Hacker News new | comments | ask | show | jobs | submit login
Hello, GitHub (natfriedman.github.io)
1498 points by rafaelc 8 months ago | hide | past | web | favorite | 644 comments

Since this is the newest big thread, it can take the front-page slot for now. The big previous discussions are:



I’m going to be a bit contrarian to “the sky is falling” posts on HN and say: I think Microsoft is handling this really well.

1) They’ve acknowledged the skepticism around the acquisition.

2) They’ve expressed their commitment to keep GitHub an independent platform (like they did with LinkedIn.)

3) Nat Friedman, although I was not familiar with him prior to this, seems like an ideal candidate to run GitHub.

This, overall, is giving me a more positive impression of Microsoft. Now what remains to be seen: Will they follow through on these commitments? Will they continue to listen to the community?

I agree, my biggest concerns are:

1. What is happening to Atom? I have tried VS code and don't really like it due to the difference in how the 2 systems are designed to work (Atom being more "plugins are king", VSCode being more "kitchen sink included by first-party"). I'd hate to see my favorite editor lose it's major backing. If MS makes a commitment to continue to develop Atom, or they work with someone else to "transfer" development over to them in a way that's not half-assed, it would go a LONG way toward solidifying the trust they are trying to build (at least to me).

2. How will other companies who are hosting on GitHub react to this? Will Facebook/Google/Apple start pulling their code from GitHub? Will we go back to having to learn how to contribute to each project individually?

There's definitely major benefits for diversity in this area (meaning not having the vast majority of projects on one platform), but I'm hoping we (as developers in whole) don't throw the baby out with the bathwater here.

GitHub has by most accounts helped bring in a renaissance of open source software. It's never been easier to contribute to FOSS at any level, and I'm hoping we don't lose that as everyone diversifies where they host their source code...

> Will Facebook/Google/Apple start pulling their code from GitHub?

For these companies who owned GitHub hardly plays a role. They want to attract developers and go wherever the crowds go. If there is mass migration to mercurial-superhost.com they will follow. It's just an outlet.

The question is more relevant for companies and communities who built their infrastructure on it and might worry for good or not so good reasons.

I think public code will still live on github, but I See FAANG 100% avoiding any private github repos from now on.

Bigger tech companies not only do not host important private source code on Github but won't even host on outsourced physical servers. Where I've worked (incl. well-known names), information that we wanted spread to the world could be hosted on trusted external systems (trust still mattered to keep it from being "edited"), but non-public info was always hosted inside a physical building that we owned watched 24/7 by human guards we employed.

MS employee here:

Long before the acquisition, we've been hosting important stuff in private GitHub repositories. Including having strategic discussions in those private repositories.

We've also done a lot of that stuff in public too. Some might say a bit too much, given that we've had things leaked and/or misinterpreted w.r.t product direction in the past.

I still agree with your point, but I believe more of this sort of thing is happening. Lots of stuff that has no real reason to be private is just being open source by default.

> Long before the acquisition, we've been hosting important stuff in private GitHub repositories. Including having strategic discussions in those private repositories.

Wow! I am very surprised by that. Is that an officially allowed policy? Or is it something that is "don't ask for permission, ask for forgiveness"?

Yes, it's absolutely an allowed policy. When we made .NET (Core) open source, we meant it. We still use email like any other org, but whenever we're working on our product we try to keep discussions on GitHub. It's also made collaboration with other teams far, far easier.

How so? What was going to be controlled, by whom?

I assumed that Microsoft has security policies to ensure that all confidential information (e.g. non-open-source code and strategic discussions) is stored on infrastructure controlled by Microsoft.

The company I work at is very careful about keeping our intellectual property on our infrastructure, and I am surprised that a larger company like Microsoft doesn't have similar policies.

Microsoft aims to make most of its money in the immediate future by convincing every major business in the world to let MS host that company's email, internal documents, spreadsheets and powerpoints on Microsoft's office365 servers.

It would be highly contradictory for MS to take the position, as a matter of policy, that it is too risky for them to ever place confidential business data onto a third party cloud-hosted SaaS system, because that is precisely the risk they are asking every one of their customers to take.

Similarly, if you have concerns about putting your company's source code into GitHub now, you should be equally concerned about putting your company's prerelease annual report on the office365 onedrive.

My company is concerned about that as well. We don’t use any cloud storage from Microsoft or anyone else, and we self host Exchange and SharePoint servers.

That is a good point though, it’s becoming more and more inconvenient for a company to self host everything. Microsoft does stand to benefit from everyone becoming more accustomed to relying on 3rd party services in the cloud.

Serious question: do you think your company has better security than the Azure cloud? Or is it a trust issue with the cloud vendors themselves?

.... and if you don't trust Microsoft: Why use Exchange and such? :-)

Better is relative - especially in one metric: many eggs in one basket make that basket exponentially more attractive to evil actors. Bigger attack surface and whatnot...

Flipside (pro-cloud pov): if the work to protect one egg applies to all eggs, then cloud providers will always hypothetically be able to spend more on security due to economies of scale

Essentially, choose your vulnerability: cloud provider single point of failure or in-house lack of resources

Yup. It all boils down to a business decision, the technical merits are not prevalent for either case.

Maybe info sec drove the decision to purchase github because that was the easier way to reign in the data leak. =)

> I assumed that Microsoft has security policies to ensure that all confidential information (e.g. non-open-source code and strategic discussions) is stored on infrastructure controlled by Microsoft.

It depends on how important the code is.

I don't imagine MS will ever move Office or Windows to external servers, but a lot of other stuff is fair game.

There is always a security/convenience trade off.

I'm almost sure you mean private repos on github.com, but just wanted to confirm it. You don't mean corp github right?


Not entirely true. Microsoft puts (almost? Yet to find anything that isn't) all our code on VSTS which is accessible remotely, without VPN. I've checked in a (very very minor docs) fix to the Windows code base from my Android phone over LTE.

That's amazing. Contrast that to my friend who works on code at Apple that's so guarded that he can't even access it from Apple HQ. He has to travel to his office in an unmarked Apple bldg several miles from HQ (in an unmarked van) and access the code from inside the bldg. Any attempt to work on his code outside that bldg, on the Apple employee shuttle for example, will result in immediate firing with possible criminal charges. Admittedly, that's not the usual Apple employee, but the contrast between that and Microsoft's, which may as well be hosted on a set of Chinese night market DVDs, is LOL-worthy.


and yet, which company released an OS update with an open root account with no password, patched it in a way that broke file sharing, then a couple of months later released an update with another password bypass bug? Hobbling people with security theatre isn't begetting good or secure code.

Opsec and AppSec usually handled by different teams :)

This sounds proportionate if a state might go after the code. For example phone encryption might be a big prize for the Chinese or even American government.

Microsoft actually hand over OS code to states regularly for certain contracts so I figure they don't need to protect most of thier code like that.

I disagree. Phone encryption should ideally be open source-able and it's security should rely as entirely on a device specific key as possible.

I think this makes more sense for a secret project (e.x. the next iPhone), but honestly as a security person it seems overkill for anything outside national security responsible code, like state sponsored malware.

I also find it strange that the code is apparently somehow accessible outside that building (see the fired comment). If this was anything beyond security theatre, it'd be on an airgapped network and that wouldn't even be a concern (as the employee wouldn't be able to access the code from their laptop). Seems excessive for very little gain.

I wouldn't take SiVal's comment as ground truth. I think it conflates rules for general employees with rules for his friend, and mixes it with a dash of unfounded hyperbole (criminal charges?).

The code isn't available outside the building unless someone takes it outside, which they make clear is not only a fireable offense but might qualify as criminal. They made it quite clear: If you're in crunch mode, don't be tempted to just take a bit of work with you to get a bit more done on the long shuttle ride.

Fair enough. I obviously don't know your friend or his project, so I can't with certainty say anything about his situation. I viewed your post through a critical lens because the details given didn't match my experience or the experience of any of my old colleagues, and you are a second-hand witness.

I am going to agree with what doctorsher said in response to your comment. I can confirm that what SiVal said is not a typical experience in Apple.

For reading, I agree, but if you're making changes it is a different story.

This has to be something very mission critical like phone encryption. No way this is the norm even at Apple.

I thought it was widely known Apple was extremely secretive, compared to the broader tech company at the very least.

> unmarked van

You may think it’s unmarked, but if you know how to spot them they’re very easy to pick out.

If I was an intelligence agency, I would do the trivially obvious thing and only use "unmarked cars" when I didn't care about being spotted, and an actual nondescript vehicle the rest of the time.

What's the difference between an "unmarked car" and a "nondescript vehicle" ?

You think the CIA would do their clandestine work on cars labeled "CIA" ?

> What's the difference between an "unmarked car" and a "nondescript vehicle" ?

Unmarked police cars often have multiple radio antennae, flexible lights, and even government plates, they simply lack explicit police markings and light bars.

Surely an unmarked van owned by Apple would have none of that?

The point is that the "unmarked" vehicle sticks out as unusual even without having "Apple" or "Police" emblazoned on its side.

Yeah, which is hosted on Azure, a data center that Microsoft owns and employs guards for, and secured behind our standard corporate authentication. :) (Source: I work at Microsoft, near the VSTS team.)

> Yeah, which is hosted on Azure, a data center that Microsoft owns and employs guards for, and secured behind our standard corporate authentication. :)

Way back when, Microsoft used to host a bunch of auth servers for banks. A friend of mine mentioned an armed guard in front of the data center for that particular service.

I've worked on teams at MS where there was a (non-armed) guard checking everyone who got off the elevator, but before I joined MS I was once left alone in a room full of computers open to the Windows source tree, wearing my "do not leave guest unattended" badge.

Mileage might vary and all that.

Yeah, all I was really saying was that the grandparent's comment and the parent's comment weren't in opposition.

Microsoft owns the data center the code lives in and certainly takes care of physical security.

The only thing a VPN would do in this case is hiding that you're even accessing VSTS and providing modest proteaction against MitM attacks. You still have to use 2FA to log in, and the code you access is still logged.

VPN puts you on corpnet. And yes, I'm well familiar with our various account protection techniques (I work on the token server) - I was calling out that some companies trust their systems enough to make it remotely accessible, not saying it's a bad thing that I could be productive on the bus ride home.

Github offers an enterprise version and I know of at least one big company which hosts their code there.

Note that this doesn't preclude the possibility of an on-prem Enterprise Github setup.

As an owner of several Google org repos on GitHub, I can vouch that this is definitely true. Only open sourced code goes into GitHub. Private repos are only used for staging purposes thereof, i.e. getting a release of open source code ready prior to the world visibility bit being flipped.

We would definitely never store our proprietary code on systems run by anyone else, regardless of who runs/owns them.

They already did. Except maybe for test setups and to configure a project before announcing it.

All those companies keep their privates private. GitHub is just a public showroom for them.

Again this is different for other/smaller companies.

Ah, I think that's how it's always been. What's the difference between me running my small company out of Azure, and keeping the source code in GitHub, now that Microsoft owns it?

Nothing changes immediately for any of us, to me the biggest concern is what happens after those roadmapped projects have run through. What goes next on that roadmap, and will it stick to the principles I love about GitHub, or will it start to veer into Microsoft's territory?

FAANG, I've never seen this before! Facebook, Apple, Amazon, Netflix, Google?

Correct, It's often used in modern context when talking about what stock is powering the market right now. It's a "FAANG" market.

EDIT: https://www.investopedia.com/terms/f/faang-stocks.asp

Oh, it's a stock thing? It makes more sense as Wall Street slang - in terms of the technological landscape, one of those companies is so obviously dissimilar to the others that the phrase makes little sense.

I don't understand by what metric Netflix is included but Microsoft is excluded. It should really be FAAMG, or maybe FAMANG.

The acronym was coined in 2013 to describe the best-performing tech stocks at the time. Microsoft's resurgence hadn't really happened yet. The acronym was so convenient that no one's updated it except to add Apple (which didn't require a change in pronunciation).

Well in this very specific context, it's hard to imagine that Microsoft will be avoiding using GitHub just because it's owned by Microsoft.

FAANG is used very generally to refer to these five companies. It's not just in this specific context. I'm wondering why Microsoft is excluded.

I see Big Four (Google, Facebook, Amazon, Microsoft) more often than FANG although that is obviously confusing on Wall St where that phrase usually refers to the large accounting firms. Apple is excluded because it is a hardware company not a software company although sometimes it is subbed in for one of the others, depending on who is using the phrase.

If you include MS, you have to also include IBM. FAMAING.

I thought the N was Netscape, a major competitor to Microsoft (browser and server) and Google (browser)

Netscape was a competitor to Microsoft in the 90s, and it has never been a competitor to Google.

I thought they already have their own version control systems?

"For these companies who owned GitHub hardly plays a role. They want to attract developers and go wherever the crowds go. If there is mass migration to mercurial-superhost.com they will follow. It's just an outlet.

No-one's going to join a company because of which front end to git they use. It's more a question "do Apple/facebook etc want Microsoft to have all of their private source code to look for exploits/rip off/hand over the government etc etc"?

First, as pointed out elsewhere, the Apple/Facebooks of the world already aren't putting their private repos on any external service (perhaps they rent iron on a cloud, but certainly not SaaS).

Second, this is the same business model as Office 365, and I'm not aware of that raising any particular eyebrows outside of the fairly limited crowd that can't trust anyone. If you're cool with entrusting your email to Microsoft, your source code is not a great leap.

> Atom

I could be wrong but my perception is that Atom is losing market share to VSCode all on its own– new devs are much more likely to adopt vscode & no growth ~= decline for an editor. Couple that with the fact that no one pays for Atom...

IMO They don't need to "kill" atom, they just need to wait a couple years, at which point it will just Yet Another Editor down the list with TextWrangler et al., if the next Atom doesn't come along and hasten its decline even further.

This sounds entirely anecdotal. I haven't seen any significant exodus from Atom to VSCode among people I interact with. It seems like folks moving from other editors are about as likely to choose Atom as VSCode, and the things that used to lead to people choosing one or the other (i.e. performance, VSCode only opening one project at a time, the stupid huge icon bar in VSCode, etc.) have been resolved...Atom is now reasonably fast, VSCode can open multiple projects and you can close the stupid bar. I tried them both and ended up with Atom (and vim, where I actually still do most of my work, but new JavaScript projects are in Atom).

Atom still has more plugins, or did last time I looked (which was, admittedly, quite a while ago), and I think the ecosystem is a good indicator of how many people are actively using something.

The 2018 Stack Overflow Developer Survey [1] puts VSCode at almost double the number of developers compared to Atom (34.9% vs 18%). You're right about the package count: atom.io lists 7654 packages, compared to 6802 at marketplace.visualstudio.com, many of those being color themes (some seem generated and machine-published, too). That said, workflow for extension authoring in VSCode is amazing, the community is very much alive, and sometimes it almost feels like there's an "extension for everything". Quality may vary, naturally.

[1] https://insights.stackoverflow.com/survey/2018/

Wow, that's surprising. VSCode is not just (far) ahead of Atom, it's the leader on that survey. I'll have to give it another look. Last time I used it, it had far too many annoying characteristics.

> VSCode is not just (far) ahead of Atom,

Tutorial eco-system as well. When I jumped into JS development, all the getting started guides had Install VSCode as step 1.

So now I use VSCode.

> This sounds entirely anecdotal. I haven't seen any significant exodus from Atom to VSCode among people I interact with.

Were those two sentences in the wrong order?!

Anything that came out after vi is just another editor.

I picked up emacs in 1993 when I first got my hands on a unix system, and it was the only thing there that made remotely any sense. Fast forward to 2018, I'm still using emacs, and the upside is I haven't had to learn anything new in the intervening 25 years.

Please refrain to divert the discussion towards operating systems, we're talking about text editors here, for which ed is the standard.


I very much share the sentiment and I’ve been using Vim (recently Neovim) pretty much exclusively for the last ~20 years. But VS Code “just works” to such an extent that I’m seriously tempted to use it.

(OT editor wars)

This was me basically 100%. If you're doing JS development, VSCode gives you so much out of the box it's hard to bring myself to even attempt to configure Vim to do all that, even if it is ""totally possible."" I miss the advanced text manipulation capabilities from vim (along with a few other things) but the upside of VSCode is just too great.

What is vi? Lol

It’s the successor to v.

I thought it was the successor to ex.

Personally I've seen more people using Atom than VSCode, but that is just anecdotal.

Fellow Atom user here. According to Lee Dohm, Open Source Community Manager at GitHub, "Atom remains key to GitHub. Our product roadmap is set, and the team will continue all of their work." [0]

[0] https://github.com/atom/atom/issues/17454#issuecomment-39442...

A product roadmap is set until it changes. "I am altering the deal. Pray I don't alter it any further".

Besides, Microsoft has enough PR skills to avoid unpleasant announcements about redundant products for a while after an acquisition they know to be worrying.

In a buyout, always be sensitive to situations where promises of status quo come from someone who is not in control of the situation.

Quite common for new owners to let old employees make promises they can’t keep and then make them disappear and change plans.


Not saying that Microsoft has a plan to 'embrace extend extinguish', but if they did, this is how they would go about it.

> and the team will continue all of their work

Until they aren't. I really don't see MS putting work into two code editors that are in direct competition with each other. I'm sure they'll let the dust settle for a while, but Atom will vanish from Microsoft's product list. No doubt.

I actually really like Visual Studio Code, I could imagine a great product coming out of the marriage of Code and Atom. I could also imagine infighting killing Atom, but I’ll try to be optimistic.

Until the deal closes.

Then... who knows.

The really nasty changes always seem to come at the beginning of the second fiscal year after acquisition. So meet me back here in 18 months and we’ll talk.

Obviously Microsoft doesn't want or need two open source editors. I think the smart move would be what I call the Adobe strategy.

Github should announce that Atom has become an Apache foundation project. Github then says it will provide x number of developers for an initial three year period. Probably won't make everyone happy but it should defuse most of the angst.

Ah yes, Apache Foundation, the place where ambitious but under-resourced projects go to die. /s

You joke but, for the vast majority of projects, it's kind of true. It's gotten to the point where, if it's not out of incubator, I have a really hard time convincing any one of my colleagues to put any time into projects hosted there.

I've got a few friends that are still very involved in the Flex community which is now at the Apache foundation. Adobe if I remember correctly is still funding staffers to work on Flex many years later. I believe Flex is either the second or third most successful project at Apache in terms of downloads.

Thought you were talking about the good old lexical analyzer "flex" there at first.

How silly of Adobe to name it like that. :D

RE> I believe Flex is either the second or third most successful project at Apache in terms of downloads.

How can that be given that Adobe is killing the flash runtime?

The team has created a ActionScript to JavaScript compiler so it will have a future without the Flash runtime.


I talked to the flex team a couple of years ago - and they did not think this was possible. I wonder how complete it is. At the time they said though Actionscript claims to be ECMAScript it is far from Javascript in very fundamental concepts they are based on such as inheritance and encapsulation (AS) and closures (JS).

> 1. What is happening to Atom?

Funnily enough, this was my immediate concern, followed by Electron generally. It actually prompted me to go all-in on Vim: I've used Vim in terminals for a very long time, but never found a graphical Vim that I liked. Happily, I've now found Oni, which provides a VS Code-like interface around Neovim: https://www.onivim.io

Git hosting and the associated tools are replaceable, the strength of GitHub is the network effect, so we'll have to see what happens. Regardless of what happens, we've progressed a long way from Subversion and BugZilla, so I don't mind if projects move to a more diverse set of modern hosting. Personally, I'll put my own public repositories whereever the community goes.

> What is happening to Atom?

Since they said Github will remain independent, so Atom will, I think. Maybe I'm too optimistic but when I think about VSCode's business model, promoting Azure rather than selling the editor itself, they have no reason to kill Atom. They might be integrating Azure with Atom.

This is exactly what they will do. Make it easier to connect to azure. It might just work.

I wouldn't be worried about Atom; half of Facebook is using it; if anything were to happen, they would fork it.

While i'm confident that Atom will not "die" any time soon, if MS pulls the team that's currently working on new features and reassigns them, then at best it's going to be a large blow to the project.

A fork won't have the same team working on it, a fork won't have the same domain knowledge over the internals, a fork won't have the roadmap or what was currently planned and how to do it, a fork won't have the same unified development effort (if MS "kills" atom, FB won't be the only one picking it up, there will absolutely be others that won't like the direction FB is taking, and now you don't just have Atom, you have AtomFB, Atom2, NuAtom, etc...)

It won't be that big of a deal at the end of the day (it's not like there is a shortage of competition in this area), but I would be much more on-board with this if MS handles Atom well.

Nuclide (https://nuclide.io) is what FB uses/develops internally. I think even if the original team departs, they are going to be just fine. They could hire the original team right away if needed.

MS wouldn't pull the team; it would be GitHub that pulls the team. GitHub is operating as an independent company.

It is, now. A year down the road...?

So MS is just going to pay engineer salaries to maintain a free tool used by FB?

The way I see it, it's not worth the risk of Facebook forking it and essentially getting control of the community of developers who are using Atom. A better way to do it IMHO, as other people in the thread mentioned, is just integrating Microsoft products like Azure to promote their enterprise offerings (where they make their money).

Eventually, though, they might want to allow an easy transition to VS Code in some way to cut redundancies but doing it too soon would anger too many people. Atom seems to be losing market share anyways.

I'm curious if Electron will get a boost of some kind now. Considering how famous/notorious it is, MS could get a hell of a lot of goodwill here if they invest in the tech.

(consumer) Skype is famously Electron based. Microsoft has already been investing heavily in the project and I think we will see them double down on their commitment now that they own GitHub.

More likely, they will make the new, NEW Windows API essentially Electron. Instantly Electron apps run better on Windows because each app doesn't have its own browser runtime taking ip disk/RAM.

The Microsoft/Windows implementation of PWA is already basically this

They're reinventing HTA, in other words. Oh the horror!

I'm sure we can look forward to the next electronconf not being cancelled.

Wouldn't that mostly look like an investment in v8?

Or a common API where it uses Chakra on Windows and V8 everywhere else, until someone plugs in Webkit or some other engine for other OS'. Wishful thinking :)

My biggest concern is that the FBI has turned Microsoft into a "one-stop shop" for its National Security Letters, which at one point represented 40 percent of all the requests Microsoft got from the FBI.

How will Microsoft/GitHub handle such secret requests? Will Microsoft even sue the DoJ to stop it - or will they settle again the moment they obtain a small compromise from the government?

Contributing has always been different for each project and I don't see any real benefit by using github regarding that topic.

Biggest hurdles normally are: - big chunk, own branch, small chunks? - Contract to sign? - signed commits, unsigned commits? - changelog file? - patch via mail? - extra review tool? ...

