Gitea Italia

L'istanza italiana di Gitea è gestita dal collettivo devol, se desiderate aver un account gratuito contattateci su mastodon

Perché usare Gitea, l'alternativa etica a Gitlab e Github

Vale la pena ricordare che Github e Gitlab distribuiscono entrambi il software dei loro servizi come software libero. A meno che non si dica altrimenti, questo post riguarda il loro servizio, non il loro software.

Perchè non usare Gitlab

Il "software libero" che obbliga all'esecuzione di software non libero non è veramente libero.

• Non c'è niente di particolarmente sbagliato nel software di gitlab, ma quel software deve essere ospitato e configurato e ci sono molti problemi etici con il servizio gitlab.com che l'OP ha suggerito:
• Trattamento sessista nei confronti delle commesse a cui viene detto di indossare abiti, tacchi, ecc.
• Ospitato da server Google.
• Proxy attraverso il servizio CloudFlare per la violazione della privacy.
• tracking
• Trattamento ostile degli utenti Tor che cercano di registrarsi.
• Trattamento ostile dei nuovi utenti che tentano di registrarsi con un indirizzo email di inoltro @spamgourmet.com per tracciare lo spam e per proteggere il loro indirizzo email interno più sensibile.
• Trattamento ostile degli utenti Tor dopo che hanno creato un account e hanno dimostrato di essere un non-spammer.

Per quanto riguarda l'ultimo punto, stavo semplicemente cercando di modificare un messaggio esistente che avevo già postato e sono stato costretto a risolvere un CAPTCHA. Ci sono diversi problemi con questo:

• CAPTCHA Serve a bloccare i bot e i bot non sono necessariamente maligni. Ad esempio, avrei potuto avere un bot che correggeva un errore di ortografia diffuso in tutti i miei messaggi.
• I CAPTCHA mettono gli esseri umani al lavoro per le macchine quando sono le macchine che dovrebbero funzionare per gli esseri umani.
• I CAPTCHA sono sconfitti. Gli spammer trovano economico usare la manodopera del terzo mondo per i CAPTCHA mentre gli utenti legittimi hanno questo fardello di CAPTCHA rotti.
• Il puzzle reCAPTCHA richiede una connessione a Google
• 1. I reCAPTCHA di Google compromettono la sicurezza come conseguenza del capitalismo della sorveglianza che comporta la raccolta di indirizzi IP, la stampa del browser.
• 1. • l'anonimato è compromesso.
• 1. 1. • (speculativo) Google potrebbe spingere j/s maligni che intercettano le informazioni di registrazione degli utenti?
• 2. Gli utenti sono costretti ad eseguire javascript non-free (recaptcha/api.js).
• 3. reCAPTCHA richiede un'interfaccia grafica, negando così il servizio agli utenti di clienti testuali.
• 4. I CAPTCHA mettono gli esseri umani al lavoro per le macchine quando sono le macchine a dover lavorare per gli esseri umani. PRISM corp Google Inc. beneficia finanziariamente del lavoro di risoluzione dei puzzle, dando a Google l'opportunità di raccogliere dati, abusarne e trarne profitto. Ad esempio, Google può tenere traccia di quali dei suoi utenti registrati stanno visitando la pagina di presentazione del CAPTCHA.
• 5. I CAPTCHA sono spesso rotti. Ciò equivale a una negazione del servizio.
• 5. • Il server CAPTCHA stesso si rifiuta di dare il puzzle dicendo che c'è troppa attività.
• 5. • E.g.2:
• 6. I CAPTCHA sono spesso irrisolvibili.
• 6. • Es.1: il puzzle CAPTCHA è rotto dall'ambiguità (un pixel in una cella della griglia di un palo che tiene un cartello stradale è considerato un cartello stradale?)
• 6. 7. • Es.2: il puzzle è espresso in una lingua che lo spettatore non capisce.
• 7. • (nota: per un breve momento gitlab.com è passato a hCAPTCHA di Intuition Machines, Inc. ma ora sono tornati al reCAPTCHA di Google)
• 8. 8. • Abuso della neutralità della rete: c'è una disuguaglianza di accesso per cui gli utenti che hanno effettuato l'accesso agli account di Google ricevono un trattamento più favorevole trattamento del CAPTCHA (ma poi assumono più abusi della privacy). Gli utenti di Tor ricevono un trattamento più duro.

Il motivo per il reCAPTCHA che viene ospitato su Google.com è la condivisione dei cookie. Questo permette a reCAPTCHA di ottenere maggiori informazioni su ciò che si affida a Google online...

Per questo motivo gitlab.com dovrebbe essere elencato come servizio da evitare, come MS Github.

Tradotto con www.DeepL.com/Translator (versione gratuita)

Perchè non usare GitHub

This is not directly related as it could happen on other hosting platforms as well, but just a few hours after I wrote this the youtube-dl repository was taken down from GitHub by RIAA due to a DMCA request.

It is no news that Microsoft purchased GitHub in 2018, everyone knows that. Yet despite that fact thousands of the worlds most important Open Source projects continue to host their code on GitHub. People seem to have forgotten just how rotten Microsoft really is and how dangerous that situation is.

It is not so much the fact that many projects host their projects on GitHub, it is the fact that many projects haven't secured the code outside of GitHub! They rely fully on GitHub to maintain and protect the code.

Microsoft is very actively purchasing important projects related to Open Source and in April 2020 it was announced that they had now also acquired npm, a JavaScript packaging vendor, for an undisclosed sum of money.

Perhaps the younger generation don't know anything about the past "evils" of Microsoft and naively believe that Microsoft is now the good friend to Open Source, but the truth is that all these acquisitions of Open Source projects is a business tactic that is put in place to improve Microsoft's loosing position to Open Source. It is a matter of control.

Microsoft announced that Minecraft will require a Microsoft account to play in 2021 and that owners of the classic version will be forced to migrate.

While this is not related to Open Source, it is a really good example of how bad it can get if Microsoft sometime in the future decides that projects on GitHub are required to do something which goes against these projects interests.

I will not name any names, because that is not important, but how in the world can any Open Source project that regards their code base as valuable not make sure that they have a completely up to date copy of every single line of code outside of GitHub!?

Some project developers only keep parts on the code in personal repositories, others haven't even got a backup but trust fully that GitHub will always have a working and current release of the latests commits.

For years people have warned about the position GitHub had in the world of Open Source because it concentrates too much of the power to make or break the community in a single entity. Having Microsoft behind the steering wheel makes the situation a thousand times worse.

Nobody in their right mind would ever have imagined uploading Open Source code to Microsoft servers just a decade ago. Microsoft where the archenemy of Open Source in the nineties and they deployed all kinds of dirty tactics to keep other operating systems out of the market, especially dirty tactics against Linux. In the early 2000s the then CEO Steve Ballmer said, Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. And for many years they tried to gain control over Linux and manipulated the market in different ways in order to "crush the competition". When they realized they couldn't do that and that the battle was lost, they deployed a new tactic in which they instead try to make money of Linux, which is what that are doing now in a lot of areas, and which is why they seem "friendlier" to the Open Source community.

I myself do have some code residing on GitHub, but of course I also have multiple up-to-date clones and backups elsewhere. However, having the worlds largest repository of important Open Source code reside in the hands of Microsoft is just madness. Why haven't all the major projects migrated? Running a self-hosting Git server isn't that difficult and there even exists several solutions that are pretty solid.

More and more of all the good stuff about Open Source and community driven development and sharing of resources, code and experience is slowly getting either gobbled up or ruined and massacred by big corporations or economically based foundations. Why is it that as soon as money enters into the picture so many things are turned into "crap"? Of course, greed is the answer, but an even more important question than that is: Why is it that we have stopped caring?

Privacy problems with Microsoft Github service

1. MS feeds other privacy abusers:

• 1. Github uses Amazon AWS which triggers several privacy and ethical problems
• 2. (2012) MS spent $35 million on Facebook advertisements, making it the third highest financial supporter of a notorious privacy abuser that year.

2. Censorship and project interference: Github staff apparently deleted a contributor who was reporting a privacy abuses present on other projects. Hostility toward volunteer privacy advocates is in itself sufficient reason to abandon Github.
3. Github may have a policy that entails censoring bug reports (see this post for the discussion)
4. Github is Tor-hostile (according to Tor project, although personally I've had no issue using Tor for GH)
5. MS is a PRISM corporation prone to mass surveillance
6. MS lobbies for privacy-hostile policy:

• 6. MS supported CISPA and CISA unwarranted information exchange bills, and CISA passed.
• 6. (2018) MS paid $195k to fight privacy in CA

7. MS supplies Bing search service which gives high rankings to privacy-abusing CloudFlare websites.
8. MS supplies hotmail.com email service, which uses vigilante extremist org Spamhaus to force residential internet users to share all their e-mail metadata and payloads with a corporate third-party.
9. MS drug tests its employees, thus intruding on their privacy outside the workplace.
10. MS products (Office in particular) violate the GDPR
11. To report an MS security bug, one must sign in and the sign-in page is broken. It's really bad for security to make defect reports difficult to submit.

Privacy-compromising consequence of using Github for a project:

1. (conflict of interest) selects only contributors willing to make privacy compromises, and excludes those who will not use GH for privacy reasons.
2. (conflict of interest) When contributors are evaluating whether a tool is privacy-respecting, they white list Microsoft and Amazon as a consequence of using Github, and then use that as rationale to endorse an unworthy tool.
3. (side-effect) Privacy advocates who use GH face demoralizing criticism for what some regard as hypocrisy. PTIO contributors should not be subjected to that.

Rationale for staying with Github:

The shake-up of making a move will lose contributors.

#### Problems with Gitlab service

Many Github refugees fled to Gitlab when Microsoft acquired Github. It's a bad idea. Gitlab should be avoided.

Alternative

Large projects should self-host their repositories in order to stay completely independent, but some alternative solutions to the more popular services such as GitHub, GitLab and BitBucket does exist (not an exhaustive list):

Codeberg Codeberg is a registered German non-profit organization and I think it is the best alternative. Codeberg does not depend on external services. No third party cookies, no tracking. Hosted in the EU. Relevant discussion on Hacker News. Relevant Privacy Policy NotABug NotABug.org is run by Peers, a group of people interested in free software and free society. It is mostly for small projects though. Relevant Privacy Policy. sourcehut sourcehut is currently considered alpha and it is not going to stay free, but it does not have any tracking or advertising. All features work without JavaScript. Relevant Privacy Policy. Relevant discussion on Hacker News. After signing up you get the following message: Payment is optional during the alpha, but be aware that it will become mandatory later. This service is funded by its users, not by investors. A few good solutions for self-hosting (not an exhaustive list):

Gogs - old discussion at Hacker News Gitea a community-managed fork of Gogs - discussed at Hacker News OneDev - discussed at Hacker News Other relevant reading: What is wrong with Microsoft buying GitHub

self-hosting Gitea (+) avoids the "shake-up" problem of shrinking the community each time the project moves (there is no risk that the privacy factors would later take a negative turn). (+) Gitea.it could host other privacy-focused projects and become part of the support structure for them. Centralizing privacy-focused projects would increase Gitea.it visibility and establish a place where developers with the same high-level goals could develop in a more united way. Poaching privacy-focused projects from GH and GL would solve the hypocrisy problem those projects are facing as well.

You give one-line on the evils and probably not enough detail to be persuasive. There’s an enumeration of issues above. Also, most of the projects you recommend have a line “source code: github”. Consider linking to the source code in a way that shames the project, otherwise your site promotes GH more than it discourages it. Not everyone will read the GH section. Perhaps express it this way “source code: github (shamefully)”. Also, prefix “Github” with “MS”. (edit) There is a Github link at the bottom of your page. You should certainly not be linking to it from your public website because it leads visitors in the wrong direction. It also hurts your perceived credibility because many readers won’t follow that link; they will just think “what a hypocrit”. You should set the GH issues to external and link to the gitea.it issues. Your readme is too short. You should use that space as an opportunity to detail all the Github issues I linked you to.