First, they restricted code search without logging in so I’m using sourcegraph But now, I cant even view discussions or wiki without logging in.
It was a nice run
I moved all my open source projects to Gitlab the day Microsoft announced they were acquiring Github.
(I wish in retrospect I’d taken the time to research and decide on the right host. I likely would have gone to Codeberg instead of Gitlab had I done so. But Gitlab’s still better than Github. And I don’t really know for sure that Codeberg was even around back when Microsoft acquired Github.)
The only thing surprising is that it took Microsoft almost three years to turn on the shit-spigot.
You gotta embrace first
Honestly for selfhosters, I can’t recommend enough setting up an instance of Gitea. You’ll be very happy hosting your code and such there, then just replicate it to github or something if you want it on the big platforms.
Just so you’re aware, Gitea was taken over by a for-profit company. Which is why it was forked and Forgejo was formed. If you don’t use Github as a matter of principle, then you should switch to Forgejo instead.
did they get federation working?
Nothing usable yet unfortunately, but they seem to be making good progress: https://codeberg.org/forgejo/forgejo/issues/59
The writing was on the wall when they established a generative AI using everyone’s code and of course without asking anyone for permission.
It’s an interesting debate isn’t it? Does AI transform something free into something that’s not? Or does it simply study the code?
There’s no debate. LLMs are plagiarism with extra steps. They take data (usually illegally) wholesale and then launder it.
A lot of people have been doing research into the ethics of these systems and that’s more or less what they found. The reason why they’re black boxes is precisely the reason we all suspected; they were made that way because if they weren’t we’d all see them for what they are.
The reason they’re black boxes is because that’s how LLMs work. Nothing new here, neural networks have been basically black boxes for a long time.
I’m still stuck on why I have to create a password-equivalent API token, and then store it on my hard drive if I want an at-all-convenient workflow.
“We made it more secure!”
“How is storing it on my hard drive more secure”
“Just have it expire after a week!”
“How is it more secure now, seems like now there are two points of failure in the system, and anyway I keep hearing about security problems in github which this hasn’t been a solution to any of them”
“SHUT UP THAT’S HOW”
An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.
Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.
Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.
And that’s just the tip of the iceberg. Lmk if you have questions, though.