In the end it's always a git push. Github only makes it look more beautiful.

I had the impression VSCode had the technical superior plugin system and I found it much more performant.

Atom had more plugins for some time, but they had mediocre quality.

> I had the impression VSCode had the technical superior plugin system

From my very limited exposure to VSCode's plugins, it seems they are a lot more limited in how they can change the editor's behavior compared to elisp code in Emacs[1]; if Atom plugins are similarly flexible, then I'm not sure you can say it's (strictly) technically superior if you can only implement a small subset of what you can do in competitor's system. At most it's better at some tasks and worse at others if this is the case.

[1] I didn't say "Emacs plugins" since there is no distinction between user-written elisp code and core editor elisp code and you don't need to create any plugin project or such, which I think makes for a much more organic and pleasant customization experience.

Technically superior could mean in this case that a rogue plugin does not affect the core editing experience. Having a fixed extension API, if the API is well done, could provide that.

You lose flexibility, you gain stability, discoverability, speed, etc.

I meant superior to Atom and not to Emacs.

As far as I know, the VSCode plugins run in their own process, which makes the editor much more responsive when it loaded many plugins.

I was assuming that Atom extensions were similarly powerful as in Emacs, if that's not the case, then my point is moot.

I agree that restricting what plugins can do can lead to better stability and speed at the expense of extensibility.

> I found it much more performant

Sincere question: Does "more performant" simply mean "faster"?

Oh. sorry.

I meant, I found it much more responsive.

I'm more interested in how companies with private repos on GitHub react.

Companies that complete with MS still use Windows, Sharepoint, Office 365, and OneDrive.

Microsoft isn't going to go around snooping competitors' source code any more than they are going to go around snooping competitors' email.

And more relevantly to GitHub, they still use Azure and VS Code and Surface computers and XBoxes and keyboards and etc. etc. etc.

I don't expect Microsoft, as a company, "to go around snooping competitors' source code any more than they are going to go around snooping competitors' email" or Azure infrastructure or code editor or putting loggers in peripherals or any other tinfoil theories.

I _do_ expect some companies to reconsider their policies in light of the acquisition and decide that other options make more sense for them for numerous reasons, including but not limited to not wanting to hand (even more) money over to a competitor for a service they don't necessarily need Microsoft to provide to them, or if they suspect Microsoft will significantly change the existing ToU/ToS in ways those companies would rather not deal with.

Microsoft did snoop through the email account of a blogger who received leaked information[0].

[0] https://www.recode.net/2014/3/20/11624792/blogger-psa-dont-u...

Google doesn't. Do Apple and Amazon?

Did you know Gitlab.com was hosted on Azure?

GitLab was migrating to the Google Cloud Platform: https://about.gitlab.com/2018/04/05/gke-gitlab-integration/

I do not know whether this migration has finished.

More links:

- http://fortune.com/2016/11/14/gitlab-cloud-storage/

- https://venturebeat.com/2018/04/06/why-and-how-gitlab-abando...

Especially those that compete with MS or their subsidiaries. But then again, Netflix uses AWS, so who knows?

I don’t understand your comment about Netflix using AWS. AFAIR, Netflix is a reference customer for AWS. Every re:invent is full of Netflix people. Care to elaborate?

Netflix is paying money to its competitor. i.e. Amazon Prime Video.

Does Prime Video actually make money? It seems like a side project compared to some other Amazon stuff.

Amazon is Netflix's largest competitor.

> There's definitely major benefits for diversity in this area (meaning not having the vast majority of projects on one platform), but I'm hoping we (as developers in whole) don't throw the baby out with the bathwater here.

Perhaps tooling can help with this. Github, Bitbucket, and Gitlab (and I presume some of the lesser used solutions out there) all support some type of forking and pull request model, even though that's not core git. An abstraction layer atop that can hopefully obviate a hard dependency on one platform.

> I agree, my biggest concerns are:

> 1. What is happening to Atom? I have tried VS code and don't really like it due to the difference in how the 2 systems are designed to work (Atom being more "plugins are king", VSCode being more "kitchen sink included by first-party"). I'd hate to see my favorite editor lose it's major backing. If MS makes a commitment to continue to develop Atom, or they work with someone else to "transfer" development over to them in a way that's not half-assed, it would go a LONG way toward solidifying the trust they are trying to build (at least to me).

> 2. How will other companies who are hosting on GitHub react to this? Will Facebook/Google/Apple start pulling their code from GitHub? Will we go back to having to learn how to contribute to each project individually?

> There's definitely major benefits for diversity in this area (meaning not having the vast majority of projects on one platform), but I'm hoping we (as developers in whole) don't throw the baby out with the bathwater here.

> GitHub has by most accounts helped bring in a renaissance of open source software. It's never been easier to contribute to FOSS at any level, and I'm hoping we don't lose that as everyone diversifies where they host their source code...

I started with sublime, went to atom, went back to sublime, and finally moved to vscode.. trust me you can't go wrong. It has everything and extensions.

It's everything I wished for.

This is my thinking as well. Do I bail ship to gitlab and support more open software, or do I try to stay centralized?

Personally, I'm not "bailing" from anywhere.

I am however using this as an opportunity to rely on any one single place less.

I'm in the process of mirroring my git repos on GitLab, and trying to think of a way to signify that both the GitHub and GitLab repos are "canonical", and that issues/PRs/contributions can happen at both.

I do not think the word "canonical" means what you think it means.

> accepted as being accurate and authoritative.

> synonyms: recognized, authoritative, authorized, accepted, sanctioned

That's what I meant for it to mean anyway...

In software the "authoritative" aspect of the definition is crucial.

How can two different endpoints both be authoritative? What happens if they differ?

Then people will be confused, which is why I'm exploring options to ensure they stay in-sync.

I'd recommend simply designating one as master, one as slave. Why try to appoint two captains of one ship?

Because having one as master and one as slave is exactly the problem i'm trying to solve here.

I want both to be master, so that users who are comfortable on both platforms are willing to make contributions to the codebase, so that any one service/system going down won't stop development, and so that as the "community" migrates around different platforms they can always find the full version of the software.

Recommending simplifying a process to the point that it no longer solves the problem it's trying to solve isn't helpful.

Sorry if my comments haven't been helpful. But I don't think the problem you're trying to solve is tractable. I'd be very interested to hear of a solution that doesn't rely on locking and is immune to conflicts.

You might fake it (and meet your stated goals) by maintaining a true master behind the scenes and syncing to two public slaves... (ie, forks you treat as peers, each with a "master" branch) but that still leaves neither of them truly "canonical" -- a designation of authority that would apply to the place where you'd resolve conflicts given simultaneous commits.

Sounds like that would be a pain having that kind of work done in two places.

Which is rather unfortunate for something that all revolves around git.

... and when GitLab inevitably gets acquired by another ${megacorp}?..

Then I'll change part of the URL I've soft coded from ...hub... to ...lab... to ... bucket...

Any reason why you implicitly trust Atlassian?

Does s/he implicitly trust Atlassian?

If anything, that comment makes it clear to me that they're staying mobile because they don't implicitly or explicitly trust any of the current providers.

I think if they implicitly trusted someone, they'd just migrate to them immediately - why wouldn't you?

I don't. I use jira at work. It's shit.

You missed the point of that comment

The reason you can trust Atlassian a bit more because they have more narrow focus on dev tools so less chances that they could become a competitor. Unless you’re developing another (git/bit)(hub/lab/bucket)

Seeing potential in the unused combinations: GitBucket, BitHub, BitLab.

Yes same here. I’m really surprised by all the Microsoft hate as if we were still in the 80-90’s. MS is one of the biggest open source contributors nowadays.

It's also really weird how people idealize GitHub. Did they forget GitHub was not a non-profit association, they were losing money, they deleted users repositories on their own, they had management issues, and people have been waiting some features for very long, specially open source maintainers? Also GitHub "forced" a lot of organizations to migrate somewhere else when they changed their pricing model[1].

[1]: https://news.ycombinator.com/item?id=11673103

Once bitten, twice shy.

Moreover, although I agree Microsoft is making efforts to change [1], pro-Microsoft partisans make it clear much of this is due to the new CEO. What one CEO does, another can undo. GitHub's bus factor is now 1.

I would much rather have seen them go public. They were losing money, but not, last I saw, at a rate that was absurd for building a SaaS business. Is there some reason to think they couldn't have gotten into the black? And if so, is there some reason to think Microsoft will let them burn cash forever without getting anything valuable in return?

Previously, GitHub's success depended on GitHub serving their customers and users. Now it depends on the notions of some guy in Seattle. Some guy whose job is, at least by market cap, 99% focused on other things. It's reasonable for customers to worry about that.

I think the biggest thing suggesting they couldn't have gotten into the black is the fact that they had been looking for a CEO for 10 months and still hadn't found someone. I'm not entirely sure why they couldn't find anyone, perhaps they were just being picky, but it certainly didn't look good.

Or it could be that the board has been looking to sell the company for that period and nobody wanted to come on to be the CEO for 20 minutes before being replaced by somebody from the acquirer. Hard to say.

You're acting as if the opensource initiative in MS of late is down to Nadella and nothing else. It's much more a case of market forces changing and an acceptance of opensource within corporations.

That's certainly what I'm seeing from people. There are a ton of "it's fine because Nadella" comments out there. E.g.: https://twitter.com/kellabyte/status/1003660575690244096

If they are merely yielding to market forces, then that's not much of a comfort. Github was a leader in this, and Microsoft's customers have a strong bias toward followers and laggards.

> Once bitten, twice shy.

With Microsoft, the bites have been numerous and some are ongoing.

>What one CEO does, another can undo.

I completely agree with that as a general principle, and I don't disagree with anything you've said outside of this quote. But are you suggesting that Nadella is going to leave Microsoft anytime soon?

No, but he's not immortal. He could get hit by a bus tomorrow. The median CEO in the Fortune 500 lasts only 5 years or so, and he's already in year 4.

Probably want to adjust that metric for stock price ...

Buses are not big respecters of stock price, and what goes up can come down. Microsoft's numbers could get squishy for a number of reasons unrelated to open source efforts, and a revenue dip could either mean a new CEO or some quick cuts to things that aren't producing a lot of short-term profit.

GitHub's success as an ongoing concern was based on their investors willing to keep giving them more money or alternatively the public market giving them more money until they could become profitable.

We don't know how far they were from being profitable. But even unprofitability is not a big problem these days. E.g., Okta IPOed in the red with explicit plans to keep losing money for the foreseeable future.

Github was making over $200m/year, and was poised for strong growth in enterprises as they got with the times. I expect they could have gotten to GAAP profitability whenever they needed to. But they should have kept spending on growth to maximize market share.

How does being profitable and IPOing stop a company from being an acquisition target (see LinkedIn)? Just like the private investors could be swayed by a tempting acquisition offer so can public investors.

The only way that you guard against being an acquisition target is to remain private and not take money from outside investors.

Even with best intentions from both sides, acquisitions don't go well in a lot of cases.

It's quite common to have the following scheme:

1) nothing significant happens for 1 to 2 years, the big company slowly integrates the smaller one.

2) historical dev/ops starts to be tired of the heaviness of the processes and all the politics going on in the big organization. After 3 to 4 years, they start leaving, and knowledge begins slowly to get lost.

3) new features are slower to be pushed in production, often with major regressions.

4) after 5 years the service is becoming more and more unstable and/or is not evolving anymore.

5) after 7 to 10 years, the product is killed-off or put in limbo.

