105 comments

[ 3.0 ms ] story [ 176 ms ] thread
For the source control point, I do it this way:

My entire working folder with markdown posts, drafts, templates etc is a private git repo. The output (the static HTML, CSS, images etc) is a public repo.

I have a tiny shell script to commit, push and publish the site, and it works just the way I want it. His other points are understandable. I personally don't take my blog that seriously, it's just a pet project.

This is one of my favorite recently-discovered blogs. His posts are so in depth and the whole thing is beautiful and slick.

I too prefer for my blog to be closed-source, for many of the same reasons.

Mine is decidedly less sexy, it's just Laravel + Markdown, but I did write about it recently: https://aaronfrancis.com/2021/blogging-with-markdown-in-lara...

It’s so closed source, even the URL doesn’t work! :-)
Ha I think it does now. It was linked to my .wip dev environment for a few minutes there! Oops.
>It might surprise you to learn that this site and its newsletter costs about $130 USD a month to run

Yes it does. I know you can never criticize someone else's infra nowadays without coming across as "I could clone StackOverflow and get it to run on a Raspberry Pi over a weekend," I have no idea what or how much stuff his backend is doing, and I know serverless is an added and often worthwhile expense....but man, that's way more than I'd expect.

I think is a very valid criticism, paying $1500 a year for a static site with a like button is odd. Hosting this site on something like Netlify would literally be free while also satisfying every other requirements save for the heart button. Even the Netlify pro tier would only be about $200 a year for a small site.
how would you compare using Netlify to AWS? could you get started on Netlify once you just buy a domain name?
Netlify is absurdly easy to get started on, it supports many static site generators etc out of the box. For my personal site it was a few clicks and no manual config required. Since you mentioned domains, you can even buy domains through them with auto-renew etc. I haven't used it for any large scale projects, but for small things, their batteries included approach is great.
that's really helpful to know, I'll make sure to check it out. thanks!
AWS has Amplify which is essentially their version of Netlify. It's surprisingly easy to spin up and is pretty cheap (not obviously not free like Netlify is).
He uses Convertkit to manage email, which costs him most of that figure for the “site and its newsletter” if he has 15k subscribers (about half of his Twitter following.)

https://convertkit.com/pricing

Yeah, I saw that figure and thought "damn, that's high".

I'm not sure how many hits per day that works out as, but currently I have a server that is 5 euros per month handling 20k hits per day (static and dynamic content on an old dedicated C1 Scaleway). Another server I run for a gaming community costs $1 per month.

> I have no idea what or how much stuff his backend is doing, and I know serverless is an added and often worthwhile expense

I keep looking at 'serverless' (+) - but it just seems like a way to sell me less for more. The benefit I get currently from a cloud solution is location (spin up an instance close to where the traffic is coming from), maintenance (I move around a lot) and network (dedicated high speed internet that cannot be easily DDoS'd).

(+) When I first heard about serverless, I really hoped it was a decentralized content hosting network - a bit like how something like PeerTube can benefit from having multiple users at a time. A person can dream!

> ....but man, that's way more than I'd expect.

He uses ConvertKit. It's amazing the total is only $130, given the popularity of his site.

From 3001 to 5k subs is $79/month on their basic plan and $111/month for the pro plan. No idea about larger lists, but they're not cheap.

$130/month for a website and newsletter considered minimal! Wow!
newsletters are not cheap if you have thousands of subscribers.
For $130 he could easily host his own email server that could handle that much traffic AND be accepted by major email providers.
how likely is it that the recipient would find sent emails in the spam folder ?
1%

Really depends if an organization uses its own blacklist besides the major public ones.

And, if you get an IP banned on a major public list, you can easily request removal - takes less than a half hour.

Just don't use AWS as the host.

How do I request google stop marking 1 in 30 of my emails as spam?
if you send maillists/newsletters, that's the main reason why those services cost money. (plus analytics and other stuff)
1 in 30 is very odd. Rate limit? Make sure you have reverse lookup for IPv4 and 6?
I’m pretty sure it’s all set up perfect. Almost all of my emails go through fine but every now and then google will spam one in the middle of a conversation with someone despite it containing no links or anything spam like.
The post makes it clear that he wants blogging to be as frictionless as possible and spend time on writing instead. Hosting and maintaining his own email server needs time, and it's another thing to worry about
Maintaining an email server is _not_ hard. The initial setup would be no harder than writing a Lambda function and setting proper DOS guards.

I am so sick of everyone saying it was so hard, when we have solutions like http://mailinabox.email or http://mailcow.email. Then it looks like a mailing list isn't too hard: https://github.com/maxking/docker-mailman

After intial setup mailing is so low maintenance now-a-days.

Getting mails delivered to an inbox isn't easy.

Here is one of the maintenance pages of one of the projects you linked: https://mailinabox.email/maintenance.html

I am not sure what sort of Lambda function you are referring to, but an AWS lambda is dead simple compared to that maintenance page.

He mentions in the article that the like button on his page is a lambda function.
I currently run email on ~10 domains using one $5/month digital ocean droplet running Mail In A Box. Adding a new domain is as simple as pointing nameservers to my server and creating a user with an email address on that domain (which can be done with curl using a simple one-liner api call, or manually through the admin interface) MIAB handles provisioning ssl certs, mta-sts, dane tsla, verifying we're not blacklisted at spamhaus, configuring roundcube and everything else. My domains get ~5k incoming messages a day. Maintenance litterally involves sshing into the server and running apt update/upgrade once a week or so and could easily be done as a cron job.
Incoming is trivial. Outgoing is not in my experience.
Receiving emails isn’t the challenging part. If you’re sending out tens of thousands of emails keeping your domain reputation high so you actually end up in peoples inboxes is not trivial.
Couldn't find anything on docker-mailman regarding analytics, integration with shopify (and other e-commerce alternatives). You know, things that are important when you run a newsletter, which the service that he uses offers him.

Also, time. When there's a problem, it's still on you to fix things, instead of having customer support.

You and the author seems to value their own time in different ways, and have different expectations on features a newsletter needs, and how much involvement with the service you are willing to have.

I can somewhat sympathize, although I don't view these arguments as strong since they could mostly be fixed with minimal effort. On the other hand, it's just a personal blog, so if you don't feel like sharing then that's cool too.

* The unpublished posts would require a different workflow; you could easily keep a private repo and a public repo, and publish by pushing from private to public.

* I don't really see a problem with copycats, personally. I personally feel like theme/design is just a minor style thing on top of the content and not even something that you "take credit for". Like, if someone wants to copy everything but the content of my blog, more power to them.

* The security angle is basically adding obscurity, which is a reasonable additional layer, however thin.

Yeah, what a weak post. My flippant TL;DR: "Because I'm too lazy to separate code and content."
I think that's a touch uncharitable; a lot of it is "because I'm not willing to put in the effort to make the code public-worthy". The security concerns, for instance, boil down to wanting the extra layer of security through obscurity. Besides... it's a personal blog. I don't really agree with the reasons, but it's their blog, so it's not like they owe anyone anything, including source code /shrug
TBH that's a perfectly valid reason in itself.
Yes. People do copy. You'd be lucky to even find attribution. This is one of the things which open source contributors need to make peace with. The way I look at it, the original grew out of my own experiences in my head and that can't be copied. As for manifestations... The more pretty / functional code and sites there are, the better!

A tip from over ten years of FOSS : never try to track your FOSS code, nothing good can possibly come of it

Can someone explain the part about copycats? The way I'm reading it is that the "copycats" forked the repo, and then retained the presentation while changing the content. In other words, it's like writing your own resume using someone else's publicly shared Word template. What am I missing? Why is this wrong?
because the sites are portfolios for web designers, so the medium is the message. it's as if a resume for a job as a Word template designer was written with someone else's template.
Oh, okay. Thank you for clarifying.
The repo isn't just a presentation template, it is a piece of work that proves you know your stuff. If an FE engineer's personal site is beautiful and slick, that's an obvious plus. Copying someone's handmade design (even worse, lazily) is bad manners. People are obviously going to assume you made it.
This is part of the reason I don't publish my creative works. I show them privately to friends and family, but I don't publish because part of the creative process for me is control: I may not be able to control much in the world, but I enjoy controlling every aspect of things I create, including who sees it and when. It's been very rewarding, and makes me sympathize for people like Kafka whose work got published against their explicit wishes.
> this site and its newsletter costs about $130 USD a month to run

I have toy site that gets around 100k users a month, with background services like a postgres db... and it costs me under $20 to run. I do everything in CloudRun (serverless) with a managed DB. What in the hell is this person doing?

Paying other people for their services rather than running things in a VM.
It only it was open source. Perhaps the community could suggest cost effective alternatives.

In all seriousness, running a blog that relies on serverless invocations would guarantee I’d do everything I could to avoid anything popular in case I had to pay out of pocket for a huge traffic surge.

Does it really matter when, presumably, your caching layer (however you choose to implement it) is handling basically all of your traffic for a nearly static site?
Cloud Server + CDN + Email. $130 doesn't sound that high.
CloudFlare Free Plan: $0

Email: $5-$10 FastMail plan, up to 16k emails a day

VM: If you manage to spend $120 here, you've fucked up somehow since you're hosting a static site with a like button.

Fastmail plan is not for newsletter, right?

As another comment pointed out, he uses ConvertKit for the newsletter, which can cost up to $59 per month for up to 1k subscribers[1]. If he has 10k, the cost would be way higher.

[1] https://convertkit.com/pricing

Fastmail is not for sending bulk newsletter email. There is a pretty sweet product we have called Topicbox which is a take on mailing lists for organizations, but for bulk sending I would recommend taking a look at one of the services dedicated towards newsletters specifically. They'll give you list management and a bunch of features needed to run a newsletter.
What I imagine is one factor is owner's monthly time involvement, either initial setup and/or monthly average and/or peak (when things inevitably break:)

I'm at a point in my life where for non-core activities/interests, I'd rather / more easily spend $100 to have a turnkey, than $20 but spend 10 hours :-/

(understanding that the author's reasoning is wildly different of course)

Especially since on a blog one would expect most traffic to be served from a cache of some sorts.
Each page load for this article is 485 KB data, but some of the other pages are more like 1.5 MB

This blog has seen 14,000 views today, but some of the other pages are ~38-40k views

So if you assume ~990KB average page size, 30k views, and he were to post once a day, then that is $78/mo in bandwidth costs assuming 9c/GB. Maybe people tend to click around to the homepage / old articles, or refresh the page a few times?

What kind of traffic cost is that? I just checked and I pay 1.19 EUR/TB after the first 20TB. The rate you mention is almost two orders of magnitude higher.
10GB/$ is the approximate price for bandwidth on EC2/GCE/Azure. Bandwidth is probably the most expensive item on those cloud services compared to other places.
I see. I knew bandwidth there was more expensive, but I couldn't have fathomed how much more expensive. I am surprised that one would be willing to put up with that for software as simple as a blog, but obviously a lot of people are.
For under 1TB in monthly bandwith many providers just straight up give it for free. And that bandwidth cost is crazy high regardless.
What would be the best way to get a toy site like that running? Buy a domain and host with S3? I've never built and run my own website, and it's something I'd like to try soon.
My advice: buy a bottom-tier VM. $1-2.50 a month. Install apache or nginx, pick a static site generator. Investigate LetsEncrypt. Run a local git repo and clone it off to a local machine every so often.

When you're feeling comfortable, buy a domain and set up LetsEncrypt for SSL. If you've found a limitation in the VM provider, consider moving to a different one. Consider whether a CDN is the right thing for you.

this is excellent, specific advice. I'll reference this when I get a chance to work on the site. thank you!
Go to vercel.com, begin.com, or netlify.com. Press a few buttons. Profit. They are free.
Very impressed by the looks of a lot of things on his blog. Tasteful and never over the top, but still interesting and unique. But I did not appreciate the audio being played when hovering over things, or pressing things. Audio in a browser should really only be used in a session that truly needs it, examples include: games, video/radio/media, chatting.

I'm not a web-text-purist, but audio in a document is where I draw the line, that annoyed me.

While I agree with the overall decision, this hurt to read:

> SInce it's closed-source, none of that matters to me. But if it was open, folks would want to grab it to use in their own projects. I'd feel a certain responsibility to make sure that it works well, or at least to make sure that its shortcomings are well-documented. And I don't want that responsibility right now.

I see this argument over and over. I see it in academia as an excuse not to share code and data. "I haven't cleaned it", "it might not work for you". *I* will decide if it fits *my needs*, and if it doesn't I don't see how it's your fault. Code is better than no code, I always have the option of not using it.

yeah it's a pretty weak argument. The first one - keeping people from ripping it off without attribution - is stronger regardless of its selfish bent.
it's a weak argument until you start getting pull requests, emails, passive-aggressive reddit posts, etc. etc. etc
just turn off your internet already if you can't ignore people.
So turning off your internet is an appropriate response, but making your projects closed source isn't?
How the hell did you reach that conclusion from what I wrote in the context of this thread? I'm honestly curious.
I don't like having people call me rude things on the internet. One way I can mitigate this is by not making my code OSS, which leads some small percentage of assholes to send really nasty messages when the code doesn't do what they want.

The context for this thread is whether this is an acceptable reason for keeping source closed. It seems from context that you don't believe this is an acceptable reason. You also say that if I can't ignore people that I should turn off my internet, which makes me think that you believe this is an acceptable response.

Thus, I believe that you believe that turning off the internet is a reasonable response and closing my source isn't.

I can understand where you're coming from.

My comment was meant to be hyperbole since I think if you're unable to ignore people online you should really just turn off your internet because it's really easy to ignore people online. I did not mean that you must make your code open source. I don't really care either way about that.

You (and many others) might have this viewpoint, but it's the loud minority that causes the pain.

Even with the small amount of open source software I've maintained I've gotten all kinds of angry emails and completely useless "bug reports" with no information. It gets exhausting after a while, and I agree that it's hard to just say "I don't care at all" when it happens. At minimum it's a bad look for you professionally if you never actually help maintain your open source software.

Yeah "just ignore them" is easy for me to say, but not that easy to do. I myself get plenty of those "tell me how I get started with X" emails to which I can't bring myself to reply "start with the docs". And I'm sure he already gets plenty of those support requests on account of his programming tips and courses alone...
This is a very reasonable position on your part. Unfortunately there are many people who don't share the sentiment. I've personally had people bug me again and again via mail, IRC, and Twitter DMs over a relatively small project that I had abandoned/wasn't able/willing to maintain anymore. Sure, I can just go ahead and ignore those people or send them a standard response, but I still found it to be mildly exhausting. I can't really blame someone for wanting to avoid that.
It seems like a premature optimization, similar to choosing a proprietary source available license from the start because you’re worried about Amazon stealing your customers.

Having aspirations about your project becoming a victim of its own success is good. Overselling your own success before it’s caused you a single issue is probably not good.

An acceptable reason for not sharing code is because you don't want to at this time, which may very well be never which is just fine. There's no need to share your personal code especially if you do not feel proud about sharing it.

Other situations like research, typically need the same materials to do verification of that work.

I agree that you don't have to release anything, and I won't call you out for it. If you write a blog post about it though, I might participate in the discussion and examine your arguments.

Of course the problem of research is slightly different, since you have a claim, are trying to be "peer reviewed", and possibly were funded by public money.

Unfortunately some people have no respect for open source maintainers time and do open issues with little to no context.

Take a look at the issues of any popular Github project to see this phenomenon exacerbated.

Coincidentally I stumbled upon an example today while randomly browsing Github projects. A project with 9k stars and someone opens an issue basically saying: "commands do not work": https://github.com/walkor/Workerman/issues/611

I don't mean to do finger pointing at this person. It's a common behaviour.

For maintainers it's exhausting to pursue each and every issue, asking for context. And if you don't keep a tight leash on them or use a bot they just pile up to hundreds of issues.

Note that I am not saying anyone should maintain anything. Disable the issue tracker if you want. I don't demand that you respond to any communication about it or do anything further.
I have spent a lot of years getting healthier via diet and lifestyle with an incurable and deadly condition. You would think people would welcome alternatives, given that it's incurable and deadly. You would think diet and lifestyle approaches would be the most conservative thing you could do because you have to eat and live anyway, so better to be more informed about how to do that well in the face of this.

It was an amazing amount of ugly drama to try to talk to others with my condition about what I do and what I think about why it probably works. And then people would take very conservative bits of advice that were the most well established and screw them up to an amazing degree.

One example: Coconut oil is a very well established beneficial supplement for my condition that is medically recommended and this is common knowledge for the CF community. It also tends to cause diarrhea.

So "on my advice", someone began giving their toddler like a freaking tablespoon of coconut oil per day -- which is insane amounts to give -- and the result was very extreme amounts of diarrhea that couldn't be contained by a diaper and resulted in the floor needing to be mopped (like every single day until she finally said something to me and I was like "That's waaaay too much coconut oil to give").

So, ultimately, I left all the lists and I still write about what I do for my health, but I've worked hard at figuring out how to talk about things to a lay audience knowing that some of them can manage to do amazingly stupid and harmful things with the most conservative suggestions. And I mostly don't have an audience for that kind of writing and I'm okay with that. Go have your dumpster fire elsewhere and don't try to pin the blame on me, thanks.

Code no doubt has some people like that. And there's a crazy amount of built in assumptions that the original author will know but may not know he "needs" to document and spell out explicitly so some random internet stranger doesn't create some dumpster fire and claim it's someone else's fault because "no one told me...!"

And no amount of "use at your own risk" type language is enough to protect you from crazies who want something for free, aren't competent enough to effectively deploy it and now think that freebie owes them like they paid good money and it came with a warranty.

People might do that anyway, see how you use React components on your blog and replicate it on their own, doing it wrong and making their webpages take minutes to load. See your animated sparkles, and replicate the effect over their whole pages. They can do that without your code.

If you want to make absolutely sure the "crazies" don't get any bad ideas from you, the only way is to not publish anything at all.

And not publishing something is a valid choice that the author is currently making with regards to his code for his blog and I support his right to be closed source on that detail so he can focus on other things.
We are discussing his article called "Why My Blog Is Closed Source". I am not randomly criticizing his life choices, just engaging in the discussion he started.
Well, arguably, other people started this discussion. He blogged about it because people said stuff to him about it and he chose to respond more generally, probably in part to try to reduce the amount of time spent explaining it one on one.

Yes, any time you publish anything at all, you risk having someone misuse it. But someone who replicates a thing and messes it up where you didn't provide the source code is less likely to act like "you did this to me, you evil monster, you." More importantly, the rest of the world is less likely to hold you responsible.

Publishing A and publishing B don't come with equal risks. He is choosing to mitigate risks for reasons that make sense to him in areas that matter to him and explaining it on his blog.

You can feel however you feel about that, but he has a right to make those distinctions and choices whether you like it or not.

I am not saying he has no right to his opinions, I am disagreeing. It seems like you are trying to argue that we don't get to argue or something, which is not productive. Please stop it.
It seems like you are trying to argue that we don't get to argue... Please stop it.

Irony, incarnate.

That is not what irony means. And you are still pushing the discussion further from the actual thread. Why? Can't you argue the point at hand instead of serving those "his opinion is valid", "we don't know if he wanted a discussion", and other "he has a right to make a bad choice" non-arguments?
That seems like a reasonable attitude to me. You might be surprised to learn that not everyone shares it, though.

My personal experience is that my paid customers have been much friendlier and less demanding than users of things I've put out for free. That's not a problem in and of itself: sometimes demanding users is just what I need to sharpen up myself and what I'm building. Having noticed this, though, I've tried to be more thoughtful about what I put out, in what format, and under what terms.

All that to say: I sympathize with both points of view.

>It might surprise you to learn that this site and its newsletter costs about $130 USD a month to run; I don't make any money off the site, so this comes out-of-pocket. I'd really like to keep that cost as low as possible

http://bettermotherfuckingwebsite.com/

I really don't understand why something like a blog needs to be much more than this to be honest.

It's a blog that focuses on building rich, interactive, CSS heavy websites. I don't think spartan design would really speak well for the purpose of the blog.
I run 20 home build sites on a 20€ server.

( As a comparison)

But you also spent more time setting this up, and need to spend some time and effort maintaining this.

Years ago I told one of my coworkers that I brought in my bike to the repair shop to replace the tire for €15. "€15? You can just do that yourself?" Sure, but I'd spend 30 minutes mucking about and and getting my hands dirty. It's not like I got a stash of money to burn, but I'd rather just pay the €15.

The popular dogma.

We had more troubles with work with "the cloud".

Setting it up was just pressing publish in VS + git and 1 time the domain+site ( 5 minutes in total ). So I spend less time on it.

Everyone seems to forget that every deployment needs to be configured somewhere. If not by you, someone else.

The server is windows server with IIS. Nothing special, you can get it for the price of an 1 Shared App Service in Azure ( 10 € / m = 1 Windows Server) vs 8€ / month ( 1 Shared App Service).

I didn't had to do maintenance in the last year. But I did create a custom statuspage. But it's used mostly to deliver updates of clients when I deploy ( it creates a RSS entry when I deploy, which clients can receive).

Clients are notified 100% of the time with updates from the developer as soon as it happens, if they want it :)

This isn't "dogma", this is based on my experience of doing this for 20 years.
Perhaps my tech stack is simpler and requires less maintenance than yours.

I suppose with your 20 years of experience ( Github exists since 2008 as a reference), you can give me some actual examples that the cloud improves on workload?

Eg. I have a small member management saas that I haven't touched in the 6 years that it's running. I just realized that it's probably hosted on my test server ( my first VPS) and if it wasn't used, I wouldn't have been able to send the yearly invoice :)

The dogma is in thinking that the cloud makes everything simpler. It isn't. It makes difficult things more simple, but in a lot of cases, you don't need them in the first place.

I self-hosted everything for years. Now I just use FastMail and Netlify. It's a time-saver, works well, and overall is more reliable.

> The dogma is in thinking that the cloud makes everything simpler.

I never said anything of the sort. Everything comes with trade-offs. I host my product on two Alpine Linux VPSs. But I also spent time setting all of that up and need to spend time maintaining it. For personal projects, cloud tools like FastMail tend to be the better choice in most cases.

And I've never said anything about self hosting email.

I was talking about client projects. Hosting email isn't a client project and is something I wouldn't selfhost either.

When I mean creating projects in the cloud, I'm talking about using the big 3 Google, Microsoft and Amazon cloud. I even explicitly mentioned azure...

Netlify is build on top of AWS and for them, it's useful for actual scaling on the "edge". But most sites on netlify don't need their edge capabilities.

And cloudflare is one self hosting it on more edge locations ( i think they could even join the big 3 soon)

And still, some customers had issues 21 days ago with netlify DNS. So those clients spend time on that too and didn't knew what was happening at first

https://news.ycombinator.com/item?id=26581027

Additionally, here are some edge cases you can run into for DNS:

https://answers.netlify.com/t/support-guide-dns-quick-start-...

But i guess those issues don't count as "maintenance/work" :)

I'm not entirely sure what your point here is; nothing is perfect, and as I said before everything had their advantages and disadvantages.
The whole premise seems a little weird to me since it's totally reasonable not to open source your blog website to the point where it's probably not even necessary to justify it.

I do like it, though, even the silly heart feature which I would have expected to hate.

yeah, you'd think so - but these days with so many 'blogging engines' arising out of open source, alot of activity in that space, jamstack etc, everyone like expects everything to have an associated git repository. A bit weird, but is the state of things. He mentioned he had multiple inquiries about it too.
I think there was some expectation as the previous version of the blog was open source. But I agree that it shouldn't be expected. My blog isn't open source and I don't feel the need to open it.
Hmm, having a like button use a Lambda function doesn't seem very efficient if it does _nothing_ as he says, even if it is cool.
This is the stupidest thing I've read today. It costs him $130 per mo to host his blog?!!!!

If he wanted to hide his designs so much he could just put a login page for folks he wants to vet. Any page you send to the client obfuscated or not is sent to the client, period.

The rate-limiting he wanted on some counter is the weirdest thing, just have users login if you are so bothered about server less bills for something so trivial.

Blog + newsletter. He has a fairly large following so the vast majority of that cost is likely from the newsletter.
Most of that cost is probably in his newsletter ESP. I believe he uses ConvertKit and has around 30,000 subscribers. But I'm not sure how that math works because the ConvertKit website says the 35K pricing tier is $216 per month.
I'm not sure if I really buy most if not all of these arguments, especially the security one. Haven't we already established security through obscurity doesn't work that well?

Ultimately, a simple "because I don't want to and I don't want people to copy me, thus I'm not making it trivial" would have been enough.

Another pointless bunch of words designed to drive traffic. There is no need to justify a blog being closed source. He just wrote that post to get a few more people on his site.

Oh and the sparkle thing is rubbish.

One of the reaons the author gives is that they have drafts for unpublished posts, and that it would be too complicated to keep those apart from the public repository (separate repo, git submodule).

Wouldn't it suffice to just have them in a different, private branch? The public stuff would be in the main branch pushed to the public repo, the private stuff would remain local in the private branch?