Why i not use GitHub

Post Reply

Do you have a githubaccount?

Yes, i use github as best git
2
14%
Yes, but i am switching to another git
1
7%
I have one but don't use github for own repos
5
36%
I have one but don't use it
1
7%
No
5
36%
 
Total votes: 14

User avatar
debiankaios
Member
Posts: 910
Joined: Thu Dec 03, 2020 12:48
IRC: debiankaios
In-game: debiankaios Nowe
Location: germany
Contact:

Why i not use GitHub

by debiankaios » Post

Please read the post until end before answering. I glad here answers.

1. 2-Factor-Authentication
I tried so many times to switch it off. But it don't worked! I wanted turn it off but there stand it is already off. And it want still a Code. Then my e-mail got hacked. Now i can't log-in me for a while.
2. Github is owned by Microsoft
Github is owned by Microsoft and minecraft is also owned by Microsoft. And if minetest get to famous and minecraft would not anymore give so much money because all play minetest. I think microsoft would not be so happy. Yeah i minetest is allowed to make content like mineclone. But dependent on microsoft would be not good in this case
3. No good layout
Maybe you are other meaning but i think github looks very bad. Gitlab and Codeberg and notabug looks better then github and have a big Minetest-userbase.
4. More
I saw already posts which found github bad too. I am not first and i think i'll not be the last. The reason why i posted this post is that i got said i should use github to report suggestions. Why there is then a mirnor of minetest to gitlab.
Last edited by debiankaios on Wed Sep 28, 2022 18:21, edited 2 times in total.

User avatar
TenPlus1
Member
Posts: 3715
Joined: Mon Jul 29, 2013 13:38
In-game: TenPlus1
Contact:

Re: Why i not use GitHub

by TenPlus1 » Post

I use notabug.org which is a simple gog based git platform.

User avatar
Blockhead
Member
Posts: 1623
Joined: Wed Jul 17, 2019 10:14
GitHub: Montandalar
IRC: Blockhead256
In-game: Blockhead Blockhead256
Location: Land Down Under
Contact:

Re: Why i not use GitHub

by Blockhead » Post

  1. 2-factor authentication
    2-factor authentication (2FA) is good for your security. You should want 2FA. You should use 2FA on GitLab. If you leave your browser logged into GitHub you don't have to enter a 2FA code very often. The way I use it is with the Google Authenticator app on my phone. It's not hard and I don't have to use it often. It's certainly more secure than SMS authentication.

    Your email getting hacked is your problem, not anyone else's. Use a strong password, don't tell it to anyone, and be very wary of phishing scams. 2FA would even protect your GitHub/GitLab account even if your email is hacked. Let's assume you use the same password or a similar password for everything. Now let's assume the same person who hacked your email account also wanted to get into your GitHub/GitLab account. They could type your email and password in, maybe they have to change a few letters/numbers in the password but they still guess it. Then they would get asked for your 2FA code. Well now they're stuck because they don't have your phone with its 2FA code available, so they don't get into that account at least. But then they will keep trying your email and password against most of your other accounts, which mostly won't have 2FA, and get access to a lot of those. They don't always know what websites you are a member of, but they can just check the most popular websites one at a time until they get bored, have enough information to doxx/extort you, or they have a script for it and that script runs through 100 sites or so.

    Please debiankaos, take care of your security properly. Don't let your email get hacked again - never tell anyone the password, don't write it down, set a strong password, and don't reuse passwords. You may have to start using a new email address, which I know is painful, but once an account is compromised it can be really easy to compromise again. If anyone else has access to the same computer as you, always log out of your accounts before you finish using the computer. Also start using a password manager like KeepassXC - that way you don't have to remember passwords, but you always get strong passwords. And use 2FA on GitHub, GitLab and other important sites you care about.
  2. GitHub is owned by Microsoft
    Yes, this is a potential issue in the future. However I think it's much more likely to affect Multicraft which is also hosted on GitHub. But it hasn't happened yet, and even if it does, we can just move to GitLab when it does. We might lose some of the issue tracker information, or someone might have a backup - we should probably take care of that.
  3. No good layout
    GitLab simply has more features and a more desktop-oriented design. Also they probably had to make sure they don't directly clone GitHub's layout, which is basically what Gitea/GOGs did for an older version of GitHub. But it's easier to find some stuff on GitHub and easier to find other stuff on GitLab. I don't rate one of them higher than another, they're just different.
  4. More
    The GitLab mirror exists so the Minetest developers can use GitLab CI, which will automatically build versions of Minetest as they are pushed to GitHub and then mirrored to GitLab. GitLab is better for this feature, but I suspect GitHub will always continue to be the primary website. It think that Minetest will stay on GitHub because it's the "Facebook" of Git hoster sites - (almost) everyone has an account with them, so it's the smallest barrier to entry for inviting contributors. If the Minetest devs don't want issues on GitLab, they should disable it there, it's not hard to do. I don't really like GitHub either, but being on GitHub automatically gets more interest in the project. GitHub is not as trustworthy as GitLab, but remember both of them are companies trying to get your money with premium plans, and while none of GitHub's server code is open source, GitLab Ultimate's extra functionality is not all open source either. However, both of them do help open source projects, they just do it in a way that also tries to make them money.

    For your own stuff can use Gitea, GOGs sites, self-hosted Gitea/GOGs, or even cgit or sourcehut if you want freedom (as in free software freedom). But GitHub and GitLab have the most features and the best visibility. It's your choice.
Last edited by Blockhead on Thu Sep 15, 2022 16:16, edited 1 time in total.
/˳˳_˳˳]_[˳˳_˳˳]_[˳˳_˳˳\ Advtrains enthusiast | My map: Noah's Railyard | My Content on ContentDB ✝️♂

User avatar
debiankaios
Member
Posts: 910
Joined: Thu Dec 03, 2020 12:48
IRC: debiankaios
In-game: debiankaios Nowe
Location: germany
Contact:

Re: Why i not use GitHub

by debiankaios » Post

1. Ok, that with the e-mail is not simple to explain. In future i want set up the server of the email new so i get it back and i get the account back. 2FA will not protect you complete. A famous german youtuber got hacked on youtube and he use 3FA and google has a fourth factor! And we make big steps to Quantum Computer. And i think the app is only aviable for smartphones, i use personally no smartphone. If you find Google Authentificator for KaiOS say it me.

2. ok
3. ok
4. Ok, but i think that we should use an alternative-platform to gitlab.

User avatar
LMD
Member
Posts: 1386
Joined: Sat Apr 08, 2017 08:16
GitHub: appgurueu
IRC: appguru[eu]
In-game: LMD
Location: Germany
Contact:

Re: Why i not use GitHub

by LMD » Post

Oh the logical fallacies!

"A famous german youtuber got hacked on youtube and he use 3FA and google has a fourth factor!" - (1) I doubt this; perhaps he just didn't want to admit that his password was "passwort"? (2) if all factors are compromised, you can obviously still get hacked - it's always about minimizing the chances, which will never be zero (4) a single "point-in-case" has no value, provide proper statitics please

Whataboutism: "And we make big steps to Quantum Computer" - yes, but we aren't there yet by far, and each time scientists get closer, you can just bump key length and they'll take another decade to double their qubits;

Strawman: "And i think the app is only aviable for smartphones, i use personally no smartphone." - no, smartphones are not the only possible second factor.

I don't see any compelling reason to leave GitHub for now.
My stuff: Projects - Mods - Website

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Why i not use GitHub

by rubenwardy » Post

debiankaios wrote:
Thu Sep 15, 2022 12:20
and i think the app is only aviable for smartphones, i use personally no smartphone. If you find Google Authentificator for KaiOS say it me.
TOTP is a standard, you could even do it with pen and paper if you're quick

Google something like "linux TOTP" or "firefox TOTP". Some password managers support it - ex: KeePass

I used Authenticator on Firefox and Chrome, it's MIT licensed.
https://addons.mozilla.org/en-US/firefo ... ent=search
https://chrome.google.com/webstore/deta ... addinpkbai
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
debiankaios
Member
Posts: 910
Joined: Thu Dec 03, 2020 12:48
IRC: debiankaios
In-game: debiankaios Nowe
Location: germany
Contact:

Re: Why i not use GitHub

by debiankaios » Post

I know you like 2FA, but i am not for 2FA and i think it's bad if github enforces to use 2FA. It spam my email(because i delete after every browser-restart all cookies and remember me-information get also deleted).

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Why i not use GitHub

by rubenwardy » Post

This type of 2FA doesn't use email. And deleting everything when closing the browser sounds exhausting. If you think that'll stop you being tracked, you'll be surprised
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
apercy
Member
Posts: 640
Joined: Wed Mar 25, 2020 16:31
GitHub: APercy
In-game: APercy
Location: Pinheiral - RJ - Brazil

Re: Why i not use GitHub

by apercy » Post

LMD wrote:
Thu Sep 15, 2022 14:10
...

I don't see any compelling reason to leave GitHub for now.
Me too.

User avatar
Hume2
Member
Posts: 709
Joined: Tue Jun 19, 2018 08:24
GitHub: Hume2
In-game: Hume2
Location: Czech Republic

Re: Why i not use GitHub

by Hume2 » Post

If I'm not mistaken, github offers two methods of 2FA. One involves a smartphone app and the other involves SMS. So if you don't have a smartphone and you don't want MICROS~1 to know your personal phone number, this viewpoint is completely understandable. It is my case also, so I know well.

I understand the importance of 2FA but it should be opt-in IMO. If it doesn't go about banking or other kind of life-important activity, it's just an annoyance for me. If someone hacks my github account and deletes all my repositories then what? I don't have there anything secret or anything that I would miss. I have local copies anyway.

By the way, there is a workaround. You can generate a token with all permissions and then use it as password.
If you lack the reality, go on a trip or find a job.

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Why i not use GitHub

by rubenwardy » Post

Hume2 wrote:
Mon Sep 26, 2022 19:04
If I'm not mistaken, github offers two methods of 2FA. One involves a smartphone app and the other involves SMS. So if you don't have a smartphone and you don't want MICROS~1 to know your personal phone number, this viewpoint is completely understandable. It is my case also, so I know well.
This is false, it doesn't require a smartphone app. TOTP is a standard protocol, there's browser extensions and terminal programs for it.

As I wrote above:
rubenwardy wrote:
Thu Sep 15, 2022 17:28
TOTP is a standard, you could even do it with pen and paper if you're quick

Google something like "linux TOTP" or "firefox TOTP". Some password managers support it - ex: KeePass

I used Authenticator on Firefox and Chrome, it's MIT licensed.
https://addons.mozilla.org/en-US/firefo ... ent=search
https://chrome.google.com/webstore/deta ... addinpkbai
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
v-rob
Developer
Posts: 970
Joined: Thu Mar 24, 2016 03:19
GitHub: v-rob
IRC: v-rob
Location: Right behind you.

Re: Why i not use GitHub

by v-rob » Post

Correct my misconception if I'm wrong, but I'm given to the understanding that TOTP requires some sort of application (be it phone app, extension, desktop program, whatever) that stores private keys on your device, and then performs bunches of funky algorithms on it and the current time to get a temporary password. Type it in, and you're admitted to whatever you're trying to login to.

I don't have any problem with this basic idea, and would use 2FA if it weren't for the problem that it fundamentally requires a device that you have with you wherever you want to sign in. So, if I wanted to sign in on someone else's computer without having that device with me, I'm out of luck. I've never liked being forced to carry a phone around absolutely everywhere. So, unless there's something I misunderstand or don't know about 2FA, that's my reason for being reluctant to use it.
Core Developer | My Best Mods: Bridger - Slats - Stained Glass

User avatar
Hume2
Member
Posts: 709
Joined: Tue Jun 19, 2018 08:24
GitHub: Hume2
In-game: Hume2
Location: Czech Republic

Re: Why i not use GitHub

by Hume2 » Post

rubenwardy wrote:
Mon Sep 26, 2022 20:03
This is false, it doesn't require a smartphone app. TOTP is a standard protocol, there's browser extensions and terminal programs for it.
I didn't know that the smartphone isn't mandatory in the process. When I tried to set it up, I thought that it was from their description.
v-rob wrote:
Tue Sep 27, 2022 18:10
Correct my misconception if I'm wrong, but I'm given to the understanding that TOTP requires some sort of application (be it phone app, extension, desktop program, whatever) that stores private keys on your device, and then performs bunches of funky algorithms on it and the current time to get a temporary password. Type it in, and you're admitted to whatever you're trying to login to.

I don't have any problem with this basic idea, and would use 2FA if it weren't for the problem that it fundamentally requires a device that you have with you wherever you want to sign in. So, if I wanted to sign in on someone else's computer without having that device with me, I'm out of luck. I've never liked being forced to carry a phone around absolutely everywhere. So, unless there's something I misunderstand or don't know about 2FA, that's my reason for being reluctant to use it.
I think, there should be a way to copy the private key onto another device. But still, if you're working at a computer which you don't own, you have the same problem.
If you lack the reality, go on a trip or find a job.

User avatar
debiankaios
Member
Posts: 910
Joined: Thu Dec 03, 2020 12:48
IRC: debiankaios
In-game: debiankaios Nowe
Location: germany
Contact:

Re: Why i not use GitHub

by debiankaios » Post

To the private keys, i remember me, one year ago my HDD destroyed. There were some keys. I had save them because a rescue-program. I remember me that my website got hacked. Thatcause i can't go to my github-account! It makes me really angry because i know my password and i haven't activated 2FA. I lost my phone 10 months ago. I was really sad, because i liked it. But my sim-card get lost also. All 3 problems weren't resolved for a short time. At moment i only resolved only the hdd-problem. I don't want make a new github-account, because if i get time i can create a new email, because i still own my domain. And then i can send screenshots and videos about it, the 2FA. Short, i don't like 2FA. I think other should able to use it, but:
1. github should not lie that 2FA isn't active but it is
2. github should not force to use 2FA. viewtopic.php?f=3&t=28071

User avatar
Blockhead
Member
Posts: 1623
Joined: Wed Jul 17, 2019 10:14
GitHub: Montandalar
IRC: Blockhead256
In-game: Blockhead Blockhead256
Location: Land Down Under
Contact:

Re: Why i not use GitHub

by Blockhead » Post

To anyone concerned about needing a phone, there are products, only a few of them yes, but there are some that let you load and store multiple TOTP codes. Here's a helpful reddit thread that points to several products.
/˳˳_˳˳]_[˳˳_˳˳]_[˳˳_˳˳\ Advtrains enthusiast | My map: Noah's Railyard | My Content on ContentDB ✝️♂

User avatar
Hume2
Member
Posts: 709
Joined: Tue Jun 19, 2018 08:24
GitHub: Hume2
In-game: Hume2
Location: Czech Republic

Re: Why i not use GitHub

by Hume2 » Post

Github used to have 2FA as an optional feature for a long time, even way back when they weren't bought by MICROS~1. But then MICROS~1 decided that 2FA will be obligatory.

Also note that TOTP is not more secure than password, it is just secure in a different way. Passwords are one-way encrypted on the server, so if the password database gets leaked, there is no way to obtain the actual passwords except brute-force. However, one-way encryption for TOTP keys makes no sense because the server has to know the key also. The advantage of TOTP is that phishing isn't as efficient because the one-time password is valid only for a short period of time.
If you lack the reality, go on a trip or find a job.

User avatar
Wuzzy
Member
Posts: 4786
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy
Contact:

Re: Why i not use GitHub

by Wuzzy » Post

I hate and despise GitHub but I still have to use it because this is the only official way to contribute code to Minetest. If I refuse to use GitHub, I am simply completely locked out of the contribution process. I highly doubt they would accept patchfiles from me. :D I, together with Zughy and others, strongly support the proposal to move Minetest away from GitHub to a FOSS-friendly website.

I have a GitHub account only to submit bugs and comments and PRs to projects on GitHub. All my own repos are on www.codeberg.org or (for historic reasons) repo.or.cz. I especially like www.codeberg.org for being aggressively pro-FOSS and not be controlled by a large, faceless corporation.

I am against GitHub because the website is full of proprietary JavaScript code. This alone should instantly disqualify GitHub from any FOSS project that takes itself seriously but for some weird reason it does not. It is so frustrating how GitHub just happened to become the de-facto code hoster for the majority including FOSS (!) although it is literally proprietary itself. The irony is not lost on me and I continue to point it out. What annoys me most is that people are so defensive of GitHub as if we literally had no other choice. But in reality, websites like Codeberg.org and NotABug work just fine, it's just that people keep dismissing them.

GitHub still (kinda) works with JavaScript disabled but this is still a half-solution. The website is partially broken w/o JavaScript (and has been since YEARS and there is no indication they will fix this anytime soon), which sucks, but I have tools to work around that.

User avatar
rudzik8
Member
Posts: 192
Joined: Wed Jun 02, 2021 04:13
GitHub: rudzik8
In-game: db75c and rudzik8
Location: Siberia

Re: Why i not use GitHub

by rudzik8 » Post

I think the best solution would be make Mesehub official hosting. Give it donations from Minetest account (i.e. from donations to the Minetest team), host all official Minetest stuff on it (or at least make official mirrors), advice people to use Mesehub instead of GitHub, eventually move it to the git.minetest.net (with git.minetest.land staying as a redirect?) and so on.
Gitea is a very pleasing solution from my view, especially when some big projects (like MineClone 2) are already hosted on one of its' instances.
MineClone2 dev and modder and the creator of Voxelgarden (revived) || Codeberg

randomperson
Member
Posts: 28
Joined: Sat Dec 24, 2022 06:08

Re: Why i not use GitHub

by randomperson » Post

@debiankaios Not going to help you with the git-centricness of todays internet but if are looking for a simple way to manage your source code you might want to look into fossil (https://fossil-scm.org/). It comes with it's own webinterface which you can either host on a server or simply run locally (https://chiselapp.com/ is also an option if you want to make your repo public but don't care for selfhosting) and it's also made by the author of sqlite so it's pretty much brilliant by definition ;)

Post Reply

Who is online

Users browsing this forum: No registered users and 12 guests