Yeah, but most of that happens whether or not your product is acquired or not. Acquisition may, and often does, accelerate the process, but almost every application eventually suffers from loss of focus, feature bloat, and changes within the industry. Those that don't tend to stagnate completely and get replaced when someone re-invents the wheel from the ground up with a few improvements. I mean, forget that happening to GitHub, that will probably happen to git in 10 years or so.

> MS is one of the biggest open source contributors nowadays.

Really? For its size? It seems like Google, Apple, and Facebook are all much more productive in OSS. The only open source Microsoft product I'm aware of using is VS Code. To my understanding, they haven't open sourced Edge, their JS engine, their compiler, their word processors, or really anything else of note. I guess I can give them a little credit for .NET Core, but would that even have happened of Mono hadn't existed?

> their JS engine


> their compiler

Microsoft makes half a dozen compilers, for as many languages:

https://github.com/dotnet/roslyn https://github.com/fsharp/fsharp https://github.com/PowerShell/PowerShell

The only one that I know of that is closed is C++.

> anything else of note

https://github.com/Microsoft/GVFS https://techcrunch.com/2016/11/16/microsoft-joins-the-linux-...

PowerShell is a pile of slightly incompatible versions, you end up with code targeting the oldest version you need (often version 2 for Windows 7).

I stand corrected, thanks! I still have a sense that they are rather less proportionately open source than those other companies, but less so than before.

Remember Skype? That wasn’t in 80-90s...

personally, I really like the performance of 'skype for business' but maybe I am in the minority there.

all of the tools and integration with outlook is pretty smooth...

"Skype" for business isn't even Skype code. It's Lync with a sticker slapped over the top.

Skype for Business is really, really bad on MacOS. Half of the time i'm trying to use it, messages don't get sent with an error message. Sometimes they do get sent but i still get an error message.

Skype on MacOS tends to get stuck in some loop that eats my CPU. So does MS Excel. MS Excel also had other, very annoying issues in the not so distant past.

Sure, as a MacOS user i'm maybe not that important to MSFT, but the quality of some of their products is surprisingly low.

The excel bit is likely because multi core support isn’t on Mac just yet. If you opt into their latest beta channel for updates, it gets way better.

No i had a different issue. I think it was after hard resets when excel goes "do you want me to restore the stuff i had open before?"

I would ignore this for a while (since plenty of other apps would also start up again) and then wonder what is eating my CPU. Surprise surprise, it's an Excel message box.

Well, then you won't be glad to know it's going away: https://www.theverge.com/2017/9/25/16360072/microsoft-teams-...

Skype and performance are two words that don't ever belong in the same sentence.

You just gave a counter example ;)

"Skype has performance issues"

"Skype has abysmal performance"

"Performance in not Skype's priority"

I thought I would give some excellent examples of how to use "performance" with "Skype" - all of which are true!

It could have the word 'bad' somewhere in the middle.

but what if we don't use outlook - not everyone does. this is at the fundamental heart of the problem with Microsoft (Apple is just as guilty, btw). It is the "hey, we have a nice ecosystem - everyone should use it" viewpoint. As a developer and consultant - I will decide which tools are appropriate and best for the job at hand, not something dictated by corporate marketing. Skype has gotten much worse since Microsoft acquired them. Every time I start Skype I have to update it and its not as stable as it once was, especially on OSX

> I’m really surprised by all the Microsoft hate as if we were still in the 80-90’s.

You think the privacy nightmare of windows 10 happened in the 80's-90's?

And now Microsoft is going to solve all those problems? This'll be interesting to see how it plays out, but all of these issues are not confidence inspiring.

> Nat Friedman, although I was not familiar with him prior to this, seems like an ideal candidate to run GitHub.

Nat Friedman is a legend in the open source community. He founded Ximian in '99 with Miguel de Icaza, who both meant a lot for the Gnome community (e.g. via products such as Ximian Evolution) and Mono (FOSS .NET for *NIX). They got bought by Novell where he also got a top position. Nat has been busy with FOSS for a long time, and he _believes_ in it.

Some verification on the above plus other details can be found here on Wikipedia [1]

As a final note, "I’m not asking for your trust, but I’m committed to earning it." is very humble, professional, and clever.

[1] https://en.wikipedia.org/wiki/Nat_Friedman

He is the perfect transition guy, who is likely going to be replaced in a few years time when MS decide they want to capitalize on the money they spend on a un-profitable but popular service.

Which is a pattern we have seen from their takeover of hotmail and more recently with skype, where they also waited a few years before starting the transition from independent brand to a sub brand under one of Microsoft estates.

What you are going to see when MS is done integrating the leadership of github into MSFT and Nat have been replaced by a next phase CEO, is that githubs CI hooks will become more and more symbiotic with azure, and the a lot of the documentation tools offered will hook directly into office365 tools, which will require a synchronization of accounts with MS other SaaS offerings.

I think everyone can agree that Microsoft is going to push Azure very hard once they start sinking their teeth into GitHub-- that's not surprising.

However, I'm very skeptical about the idea that GitHub is going to somehow become an Azure-only walled garden. It makes little sense business-wise. The entire point of buying GitHub was to acquire an audience that they are aware is not necessarily interested in Azure or their stack. Forcing it on them will only cause them to leave (there is plenty of competition in the code hosting space now), which will in turn reduce revenue. I give MS enough credit to know that the only way they succeed in this space is to provide value, not vendor lock-in. This is true now, and it will be even more true in 5 years when other big companies inevitably start following Microsoft into this space and competing for market share.

If they wanted to just sell services to people already using MS products, they already had VSTS for that.


This is not controversial opinion Miguel is close to Satan in the free software wing of the community.

I’ve seen many acquisitions commit to 2) only to slowly walk back from that “in the interests of operational efficiencies”. And next thing you know you have to change over to using a Microsoft account to log in...

Having seen a big Microsoft acquisition from the inside, I can also tell you that this dynamic occurs:

Microsoft is a gigantic organisation with very good working conditions. This leads to people with very long tenures working in highly defined and specialised roles within the company. Career development does happen, and is actively encouraged by Microsoft, but you're usually moving into a role which is just as niche as your last.

When a major acquisition occurs of a smaller organisation, it's usually done with a promise of keeping independent leadership and a degree of organisational separation. However, as middle-management staff rotate out of the smaller company naturally, the roles that they vacate are very attractive to Microsoft employees who want to have a bit more of that start-up feeling, and a slightly wider remit to make change.

So through a kind of organisational osmotic pressure, even if the leadership of the acquired company remains independent, the middle ranks of the acquired company become permeated by life-long Microsoft-ers. None of this is particularly bad - I just want to make it clear that Microsoft's definition of independence is not everyone's definition thereof.

> organisational osmotic pressure

OT, but I love that term!

I actually just made a bet with a friend on whether or not they'd switch GitHub over to Microsoft logins. My strong bet (that I put money behind) is that they won't. They're specifically acquiring this to win over developers and community, and they should hopefully know from the Skype transition how much negative perception that granted them.

Their absolute best bet is to sit on GitHub, feed it money, offer the paid features as an additional perk for MSDN subscribers through an account linking method, and call it a day. The developer goodwill they can buy being a good steward of GitHub far surpasses any other value they could extract from it.

Microsoft has you use a Microsoft account to sign into Windows itself; I think they will merge Github in somehow. They might be trying to win over developers, but they'll want to cross-sell to MS ecosystem developers as well.

Starting with "any existing Microsoft account is now a valid Github login". Then maybe "you can more easily use VS (or VS Code) with Github and deploy to Azure, if you use a Microsoft account with Github" and "you can merge your Github account into your Microsoft account". Then "all new accounts on Github are Microsoft accounts, you can no longer make a separate one".

Whether they go all the way to "there's no such thing as a separate Github account anymore", not soon, but probably one day - they've been trying to centralize accounts between all their services for years and years, haven't they?

It's already trivial to host on GitHub and deploy on Azure using Visual Studio Team Services - in your deployment pipeline you choose github as your source repository instead of the built in git repo that's part of VSTS. It works using web hooks just like every other CI/CD tool.

Their "for years and years" strategy though has not been working.

On Skype, when they migrated to MS accounts, I’ve lost 2/3 of my contacts list and tried contacting support but they wouldn’t admit it, blaming me with a line like “you must be having another Skype account”.

After several retries to talk to them and maybe get somebody more technical on the line, I just gave up and being disappointed I simply gave up on Skype altogether – thankfully it has fallen out of favor at work too.

Skype has been a monumental fuck up and just thinking about it on a thread about GitHub being acquired makes me sad.

> I actually just made a bet with a friend on whether or not they'd switch GitHub over to Microsoft logins

Did your bet stipulate a time frame? I think the odds of this go up considerably after a honeymoon period of 2-4 years.

Yeah, we went with three years (after close of the acquisition). If we didn't have a timeframe, I'd never get paid. :O I'd be inclined to pay my friend back if it happened sometime reasonably thereafter though.

WhatsApp and a number of Apple and Google aquisitions comes to mind in addition to Microsofts own Skype.

(Although, IIRC except for WhatsApp most of these didn't make many promises.)

...which one year is a Microsoft account, the next it's live.com, then msn.com, then passport.com, then outlook.com. And what about that 20-year old MSDN account, which was always associated with Hotmail? You can login but it hangs on some obscure error message. Googling suggest to associate with a non-Hotmail address, but that one doesn't let me access MSDN subscriptions. Next forum suggestion: create a VisualStudio.com login and link with Live.com... but it still doesn't work. Several support emails later, I just need to delete all existing associated MSDN email accounts and start over with my work email address. I just wonder how long until I need to migrate again to the next email/login-flavor-of-the-year. Maybe I'm just an edge case?

What would be wrong having a Microsoft account to log in exactly? They aren't getting any more information from you then they have currently purchased. I remember when I had a YouTube account, a blogger account and a Google account and I am glad I just use one google account myself.

Because it’s an indicator of a loss of independence. And if you went through the Skype changeover you’ll know exactly what a fiasco that change to a Microsoft account was.

You mean from 2011 when Microsoft had totally different management and business model? I don't see the Steve Ballmer Microsoft has much bearing on today's Microsoft.

Also it wasn't the Microsoft Account change as much as the they had the weird MS Store or Local account sign in options. I removed the Store sign in and only used local and had no issues. Am I missing something?

zeth___ 8 months ago [flagged]

Jesus Christ. Is everyone here a teenager? Microsoft in the 80s might bot be a valid comparison today, but something that happened 6 years ago is barely yesterday. Institutions do not change that much that quickly.

Microsoft 15 minutes ago isn't the Microsoft of today is just as true a statement and one just as vacuous.

I'm closer to 50 and certainly not a teenager. Yes, Steve was the issue and his style was old fashion. There is no going back once you open up the shed. Why do people continue to want to punish a company for their past when their present has been so good? To keep punishing them and not rewarding them for their good deeds?

P.S. I thought the whole anti-OpenSUSE movement was also plain old stupid.

> their present has been so good

- Putting adverts directly into their OS (which people pay for by the way)

- Forcing their shitty updates, (and restarts) at the most inconvenient times

- making it impossible to permanently and easily turn off telemetry

Wow, you have low standards. I bet if you ate dog shit, you'd say it's not so bad.

So Windows 10 isn't leaps and bounds better than Windows 7 or Windows 98???? Seriously Windows 10 is the first Windows I have ever actually liked. I got my OpenSUSE terminal open and using ranger and my other terminal programs working in Windows (At work I have to have Windows due to many issues on one computer)

> Forcing their shitty updates, (and restarts) at the most inconvenient times

Weird I have a pop up that says there is an update coming and when do I want to schedule it....

>Putting adverts directly into their OS (which people pay for by the way)

Didn't care for it and I hit the disable on 3 switches

> making it impossible to permanently and easily turn off telemetry

They did push out an update over a year ago that makes it so you don't have to use the tools that were out since 2015. Telemetry was specific for Inside program and beta but I certainly see why people were freaking out. I looked at what was being collected and it seemed fine for me.

So you haven't been getting the Candy Crush Saga, One Office trial, et al. games/software installed to the top of your "Start Menu" after every major OS update? It's only 2 clicks per app. And I'm sure it's part of why the last big update took 2 hours to finish (with only a warning, this may take a while... good thing my deadline was the next day and not in 2 hours... still ended up being a very long night, since the update broke other things). Also this last major update (Content Creator?) bricked a bunch of PCs... I had to do a "system reset" with USB stick to get things moving again.. but I'm still getting BSOD about once a week since then.

What about them mucking up the Spectre/Meltdown patches which bricked a bunch of PCs? In my case I wasn't bricked but I had to rollback a patch.

What about re-enabling of disabled services (e.g. Firewall, Defender) after some updates?

Going back a couple years ago, what about downloading/pre-loading Windows 10 on Windows 7/8 computers, without the user asking first? Can we forgive them for that? It used up several GB of space and burned sometimes expensive bandwidth? Happened to my laptop while I was traveling, I only noticed after I started getting low disk space warnings.

If I had a real list of the all the actual problems I've ever encountered with Windows, Windows 10 is definitely approaching Windows ME levels of incompetence.

Maybe some of us are just having more issues because we have unique hardware configurations which don't play well with Microsoft's newest foray into OS experimentation. Or perhaps our expectations are too high?

On my evil list Micrisoft is better than Google and Facebook. But worse than Github. If I heard Microsoft was buying Oracle I'd be dancing in the streets.

> Why do people continue to want to punish a company for their past when their present has been so good

I don't agree that their present is good.

Because the whole "live" account thing is a total mess on their other properties that support it, and github's login system is great?

Microsoft accounts are a trainwreck... I've got at least three or four of them all with the same email address, and despite years of effort to link them together and consolidate, I still have to use all of them to log into different services and access different resources. The permissioning on things like Azure and VSTS doesn't make a lick of sense.

I began the process of creating an Azure account recently and somehow the Canada region was selected. The system locked my email address into Canada even though I already have a US region live account with the same email address. Since I don't have a Canadian zip code, I can't submit billing information and complete the provisioning process. I was willing to try Azure for a new project, but now I'm not because their accounts are such a mess. I talked with a project support technician for Azure who actually understood the issue but was unable to resolve it suggestion I use a different email address. I know I could, but on principle I won't.

I'm actually really excited about MS+GitHub, but have to agree the account situation sucks.

Google kind of managed to force most accounts together. ;-)

In the process it seems they managed to seriously undermine their new, really really nice social network by using the same name for that and now me and a few others have a nice social network all to ourselves :-\

> Microsoft accounts are a train wreck.

Now you put it like this, I realize I suffer from this too. The UX of having accounts in the Microsoft ecosystem sucks severely.

I've felt similar. There's been some impressive innovation from MS in the dev space recently: VS Code is a pleasure to use, Azure wasn't quite as intimidating as AWS can be (but who can blame them, AWS has a lot more legacy). Windows 10 was pleasant to work with, telemetry issues aside. Things are shifting.

In fact, I think there's a strong 'once a criminal, always a criminal' mentality that takes a healthy skepticism to an unreasonable level. At least with the benefit of the doubt you can be wary of what Microsoft's intentions really are, but I don't think it's productive to go 20 years into the past and pretend that absolutely nothing has changed since, and rehashing everything from that time as if it only happened yesterday. It's an unreasonable standard and if nothing else, it presents the self-fulfilling prophecy where you're only satisfied once you've found proof that Microsoft today hasn't changed at all. So you've practically doomed GitHub to fail post-acquisition because you've already decided it _will_.

I'm not sure why you'd want that. So on that level I hope that Microsoft doesn't betray the gigantic community that has built around GitHub, which itself has taken open source to a whole new level. It's an appeal to emotion, I know, but I just don't see the value in being straight up negative in the light of recent evidence that suggests the contrary. You would never hold yourself to such an unforgiving standard (unless you wanted to sacrifice yourself on the altar), so it's better to give it a chance instead of throwing out the baby with the bathwater.

(Secretly, I'd love it if they, for example, rethought the pricing strategy and offered free private repos the same as every competitor does.)

That said, it's a little worrying that tech is continuing to consolidate around the giants.

> It's an unreasonable standard and if nothing else, it presents the self-fulfilling prophecy where you're only satisfied once you've found proof that Microsoft today hasn't changed at all.

That's a good general point; if you find you dislike someone's POV or behavior, and you're not simply being tribalistic, you should be thinking along the lines of, "what do I want this person / group to do differently?"

It's the negative winning out over the positive. If you genuinely want things to get better you have to stop thinking about how they won't.

If you can't, you're part of the reason why things won't improve. You want your negativity (or your ego) to be proven right.

Microsoft has been embracing and extending Git for a while, and now they have bought captive users who are going to use whatever Microsoft tells them to use just to keep their code on Github and avoid a difficult migration.

They clearly have greater ambitions than increasing Visual Studio sales. For example, what about forced integration of LinkedIn with personal Github repositories?

I'm not sure what these facts are based on, but to make something clear, 'embracing and extending' is practically the definition of open source and how you contribute. 'Extending' here is a synonym for contributing. Embracing is good, extending and improving is good. You just put Microsoft in there and suddenly it's not. It's stupid.

So in all that, you're waiting on the extinguish step where WinGit comes out and blows away Git, Github, GitLab, BitBucket, etc. etc. etc. because you cannot possibly maintain a modern git repo unless you're running it on Windows. Only MS are building Linux based cloud infrastructure so it's not even loyalty to their past anymore.

Never mind the fact that 'extinguish' blew up in MS' face and their attempts to monopolise the internet ensured they never would. Firefox and Chrome are direct products of that particular power grab, so is the shitty reputation MS has, so is the existence of Edge to get away from the Internet Explorer branding. Why even bother trying all of that again?

Okay, this is my greatest concern with Linkedin and Github. For many (most?) dev job applications, not having a 'ticks all boxes' profile on both sites means pass on initial callback; and now MS controls both. What they purchased for so much $$ is industry branding mindshare.

I really can't think of a better large tech company to buy GitHub (Which has been closed sourced since creation and I don't know why people are so scared). Now Oracle would make me put on my tin foil hat on immediately and deleting of my account.

Because people with closed source, the paying customers, now have to trust their potential biggest competitor with their source code ‽

Are you suggesting MSFT is going to _steal people's code_ from private github repositories? This strikes me as a bit fantastical.

What software hosting platform is not also itself a software company? Atlassian, Gitlab...?

Not steal source code, but platform companies have been known to use their insight into platform user metrics as a source of competitive intelligence metrics. Knowing which private repos are large and active is valuable info.

What if you run a recruitment web app that competes with LinkedIn?

What if? What if I run an operating system project, IDE project, email client, etc.? MSFT is going to steal or shutdown every type of software that competes with one of their products?

Doesn't add up to me.

The amount Microsoft would have to lose - in courts and public trust - if they were to abuse the private sensitive data held in their systems - would massively outweigh any benefit they could hope to achieve from that information.

That's already been tested:


They're still in business. Numbers look good. They also have advertising and telemetry on paid stuff that people would usually assume doesn't sell them out like free, ad-driven services. Windows, Office, and Xbox are valuable enough that customers will tolerate quite a lot before leaving.

>"What if? What if I run an operating system project, IDE project, email client, etc.? MSFT is going to steal or shutdown every type of software that competes with one of their products?" Doesn't add up to me.

It doesn't matter.

The "what if?" is enough to cause a chilling effect. This will be the effective death of GitHub. I'm certain projects that are all-in on the platform will stick around out of momentum. But yesterday was the last day anyone would ever consider starting a new major project on GitHub.

Ridiculous. Please define "anyone" and "major project" and then let's make a bet.

So you tell that people trust private company which was loosing money since the creation better than Microsoft with all of its reputation at stake?

Yes. Financial stability and conflict of interest are two orthogonal issues.

The worst case scenario with Github closing the door, assuming no heads up, is that you'd lose your issues and PR. You have your git history on a bunch of machines (your devs + you should really have a dedicated backup).

The worst case scenario with Microsoft having visibility of your "closed" source code is that they take a peek at it and implement a better faster more integrated version of them in their own product competing with you, or heck even copy/paste your code. What can you do about it? How could you prove it? Remember, they can afford orders of magnitude more number of lawyer hours than you.

Is it unfair that I keep thinking of the SCO–Linux dispute at the moment?


That's the overarching style of business that I associate with the Microsoft brand

That's comparing oranges with a monkey. How do they relate?

yes :)

Yes. 100% yes. Microsoft didn't care about their reputation for a long time. They currently do, at least a little, but that could change back.

Github was losing money, but that's pretty typical for SaaS businesses. I have no reason to think they couldn't have gotten to break-even. And if the can't get to break even, I have no reason to think Microsoft will subsidize them indefinitely.

I still think Microsoft had the lion share of the programmers mind with Virtual Studio? I am guessing it really has more to do with emotional response to the name MS then anything MS has done in the past 5 years.

I use Bit Bucket because I knew they were making money and were solvent and I knew GitHub was just waiting for a big pay day. BOY was I wrong with the timing and the amount.

> And if the can't get to break even, I have no reason to think Microsoft will subsidize them indefinitely.

This fits perfectly with their developer system with Virtual Studio, VS Code and Azure. I can't see how this isn't a great buy for them and their ecco-system.

That's not just a scummy breach of trust though, that's a blatantly illegal breach of trust. Source code is a trade secret. Copying it without permission is corporate espionage. People would go to jail if they tried. You are asserting that Microsoft's intentions are criminal.

I'm 100% sure that this is not their intention... But can you guarantee that this is not going to happen in the future?

All it takes is one rogue employee, and it could have devastating irreversible effects on a small startup.




What's stopping a Github or Gitlab or Atlassian employee from going rogue? That's not an MS specific problem.

Did you reply to the wrong comment? Because I don't think I am asserting anything like that.

Of course, Microsoft was famous for their dirty pool tactics in the past, so it's not irrational to worry that they'd return to them. E.g.: https://en.wikipedia.org/wiki/Microsoft_litigation#Private

În a word, YES. Profitability <> quality.

I would argue that the case here is quite the opposite.

Github is loved for a variety of reasons, small & large decisions that are influenced by how profit-oriented the company is. And how willing they are to annoy their users to squeeze some more "profit" and/or data out of them.

It would seem Github had $7.5B at stake.

What's the evidence that Github was loosing money? Their first (and only, AFAIK) round was with Andreesen Horowitz for $100 million, many years after they had already become the go-to host for open source projects. Before that round the company was bootstrapped with personal funds.

This is not a concern that many real people have, just people on HN.

In the real world, people trust companies and context contracts with companyies to protect them. Eg all the people using clouds like azure.

Any company who is small enough to not host their own code repo are of little interest to Microsoft.

Google or Amazon?

I don't see how their reputations would be even garner half the trust.

Contrarily, all I've seen is people making quantified statements of support.

What I haven't seen is a moralistic rejection. Microsoft tried to kill Windows gaming, they tried to kill Linux, they tried to kill Firefox, and countless other things. Their operating system design is nearly abusive and even their open source development (tracking, licensing) has been lined with traps. I want nothing more than for them to disappear, and if them buying a $7B company which ends up with 0 users is one step on that path then I absolutely support it.

It has nothing to do with whether they promise they won't do bad things _this_ time, or whether they claim they'll be independent (they're clearly not independent - Microsoft now owns Github).

This deal's really turned into a Rorschach test!

Treating large companies as Manichean monolithic entities is unhealthy. Microsoft like every large company has bright spots and dim spots, good leaders and bad leaders, good ideas and bad ones. They're complex and so your relationship with them should be, too.

As an argument, this comment is terribly myopic and naive. As a mirror it's fascinating.

Companies exist to make profit. As long as that is their purpose they have no interest in me as a person and I shouldn't have an interest in them as a large group of individuals. If t would be called an abusive relationship of it was real humans. It would be like a pimp and his lady, he has a genuine interest in her as longnas she is earning money, none when she doesn't. I know USA says that legally speaking corporations are people but I don't believe it for one second.

> Microsoft tried to kill Windows gaming

Huh? If you mean "gaming on Windows", I can't imagine how that could possibly be true, and if they tried, either nobody got the memo or they did a really bad job at trying. PC gaming has always been defacto Windows gaming. If you mean "Windows Games", that's still a thing, they're just integrating closer with their XBox platform, which makes perfect sense given that XBox is integrating closer with Windows 10 from the other side.

> they tried to kill Firefox

So did Google (they're still trying). So did Apple. Are you holding grudges against either of them?

> Their operating system design is nearly abusive

Heavily subjective. Windows has had its regressive moments, but overall it's consistently been more usable than anything on the market. 95 was a joy, 98 was a joy, XP was a joy, Vista was bad, 7 was a joy, 8 was bad, 10 is amazing. Compare that to MacOS* which only started competing with OSX and peaked at 10.5 (Leopard) and has been basically going slowly downhill since, with regressive behaviors, hostility to anyone that doesn't want to live in their walled garden, hostility to legacy software (many Windows XP programs still run perfectly with explicit compatibility settings, meanwhile OSX barely supports apps that are built for 3 major releases back-- that's only 3 years of support) and deprecation/removal of core OS APIs with zero intention to replace them. You want abusive? Try developing on a platform that competes against its own developer community and keeps APIs private for competitive advantage. Try developing on a platform that strong-arms you into paying yearly fees just so you can deploy applications that work out of the box on client machines. Comparatively, Apple has been much more hostile to developer communities than Microsoft ever has.

> I want nothing more than for them to disappear

Clear indication of an unhealthy long-kept grudge. Even if Microsoft has done all the things you claim, you don't really have a moral high ground if you're sitting there rooting for their failure. You can feel free to not use their products, but to want them and all of their customers to fail because you don't like what they've done in the past isn't really a "moralistic" viewpoint, it's just brooding.

...and you're going to have to move past the brooding if you want to make it to Acceptance.

You are getting triggered by GP. And ironically, you are doing exactly what GP was doing but against Apple.

>Windows has had its regressive moments, but overall it's consistently been more usable than anything on the market. 95 was a joy, 98 was a joy, XP was a joy, Vista was bad, 7 was a joy, 8 was bad, 10 is amazing. Compare that to MacOS* which only started competing with OSX and peaked at 10.5 (Leopard) and has been basically going slowly downhill since, with regressive behaviors,

What you said about Windows is also true about macOS. There have been some regressive behaviours in the recent past but overall macOS is no more inconsistent than Windows 10. You might quickly point out about "plain text passwords" in macOS but if you look at the macro scale, Apple screws up not much more than Google or Microsoft or Amazon etc. Amazon has fat fingered systems shutting down half of the internet. Microsoft has managed to create updated which wipe out users data or fail spectacularly on certain popular SSDs. If you want to really roast companies on "regression in software", the whole of silicon valley will fall like a house of cards.

>hostility to anyone that doesn't want to live in their walled garden,

Not true. macOS is very permissive otherwise things like Little Snitch, Alfred won't exist. You cannot compare with iOS because Microsoft no longer has a competing product.

>hostility to legacy software (many Windows XP programs still run perfectly with explicit compatibility settings,

Different design philosophy doesn't mean it's wrong or hostile. By that same metric, Linux can't be arsed to give a stable ABI. Windows gives a damn about legacy, Apple doesn't and Linux is some whole another shit. And why is this really a problem in macOS? Most of the devs upgrade software to run on latest OS and really don't have problems.

>meanwhile OSX barely supports apps that are built for 3 major releases back-- that's only 3 years of support)

Exaggeration. A lot of stuff from Snow Leopard days still work on High Sierra. Most apps still have support from the time of Mavericks. 5-8 years is a long time in technology and is a very reasonable balance between future of software and past compatibility. And honestly where does the line end? If you want legacy, why don't you ask Microsoft to support software from the 80s out of the box?

>deprecation/removal of core OS APIs with zero intention to replace them

Examples? Only profound one, which directly impacts user that I can think of, is the changes in PDF handling in preview.

>Try developing on a platform that competes against its own developer community and keeps APIs private for competitive advantage

Every company does? Google, Amazon, Microsoft? Google and Microsoft have their own set of productivity apps for platforms just like Apple? They are also closed source, have private APIs which only they have access to.

>Try developing on a platform that strong-arms you into paying yearly fees just so you can deploy applications that work out of the box on client machines.

Not on macOS. Again, iOS is not the point of comparison. Compared to Windows, macOS is no more restrictive. Tons of developers sell mac software using fastspring and deploy updates using Sparkle framework - thus completely bypassing the mac app store.

>Comparatively, Apple has been much more hostile to developer communities than Microsoft ever has.

I don't think so. Apple may not be very proactive compared to Microsoft and Google AND it may not be as permissive as the former but calling them as "hostile" is too strong of a word.

IRONICALLY, you are railing against Apple on pretty much the same logic as GP was railing against Microsoft.

I agree that people are overreacting, but I think the overreacting is good for git in general. It helps smaller players (Gitlab, etc.) to break the monopoly of Github, and reverse the wrong conception a lot of new developers have that git == github. Remember git is supposed to be decentralized? In reality it's actually centralized on github, and github is becoming the single point of failure on the developer world, which is not great. (Google actually has an internal mirror of github[1] for that reason)

[1] It's only for public projects with a license that doesn't prohibit Google from mirroring it, and only for projects Google depends on.

> It helps smaller players (Gitlab, etc.) to break the monopoly of Github

Or do the opposite. If Microsoft decides to make private repos on GitHub free, I can see VERY big issues for other players. I suspect more people use GitHub alternatives for cost reasons, rather than ideological ones.

Microsoft already offers free private git hosting, project management, build servers, etc through VSTS for up to five users.

Microsoft currently offering free private repos and them acquiring GitHub may be quite telling. I don't think people fully realize what kind name recognition GitHub has, on the Git hosting space.

When Microsoft shutdown their competing product to GitHub, I think they had like 200 active users. Compare that to GitHub, which had millions of active users. Maybe this is the same with private repos. That is, the number of paying GitHub customers is an order of a magnitude more than free VSTS customers.

I really think Microsoft wants what Amazon has and if they can funnel GitHub users to their cloud service, this acquisition will become a no brainer. Plus, the data that GitHub is able to gather from issue conversations, code reviews, etc. may well prove critical for ML/AI research, that can help Microsoft develop intelligent software tools.

Ok, but VSTS isn't GitHub. GitHub's UX is solidly above its competitors, and I would tend to agree that the primary reason for looking elsewhere is price.

Does github offer free project management, hosted Windows, Linux, Android and iOS builds, deployments to Azure and AWS, on prem CI/CD orchestration, hosted package management, ....

All of that is free for up to five users and it’s all private.

The 3rd E.

It is a single point of failure for devs around the world. Remember the attack on Dyn DNS? Thousands and millions of devs stopped working because GH was down.

> Remember git is supposed to be decentralized? In reality it's actually centralized on github

This is a willful misunderstanding of the word decentralised.

People who have known Microsoft and struggle with their tech and unfair practices in the 90s are skeptic because we have seen this movie already.

How many "new Microsoft" have we seen already?

"Will they follow through on these commitments? Will they continue to listen to the community?"

No and no. Microsoft is not in the business of making good software, it is a PR firm, an awesome marketing department with tons of experience in shady practices, and the bare minimum dev team to make Windows somewhat competitive.

Microsoft is a big company with a big NIH syndrome. Github is antinomic with their culture.

I too was around in IT in the 90's, but I have a different take.

To me Microsoft under Nadella have changed substantially. they're more open and more collaborative. Sure they want to make money, but that's a given for a corporation.

As to NIH, well I was at KubeConEU and the Microsoft engineers on the Microsoft stand were running Macbooks, and the Microsoft Keynote speaker was running an Ubuntu desktop, so it maybe isn't quite as cast-iron as it used to be.

> I think Microsoft is handling this really well.

What is baffling for me, is how worried some people seem to be. If you understand the Git hosting space, you would know Microsoft tried to compete with GitHub and failed miserably.

It is quite clear the value that GitHub provides is data and there is ABSOLUTELY no way Microsoft would want to disturb this. In fact, Bitbucket, GitLab and others should be concerned that Microsoft might treat GitHub as a loss leader and provide private repos for free.

If you look at how the Xamarin acquisition went, this seems like a likely outcome.

I think Microsoft can really help GitHub in the Enterprise space. Imagine GitHub being able to offer GitHub Enterprise for free for the first 10 users. Imagine being able to discount GitHub Enterprise heavily.

I'm really curious what will happen with GitHub Enterprise. Doesn't it compete in the same space as VSTS/TFS?

I guess the question is who will hurt the most. Will this hurt non microsoft products more or less. Microsoft might want to funnel people to their cloud and sacrificing tfs might make sense.

I'm looking into Bitbucket right now, actually, and "unlimited private repos" is the first selling point listed on their pricing page (https://bitbucket.org/product/pricing). What I haven't been able to discover yet is what they charge for public repos, which are all I care about.

I cant understand this policy from Atlassian - if they arent going to try and become the next default OSS Git repo service on the back of this aquisition they need to fire their strategy team.

Bitbucket doesn't charge for public repositories - we can definitely do a better job of making that clearer on our pricing page.

Good to know, thanks!

People should get to know who Microsoft Cloud + AI Group Executive Vice President [Scott Guthrie] is. GitHub will be under his watch and all these years he has done nothing but wonders for the developers and the brand.

Folks tend to forget about Scott Guthrie (and Scott Hanselman, Rob Conery, Scott Galloway and a few other unsung heros) and the change he seeded within MS's DevDiv about moving to a more open culture back around 2005/6.

Don't know about that; I worked for DevDiv in 2008-2009 and it was the most spectacularly dysfunctional island of not-invented-here inefficiency I have ever seen at any point in my career. They imagined the tech world to consist of Microsoft at the center, where all the smart people were, surrounded by an ecosystem of ISVs, all of whom wished they could work for Microsoft instead if only they were a little bit smarter, and then, out on the fringes, the barbarian wastelands of pain and misery, where incompetent nobodies struggled with trivial legacy projects involving esolangs like COBOL or Python or Ruby. A more self-absorbed computing culture I have never seen, utterly incapable of recognizing, much less learning from, any "innovation" generated outside its own walls.

Perhaps they've improved since I left, but the number of dev-hours I saw being squandered on a daily basis just fighting with utterly stupid limitations which only existed inside DevDiv's idiosyncratic tooling would have funded a good hundred startups full-time if they could have been put to some practical use.

Oh listen I recognise your pain. I've known a few good folk who headed off to Redmond back in the early to mid 2000's only to return shortly thereafter completely disillusioned. I think Guthrie was well aware of this problem and began to slowly turn things around bit by bit.

Just to tack on a convenient anecdote...apparently the original ASP.NET MVC code was written by Guthrie....on a flight, this is the earliest evidence I can find of this:


I also forgot to include Phil Haack who back then was also part of that gang that began steering the DevDiv ship to brighter shores.

I cannot agree more. Scott Guthrie was the key decision maker regards the Apache license for asp.net MVC and the whole open sourcing of .NET Core. He runs Azure and is therefore interested in the GitHub community.

> People should get to know who Microsoft Cloud + AI Group Executive Vice President [Scott Guthrie] is. GitHub will be under his watch and all these years he has done nothing but wonders for the developers and the brand.

People should get to know who Corporate VP + Chief IP Counsel [Erich Andersen] is. GitHub will be under his watch and all these years he has done nothing but wonders for the developers and the brand. "During this time when customers are rapidly adopting #AI solutions across industries to solve important problems, Microsoft is helping to protect those investments by offering #AI patents as part of #AzureIPAdvantage" [1]

#AI #AzureIPAdvantage! Isn't it wonderful that Microsoft is protecting developers from the patent troll ecosystem? From the likes of Intellectual Ventures and Conversant/MOSAID, Myhrvold and Gates? Why look at what Microsoft has done over decades past? We should look at what Microsoft is doing now. People should get to know just how reformed-from-evil Microsoft is.

[1] https://twitter.com/erichandIPG/status/961651306459901952

They will do what they say until they don't have to anymore,l. Until they have killed the alternatives and there is only their choice left.

This is Microsoft. I cannot understand why people trust this company. Actually trust their PR messages. It's amazing.

All it took was a few companies LESS trustworthy (Google, Facebook, Uber, et al) to come into the public conversation. Microsoft has been downright benevolent in comparison to some of these companies.

I don't fully understand point 2.

Is just making GitHub better worth $7.5 billion dollars for Microsoft? It will stay independent for this pile of cash? Why they bought it? For prestige?

For me the answer is that it can't be independent for long as it was (with VCs on its back was it ever?). It will gain Live login, maybe they will integrate it so you could login with your GitHub credentials to your computer if you so desire. But that's hardly worth billions.

Maybe the better thing would be what others suggested - setup a non-profit that would run GitHub and all those big companies could put something in the jar. Certainly less than what was paid. But I know it can't work, VCs want their exit.

For me it's a same game for GitLab. Current situation probably will accelerate GitLab's burn rate so prepare for the next acquisition.

Answers are here for you - https://blogs.microsoft.com/blog/2018/06/04/microsoft-github...

I'm posting them here for easy ref -

1. "Second, we will accelerate enterprise developers’ use of GitHub, with our direct sales and partner channels and access to Microsoft’s global cloud infrastructure and services. "

Above means - More revenue for MS.

2. "Finally, we will bring Microsoft’s developer tools and services to new audiences."

This also means - more revenue for MS

More answers here - https://view.officeapps.live.com/op/view.aspx?src=https://c....

Briefing above ppt here - MS will report Github revenues as some part of Azure. They are looking for growth and diversification of income sources. Linkedin and this acquisition are steps in that direction.

Let’s not forget that Github came out of rails which was/is a rather SaaS oriented community, and struggled to build out an enterprise sales team that could deliver and market the on-site product to large corps. Microsoft has sales channels into almost every enterprise in the world and can sell a lot more github installations than github could by itself. Github is simply worth way more inside of Microsoft than it was outside.

> Github is simply worth way more inside of Microsoft than it was outside.

I don't think you can call it inside of MS while you are also highlighting their strength of sales channels. It would be described better that way if MS kept it solely for internal purposes

Thank you for information.

So integrating tools and services means dependence.

Disclaimer: I don't have a strong reaction against this acquisition. I always felt that one day I will migrate somewhere, but I'm not in a hurry.

Integration can refer to better interoperability, not just dependence.

Think of a large, non-tech company (i.e. development is a "resource" and not a first class citizen) that already has an Enterprise license for Office 365, which handles their emails, Office apps, and Active Directory for authentication. Microsoft could sell Github Enterprise as a one-click install that spins it up on Azure and hooks into the existing O365 AD for user management. No long procurement process, vendor has already been vetted (Microsoft), same privacy/compliance validation as your O365-hosted Exchange server, etc. Devs in these environments just went from an uphill battle to get Github approved for hosting repos to Github becoming the preferred solution.

And the inverse is true. Microsoft makes some incredibly good development tools. Traditionally, they've been limited to a Windows only model. But they've been making a lot of strides in making their traditionally Windows-only stuff cross-compatible. And Github is a really good channel/brand to try to get that software in front of users that may not have otherwise ever even looked at that Microsoft tooling.

Within my finance circle, there is big discussion on why Microsoft did an all-stock deal and the substantiated rumour through the grapevine is that the $7.5billion acquisition was Microsoft's way of releasing a chunk of stock without having to go through the public market. Read what you will of it but interesting viewpoint nevertheless.

This is all about getting Azure in front of developers who aren't in the Microsoft ecosystem.

4) Will they break the trust model of enterprise and private repositories, similar to how they broke the security model of connections in Skype after they purchased it?

5) Will they merge multiple accounts into one account, even though the user wants them separate, similar to how that was done with Skype and other services?

> ... even though the user wants them separate ...

Which "the user" is this? The same user that uses GitHub's OAuth as single-sign-on credentials for other partnering sites like TravisCI, etc? If I was in the MS ecosystem and already had an identity that I could re-use (and didn't already have a GH account), I'd probably use that, just like those who login to various websites with their Google, Facebook, Amazon, or even Twitter SSO identities. I don't see how expanding SSO to Microsoft accounts would hurt anyone.

You may not see why people would want separate accounts, but many people do. Sometimes the accounts are for different legal entities, such as work, personal, and for helping a charity. It is not correct to arbitrarily merge those.

Also, there may be different pay structures and packages used to pay for the services for each of those accounts. Hopefully, you can see how merging these can create far more work for the user, even when there are many cases that have negative benefit.

I'm glad they're doing this. If anything the only ones misbehaving are the skeptics making claims they'll likely be disproved over. Also has been noted if they had issues with this happening they should of never used GitHub to begin with. I guess devs are religious about git hosting platforms aside from text editors and programming languages.

> If anything the only ones misbehaving are the skeptics

Well, it's not like the skeptics' skepticism is not unfounded. Microsoft has a long, bloody history when it comes to open source software and this "don't worry about the past, trust us, we'll be different this time" position by Microsoft isn't enough to convince us.

I could be convinced, but it will take a LOT of time and good behavior by microsoft. Action speak louder than words. There has been nothing but words up to this point.

> There has been nothing but words up to this point.

I get your point, but come on, there have been a lot of 'actions' over the last couple of years. This only detracts from your argument. We've had .NET Core, visual studio code, the improvements on Git, WSL and more.

None of those are meaningful contributions to existing platforms/projects that MS does not own outright. They're throwing code of the wall. MS's contributions to git are very light.

Edit: clarify my point.

> But one could argue that those contributions to git are just to further MS's interests.

Of course they are! Everything a corporation does is to further its own interests. Most (large) companies don't contribute to open source out of the goodness of their hearts.

> Everything a corporation does is to further its own interests.

This is a common misconception. It's a close cousin of the "increase shareholder value" school of thought, which has widely (and correctly) been called "the world's dumbest idea": https://www.google.com/search?q=the+world's+dumbest+idea

We exist in a complex society. It is everybody's job to maintain that society. We do that through things like voting and paying taxes. But also through making the world better directly. Companies that only do things they perceive to be in their immediate pecuniary interest are essentially parasitic. And, at least sometimes, are rightly shunned for their self-centered behavior.

If Microsoft is trying to grow up and be a good corporate citizen, I applaud them. But if they are, as you say, only putting on a mask of neighborliness because that's their plan of the moment to fill their pockets, then there's no reason to welcome or trust them.

If Microsoft's goal is to become a better corporate citizen, isn't anything they do to progress on that goal "furthering their own interests"?

There's a difference between putting on a mask of citizenship because it's profitable and actually caring about the world beyond the size of one's wallet. Confusing the two requires confusing the meaning of "their own interests".

Is there, though? Maybe I'm just cynical, but I don't believe in the idea of "trusting" a corporation at all, because their default behavior (especially for larger companies) is to only care about the bottom line. Once you accept that everything a company does is for their own benefit (even if their actions happen to also benefit others) and learn to take each action at face value, I find it easier to evaluate the consequences of those actions.

The idea of trusting an entity that is designed to try to take your money seems silly and futile to me.

Your argument here is tautological. I'm not saying that one should never use that analytical model, just that there are other ways to do things.

Companies don't act on their own or have beliefs. Only the people that make them up do. The company does need to turn enough profit to sustain itself, but beyond that, it's in large part up to the people who make it up. One of the thorniest problems in investing, for example, is the principle-agent problem, where people act in their own interests.

In America, that's mainly thought about as CEOs and executives serving themselves, not investors. But that's a cultural thing. In Gemany, companies are much more focused on all sorts of stakeholders. That's also often true in America with small and medium businesses, especially ones that are family owned.

Companies are hopefully designed to do whatever the stakeholders want them to do. Sometimes that's serving somebody's rapacious greed. Sometimes it isn't.

But someone that acts only in their own interests is not trustable. You give trust to people as they demonstrate that they are concerned about your interests. Thus far, I've seen zero evidence that Microsoft has genuine concern for anyone else's interests. And they've had a history of acting against other's interest in a stifling and illegal way. I don't trust them.

As opposed to every other large company? All companies are only concerned with their own interests.

MS is contributing to Electron. They benefit, but so does the wider community. This is generally how OSS works.


Microsoft has had a vested interest in Git and Open-Source for a while now.

The Linux Foundation is a joke organization that companies use to push their own agendas in the name of "linux and open source", when in reality very few members actually care about it. It's a 'badge of honor', nothing more.

If you need further proof, observe that Oracle is on the list. There's not a company on Earth more hostile to FLOSS than Oracle. And yet there they are, and a "platinum" member at that. Lol.

Is the Open Invention Network still a thing? MS still hasn't joined, and is still using patents as a weapon, apparently.


Doesn't the OIN secretly sell some of its patents to non-members and non-licensees? Sounds very strategic for the companies involved and this can lead to some serious consequences for any company who is targeted by an OIN patent.

any sources for this?

The linux foundation is nothing better than a PR front, they have members like Allwinner and VMWare who straight up refuse to stop violating the GPL license of the linux kernel, and face no consequences.

Which, one could say, is what open source is all about right? Get people or organisations motivated to improve upon code and share this with the rest of the community so they can reap the rewards as well. No one expects anyone to do stuff only for the greater good. The greater good is the best result of open source, but it isn't the motivation.

Not blindly trusting Microsoft is "misbehaving" now? Were the cryptographers who refused to trust the NSA "misbehaving" too?

