Why i not use GitHub
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Why i not use GitHub
Please read the post until end before answering. I glad here answers.
1. 2-Factor-Authentication
I tried so many times to switch it off. But it don't worked! I wanted turn it off but there stand it is already off. And it want still a Code. Then my e-mail got hacked. Now i can't log-in me for a while.
2. Github is owned by Microsoft
Github is owned by Microsoft and minecraft is also owned by Microsoft. And if minetest get to famous and minecraft would not anymore give so much money because all play minetest. I think microsoft would not be so happy. Yeah i minetest is allowed to make content like mineclone. But dependent on microsoft would be not good in this case
3. No good layout
Maybe you are other meaning but i think github looks very bad. Gitlab and Codeberg and notabug looks better then github and have a big Minetest-userbase.
4. More
I saw already posts which found github bad too. I am not first and i think i'll not be the last. The reason why i posted this post is that i got said i should use github to report suggestions. Why there is then a mirnor of minetest to gitlab.
1. 2-Factor-Authentication
I tried so many times to switch it off. But it don't worked! I wanted turn it off but there stand it is already off. And it want still a Code. Then my e-mail got hacked. Now i can't log-in me for a while.
2. Github is owned by Microsoft
Github is owned by Microsoft and minecraft is also owned by Microsoft. And if minetest get to famous and minecraft would not anymore give so much money because all play minetest. I think microsoft would not be so happy. Yeah i minetest is allowed to make content like mineclone. But dependent on microsoft would be not good in this case
3. No good layout
Maybe you are other meaning but i think github looks very bad. Gitlab and Codeberg and notabug looks better then github and have a big Minetest-userbase.
4. More
I saw already posts which found github bad too. I am not first and i think i'll not be the last. The reason why i posted this post is that i got said i should use github to report suggestions. Why there is then a mirnor of minetest to gitlab.
Last edited by debiankaios on Wed Sep 28, 2022 18:21, edited 2 times in total.
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
Re: Why i not use GitHub
I use notabug.org which is a simple gog based git platform.
- Blockhead
- Member
- Posts: 1624
- Joined: Wed Jul 17, 2019 10:14
- GitHub: Montandalar
- IRC: Blockhead256
- In-game: Blockhead Blockhead256
- Location: Land Down Under
- Contact:
Re: Why i not use GitHub
- 2-factor authentication
2-factor authentication (2FA) is good for your security. You should want 2FA. You should use 2FA on GitLab. If you leave your browser logged into GitHub you don't have to enter a 2FA code very often. The way I use it is with the Google Authenticator app on my phone. It's not hard and I don't have to use it often. It's certainly more secure than SMS authentication.
Your email getting hacked is your problem, not anyone else's. Use a strong password, don't tell it to anyone, and be very wary of phishing scams. 2FA would even protect your GitHub/GitLab account even if your email is hacked. Let's assume you use the same password or a similar password for everything. Now let's assume the same person who hacked your email account also wanted to get into your GitHub/GitLab account. They could type your email and password in, maybe they have to change a few letters/numbers in the password but they still guess it. Then they would get asked for your 2FA code. Well now they're stuck because they don't have your phone with its 2FA code available, so they don't get into that account at least. But then they will keep trying your email and password against most of your other accounts, which mostly won't have 2FA, and get access to a lot of those. They don't always know what websites you are a member of, but they can just check the most popular websites one at a time until they get bored, have enough information to doxx/extort you, or they have a script for it and that script runs through 100 sites or so.
Please debiankaos, take care of your security properly. Don't let your email get hacked again - never tell anyone the password, don't write it down, set a strong password, and don't reuse passwords. You may have to start using a new email address, which I know is painful, but once an account is compromised it can be really easy to compromise again. If anyone else has access to the same computer as you, always log out of your accounts before you finish using the computer. Also start using a password manager like KeepassXC - that way you don't have to remember passwords, but you always get strong passwords. And use 2FA on GitHub, GitLab and other important sites you care about. - GitHub is owned by Microsoft
Yes, this is a potential issue in the future. However I think it's much more likely to affect Multicraft which is also hosted on GitHub. But it hasn't happened yet, and even if it does, we can just move to GitLab when it does. We might lose some of the issue tracker information, or someone might have a backup - we should probably take care of that. - No good layout
GitLab simply has more features and a more desktop-oriented design. Also they probably had to make sure they don't directly clone GitHub's layout, which is basically what Gitea/GOGs did for an older version of GitHub. But it's easier to find some stuff on GitHub and easier to find other stuff on GitLab. I don't rate one of them higher than another, they're just different. - More
The GitLab mirror exists so the Minetest developers can use GitLab CI, which will automatically build versions of Minetest as they are pushed to GitHub and then mirrored to GitLab. GitLab is better for this feature, but I suspect GitHub will always continue to be the primary website. It think that Minetest will stay on GitHub because it's the "Facebook" of Git hoster sites - (almost) everyone has an account with them, so it's the smallest barrier to entry for inviting contributors. If the Minetest devs don't want issues on GitLab, they should disable it there, it's not hard to do. I don't really like GitHub either, but being on GitHub automatically gets more interest in the project. GitHub is not as trustworthy as GitLab, but remember both of them are companies trying to get your money with premium plans, and while none of GitHub's server code is open source, GitLab Ultimate's extra functionality is not all open source either. However, both of them do help open source projects, they just do it in a way that also tries to make them money.
For your own stuff can use Gitea, GOGs sites, self-hosted Gitea/GOGs, or even cgit or sourcehut if you want freedom (as in free software freedom). But GitHub and GitLab have the most features and the best visibility. It's your choice.
Last edited by Blockhead on Thu Sep 15, 2022 16:16, edited 1 time in total.
/˳˳_˳˳]_[˳˳_˳˳]_[˳˳_˳˳\ Advtrains enthusiast | My map: Noah's Railyard | My Content on ContentDB ✝️♂
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Re: Why i not use GitHub
1. Ok, that with the e-mail is not simple to explain. In future i want set up the server of the email new so i get it back and i get the account back. 2FA will not protect you complete. A famous german youtuber got hacked on youtube and he use 3FA and google has a fourth factor! And we make big steps to Quantum Computer. And i think the app is only aviable for smartphones, i use personally no smartphone. If you find Google Authentificator for KaiOS say it me.
2. ok
3. ok
4. Ok, but i think that we should use an alternative-platform to gitlab.
2. ok
3. ok
4. Ok, but i think that we should use an alternative-platform to gitlab.
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
- LMD
- Member
- Posts: 1386
- Joined: Sat Apr 08, 2017 08:16
- GitHub: appgurueu
- IRC: appguru[eu]
- In-game: LMD
- Location: Germany
- Contact:
Re: Why i not use GitHub
Oh the logical fallacies!
"A famous german youtuber got hacked on youtube and he use 3FA and google has a fourth factor!" - (1) I doubt this; perhaps he just didn't want to admit that his password was "passwort"? (2) if all factors are compromised, you can obviously still get hacked - it's always about minimizing the chances, which will never be zero (4) a single "point-in-case" has no value, provide proper statitics please
Whataboutism: "And we make big steps to Quantum Computer" - yes, but we aren't there yet by far, and each time scientists get closer, you can just bump key length and they'll take another decade to double their qubits;
Strawman: "And i think the app is only aviable for smartphones, i use personally no smartphone." - no, smartphones are not the only possible second factor.
I don't see any compelling reason to leave GitHub for now.
"A famous german youtuber got hacked on youtube and he use 3FA and google has a fourth factor!" - (1) I doubt this; perhaps he just didn't want to admit that his password was "passwort"? (2) if all factors are compromised, you can obviously still get hacked - it's always about minimizing the chances, which will never be zero (4) a single "point-in-case" has no value, provide proper statitics please
Whataboutism: "And we make big steps to Quantum Computer" - yes, but we aren't there yet by far, and each time scientists get closer, you can just bump key length and they'll take another decade to double their qubits;
Strawman: "And i think the app is only aviable for smartphones, i use personally no smartphone." - no, smartphones are not the only possible second factor.
I don't see any compelling reason to leave GitHub for now.
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Why i not use GitHub
TOTP is a standard, you could even do it with pen and paper if you're quickdebiankaios wrote: ↑Thu Sep 15, 2022 12:20and i think the app is only aviable for smartphones, i use personally no smartphone. If you find Google Authentificator for KaiOS say it me.
Google something like "linux TOTP" or "firefox TOTP". Some password managers support it - ex: KeePass
I used Authenticator on Firefox and Chrome, it's MIT licensed.
https://addons.mozilla.org/en-US/firefo ... ent=search
https://chrome.google.com/webstore/deta ... addinpkbai
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Re: Why i not use GitHub
I know you like 2FA, but i am not for 2FA and i think it's bad if github enforces to use 2FA. It spam my email(because i delete after every browser-restart all cookies and remember me-information get also deleted).
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Why i not use GitHub
This type of 2FA doesn't use email. And deleting everything when closing the browser sounds exhausting. If you think that'll stop you being tracked, you'll be surprised
- apercy
- Member
- Posts: 640
- Joined: Wed Mar 25, 2020 16:31
- GitHub: APercy
- In-game: APercy
- Location: Pinheiral - RJ - Brazil
Re: Why i not use GitHub
Me too.
- Hume2
- Member
- Posts: 709
- Joined: Tue Jun 19, 2018 08:24
- GitHub: Hume2
- In-game: Hume2
- Location: Czech Republic
Re: Why i not use GitHub
If I'm not mistaken, github offers two methods of 2FA. One involves a smartphone app and the other involves SMS. So if you don't have a smartphone and you don't want MICROS~1 to know your personal phone number, this viewpoint is completely understandable. It is my case also, so I know well.
I understand the importance of 2FA but it should be opt-in IMO. If it doesn't go about banking or other kind of life-important activity, it's just an annoyance for me. If someone hacks my github account and deletes all my repositories then what? I don't have there anything secret or anything that I would miss. I have local copies anyway.
By the way, there is a workaround. You can generate a token with all permissions and then use it as password.
I understand the importance of 2FA but it should be opt-in IMO. If it doesn't go about banking or other kind of life-important activity, it's just an annoyance for me. If someone hacks my github account and deletes all my repositories then what? I don't have there anything secret or anything that I would miss. I have local copies anyway.
By the way, there is a workaround. You can generate a token with all permissions and then use it as password.
If you lack the reality, go on a trip or find a job.
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Why i not use GitHub
This is false, it doesn't require a smartphone app. TOTP is a standard protocol, there's browser extensions and terminal programs for it.Hume2 wrote: ↑Mon Sep 26, 2022 19:04If I'm not mistaken, github offers two methods of 2FA. One involves a smartphone app and the other involves SMS. So if you don't have a smartphone and you don't want MICROS~1 to know your personal phone number, this viewpoint is completely understandable. It is my case also, so I know well.
As I wrote above:
rubenwardy wrote: ↑Thu Sep 15, 2022 17:28TOTP is a standard, you could even do it with pen and paper if you're quick
Google something like "linux TOTP" or "firefox TOTP". Some password managers support it - ex: KeePass
I used Authenticator on Firefox and Chrome, it's MIT licensed.
https://addons.mozilla.org/en-US/firefo ... ent=search
https://chrome.google.com/webstore/deta ... addinpkbai
- v-rob
- Developer
- Posts: 970
- Joined: Thu Mar 24, 2016 03:19
- GitHub: v-rob
- IRC: v-rob
- Location: Right behind you.
Re: Why i not use GitHub
Correct my misconception if I'm wrong, but I'm given to the understanding that TOTP requires some sort of application (be it phone app, extension, desktop program, whatever) that stores private keys on your device, and then performs bunches of funky algorithms on it and the current time to get a temporary password. Type it in, and you're admitted to whatever you're trying to login to.
I don't have any problem with this basic idea, and would use 2FA if it weren't for the problem that it fundamentally requires a device that you have with you wherever you want to sign in. So, if I wanted to sign in on someone else's computer without having that device with me, I'm out of luck. I've never liked being forced to carry a phone around absolutely everywhere. So, unless there's something I misunderstand or don't know about 2FA, that's my reason for being reluctant to use it.
I don't have any problem with this basic idea, and would use 2FA if it weren't for the problem that it fundamentally requires a device that you have with you wherever you want to sign in. So, if I wanted to sign in on someone else's computer without having that device with me, I'm out of luck. I've never liked being forced to carry a phone around absolutely everywhere. So, unless there's something I misunderstand or don't know about 2FA, that's my reason for being reluctant to use it.
- Hume2
- Member
- Posts: 709
- Joined: Tue Jun 19, 2018 08:24
- GitHub: Hume2
- In-game: Hume2
- Location: Czech Republic
Re: Why i not use GitHub
I didn't know that the smartphone isn't mandatory in the process. When I tried to set it up, I thought that it was from their description.rubenwardy wrote: ↑Mon Sep 26, 2022 20:03This is false, it doesn't require a smartphone app. TOTP is a standard protocol, there's browser extensions and terminal programs for it.
I think, there should be a way to copy the private key onto another device. But still, if you're working at a computer which you don't own, you have the same problem.v-rob wrote: ↑Tue Sep 27, 2022 18:10Correct my misconception if I'm wrong, but I'm given to the understanding that TOTP requires some sort of application (be it phone app, extension, desktop program, whatever) that stores private keys on your device, and then performs bunches of funky algorithms on it and the current time to get a temporary password. Type it in, and you're admitted to whatever you're trying to login to.
I don't have any problem with this basic idea, and would use 2FA if it weren't for the problem that it fundamentally requires a device that you have with you wherever you want to sign in. So, if I wanted to sign in on someone else's computer without having that device with me, I'm out of luck. I've never liked being forced to carry a phone around absolutely everywhere. So, unless there's something I misunderstand or don't know about 2FA, that's my reason for being reluctant to use it.
If you lack the reality, go on a trip or find a job.
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Re: Why i not use GitHub
To the private keys, i remember me, one year ago my HDD destroyed. There were some keys. I had save them because a rescue-program. I remember me that my website got hacked. Thatcause i can't go to my github-account! It makes me really angry because i know my password and i haven't activated 2FA. I lost my phone 10 months ago. I was really sad, because i liked it. But my sim-card get lost also. All 3 problems weren't resolved for a short time. At moment i only resolved only the hdd-problem. I don't want make a new github-account, because if i get time i can create a new email, because i still own my domain. And then i can send screenshots and videos about it, the 2FA. Short, i don't like 2FA. I think other should able to use it, but:
1. github should not lie that 2FA isn't active but it is
2. github should not force to use 2FA. viewtopic.php?f=3&t=28071
1. github should not lie that 2FA isn't active but it is
2. github should not force to use 2FA. viewtopic.php?f=3&t=28071
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
- Blockhead
- Member
- Posts: 1624
- Joined: Wed Jul 17, 2019 10:14
- GitHub: Montandalar
- IRC: Blockhead256
- In-game: Blockhead Blockhead256
- Location: Land Down Under
- Contact:
Re: Why i not use GitHub
To anyone concerned about needing a phone, there are products, only a few of them yes, but there are some that let you load and store multiple TOTP codes. Here's a helpful reddit thread that points to several products.
/˳˳_˳˳]_[˳˳_˳˳]_[˳˳_˳˳\ Advtrains enthusiast | My map: Noah's Railyard | My Content on ContentDB ✝️♂
- Hume2
- Member
- Posts: 709
- Joined: Tue Jun 19, 2018 08:24
- GitHub: Hume2
- In-game: Hume2
- Location: Czech Republic
Re: Why i not use GitHub
Github used to have 2FA as an optional feature for a long time, even way back when they weren't bought by MICROS~1. But then MICROS~1 decided that 2FA will be obligatory.
Also note that TOTP is not more secure than password, it is just secure in a different way. Passwords are one-way encrypted on the server, so if the password database gets leaked, there is no way to obtain the actual passwords except brute-force. However, one-way encryption for TOTP keys makes no sense because the server has to know the key also. The advantage of TOTP is that phishing isn't as efficient because the one-time password is valid only for a short period of time.
Also note that TOTP is not more secure than password, it is just secure in a different way. Passwords are one-way encrypted on the server, so if the password database gets leaked, there is no way to obtain the actual passwords except brute-force. However, one-way encryption for TOTP keys makes no sense because the server has to know the key also. The advantage of TOTP is that phishing isn't as efficient because the one-time password is valid only for a short period of time.
If you lack the reality, go on a trip or find a job.
- Wuzzy
- Member
- Posts: 4788
- Joined: Mon Sep 24, 2012 15:01
- GitHub: Wuzzy2
- IRC: Wuzzy
- In-game: Wuzzy
- Contact:
Re: Why i not use GitHub
I hate and despise GitHub but I still have to use it because this is the only official way to contribute code to Minetest. If I refuse to use GitHub, I am simply completely locked out of the contribution process. I highly doubt they would accept patchfiles from me. :D I, together with Zughy and others, strongly support the proposal to move Minetest away from GitHub to a FOSS-friendly website.
I have a GitHub account only to submit bugs and comments and PRs to projects on GitHub. All my own repos are on www.codeberg.org or (for historic reasons) repo.or.cz. I especially like www.codeberg.org for being aggressively pro-FOSS and not be controlled by a large, faceless corporation.
I am against GitHub because the website is full of proprietary JavaScript code. This alone should instantly disqualify GitHub from any FOSS project that takes itself seriously but for some weird reason it does not. It is so frustrating how GitHub just happened to become the de-facto code hoster for the majority including FOSS (!) although it is literally proprietary itself. The irony is not lost on me and I continue to point it out. What annoys me most is that people are so defensive of GitHub as if we literally had no other choice. But in reality, websites like Codeberg.org and NotABug work just fine, it's just that people keep dismissing them.
GitHub still (kinda) works with JavaScript disabled but this is still a half-solution. The website is partially broken w/o JavaScript (and has been since YEARS and there is no indication they will fix this anytime soon), which sucks, but I have tools to work around that.
I have a GitHub account only to submit bugs and comments and PRs to projects on GitHub. All my own repos are on www.codeberg.org or (for historic reasons) repo.or.cz. I especially like www.codeberg.org for being aggressively pro-FOSS and not be controlled by a large, faceless corporation.
I am against GitHub because the website is full of proprietary JavaScript code. This alone should instantly disqualify GitHub from any FOSS project that takes itself seriously but for some weird reason it does not. It is so frustrating how GitHub just happened to become the de-facto code hoster for the majority including FOSS (!) although it is literally proprietary itself. The irony is not lost on me and I continue to point it out. What annoys me most is that people are so defensive of GitHub as if we literally had no other choice. But in reality, websites like Codeberg.org and NotABug work just fine, it's just that people keep dismissing them.
GitHub still (kinda) works with JavaScript disabled but this is still a half-solution. The website is partially broken w/o JavaScript (and has been since YEARS and there is no indication they will fix this anytime soon), which sucks, but I have tools to work around that.
- rudzik8
- Member
- Posts: 193
- Joined: Wed Jun 02, 2021 04:13
- GitHub: rudzik8
- In-game: db75c and rudzik8
- Location: Siberia
Re: Why i not use GitHub
I think the best solution would be make Mesehub official hosting. Give it donations from Minetest account (i.e. from donations to the Minetest team), host all official Minetest stuff on it (or at least make official mirrors), advice people to use Mesehub instead of GitHub, eventually move it to the git.minetest.net (with git.minetest.land staying as a redirect?) and so on.
Gitea is a very pleasing solution from my view, especially when some big projects (like MineClone 2) are already hosted on one of its' instances.
Gitea is a very pleasing solution from my view, especially when some big projects (like MineClone 2) are already hosted on one of its' instances.
-
- Member
- Posts: 28
- Joined: Sat Dec 24, 2022 06:08
Re: Why i not use GitHub
@debiankaios Not going to help you with the git-centricness of todays internet but if are looking for a simple way to manage your source code you might want to look into fossil (https://fossil-scm.org/). It comes with it's own webinterface which you can either host on a server or simply run locally (https://chiselapp.com/ is also an option if you want to make your repo public but don't care for selfhosting) and it's also made by the author of sqlite so it's pretty much brilliant by definition ;)
Who is online
Users browsing this forum: Extex and 4 guests