Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: GitHub is partially blocked in India
294 points by captn3m0 on Jan 3, 2023 | hide | past | favorite | 164 comments
GitHub is being partially blocked in India by a prominent ISP (ACT) across multiple states under a sealed court order.

You can find multiple reports here: https://twitter.com/search?q=Github%20%40actfibernet. It has shown up in news reports: https://timesofindia.indiatimes.com/gadgets-news/github-cont...

ACT is using SNI-sniffing to block raw.githubusercontent, unlike most other blocks, which are DNS based. ACT's block page claims it is under a court order to block the domain:

> curl http://raw.githubusercontent.com/

> This URL has been blocked under the instructions in compliance with the orders of a Hon'ble Court.

(Using HTTPS results in a dropped connection).

Unfortunately, there is no easy way to find out if there is even a court order behind this block. A few times court orders are leaked, and a court case to get a single order published took 3 years[0] . Other ISPs are known to block websites without court-order due to technical issues[1]

for the last few weeks, GitHub previews on the website have refused to load, alongside some other interesting cases, such as extension previews breaking on VS Code (, Obsidian etc).

Hopefully, GitHub is fighting a case to get this unblocked, and given the resources it has, to challenge the law here as well (the law gives no recourse as it stands).

[0]: https://internetfreedom.in/delhi-hc-directs-meity-to-provide...

[1]: https://github.com/captn3m0/hello-cloudflare/




For folks looking to bypass these rudimentary DPI blocks, you don't really need a VPN. DoH + one of these should be enough

On Windows:

- GoodbyeDPI: https://github.com/ValdikSS/GoodbyeDPI (https://ntc.party/c/community-software/goodbyedpi/8)

On Mac / Linux:

- GreenTunnel: https://github.com/SadeghHayeri/GreenTunnel (https://www.npmjs.com/package/green-tunnel)

On Android:

- Intra: https://github.com/jigsaw-code/intra (https://play.google.com/store/apps/details?id=app.intra)

- (I co-maintain this) Rethink DNS + Firewall: https://github.com/celzero/rethink-app (https://play.google.com/store/apps/details?id=com.celzero.br...)


How about standing up to the people who implemented the ban and their supporters. I don't understand why we are working around oppression.


Technical workarounds and social activism aren't mutually exclusive; given how long the latter can take to achieve results, it's often useful to have the former in the meantime.


By bypassing the block you lessen the need for social activism


This is called "accelerationism". It does not work. It is a maladaptive thought-pattern, nursed by people on the political fringe.

The theory is that as things get worse and worse, there will come a moment when everyone suddenly "wakes up", and acts in unity to overthrow their oppressors and build a better system (under the command of the enlightened few, of course). This happens approximately never (see: Qanon), and when it does, the chances of a good result are even more remote (see: Bolshevism).

It serves a useful emotional purpose for the adherents: you don't have to do anything, make friends with anyone, understand the world around you. Just wait for the apocalypse, for the day when the Elect will seize power and shoot their enemies etc etc.

Back in the real world, here is how you build a large effective political coalition: by solving people's problems in the here and now. This is how the Fabians built the welfare state.


> This happens approximately never (see: Qanon), and when it does, the chances of a good result are even more remote (see: Bolshevism).

I would also count Russia in the current war into the "never bucket". Many expected them to overthrow the dictatorship, but the internal situation only became worse since 2022. If anything as more people leave, system becomes more homogenous and even more supportive of current status quo.


Bypassing the block renders the authoritarian control measures ineffective and/or void. This is an act of resistance in itself. Why do you think bypassing the ban is conforming to authority?


You bypassing the block remedies the situation for you. The thing is, not everyone is a super techy like you. The problem is everyone else who isn't you having access restored.

While F you, got mine is tempting, you gotta remember the follow through. Always punch up.


Why do you assume those who know how to bypass the block won't share it? Contrary to your expectations, people don't exist as isolated entities in vacuum.


