Hacker News new | past | comments | ask | show | jobs | submit login

So many services rely on github that it has become a single point of failure for online infrastructure as we’ve come to know it. I remember seeing this shared many years ago [1] and not much seems to have changed in the interim. If anything the MS acquisition has only exacerbated matters.

[1] https://www.brandonsavage.net/github-your-single-point-of-fa...




If you let Github become a single point of failure, maybe you are using git wrong? It's named "Distributed version-control" for a reason. I can really recommend this talk by Linus Torvalds about how git is more of a way of working than a piece of software: https://www.youtube.com/watch?v=4XpnKHJAok8


The git aspects of github are not the things people build SPOF on.

It’s the code review tooling, the artifact storage & the deployment pipelines.

A distributed version of those would be awesome...


I may use git wrong, but didn't use GitHub wrong. First, Github provides more functions than a git repo. Second, I haven't seen anyone or any company using Git in the way as Linus said in the video. I believe most companies are not either.


I'm using git bug, so I don't care at all about some delays to sync my issues.

I'm not using GH actions, only Cirrus, Travis and Appveyor, which can be triggered manually if the API service is down also.

https://github.com/MichaelMure/git-bug


> Gitlab is written on Ruby on Rails; you should understand the security implications of Ruby on Rails before using Gitlab

Can someone ELI5 the security implications of Ruby on Rails?


I'm sure its 'less bad' now -- but here's an example of an absolutely horrendous security-bug-as-a consequence-of-design-deeply-baked-into-rails ... https://github.com/rails/rails/issues/13420

Interestingly -- the rails developers decided to put in a really horrendous hack to mitigate the common paths through which this design-flaw might lead to unexpected security outcomes ...

In a way, one could argue that the willingness to put in a horrendous hack to 'mitigate' a security flaw provides an example which demonstrates some amount of 'security reasonableness' in rails ...

In reality tho -- I think that this example serves as evidence more for the fact that rails is deeply flawed and very unlikely to be secure in practice -- for reasons of design complexity alone.


Thank you. I agree with you, even though most of the tech world is run on bodges, that does not mean it is the right thing to do.


There were multiple high profile rails vulnerabilities in the past, such as the infamous yaml vulnerability in 2013 which allows executing arbitrary code in all rails app.


Thank you for explaining


Funny. Unless something changed, GitHub is also extensively using RoR.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: