Gitea
/
Gitea-Italia
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Perché usare Gitea, l'alternativa etica a Gitlab e Github. Gitea.it è il sito italiano del repository open source gitea. Ospitato con amore nei server del collettivo devol. https://gitea.it
8 Commits 1 Branch 0 Tags 187 KiB
Go to file
Filippo DB aab9058f21 Aggiornare 'README.md' 2020-11-05 11:09:33 +01:00
README.md Aggiornare 'README.md' 2020-11-05 11:09:33 +01:00

README.md

Gitea Italia

L'istanza italiana di Gitea è gestita dal collettivo devol, se desiderate aver un account gratuito contattateci su mastodon

Perché usare Gitea, l'alternativa etica a Gitlab e Github

Vale la pena ricordare che Github e Gitlab distribuiscono entrambi il software dei loro servizi come software libero. A meno che non si dica altrimenti, questo post riguarda il loro servizio, non il loro software.

Perchè non usare Gitlab

Il "software libero" che obbliga all'esecuzione di software non libero non è veramente libero.

  • There is nothing particularly wrong with the gitlab software, but that software must be hosted and configured and there are copious ethical problems with the gitlab.com service that the OP suggested:
  • Sexist treatment toward saleswomen who are told to wear dresses, heels, etc.
  • Hosted by Google.
  • Proxied through privacy abuser CloudFlare.
  • tracking
  • Hostile treatment of Tor users trying to register.
  • Hostile treatment of new users who attempt to register with a @spamgourmet.com forwarding email address to track spam and to protect their more sensitive internal email address.
  • Hostile treatment of Tor users after theyve established an account and have proven to be a non-spammer.

Regarding the last bullet, I was simply trying to edit an existing message that I already posted and was forced to solve a CAPTCHA (attached). There are several problems with this:

  • CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
  • CAPTCHAs put humans to work for machines when it is machines that should work for humans.
  • CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
  • The reCAPTCHA puzzle requires a connection to Google
    1. Googles reCAPTCHAs compromise security as a consequence of surveillance capitalism that entails collection of IP address, browser print.
      • (speculative) could Google push malicious j/s that intercepts user registration information?
    1. Users are forced to execute non-free javascript (recaptcha/api.js).
    1. The reCAPTCHA requires a GUI, thus denying service to users of text-based clients.
    1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. PRISM corp Google Inc. benefits financially from the puzzle solving work, giving Google an opportunity to collect data, abuse it, and profit from it. E.g. Google can track which of their logged-in users are visiting the page presenting the CAPTCHA.
    1. The reCAPTCHAs are often broken. This amounts to a denial of service. gitlab_google_recaptcha
      • the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
      • E.g.2:
    1. The CAPTCHAs are often unsolvable.
      • E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
      • E.g.2: the puzzle is expressed in a language the viewer doesnt understand.
      • (note: for a brief moment gitlab.com switched to hCAPTCHA by Intuition Machines, Inc. but now theyre back to Googles reCAPTCHA)
      • Network neutrality abuse: there is an access inequality whereby users logged into Google accounts are given more favorable treatment the CAPTCHA (but then they take on more privacy abuse). Tor users are given extra harsh treatment.

The reason for the reCAPTCHA stuff being hosted on Google.com is shared cookies. This allows reCAPTCHA to gain more information about what you trust Google with online…

This is why gitlab.com should be listed as a service to avoid, like MS Github.

Perchè non usare GitHub

This is not directly related as it could happen on other hosting platforms as well, but just a few hours after I wrote this the youtube-dl repository was taken down from GitHub by RIAA due to a DMCA request.

It is no news that Microsoft purchased GitHub in 2018, everyone knows that. Yet despite that fact thousands of the worlds most important Open Source projects continue to host their code on GitHub. People seem to have forgotten just how rotten Microsoft really is and how dangerous that situation is.

It is not so much the fact that many projects host their projects on GitHub, it is the fact that many projects haven't secured the code outside of GitHub! They rely fully on GitHub to maintain and protect the code.

Microsoft is very actively purchasing important projects related to Open Source and in April 2020 it was announced that they had now also acquired npm, a JavaScript packaging vendor, for an undisclosed sum of money.

Perhaps the younger generation don't know anything about the past "evils" of Microsoft and naively believe that Microsoft is now the good friend to Open Source, but the truth is that all these acquisitions of Open Source projects is a business tactic that is put in place to improve Microsoft's loosing position to Open Source. It is a matter of control.

Microsoft announced that Minecraft will require a Microsoft account to play in 2021 and that owners of the classic version will be forced to migrate.

While this is not related to Open Source, it is a really good example of how bad it can get if Microsoft sometime in the future decides that projects on GitHub are required to do something which goes against these projects interests.

I will not name any names, because that is not important, but how in the world can any Open Source project that regards their code base as valuable not make sure that they have a completely up to date copy of every single line of code outside of GitHub!?

Some project developers only keep parts on the code in personal repositories, others haven't even got a backup but trust fully that GitHub will always have a working and current release of the latests commits.

For years people have warned about the position GitHub had in the world of Open Source because it concentrates too much of the power to make or break the community in a single entity. Having Microsoft behind the steering wheel makes the situation a thousand times worse.