You're assuming that even if the method of bypassing it is widely available everyone can figure it out or has access to help


Bypassing authoritarian control measures isn't mutually exclusive with social activism. Your entire premise was false to begin with.


Again, it can be exclusive. People who are able to bypass the restriction might not feel the need to fight it


Why do you feel the need to keep inventing false premises? You literally have no point here.


What is a false premise? You're saying that it's not possible a person who disagrees with this block won't fight to overturn it if he can find a work around?


your goal should be making these impossible to enforce, social activism is not an end in itself


This doesn't add up. Should the `work around` not be used because it lessens the need for social activism ?

One does not negate the other.


So much the worse for social activism then.


Or just self-host your repositories and don't deal with centralized Git services given that techies here are hyping around how 'easy' it is to spin up Mastodon instances.

Should be even easier to self-host a Git repository then, just like a website.


...I'll guess you've never been hit by an indian policeman with a stick? And they don't wear bodycams. My point being: your words are empty if you're not actualky there. Just imagine what happened pre-body cam (USA/ UK etc) and multiply that by many, throw in a LOT of judicial corruption and 'standing up to' becomes a little more difficult than it would at first appear. Circumnavigation may be the best option at the moment.


It seems to me that modifying the world so that the oppressive policy becomes irrelevant is always preferable.

And when that's not possible, heck yeah, stand up to power with truth in hand.


What would be your favorite way of standing up to the people who implemented the ban and their supporters?


Punishing them financially through boycotts, cutting off friends and family, voting them out, and terminating their employment.

Whatever can be done obviously


How, exactly, do you propose doing that? Do you mean hiring lawyers to try and get the court's decision reversed? Or lobbying to get legislation passed to prevent courts from being able to do things like this in the future? And if the court's decision doesn't get reversed and/or the legislation doesn't pass, what then?


Go after the supporters of the people who implemented the ban.


There's probably quite a lot of them. Modi-style authoritarianism is extremely popular in India.


Unfortunately yes. Every democratic country deserves the government they get. However, in the case of India, it seems that it is slowly sliding towards authoritarianism and maybe soon Modi and co. can elect themselves without asking the people. Though India is not alone with this and it is happening in multiple countries. Usually the end of credible opposition, being crushed, marks the beginning of the end, like we have seen with Russia and Belarus.

Here are some red flags from India:

https://scroll.in/article/1027566/opinion-indian-democracy-i...


And it will continue to be if people ignore things like this. In a democracy the voters are responsible for the actions of the leaders


>In a democracy the voters are responsible for the actions of the leaders

The corollary being that citizens of democratic countries have the leaders they deserve.


Any responsibility on voters tends to be greatly attenuated in anything but the smallest of democracies.


And they are very powerful on the internet as well as migrants in western countries of the majority so-called-majority-religion-of-india support them. Hate speech on the internet against non-Hindus is common in the country and even here they are trying hard to remove my comments fearing many people will see their true faces. It's only social media and whatsapp that's required by you-know-which-majority-religion terrorist accounts to spread venom and hate speech against other communities. source: https://www.bbc.com/news/world-asia-india-61090363


> Go after the supporters of the people who implemented the ban.

I don't know what you mean by this, but if you mean persuading them to change their support, that's a very long timeline, certainly not something that fits into a development sprint...

And if you mean "attack" supporters of the people who implemented the ban, that's a terrible idea.


"go after" how exactly?


In order to stop "the right " you need to be worse than them


That's definitely worth doing, but you still need a workaround in the meantime.


OP claims it’s SNI based and not DNS based, so switching DNS providers likely won’t do anything.


> OP claims it's SNI based and not DNS based, so switching DNS providers likely won’t do anything.

All the apps listed do get past most rudimentary SNI-based blocks, incl GoodbyeDPI which is pretty sophisticated. One still needs DoH because (unencrypted) DNS is the weakest link.


Then that's not SNI-based blocking.


Simple SNI-based blocking implementation may not consider complex data like fragmented packet, so some solutions work.


For me, and many others on Twitter, updating the DNS worked (I used 1.1.1.1). Though I'm not sure why.


Same for me, i changes DNS and it worked


Worked for me too!


Is there a way to run one of these on the router level, using something like OpenWrt? DoH already works really well.


Don't forget about the IPv6 proxies floating around


> On Android:

Most phones nowadays should have DoT support built-in nowadays.


> Most phones nowadays should have DoT support built-in nowadays.

DoT does help even if it can be trivially blocked (more than one way to do so, but blocking TCP on port 853 would do the trick)... DoT cannot help bypass SNI-based censorship (unless apps implement domain-fronting).


> DoT does help even if it can be trivially blocked (more than one way to do so, but blocking TCP on port 853 would do the trick)...

Indeed, and this is exactly why DoH is better than DoT.

> DoT cannot help bypass SNI-based censorship (unless apps implement domain-fronting).

TLS ECH will. I can't wait for it to become mainstream.


I don't know what "DoH" or "DoT" are.


DNS over TLS.

Android calls it "Secure DNS". It's in the connection settings, I believe starting from Android 9 or 10.


DNS over TLS and DNS over HTTPS.


I'm not a big fan of jargon either, but if you clicked on one of those links, you'd see that it stands for DNS over HTTP or DNS over Tor.


Not sure what you mean, I clicked on the first link before commenting, for "GoodbyeDPI", and learned that it was a "Deep Packet Inspection circumvention utility (for Windows)", I still didn't know what DoT or DoH was, sorry.

Most Android phones... have DNS over Tor... built in? This can't be, can it? I'm pretty confused.


TLS, not Tor


The GP's link, the one they maintain, says DNS over Tor.


DoT is DNS over TLS: https://techdocs.akamai.com/etp/docs/configure-dot-doh, https://www.cloudflare.com/learning/dns/dns-over-tls/, https://developers.google.com/speed/public-dns/docs/dns-over..., https://en.wikipedia.org/wiki/DNS_over_TLS

Android ≥ 9 natively supports DNS over TLS: https://android-developers.googleblog.com/2018/04/dns-over-t...

So does iOS ≥ 14: https://developer.apple.com/documentation/networkextension/d..., https://support.quad9.net/hc/en-us/articles/360057889591-Set...

The link you’re referring to, https://github.com/celzero/rethink-app, supports DNS over Tor, but does not call it “DoT”. It does not support DNS over TLS (https://github.com/celzero/rethink-app/issues/441), and it is not something that phones have built-in.


It’s an acronym, of an acronym


Indian here. This seems to be blown a bit out of proportion. I am residing in a Tier-1 city in India and have an internet connection with a local ISP. I am able to access the content on the supposed blocked domain, so this is probably one ISP proactively blocking the domain without it being formally asked to do so (court order can't be ISP-specific AFAIK).

I work in a large consultancy firm and have friends in other Indian IT consultancy firms. GitHub is very commonly used across these firms for quite large projects and blocking that domain would certainly slow down the work of thousands of employees across the country instantly. No way can this block be carried ahead.


I did mention that it's only ACT blocking it so far.

> one ISP proactively blocking the domain without it being formally asked to do so

Very unlikely. Court orders are not ISP specific, but ISPs are not time-bound to apply them. It's all very secretive, so there's really no way for us to find out. It's better to assume the worst (ACT is blocking it on a court-order, and more ISPs might follow).

Other ISPs are known to do blocks without court orders (mainly Jio and BSNL) but ACT - not so much. It has been blocked for almost a week, with small media coverage, little outrage, and no response.


ACT broadband user here, never had any issues with GitHub being blocked at all. It might be a localised issue to a certain city.


reports on twitter have the block confirmed across 3 states.


Works for me, no repro, not an issue, right?

The post specifically mentions which one ISP is doing the blocking. If you're not using them, then it likely wouldn't affect you... until your ISP also starts following the order.

If anything, your comment is trying to heavily downplay what is happening.


If other ISPs start following the same, you are right in saying I'm downplaying the situation.

But I also mentioned it is unlikely to happen since all major IT Consultancy firms in the country rely on GitHub for their work in one way or another. And not just with their code but also with their client's code.


The fourth largest ISP in India blocking Github for the past week is a big deal. Them outright saying it was blocked due to a court order is a bigger deal. 2 million subscribers don't have access to Github right now.

Just because your ISP hasn't caught up does not mean it's not news. Why, exactly, do 2 or more ISPs need to do this for it to become important enough for you to care?

And why, exactly, do you think that getting to HN front page is "blowing it out of proportion"? The poster was upfront about what was happening, who it's affecting, and why it's being done. People interested in this have brought it up to the front page. What, exactly, did OP do that made it "blown out of proportion"?

And how is you anecdotally saying that it's not affecting you therefore a non-issue not downplaying the situation? The definition of "downplaying" is "make (something) appear less important than it really is" which is literally what you're doing.


What do you mean blown out of proportion? OP has mentioned that it's a partial block and shared a source showing multiple people facing the same issue.


> What do you mean blown out of proportion?

It is on the HN front page :)


> It is on the HN front page :)

This does not answer the question you are replying to.


Can confirm. Facing the same issue on jio fiber in mumbai. Can't open raw GitHub links at all. Get a timeout error


The Open Observatory of Network Interference project monitors the Internet to detect censorship - https://ooni.org

We are a no-profit and network measurements are provided by volunteers.

You can browse our data regarding raw.githubusercontent.com on:

https://explorer.ooni.org/chart/mat?probe_cc=IN&test_name=we...

https://explorer.ooni.org/chart/mat?probe_cc=IN&test_name=we...


Thanks for sharing this, clearly shows ACT DNS blocks.

There's DNS tampering on Jio as well: https://explorer.ooni.org/measurement/20230103T215427Z_webco...


> ACT is using SNI-sniffing to block raw.githubusercontent, unlike most other blocks, which are DNS based.

This is why TLS ECH can't come soon enough, and why there should be no fallback if the browser and server both support it.


Here in China the GFW block any traffic with encrypted SNI.


Hence the "no fallback" point. Bad guys can always block entire IPs, and by not having a fallback to insecure SNI, that's their only choice.


Doesn't that mean that places like AWS will be fighting ECH, then? Right now, evil governments can block sites based on their domain; so if irrelevant-aws-customer.com does something controversial, super-important-customer-also-on-aws.com can still receive traffic. If evil governments lose this ability and irrelevant-aws-customer.com needs to be blocked, then they just block all of AWS, forcing super-important-customer-also-on-aws.com to move to Azure or GCP. As a result, I imagine that big cloud providers to whine loudly about this, unless they have some other plan. (I also think we should ignore their whining, but the #1 browser is made by the #3 cloud provider, so I have my doubts. What hurts AWS hurts GCP, probably.)


> to move to Azure or GCP

Who will also be blocked following the same logic.


Not if Azure or GCP never allow ESNI (in this imagined scenario).


I suppose this plan does indeed put a lot of faith in Big Tech uniformly deciding to do what's right.


As someone who doesn't want untrusted devices on my network, I'd want to be able to encrypt SNI at my firewall.


How do you propose things be set up such that it's possible for you to enforce that at your firewall without censorious governments being able to at theirs?


What do untrusted devices have to do with this? You should be able to block them at lower layers already, and if not, I don't see how decrypting the FQDN of a request would help. Am I missing something?


The insane irony of this given the sheer number of Indians working in software/IT and using GitHub and contributing to India’s GDP.

You’d think that the Gov/ISP/Courts, somebody would put GitHub on a Do-Not-Block list and stop this madness.


Most Indian government bureaucrats won't understand tech. Court judges are even worse; not only will they not understand tech, but as unelected officials they don't even particularly care about the economy, and are accountable to no one but themselves.


My favorite instance is the Delhi High Court ordering all registrars in India to stop selling domain names with the string amul in them[0]

> Domain registrars restricted from selling or offering Amul suffixed, prefixed or combination name websites as per the court order are Freenom, Name Cheap, Big Rock and GoDaddy.

Clearly, scammers in India can't figure out how to buy domain names outside india.

[0]: https://www.moneycontrol.com/news/business/delhi-hc-blocks-a...


[flagged]


I wouldn’t say 7-10% of GDP is nothing - https://www.gavstech.com/contribution-of-the-it-industry-in-....


Most people in "the IT industry" are not coders and do not need github, a code repository, or even the most basic understanding of coding in order to do their jobs. Install a satellite dish? You're an IT worker. Do customer service for a telecom? You're an IT worker. Swap out failing hard drives in a server farm? You're an IT worker.

The impact of github being down is large, but it isn't going to take out 7-10% of India's GDP.


Hasn't GitHub been de jure, if not de facto, banned in India since 2014?

https://en.wikipedia.org/wiki/Censorship_of_GitHub#India


No. The ban was lifted in a matter of days.


Nah works fine on my ISP


That is what “de jure, not de facto” means - the ban is in place, but widely ignored and unenforced


Not "not de facto," "if not de facto." Definitely not de facto if some ISPs don't block it.


Anyone can approach any state high court and get an order to block any website in India. The ISPs will block immediately and then the victims have to work the court system to get unblocked.

Videolan (VLC) was blocked for months. I don't know if the block was ever actually lifted as we use dnscryptd on our networks.


The VLC block was lifted[0,1] after VLC filed a legal notice[2] with IFF's help. It was blocked for somewhere around 3-4 months at the very least.

[0]: https://techcrunch.com/2022/11/14/india-lifts-download-ban-o...

[1]: https://twitter.com/internetfreedom/status/15920956340139499...

[2]: https://internetfreedom.in/videolan-issued-legal-notice-to-d...


You want to know a funny thing? I am getting the same error on my Idea sim since more than a month now.

I even posted to HN last month but I couldn't figure out what was wrong.

It was only later that I realised that Idea was blocking ddg


Can anyone from India confirm if this proxy server [1] is enough to bypass the block?

Basically it is a proxy that alters HTTPS traffic to prevent DPI systems from detecting the domain during the TLS handshake. At least in Spain it works for me to bypass the blocking of the major ISPs [2].

[1] https://github.com/hectorm/demergi

[2] https://github.com/hectorm/demergi/blob/master/ISP.md


Can confirm that demergi works to circumvent the block, as does greentunnel [1]

[1]: https://github.com/SadeghHayeri/GreenTunnel


Can you explain in detail how this is supposed to work? Am I supposed to run this (Docker here) on my local server or on a remote server that the block is not affecting??


You should run it inside the network affected by the blockage.

If you use Docker you can run the following command to start the server and configure your browser to use it as an HTTP proxy.

  docker run -p 8080:8080 docker.io/hectorm/demergi:latest


demergi works great to open blocked sites


> Unfortunately, there is no easy way to find out if there is even a court order behind this block

not easy, but have you tried filing a RTI application regarding this?

https://rtionline.gov.in/


The government has never published a blocking order. RTI has failed, and there's no due process if your website has been blocked.

Here's the government defending their stance of keeping these secret: https://internetfreedom.in/meity-defends-blocking-of-satiric...


You think this if this is a seesions court order could be found by RTI?


uff. I cant even imagine what loosing github would mean to an economy and hope you will be back on track soon.


It won't do anything to the economy. It's only social media and whatsapp that's required by you-know-which-majority-religion terrorist accounts to spread venom and hate speech against other communities. source: https://www.bbc.com/news/world-asia-india-61090363


I doubt it would mean much, you don't even need to self-host git just use gitlab, bitbucket, etc. Hobbyists and small projects would be the most affected but VPN's are a trivial solution for this demographic.


The code you need to read, the bugs you need to file and the downloads you need to make from every other project will still be on GitHub. I don’t use GitHub for issues or version control at work, but I’d be significantly slowed down without it.


All those things can be painlessly done with a vpn. I'm not saying people wouldn't have to change, but to affect the economy as gp is trying to make it sound well, doubt it would even make a rounding error.


because you are assuming that everybody immidiatly knows how to set up one of those.

Imagine how many juniors cant, and imagine how many of those might life in india.

And even if you ignore that fact, can you imagine the hit the gdp will take if thousands of companies need to setup vpns?


>Imagine how many juniors cant, and imagine how many of those might life in india.

I can't imagine a junior developer not being able to set up a vpn in 2023, and if by some bizarre turn of fate he isn't able to he is a junior and other people will just tell him how to do it.

>And even if you ignore that fact, can you imagine the hit the gdp will take if thousands of companies need to setup vpns?

No? vpn's are cheap and honestly I doubt most of the companies need to read github code*, and those that do well just use the vpn. Hell you can even not pay for it but use opera's free built in VPN, use Tor on clearnet as a VPN of sorts, all for effectively zero cost.

*:we're talking gdp here.


As a friendly reminder, an SSH SOCKS5 proxy is _VERY_ easy to implement.


Pointing to cloudflare dns circumvents the issue for now.

move away from ISP DNS to 1.1.1.1 to temporarily solve the issue.


Some ISPs still tamper with DNS traffic irrespective of which DNS server they're to/from. githubusercontent.com has no DNSSEC, so it's not tamperproof.


It wouldn't be tamperproof even with DNSSEC for most of that ISP's customers, because DNSSEC is server-to-server, and collapses down to a single "yep, we checked DNSSEC" bit in the response header. This is a big part of why nobody does DNSSEC, and why the browsers adopted DNS-over-HTTP to solve this particular problem.


Through what mechanism is it possible for them do bypass custom DNS servers? Does DNS over other protocols prevent this tampering?


DNS traffic is plaintext. MITM is all that's needed to be able to bypass custom DNS servers. An ISP, obviously, has to be in an MITM position to be able to provide internet service.

Here's an example: https://jeff.vtkellers.com/posts/technology/force-all-dns-qu...


cloudfare + OpenDNS .

works like a charm


GitHub is based on a decentralised version-control system, so this is not a problem. Right? ;)


A lot of teams use additional services from Github besides pushing code. They run their CI system using actions (including building docker images for prod), they keep knowledge/metadata on issues, PRs, comments, discussions, Kanban/project management, ...

Not having access to GH could be paralyzing.


If that's a "court order", there's traces, unlike the the Meity bans thingie which are designed as a legal loophole and almost impossible to lift.


I was really confused as to why some content for me was getting blocked.


Is there any guesses as to why it’s blocked?

What’s Microsoft’s reaction?


its actually not blocked, it works just fine for most ISPs here


[flagged]


The Indian judiciary is independent, much to the chagrin of the BJP whenever rulings go against them. A court-ordered block has little if anything to do with the BJP.


Can't the BJP assign new judges that flavor them?

Authoritarian governments othen do that, like the one in Hong Kong.


Nope. Existing judges decide who gets selected to fill vacant seats: https://en.wikipedia.org/wiki/Three_Judges_Cases


No, the judiciary have their own internal elections.


> Let's keep posting anti-BJP content on Github

lets keep politics out of github please. let it be just about code not some propagandist news outlet.


Not that it matters (bypasses exist), but why do you want the Indian govt to completely block github ?


As much as I like questioning the government, let's please keep partisan politics out of HN. It gets tiring to read the same tropes again and again.

Indian government has a long documented history of banning things without much thought and it looks one such case. I hope it gets resolved soon as other users are reporting that they can access it fine.


as an indian in india, its working just fine in my ISP

BJP isnt trying to "censor" "dissent" here, its just one ISP blocking it for some unspecified reason

its not that deep, everything you see on reddit isnt real, you can calm down.


Twitter isn't banned in India despite having that kind of content.


Because they order twitter to hide accounts they don't like in India.


Much hostility. You know this will cause more emigration right?


Wow, I guess some right-wing anti-immigration lunatics flagged my other comment. But I will repeat it, emigration from India is a very good thing.


Users flagged your sibling comment, no doubt because it was unsubstantive and arguably flamebait. That's against several of the site guidelines; this one, for example:

"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."

https://news.ycombinator.com/newsguidelines.html


An user asked me "You know this will cause more emigration right?" How is an affirmative answer supposed to be flamebait or unsubstantive? I would definitely love to hear those arguments.


Ideological battle pejoratives are markers of ideological battle, which is not what this site is for.

Meta comments going on about what got downvoted or what got flagged are also off topic.

https://news.ycombinator.com/newsguidelines.html


Wait, now it sounds like you're discussing the parent comment in this thread and not it's sibling comment.

I thought that this was the comment we are discussing:

>> You know this will cause more emigration right?

>So? That's awesome!

How is that "arguably flamebait"? It's just an enthusiastically affirmatory response to an yes/no question.


Sorry, I'm confused now. If I was talking about the wrong comment, I apologize. Please follow the site guidelines in all your comments though!


I actually don't care about it but how would that be a good thing?


How could it not be? More labour for the rest of us. Economically the benefits of immigration are unquestionable, despite scaremongering by the Western right.


The fact that people rely on GitHub, even when it is based on git, which is free and distributed software, shows how easy it is for big companies to force users into their closed software.


GitHub is free for individuals and OSS projects... Most people don't want to manage their own vanilla Git server. GitHub, GitLab, and Bitbucket provide collaboration features you'll never see in Git.


SourceHut, Notabug, Codeberg, etc. are free in both money and liberty, unlike GitHub.


How are you being oppressed by a SaaS offering that charges you nothing and uses a standard protocol (git)?


It uses your code in a paid closed-source service (Copilot), and creates vendor lock-in using proprietary features like GitHub Actions. Not to mention that it's quite absurd for the majority of free software projects to be hosted on a proprietary platform.


It seems to bother you, I don't have any issues with people using code I put into the public domain which I why I use the unlicense. GitHub Actions is YAML based, and the reason most people use a SCM provider like Github or GitLab is because they have superior collaboration and auditing features. At the end of the day no one forces you to use a public repo(copilot) or GitHub Actions.

If I use Jenkins am I any less locked in?


> I don't have any issues with people using code I put into the public domain which I why I use the unlicense.

Good for you. I use the GNU GPL, so I do have a problem with my code being used for proprietary software.

> they have superior collaboration and auditing features

What exactly makes GitHub/GitLab better in this aspect than other alternatives?

> If I use Jenkins am I any less locked in?

I don't know anything about Jenkins, but being able to change your Git host independently of your build service is definitely good.


Yeah, the only people benefitting from the GPL IMHO are lawyers and I'm unwilling to hoist an oppressive license onto my users. Personally, I don't think it's really open source if you're going to make me jump through licensing hoops, and if the hoops are tiny in your opinion, why have them at all? I want people to use my code, I put in the public for consumption, not for the accolades or legal battles... but that's just me.

SaaS means I don't have to manage it. I can also in theory collaborate with millions of people versus closed systems like Gitea or Gogs which is what two of the providers you mentioned are built atop. Interestingly enough, both of those projects use GitHub to build GitHub alternatives. What's good for the goose is good for the gander?

You could easily use repository dispatch with GitHub Actions on self-hosted runners (free) to perform builds on repos that live in other places, since the interface is basically a webhook/payload. The question is why would you? What is the benefit? All of them are using GitOps style practices for the build process, some of them just happen to be a little closer. I'll take YAML over Java/Groovy shared libraries any day of the week. I'd argue that Actions is better than most CI systems.


I don’t use GitHub because it provides me with just Git. I use it because it’s provides hosted storage, free CI, issue management, code search across millions of repos, releases/downloads.


That's the reason I use it too but in my opinion, their technical ability to blanket censor content while offering little to no recourse completely justifies hosting important things elsewhere. At the end of the day, the amazing value-adds they provide only contribute to vendor lock-in and drastically increase switching cost.

I've had a project shut down by Github because of petty ( and unfounded ) content flagging by a competitor. It took a week to get a human involved and it almost killed the project. I will never again put the fate of a product in the hands of someone else's arbitrary, black-box algorithms.


I don't see how that is relevant. of what worth is git if the website where you fetch most of your repos is dead?


It's relevant because the repo owner can just point you to other git peers.


agree but changing the emphasis.. Github was brilliantly and uniquely built as a web interface, with socio-anarchistic elements included (no hierarchy at work) but was then purchased by MSFT with the user base momentum intact. Many OSS people noticed this, and quietly many companies and governments also.


The best thing to do is to create a national git service and make copies of the important git repos, to avoid this problem.


At best that severs collaboration between India and the rest of the world when github isn't blocked.

And who would get to define "important"? Switch that word out with "approved" and you'd have a more accurate picture of what would be present.

One of the benefits (or perhaps "ideals" would be a better word) of open source is that all of it is available to everyone with no authority deciding who can access it.


> it is available to everyone with no authority deciding who can access it

So why are you using a Microsoft product, where Microsoft decides where and when the service will be available?


It exists: https://openforge.gov.in/ (Its a https://www.tuleap.org/ instance, hosted by MEITY (National E-Governance Division).


A great time to consider self-hosting your Git repositories then?

Like all the inflated hype in the news with the federation 'goobledegook' and 'technobabble' with Mastodon and alternatives with techies spinning up instances, perhaps it is about time that techies use Git properly and consider self-hosting your repositories just like how many techies do with self-hosting Mastodon instances?

I don't think there is an excuse to continue using GitHub or a centralized provider that can easily be censored by governments or GitHub themselves censoring other repositories via its ToS either way; when developers of GNOME, Wireguard, Redox, etc are already able to self-host their own code on their websites.

If they can self-host their own code and federated networks, you (techies) can also do it too.


Except moving your repo is a matter of changing the origin, pushing and notifying your co workers. It's not like moving social network identity, and it saves some admin burden.

If you use just the repo feature, that is. If you fall into the trap of using GitHub's other services you have vendor lock in and you're more screwed than when considering moving from Twitter to Mastodon.


Your instructions would only apply to a dead repo. Migrating an active repo is going to require coordination, dry runs, validation, and planning coupled with updates across your integrations. If you rewrite any history, all bets are off. You're also not taking into account any cleanup activities like reflog expire, or gc prune.

I would also argue that moving to a self hosted remote is going to have significant administrative burden when it comes to security and updates compared to anything SaaS.

Most people use GitHub, GitLab, and Bitbucket for the collaboration features, everyone already knows they can run vanilla git and actively choose not to.


> updates across your integrations

That's already vendor lock in - you're using GitHub's CI pipeline? You're locked.


If I have to update my Jenkins server because I moved from one Git provider to another, I have to point my existing integrations to my new git provider. That's the opposite of being locked in, and just a fact of the matter.


That sounds like it's your Jenkins server not GitHub's.


Yes, it's an integration the repo and users rely on. Any integration that is using a specific git URI will need to be updated. This means new keys, access tokens, and configurations within the integration will need to be updated. That's not a simple process.


> when developers of GNOME, Wireguard, Redox, etc are already able to self-host their own code on their websites

Yeah, but most of us are not developers of them. It often takes less than an hour to self-host Git/Mastodon/Email/DNS or anything else (most of which have ready to use Docker images anyway) that we tend to centralize, but they come with huge maintenance cost (time, money, backups, security, etc).

I self-host my web sites because that's something I actually want to maintain and have more control over. I will leave the rest to the experts because even us "(technies)" easily mess things up.


I already self-host my code (git.captnemo.in), but that doesn't lessen the impact of me browsing a repo on GH, and failing to use GitHub's functionality (viewing previews).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: