[dreyfiz]

GitHub did this to me a few years ago. I still feel violated. Not by my idiot former employer. I feel violated by GitHub. I got my account back. Sort of. They detached a significant amount of my content from my account, and returned to me a gimpy lobotomized version of myself.

All my old GitHub comments are credited to “ghost” now. I was somewhere in the first 12,000 GitHub accounts.

My relationship with GitHub significantly predated my dalliance with this one employer years ago. I trusted GitHub. My GitHub account was a formative part of my identity. I still can’t believe it and I still can’t forgive them. I lost some of my sparkle that day.

[caseysoftware]

That's ugly, I'm sorry.

It's also why I oppose using social authentication with anything. While we have access to our [Facebook, Twitter, Github, Google, LinkedIn] account today, what happens if they shut it down? We have no clue of the real consequences and no appeals process. It's the worst of both worlds.

[derangedHorse]

That’s one of the motivations for the “new” project Tim Berners Lee is working on, Solid. The amount of foresight people working on the web have is crazy. I read an article interviewing Lou Montulli the other day and was amazed to find out how how extensively he thought about the nefarious use of cookies when they were being designed

[syshum]

Funny because when those same people actually had a chance to stop alot of the privacy violating and non-open things in the web they caved to the pressure from Google, and others to make the Web less open, less private, and less free.

Tim Burners Lee was one of those people that caved with HTML5 standard, and several other standards under the W3C

[meristem]

Can you share the URL for that interview with Montulli, please? Thnx!

[Deebster]

I'm not OP but there is him talking on his blog about cookies:

https://montulli.blogspot.com/2013/05/the-reasoning-behind-w...

https://montulli.blogspot.com/2013/05/why-blocking-3rd-party...

He doesn't come across as overly prescient there, but there's definitely some of the familiar juggling trade-offs in his design decisions.

[snack_man]

The specter of this sort of violation hangs over the shoulder of every internet user now - the loss of an account on a service like Facebook, GitHub, or Trello could be life-altering. Our digital selves are all at risk of becoming The Trial's protagonist.

Do we have any protection besides moving to a new platform that's not big enough to betray its users yet?

[ZWoz]

Unix graybeards selfhost. That saying "cloud is someone else's computer." is relevant here. Now, you can ask, what self-hosting really means and that is complicated. Does rented server count? Colocation? Or only way is own premises? I have worked places, where last one is hard requirement. Generally though, I am pleased with colocation, some places even have customer provided locks on racks. But even if you have cheap VPS, at least you can backup it (regularly and before troubles) and restore some other place. With SaaS, you can't always have export in nice and useful form.

[Silhouette]

The funny thing is, everyone used to self-host. A home ISP account typically came with an email address, some space to host a website, etc. Of course you could set up other facilities as well, but even without that, you had control of the storage. The Web was full of articles on how to build your first home page, which plenty of non-geek people managed to do just fine.

The biggest danger back then was probably that if you changed ISP then you'd lose access to your old email address. That's still a danger with any email hosting service, including the likes of Google that people often use instead today, and it's why I advocate everyone registering their own domain for life. Email is still the root password to your online existence in almost every case, and letting any third party have more control of it than is strictly necessary is a really, really bad idea.

I would love to see a move back in that direction, which home ISP accounts allowing access to some sort of "starter kit" home server in the same way they probably provide most customers' starter modem/router/wifi equipment already, and with more software built that was aimed at being self-hosted and accessed via your home network or remotely through a VPN.

Sadly, I think this is unlikely, because there's just too much momentum behind the massive social networks and other online services. So instead, every now and then, a large chunk of someone's online life is going to get wiped out by the kinds of poor policies we're talking about today.

[hamlsandwich]

> A home ISP account typically came with an email address, some space to host a website

But that's not really self-hosting is it? If my ISP can decide to poke around in my user folder and there's nothing I can do about it?

[Silhouette]

No, it's not, but it's a lot closer than using some intermediary service, and it's convertible to true self-hosting if you find you need to later because the data is all under your own control and ownership throughout.

[FeepingCreature]

I'd say the metric should be "if you can make a backup and do something useful with that backup even if your first provider goes belly-up."

[skybrian]

Although it's certainly annoying to lose an old account, for many services it's just a hassle.

I went through this with a Reddit account that got hacked. I was able to get the spammer shut down but had to create a new account, and really, it's okay. The people who know you will reconnect, and the others don't matter much.

It used to be that everyone got a new phone number when they moved, and we managed.

[nicedicerice]

perhaps its easier just to create a you fake persona n the internet and use it instead.

[diggan]

> I trusted GitHub

I feel like every netizen goes through this at one point of their life, where they trust an entity, get burned, and learn the lesson of never trusting another entity (100% without condition) again, keeping your data closer to yourself.

Much like in real life, where at one point you trusted some too much/naively, and after that point you're more careful, even of things/people you do trust.

[Silhouette]

A lot of people seem to develop a strange sense of loyalty to services they like (and haven't been stung by, obviously).

Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.

Try challenging Apple's walled garden philosophy and suggesting that their mobile devices could implement standard protocols for transferring your own data on and off them directly like almost every other mobile device in the past decade, instead of relying on their not-properly-secured iCloud system, and plenty of Apple fans will wonder why you might care.

Even the HN community falls victim to this mentality from time to time. I find people here tend to be more rational about these issues than average, but any suggestion that one of the YC success stories that has become an HN idol has done something unwise or even bad can sometimes end up brutally suppressed.

It would be better, IMHO, if people kept in mind that behind these services they have allowed themselves to depend on so much is usually just a business, even if it's a big and famous one, and that businesses generally have no obligation to anyone to continue doing anything other than to the extent that either the law requires it or there is compensation changing hands and a contractual obligation.

[abjKT26nO8]

> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.

TBH, I've never worked at a company that would host their source code at a third party service. At my first job, we wouldn't even use a web UI for the repositories (I still think that's not all that useful to begin with). At my current job, we use cgit. We use Jira (that we pay for, obviously), but as to source control --- a company hosting it on GitHub? Never seen it with my own eyes. But I work as a C++ dev, so maybe it's different here than, say, in webdev world.

[Silhouette]

Doing a fair amount of work in web dev world in recent years, we've always self-hosted one way or another, but the newbies look at you all strange like if you tell them. Then again, half of them also don't realise that Git and GitHub are different things.

[diggan]

> But I work as a C++ dev, so maybe it's different here than, say, in webdev world

Most likely that's the reason. I've only worked on web projects and everywhere I worked has been using GitHub for hosting the code and managing merge requests, except my first work where we used Redmine and then 6 months later migrated everything to GitHub.

[nasalgoat]

I worked at a place that had virtually zero internal systems, including version control, and relied heavily on Github in particular for things like access control, beyond just source control.

One of their remote devs had his Github account hacked (pre 2FA) and then had access to Slack as well, and the hacker managed to socially engineer his way into a number of sensitive areas and increased access, to the point the company had all their code taken and a number of high GPU Amazon instances started to generate crypto coins to the tune of a $35,000 EC2 bill.

I'm from the old school and have never trusted third party services for anything critical to the company. I'll admit a bit of internal gloating after that incident.

[necovek]

But that sounds like a case where the attacker would have gained access to most relevant stuff anyway, and the difference in effect was mostly to the tune of $35k in costs (instead of spending resources on companies' own hardware)? While that's a big chunk for a start-up, it's not even one year of a developer salary.

While I am of the similar old school like you (I run my own mail server, web server, nextcloud, used to do ejabberd too...), I think it's more cost effective for smaller companies not to do it themselves, as long as they keep their own backups.

The difference is that when they self-host, they are more vulnerable to targeted attack (on average, for similar dollar investment), but if they host with SaaS providers, it's opportunistic attacks they should worry about more.

[nasalgoat]

It was more that their entire code repo was downloaded, which included a number of third party access codes, nevermind the intellectual property involved.

If that stuff is only hosted internally behind a firewall, with a VPN requirement to access, it would have been fine. Instead it was all on Github.

[scruple]

> At my first job, we wouldn't even use a web UI for the repositories

It's been a long time since I used it but I used to lean on gitweb for this at places that self-hosted git repositories but didn't have any UI layer on top. I remember it being perfectly fine for my needs.

[efreak]

> Try suggesting that you can run a software business without using GitHub as your single point of failure^W^W^W^Wsource control system, and a lot of young developers will just laugh and wonder what you've been smoking.

To be fair, this example isn't quite as bad. It's simple enough to add a new remote to your working copies and host your repo elsewhere. It doesn't help with GitHub-specific features like comments or integrations though

[sirclueless]

Usually complaints like this have more to do with the social processes around coding than the actual task of storing and versioning source code (which as you say is portable and standard).

"I want to make a change to a shared library. Why can't I make a pull request?" "Wait, I have to use this unfamiliar interface to make comments on other people's changes and I can't leave comments on specific lines?" "You know, if you used Jenkins and Github then you could show the status of passing or failing tests right here on the code review screen..."

These social pressures are really quite strong. They affect a bunch of open source projects especially: people who want to make changes expect code to be on Github and might even mirror it there themselves (creating confusing situations for anyone trying to contribute). Even if the project does host its code on Github to allow for contributions from Github users, Github is (naturally) not very good about directing its users off of its platform to where the existing discussion and development is going on. "It's easier if you just do everything on Github" says Github, and their users by and large agree, and slowly more and more process (code review, merging patches, CI, documentation) gets sucked onto Github by the platform effect.

[necovek]

Indeed, only big free software silos manage to fight this push off (think Gnome, KDE, Debian, FreeBSD... and even some of those are partially pulled in like Ubuntu, which even had its own hosting platform in Launchpad.net).

I like to say that I was a free software developer before github, which means that I never really participated in it, but I frequently feel excluded when I am asked for my github profile ("sorry, there is nothing there, but I can point you at a dozen other repos...").

I am still resisting, but who knows for how long :)

[flattone]

I feel moved to strictly only use fake names online. Like..

I recently moaned and whined to my friend about how when i was growing up a person/entity (to my recollection) would feel.. like they received a magical gift just to send a message online.. having a web page was like.. winning the nerd superbowl.. Now it's like.. we are supposed to take a knee to any company that gets sufficient presence and significance (linkedin, etc trying to find a job).

What actions had you taken toward trying to remedy this ?

[drdeadringer]

> I feel moved to strictly only use fake names online.

Isn't this how usernames started?

[necovek]

Usernames probably come from the multiuser nature of early computers, and some of the early limitations of software implementations (eg no spaces so your homedir could match your username on a fs that supports no spaces).

Aliases or nicknames are a common human choice, which allows one to be represented by a word/name of one's own choosing that portraits you in a light you want, without tying to your real identity which might have other implications (sometimes negative, of course).

[flattone]

I'm not sure how they started. Was it because of people feeling their 'honest' self info was being used to identify then control them via highjacking their personal accounts in honor of some ex employer?

[mcv]

I wonder if this is something you can sue them over. Do you legally own your content? Did they or the former employer steal something from you?

It's bizarre to see so many companies handle this in such a user-hostile way. It looks like a clear sign not to use Atlassian or Github for anything private. Makes me wonder if Gitlab might be next...

[coffeefirst]

Can you explain how?

GitHub organizations should make this a non issue. I assumed that they’re mostly competent, but if literally any past job I had could pull the plug that’d be a huge problem.

[znpy]

I'm not sure if this is related, but I made a point of never using the social login feature, at least for personal stuff. Always signup via e-mail (my own e-mail).

The risk is just too big.

With login via email I can still be in control of that account no matter what.

[p2t2p]

Lemme just go and de-attach my personal Github account from corporate one, just in case....

[bluGill]

If only there was a way to do that without creating multiple accounts.

At least my company doesn't host anything on public guthub (guthub for enterprises has everything) so they don't need to be connected. If you have personal and company stuff you are in trouble even if you separate them.

[bryanrasmussen]

So now I worry there may be a downside to Github is now free for teams https://news.ycombinator.com/item?id=22867627

[jimbob45]

The million dollar question is what you use now instead of GitHub.

[Accacin]

Sourcehut! I love it and have moved most of my stuff over. I'm not sure how it works for teams, but for my personal stuff I couldn't be more pleased.

[mikorym]

Not OP, but have a look at sourcehut.com; it used to be sr.ht if the name is unfamiliar. The latter URL is still used internally for some parts of it.

[zck]

A note -- it's sourcehut.org. And all the actual content (repos, bug tracking, even the login page) is at sr.ht.

[ajobforme]

atlassian's?

[rorykoehler]

Why would anyone think that is ok?