Nobody in their right mind would ever have imagined uploading Open Source code to Microsoft servers just a decade ago. Microsoft where the archenemy of Open Source in the nineties and they deployed all kinds of dirty tactics to keep other operating systems out of the market, especially dirty tactics against Linux. In the early 2000s the then CEO Steve Ballmer said, Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. And for many years they tried to gain control over Linux and manipulated the market in different ways in order to "crush the competition". When they realized they couldn't do that and that the battle was lost, they deployed a new tactic in which they instead try to make money of Linux, which is what that are doing now in a lot of areas, and which is why they seem "friendlier" to the Open Source community.

I myself do have some code residing on GitHub, but of course I also have multiple up-to-date clones and backups elsewhere. However, having the worlds largest repository of important Open Source code reside in the hands of Microsoft is just madness. Why haven't all the major projects migrated? Running a self-hosting Git server isn't that difficult and there even exists several solutions that are pretty solid.

More and more of all the good stuff about Open Source and community driven development and sharing of resources, code and experience is slowly getting either gobbled up or ruined and massacred by big corporations or economically based foundations. Why is it that as soon as money enters into the picture so many things are turned into "crap"? Of course, greed is the answer, but an even more important question than that is: Why is it that we have stopped caring?

Privacy problems with Microsoft Github service

  1. MS feeds other privacy abusers:
    1. Github uses Amazon AWS which triggers several privacy and ethical problems
    1. (2012) MS spent $35 million on Facebook advertisements, making it the third highest financial supporter of a notorious privacy abuser that year.
  1. Censorship and project interference: Github staff apparently deleted a contributor who was reporting a privacy abuses present on other projects. Hostility toward volunteer privacy advocates is in itself sufficient reason to abandon Github.
  2. Github may have a policy that entails censoring bug reports (see this post for the discussion)
  3. Github is Tor-hostile (according to Tor project, although personally I've had no issue using Tor for GH)
  4. MS is a PRISM corporation prone to mass surveillance
  5. MS lobbies for privacy-hostile policy:
    1. MS supported CISPA and CISA unwarranted information exchange bills, and CISA passed.
    1. (2018) MS paid $195k to fight privacy in CA
  1. MS supplies Bing search service which gives high rankings to privacy-abusing CloudFlare websites.
  2. MS supplies hotmail.com email service, which uses vigilante extremist org Spamhaus to force residential internet users to share all their e-mail metadata and payloads with a corporate third-party.
  3. MS drug tests its employees, thus intruding on their privacy outside the workplace.
  4. MS products (Office in particular) violate the GDPR
  5. To report an MS security bug, one must sign in and the sign-in page is broken. It's really bad for security to make defect reports difficult to submit.

Privacy-compromising consequence of using Github for a project:

  1. (conflict of interest) selects only contributors willing to make privacy compromises, and excludes those who will not use GH for privacy reasons.
  2. (conflict of interest) When contributors are evaluating whether a tool is privacy-respecting, they white list Microsoft and Amazon as a consequence of using Github, and then use that as rationale to endorse an unworthy tool.
  3. (side-effect) Privacy advocates who use GH face demoralizing criticism for what some regard as hypocrisy. PTIO contributors should not be subjected to that.

Rationale for staying with Github:

The shake-up of making a move will lose contributors.

#### Problems with Gitlab service

Many Github refugees fled to Gitlab when Microsoft acquired Github. It's a bad idea. Gitlab should be avoided.

Alternative

Large projects should self-host their repositories in order to stay completely independent, but some alternative solutions to the more popular services such as GitHub, GitLab and BitBucket does exist (not an exhaustive list):

Codeberg Codeberg is a registered German non-profit organization and I think it is the best alternative. Codeberg does not depend on external services. No third party cookies, no tracking. Hosted in the EU. Relevant discussion on Hacker News. Relevant Privacy Policy NotABug NotABug.org is run by Peers, a group of people interested in free software and free society. It is mostly for small projects though. Relevant Privacy Policy. sourcehut sourcehut is currently considered alpha and it is not going to stay free, but it does not have any tracking or advertising. All features work without JavaScript. Relevant Privacy Policy. Relevant discussion on Hacker News. After signing up you get the following message: Payment is optional during the alpha, but be aware that it will become mandatory later. This service is funded by its users, not by investors. A few good solutions for self-hosting (not an exhaustive list):

Gogs - old discussion at Hacker News Gitea a community-managed fork of Gogs - discussed at Hacker News OneDev - discussed at Hacker News Other relevant reading: What is wrong with Microsoft buying GitHub

self-hosting Gitea (+) avoids the "shake-up" problem of shrinking the community each time the project moves (there is no risk that the privacy factors would later take a negative turn). (+) Gitea.it could host other privacy-focused projects and become part of the support structure for them. Centralizing privacy-focused projects would increase Gitea.it visibility and establish a place where developers with the same high-level goals could develop in a more united way. Poaching privacy-focused projects from GH and GL would solve the hypocrisy problem those projects are facing as well.

You give one-line on the evils and probably not enough detail to be persuasive. Theres an enumeration of issues above. Also, most of the projects you recommend have a line “source code: github”. Consider linking to the source code in a way that shames the project, otherwise your site promotes GH more than it discourages it. Not everyone will read the GH section. Perhaps express it this way “source code: github (shamefully)”. Also, prefix “Github” with “MS”. (edit) There is a Github link at the bottom of your page. You should certainly not be linking to it from your public website because it leads visitors in the wrong direction. It also hurts your perceived credibility because many readers wont follow that link; they will just think “what a hypocrit”. You should set the GH issues to external and link to the gitea.it issues. Your readme is too short. You should use that space as an opportunity to detail all the Github issues I linked you to.