I am really really amazed at how many people discount this alternative because it does not work but do not realize that they are being slaves to Microsoft by using Github. Honestly, I do not get it.
Apparently they have issues with self-hosting and basic git usage so I am not surprised, but yes, so many open source advocates, yet they literally depend on Microsoft, a bit too much.
> but yes, so many open source advocates, yet they literally depend on Microsoft, a bit too much.
I have abandoned github and even gitlab for all intents and purposes. But there's another side to consider in this.
It's always risky for the FOSS community to depend on a service that doesn't offer interoperability and freedom of migration. Ironically, Github is such a service built on a tool (git) that's built for maximum interop and migration. But the popularity of Github among the developer community isn't an accident. They worked really hard during their early stages as a startup, to gain the trust of community. Nobody foresaw Microsoft buying them at that stage (though you should really just assume that it would happen eventually).
The reluctance of a lot of them to abandon the platform can be attributed to lack of principles - IF it was an isolated incident. But we see the same story repeating with several development platforms. NPM is an example. PyPI and crates.io are still independent, as far as I know. But they aren't free of corporate influences either. No matter how much we try to avoid them, the companies just buy their way into these platforms when they become popular enough. I'm not happy with this. But I don't know a solution either.
An overly ideological PoV can make it easy to overlook that some people are simply on Github from a practical standpoint. I myself host Forgejo and moved a lot of stuff there. I don't really find a good reason to host anything on Codeberg, yet. Github still offers me a nice set of repos to find via the people I follow there.
It's not hate, it is that everybody complains about their services and their predatory behavior but somehow Github gets a free pass. As if it were going to be free forever, and well maintained...
In Germany a few months prior saw CCC publishing a method for destabilizing energy grids using radio waves a cheap hardware: https://media.ccc.de/v/38c3-blinkencity-radio-controlling-st... and presented an attack vector to which most infrastructure in Europe is exposed.
About 4 hours before the grid collapse on the 28th of April 2025 was recorded the largest purchase of Monero in the past 3 years (to remember: monero is coin of choice for special operations), making it surge +40% in 24 hours. The initial Spanish reports mentioned conflicting power information from dozens of locations at the same time which is consistent with a sequential attack using the blinkencity method so the grid itself is forced to close down.
Well, if that's really the cause, then thanks CCC, I guess. For such a serious vulnerability which is probably non-trivial (not to mention expensive) to patch, is it really responsible to give only 3.5 months of time before disclosing it (according to slide #56 https://cdn.prod.website-files.com/5f6498c074436c349716e747/..., they notified EFR about the vulnerability on 2024-09-12 and disclosed it on 2024-12-28)?
IMHO wouldn't make much a difference, the issue had been known to them for years up to that point. To a large part still exists, the Spanish grid only committed to upgrade the hardware after this incident. Even so it will require about another year to complete the upgrade over there.
I don't follow in detail the news on other European nations but haven't seen much focus on hardening their security until they actually get breached. A recent example (albeit different attack vector) would be the Polish grid: https://arstechnica.com/security/2026/01/wiper-malware-targe...
reply