After skim reading I couldn't see it mentioned, but when SourceForge started bundling malware[0][1] into the software they hosted, it was their death toll.
As my memory recalls it, that triggered an exodus to Google Code, and whilst GH was gaining traction it was somewhat in their shadow. When Google announced they were going to kill Code that was the blessing for GH.
This was so mind-boggling even at the time that SourceForge thought it could leverage its market position to force adware and other nonsense upon its users and get away with it, which itself the last straw in a string of other abuses they subjected users to on the website. It is also so arrogant and presumptive to think that the developers, who's projects were hosted here, would put up with their distribution platform bundling junk with their software.
This was a mortal sin for them, and rightfully so, whereby it became impossible to recover the damage to their reputation. Like, what were they thinking? Did they know they were doomed and just wanted one final ad sale? It’s just an egregious abuse of whatever dwindling power they had which permanently destroyed what little trust that the developers had for them - the same group of people that provided the only real value (for free, even) that SourceForge held.
> This was so mind-boggling even at the time that SourceForge thought ...
They'd been recently bought by a shitty company called DICE that also owned ummm... CNet or Download.com, or some other similar place with lots of downloads for Windows users:
That company already served ~malware~ sorry "bundled third party offers" with their windows downloads, and figured they'd be able to copy-n-paste that approach to popular OSS downloads.
That's not how it played out however, as some of us actually give a shit about things like that. ;)
It was a funny and gross moment shortly after the corporation I was working at had acquired CNet where every IT department was notified by corporate IT that download.com was not a reliable site and should _never_ be used to download software into the company.
TBF, it wasn't just Dice. At that time, CNN and Yahoo (I think) nuked their trollgard- er, comments, and they all went to slashdot. It became the place to go, for top-quality Nazi ASCII art.
To be fair to them there are still a few projects which are still hosted on SF, in some cases it's the only place you can find specific legacy projects.
So if their calculation was that all of open source would stay on their platform with them adding malware, they were wrong. But if the calculation was that a long tail of random small and semi-orphaned projects would stay there after the big popular projects had all migrated, providing them with essentially free revenue for a very long time, they were kind of right.
In the mad, wild world of 2015, SourceForge, once the high priest of open-source sanctuaries, turned to the dark arts, conjuring a storm of controversy that would rattle its sacred halls. This wasn’t your grandma's repository anymore; it became a bizarre bazaar, peddling adware and malware alongside its trove of treasures, much to the horror of its loyal acolytes. They were slipping digital demons into downloads, especially those forsaken projects left to gather dust in the corners of the internet, turning a once-hallowed ground into a haunted house.
Enter the DevShare program, a Faustian bargain if there ever was one. It whispered sweet nothings into the ears of developers, promising them a slice of the pie if they let these third-party gremlins hitch a ride with their creations. But here’s the twist – SourceForge, in a move that would make Machiavelli blush, didn’t always wait for a nod of approval. They shadow-copied projects, dolled them up with their unwanted baggage, and pushed them onto the unsuspecting masses as the real deal.
Who masterminded this descent into madness? The suits at SourceForge under the banner of Dice Holdings, who else? Names weren’t named, but the open-source warriors and keyboard knights didn’t need a who to channel their fury at the sacrilege committed against their digital Eden.
But as the adage goes, "It's always darkest before the dawn," and so it was for SourceForge. By 2016, under the new flag of BIZX, LLC, a wind of change blew through its realm. The DevShare program, that deal with the devil, was slain, laid to rest in the hopes of resurrecting the platform's lost glory. The new overlords vowed a return to the old ways, a purge of the parasitic practices, aiming to restore faith in the digital congregation and bring back the prodigal programmers.
SourceForge’s saga is a testament to the eternal battle for the soul of the internet, a reminder that even in the digital age, the pen (or the code) is mightier than the sword (or the adware).
The word "prodigal" does indeed primarily mean spending money or resources freely and recklessly; wastefully extravagant. However, it can also be used more broadly to describe someone who is lavishly generous; giving profusely or excessively. The term originates from the biblical parable of the Prodigal Son, where "prodigal" refers to the wayward son's lavish and wasteful spending.
Over time, the nuances of the word "prodigal" have expanded, and it can now be used in a variety of contexts to describe any sort of excessive or wasteful behavior, not just financial. Additionally, it can sometimes be used in a positive light, emphasizing generosity and abundance rather than waste.
IIRC when Google Code was announced to be closing, the Microsoft equivalent (CodePlex) was the next location a lot of projects moved to. It had a decent UI and supported Mercurial in addition to Git.
When MS also announced they were closing that and offering a tool to migrate to GitHub, was when GitHub (and Git) truly became the biggest remaining option.
The other aspect of SourceForge's decline was that they doubled down on the sketchy site feeling right as acceptance of such sites was on the decline, the likes of mediafire, zippyshare etc were being replaced with cloud storage providers and download aggregators were losing popularity (in part due to also becoming very sketchy and prone to pushing malware). They might've been able to get away with it a few years earlier. I remember that back then it wasn't a huge deal to follow a mediafire download link from somewhere that seemed reliable enough, whereas nowadays it'd be an immediate red flag due to the abundance of more legitimate seeming file sharing options.
My recollection is that google code had been dead for a number of years when somebody remembered it was still a thing and then shut it off in 2016.
Google was already using GitHub ("To meet developers where they are, we ourselves migrated nearly a thousand of our own open source projects from Google Code to GitHub.") and added an "export to GiHub" button on google code. Maybe if you were .net you went to codeplex but most everyone else (including Google) went to GitHub, if they weren't already there.
People used Codeplex? I thought it was just this crazy halfstep Sam Ramji convinced MS to take, leading them to open source. When it launched, Codeplex was supposed to be a source code museum, where you could see the code but not reuse it. Crazy I know, but it was what MS was comfortable with at the time, and a few years later they opened .NET. Codeplex was like an experiment to get MS to touch open source code and feel comfortable with it at a legal level, not a replacement for Sourceforge...
Around those times I was mostly a .NET kid and most of the .NET projects I remember looking at were on CodePlex, so maybe my perspective is a little distorted.
Your perspective is in my experience not distorted. Programming is not a unique culture, but divided into multiple subcultures. Projects that were nearer to the .NET or Windows programming culture indeed often chose CodePlex instead of GitHub while there was a choice.
GitHub won well before because git was superior to existing open source SCM solutions and GitHub created Pull Requests which made forking and contributing code back from your fork trivial.
The only real question at the time was whether Git or Mercurial (or for a brief period of time Bazaar if I remember correctly). While Mercurial itself was clearly superior to Git, it had no equivalent to GitHub.
If GitHub had chosen to build their workflows on Mercurial instead we would likely be talking about HgHub right now instead.
>IIRC when Google Code was announced to be closing
That happened in 2015. Everyone was already on GitHub by then. GitHub had surpassed in usage Sourceforge, Code, and CodePlex from 2011. Also CodePlex didn't had Git support until 2012.
I used Google code. Then it announced it's closure either Google code or GitHub provided tools to import projects in to GitHub. I can't remember which. But I did that.
Also their site was fill with intrusive ads, the repo browser was crap. GitHub was fast, no ads, markdown rendering and a decent repo browser.
Also the main advantage of git was local copies, so the source code was more safe. And speed SVN was slow for large repos. At my first place we had an SVN server in the server room, when it's hard drive crashed no one could work for a day :)
Still people hated git first because it was much more complicated with it's branches, PRs etc
Yes, your first paragraph is the big standout in my memory. GitHub and Google Code were clean, uncluttered, and focused in a way that SourceForge was very much not. Almost what Google was to Excite, Lycos, etc in the early 2000s.
Same as their reason for shutting down all their other projects. They only ever existed as a distraction for their underemployed workforce and as part of the PR that they have a mission other than pulling cash out of their personal-data-monetising advertising monopoly, forever.
The bundling thing happened after Sourceforge was already well in decline, 2013, which was five years after GitHub launched. Google Code shutdown was announced 2015. IIRC Sourceforge was becoming less relevant because it hadn’t introduced git support, and GitHub answered that demand. By the time it added it, it was too late.
Bundling adware with software was not the death knell for Sourceforge, it was a death rattle - though the corpse is livelier than I’d have thought ten-plus years later.
Hm, it feels the adware was a bit later, or rather I should be surprised how early sourceforge fell into irrelevance in my circles. When it made the news I was pretty much just shrugging "well nobody's using that anymore anyways"
It's just one of the examples where somebody came along offering pretty much the same thing but just with a different focus (code/collab), and arguably also relevant a cleaner, fresher look.
That's how I remember it too, with the additions that they also did a bunch of additional shit like show early-stage surveillance ads, and sign you up for unwanted mail lists by default, and more, but all less-awful than the installation of unwanted spamware).
My dad runs his company accounting on GnuCash, and I sometimes help him set up a computer, and it is always startling that SourceForge even exists. (It's still the official download[1].)
IIRC, Sourceforge's reputation was being tarnished even before the malware. Sourceforge had some kind of data loss incident, whereupon open source developers I knew started referring to it as "Sourceforget".
Later, one day someone said in a group of Linux developers, "So, Linus made a version control system...", kinda amused. I didn't know whether Torvalds was actually going to use it for Linux, and didn't even consider that it might be adopted by pretty much all software developers of any kind.
It was even named "git", like it was aggressively trying to be unmarketable.
But at some point, GitHub emerged, and grew a very favorable reputation. Then they sold out.
Jeez man, everyone knows that most Microsoft products with any success are acquisitions. In the cases of Windows NT and C#, they just bought the designers.
It would be good if they gitlab and gitea standardised some features such as how to track issues in a repo, to make a baseline of portability available. Then they can say migrate to one of us from GitHub using this special tool, and then you'll have a nice portable repo from then on.
That might help a little with the transition, ready for when MS does one of their crazy moves and people suddenly want to switch.
Yeah doesn't something this important need lots of money and accountability behind it so if sh@t hits the fan, its their burden and not an underfunded team. Like look at the XZ thing, things can get really serious really quick. I am not saying its a perfect situation but Github actions and the enterprise features are actually really good and I don't understand how any team smaller than the big 3 could handle the amount of data/users/traffic/importance that Github has become. Just an opinion ..
Sourceforge was already long over in mindshare by that point, it basically just convinced most of the few remaining holdouts at that point. (With a few notable exceptions, like FileZilla)
Including those events would certainly change the picture. I don't like how the article implies that all this was a result of GitHub founders being smart rather than SourceForge misplaying their hand. The article smacks of the irrational worship of successful founders that's so common.
In reality, I think there was (and still is, albeit small) market for alternative hosting, and there definitely were niches where SourceForge was better at (downloading binaries, for example). If SourceForge didn't misplay their hand, it's entirely possible Github won't have the near monopoly on open source hosting they have now.
The second VA Linux sold off it's hardware division, and definitely after co-founder Larry Augustins departure, the die was cast.
The company, and Sourceforge's leadership, lost all tethering to the community that fostered them, and the firm got passed around from buyer to buyer like a blunt at a Phish concert.
A few years ago I recall the new CEO sort of relaunched source forge on hacker news and seemed very keen to listen to feedback. I wonder what ever happened with that.
Something this misses is that the mentality of OSS was just different before GitHub.
The thought from the original growth of OSS was that it would be more about the community than the code. So OSS would be a series of communities that would each have their own "identity" for their community. There were big OSS foundations like Apache and Eclipse. Sun had several like java.net, OpenOffice.org and netbeans.org. Gnome had their own place etc.
Like Sun, other enterprises like HP, Oracle and IBM were setting up their own communities for their projects and to collaborate with partners.
And then as the post touches on there were sites like SourceForge, Tigris.org, Google Code and Microsoft had something too (CodePlex?). These sites were places projects might spin up if they did not belong at one of the other foundations and wanted a place to host their code for free. Of these SourceForge was often used for distribution of binaries due to its vast mirror network and often that was all that was hosted there and the project was elsewhere.
Anyway, until GitHub sprang up and started to consolidate all the OSS in one place, I do not think anyone else was even really trying to do this. Obviously the rise of git played a big role in this. This change fueled the growth of OSS but it did kind of come at the cost of losing out on some of the community aspects that existed before in the mailing lists and forums of these other places. Now collaboration all happens in PR's and Issue and is often just between a small handful of people.
I think this is a good point, and also part of the larger trend of Internet activity moving to centralized providers. Users are now habituated to look for an existing platform to host their content, whether that's video (YouTube/Tiktok), blog posts (Medium/Substack), hot takes (X/Threads) or code (Github). It doesn't even occur to most people that there's another way to do it. They see these companies as just part of the public infrastructure of the Internet.
Because it’s so damn easy. I started contributing to OSS and creating repos on GitHub when I was 16. I was not able (or interested in) managing my own git server; I didn’t have any connections to Apache.org. Sure I could’ve emailed diffs to some mailing list, as I know many people have done for years, but GH is a vastly better experience.
Github was so accessible that it made possible what otherwise would not have been.
The escape path is to demote Github to merely an "officially supported mirror" of your project, with Issues and PRs elsewhere, but ...
The tar-pit I'm afraid of: How do you emigrate Github PR and Issue databases in some format that any of self-hosted Forgejo, or public Codeberg, Gitlab et al understand and can present to visitors?
I understand why companies do this but I sure don't like it. They often use Discourse, which I find to be a lot less readable than GitHub (the design follows what I call "duploification" -- the elements are all large and surrounded by too much whitespace!)
On top of that it's yet another site I have to sign up with if I want to interact with the community.
I'm also mindful of the risks of centralization. Discord and its lack of external archives is a prime example of how that can be harmful. I'm just not sure if that risk outweighs the costs and annoyances.
In the neon-lit, digitized colosseum of the 21st century, two titans lock horns, casting long shadows over the earth. Google and Microsoft, behemoths of the digital age, engaged in an eternal chess match played with human pawns and privacy as the stakes. This isn’t just business; it’s an odyssey through the looking glass of corporate megalomania, where every move they make reverberates through society’s fabric, weaving a web of control tighter than any Orwellian nightmare.
Google, with its ‘Don’t Be Evil’ mantra now a quaint echo from a bygone era, morphs the internet into its own playground. Each search, a breadcrumb trail, lures you deeper into its labyrinth, where your data is the prize – packaged, sold, and repackaged in an endless cycle of surveillance capitalism. The search engine that once promised to organize the world’s information now gatekeeps it, turning knowledge into a commodity, and in its wake, leaving a trail of monopolized markets, squashed innovation, and an eerie echo chamber where all roads lead back to Google.
Meanwhile, Microsoft, the once-dethroned king of the digital empire, reinvents itself under the guise of cloud computing and productivity, its tentacles stretching into every facet of our digital lives. From the operating systems that power our machines to the software that runs our day, Microsoft's empire is built on the sands of forced obsolescence and relentless upgrades, a Sisyphean cycle of consumption that drains wallets and wills alike. Beneath its benevolent surface of helping the world achieve more lies a strategy of dependence, locking society into a perpetual embrace with its ecosystem, stifling alternatives with the weight of its colossal footprint.
Together, Google and Microsoft architect a digital Panopticon, an invisible prison of convenience from which there seems no escape. Their decisions, cloaked in the doublespeak of innovation and progress, push society ever closer to a precipice where freedom is the currency, and autonomy a relic of the past. They peddle visions of a technocratic utopia, all the while drawing the noose of control tighter around the neck of democracy, commodifying our digital souls in the altar of the algorithm.
The moral is clear: in the shadow of giants, the quest for power blurs the line between benefactor and tyrant. As Google and Microsoft carve their names into the annals of history, the question remains – will society awaken from its digital stupor, or will we remain pawns in their grand game, a footnote in the epic saga of the corporate conquest of the digital frontier?
I don't know that this is true, but to even suggest that Microsoft is the component one vs Google really shows how much things have changed in the last 20 years...
Google was never benevolent, no for-profit business is. It was baffling to me how many developers took "Don't be evil" at face value, particularly for an almost completely advertising funded (i.e. highly motivated for enshittification) corporation.
> It was baffling to me how many developers took "Don't be evil" at face value
In my opinion a little bit more care must be taken here:
The "don't be evil" slogan was in my opinion both a blessing and a curse for Google: a blessing in that people initially trusted that Google does not intend to do something evil; a curse in the sense that when they started doing things that were considered "evil", it lead to a massive reputation damage for Google.
I recall that sourceforge gave you an SVN repo and an issue tracker, so it was kind of a hub for running your project. What made GitHub stand out was easy forking, and the pull request code review UI, and slick source history UI. A lot of this was aided by the technical innovation of using git and making git such a central piece.
Yup, this was it for me, GitHub was actually pleasant to use, to browse, PRs were easy, branching was easy, PRs with reviews/comments/etc were a brand new concept, especially as SourceForge and Google Code were hosted only on SVN which constantly fucked up/corrupted data in my experience
The closest thing to PRs that I knew was reviewboard, and that was a bolt on to SVN, not an actual proper integration
> Obviously the rise of git played a big role in this.
I would argue it's the other way around. Mercurial is a better source control system, and was a close contender with git back then. However, GitHub winning the hosting war and also being all in on git is what cemented git as the leader. Bitbucket was hosting both and with a more generous free plan, but they didn't win the social and UX fight so git became the de facto standard since that's what you used on the cool good new platform.
I felt like the kernel using git gave it a lot of credibility. I can't recall any big projects using Mercurial. Trust is especially important for a version control system.
The other thing this is missing is that SourceForge reviewed your project before giving you a place to host it. You also didn’t get a nice URL back when everyone was really focused on having nice URLs (right before GitHub). Those two factors are shallow, but they made a lot of friction that GitHub eliminated.
I think you're overselling it a little bit. At the time the community wasn't as large and it was much easier to "host your own" OSS site and distribute your software directly. There were plenty of important projects that served themselves in this way and didn't rely on a giant corporation's largess to be "hosted."
Also.. aggregators like freshmeat.net used to exist and did a huge amount of work patching these disparate communities and individual sites together into a single cohesive display of "open source."
The market GitHub created was Social Coding and the idea that there were network effects to be gained by having all OSS in one place. This is the same thing that makes it difficult today for OSS projects to move off GitHub. If anything, GitHub deemphasized the "D" in DVCS.
My point, since you replied to my post, was simply that prior to GitHub, none of the other sites for OSS were trying to achieve the same goal. The goal was to establish a specific OSS community for a set of projects. SourceForge was a bit of an outlier in that a lot of projects used their distribution network, if they were not part of a foundation like Apache or Eclipse that had extensive mirrors setup.
SourceForge was never the main development and collaboration site for any of the major efforts happening around OSS.
Sourceforge still looks like a scam website. I can't really put my finger on it, but even if a project is "officially" hosted on sourceforge to me it looks like a random guy's Mediafire download link
I think it acquired that icky film around the time it started bundling malware with official downloads, there's another comment going more into that.
But prior to that, I don't remember it feeling scammy at all, it was just the place to go for software. After that, the very same look and feel had been tainted, and now felt like a trap. Still does.
It's probably the colors and button designs that really resemble the design of Mediafire and other download sites that are used for suspicious purposes?
My overriding memories of SourceForge was that it was slow, buggy, and hard to use.
There were mailing lists, issue-trackers, forums, and similar things but each page load took like five seconds and the site was ugly.
I switched from using it after it got a reputation for wrapping downloads with malware, or with "toolbar helpers", etc. I'm sure the projects had to sign up to it at the start, but it always felt abusive.
Back then there was some discovery options, but of course I browsed freshmeat[.net] back in the day to see announcements of new releases, or new projects.
Github won for being useful and awesome, but also SourceForge lost because of self-sabotage, stagnation, and neglect.
(Wasn't there a buyout at some point? With Slashdot/others being bought by Dice? I know SF.net has changed hands a couple of times, but that was the first one I remember in 2012 or so? That probably didn't help)
There just wasn’t an appreciation for version control - and a lot of practices - at most companies until the mid to late 2000s. And I remember a lot of dev effort was spent dealing with internal SVN servers sitting in a closet. And other infra to do nightly builds etc.
Management and IT didn’t understand why they would want these things. Very few companies internalized these practices and usually learned the hard way to adopt them.
So back then these were somewhat new and radical ideas. But along comes GitHub, focusing on massive ease of use, and outsource an annoying hassle of most dev teams.
At the same time it was becoming more common to use open source libraries at work. But only sporadically and cautiously. I remember the work to get Boost (C++ lib) approved by legal. And that’s an extremely mainstream library. Often you would have to purchase or just write a lot of foundational code yourself.
So making a hosting solution with all these bells and whistles, but easy to learn, while also making it possible to discover code was fundamentally life altering for software engineering.
- Sourceforge had become terrible in multiple ways. They weren’t actually a competitor anymore with any competently-run hosting site.
- lightweight site, no ads
- either had tons of features sourceforge didn’t or sourceforge’s site was bad enough I never noticed the features
- gave me, and companies, a reason to create an account and actually engage with it—I think maybe sourceforge was one of those sites that required login for larger downloads (hazy recollection, may be wrong) but I certainly never used it for anything else, if I had an account. GitHub? Issue tracker on repos for software you use, free hosting even just for unimportant junk repos (all I’ve ever had, myself), maybe sending the odd PR, having an account is nice and they didn’t even need to break out the stick to make it nice (though now they have, because normal and non-aggressive use of their site will get you rate-limited very fast without an account—jerks, forcing me to log in even if I’m just searching for something real quick and don’t need any logged-in features)
Yeah, IMO, sourceforge and github never competed. Sourceforge was a place to host installers for windows shareware. Github basically created its own market. It was really competing with the millions of private SVN servers. When git became the new hotness, anyone who researched it realized they could just use github instead of having to stand up their own git server. It was a zero cost trial of git, and basically everyone chose git over svn and just stuck with github.
SourceForge offers hosting of git, mercurial, and svn repos. I found a compressed bundle of the latest KeePass source in a few seconds of clicking. Can you clarify?
If you click through the keepass links one or two levels, you eventually find that the keepass developer apparently doesn’t use version control software. They weren’t saying SourceForge doesn’t offer it.
>even up until 2010, many companies were still hosting code on SVN
I spent part of today choreographing the first part of a massive 30,000,000 LOC SVN to Git migration for my employer with ESR's (phenomenal!) `reposurgeon`. Never underestimate the long tail of database usage, even code data. (Any port in a storm, of course, I'll take Subversion than no VC at all any day of the week.)
Learning this aggressively and increasingly niche skillset is why I wrote https://andrew-quinn.me/reposurgeon/ earlier this week. I had trouble even finding SVN repos in the wild to practice conversion on.
subversion was well-loved by its loyal users at the time as part of "net culture"; speaking of SVN any other way is revisionist. Meanwhile, plenty of companies sold proprietary source code control, since forever; few people loved those products as rigor and management were the constant, user-oriented features not so much, and there was no sense of community or user-control in sight.
That makes some sense. A lot of the other technical decisions made in the early days of the company were surprisingly well-considered in retrospect, so at a time when it's either SVN or e.g. BitKeeper, a reasonable person would probably also want to stick with SVN.
It was always my opinion that Github's killer feature was putting repositories under user namespaces. Its hard to imagine but before Github you had to ask SourceForge politely if you could have a given project name. Just the ability to make your own projects without needing to ask anyone seems so obvious now, but really was a game changer at the time. This is also then deeply tied to the idea that forking repositories should be easy.
I'm glad to see that the article includes this in their history.
exactly. IMO it's the per-user structure that won over the per-project one.
guthub and bitbucket won over srcforge, ggl.code and launchpad etc of the project-only side.
And as bonus, it well matched the timing of social-networking rising..
Sourceforge entshitified before the term was in fashion.
Let's not forget git came up. It may have a lot of sins but it's better for distributed work. Utility libs and software switched to git, other devs got used to it and started to use it themselves...
Then a few git hosting solutions showed up. That not only allowed hosting public projects but you could also host your private commercial (or just private) projects on them. Either free or for pay.
Then github offered unlimited private repos with unlimited users for like $9/month. That was before the MS acquisition.
The main lesson I took from the SF->GH transition was to never, ever put my marbles in a bag owned by someone else again. I'm happy that GH is there to act as a totally public repo-website, and will happily auto-mirror to it, but I'll always self-host when it comes to the canonical repository for any project I'm nominally in charge of.
If GitHub just would support CNAMEs--like being able to tell it "git.saurik.com" is the canonical host for "github.com/saurik"--this would be a lot more reasonable :(. We even live in a future where it would be trivial for them to have this work with SSL (which wasn't the case yet when I started calling for CNAME support back when GitHub first came out).
Wouldn't this then make it trivial for you to spin up a separate host, do some git wizardry to clone everything from your local copy to that separate host, edit the CNAME, and redirect away from the Microsoft-provided hosting with no issues?
…
I mean, yes that's literally the idea, but you do see why it's not happening?
Yes. I 100% understand why GitHub (and now Microsoft, as well as every other platform) is incentivized to be evil. FWIW, I'd even pay for the CNAME support, as they are then a hosting company, but I also understand why they make more money in aggregate off of all of the locked-in users than they would from the random people who would pay for it to not be evil. I will say: my conclusion is that no one should ever be using GitHub.
I remember using GitHub as a teenager, circa 2010. I, not understanding git because I was an idiot, accidentally force pushed and deleted my history.
I emailed the support email explaining the situation, and within a few hours got a reply from Chris saying that he’d fixed my repo, along with some advice about how to avoid this issue in the future.
Sourceforge was built around projects with people, github was built around people with projects. That's my general take on it.
A byproduct was the naming/addressing of projects was built around a person (or company), then the project - usera/project1. Anyone else could take/fork their own project1 - userb/project1, userc/project1, etc. Interested in project1? You could look at various versions/forks of it through the perspective of different users, because the user was first, not the project.
EDIT: further... github really put the control back to individuals. anyone could start anything, vs trying to get ideas committed in to a project. Some of this is the nature of distributed vs centralized, but github still made it convenient to just get ideas out there. Setting up a repo takes a few seconds - my memory was sourceforge took a lot longer - wasn't there some review process where you'd submit your project then it was approved for your use?
One big mistake SourceForge made was not scoping repositories. There could only be one project of a name on the entire site, which is why there was manual review. People naturally wanted to participate at the one true project, not a differently named fork. This introduced the usual social issues of being the "official" project, who had and controlled commit access, etc.
Github smartly made it user/project so the same project name can exist any number of times, and it is only the top level user/organisation that needs to be reviewed.
The article does a good job explaining why GitHub won the developer mindshare, but there was also end user mindshare.
Unlike GitHub, where the source code is front and center, SourceForge always prioritized showing a project introduction page with screenshots and a big download button for the end user. SourceForge is where non-developers went to download cool freeware. It was like F-Droid for Windows. It was meant to be the official website for the projects it hosted, which is why it didn't host forks.
But the market for end users who download executables from random websites has been shrinking rapidly for two decades. Nowadays, either you're a developer and care about the source code, or you're an end user and just want to install that app from your favorite app store. Not to mention that most active open-source projects these days are made for other developers and not end users, so there's no point hosting them on a platform designed for end users.
> Git was custom-built for distributed democratized development
and doesn't mention how github and gitlab too severely lacks in this aspect?
Drupal, like a decade before git already, allowed multiple people to work on the same issue. This was reviewed by the community and then the committers and then it got merged. You still can't do this on Github and only through some drupal.org magic does it work on the Gitlab instance the Drupal Association has.
I believe I got my original GitHub invite from another HN user, back in the days when it was still invite-only. I confess at the time I didn't really "get it", despite having played with Darcs and the like prior to this.
But (in retrospect), I don't think it's really that complicated. SourceForge, back in the day, had a really atrocious UI. As a highschooler navigating CVS and SVN repos for the first time, it was really difficult to figure out how to even download source code (this was especially horrific with CVS on Windows), let alone contribute in any meaningful way. Discussion on these sites required you to sign up for a mailing list. I think Gmail was just barely a thing, but prior to that as a student I would have been stuck with some awful Hotmail account or similar. Anyway, the hurdles were high and therefore this selected for "serious" contributions (or people willing to put up with a lot of obstacles). SourceForge may have supported some sort of bug tracker, but I don't remember ever interacting with a project that used it, so in practice people were splitting their various components (code, mailing lists, bug tracker) between several different sites.
Ignore Git for a minute. GitHub, if nothing else, had a really slick UI. That UI put code front and center, so it was (finally!) obvious what sort of project you were actually looking at. I think it can't be underestimated how much this uniformity makes code easier to browse, as compared to the vast gulf in difference in quality between the best and worse homepages of open source projects prior to this.
For fun, here's one that I authored back in the day. The home page here is actually kind of informative, but you can see how if this is all you get, the results are going to be all over the place:
Beyond this, GitHub offered a permissionless collaboration. In the bad old days of open source, I could clone a repository, and I could write patches, but the cost of setting up forks was prohibitive. This is one of the things I didn't "get" at the time, but GitHub made it practically (and socially) acceptable to just fork whatever you needed, change something, and submit it. Or not, it didn't matter. Whether you intended for your experiments to be useful to anyone else or not, it dramatically lowered the cost of starting and maintaining those experiments. And that I think dramatically changed the face of open source software (for the better).
It's so frustrating how code hosting is like 10 years behind the big tech companies' internal tooling. Like GitHub is still terrible for stacked PRs, monorepos, code search, refactoring, etc. We're just starting to catch up with tools like Graphite, but in all honesty, Graphite should be a feature that GitHub made 10 years ago. I appreciate it being built now, but I question why it took this long.
I recall Gitorious, which isn't mentioned in this article. It was acquired by GitLab, which subsequently discontinued it in 2015. The standout feature has always been the social aspect and the ability to attract a large user base to a git forge. If platforms like Codeberg or similar forges enhance their social integration and capabilities, they could eventually become strong competitors to GitHub.
Designer here, upon reading this, I found myself intrigued by Git [1]; it sounds awesome!
Do you know if there is a free and open-source software version control like Git but for UI? I know in Figma there is version control, even branches. But I'm thinking about something not proprietary and not attached to a tool.
And a more fundamental question, knowing Git, do you think that a version control for UI it is possible like what Git does for code?
They mention requiring human approval for a new repo on Source forge, but that was just a symptom of the fact that projects names came from a global namespace. It's hard to overstate how challenging this was. Some little exploration required this globally unique name and huge burden to come up with one. That was all before even applying.
One of the truly genius moves that Github made, was to put projects behind each account namespace. It's my view that this is one of the core things that made GitHub so attractive to people.
SourceForge was never that good. It was the default. Then it went through some questionable changes. Similar to ExpertsExchange... being uprooted by Stack Overflow when they started to try and monetize their database in a less than popular way.
Github also came out around the time Git was maturing just enough, and subversion wasn't really pushing into collaborative features.
Now we see tools like Gitlab starting to get the abilty to customize and integrate with other things.
I saw gitorious being mentioned in the comments and want to second that. The article missing that gitorious was the sleeker looking and most promising second contender after github until it was aquired and shutdown by gitlab seems odd. It still baffles me that gitlab never managed to make their product look or feel even half decent. Whoever will challenge github will look and feel more human and more like home not less.
IMO, the Gitlab interface is better than github for most of the actual code features. Github still doesn't have a graphical tree view of the commit history. Hell, even the git CLI has that.
The only thing I like better about Github is the dashboard for managing MR's/issues/notifications. Gitlab still hasn't managed to figure that out. Gitlab CI was also miles ahead of Github CI for a long time. Github is better now, but CI is one of the few things that really locks you into a vendor. Plus, Gitlab had much better enterprise pricing options for a long time. I'm not sure what it's like now. I don't have any numbers, but I suspect that Gitlab has more market share when it comes to locally hosted deployments.
FWIW... i was an early adopter of SourceForge and absolutely loved it for the first few years. It was a godsend at the time. At some point (2004? 2006?) its web interface became so ad-ridden that it was effectively unusable, and that was what drove me away from SourceForge.
Code hosting seems to be a natural monopsony. Github does a good job by and large, and it would be a bit of a PITA for users to have to navigate a bunch of similar, competing websites for no substantial additional benefit.
Why? I never have any trouble bouncing between GitHub, Gitlab, Gitea instances, SourceHut instances, cgit servers... You can just git clone and away you go.
It's true as a user that switching is relatively easy.
As a contributor it's a little harder, more so for stuff with non standard processes like sourcehut or cgit.
As a maintainer there can be much more significant differences around bundled features like CI systems and issue trackers. (Though I am of the opinion that where possible, CI should just be calling makefile steps or your language's tooling equivalent)
However, I agree that this is ultimately not a huge barrier.
Despite that, it's clear that users won't cross that barrier. As a project maintainer on not-github, you'll get less attention, less feedback, less contributions on other platforms. I think there's a bit of a relation to how sticky services like search engines are despite 0 barrier to switching.
So that's something that you will need to weight up when choosing a platform, regardless of whether you as maintainer have difficulty doing the switch or think others do.
Maybe maximising contributions isn't an important goal for you, but I can see why many projects before have made that decision.
> stuff with non standard processes like sourcehut
Of all the forges, Sourcehut arguably has the most standard processes - mailing lists for issues, and git-send-email for contributions. I especially love the latter, because it means I don't have to register and create a repo fork etc. just to contribute a patch.
In 2024 the reality is, without playing silly word games about the meaning of standard, email patches and mailing lists are non-standard (and arguably have been since the early 10s)
I remember signing up for GitHub and having to provide my public SSH key before creating an account which I did. I can’t imagine how many abandoned signups there were. I think Chris tweeted about it.
this is a good article, but this part near the end is a bit off:
> ...as a market matures, solutions become specialized and modular. We've already seen this begin to happen in a few areas of "social coding." Jira and Linear offer modular issue tracking, while Jenkins and Buildkite offer modular CI solutions.
Those modules existed a long time before GitHub. Bugzilla was an issue tracker in the 1990s. Popular CI tools like Jenkins and Travis launched around 2010 while GitHub Actions didn't exist until 2018.
sourceforge was like a big klunky 8-track tape player of open source hosting. it was awful, and it's all there was. literally anything that people put up and managed to publicize a bit would have replaced it.
a more interesting question is why did Github win out over Bitbucket (I know the answer to this also, it begins with Mercurial and ends with "Atlassian buys them", but in the middle it gets into interesting questions about source control systems, issue trackers, etc).
There a small bit of irony that it required a fully decentralized source control management in order to consolidate the market for OSS code/project hosting. The obvious caveat is that git allows any project to pack up and leave anytime they want, but the vendor lock-in came by means of the network effect and developer preference. There is an incentive on GitHub, at least, to provide a superior product to other alternatives like Gitlab or Bitbucket. Ultimately, it meant the risk of choosing GitHub was very low due to the nonexistent vendor lock-in.
During SourceForge’s decline, most OSS projects were either very prolific, general purpose libraries or full software packages, all of which had most of their infrastructure sorted. There were a number of other platforms, now mostly forgotten, that tried to acquire the displaced market shed from SF’s former userbase.
Almost every one of the new platforms wanted to just be a better SourceForge, but none of them wanted (or thought to) to tackle the problem of git hosting as their primary product they were selling to users - which ultimately proved to be what the market wanted. OSS devs with a project likely already had an issue tracker, website, discussion forums, etc, and they didn’t want to spend their day in a CRUD app manually managing releases and fielding support requests on a platform that different from what they setup already. GitHub offered public git repository hosting with a modern look that was betting on companies buying commercial-oriented features as a monetization strategy, rather than ads. Eventually, a-la-carte features such as issues, discussions, and wiki were added, but were able to be toggled at the project-level.
Meanwhile, SourceForge was too busy cramming more ads in, cluttering layout, trying out asinine social media integrations, and ultimately, accelerating their (at this point) well-deserved) death by packaging malware/adware in software distributions. It was easy to see in the moment (and even more in hindsight) how much of a loser strategy this was for SF. It’s almost comical how spectacularly they fucked up their own market share with short-term thinking and outright stupid ideas. Not much love was lost here by the end.
Without GitHub, npm would not have been successful (which itself inspired other package managers), CI/CD would either be a bigger mess or dominated by a single vendor (which enabled fun stuff like infrastructure-as-code), coding in general would not be as accessible, and git itself may not have won out as heavily as it did.
GitHub’s success is a good case study in a startup being at exactly the right place at the right time, with the right product. The result wasn’t the mass migration of prolific projects immediately moving in, rather it enabled this back-pressure of micro-OSS projects to thrive because now it became viable to build a library that does one thing really well without the admin work of managing a full-blown OSS project. A number of projects eventually moved in, but the driving force to adoption, in my opinion, were the tiniest projects that ultimately proved this platforms viability.
> The obvious caveat is that git allows any project to pack up and leave anytime they want...
People always say this but it just isn't even remotely true. Even if we ignore the "obvious" issue of, well, issues and other important project data that isn't part of your git repository, if you try to "pack up and leave" you will rapidly find that your github.com URL is now distributed around the entire internet as if it were your home page and is even embedded into other peoples' build scripts as the core problem was never the data you are hosting but is actually the identity and address of that data. The reality is that GitHub using git is no different from any other hosting platform, such as Instagram or YouTube. Yes: your content on YouTube is "merely" a bunch of video files and those video files could just as easily be hosted on any other video hosting provider as video files are about as boring and standardized and portable as can be imagined, yet obviously we wouldn't say anyone can trivially "pack up and leave" their decade of investment into a popular YouTube channel.
And that’s why your platform should be a website under your domain name. If I want to refer to a particular project, I go to their website first, and use the link there for the source code. There are too many mirrors repo on github to trust the first username I see. For most popular projects I use, I never care about their github page other for checking the code and issues page. It’s either their docs or the cloned version on my computer. The last project I interacted with was Authelia and I’ve not opened the github page once (if they even use github)
[0]: https://neverworkintheory.org/2022/04/21/decline-of-sourcefo...
[1]: https://news.ycombinator.com/item?id=31110206
As my memory recalls it, that triggered an exodus to Google Code, and whilst GH was gaining traction it was somewhat in their shadow. When Google announced they were going to kill Code that was the blessing for GH.