is risk, but there is also some reward there too that is possible. It is a good question, but almost any API published by a corporation has risk of it being ripped out from under you.

> there is still no way to search commits

I guess you mean commit messages, because you can search the code on Github.

For the messages, if your repository is public you can use Google like this:

   > Search all branches of all crawled repos for "change license"
   >       "change license" site:https://github.com/*/*/commits
   > Search master branch of all crawled repos for "change license"
   >    "change license" site:https://github.com/*/*/commits/master
   > Search master branch of all crawled twitter repos for "change license"
   >    "change license" site:https://github.com/twitter/*/commits/master
   > Search all branches of twitter/some_project repo for "change license"
   >    "change license" site:https://github.com/twitter/some_project/commits
Source: technosaurus [1], Stackoverflow [2].

[1] http://stackoverflow.com/users/1162141/technosaurus

[2] http://stackoverflow.com/a/29710705

You cannot do this for private repos? Anyways besides that, just having to know these hacks means there is absolutely no sense in committing to using a GUI tool when all of this is adequately implemented in command-line. Why a company with estimated worth at billion dollars+ can't add something as simple as commit message search though -- I don't know.

No you can't do this for private repos and it's kind of a hack anyway.

Just slapping a GUI to the command line interface wouldn't scale but given that they already support code search I don't understand why the don't support commit message search either.

>Community powered social platforms don't exist without the community, and private corporations exercising extended "we don't give a crap about the users even though we have millions (or hundreds of millions) of them" patterns must be... corrected.

The big difference here is "Community powered social platforms" don't pay a tax like citizens of the government do.

And, like some of us are trying to undo today, representation in a government/corporation skews heavily towards those that pay the bills.

Whenever a company stops communicating frequently and candidly with its core user base (even if they are free tier users), then you know they are suffering from systemic issues internally and probably are or will be on the decline.

> you know they are suffering from systemic issues internally

I mean, when hasn't github been suffering from systemic internal issues? Drama is practically their whole schtick.

When I went to a GitHub-organized meetup in Berlin a few years back, they bragged how a bunch of them decided to rent a place in the city for a few months, to work at day and party at night, I realized they were maybe a bit too chillaxed.

What's wrong with that?

Would you prefer they worked all day and all night as well?

Maybe they are completely unrelated, but when ever I hear about GitHub being in trouble, I first think back to meritocracy being divisive issue. Of course, removing a rug shouldn't have any direct impact, but the top level management mentality that will do something like that may not be the best type of management for being innovative or getting things done. Getting things done is divisive in the same way that meritocracy is divisive.

For my team's (~20 people) uses, Github (and the tools we and others develop ontop of it) meets our needs amazingly well and literally would be 100% worth the price at 10X the cost.

I don't think the fact that others have built tools on top of github means that github is lacking features, in the same way that the existence of github doesn't mean that git is lacking features.

On the other hand, seemingly ignoring your adoring fans asking for small changes is a bad move.

It's funny you mention that, because I'm on a team of 7 who are really struggling with GitHub now. There are so many things that we know don't work, or could be better (which I have reported).

That said, still worth the money.

Can you give some examples?

I love GitHub but IMHO GitHub could use a bit of a shake up.

* Code browsing is terrible and without `octotree` I don't know what I would do.

* Organization view is a joke; once you have 50 repos, good luck finding anything there.

* There is no way of managing anything on higher level, only per repo. I can live with that but there are people who want to track issues across the projects. And then one ends up with JIRA for issue tracking (the horror!).

* Edit: code search is also a joke or even an insult

After all these years in business, GitHub website doesn't offer any insights into your git repo over git command line and is probably worse than command line for many use cases. That is simply disappointing.

Also the mobile website sucks badly. "We'll just hide all the things except the top of this README" is not the right way to optimize for a small screen.

> Code search is also a joke or even an insult

Oh give me a break and get over yourself. An insult? Are you serious?

Not having a case sensitive search option for codesbases that are often case sensitive is definitely a special kind of cruel joke.

It's true that "an insult" is over the top, but please don't go there in response.

I don't understand why this is an issue for the current employees. Surely you hire a bunch of sales people and a bunch of consultants to help with on-boarding/support and place them in a separate floor or building. They don't really need to interact with developers.

The 'brogrammers' just carry on as normal and some of their work is now adding features to help support enterprise requirements. Unless your sitting a cold calling sales rep next to my desk then who cares? Someone has to pay for that foosball table and fridge full of beers, let the sales people on a different floor do their job.

Enterprise sales people can make a habit of selling things that the product can't currently do, and then forcing engineering to make it a reality on a compressed timeline because "this is a deal we can't afford to lose." Repeatedly. No idea if that's happeing at GitHub, but I've seen it happen a few other places, and it sucks for the engineering and product teams even if the sales people are in a different state.

In a similar vein, enterprise customers tend to want different things than smaller customers do. This means that the features the teams have to work on will change, and some people may not be as interested in working on stuff they have no interest in using themselves.

> Enterprise sales people can make a habit of selling things that the product can't currently do, and then forcing engineering to make it a reality on a compressed timeline because "this is a deal we can't afford to lose."

A million times this. I currently work at an enterprise software firm, and this is exactly what happens with each new client.

In addition to the compressed timelines and ridiculous feature requests that must be honored... in terms of the product itself, you have to do one of the following: 1) Maintain separate codebases for each client, or 2) Build the application so it can handle different features for each client, since each client will want different things.

Neither course of action is nearly as pleasant as having products that are the same for all customers.

3.) The ball of spaghetti rolls downhill, agglobulating ALL THE FEATURES, along with forty-seven hundred switches and configuration options controlling them, resulting in a combinatorial explosion of possible system states and code paths, and you end up with something that sends email, has a social feed, group chat rooms, a home-brew scripting language, some half-baked custom charting and reporting, theming and customization options, and no idea what in the hell you originally set out to build. Oh, and dashboards. People love dashboards for some reason.

I'm impressed, it's almost an exact description of the product in my company, only thing we don't have (yet) is group chat rooms. And yes it's pretty horrible experience developer wise.

I think you just summed up why no one's been able to kill off craigslist. CL kept it simple, stuck to what they did best and hardly added any features.

And restricted access to their data + cease-and-desisted anyone who wanted to augment the CL experience. They're still in business because they are shrewd and have the critical mass required to maintain their monopoly, not because they have a killer product.

I find it hard to find fault anyone who resists 3rd parties attempting to Embrace and Extend ("augment") their product. It is pretty obvious to me that getting disintermediated from your users lowers the value you offer & makes you a disposable part of the stack: as soon as the 'augmenters' become popular enough, they'd replace CL with a home-grown solution

Or, alternatively, "I know we have our product, but these guys don't want it. Instead they want this [custom engineering project] that's tangentially related to our core product. They are offering to pay lots of money for us to ignore our main product and add [cancerous project] to it, at which point we can surely sell it to tons more customers!!

CEO: "$$$!!!"

B.D.: "Pivot!"

Engineers: "There goes our sprint"

Product Managers: "I'll be updating my resume..."

I actually lol'd reading this because it's true.

> sales people can make a habit of selling things that the product can't currently do

Maybe this is a trope from the 90s and 2000s or from a Scott Adams cartoon, but I disagree this is representative of most enterprise sales these days. Maybe I'm just spoiled, but every company I've worked at the past decade has had a knowledgeable sales force. I've been asked plenty of times, "can you add this feature for a huge customer?" and been able to say "no, that is not realistic for us to complete in a reasonable amount of time."

I think that overselling is a trait of young companies, really.

Every sale matters when you don't have customers, and if it means a little back-breaking work to get that first bit of revenue, I know very few companies with the fortitude to say 'No'.

Once the product has established a foothold, reputation, or repeatable sales process that works, product managers get an idea of exactly what it is that customers want, and across more than one data point. From that, they're able to communicate the exact value they provide to the sales team, and that sales team is able to approach customers with an actual, legitimate, proven value proposition.

It isn't until the product team really knows what they have that those requests become easier to turn down.

(Or at least, that's been my experience.)

I've never worked for a company with a sales organization that had a blatant disregard for what we could do, but everywhere I've ever worked there was usually a promise of something that we couldn't quite do out of the box, or a level of speed that wasn't normal. A perfect example would be integration to SSO systems like PingFederate or Tivoli, et al. Maybe the prospective customer needed a certain type of report that wasn't already built in. In the early days it was supporting a different application server than we'd typically been deploying to.

They weren't promising Ferarris when we were building Maseratis, but they were definitely throwing in the undercoating and floor mats. Even now when I'm building and selling my own software products I do it. I literally do it to myself. In the end it helps evolve the product if you make a responsible claim you can get to.

You are indeed lucky. I would guess the companies you worked at were profitable?

It's gotten better since the 90s. There are more people in sales with some dev background and therefore at least a bit of a clue.

I've seen it happen within the last 12 months.

Sales people don't make this happen, management makes this happen. An org within a company only has as much power as management gives it.

No, do not wave away Sales' culpability in this. Those in Sales are adults, who are fully capable of taking responsibility for their actions.

Their responsibility is to bring in income.

It follows that sales teams should rob banks.

Your point?

Yes, and sales are put under pressure by management to make numbers come hell or high water.

As someone who used to sit between the engineering and sales teams from the engineering side, I actually empathize with the sales teams more than most engineers. You aren't there to write code in a vacuum. There are a lot of time it IS a deal you can't afford to lose.

I'd much rather lose my job because we couldn't meet crazy sales expectations, than lose it cause our tech was great & no one wanted it.

Really? Either way you lose your job, but one way you built a great product that couldn't get noticed, while the other way you are considered to have failed at building the product.

A product that no ones wants is not a great product. Great software != great product.

You seem to be tying marketing into the definition of a product, as if a product cannot be great unless it's well-known. This makes no sense. A product can be great and still be obscure relative to competitors, even inferior ones. cf. Windows vs. Linux, IE vs. Firefox during the browser wars, etc.

It's the same old story: OS/2 was superior to DOS, Netscape was better than IE, Dreamcast was amazing, Amiga was ahead of its time, etc.

It's not just software. Shakespeare wasn't a popular playwright in his time, but now he's considered an icon. Were his plays therefore not great because, at the time they were written, no one wanted them?

Many good things are not popular or well-known. They are no less good.

> Enterprise sales people can make a habit of selling things that the product can't currently do, and then forcing engineering to make it a reality

In my experience, this happens because sales people come to the engineers and say "can we do [mad thing]?" and, engineers being engineers, go "yeah, sure, [possibly adding detail and constraints but the sales people stopped listening at 'yeah']". I've seen this many, many times.

Default answer out of any engineer's mouth should be "No." with optional coda of "But if you can tell me more about it, we might get to maybe."

> some people may not be as interested in working on stuff they have no interest in using themselves.

Good thing this isn't some voluntary project but a massively funded commercial company. Since when must employees love every little thing they're doing?

This kind of BS culture is what runs companies into the ground the moment they need to actually build something that isn't "fun".

Why did you use the word 'brogrammers' instead of programmers?

Because of GitHub's cultural issues towards women and sexism. I.e. the whole Julie Ann Horvath/Tom Preston-Werner/Zach Holman incident.

0 of those people are now at GitHub.

Why do the sales people need to be on a different floor?

the smell

You can't have it both ways. If you raise money from VCs, their expectation is to have a huge return. Things that have worked when you are a small startup will not work when you get bigger in order to grow enterprise revenues. If those people really wanted it to be "the way it was" then raising money goes counter to that.

This isn't surprising. I'm gonna generalize:

Without VC money, startups are led by "culture" (i.e. collective personality and desires of each member of the team). It has amazing results in the long-term.

With VC money, startups replace their culture (seen as irrelevant) by short-term expectations. Pressure , competition and hierarchy are built. Good for short/medium-term valuation. Terrible for long-term commitment.

This seems to be just re-reporting an article linked to, which is behind a paywall. Anyone have it? https://www.theinformation.com/what-happened-at-github?token...

The actual OP article at the top of this HN post doesn't have too much information. It is not new information (or at all unexpected) that there is some internal tension in GitHub over the companies growth. If it's a "crisis" now I'm curious, but the linked article does not provide much to back that up -- sounds like the paywall'd article might? The actual linked article is useless.

It's BusinessInsider, an SEO-clickbait operation. It's the HuffPo meets the Sun of Uber.

GitHub has to have revenue to continue to operate. I'd rather GitHub go down the road of enterprise and other paid contracts, rather than going down the road of becoming SourceForge and all the ickiness that that entailed.

They have revenue and are cash-flow positive. Their problem is that they aren't profitable enough to give good returns on the investments made in them, not that they're in any danger of going out of business.

I wish they would be happy to service accounts like mine at $100/month. I prune all the time to stay on my grandfathered plan and not get bumped to $300/month. That said, we are moving most of our private repos which do not require outside collaborators to our self-hosted gitlab. Bonus -- gitlab comes with CI! -- another product I can skip paying XXX/month for. Lest you think we free ride, we've made substantial contributions to gitlab through our paid open source internships.

Thanks for contributing to GitLab. Glad to hear you like CI

Has anyone noticed that the GitHub reviews on Glassdoor.com only start from May 19th, 2015? Have they been deleting bad reviews? Seems really suspicious.


No, I did not notice that. And that's because glassdoor is such a whiney bitch-fest that being on that site sucks even harder than wading through the dogshit on linked in.

Here's your average glassdoor post:

  Weh! Weh weh weh weh weh! Mih mih mih! Boo hoo! Poopy!
Besides, every one knows that a good PR department will just spam the living shit out of a site like that, and bury negative posts. It's glassdoor's entire business model. And that's certainly something any a-list website can afford to do. All it costs is a handlful for copy editors and some thirdworld developer salaries.

It does look a little strange that there are entries actually missing though - that's quite different to being buried.

Glassdoor removes negative reviews if you advertise with them. Also if you know the right people who work there (source: my current bosses friend from college works there, and he was bragging to me about how he got them to pull all our negative reviews. One of which I wrote).

>Glassdoor removes negative reviews if you ~~advertise with~~ bribe them.

Six of one, half a dozen of another.

Git is a steps away from being decried as "monoculture". Everything is on github because everyone uses it, and everyone uses it because everything is on github. Github won for a few reasons.

Their only real competitors were Bitbucket (which was originally Mercurial and was late to the git party) and Google Code (which was taken to pasture along with Wave and Reader). Bitbucket is not targeted at individual users. It is targeted at teams and companies. Atlassian has played in the small business/enterprise market for a while. As evidence by Atlassians "defeat" of FogBugz. http://movingfulcrum.com/why-fogbugz-lost-to-jira/ Google just kind of gave up on Google Code and closed the doors because it wasn't the biggest kid in the playroom.

Also the explosion of repo/package tools (Bundler, npm, cargo) and automation lead people towards browsing repos instead of static assets. Github provides a ton of tools to deploy to package managers like npm or PaaS's like Heroku dead easy. Github is not just a code repo, but a base for Continuous Deployment/Integration. "

Github would benifit from the platform route over the software route. A cloud based software repo isn't particularly special. A one stop for managing code, deploying software, working tickets, hosting docs, and more is special. Github has great tooling around pushes/commits but not issues/docs. Markdown is great if you're a browsing a repo, but isn't nice for non programmers. I would much prefer something like readthedocs.org integrated in.

Also github could look into offering services for enterprise customers. Github is fairly self service right now. They stand to make a fair amount of money charging for setting up deployments to AWS or Travis for you. Enterprise customers definitely overpay for simple stuff that could be done in an hour with proper docs.

Sighhhh, all the real info is in a buried link. Great encapsulation of both everything wrong with web journalism and web audiences, since the article is paywalled and I'm too cheap to subscribe.


I'm sensing some very, very strong irony here.

When GitHub (which has always been cash-flow positive) took VC money, they said that it wasn't because they needed the money. Rather, they said that the money would be used to fund new projects and directions, and because it brought the VCs in as strategic partners.

Maybe the money did change things -- but the new directions weren't positive, and the strategy suggested by their partners wasn't as beneficial as they thought?

We moved from GitHub to Gitlab (mostly self hosted), honestly - Gitlab is just so much better in almost every way. We find the UI (recently) so much more intuitive, Gitlab CI is fantastic when combined with Docker, they're far more transparent and pro open source, their dev and management team will do almost anything to listen and help you, the configuration and customisation of the self hosted omnibus install is almost fantastic, they've been squashing bugs and releasing features rapidly while also decreasing the number of regressions introduced and improving their test suit across the board.

Should we be worried about this? Sounds like there's some growing pains at Github but is this really trending toward some kind of meltdown?

I mean there's still a bunch of people paying for the service. Worst case scenario is a stagnation, which gives enough time for things to migrate somewhere else.... but really it probably isn't even close to getting there. It sounds more like the culture there is changing, and what you can expect is a platform that is better for an all integrated enterprise and less of a platform that is great for open source and community.

Why would someone (specifically a large enterprise) outsource source control?

Running a local svn or git server is fairly trivial.

At GitLab we learned that indeed large enterprises don't outsource it, they run something (GitHub Enterprise, GitLab CE/EE, etc.) on-premises.

The nearly 4B market cap public company I work at uses gitlab to host our internal repositories. It works really well for us, we get a lot of the benefits of github, but we have control.


Okay, I guess that makes as much sense as anything really. I can see the advantage in something turnkey.

Large organizations do it for different reasons. To use their own directory service (LDAP/AD), to more easily integrate it with their other tooling, to be in control of where their data is, to have more control over availability, to be able to add layers of security (VPN, etc.).

They'll give you a VM with everything in it to run locally.

But yeah, I'd rather run GitLab.

Seconded with the strongest possible level of agreement. Though it seems github has an on-prem product for enterprises, how much value could they provide on top of a cheaper (or free) option of gitlab and such?

Watering plants and cooking food is also fairly trivial, perhaps our employees should do that too!

I don't work at a startup.

Administrative assistants make coffee for the whole company still, and most of us bring in our own lunch and warm up in the lunch room (those that don't, either go get lunch, or don't eat it) - if you have plants at your desk, you do end up watering them yourself.

Yes, we do have contractors who clean the building for us, and a travel agent (as well as administrative assistants) to help us book travel.

If you're an technology oriented company, it was hard for me to fathom why running your own source control is too hard (we do, svn) - I hadn't considered the additional value-add from the github provided tooling.

Gitlab as mentioned in the original article is actually a fairly decent alternative for github. The biggest advantage as I see it is that you can self-host the open source version so you don't have to host the crown jewels of your company (the source code) under care of github's servers.

Hm, who actually uses GitLab or Atlassian? Who else is getting lots of users en masse at this level that they become dependent on the software, if GH goes down, there goes a ton of open source and indie devs who depend on it. Re: enterprise sales, well that's startup life for you.

Re: hiring & sales - on a semi tangential noet

Honestly, when I visited GH last year and met the very (few) women that worked there (they were all in marketing), (it was the UE4 workshop with like 3 women in attendance, great workshop, but I noticed more and more of the staff at happy hour (their bar) was filled with lots of marketing/sales people -- something I hadn't really experienced other times I visited, usually its more devs than those folks (marketing/sales).

My personal "resume" side projects are hosted on GitHub, and my current company mirrors its open source stuff there also. But in neither case is GitHub really being used as a team collaboration tool. Also, we're not paying a dime since all repos are public.

It's basically a social networking site.

For real work, every company I've worked for in the past 5-10 years has used Atlassian tooling, either cloud-based or self-hosted. I have plenty of complaints about Bitbucket, but Atlassian OWNS the enterprise. And quite frankly, although it lacks GitHub's network effect for open-source projects... a lot of people prefer Bitbucket's interface, tooling, and pricing model for corporate team development (i.e. the situation for most PAYING users).

They're pretty big on Atlassian where I work, so we're all Bamboo, Jira, HipChat, and Stash(now hosted BitBucket or something if we were up to date) and if we were to go with a hosted git solution, we'd almost certainly go with BitBucket.

I don't use Github. I do use Bitbucket. Now my stuff is mostly single dev, for fun projects. I've never particularly liked the Github forced social presence. And I prefer mercurial over git for my vcs.

>Hm, who actually uses GitLab or Atlassian?

On this question, at least, I certain have used Atlassian's products. Jira I've used at a good handful of gigs, both contract and full time. And I have enjoyed using Bitbucket when I've had the chance - frankly I even prefer its interface that of Github. But the culture that has grown around Github makes it difficult to ignore if you're involved in open source, or if you want to share code publicly; it is the "go to" spot.

Bitbucket is generally used for two reasons:

1: better Jira integration 2: no limit on number of projects

The second reason makes it very popular among small design/dev shops.

Also private repos for free. That's a big attraction even for individuals and small groups.

GitHub got off the ground on-selling an emerging open-source product as a service with some innovations around data visualizations / analytics and community structure, customized for the web. Their growth really comes down to the right set of features at the right time, a low friction setup, good price point and good flow of communication with their user base.

The perceived stagnation is likely a side-effect of scaling the operation to fit with increased demand and the growth and expectations of their private & enterprise (paying) customers, who have become notably more high profile as the years roll on. With it comes the difficulty and expense of providing a dependent, secure infrastructure and a more refined and audited code base to fit the needs.

It's a diverse community here and while some groups consistently demand feature freeze (hating on 'bloat', 'features coming from marketing', focus on 'core product'), others are only convinced that a products relevancy is based only on cutting edge features ('we need feature a, because b', 'product c is irrelevant because product d offers a'). To offer refinement that appeals to both camps is a delicate tightrope.

Meanwhile you have market speculation that would use in part a forum like this as a sounding board for some kind of consumer sentiment index.

The complaints with GitHub seem fairly incidental, people airing their grievances on the incumbent because the cost of moving is considered either a hassle or a big-deal. But moving is an option, and the perceived stagnation is building a better competition (that they fulfill the promise without other expenses is always the gamble). GitHub isn't without problems, and it does seem like some obvious community complaints that have stagnated, but once released it'll probably just be a case of 'finally, thanks, no love lost'.

In the end, Git by nature is decentralized, easily self hosted, and both GitLab and Phabricator provide interesting open-source environments. It's not exactly a one way street.

But maybe it was always going to be a tough market to corner? My prediction.. more posts on HN describing migration to a different system and how it solved everything.. and then the followup 12-24 months later. Oh well.

> They are not the real golden goose for the company. The big money comes from enterprise contracts.

I wonder how much of a halo effect the enterprise contracts get from the open source community. People flock to github for their personal projects, and then recommend it at work when the need comes up because that is what people are familiar with.

I suspect the community is more of a golden goose than some people think. Kill the community and you'll kill the site. It's not like it's difficult to clone and upload a repository to some other site.

Github feels like a services company, not software. Maybe they always have been. But that means they may lack the talent to deliver enterprise-level features. Their API and extremely coarse permission don't even let you build your own. If that's your problem then it makes sense to bring in a new VP of Engineering. But the new CEO certainly hasn't done anything to inspire confidence since he took over.

>if GitHub goes down, the software development world practically stops

Oh my goodness. Is this article just plain wrong, or does a large enough subset of Silicon Valley & friends actually do this that they mistook that behavior as including the other 99% of the software development world?

I use Github for a lot of things. When it goes down, I just delay pushing a commit for a little while.

"The company has reportedly always been cash-flow positive ..."

That's a nice crisis to have.

back at the times Sun made a separate Sun Federal to firewall those activities from the rest of the company. I think GitHub can do the similar trick, ie. create GitHub Enterprise.

Good, it outgrew its usefulness (making Git popular). Now that there are better priced / open-source alternatives GitHub is on a course to irrelevancy.

Repeat after me coders: Sales is not evil.

Of course, my job wouldn't exist without the sales people bringing work into the company.

That doesn't mean I'm not glad they all sit clear on the other side of the office in a quarantined section where they can extrovert at each other all day and leave the rest of us to code in peace.

> where they can extrovert at each other all day

This is hilarious and I am going to have to steal it! XD


They are not evil unless you hire the wrong sales people. They are necessary. Speaking as someone who tried to start a company without anyone who could sell on payroll once.

You don't understand how not evil they are until you've had to try and do it yourself. Sales is really, really, really hard.

"This person who used to be your peer is now your manager."

Welcome to reality, GitHubbers. Not sure how else you expect a 500+ person company to run itself.

Is anyone else bored by hoodie culture? I used to work at a startup like that when I was young, and I enjoyed it then, but there can be so much more to companies.

Where I work now, engineering is roughly a quarter of the company. The rest is made up of legal, compliance, business development, people ops and some other miscellaneous.

You know what? It's great. There are more extroverts in the office, people who go out to parties and invite me to things. Our happy hours are more lively. We play more beer pong instead of Halo. There are more women in the office. There is more laughter.

Bring in the enterprise. The company will make more money and grow and succeed, and the people will have a wider, more enjoyable variety of experiences.

And if people really don't like the mingling, they can choose to sit at the far side of the office in the dark by themselves, being passively sarcastic at others in IRC. They'll eventually leave and be replaced by happier people.

Not sure what you're trying to say here?

I work at a company where the dress can be anywhere from hoodies to jeans and collared shirts.

We have sales people who are really awesome and extroverted, yet they come in wearing hoodies, or hawaiian shirts on hawaiian shirt day, but also know how to dress more formally when necessary.

I use "hoodie culture" to mean generally introverted male programmers. That there are obviously exceptions is a little missing the point I think.

Nothing says "enterprise" like Hawaiian shirt day.

Let's be relaxed AND conforming at the same time!

You must have worked in a shitty place if your weren't with any programmers that laughed or drank beer.

>You must have worked in a shitty place if your weren't with any programmers that laughed or drank beer.

Indeed. If anything, the beer culture has penetrated deeply in the startup world. I'd even say that it seems almost contrived at this stage, as if there's something amiss if there isn't beer in the fridge. Maybe the cargo cult extends to beer: "Everyone else is doing it, so we have to do it to."

Mind you, I have no problem with beer being made available in the office. But I wonder, at times, about why it happens.

This is an extreme interpretation of what I said. I had a good time, they were my friends, but absolutely everyone was male and introverted. I could elaborate, but do I need to or do you see how that could get stale?

[shrug] It sounds like you're simply an extrovert, in a field dominated by introverts. Who keeps referencing gender, to subtly imply being less bigoted. Rather than simply an extrovert.

I've spent time in small startups and large enterprises myself. An introvert, who chose to work in a sales-oriented Fortune 500 environment, could often write a very similar rant in reverse. Not only referencing plenty of sexism, but adding in a lot more racism and homophobia hints to boot.

Sorry your last gig wasn't a fit. Glad your new one is. Don't paint with too broad a brush.

I didn't see any hoodies in the pictures.

The only reason I still use Github is because of the network effect. If they fall apart, I'll migrate to a self-hosted Gitlab instance and that will be the end of that.

I'm just hoping that, should GH fail, it hold off on failing until I learn Ruby sufficiently well to review the entire GL code base so I can deploy it with confidence.

EDIT: Yes, "with confidence" is a very important qualifier that is drastically important to the meaning of that sentence. It's not a prerequisite for deploying at all, but without reviewing the entire codebase I cannot feel confident about its security.

That's a funny double standard you have right there with how you don't feel the need to audit GitHub before using it.

> That's a funny double standard you have right there with how you don't feel the need to audit GitHub before using it.

Where did I ever say I use Github with confidence?

I've answered this several times below: I use software all the time that I do not feel confident about.

My statement was about hopefully being able to use GitLab with confidence, which is a goal that is only attainable because I can deploy it on my own hardware. It's made easier by the fact that GitLab is open source.

If GitHub melted tonight, I'd jump on GitLab tomorrow, but I wouldn't feel confident about the security of my infrastructure.

That doesn't mean I feel confident about GitHub. AT ALL.

I'm not attacking GitLab.

I'm not inflating GitHub's security or importance.

All I'm saying is that I'll hopefully have the opportunity to review it before a nuclear GitHub meltdown forces me to blindly deploy it and not feel confident about it.

Can we all agree that that's an uncontroversial notion? Or is that too much to ask?

No, that's reasonable. Thank you for clarifying, especially the distinction regarding GitLab being self-hostable and open-source. Apologies if my comment came off as accusatory, I really did find it funny—as in peculiar—because I have seen people have a bias towards the quality of open-source software even though the closed-source alternative is opaque.

> Apologies if my comment came off as accusatory, I really did find it funny

This thread has been a land mine of accusatory reactions, so I apologize for painting yours in a similar brush.

> I have seen people have a bias towards the quality of open-source software even though the closed-source alternative is opaque

Reverse engineering isn't hard, it's just a speed-bump.

I work on a lot of open source projects. At the risk of sounding self-promotional to on-lookers, I'd like to talk about one in particular:



Random_compat has been downloaded almost 2 million times (according to Packagist), incorporated into WordPress, Laravel, Symfony, etc. It's by far the most collaborative project that Paragon Initiative Enterprises has produced for the open source community.

Yet, until the most recent release, the documentation referred to a MCRYPT_CREATE_IV constant that does not exist. The correct constant is MCRYPT_DEV_URANDOM. Somehow, we all missed it.

"Open source is automatically more secure" is a fallacy. I just happen to like open source better, personally.

Aside: despite being downloaded ~1.9 million times, a grand total 30 people outside of Paragon have contributed to its development in some way so far. The "many eyes" are actually quite sparse, especially when it comes to security expertise. (I think it's reasonable to say those 30 represent much of the the upper 0.01% of security talent in the PHP community.)

You make good points; we shouldn't automatically assume open source is more secure. It's definitely a more nuanced topic than whether or not the source code of something is available. Thanks for the reply.

Github has (or at least had, last I checked) one of the best application security teams in America, at least for the kinds of applications Github builds, and is also pretty well engaged with third-party pentesters.

It is unlikely that Gitlab has endured the kind of scrutiny Github's code has.

I can't comment on either project's security scrutiny, as I'm not intimately familiar with either of their security teams.

I will say that, as a rule, I don't believe I can ever trust Github, regardless of how good their team is. I treat every packet I send as "completely public" and every packet I receive as "possibly malicious", just like every other website on the Internet.

GitLab: it's at least possible for me to trust (i.e. if I self-host it).

(But I really do need to pick up Ruby sometime soon.)

Why do you feel you would need to review the entire codebase to deploy Gitlab? It is an apt-get installation now that they ported to Omnibus. The days of debugging gem errors on compile and migrating by hand are over.

> Why do you feel you would need to review the entire codebase to deploy Gitlab?

I already answered this. Quoting my post above:

> so I can deploy it with confidence

Emphasis is important.

Background: I do application security consulting. Do you expect me to trust the code that other developers write without verifying that it's not a pile of lacey Swiss first?

Also, if I do find any bugs, I'll report them upstream (since they are open source) so my paranoia is probably going to be beneficial to other GitLab customers some day.

We welcome all the paranoia we can get. Please be informed that multiple organizations have done security audits for GitLab and we have paid external parties to perform them for us. That doesn't mean there are no bugs anymore.

Multiple organizations -> good! :)

Not to speak badly about any of my peers in particular, but I've come in after other security auditing teams and found really obvious bugs that they've overlooked.

Though I usually give them the benefit of the doubt and omit my feelings when I write my report. Maybe it was a time constraint or a scoping issue that prevented them from seeing it? I have no way of knowing.

So, kudos for not having a single point of failure.

> Not to speak badly about any of my peers in particular, but I've come in after other security auditing teams and found really obvious bugs that they've overlooked.

And you've never missed one, right?

Aside from this, your behavior in this thread is a very loud warning about working with you, particularly telling someone to learn to read below by linking to an app. Handle being questioned a bit better, if you can, and understand that seeing this immediately talks me out of using your services. (Even if you're an oracle who never makes a mistake, as you imply. I'll take my chances with someone a bit more professional.)

Have I overlooked bugs? Sure.

Have I overlooked really obvious bugs? None so far that I've been informed of.

I'm not careless when I get paid to audit a project. Of course, I know I'm not perfect either.

One time, I was writing a PoC implementation of AES-CBC and forgot to authenticate the IV (which was included in the message). Luckily, someone called me out on it very early on. (As a result, I'm also more likely to catch this kind of mistake in someone else's work.)

Making mistakes is part of the learning process. Making mistakes when assessing someone else's security is a very real danger. That's why I give GitLab kudos for using multiple organizations.

The moral to the story I was telling, albeit poorly, is that "I think you're doing the right thing by having multiple teams look at your project". But that was my fault for not expressing this clearly enough.

> Aside from this, your behavior in this thread is a very loud warning about working with you, particularly telling someone to learn to read below by linking to an app.

Nobody who contacts my employer deals with me directly. The person who handles clients has people skills. I do the technical heavy lifting.

So, please rest assured, that any "very loud warning" you're reading won't translate into the quality of services we provide, even if I am an asshole on my personal accounts.

> Handle being questioned a bit better, if you can, and understand that seeing this immediately talks me out of using your services. (Even if you're an oracle who never makes a mistake, as you imply. I'll take my chances with someone a bit more professional.)

I don't mind being questioned. I mind people demonstrating a blindness to the qualifiers I explicitly include in my statements.

> So, please rest assured, that any "very loud warning" you're reading won't translate into the quality of services we provide, even if I am an asshole on my personal accounts.

And yet here I am, mentally blacklisting your company. Weird, right? Almost like team matters, and you carry a 'C' in your title, allegedly, so...

It was just informal advice to rein yourself in. Take it or leave it.

> It was just informal advice to rein yourself in. Take it or leave it.

Okay, I'll take it. It's just really frustrating that this keeps happening even though I take care to choose my words very precisely. Especially qualifiers.

I don't know how to be more explicit than totally explicit. That doesn't even seem possible. Maybe I'm the idiot here.

You don't use any software you haven't reviewed the entire codebase of? How about the browser you're reading this with?

> You don't use any software you haven't reviewed the entire codebase of?

This is a fallacy. You're putting words in my mouth, because I did not make that argument.

I do not use any software WITH CONFIDENCE that I haven't reviewed the entire codebase of.

I still use software I don't feel confident about using every day.

> How about the browser you're reading this with?

Use it, just not with confidence. I'm ready to wipe this computer's hard drive at the drop of a hat if it lets me down.

Adding emphasis to an empty word doesn't give it meaning. You answered my question but first you prefaced with asking me why I can't read your mind.

> Adding emphasis to an empty word doesn't give it meaning.

It's not an empty word, it's a very important semantic detail about what I was actually saying. It was chosen specifically and purposefully to transmit that information. If you dismissed it as "an empty word", then the fault of this miscommunication is on your end.

> You answered my question but first you prefaced with asking me why I can't read your mind.

You chose to discard the information I already provided. You don't need to read my mind when every clue you need to piece together the intended meaning is written on the screen in front of you. (Or, if you're blind, maybe you experienced it as an audio stream?)

Simply put, you could have just answered the question. I wouldn't have asked it if you were clear about your meaning.

Sorry, I don't know how to be clear to people whom treat the very important phrase "with confidence" as nonexistent in that sentence.

Maybe this app will help?


or go for gogs and learn go along the way? ;p

>Enterprises often want assurances of uptime that carry legal or financial penalties, they need certain features for security and for accountability, and they often want the ability their suppliers to have met certain audits and standards for security, operations and so on.

That's not how you English.

Please don't be rude.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact