Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: My GitHub account got suspended without any notice
657 points by ygcodes 9 months ago | hide | past | favorite | 263 comments
Hello friends,

I'm a Full Stack Developer from India. I'm a maintainer at Gatsby, Open Sauced and Triager at ExpressJS, Nest.land, JSHttp etc. I use GitHub a lot, but recently my account got suspended midnight without any notice, From my knowledge I haven't spammed GitHub, I review 3 - 6 PRs in Gatsby per day, It's been a week without GitHub, I have three sponsors in GitHub, they are asking me tons of questions and one of my sponsor stopped sponsoring me (my payout balance got reduced). All of my office work got stopped, I'm the admin of the org that is used in our company. All employees now don't have access to the repo because it is returning 404. I got support from lot of people in Twitter but GitHub is not responding to my ticket for a week. I also created a petition is change.org https://www.change.org/p/github-inc-my-github-account-suspen... some people supported me over there too. It would be great if GitHub unsuspends me.

My support ticket number: 763327

GitHub Profile: https://github.com/yg

Save Open source developers!

Hope Nat Friedman and GitHub will see this!




Had a similar thing happen to me with Github a while back (pre-Microsoft acquisition).

Even as a paying customer for many years, my account was disabled – without even receiving an email warning. I only discovered when browsing issue histories where I knew I'd left detailed comments, and noticing my comments gone without even a note about deletion, leaving threads nonsensically fragmented.

When I tried to login, I was only faced with a generic "activity that looked malicious" message – but no hint of what that might have been. Once I complained, I was restored quickly – but if I'd been on extended vacation, or perhaps even passed away, there'd have remained giant holes, indefinitely, in projects I'd contributed to.

Was anything I legitimately did as myself suspect? (They couldn't say.) Was some third party trying to get access – or did they even briefly succeed, perhaps with some compromised credential somewhere? (That was my fear – but they couldn't say & there was no evidence of compromise in what I could see.)

After several angry emails about how they shouldn't accuse a longtime paying account in good standing of 'malicious activity' – creating fear of an account compromise of unknown extent – they finally said no, it wasn't unauthorized access (or attempts thereof) but some comment (unspecified in age/topic) that a filter deemed similar to other malicious comments.

I'd paid them ~$600 over the previous 5 years, and still had an active subscription with working billing details. My account was nearly a decade old with a wide variety of contributions & comments. But still, an automated system with no apparent human review disappeared my account, without even generating a notification.


For a paid account this is utterly unacceptable. For a free account I can kinda understand it, although it'd still be nice to get some automated explanation. An automated system that can't provide a good reason to disable an account, shouldn't be disabling accounts at all.

If this is a thing that happens at Github, I guess that's another reason to check out Gitlab instead.


And this sort of thing is why some of us have been endlessly warning that it's probably a bad idea to centralize all of the open-source ecosystem onto a single centralized, proprietary, commercial platform.

Not that those warnings were heeded, of course, as usual.


Technically git is free and you can self host. The issue is that the power of money cannot be ignored. Github has become the defacto centralized OSS ecosystem because it is free and can afford to be free due to the money they have.

I would argue that we should encourage more platforms (paid) that can host git and not just depend on github or gitlab. But those 2 are successful because they were some of the early ones and then got a lot of money/funding. There may be other alternatives but no one wants to put their code with a small risky company that may not exist tomorrow. IF we can solve that problem, I think we will be ok.


This


Age and activity matters here too. There are plenty of developers who have never paid github but do endlessly important work through it. At the very least flag these accounts for human review.


Par for the course these days. And its getting worse.

When you have 40 million users and a few hundred people running the system, all kinds of issues just sit in queues never seen by human eyes until a gigantic stink about it is raised.


For those in the EU/UK, it's worth noting that the GDPR isn't just about controlling how personal data is used. It also imposes obligations on data processors to take care of that data properly.

The usual issues arise about enforceability as long as this is only European law, and about ambiguity in the way the GDPR itself is written.

However, it seems likely that arbitrary deletion of personal data like this could fall foul of the requirements for integrity and availability, particularly given the GP was a paying customer.


Because we're talking about an automated decision, Art. 22(1, 3) of the GDPR applies as well where:

> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

And any exceptions still require the data controller to provide:

> suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.


It is ridiculous that GitHub has not even responded to your support ticket.

To anyone reading from GitHub, this is making me rethink my choice of GitHub as a platform, and I'm sure the same is true for other people reading this post. Your reputation is very much at stake.

To anyone reading this from Gitlab, how easy is it to migrate CI/CD off of GitHub Actions to Gitlab?


If you truly wish to avoid this kind of problems you should think about hosting your own platform rather than jumping to the next one. Just because the smaller players haven't done anything bad doesn't mean they wouldn't.

Gitea/Gitlab are crazy easy to set-up nowadays, especially with a fully working CI/CD setup (I use Gitea+Drone and I love it, Gitlab comes with its own)


Problem is that there are so many services that integrate with github directly that moving to other alternatives will also require moving/replacing those 3rd party services.


Embrace, extend.


Is it possible to self host the code, but then automate syncing backups to public Github.

That way you can use 3rd party integrations, and be part of the Github ecosystem 99% of the time, but when they do something like this, you have an emergency place to work from?


Plenty of projects do this, hosting on their own infrastructure and syncing one way to a R/O repo on github for those who find that for some reason easier to access. A couple of examples are boost and llvm


I believe Gitea has two way syncing built in.


You are essentially shifting the problem from entity to entity and from one domain to another. If you self host your repository, your hosting provider can pull the plug and you essentially end up in square one. If you decide to self host, you should consider multi-cloud cross continent and cross political doctrine cluster.


You don't need a hosting provider. Your code fits on each developers' machine. (Remember when git was touted as a distributed version control system?) If it doesn't, you're at the scale where you're not worrying about your hosting provider dropping you — they're worried about you dropping them.


That's just as true of GitHub though, and isn't the problem. The problem is the related services, like issues, PRs and now CI/CD which all sit with the code but don't come down on a clone. That problem still hasn't been solved, which could mean your whole knowledge base goes missing if you lose access to the server. CI/CD can maybe be replicated from what's on your laptop, but if you don't have the PR history it could spell doom for big codebases that don't use extended commit messages a lot.


You could use something like Fossil[1]. Or you could take regular backups of your project, which you should perhaps be doing anyway.

[1] https://fossil-scm.org/home/doc/trunk/www/index.wiki


I never understood why all that stuff wasn't also committed to the same repository. History is history, whether it's source code or talk about source code.

Of course it could also be in a database thingy for querying and stuff.

Some people say it is because Github wants to lock you in. I don't really believe that, but I am equally sure they don't mind if you lock yourself in.


I've had to resort to this I have 2 CentOS servers at the office. One running Gitlab CE the other running Gitlab Runner. We can't risk getting burned by Github or Gitlab if we forget to use the correct words in repos.

Switching domain registrar and re-routing DNS is a simple and cheap thing if it ever becomes necessary.


Moving your own self-hosted stuff around different hosting providers is easy and doesn't interrupt the service, at least not for long. Just open an account at a new hosting provider. Fire up, your backup, changing DNS and you are up and running.


This is great until your DNS account is blocked at the registrar for similarly opaque reasons.


At some point, there are risks you can't realistically control. There will always be extremely unlikely but theoretically possible catastrophic outcomes. Working DNS is great until global thermonuclear war or a supervolcano erupting renders the Internet rather irrelevant, for example.

A sensible policy is to look at the risks you can do something about, try to assess how likely each threat is and what damage it would cause if it actually happened, and then make your plans taking into account how much you want to control those risks and what it costs you to do so.

On this scale, something like the total collapse of law and order or the failure of the core infrastructure of the modern Internet and its governance processes is obviously less likely than one commercial service provider pulling the plug on unspecified or unreasonable grounds.


I think highlighting risks in systems we might eventually change, but can't change yet, is also part of sensible policy.

We're not going to change the DNS registrar system overnight. But by drawing attention to the issue, we might, eventually, make it a bit more robust with regards to things like registrars becoming unresponsive to small players, or losing data.

For example if people could register with two or three independent registrars in order to have robust control and ownership in the event any one registrar fails them, that might help as a technical solution for robustness. No doubt there are other non-technical things that may help as well.

Separate from changing DNS, I think it's sensible to recognise that risks with cloud hosting or using SaaS, as happened to OP with their GitHub account, also exist with DNS, so for anyone who would find that a problem, they should evaluate whether relying on a single domain, or even on DNS itself, is the right thing to do. For example, high-value IoT devices in the field that can't be updated easily might look for their server at more than one DNS name, and specifically on separate domains (not subdomains) held by distinct registrars, and validate the server's identity. Or they might keep track of IP addresses that have worked recently (in addition to DNS) and fall back to those. (I have worked on devices where this was helpful because DNS on some deployed sites turned out to be unreliable.)


I don't disagree, but I think it's fair to say that the risk of some random DNS-related dispute causing a problem where your registrar cuts you off is much lower than the risk of some random SAAS you depend on pulling a fast one.

The culture and economics behind a lot of tech SAASes that we talk about here all the time make them inherently vulnerable to discarding or abusing users, even those who have been with them a long time and maybe paid them quite a lot of money, in the name of the almighty growth curve. The incentives there are not necessarily aligned with supporting even long-standing and loyal users.

In contrast, there is little to gain for a DNS provider to screw a paying customer or get embroiled in some tedious arguments about rights to some domain name. They can't entirely avoid that because of the environment they operate in, but they are generally going to make the most money when they have lots of happy customers who can briefly engage with the provider's almost entirely automated systems and pay some registration fees for the privilege through another almost entirely automated system and then everyone can get on with their day happy with the trade.


Couldn't you just switch registrars?


It can be difficult if the old registrar won't cooperate.

Especially if you registered under a pseudonym, as then you can't prove legal ownership of the domain either. But even if you register under your real name, you may need a court case to compel transfer if the old registrar won't cooperate.


> If you self host your repository, your hosting provider can pull the plug and you essentially end up in square one.

Yeah, but it's much, much, much less likely than some script at GitHub getting triggered and shutting your account down. And even the cheap hosting providers do have ultra-premium-platinum-support compared to Google, GitHub, Amazon etc.


> And even the cheap hosting providers do have ultra-premium-platinum-support

It is an odd thing to think that GoDaddy may have more merit as a solution than Github for hosting code...


Not Godaddy. Just go with any reputable VPS instead. You don't want to get into GoDaddy's hell, trust me :)


While GoDaddy doesn't have the best support, they have fixed many account related issues for my clients in the past.


If you self host your repository, your hosting provider can pull the plug

If you self-host your repository, you don't have a hosting provider. There is no-one to "pull the plug" on the server at my business's office except the people who work in the building who could literally pull the plug, and I suppose the electricity and phone companies and our ISP.

What you are talking about isn't self-hosting, it's hosting in the cloud on VMs you're renting directly. This is an intermediate step between self-hosting and using a fully hosted service like GitHub.

With cloud-hosting, you are probably still subject to the whims of your hosting service. For example, you might be subject to occasional forced restarts of a long-lived instance if your hosting service needs to restart or replace the underlying physical server.

However, in most cases, unless you're doing something illegal using their equipment or compromising their system in some way, these hosting services don't much care what you're running on your virtual box. This option is still far less risky than using a fully-hosted service, not least because you retain full control over the underlying data so there is almost nothing that can happen because of your hosting provider that a reasonable backup strategy can't fix within a relatively short amount of time.


Your ISP could refuse service. This has happened. If you manage to start an ISP people could refuse to peer.


I think my other comment at https://news.ycombinator.com/item?id=23834351 applies here as well.


If you run your own AS you can buy bandwidth from literally any carrier, they famously don't give a triangular shit about what you do.


Yes, but be honest, how many people can easily get their own AS? The barriers to getting an AS number are by design higher than the barriers to getting hosting with a random provider. If I can prove I have hundreds of hosts I want to connect to the Internet, I can probably successfully get an AS number and get in line for a slice IPv4 space when one becomes available. Joe Random probably can't.


What is AS?




There are two things you should ensure while self-hosting:

1. Always have independent and automatic data backup. A storage medium attached to a raspberry pi is plenty enough

2. Always choose a setup that you can deploy and migrate trivially

It wouldn't matter what the hosting provider does if you have the power to pack up your bags and move elsewhere when they misbehave.


Can I have a single company act as the aggregator of all these technical abilities and package it into a single software product? :D


>To anyone reading from GitHub, this is making me rethink my choice of GitHub as a platform

You should reconsider it no matter what; you're putting your business in someone else's hands and relying on their goodwill not to completely fuck you over.

Using Github can be a tolerable risk when your company has hundreds of more-likely reasons to fail in the next month and needs every little bit of saved time it can get. But once the business has it's feet under itself, the github contract of adhesion is a pretty stupid risk to take.


They are putting their business in the hands of a vendor they pay for a service.

When you pay a professional for a service, you should be able to expect that the service is provided.


If you're large enough for it to matter then you're large enough to pay for Github Enterprise and have stronger contracts in place. Then you're not relying on goodwill but the cost of a lawsuit if they fuck with you.

And if you can't handle your business relying on contractually and legally defined interconnections with other entities then you really shouldn't be running a business.


I recently had my account removed from Gitlab.com without warning and discovered it when my workflow broke. I'm talking to support but my issue has yet to be resolved.


Do you mind sharing your support ticket number here, or email it to community@gitlab.com? We can help escalate the issue internally. Thanks!


Can you do all your customers a favor and fix the process so that "I posted on HN/Twitter/whatever" is not a desirable means of escalation?


We do prioritize tickets that indicate an issue as complete blocker. Our team that monitors hackernews for feedback, issues, and criticisms work to make sure these things are actually being prioritized, as it’s not always clear from the support ticket how severe a blocker might be.


Is "my account is suspended, I don't know why" considered a "complete blocker"?


Yes, if the support ticket is opened when the issue is discovered. This particular instance was first reported on hackernews and was due to our dormant namespace policy: https://news.ycombinator.com/item?id=23827772


This seems to be a common problem around the tech industry as a whole. What would it really cost them to have even just half a dozen decent people running around doing support. I am sure they will be busy very quick too but it will help to maintain GitHub as a community focused site that aims to keep you productive after all git is a productivity enhancement utility.


The problem is that you wouldn't need a dozen but rather 100+. Support doesn't scale well.


As many as it takes or is permissible, then.

The notion that customer support, just like security, is just a sunken cost needs to stop.


Why would hiring 100+ customer support reps be a problem for Microsoft?


1. They would need to be somewhat technical, so they would not be cheap. Let's say $70,000 a piece.

2. It is a free product. Would you spend 7 million a year supporting a free product?

3. 99% of complaints would be of the nature "GitHub is broken. HELP!" and really be some person who did not set the origin before pushing.


1. They would need to be somewhat technical, so they would not be cheap. Let's say $70,000 a piece.

That is roughly the fully-loaded cost to employ a senior software developer in much of the world. A decent but first-line tech support agent would cost a fraction of that amount almost anywhere outside the US.

2. It is a free product. Would you spend 7 million a year supporting a free product?

Presumably for the same reasons you spent far more than that to buy and continue to operate the service at all.

3. 99% of complaints would be of the nature "GitHub is broken. HELP!" and really be some person who did not set the origin before pushing.

Then 99% of the complaints will be dealt with quickly using standard replies and references to FAQs. These aren't going to be the ones attracting hundreds of comments and presumably thousands more readers on prominent online forums for software developers.


They paid $7.5 billion for it so they're already spending much more than that if they keep it running for any less than the next thousand years.


It isn't a free product. It's a paid product with a free "introduction tier" that helps them capture the open-source ecosystem, so that when your company needs paid services, they are the obvious choice because everyone is using it already.

Basically the same deal as "educational licenses" for expensive software suites. It isn't a freebie at all; it's an investment into future customer acquisition through lock-in. That's how you're paying for it.


> It is a free product.

I for one pay for GitHub. I've never had a ticket that wasn't answered in under a day, but I'd be almightily annoyed with them if I submitted a ticked like this and didn't have a response within hours.


Mostly support is a person getting a hold of someone that can escalate. No technical requirements needed.


No. Support is a pyramid where each node should try to solve the problems they can before an escalation.


It should at worst scale linearly with user-count and hence, at least in the asymptotic limit, revenue.


> It should at worst scale linearly with user-count

No, front-line support staff might scale that way, but organizational costs scale superlinearly with the size of the bottom of the pyramid, so even if it did, total cost would be super linear with userbase.


Users can be free or paid. When I open up support tickets backed by a paid account they're always very quickly resolved. I'm not sure how much GitHub needs to support people who won't even pay for the product...


I'm not convinced revenue on services with free plans scales linearly with users.

It's unclear if the poster had a paid for account.


Regardless, a dozen is a good starting point.


I am not sure that would be better simply because they would either need to throw away a lot of tickets randomly or the wait times would be horrendous.


They already have more than a dozen


To anyone at GitHub reading this, this thread has motivated me to move the rest of my projects to a self-hosted solution.

Putting all my eggs in GitHub's basket is evidently too much risk for me to bear.


Just back up the data somewhere else. No matter what you use, there's a possibility that your stuff will just vanish one day. Your own hard drives could die, your building could burn to the ground. Don't put your data into something that you can't get it back out of later. Off site backups are like sysadmin 101. You even need to back up your cloud infrastructure, it's not unheard of for any of the cloud providers to lose a whole bunch of VMs, storage, etc all at once. It's rare, but it does happen, just like an account lock-out.


The problem isn't just the data, it's the access. You can point a domain of your own at a different server if the old server vanishes for some reason, and retain interaction with your users.

But if GitHub bans you, good luck with that. They're not just deleting your data; they are removing you from your own community, because they control its environment.

Edit: And the domain name system, unlike services like GitHub, actually has processes and mechanisms in place for recovering access and filing disputes.


I have backups, but it's more than just data. GitHub is a platform for collaboration, and should the plug get pulled from the platform, collaboration stops and data living outside of the repositories is lost. I can't afford that down time.


And you can still mirror to GH to benefit from the extra visibility and attention this is bringing to your project.


I have also bookmarked this, and will be sharing it with the few Open Source projects I contribute to as evidence that we should stop using GitHub for crucial work. It's a sad thing since I think they have a more intuitive platform than GitLab or Bitbucket, but seem to be transitioning to a full-blown enterprise obsessed Microsoft division.


Of course it would, what else did you expect. Microsoft and open source have preciously little to do with each other regardless of how much lipstick they put on the pig. Selling Github to MS was a major mistake and one that we will all eventually end up regretting. This company is not friendly to open source unless it will find a way to milk it for profit, and even then only until that route is more profitable than any other scheme they come up with.

Lambs to the slaughter. Did you really believe that Microsoft suddenly did a 180 and that all the people that thought EEE and hamstringing Linux through proxy lawsuits and outright lies were just fine have left the company?


I had hoped that GitHub's culture, Nat Friedman as a CEO, and Microsoft's seeming acceptance of Open Source lately would combine to maybe prevent GitHub from turning into Microsoft SharePoint For Code.

It seems that I may be wrong.


Microsoft's "acceptance of open-source" only stretches as far as it helps them survive, in an economy where "why would I buy your product when there's this open-source thing" is a question that gets asked more and more frequently. You know, the "embrace" and "extend" phases of "embrace, extend, extinguish".

This is really obvious from the parts that they choose not to open-source, such as https://github.com/MicrosoftDocs/intellicode/issues/201


Nat might still hold the CEO title, but no longer has the power to set policy.

He should do as he is told by MS.


Gitea is more similar to GH, and besides self-hosting there are providers that'll host your OSS projects for free, like notabug.org and codeberg.org and probably a bunch more.

https://notabug.org

https://codeberg.org


Careful about leaping to conclusions, we're hearing one side of a story here.


"We're hearing one side of the story" seems to be functioning as a thought-terminating cliche here. Everyone knows we're only hearing one side of the story. The comment you're responding to is asking Github to join the conversation, and noting that the information we have so far looks bad for Github. Nobody is suggesting that Github be summarily executed.


Sick and tired of the 'both sides' argument to shut down discussion. The simple fact that this is seen as a reasonable way to get the attention of the company involved speaks volumes. The best ones are the ones where they can't tell you anything about your own account for policy reasons that are not spelled out because it may help the spammers/criminals/bogeyman du jour.


Well the problem seems to be that the other side can't be bothered to give their side of the story.

Which is not something unheard of when dealing with large companies.

If true,that they did not respond, that would be much more worrisome to me than whatever the reason for the ban might have been.


The other side already waived their right to be heard by closing an account... pardon, another account, with zero communication.

That was the time to start sharing “your side”.


While true, it is ageless problem that the faceless large corporation does not give a shit about any indivual user of their system

Time and time again we see large companies from all markets only respond when public interest is triggered and more than just the individual user starts to question the actions of the company

This is the sad reality we are in, if you tie your work, your income, etc to a large corporation you likely will be screwed at some point unless you can cause a public backlash.


The fact that Github is not sharing their side of the story is the very thing that people are complaining about.


Thank you, you are right. Felt very powerless in empathy with yg.


This seems weird because I’ve contacted GitHub Support dozens of times over a good part of the last decade and they’ve always been pretty responsive. Need to gc a repo? Usually done within the hour. Make a fork standalone? Same. UI complaints and suggestions? At least get a human response within a day or so, either explaining a decision or saying the feedback has been filed.

I guess abuse-related tickets can’t be handled by the usual responsive team(s).


If you are need to gc repos it is likely you are a huge customer that they care about.


No, I’m just an individual who was free for a few years, then started paying $7/mo (now $4/mo). Anyone can ask them to gc repos at any time. Typically needed when there’s an accidental push of a secret.


While it sounds bad from the description, the story is still very limited and missing the other side.

However this is just vendor management. You have to balance risk and productivity, and it's even more important now with how many different services a typical business uses.

Most people are better off using third-party services with proper support contracts rather than trying to plan for an edge case while ignoring all the other new challenges it brings to do it all yourself.


The 'other side' is irrelevant. If you run a service oriented organization and are gateway to a substantial fraction of the open source projects out there you should have your customer support house in order to the point where fora such as this one are not seen as a means of last resort.


The "other side" is completely relevant. We don't yet know if this is a policy issue, a tech issue, a legal issue, a national security issue, an account takeover / hacking, etc.


It doesn't matter because clearly support has failed. There is no way a thing like a prominent github account like this one should be suspended without immediate communication with the user, which did not happen. The fact that this ends up on HN at all is the problem.


> should be suspended without immediate communication with the user

I don't think we have enough information to definitively prove that his email address is still accurate on the account. If the account was taken over by a malicious user (hopefully not because they claim MFA was enabled), then the new user's email address may be the one that was notified.


Without the other side, you have no idea whether their support is in order or not. Being such a large organization leaves millions of possibilities. Is this user even a paid account?

Going back to the OP's post, if you leave a vendor for a single 1-sided account of a negative experience, you'll never deal with another company again.


This is hardly the first instance of these large cloud providers screwing over their customers in terrible ways. The number of these stories on HN alone over the year must number in the 100's if not more. The 'other side' has had a decade or more to get their house in order and has not managed to do so. Support typically is so abysmal that if you need it at all you are screwed. Forking over 1000's of $ / month does not seem to make much difference.

The safe default seems to me to believe these stories at face value unless evidence to the contrary has been provided.


These companies have millions of customers. Nothing is perfect and scale will always bring problems, both in quantity and depth. The massive success and reliability of cloud services doesn't point to a major risk for most.

Regardless I don't see what the issue is in waiting for the full story.


That you'll be waiting forever?


I believe by waiting they mean ignoring the possible issue until the situation changes. So yeah, you can wait forever. It's free.


Your interpretation is faulty.


I think you should be first asking how easy is it to get free support from GitLab.


We may find out very soon. If this blows up (and it really should), Gitlab may pull a move similar to their automatic migration utility from when Microsoft acquired GitHub.


For GitLab.com maybe that’s a question, but nobody is going to ban me from my self-hosted service.


Don't mean to sound facetious, but isn't self hosting also technically hosting somewhere ? (Unless you mean actually having access to the physical server where it's running from)

In other words are we just assuming Digital Ocean/Hetzner or wherever one 'self-hosts' is less likely to auto ban you for no reason? I would say yes, but I hope others are atleast considering this aspect when comparing this moving to Gitlab or whatever


I've avoided MSFT like the plague for 5 years. When they bought LinkedIn, deleted account. When they bought GitHub, stated using BitBucket. Same with Google. When they went to the dark side I moved to FastMail and DDG.

Long story short: don't give your time and money to evil corporations.


I'm sure this has nothing to do with Microsoft.


Microsoft owns GitHub, so any GitHub problem is, ultimately, Microsoft's problem.


Fair :-)

I meant, nothing to do with Github's acquisition by Microsoft.


You'd be surprised how much an acquisition changes priorities. Suddenly the CEO of your company is a middle manager at the acquiring behemoth who is at the whims of their generous crop of Senior Vice Presidents, and wants to keep them happy because s/he has a ton of unvested stock on the line.

I don't know what the precise cause of this bad support is, but I would wager that an acquisition by Microsoft will shift GitHub's priorities away from Support and towards Enterprise Sales.


Just so you know how distant Microsoft is keeping this acquisition, Github employees don't show up on the default lookup tool (Who).

I'm sure they're pedalling Azure, but other than that Github is still very much independent.


Is that true for how hiring is done and how funds are allocated? In this case customer support funds?


I am still looking for a good self-hosted solution for code hosting and bug tracking that

- Doesn't have excessive server side dependencies or resource requirements

- Doesn't have unnecessary client-side requirements (should be fully usable without JS, should not load a million resources to render a single page)

- Doesn't make any external requests (except for things like third-party logins where there is no other way)

- Has decent UX and visuals


> To anyone reading this from Gitlab, how easy is it to migrate CI/CD off of GitHub Actions to Gitlab?

We have example templates for most common languages and frameworks: https://docs.gitlab.com/ee/ci/examples/.

You can read here for all the supported ways you can create pipelines and define the CI jobs: https://docs.gitlab.com/ee/ci/yaml/

A TL;DR is that all you need is a base docker image and a list of commands to run. Jobs will run in parallel for each stage, or you can define dependency between then, so they run as an independent DAG.

(You can easily import all your projects with a few clicks: https://docs.gitlab.com/ee/user/project/import/github.html#i... and we get everything from issues, merge requests, to labels milestones, comments, etc.)


I'm the PM for CI at GitLab and I'd also be happy to help. You can reach me at j4yav on Twitter or jason at gitlab.com, DMs are open.


Hi Yogi, I'm guessing your Github account has been hijacked.

Support won't respond to your emails because it could be the attacker impersonating you, or he could still have access to your email and get info that way.

This is Standard Operating Procedure I've seen applied on stolen accounts in MMO videogames involving stolen credit cards and organized crime. Sometimes wait time was 6 months with no contact, because they needed to keep the evidence under seal for the police investigation and avoid tipping off the attackers.

Your 2-letter nickname and access to important projects makes your account a high-value target.

Did you have 2FA enabled?

edit: usually the email account got hijacked first, defeating the 2FA/1-time token. SMS is also easily hackable.


If GitHub really has reason to suspect that op's account is hijacked, they should be able to figure out at least one of op's email address (simply by the fact that email address is attached to the account long before the hijacking happened), and send some communications there? Or provide an official process of "we suspended your account because we have reason to suspect that your account is hijacked. we won't response to your emails either, this is how to contact us to have your account reinstated"?

Also op said they do have 2fa, which makes this excuse even poorer.


A malicious party could have access to OP's other accounts, maybe OP reuses passwords. It's in the realm of plausibility that they are being cautious not to alert the attacker. If they/authorities want to use the opportunity to observe and collect evidence then I think these actions on GitHub's part are somewhat reasonable, albeit kind of shitty.


If the account has been hijacked then they should go out of their way to establish the identity of the original owner rather than to try to wipe it all under the carpet. Having accounts that can be hijacked is a failure of the service provider, not of their users.


> Your 2-letter nickname and access to important projects makes your account a high-value target.

For sure this. People go crazy for this stuff and sell access on the dark web (https://gimletmedia.com/shows/reply-all/v4he6k/)


looking at http://web.archive.org/web/20200704143044/www.github.com/yg, OP had (some) access to @EpicGames, @Jekyll and some Nvidia org.


Yes I have 2FA and MFA enabled!


Another vector is takeover requests via their name squatting policy (that's how I got my username). But those requests shouldn't be approved unless the old account really is inactive. Might have been approved by mistake.

Another vector is the as of yet unfixed GitHub "ghost" bug, which I discovered and detailed here: https://github.com/git-rest/spooky

Note how you can read that repo, but the account https://github.com/git-rest doesn't exist.


OP got his 2-letter handle via a takeover request: https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

edit: the ghost repo is cool trick. Is there a writeup anywhere?


The OP changed his username in github less than a month ago to to the name of an inactive account? Perhaps the previous user is complaining.


Yeah, but it's not like he did something nefarious. He found an account that was inactive and requested it from support and they gave it to him. If the previous user complained, either he would get to keep it or the previous user would get it - it wouldn't be deleted/disabled and they probably would have communicated something.


The ghost repo trick sounds similar to a subdomain takeover. I can foresee this being a vector for publishing malicious code.


does this mean that if I pass away, someone can take over my username and repos under my account ?


No, from my experience even a single empty repo disqualifies you from takeover. The point is to prevent name squatting, i.e. registering a name and then going nothing with it.


It’s worth noting that the OP has recently acquired a 2-letter username from someone else & blogged about it: https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

I imagine there’s more to this than disclosed.


Btw, we can see a funny comment by the author in this article

> Agreed they have the best support team I ever have seen!


Might be this. https://dev.to/mscccc/hi-im-mike-coutermarsh

See the comment. This intro post was old but OP’s comment was recent. That guy is a Github Staff. I am not sure though.


I read the article. What's fishy about this?


There's just a decent likelihood that in the past two weeks some sort of dispute has been made about this. Maybe the original owner contacted them, and they are trying to decide what to do about it?

If there's a dispute on something that I don't know how to resolve, just disabling it until I get advice from a supervisor sounds like a good strategy to me.


That article was posted 10 days ago, on a US public holiday. Seems likely the previous owner only recently reported an account "theft" enabled by github's own support team and name reuse policy. This is exactly why account name reuse is such a bad idea.


In Austria there is a law in place saying if a company has a monopoly (e.g. public transport) or a quasi-monopoly (e.g. only supermarket in a 100 miles radius) the company is required to serve any customer and is not allowed to turn any down.

It is time that all countries introduce laws that prohibit online monopolies from denying access to their users without good reasons.


Cue the "it's not a monopoly" crowd.

I think we need another word for these companies that are way to big and "monopolize" certain online spaces/communities.


I think that many people confuse "de facto standard" with monopoly. There are certainly other services that can do most if not all of the things Github does, it just doesn't have the audience.

Does GitHub do anything to actively prohibit the use of it's competitors?


Think for private repos gitlab has been a viable and fairly popular alternative for a long time.

I reckon for open source the "de facto standard" plays a much bigger role, because of the user expectation to find projects on Github.


I am in the "it's not a monopoly" crowd and yes we should definitely use other words to describe companies that do not have exclusive control over a commercial activity.


Exclusive control of an activity isn't needed to be a monopoly. In the 90s, people used Netscape on Macs, but Microsoft got declared a monopoly anyway.


First I don't think your Netscape on Mac argument holds up. The antitrust suit was about IE on Windows.

"[...] the U.S. government accused Microsoft of illegally maintaining its monopoly position in the PC market primarily through the legal and technical restrictions it put on the abilities of PC manufacturers (OEMs) and users to uninstall Internet Explorer and use other programs such as Netscape and Java." [0]

"The plaintiffs alleged that Microsoft had abused monopoly power on Intel-based personal computers in its handling of operating system and web browser integration. The issue central to the case was whether Microsoft was allowed to bundle its flagship Internet Explorer (IE) web browser software with its Windows operating system. Bundling them is alleged to have been responsible for Microsoft's victory in the browser wars as every Windows user had a copy of IE." [0]

I do agree that exclusive control may not be needed. However, Microsoft was engaging in other anti-competitive behavior. It's not like they're restricting Windows users to only use GitHub.

[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....


That's kind of my point. Microsoft didn't hold exclusive control over operating systems nor internet browsers, but got called a monopoly in those markets anyway, despite available alternatives. Yes, there was more to it than just that. They merely had a lot of control in the market and was doing shady things.


defactopoly?


Forgive me if I'm mistaken, but I don't think GitHub has a monopoly. Git was created to be decentralized, so every developer has a "backup" of sorts on their own machine.

If GitHub is truely hostile to you, taking your business elsewhere (or hosting it yourself) shouldn't be too much of a roadblock for people with sponsors like OP.


Git being decentralized or not has no bearing on GitHub/Microsoft having a de-facto monopoly here. If you want to bring a counter argument that should at least include the name GitLab.


GitHub and other forges are value added services on top of git. They wouldn't be this popular if it weren't for issue trackers and merge managers, CI and that sort of stuff. They are centralized and can't be migrated out once an account is locked. GitHub can be considered a monopoly because recruiters tend to neglect repos elsewhere. We really need decentralized/federated alternatives to that.


I would argue the market is social Git hosting, of which Gitlab and BitBucket are competitors.


I don't think many people would consider GitHub a monopoly though.


This is a good law and should be applied to big tech.


I had my username (three letters, my initials) taken and replaced with initials + underscore + number (xxx_123). No comment from GH or even alert they were changing it. I guess someone with friends at GH decided they wanted it. What can you do...


that's almost what the author did here, they found an "unused" github handle that they liked: "yg" and wrote to support to claim it. No need to have friends at GH.

https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...


HN is NOT a support channel for Github, Apple, Microsoft, Paypal, Google and a 100 other services out there that have piss-poor customer support. If the only way to get a rise out of these companies is to abuse HN then that should be indication enough whether or not you should route a critical part of your business through them.


No but these kind of posts raise awareness of problems that affect many many people. I'm happy that this becomes public for the guy in question and for everyone of us.


You can see these on a daily basis by now. Just the other day, major Youtube channel blocked, Gsuite accounts suspended without warning (after a decade of forking over cash) and so on. The only warning you will ever need is this one: Don't trust the cloud, don't trust cloud providers and make sure your mission critical path is only tied to things that you can control or that you have a 'hot' spare standing by for. Otherwise sooner or later you will be bitten.


You are absolutely right - you can't just handover a kill switch for your business to a megacorp. However, there are a lot of instances where alternatives are not viable because of the same megacorps. For example, email is a major online ID and being locked out of it can be disastrous even for an individual. Ideally, you would want an email server of your own - but then the 2 major email providers simply junk the mail from small servers even when they have good spam filter score. Similar story about search engines directing traffic to imposters. There are no reasons to believe that this is unintentional. This wouldn't be a problem if everyone else had the same priorities as you. What alternative do we have other than to loudly shame them where it matters and get as many people to off those platforms?


So far, only Microsoft has been a nuisance to my personal SMTP server (there's an open issue about Microsoft's dubious blacklists on GitHub, with several participants: https://github.com/MicrosoftDocs/microsoft-365-docs/issues/5...).

Just a little part of why I hate and mistrust that company.


Me too. I've repeatedly had deliverability problems to Microsoft. Everywhere else has had no problems apart from the initial setup when I didn't know what I was doing.


That's a good point, especially about the email. I hope that I will be able to ride this one out until my pension date arrives and I no longer have to worry about that. The internet started with the best of intentions but it is rapidly turning into something far worse than AOL: at least with AOL you had the option to ignore it.


Incidentally, what terrible GitHub support that the best way to resolve this is to get help from Twitter or front page here.


This is true of far too many major platforms. The only way to get resolution is to yell as loudly as you can on social media or forums and hope it goes viral.

Truly terrifying how integral the internet has become and yet due process is nowhere to be found.


I was blocked from my bank account for a week, with my outgoing rent stuck in it.

Support (chat only) was mostly unavailable and would disappear before answering, or ask me for things at times I was asleep and be gone when I woke, or send me around in circles.

After some research I picked up that their Facebook team was much better than customer services. So I DM'd someone in the bank's Facebook team, and my account was unblocked within 20 minutes.


And this is wrong. Platform support should stay within the platform. If you are unable to support your users get out of the platform businesses.


It has not been possible for me to access my paypalæ account for months. Had a hastely phonenumber change and then all their non-login support lines shut down because of covid. Which have led to me not having any access, as I need a sms to log in.


This is not a "Show HN:", please change the title to "Ask HN:"

Which is your latest commit in https://github.com/gatsbyjs/gatsby/commits/master ? (Is this the correct project?)


"Thanks! changed to Ask HN"

I mostly review PRs in Gatsby, I don't remember what is the last commit!


c6593b93e8d85a8cd3d2ead3fa05b9b37f362e18 this was his last commit


Yes it's 6 days ago!


For the lazy https://github.com/gatsbyjs/gatsby/commit/c6593b93e8d85a8cd3...

It has five authors (one is a bot). The fourth one is the OP but the picture does not have a link to the profile because it is suspended.


TIL GitHub pulls out Co-authored-by: lines


If you’re doing anything mission critical on GitHub (or even if you aren’t), I highly recommend hosting your own Gitea or GitLab server and, at the very least, use it to mirror to or from your Github repos.

Gitea is very lightweight and simple to manage. I use mine as my primary server for personal projects and mirror them to my GitHub account for the network effect. I also have my server mirroring several upstream projects from GitHub to run my Drone build server against, but it also makes sure I can access them should anything happen to the upstream or to my account.


That's pretty bad, something for startups to keep in mind if they plan to use Github for their company I guess.


At our shop we are happy using Github Enterprise. There may be something unstated in this page's story.


Is your happiness a happiness of never having a problem that needed a human to resolve or a happiness of having a problem and Github resolving it?

One is an unknown and the other is an counterpoint to this.


> Is your happiness a happiness of never having a problem that needed a human to resolve or a happiness of having a problem and Github resolving it?

It's due to paying github and getting highly technical support. The tooling is also superior for our purposes.

I am not saying that everyone needs to pay github. There is a good chance, however, that there was a reason this person's account was suspended. If this was due to a mistake, a straightforward contact letter would have more results than starting an internet petition.


Most of startups knows that if they need to succeed it must be self-hosted somewhere.

I'm not talking just for sources and repos. About servers too.


In my experience, most small startups, especially successful ones, rely on SaaS for as much as possible. The goal is to do as little as possible themselves.


Sure, but to the point of not even having a local copy of your source code? That just seems irresponsible.


A local copy helps you migrate to a new provider but that's still a lot of effort and downtime. You lose ticketing, pull requests, CI/CD pipeline, artifact storage, etc.


You always can make a local GitLab - installation take minutes and everything is in-place.

Please explain where is "lot of effort and downtime"?


SaaS is cutting corners, plain and simple. Yes, in a startup you need to cut corners, but it will bite you in the ass eventually.


Everything will bite you in the ass eventually. Nothing is ideal. Everything has risks and eventual failure modes. Good business is about managing those risks rather than eliminating them.


I had the same thing happen last year, after the Microsoft acquisition. I was migrating my repos to a new github account and it was automatically suspended. No email notice or anything. I guess they saw two different accounts logged in at the same IP and that was enough to trigger it.

I contacted them and explained what I was doing and they reinstated it, but I always thought Github allowed and even encouraged "machine users" and thus multiple accounts.

I was definitely annoyed with their heavy-handed approach and lost trust; they could have emailed me first and given me a warning before just automatically shutting my account down and restricting access, assuming I'm a bad actor.


I've seen similar stuff happening when trying to block spammers. I worked for a major publishing company and we had an issue with the comments, too many spammers. After a review it has easy to see that 90% of the ip address came from India, blocking India was an easy fix although it is unfair for good citizens.

Google your office IP address, maybe it got listed on some spam forum and GitHub and others used it.

Given you have sponsors, this is a pretty big mistake on their behalf. Probably just a mistake, hope they restore your account.


Probably something to do with this? Mistaken identity maybe

https://dev.to/lucis/how-i-got-the-github-username-of-my-dre...


Or even this one...

https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

Perhaps someone is trolling him as a result...


How times change - comment from OP:

https://dev.to/yg/comment/11cog

   That's awesome! Agreed they have the best support team I ever have seen!


https://dev.to/yg/how-i-got-two-letter-username-on-github-i1...

You probably abused API limits searching for your two letter username


I also got my account locked when I changed my telephone number and had the email address associated with an old work email. They didn’t seem to be able to unlock it, so I lost a decade worth of projects. I now keep offline backups.


Always do a periodic full off-site cold backup of all your GitHub repos. It's very easy to script and should compress down very small.


Is there an easy way to do that ? Some script available somewhere ?


What I do is run Gitolite in a cheap VPS and then use https://github.com/miracle2k/gitolite-simple-mirror to automatically mirror the gitolite repositories to github and gitlab.


I have a script [0] that almost does this, but currently only downloads forks. Could easily be modified to work on all types of repos. Maybe one day I'll get around to doing that myself, hopefully before any spurious lockouts... but then again I usually create the repo locally first and push to GH later, so I should have all my repos already.

Also this only does the initial cloning, I still need to implement pulling down new commits.

But, the majority of the boilerplate is taken care of, like for authenticating to their API.

PRs welcome! And don't forget to fork it ;)

[0]: https://github.com/TwoRingSoft/tools/blob/master/bin/sync-fo...


I found that Clockfort's Github-Backup is good for downloading an account's repositories en masse. It only supports repos though, and not metadata like issues, comments, wikis, pull requests, etc.

https://github.com/clockfort/GitHub-Backup


We just pay for this: https://backhub.co/


You can write a simple GitHub action that pushes your repo to GitLab/BitBucket etc every 30 minutes or something.


Probably better to have the action run on every push to master, no point running it every 30 mins if it hasn't been updated in months...


Do you know an example of this?


Here's one I found on the Actions marketplace.

https://github.com/marketplace/actions/mirroring-repository


Whoa! I was talking about the horror stories of losing GitHub account in a several of my latest comments/threads and I get to see another one. Why wouldn't they send out a notice, at least, before deactivating an old, active account?


> Why wouldn't they send out a notice

If it was an account takeover, the malicious user would have changed the email address on account.


They could send out a notice to old email when they see a recent email change. When people change their email address in a service, that doesn't mean the old, verified email is completely useless.


More proof that anyone that trusts a cloud service for absolutely mission critical infrastructure for a business like source control should reconsider. And I'm not saying this to attack OP in any way.

But everyone should have a system to take backup of their org accounts on GitHub and other services if thats what you use. You don't want the apocalypse scenario that the service bans you and now you are all scrambling to find the latest copies on your PCs.


This doesn't make any sense. OPs problem isn't that he doesn't have backups of his repos (it is git, after all), it's that he doesn't have access to the social features of github: PR permissions, their patron service, etc.


Woah, this is pretty high profile. Github has been having lots of issues recently. Honestly guys, this started happening ever since they did those new UI changes.


Many commenters were so focused on offerring some git repo hosting alternatives, while it was clearly stated in the post that @yg's main use-case was PR review.

What would you recommend to replace that feature?

https://docs.gitea.io/en-us/ doesn't say much about PRs/Issues unfortunately, but I found this GH-issue which suggest the Gitea do have a review system since 2018 autumn, which seems to be on par with Github's interface: https://github.com/go-gitea/gitea/pull/3748

Can anyone confirm this, who used both Github and Gitea PR review features?


The same thing happened to my Mom's Facebook account.

She's a realtor that used Facebook extensively to stay in contact with her clients, as well as advertise for new business.

One day, the account disappeared for malicious activity.

PS: if anyone sees this and can help, shoot me a DM on Twitter :)


Outsourcing source control/repositories for software dev. is a suicidal idea and it has always puzzled me that so many devs jumped onto the Github (and friends) bandwagon.


Where else do you host where you can easily attract potential contributors, sponsors and recruiters? Self hosting is not a solution since everyone would have to maintain separate accounts on all those instances. The discoverability is also poor. Git's decentralization is a wasted opportunity if discoverability and participation aren't equally decentralized.

On a related note, I like sourcehut's design. I am not completely familiar with it, but I don't think you need an account at all to contribute.


My client use paid GitHub services for the new projects they work on. But we (devs) really hate it because it slow us at lot (can't push/pull, Github Actions not working, "crash" our CI/CD server, ...) because of instability of Github servers! Their status page look like a Christmas Tree! Not a single week without issues.

I don't have control on my client decisions (not my business), but personally I'm done with GH.


used wayback machine to dig up the most starred projects with their short descriptions. it seems the user has a couple slightly popular projects (10 to 200 stars) about gist and open source contribution tracking. so i think it's most likely a hacked account, given the interest in (extremely) short account names. the fact that they banned it without any message is disturbing. i hope to see what happens to this in a longer time period.


Wow, that's an awful way of getting de-platformed


I was still on the fence between staying on Github or moving to Gitlab.

All the bad experiences I'm reading in the comments helped me realize it's time to move to Gitlab.

Too bad my company still doesn't want to migrate (too many integrations with Github sadly), even considering all the downtimes in the past few months which have impacted us significantly.



I faced the same issue. Had to raise a ticket and GitHub basically reopened it after some duration (can't remember how long). The deactivation was due to an automated script apparently.


Had a similar thing happen to me. I once travelled to Cuba and checked GitHub one. My account was suspended but with some complaining it was quickly restored after they needed real proof of me.


Always host company backup local repo in case of emergencies also look at https://sr.ht/


We really need ForgeFed and federated source hosting platforms


I'm sorry to break it to you. But that's basically want you agreed to by accepting their terms of service:

"GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time."

https://docs.github.com/en/github/site-policy/github-terms-o...

People, please read and question terms of online services.


> A common moral flaw I see in individualist cultures is thinking that "they gave consent" is a good reason to intentionally do something harmful to someone.

https://twitter.com/technocrypto/status/1283038543577788417


Well, I would like to point out that the right move here would be to call out this clause in the terms of service. One could even try to take legal action in some countries that have civil right measures against such clauses.

But no, instead one runs around and starts a petition.


Yeah, go ahead and call out that clause. I bet that will do more than the petition.


He's not taking legal action, he's shedding light on a real dick move with a shitty response from support. He's also allowed to do that.


This is unhelpful. In a practical way, if you want to participate in open-source you very often must use GitHub. It is also unhelpful because it conflates what GitHub is legally allowed to do with what they should do. "They gave consent" is a poor basis for bad behavior and it cannot be normalized with a sniff and a "well, read the TOS".


Agreed, not super helpful his current situation. But might something that other people who read this want to take into consideration or being aware of. And hopefully being more critical about terms of service in future.

For him, I would expect to call out the clause that "allows" GitHub to do that as it is quite sure illegal in some European counties to have such a arbitrary termination policy. And maybe even start a legal case about it and call for support.

But this way it simply sounds like "please take me back" begging.


Your right to do something does not remove my right to complain about what you did publicly.


The clause is probably there to give GitHub some level of additional power to make judgements calls it may need to make, in situations that can't be anticipated.

It provides (or may provide) a stronger legal backing for GitHub if they have to terminate service for some reasonable reason that cannot be anticipated or enumerated in advance, in other words a judgement call, where the termination of service might be challenged legally or result in a lawsuit.

There are surely situations where action rather than pussy footing would be the right thing for GitHub to do, against a vexatious user with a penchant for abusing the service and using the legal system to incur costs on GitHub while doing so.

It would be much better if the clause was not so draconian. But I'm not sure what kinds of termination clause would protect GitHub in situations where it needs the flexibility to make judgement calls.

(ps. I don't want to imply the OP's GitHub account is in this category; I'm sure it isn't. I'm talking only about why the clause may be in the ToS.)


I don't know why you are getting downvoted. This atrocious quote ("with or without cause") is a great find; I personally have never bothered to read Github's terms of services before. If github literally says this in its terms of service — and it does — it's definitely worth knowing, and should give github users ample food for thought.


I think the downvotes are due to people interpreting the comment as a defense of github's behaviour in this situation rather than an attack on their POS TOS.


In other words.. he just got doctor disrespect'd


Nobody still knows what happened to him yet.


> Save Open source developers!

You do not need GitHub for this.

Just self-host on a GitLab or Gitea instance to avoid this nonsense of destroyed logins and account suspensions.


I think this is the little push I needed to move to my own gita instance.

Thank you for sharing, and I wish you the best resolution possible.


Mistakes happen and hopefully this was just one of them. The alternative is slightly too difficult to bear.


That’s not a valid excuse for people who rely on these services professionally. The ability for companies to errantly and permanently ban people without any kind of due process is unacceptable.

If we as a community truly care about OSS and the people behind it, this kind of error cannot be tolerated. It flies in the face of everything that the open source community stands for.


If someone maintains a project, wouldn't they have the code and be able to push it to another service (or run their own)?


This is realistic only if they're the only ones contributing to it, because otherwise they have to convince their other maintainers to use another platform. What if the other maintainers just fork the Github repo and keep going? Now the community has diverged purely because of corporate incompetence. And in the case of this particular developer, he lost sponsorship because he was locked out of his GitHub account.

The problem with Github is that everyone uses it, and services like Gitlab still don't have the same level of activity in the open source community. Well over 95% of source code links posted here on HN, for example, are Github links.


> This is realistic only if they're the only ones contributing to it, because otherwise they have to convince their other maintainers to use another platform.

Thanks!

How do you know this was due to corporate incompetence?


Hope you get your account back soon.


Wait you can get sponsors on github?


I can see why you couldn't find it: their new help search is incredibly bad

https://docs.github.com/en/github/supporting-the-open-source...


Yes I got 3 sponsors!


My gosh, that's watch happened. and I was thinking about some fail in server.


While this issue might appear small, even a "mistake", and would probably be resolved to OP's satisfaction (wishing them all the best!), it truly is time for entrepreneurs to flock together and start building alternatives to Github.


There are alternatives to GitHub. Gitlab, bitbucket, and sourcehut, just to name a few.


I love GitHub. It's probably my favorite platform in general but I have to agree. I would love to see a new platform that is a non-profit or public benefit corp, perhaps with a government charter or something. Software is too important not to have this sort of public infrastructure to support it. Private companies can still innovate to create better tools but public investment in software infrastructure/tools is an amazing opportunity to leverage a relatively small amount of pooled resources into a much larger benefit to society.


There have been attempts at decentralization of git storage and collaboration. See for example:

https://cointelegraph.com/news/interview_yurii_rashkovskii_t...

I would love to see something like this succeed for all manner of infrastructure... from domains and DNS, to email, to version control.


[flagged]


"Eschew flamebait. Don't introduce flamewar topics unless you have something genuinely new to say. Avoid unrelated controversies and generic tangents."

https://news.ycombinator.com/newsguidelines.html

We ban accounts that post like this and like your other comments downthread—regardless of which ideology or politics you favor. No more of this, please.


> Facebook doesn't even let you express anything except for ... ultra liberal views.

This is absurdly counter-factual.


[flagged]


[flagged]


[flagged]


The reason you can't keep a post without it being flagged is because you're spouting nonsense and attacking people.

It has nothing to do with which side of the political spectrum you are on.

Your comments are downvoted because you have written in an attacking, nonsense style. They are low quality comments, and HN is a place for higher quality discussion.

If you wrote a "liberal extremist" comment in the same style, that would be downvoted as well.

Attacking other users ("SS thugs like you") is especially unwelcome here.


> I can't keep a post without being flagged within the first couple of minutes because HN is filled with liberal SS thugs like you.

This is not contributing to a discussion. Expect that flamebait (including name-calling) is going to get flagged.


> HN is filled with liberal SS thugs like you.

Bruh, first time I'm hearing "liberal" and "SS" in the same sentence. Never thought of those folks as liberal before.


The American right has been trying to claim the Nazis were left-wing for a while now.

https://www.washingtonpost.com/outlook/2020/02/05/right-need...

Including in Congress:

https://www.vox.com/2019/3/27/18283879/nazism-socialism-hitl...


I thought Social Services are considered left-wing


That'd be an overly simplistic way of categorizing things.

You won't find many right-wing candidates for office proposing removing Social Security and Medicare.


> because HN is filled with liberal SS thugs like you.

As someone generally critical of radical left-wing politics (in fact, any radical politics), you are not doing yourself (or anyone) any favours by using ad hominem arguments like this. Please just stop.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: