GitHub did this to me a few years ago. I still feel violated. Not by my idiot former employer. I feel violated by GitHub. I got my account back. Sort of. They detached a significant amount of my content from my account, and returned to me a gimpy lobotomized version of myself.
All my old GitHub comments are credited to “ghost” now. I was somewhere in the first 12,000 GitHub accounts.
My relationship with GitHub significantly predated my dalliance with this one employer years ago. I trusted GitHub. My GitHub account was a formative part of my identity. I still can’t believe it and I still can’t forgive them. I lost some of my sparkle that day.
It's also why I oppose using social authentication with anything. While we have access to our [Facebook, Twitter, Github, Google, LinkedIn] account today, what happens if they shut it down? We have no clue of the real consequences and no appeals process. It's the worst of both worlds.
That’s one of the motivations for the “new” project Tim Berners Lee is working on, Solid. The amount of foresight people working on the web have is crazy. I read an article interviewing Lou Montulli the other day and was amazed to find out how how extensively he thought about the nefarious use of cookies when they were being designed
Funny because when those same people actually had a chance to stop alot of the privacy violating and non-open things in the web they caved to the pressure from Google, and others to make the Web less open, less private, and less free.
Tim Burners Lee was one of those people that caved with HTML5 standard, and several other standards under the W3C
The specter of this sort of violation hangs over the shoulder of every internet user now - the loss of an account on a service like Facebook, GitHub, or Trello could be life-altering. Our digital selves are all at risk of becoming The Trial's protagonist.
Do we have any protection besides moving to a new platform that's not big enough to betray its users yet?
Unix graybeards selfhost. That saying "cloud is someone else's computer." is relevant here.
Now, you can ask, what self-hosting really means and that is complicated. Does rented server count? Colocation? Or only way is own premises? I have worked places, where last one is hard requirement.
Generally though, I am pleased with colocation, some places even have customer provided locks on racks.
But even if you have cheap VPS, at least you can backup it (regularly and before troubles) and restore some other place. With SaaS, you can't always have export in nice and useful form.
The funny thing is, everyone used to self-host. A home ISP account typically came with an email address, some space to host a website, etc. Of course you could set up other facilities as well, but even without that, you had control of the storage. The Web was full of articles on how to build your first home page, which plenty of non-geek people managed to do just fine.
The biggest danger back then was probably that if you changed ISP then you'd lose access to your old email address. That's still a danger with any email hosting service, including the likes of Google that people often use instead today, and it's why I advocate everyone registering their own domain for life. Email is still the root password to your online existence in almost every case, and letting any third party have more control of it than is strictly necessary is a really, really bad idea.
I would love to see a move back in that direction, which home ISP accounts allowing access to some sort of "starter kit" home server in the same way they probably provide most customers' starter modem/router/wifi equipment already, and with more software built that was aimed at being self-hosted and accessed via your home network or remotely through a VPN.
Sadly, I think this is unlikely, because there's just too much momentum behind the massive social networks and other online services. So instead, every now and then, a large chunk of someone's online life is going to get wiped out by the kinds of poor policies we're talking about today.
No, it's not, but it's a lot closer than using some intermediary service, and it's convertible to true self-hosting if you find you need to later because the data is all under your own control and ownership throughout.
Although it's certainly annoying to lose an old account, for many services it's just a hassle.
I went through this with a Reddit account that got hacked. I was able to get the spammer shut down but had to create a new account, and really, it's okay. The people who know you will reconnect, and the others don't matter much.
It used to be that everyone got a new phone number when they moved, and we managed.
I feel like every netizen goes through this at one point of their life, where they trust an entity, get burned, and learn the lesson of never trusting another entity (100% without condition) again, keeping your data closer to yourself.
Much like in real life, where at one point you trusted some too much/naively, and after that point you're more careful, even of things/people you do trust.
A lot of people seem to develop a strange sense of loyalty to services they like (and haven't been stung by, obviously).
Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
Try challenging Apple's walled garden philosophy and suggesting that their mobile devices could implement standard protocols for transferring your own data on and off them directly like almost every other mobile device in the past decade, instead of relying on their not-properly-secured iCloud system, and plenty of Apple fans will wonder why you might care.
Even the HN community falls victim to this mentality from time to time. I find people here tend to be more rational about these issues than average, but any suggestion that one of the YC success stories that has become an HN idol has done something unwise or even bad can sometimes end up brutally suppressed.
It would be better, IMHO, if people kept in mind that behind these services they have allowed themselves to depend on so much is usually just a business, even if it's a big and famous one, and that businesses generally have no obligation to anyone to continue doing anything other than to the extent that either the law requires it or there is compensation changing hands and a contractual obligation.
> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
TBH, I've never worked at a company that would host their source code at a third party service. At my first job, we wouldn't even use a web UI for the repositories (I still think that's not all that useful to begin with). At my current job, we use cgit. We use Jira (that we pay for, obviously), but as to source control --- a company hosting it on GitHub? Never seen it with my own eyes. But I work as a C++ dev, so maybe it's different here than, say, in webdev world.
Doing a fair amount of work in web dev world in recent years, we've always self-hosted one way or another, but the newbies look at you all strange like if you tell them. Then again, half of them also don't realise that Git and GitHub are different things.
> But I work as a C++ dev, so maybe it's different here than, say, in webdev world
Most likely that's the reason. I've only worked on web projects and everywhere I worked has been using GitHub for hosting the code and managing merge requests, except my first work where we used Redmine and then 6 months later migrated everything to GitHub.
I worked at a place that had virtually zero internal systems, including version control, and relied heavily on Github in particular for things like access control, beyond just source control.
One of their remote devs had his Github account hacked (pre 2FA) and then had access to Slack as well, and the hacker managed to socially engineer his way into a number of sensitive areas and increased access, to the point the company had all their code taken and a number of high GPU Amazon instances started to generate crypto coins to the tune of a $35,000 EC2 bill.
I'm from the old school and have never trusted third party services for anything critical to the company. I'll admit a bit of internal gloating after that incident.
But that sounds like a case where the attacker would have gained access to most relevant stuff anyway, and the difference in effect was mostly to the tune of $35k in costs (instead of spending resources on companies' own hardware)? While that's a big chunk for a start-up, it's not even one year of a developer salary.
While I am of the similar old school like you (I run my own mail server, web server, nextcloud, used to do ejabberd too...), I think it's more cost effective for smaller companies not to do it themselves, as long as they keep their own backups.
The difference is that when they self-host, they are more vulnerable to targeted attack (on average, for similar dollar investment), but if they host with SaaS providers, it's opportunistic attacks they should worry about more.
It was more that their entire code repo was downloaded, which included a number of third party access codes, nevermind the intellectual property involved.
If that stuff is only hosted internally behind a firewall, with a VPN requirement to access, it would have been fine. Instead it was all on Github.
Right, but if they hacked a particular remote employee who had access to it, they could have gotten access to the same stuff — their attack vectors might have been more limited, that is true.
> At my first job, we wouldn't even use a web UI for the repositories
It's been a long time since I used it but I used to lean on gitweb for this at places that self-hosted git repositories but didn't have any UI layer on top. I remember it being perfectly fine for my needs.
> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
To be fair, this example isn't quite as bad. It's simple enough to add a new remote to your working copies and host your repo elsewhere. It doesn't help with GitHub-specific features like comments or integrations though
Usually complaints like this have more to do with the social processes around coding than the actual task of storing and versioning source code (which as you say is portable and standard).
"I want to make a change to a shared library. Why can't I make a pull request?" "Wait, I have to use this unfamiliar interface to make comments on other people's changes and I can't leave comments on specific lines?" "You know, if you used Jenkins and Github then you could show the status of passing or failing tests right here on the code review screen..."
These social pressures are really quite strong. They affect a bunch of open source projects especially: people who want to make changes expect code to be on Github and might even mirror it there themselves (creating confusing situations for anyone trying to contribute). Even if the project does host its code on Github to allow for contributions from Github users, Github is (naturally) not very good about directing its users off of its platform to where the existing discussion and development is going on. "It's easier if you just do everything on Github" says Github, and their users by and large agree, and slowly more and more process (code review, merging patches, CI, documentation) gets sucked onto Github by the platform effect.
Indeed, only big free software silos manage to fight this push off (think Gnome, KDE, Debian, FreeBSD... and even some of those are partially pulled in like Ubuntu, which even had its own hosting platform in Launchpad.net).
I like to say that I was a free software developer before github, which means that I never really participated in it, but I frequently feel excluded when I am asked for my github profile ("sorry, there is nothing there, but I can point you at a dozen other repos...").
I am still resisting, but who knows for how long :)
I feel moved to strictly only use fake names online. Like..
I recently moaned and whined to my friend about how when i was growing up a person/entity (to my recollection) would feel.. like they received a magical gift just to send a message online.. having a web page was like.. winning the nerd superbowl.. Now it's like.. we are supposed to take a knee to any company that gets sufficient presence and significance (linkedin, etc trying to find a job).
What actions had you taken toward trying to remedy this
?
Usernames probably come from the multiuser nature of early computers, and some of the early limitations of software implementations (eg no spaces so your homedir could match your username on a fs that supports no spaces).
Aliases or nicknames are a common human choice, which allows one to be represented by a word/name of one's own choosing that portraits you in a light you want, without tying to your real identity which might have other implications (sometimes negative, of course).
I'm not sure how they started. Was it because of people feeling their 'honest' self info was being used to identify then control them via highjacking their personal accounts in honor of some ex employer?
I wonder if this is something you can sue them over. Do you legally own your content? Did they or the former employer steal something from you?
It's bizarre to see so many companies handle this in such a user-hostile way. It looks like a clear sign not to use Atlassian or Github for anything private. Makes me wonder if Gitlab might be next...
GitHub organizations should make this a non issue. I assumed that they’re mostly competent, but if literally any past job I had could pull the plug that’d be a huge problem.
I'm not sure if this is related, but I made a point of never using the social login feature, at least for personal stuff. Always signup via e-mail (my own e-mail).
The risk is just too big.
With login via email I can still be in control of that account no matter what.
If only there was a way to do that without creating multiple accounts.
At least my company doesn't host anything on public guthub (guthub for enterprises has everything) so they don't need to be connected. If you have personal and company stuff you are in trouble even if you separate them.
I believe you're being cynical, because this forced name policy allows for answers to be of higher quality, which is basically their entire selling point - being a better yahoo answers.
If you want anonymity there are other platforms for that, stackexchange for example.
Ask MetaFilter is a much better Yahoo Answers, but I can be pseudonymous there. Also, my pseudonym is much closer to a real identity than what's on my driver's license.
I don't have any real reason to fear sharing my "real name" with Quora. I'm lucky. But I'm not the only person in the world. Good thing I'm not trans or a religious dissident. Good thing the only thing stopping me from contributing to Quora is my ornery nature. I would hate to for the world to miss out on my Quora contributions for a good reason.
Good thing Quora doesn't have my "real name" is all I'm saying. I have an interest in privacy, even though I use the same pseudonym as my identity on LinkedIn, Twitter, Facebook, and Instagram. And Ask MetaFilter. And so many other places. I shouldn't have to beg to use my preferred name on Quora's bulletin board, regardless of my reasons. It's none of their business.
There's nothing about a "real names" policy that automatically turns a shitposter into a quality contributor. There are plenty of reasons not to wear a target on your back and self-doxx. Today's misadventure is one very good reason.
> That's a false dichotomy. Ask MetaFilter is a much better Yahoo Answers, but I can be pseudonymous there.
There's an example that just happens to be the greatest knowledge platform ever built in world history. Wikipedia allows non real name contributions. Plainly next to that, Quora has no legitimate excuse for requiring real names to ensure quality. It's for one reason: $$$. They have to figure out how to reach a $3b valuation at some point so their VC owners can get a reasonable exit. It guarantees an inevitable disaster for a knowledge service. The conflict between quality and always needing more and more junk content to slap ads on and allowing for abusive business practices to reach for that fat exit for the VCs. And if you don't do it, they'll put someone in charge that will. Unless you can find another business model as Stack Exchange did, stay private & small/lean (so you don't have to try to pretend to be a $3b company when your business model will never legitimately get you beyond 1/20th that), or go the donation Wikipedia route.
It's not that hard to be as anonymous as you like on Quora. It's been a while since I contributed, because I got tired of their schizophrenic moderation, but I don't recall that mobile text authentication was necessary. Unlike say, Twitter. And even that isn't all that hard to get around, using hosted SIMs.
It's impossible for me to be as anonymous as I like on Quora, because they require a government ID with the name I want to use. Which isn't even that weird! It's my legal last name, plus my childhood nickname for a first name.
Your name just didn't provoke their Real Name Gestapo.
Can you elaborate on the hosted SIMs thing? More and more websites are starting to ask for SMS verification and blocking VOIP numbers like google voice and it is getting really annoying.
Yes. Within hours of registering my account, Quora emailed to let me know that my name sounds fake and that I have to prove my identity with government ID, or I can't use Quora on an equal basis with other users. It really burns me!
I think part of their reasoning is "hey, we have prominent users! Let's make sure everyone knows it!" But Ask MetaFilter has famous users. They are in no way diminished by my pseudonymity.
Plus I know how to change my name. I can spend $100 at the courthouse, and get an ID that would force Quora to let me use my preferred name. My point is, Quora doesn't get to be the impetus for my legal name change. I don't need Quora's permission to call myself what I prefer to be called.
Not saying I agree with them (honestly Quora should die and burn in hell), but if you really need the service can't you just give them a middle finger in the form of a fake ID? Best case scenario it works, worst case scenario they still don't reopen your account. Either way you don't lose anything.
I've got this meta schadenfreude seeing things succeed that HNers hate. The new MacBook Pro and any unicorn startup that posted a Show HN. It's cute how HNers actually think that they're relevant.
It's not tied to the packaging format. Detect is the step that decides which buildpack or buildpacks will be responsible for constructing the image from the sourcecode.
Typically this means that buildpacks look for files that correspond to the relevant ecosystem. Maven buildpacks look for pom.xml. PHP buildpacks look for composer.json. Etc.
Nothing in this creates a hard binding. Detect steps may use whatever logic they need to decide on whether to signal they can work on a codebase.
Edit: in the v3 design the detect script can also provide dependency information that later steps can pick up. So for example, a JDK buildpack can say "yes, I can interpret this codebase, and I can contribute a JDK". A later buildpack can then look for this contribution as a condition, eg. the Maven buildpack can say "I will proceed if I see a pom.xml and if there is a JDK available".
Yeah, this seems like a part of history that should really be highlighted. It’s relevant to nearly the entire world. And it’s results are still important today.
I do like the idea overall. So, let me tell you why I instantly hated it and closed the tab.
Your Show HN headline did a great job, I was excited to see what a github repo quality bot does!
This is a personal preference, but I find the name "Git Enforcer", the police officer emoji, and the git logo with a police hat on it completely off-putting. Not the atmosphere I would want to foster when I'm trying to use persuasion to get colleagues to adopt good practices. In my world, police are authoritarian bullies who demand instant compliance without negotiation, or else they'll brutalize you.
It's humbler and more inviting for a bot to come across as an assistant. "Git Enforcer" comes across as something a clueless boss imposes. I think all the wrong-footed design cues come from the name "git enforcer".
Basically your bot is a linter for collaboration behaviors. It can't actually enforce anything, all it can do is nag. Actually, if the name was GitNag and the icon was a horse, I would find your bot charming.
Speaking of linters, lately I've been using [Black](https://github.com/ambv/black) for my Python. Its self-description in that Readme sold me on it instantly.
Yes, this. Presumably the best, even average, teams opperate on a voluntary basis. The "Enforcing" paradigm runs against this grain.
Alternative messaging while still communicating the same information might revolve around helping, reminding, checking. Hell, how about bumper bowling?
Very cool project never the less and I might implement with my team.
The idea that bonobos and chimpanzees can speak the same language is absolutely thrilling. Even though bonobos are chimps, I always saw the two species as very distinct; this discovery really resets my worldview on multiple levels.
I'm not an expert by far, but aren't many animal "gestures" shared by multiple species: lying down to surrender, standing on hind legs to threaten, showing teeth, etc...?
> The taxonomical genus Pan (often referred to as chimpanzees or chimps) consists of two extant species: the common chimpanzee and the bonobo.
It's like "crow", which can refer to a particular species (e.g., in England a crow, unqualified, usually means a carrion crow), or to the genus Corvus, which includes e.g. ravens and rooks.
All my old GitHub comments are credited to “ghost” now. I was somewhere in the first 12,000 GitHub accounts.
My relationship with GitHub significantly predated my dalliance with this one employer years ago. I trusted GitHub. My GitHub account was a formative part of my identity. I still can’t believe it and I still can’t forgive them. I lost some of my sparkle that day.