A lot of people seem to develop a strange sense of loyalty to services they like (and haven't been stung by, obviously).
Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
Try challenging Apple's walled garden philosophy and suggesting that their mobile devices could implement standard protocols for transferring your own data on and off them directly like almost every other mobile device in the past decade, instead of relying on their not-properly-secured iCloud system, and plenty of Apple fans will wonder why you might care.
Even the HN community falls victim to this mentality from time to time. I find people here tend to be more rational about these issues than average, but any suggestion that one of the YC success stories that has become an HN idol has done something unwise or even bad can sometimes end up brutally suppressed.
It would be better, IMHO, if people kept in mind that behind these services they have allowed themselves to depend on so much is usually just a business, even if it's a big and famous one, and that businesses generally have no obligation to anyone to continue doing anything other than to the extent that either the law requires it or there is compensation changing hands and a contractual obligation.
> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
TBH, I've never worked at a company that would host their source code at a third party service. At my first job, we wouldn't even use a web UI for the repositories (I still think that's not all that useful to begin with). At my current job, we use cgit. We use Jira (that we pay for, obviously), but as to source control --- a company hosting it on GitHub? Never seen it with my own eyes. But I work as a C++ dev, so maybe it's different here than, say, in webdev world.
Doing a fair amount of work in web dev world in recent years, we've always self-hosted one way or another, but the newbies look at you all strange like if you tell them. Then again, half of them also don't realise that Git and GitHub are different things.
> But I work as a C++ dev, so maybe it's different here than, say, in webdev world
Most likely that's the reason. I've only worked on web projects and everywhere I worked has been using GitHub for hosting the code and managing merge requests, except my first work where we used Redmine and then 6 months later migrated everything to GitHub.
I worked at a place that had virtually zero internal systems, including version control, and relied heavily on Github in particular for things like access control, beyond just source control.
One of their remote devs had his Github account hacked (pre 2FA) and then had access to Slack as well, and the hacker managed to socially engineer his way into a number of sensitive areas and increased access, to the point the company had all their code taken and a number of high GPU Amazon instances started to generate crypto coins to the tune of a $35,000 EC2 bill.
I'm from the old school and have never trusted third party services for anything critical to the company. I'll admit a bit of internal gloating after that incident.
But that sounds like a case where the attacker would have gained access to most relevant stuff anyway, and the difference in effect was mostly to the tune of $35k in costs (instead of spending resources on companies' own hardware)? While that's a big chunk for a start-up, it's not even one year of a developer salary.
While I am of the similar old school like you (I run my own mail server, web server, nextcloud, used to do ejabberd too...), I think it's more cost effective for smaller companies not to do it themselves, as long as they keep their own backups.
The difference is that when they self-host, they are more vulnerable to targeted attack (on average, for similar dollar investment), but if they host with SaaS providers, it's opportunistic attacks they should worry about more.
It was more that their entire code repo was downloaded, which included a number of third party access codes, nevermind the intellectual property involved.
If that stuff is only hosted internally behind a firewall, with a VPN requirement to access, it would have been fine. Instead it was all on Github.
Right, but if they hacked a particular remote employee who had access to it, they could have gotten access to the same stuff — their attack vectors might have been more limited, that is true.
> At my first job, we wouldn't even use a web UI for the repositories
It's been a long time since I used it but I used to lean on gitweb for this at places that self-hosted git repositories but didn't have any UI layer on top. I remember it being perfectly fine for my needs.
> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
To be fair, this example isn't quite as bad. It's simple enough to add a new remote to your working copies and host your repo elsewhere. It doesn't help with GitHub-specific features like comments or integrations though
Usually complaints like this have more to do with the social processes around coding than the actual task of storing and versioning source code (which as you say is portable and standard).
"I want to make a change to a shared library. Why can't I make a pull request?" "Wait, I have to use this unfamiliar interface to make comments on other people's changes and I can't leave comments on specific lines?" "You know, if you used Jenkins and Github then you could show the status of passing or failing tests right here on the code review screen..."
These social pressures are really quite strong. They affect a bunch of open source projects especially: people who want to make changes expect code to be on Github and might even mirror it there themselves (creating confusing situations for anyone trying to contribute). Even if the project does host its code on Github to allow for contributions from Github users, Github is (naturally) not very good about directing its users off of its platform to where the existing discussion and development is going on. "It's easier if you just do everything on Github" says Github, and their users by and large agree, and slowly more and more process (code review, merging patches, CI, documentation) gets sucked onto Github by the platform effect.
Indeed, only big free software silos manage to fight this push off (think Gnome, KDE, Debian, FreeBSD... and even some of those are partially pulled in like Ubuntu, which even had its own hosting platform in Launchpad.net).
I like to say that I was a free software developer before github, which means that I never really participated in it, but I frequently feel excluded when I am asked for my github profile ("sorry, there is nothing there, but I can point you at a dozen other repos...").
I am still resisting, but who knows for how long :)
Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.
Try challenging Apple's walled garden philosophy and suggesting that their mobile devices could implement standard protocols for transferring your own data on and off them directly like almost every other mobile device in the past decade, instead of relying on their not-properly-secured iCloud system, and plenty of Apple fans will wonder why you might care.
Even the HN community falls victim to this mentality from time to time. I find people here tend to be more rational about these issues than average, but any suggestion that one of the YC success stories that has become an HN idol has done something unwise or even bad can sometimes end up brutally suppressed.
It would be better, IMHO, if people kept in mind that behind these services they have allowed themselves to depend on so much is usually just a business, even if it's a big and famous one, and that businesses generally have no obligation to anyone to continue doing anything other than to the extent that either the law requires it or there is compensation changing hands and a contractual obligation.