This is a serious question. How old are you? I'm wondering if you were a developer during the 1990s when MS was at its worst. I was and I still harbor deep hatred for all things MS. I wonder if the rest of the "skeptics" are coming from the same time period and those of you who are saying our concerns are unfounded are from a younger generation.

I'm not the person you're responding to, but I am turning 40 this year. I was also around for the terror that was Microsoft in the 90s when they were competing with Oracle for "company most desperately trying to kill open source".

I had a similar deep hatred for MS.

In the 00s I spent time as a video game developer and I was forced to use MS tools. And honestly, their developer tools were pretty good. Although I still didn't trust them, I respected them (or at least certain divisions within MS).

In the 10s, I've been mostly doing web stuff. Over the last couple of years I've started using VS Code, and it's actually a great editor and MS seems committed to it and to contributing to some other open source projects.

MS does not strike me as anywhere near the same company they were in the 90s as Gates transitioned out and Ballmer took over. Nadella seems to have a vision for MS that's much more in line with what developers actually want. (The irony of Ballmer's "DEVELOPERS! DEVELOPERS! DEVELOPERS!" is palpable.)

I wouldn't consider myself an MS fan, but I also don't view them as the devil they were then. I'm not totally sure what this means for github yet, but I am willing to wait and see before I grab my pitchfork.

>The irony of Ballmer's "DEVELOPERS! DEVELOPERS! DEVELOPERS!" is palpable.

Well guess what? They just bought exactly that.

Development on the MS side was just fine in the 90s for many people. If you were an open source developer in the 90s, maybe not, but then again, OSS in the 90s was pretty broken for _everyone_.

> if they had issues with this happening they should of never used GitHub to begin with.

I think it's reasonable to say that people understood that there were tradeoffs in hosting code on a site like github. Since it had become a popular site, the gains from the network effect outweighed the more theoretical risks, at least for the short term...

Then they should own up to that decision and realize that what they did not only helped github to be so dominant but it also actively worked against viable alternatives.

Choose more carefully next time? Maybe firefox instead of chrome? etc.

>likely be disproved over

I wouldnt say 'likely' this is M$ we are talking about.

And I used to be a Microsoft fanboy.

The first two points are pretty mucht after the textbook of 'dealing with bad publicity and lost trust'.

We will see what Nat Friedman does but Miguel de Icaza did have a bit of a falling out with the gnome community and started Xamarin where the developed a closed source IDE that didn't run on Linux. So a bit of a 180 he did there.

I think the whole situation of consolidation into titanic unanswerable powers is horrible, but I can say this for Microsoft and its intentions: If the situation was that GitHub would inevitably be devoured and consolidated into something, I can think of worse devourers (by at least a small margin). Amazon. Facebook. Bayer ;D

I preferred Github to be an independent thing, and I wonder if the world's changed to where you can't have independent things, you can only choose your master, and you can't actually choose that either. If it's that, could be worse.

Ask some of the Gnome developers who were around when Nat and Miguel did mono as the open source C# vm and tightly integrated it into gnome over a lot of disquiet what happened next.

Nat is a great PR guy, no doubt about that. You may have no issue with his previous behaviour at Gnome when founding Ximian with respect to open source commitments etc. - but you should know about it and decide for yourself.

One of the things I like about HN is that we don't traffic in innuendo. And I don't think this is the right time to begin. If there is something you want to say b/c it's relevant, then say it; if you are afraid to, then share links to the controversy. But to say we should know about something that you can only allude to is not the right way to do this.

I think to describe this as innuendo is not entirely fair.

It's all there in public, easy to track down if you want to.

I /really/ don't want to summarise it because without a complete understanding of it I will be unfair to someone. It was big and controversial and resulted in serious schisms in the Gnome dev community. Nat and Miguel's company Ximian was bought by Novell who had a software patent deal with microsoft. There was a lot of trepidation over mono because of microsoft's software patents. Miguel de Icaza founded gnome and had those halos. Ximian employed many prominent gnome developers. My understanding is that mono is now not a dependency of Gnome and there was a reasonable amount of rancour about it.

If I post links I'm tacitly endorsing their analysis - which I don't want to do.

With the knowledge that Nat and Miguel essentially spoke as one from being joint founders of Ximian and there wasn't any dissent from other Ximian/Novell employees, useful search strings might something like:

"gnome mono controversy"

"gnome mono patents"

"redhat gnome mono"

I'd also suggest looking for prominent gnome developers from those days and see what they wrote about it in blogs and mailing lists and so on. I think it's entirely reasonable to check someone's reputation, especially when they advance it. The fact that you can and it might well check out as honest, solid, trustworthy and that they are a person of integrity is really, positive. Please note how careful I am being to refrain from besmirching anyone's reputation here.

They could be angels, this can still be harmful to devs. We could still be concerned about all of tech consolidating under 4-5 anticompetitive companies

On that basis alone, not sure how anyone can cheer this acquisition

GitHub wasn't making anywhere near enough money to account for all the investment they took on, so they had to sell to _someone_. Better MS than Oracle.

Skype had the same situation/skepticism. And MS basically engineered it to be irrelevant.

Linkedin? It maybe ok now, but to see who in the network clicks on you and more recruiters... at a prime membership of $30/mo? With the same opptys as Indeed? And with more spam and solicitations? Aside from Linkedin being on the edge of being another FB+Tinder.... Well, I think we see where it's going by year end of 2019. Wouldn't be surprised if it gets engineered into irrelevance too.

As for these new managers like Friedman: they'll will hold the FOSS torch for a year, get frustrated by internal politics and leave likely.

MS will likely listen to the community, but it's to exploit them into MS products, mainly Azure. And of course the community will be smaller than today. No way MS would abandon MSVS/TS--much like Oracle: too much invested and a good size community.

How is Nat Friedman an ideal candidate to run GitHub? Have you seen pre MS Xamarin?

Agreed, it's way too early to pull out the pitchforks until they've had time to demonstrate their sincerity on tackling these issues (and failed).

By that time you will have a microsoft login to access github and that after 15 downloads you pay 9.99 for premium.

Its time to get everything off Github right away.

It's always good to think about how to mitigate vendor lock-in, no matter who the vendor is.

The irony of the FUD spreading in comments like this is hilarious.

1) That’s called “PR.”

2) They can express whatever they like but keeping their word is optional.

3) How do you know? Have you met him?

Google and Facebook have tons of private repositories hosted on GitHub. I'd imagine it would be illegal for Microsoft to look into them but Microsoft being such a huge company, this acquisition could easily make Google and Facebook nervous.

If Google and Facebook have critical code they don't want external companies to view, it is almost certain that code is hosted on-prem or somewhere not like github.

It will be interesting to see which companies strategically move out of github after this acquisition.

...look into / lock / delete them. This gives microsoft the ability to all but stop work at companies who use private repos who compete with them, and/or delete critical repositories. Hope those companies have backups.

Yes, Microsoft will use their new power to block Go development by deleting their repo, or grind the thousands of Facebook employees to a halt by blocking the React repository. Maybe replace the go repo to a redirect to .NET Core.

Surely, every developer will have a backup because it is Git. Unless they're only cloning part of the history.

What? You really imagine that they would delete private repositories belonging to competitors, to attempt to gain an advantage? If Microsoft did that they would be sued so quickly, and for so much it would be unreal. Additionally, there would probably be criminal charges. I just can't imagine a world where this is a possibility...

I can. Microsoft has been spying on anyone willing to hold them accountable, and have plenty of blackmail material at this point. They are huge, politically connected, global in reach and have 0 scruples. I can't imagine that they wouldn't somehow use their position of power over its competitors, as it has in the past, to thwart them and force them further into the Microsoft system.

Microsoft was described by people who claimed to have seen it as having a terrifying and frightful appearance, with diabolical physiognomy, clawed hands, and eyes that "resembled red balls of fire". One report claimed that, beneath a black cloak, it wore a helmet and a tight-fitting white garment like an oilskin. Many stories also mention a "Devil-like" aspect. Others said it was tall and thin, with the appearance of an agilist. Several reports mention that it could breathe out blue and white flames and that it wore sharp metallic claws at his fingertips. At least two people claimed that it was able to speak comprehensible English

Microsoft, the boogeyman, coming to delete your repos.

They likely have only the open source repos, not the private ones.

As far as I know, Google does not host any actually private repos on GitHub. No idea about Facebook.

this is a normal practice/statement, no meat at all.

Agree. I for one am excited about the future of GitHub under Microsoft. Happy for Tom Preston-Werner, Chris Wanstrath, Mark Otto and all the early employees.

It is sad that Hacker News, once a community for hungry entrepreneurs has digressed into a hipster, anti-corporate, anti-capitalism community.

>2) They’ve expressed their commitment to keep GitHub an independent platform (like they did with LinkedIn.)

>3) Nat Friedman, although I was not familiar with him prior to this, seems like an ideal candidate to run GitHub.

Nat seems like a decent candidate for GitHub CEO, but i'm having trouble reconciling Microsoft's commitment to keeping GitHub an independent platform with their installing a new CEO. that's not really how "independent" works.

The current CEO doesn't want to be a CEO. GitHub has been looking for a new CEO for the past few months.

Chris, the current CEO, was looking for his own replacement.


The fact that he is now a technical fellow, it seems to me that this is the ideal outcome for all the parties involved.

Github was actively looking for a new CEO. It's not like MS executed a coup here.

I'm not saying it was a coup, but it's definitely not just a coincidence either that the new CEO who takes over at the same time as the Microsoft acquisition is a Microsoft employee.

If Microsoft weren't acquiring GitHub, would they still pick Nat to be their new CEO?

I'm trying, but I can't see your point. Company A doesn't have CEO. Company A gets acquired by Company B. Company B thinks it's a good idea for a company to have a CEO, and so provides an employee to take that role in Company A. It's not complex, not a coincidence, and absolutely not something that we should be worried about. It's striking that out of all of this, the new CEO is what you're worried about.

it's not a problem, it's fully what i would expect to happen in an acquisition. and like i said, Nat seems like probably a good choice for CEO. but it doesn't square with a commitment to keep GitHub independent from microsoft. if microsoft is appointing a CEO for GitHub, that's not independence by any normal or sane definition of the word "independent".

"Microsoft made a good decision when they appointed a new CEO for GitHub" and "microsoft is keeping GitHub independent" are not compatible statements.

I believe you're making two assumptions, one of which is untrue, and the other isn't necessarily true.

The first being that it's a better indicator of independence to have no CEO than a Microsoft appointed CEO. The number of good CEOs that have experience running companies with hundred-million valuations is very low, as GitHub themselves experienced for months. Without a good CEO, chances are GitHub goes under (somebody needs to push the Azure integration, etc.), so Microsoft didn't really have a choice.

The second assumption is that Nat will necessarily run GitHub from a Microsoft-first perspective, as opposed to a GitHub-first perspective. This may be true, and it may not. I believe this is what they were referring to with regards to "independence".

Please clarify if you're not making either of those assumptions, and if you are, I'm happy to discuss your justifications. :)

Edit: Perhaps you just have a feeling, given Microsoft's history, that they will sink the boat, and you're trying to justify it through anything that you can find that is concrete. Personally I don't believe that GitHub will stay a completely neutral shrine of perfection, and my only justification is my feelings based on history. So if that is the case, I completely agree. The idea of appointing a CEO where there is none being non-independent, though, is clutching straws IMO.

Their current CEO wanted out of that role, so they have been looking for a new CEO.

They didn't install their CEO.

It doesnt matter how well Microsoft does anything. The damage is already done. I highly doubt there will ever again be a major international project started on GitHub.


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact