[blacktriangle]

Github does not need to be open source.

Open source needs to pull its head out of its collective ass and not hand over its entire workflow to private companies.

Github may be the single greatest execution of embrace/extend/extinguish in computing history.

[maccard]

Where are we seeing the extend or extinguish with GitHub? It's been 3.5 years and GitHub is just as compatible with git as it has ever been.

[prirun]

Microsoft plays a very long game. 3-4 years is not enough time to boil a frog; it takes much longer or the frog will realize what's happening. Be patient. Give them 10-15 years after their "We love Linux" shift and you'll see. They love it so much, they will own it.

Just think of Microsoft like the Borg.

[ChicagoDave]

Microsoft is a trillion dollar company in large part because they embraced open source. Azure is extraordinarily profitable.

Why would they fuck with their number one audience, developers?

[prirun]

According to this site, Microsoft's profit is divided into thirds:

https://www.investopedia.com/how-microsoft-makes-money-47988...

A third is for Office, a third for cloud, and a third is Windows.

IMO Microsoft is a trillion-dollar company because of their long monopoly with Windows. It's so entrenched that their "punishment" for abusing their monopoly position (according to the DOJ) was to give all schools free copies of Microsoft Office, thereby forcing every parent to own a copy of Microsoft office to be able to read reports from their kids' schools. Ingenious!

You know why they would fuck with developers? Because developers have choices now, and Microsoft doesn't like it when anyone has a choice besides Microsoft. They are remedying that.

[amatecha]

You know how they added Github CLI[0], right? There may be a time where you must use Github CLI instead of a "standard" git client to interact with Github projects. That would be the "extinguish" phase. Right now they have embraced and are extending (such as with Github CLI).

[0] https://cli.github.com/

[grepfru_it]

If you wish to leverage the advanced features of github, the CLI gives you direct access rather than rolling your own api client. git will always be a first class citizen at GIThub.. but how do you open, close, or comment on PRs with a standard git client?

Edit: The last part came across a bit snarky, but I’m trying to stimulate the thought process. Such as leveraging GitHub Actions to automate all aspects of PRs via gitops instead of using the GitHub client. Many ways to avoid dependence of the CLI!

[Ygg2]

As another commenter pointed out, we're at extend part of embrace, extend, extinguish. This part is just making Github tools work easier than non Github.

In extinguish phase - Git won't prevent GitHub from rejecting a commit if it doesn't contain <TrackingMethodSignature>.

[rhn_mk1]

That sounds very much like the "extend" part of the process.

[robertlagrant]

It feels like an open source standard on top of git that defines how to do this stuff would be helpful to reduce lockin. I wonder if Fossil or Gitlab have something.

[maccard]

I made this comment elsewhere [0], but by this logic anyone who builds an ecosystem for an open source tool should be accused of the EEE strategy.

> There may be a time where you must use Github CLI instead of a "standard" git client to interact with Github projects

So we're accusing MS of a slippery slope based on a phrase from 25 years ago, which there is absolutely zero proof or indication of them pursuing in the last decade (at least).

When GitHub show the _slightest_ inclination to do anything of the sort, I will be standing there with you, screaming blue murder. As of right now, they're progressing the development of git, "embracing" the open standards that have been developed (lfs being exemplary) and have shown absolutely zero signs of extending git in incompatible ways. See elasticsearch [1] for what "extend" _actually_ looks like.

> Right now they have embraced and are extending (such as with Github CLI).

If they _hadn't_ embraced, people would be complaining that GH are forcing non-open standards to be used. I firmly disagree that the GH issue tracker and pull request management are an "extension" of git. They have nothing to do with git whatsoever.

[0] https://news.ycombinator.com/item?id=28149098 [1] https://news.ycombinator.com/item?id=28110610

[CRConrad]

> I made this comment elsewhere [0], but by this logic anyone who builds an ecosystem for an open source tool should be accused of the EEE strategy.

Yes, of course.

Why, did you somehow think otherwise?

[rhn_mk1]

In practice, it doesn't matter what an "actual" extension looks like, but how your product is viewed by customers, because those are the ones you want to lock in. And judging by HN comments, to very many people, Git means Github, making it an extension, if not outright a synonym.

And their extending has nothing to do with open standards, which is worrying due to the potential to create lock-in.

[maccard]

By that logic, anyone who builds a product around an open standard is guilty of EEE. A web browser that implements a sync feature, an XML editor that implements syntax highlighting , an RSS reader that implements link previews all "embrace" open source standards and "extend" their core open standards with non-standard features, which is _exactly_ what github have done. They have been excellent players in the git ecosystem.

[rhn_mk1]

I think this conundrum can be broken up by noticing how pervasive one extension is. A feature that has become identical with the core product in the eyes of a layman is problematic in the same way as thinking "IE6" is the same as "the web". If there's no awreness of choice, then the only outcome is further lock-in.

Implementing "sync" on its own doesn't matter that much, because few people think "sync" is a defining feature of the web standards, or that preview is an inherent part of web feeds. The awareness of alternatives still exists (I hope).

[blacktriangle]

That's the trick, the git is open, but the metadata is what matters. Issues, PRs, integrations into various code auditing services. That's the whole "extend" bit.

[maccard]

By that logic any proprietary product that provides an interface with an open source tool is guilty. I think accusing MS of EEE in this case is a huge stretch; GitHub is a commercial product that uses a popular open source tool with 100% compatibility (that I'm aware of) and actively participates in the development and features of that tool. When Ms start implementing extensions to git that only work with GitHub, we can point fingers but accusing them of extending git to extinguish based on pull requests is baseless

[mtone]

> By that logic any proprietary product that provides an interface with an open source tool is guilty.

In my view, the entire PaaS ecosystem modus operandi is building on top of open hardware & software, allowing and enticing people to move in easily (familiar tech/open source), and making locked-in products out of them. If that's not EEE I don't know what is.

[pdpi]

I can’t think of a single person I’ve worked with in the last 10 years who understands the difference between vanilla git and GitHub. Nobody really understands why pull requests are named that way, or that it’s possible to have very different workflows to what GitHub offers.

I don’t know that this is the result of a deliberate strategy by GitHub, but by any metric the extend step is a resounding success.

[maccard]

> I can’t think of a single person I’ve worked with in the last 10 years who understands the difference between vanilla git and GitHub.

If not one developer in a decade can tell the difference between a source control hosting service and a tool they use, that's not really GitHub's problem. This is the same as my parents not konwing that "facebook" isn't the internet.

> Nobody really understands why pull requests are named that way,

Sure they do, the answer is one google search away on the largest Q&A forum for programmers [0]. it was the first google hit for "why are pull requests called pull requests"

> or that it’s possible to have very different workflows to what GitHub offers.

Maybe inside your circle, but plenty of people are aware of different workflows. Some of the largest open source projects in the world exist on github and don't use the pull request workflow (linux kernel, firefox, chromium off the top of my head).

[0] https://stackoverflow.com/questions/14817051/why-does-github...

[CRConrad]

> If not one developer in a decade can tell the difference between a source control hosting service and a tool they use, that's not really GitHub's problem. This is the same as my parents not konwing that "facebook" isn't the internet.

Nobody said it was GitHub's problem just like nobody said it's Facebook's problem in your example. They're both laughing their heads off all the way to the bank. It's everybody else's problem.

[oldsecondhand]

GitHub isn't the only one using pull requests, Stash and Gitlab does too. Pull requests have just become standard workflow without it ever being part of git.

[thayne]

FWIW, Gitlab calls them merge requests instead of pull requests, which IMO is a more descriptive name.

[fartcannon]

there's never a stretch with Microsoft. It is always, and has always been the same play. You can make excuses all you like, but in the end they will attemtp to embrace, extend and extinguish all competition.

[maccard]

Wheh they show any signs of extending git, or extinguishing any other open source competitors, I will be standing there with you calling them out. Until then, they're developing an excellent product that people want to use, built with open tooling

[blacktriangle]

Those who don't study history are doomed to repeat it.

[munk-a]

That is somewhat fair - there aren't great alternatives to migrate issues and the like to today. But all of those bits of metadata are easy to pull out of the service via API hooks. If someone wanted to start a serious competitor to github that shares the same basic data model it'd be pretty trivial to write up migration aides.

I don't disbelieve that it's possible for microsoft to severely restrict these - but entirely removing them is off the table unless they cut out a lot of value. Inter-service communication to third party review tools and CI/CD tools all depend strongly on those API hooks.

[merpnderp]

> If someone wanted to start a serious competitor to github that shares the same basic data model it'd be pretty trivial to write up migration aides.

Like Gitlab? I assumed Gitlab would dominate after the MS purchase of Github, but I was incorrect that people wouldn't want to trust their data and personal projects to the epic abusers of privacy that is Microsoft.

[munk-a]

Well I don't think the personal projects are really a significant factor in terms of where MS's paychecks are coming from - they care more about the commercial subscribers. And, speaking as someone employed at a commercial subscriber, objecting to continuing to use github due to the microsoft acquisition when we use office for pretty much all document production is going to be a pretty hard argument.

[gmueckl]

There are really simple ways to play dirty with APIs like making sure that they are incomplete in subtle and inconvenient ways like leaving out some of the metadata. Hypothetical example: make it impossible to query tags on issues. You'd still be able to do most things through the API, but if you have a workflow that's heavily dependent on tags, the data is effectively siloed.

[maccard]

So to be clear, the proof the GitHub is extending is a hypothetical example of an incomplete api that is not based on an open standard?

[gmueckl]

I didn't want to prove anything. I just pointed out what is possible.

[whichquestion]

Are there any foss initiatives to making these metadata bits portable?

[harryvederci]

https://fossil-scm.org/

[treis]

What is going to be extinguished?

[KronisLV]

> Open source needs to pull its head out of its collective ass and not hand over its entire workflow to private companies.

Well, for starters, there is GitLab which attempts to do a lot of what GitHub does, while allowing you to self host it: https://gitlab.com/gitlab-org/gitlab

In some respects, i'd say that it does things better, for example, GitLab CI seems way easier to use in comparison to GitHub Actions: https://docs.gitlab.com/ee/ci/

As far as alternative source code management platforms go, with some code review and issue management functionality added on top, there is also Gogs, which is a far more lightweight solution and better fits smaller deployments: https://github.com/gogs/gogs

It was also forked by the Gitea project, which is largely compatible with it but is also in active development: https://github.com/go-gitea/gitea

Oh and there's also GitBucket which also attempts something similar to these: https://github.com/gitbucket/gitbucket

Now, you can probably hook those up with Jenkins or most other CI solutions, but personally i rather enjoyed how Gogs/Gitea integrated with Drone, which allowed for container based builds (no more plugin hell like in Jenkins): https://github.com/drone/drone

Then, you can throw in some additional tools, for example, for code analysis you could use SonarQube ( https://github.com/SonarSource ) and for security scanning of infrastructure you could look at OpenVAS ( https://github.com/greenbone ).

Oh, and on the organizational side something like Rocket.Chat ( https://github.com/RocketChat ) or Mattermost ( https://github.com/mattermost ) for communication and perhaps OpenProject ( https://github.com/opf/openproject ) for project management.

And there you have it! An open source based workflow that allows you to do most of the stuff that GitHub would let you! Of course, concessions might need to be made depending on what your definition of "open" is and whether you're okay with certain features being restricted to paid tiers in some software; if you do have a problem with that, there's also the possibility of looking at some libre alternatives, though that might lead to the occasional half-dead piece of software that doesn't really have financial incentives for maintenance anymore on anyone's part.

That said, i believe that few choose this approach, because it's somewhat complicated to run all of that and all of the sudden you become responsible for your own SLAs, which many don't want. It's often the same reason why people just provision VPSes from AWS, instead of running their own servers in a server room. I think the amount of links to GitHub for open source above speaks volumes about the state of the industry.

I don't think that there's an easy answer to the implications of this, maybe people should just familiarize themselves with the concept of "Service as a Software Substitute", so that they're at least aware of the trade-offs that their choices have: https://www.gnu.org/philosophy/who-does-that-server-really-s...

[Tainnor]

GitLab CI is not only easier to use , it also isn't a half-baked product like GitHub Actions.

For example, GH Actions don't support YAML anchors but also have basically no other way of cutting down on repetition in your CI config files (actions can't call other actions, for example), so your CI config is full of brittle boilerplate.

Also noteworthy is how you can't rerun single actions. If your deployment failed, you might have to rerun the whole workflow, including the 10 min test run.

Meanwhile, if you use dependabot, PRs issued by that tool have no access to secrets, so if you need to connect to e.g. AWS to run tests, you need to implement weird workarounds.

I don't understand why GitHub is so popular, GitLab seems like such a better tool and it's also developed totally in the open. Some of the CI stuff is literally amazing (e.g. merge trains).

[austincheney]

Technically speaking, Microsoft is a public company. A private company implies not open to investment on a public market.

[Biganon]

This is not the first time I see this exact pedantry on HN and I can't help but feel the same way as with people who immediately yell "it's not free! Nothing in life is free!" when you talk about free healthcare or free public transportation.

We know. We understand that it is technically correct. But it's completely useless in the discussion. You know perfectly well what the other person meant.

[munk-a]

You are technically correct - but it's overly pedantic. Another commonly accepted definition of public companies outside of the US is companies that are partially or wholly owned by the government and thus act as a public service. This includes crown corporations in Canada or the USPS in the US. I think within the context they used that calling Microsoft a private company is fair since they have no obligation to "act in the public good".

[scrollaway]

> Github may be the single greatest execution of embrace/extend/extinguish in computing history.

Oh ffs are you even aware that MS didn't originally build GitHub?

And your comment is super out of touch with what MS was doing in the 90s and early 00s. GitHub has plenty of competition, Gitlab for example is a fantastic platform, overall more powerful than GitHub as well. GH's strength is how much better it is for open source projects and if MS messes with that they'll be killing their golden goose.

There is no all-powerful benevolent deity you can hand your code to and say "here, take care of this for me, for free, for all eternity". At some point private companies will have to get involved (or would you rather have your government get involved instead? Because I don't want your government hosting my code). So you want their incentives to be nicely aligned.

[antonvs]

> Oh ffs are you even aware that MS didn't originally build GitHub?

Purchasing a popular product is definitely qualifies for the "embrace" part of the strategy.

But that's not unique to MS - AWS and Google follow similar playbooks, as does almost any large company that provide a platform-like product. The goal is to make the platform as sticky as possible for as many customers as possible.