It would be nice not to have to rely on centralized servers at all. A P2P/torrent client built specifically for sharing code from git repositories, perhaps?
Hear, hear. I've talked about this with people and it's surprisingly hard to convince them that government-sponsored software is a good idea. While a tiny fraction of the amount we already spend on commercial software would utterly transform the free software landscape, it's not politically viable as long as commercial software vendors have lobby power.
Let's not forget that it is not in many governments' interest to have distributed tools (with strong encryption). It is much easier to take down stuff on centralized services.
But of your government is at odds with an oppressive government, it would make sense for it to fund that kind of software so the people could take it down, or at least make trouble, themselves.
Instead of gov. funded software, I like the idea of hedge fund backed FOSS, where the commercial software competition are publicly traded. This would allow the hedge funds to realize returns, but only if the FOSS produced is viable. Such an arrangement would probably benefit under a non-profit foundation to administer the project(s).
I'm just back from lunch, so I'm struggling to follow. How would the "hedge fund backed FOSS, where the commercial software competition are publicly traded" work?
Free distributed P2P software makes technopolies like Github AND mafiaficialities like nationstates obsolete. We do not need to and should not rely on the government to fund that.
You commit your issue database to the same repo as your code and track it alongside your code. Then you just need a tool to manage the database for you, and there's a few tools out there to do this:
... and probably others. That's just based on a quick Google search.
One nice thing about this approach is that your issue's state follows your code through merges. When you fix the bug you mark it as 'fixed' and commit that change to a branch. When it gets merged into master, the 'fixed' status gets merged as well.
Oh cool, I didn't realize git being distributed solved the communication problems that arise on an engineering team.
Back to work everyone, git is distributed version control so we don't need pull requests or gists or any kind of easy-to-read historical record that is also accessible for non-engineers.
I think the bigger point is to have a contingency plan in place so your whole engineering team isn't sitting on their thumbs with stupid grins on their faces.
That might not be your specific problem, but I'm guessing a few people have this problem today. I'm glad I check my libraries into my local repository :) Using a local fall-back for popular libraries hosted on cdns is a good idea too.
To be fair, I don't do it because I think it's stupid not to, I do it because I often work on my laptop while travelling and have to be able to continue to work without an internet connection :)
What makes you think Github is "large and well connected"? Don't get me wrong, I love GitHub, but due to their architecture decisions, they aren't anywhere near a great example of best practices in the industry for preventing DDoS attacks.
One that would really help with DDoS attacks is if they didn't do everything on github.com. Layer 3 DDoS mitigation will always be cheaper and more effective than Layer 7. If it's not obvious what I mean, here's an example:
Yeh it's definitely preferable to have one of the two developers your small startup can probably afford spending a good portion of their time rolling out, securing and maintaining your own infrastructure
GitHub is not meant for distributing dependencies. Maven Central on the other hand is, the difference being that it is mirrored and if repo1.maven.org goes down, it's not a big deal and your project can still be built and deployed.
You have to fetch them from somewhere. If you are fetching deps from multiple sources, there is a much higher chance of at least one source being down.
Sure, but I didn't specifically mean DDoS attacks, more of the human error kind. People tend to be more trigger happy with changes when it's "only" an internal system.
Or "let's move our entire business workflow to github!". Doh! This is why you should run indefero/srchub/gitlab or any of the other self hosted source code control apps.
I would argue from personal experience there's almost the same (or higher) likelihood of internal sources going down for other reasons since most people's IT departments aren't as efficient as GitHub's.
I once worked in a group that used SVN for SCM, mediawiki for wiki and Trac for tickets. I voiced my opinion about that setup many times but management felt that was the most efficient way to work...
Products like indefero/srchub have all of that from a single interface and it's very easy to maintain. I don't know how easy gitlab is to install/maintain - perhaps sytse can pop in and go into detail about that. Assuming the system works the maintenance would be minimal.
> And then you can set a daily nightly cron for: sudo apt-get update sudo apt-get install gitlab-ce
AHHHH!!!! Don't recommend doing that. Only those who are crazy do that. Imagine waking up in the morning and your SCM system is broken due to an update that was automatically applied - I wouldn't want a sysadmin (or developer) to see that before their first cup of coffee.
When you update - does it automatically apply migrations or other database upgrades that might be necessary?
For the reason mentioned it is better to set the timing during the day (that is what we do). But if you upgrade automatically during the day you'll have a bit of downtime during the day.
By default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. The behaviour can be changed by adding a /etc/gitlab/skip-auto-migrations file.
Obviously if you installation grows you can review the needed upgrades in advance and prevent downtime in most cases.
That's subjective. In America companies tend to be referred to as singular entities, but in the UK they would be referred to as plural. Neither is wrong, just different idioms.
> In British English it’s absolutely fine to treat most collective nouns as either singular or plural – you can say my husband’s family is very religious or my husband’s family are very religious.
With something like collective nouns it's probably wrong to make blanket statements about correct and incorrect, even if you're a prescriptivist not descriptivist.
EDIT: And while I love (but am hopeless with) English usage this is the least interesting bit of the submitted article.
Ah but that's different. "Company nouns" are not used as collective, they refer to a singular entity - the registered company, not it as a body of people.
Note while 'just' a style guide, The Economist - like me - seems (note not 'seem' ;)) not to consider "Tesco" _et al_ to be collective nouns _per se_.
> A government, a party, a company (whether Tesco or Marks
> and Spencer) and a partnership (Skidmore, Owings &
> Merrill) are all **it** and take a singular verb.
To some extent, most likely, yes. But my perspective on the PRC is that the powers that be know that they will only remain in power for as long as they can provide, or rather, the illusion of them providing, a continuous increase in wealth. This in part would be why information is key in China. Assange had a very positive view of it when he said "I often say that censorship is always cause for celebration. It is always an opportunity, because it reveals fear of reform. It means that the power position is so weak that you have got to care about what people think." [1].
I've always wondered why github hasn't considered switching to a distributed sub domain layout to help ameliorate this problem. Surely if they spread their infra out that would make ddos that much harder. A subdomain per user or repo should work wonderfully
Separating users by subdomain leaks information. An observer can trivially see your DNS queries but not which repository you access over https or ssh.
There is also little benefit in it. If the subdomains only point to the same servers then the same level of traffic will still take them all down, but if different subdomains point to different servers then it makes attacks easier because the attacker only needs enough resources to overwhelm 5% of the servers instead of all of them.
Does anyone else find the Github status "messages" page [0] a bit jarring in how it's organised? The way that, when read from top to bottom, time goes forwards within a day but backwards across days?
I guess I normally wouldn't notice, but there are currently some messages on there from today and yesterday and I found it hard to read as a story (either forwards or backwards) - I had to jump around a bit to figure it out.
I'd be surprised if no one at GitHub has said "we're being DDoS'd this morning." GitHub is a website. It's also a company of people who probably identify closely with the product they build, like many of us. I don't think it's that crazy to use "are" here.
Technically, the Github servers are being attacked.
The "website" (or "app") is the abstract thing that runs on those servers.
The servers are trying to service a flood of incoming tcp connections and http requests from rogue clients, which slows them down.
So "are" is not entirely out of place, but of course we all got the message ;).
They're trying to detect your timezone and show the local time. Nice of them, however additional UTC for vpn users and lines with broken geoip would be also good.
There's two common flavors of comment on this post, namely "why would anyone do this?" and "well, I guess that means I can't do any work this morning." These could go together somehow. :)
Considering its the Chinese government, yet again, its probably a mix of both. It makes it harder for their nationals to get VPN software that goes through their firewall and also is an assholic statement against the West's ideas about freedom of speech, assembly, and peaceful changes of power via popular elections and multi-party government. The Chinese are most likely hoping they can force github to get rid of these projects by threatening periodic DDOSing.
They also probably feel emasculated that South Korea told their pet regime to knock off the stupidity and China and North Korea capitulated to their demands yet again. The timing of this is far from a coincidence. China's foreign policy is almost 100% hinged on having North Korea attack the west with impunity and they don't like that Park is actually pushing back against this dynamic. So now China is having its hissy fit on Github instead on the Korean peninsula.
Yeah, lets keep rewarding them with factory contracts, right guys?
174 comments
[ 2.9 ms ] story [ 214 ms ] threadI look forward to the day governments start to fund free software, for example through the GNU project. Then we'll all have better tools.
Actually, there were already some fundings. Germany funded GnuPG to port it to Windows.
What do I care what is the new world record in sprinting? But I very much do care about a new release of libreboot, libreCMC/openWRT or Debian!
I hope one day we will see peaceful international competitions between nations of who can provide the best/most used free software.
BTW, it is hear, hear ;).
That's because it's not. Governments are not reliably good, and their money comes with far more strings than private money.
The FSF have it right: people should write free software because proprietary software is immoral.
Have you ever worked on a government-funded project? The Tor folks have and do. :)
> ...[P]eople should write free software because proprietary software is immoral.
USGov does fund Libre and Open Source software. One big example is the Tor Project.
https://www.youtube.com/watch?v=3jQoAYRKqhg
edit: a more recent (?) link https://github.com/cjb/gittorrent
Or, we could both set up HTTP servers on our respective machines and simply push to each others repos.
PRs, wikis, issues are the reasons why we use github...
An org-mode file named 'issues,' with each issue under its own heading?
A directory named 'issues,' with an org-mode or CommonMark file for each issue?
A directory named 'issues,' with a directory for each issue, with CommonMark, org-mode or restructured text files for each person's comments?
http://ditz.rubyforge.org/ http://pitz.tplus1.com/ https://github.com/jeffWelling/ticgit http://www.bugseverywhere.org/
... and probably others. That's just based on a quick Google search.
One nice thing about this approach is that your issue's state follows your code through merges. When you fix the bug you mark it as 'fixed' and commit that change to a branch. When it gets merged into master, the 'fixed' status gets merged as well.
(PS: why cannot I reply to paulrouget's message?)
Back to work everyone, git is distributed version control so we don't need pull requests or gists or any kind of easy-to-read historical record that is also accessible for non-engineers.
That might not be your specific problem, but I'm guessing a few people have this problem today. I'm glad I check my libraries into my local repository :) Using a local fall-back for popular libraries hosted on cdns is a good idea too.
To be fair, I don't do it because I think it's stupid not to, I do it because I often work on my laptop while travelling and have to be able to continue to work without an internet connection :)
Current: http://github.com/jsjohnst/project
One (of many) better approaches: http://jsjohnst.github.com/project
If you really want the Chinese people to protest, try cutting them of from the Internet for a few weeks. Let's see if that won't work.
Also, if GitHub is down you can still fetch your dependencies from somewhere else.
I once worked in a group that used SVN for SCM, mediawiki for wiki and Trac for tickets. I voiced my opinion about that setup many times but management felt that was the most efficient way to work...
Products like indefero/srchub have all of that from a single interface and it's very easy to maintain. I don't know how easy gitlab is to install/maintain - perhaps sytse can pop in and go into detail about that. Assuming the system works the maintenance would be minimal.
And then you can set a daily nightly cron for: sudo apt-get update sudo apt-get install gitlab-ce
Don't forget to take snapshots of your server for backups.
AHHHH!!!! Don't recommend doing that. Only those who are crazy do that. Imagine waking up in the morning and your SCM system is broken due to an update that was automatically applied - I wouldn't want a sysadmin (or developer) to see that before their first cup of coffee.
When you update - does it automatically apply migrations or other database upgrades that might be necessary?
By default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. The behaviour can be changed by adding a /etc/gitlab/skip-auto-migrations file.
Obviously if you installation grows you can review the needed upgrades in advance and prevent downtime in most cases.
https://pulse.turbobytes.com/results/55dc40faecbe400bf800146... traceroute looks ok..
edit: TIL my English wasn't as good as I thought.
> In British English it’s absolutely fine to treat most collective nouns as either singular or plural – you can say my husband’s family is very religious or my husband’s family are very religious.
http://itre.cis.upenn.edu/~myl/languagelog/archives/001874.h...
etc.
With something like collective nouns it's probably wrong to make blanket statements about correct and incorrect, even if you're a prescriptivist not descriptivist.
EDIT: And while I love (but am hopeless with) English usage this is the least interesting bit of the submitted article.
https://dictionary.cambridge.org/grammar/british-grammar/nou...
Note while 'just' a style guide, The Economist - like me - seems (note not 'seem' ;)) not to consider "Tesco" _et al_ to be collective nouns _per se_.
I know, we should keep building up their economy by manufacturing nearly everything there, that should stop them.
[1]: https://wikileaks.org/Transcript-Meeting-Assange-Schmidt#996
https://github.com/blog/1981-large-scale-ddos-attack-on-gith...
http://arstechnica.com/security/2015/04/ddos-attacks-that-cr...
Also if you're going to respond include a reason why you disagree
There is also little benefit in it. If the subdomains only point to the same servers then the same level of traffic will still take them all down, but if different subdomains point to different servers then it makes attacks easier because the attacker only needs enough resources to overwhelm 5% of the servers instead of all of them.
I guess I normally wouldn't notice, but there are currently some messages on there from today and yesterday and I found it hard to read as a story (either forwards or backwards) - I had to jump around a bit to figure it out.
[0] https://status.github.com/messages
Examples: GitHub IS a web site. GitHub is a SAAS app.
The only plural aspect to GitHub is its employees and they are not being DDoSed. The web site (singular) is.
I'm not going to bother explaining the problems with "under DDoS" or the other issues with this sentence.
The "website" (or "app") is the abstract thing that runs on those servers. The servers are trying to service a flood of incoming tcp connections and http requests from rogue clients, which slows them down.
So "are" is not entirely out of place, but of course we all got the message ;).
They also probably feel emasculated that South Korea told their pet regime to knock off the stupidity and China and North Korea capitulated to their demands yet again. The timing of this is far from a coincidence. China's foreign policy is almost 100% hinged on having North Korea attack the west with impunity and they don't like that Park is actually pushing back against this dynamic. So now China is having its hissy fit on Github instead on the Korean peninsula.
Yeah, lets keep rewarding them with factory contracts, right guys?