- cross-posted to:
- programming@programming.dev
- hackernews@lemmy.smeargle.fans
- floofloof ( @floofloof@lemmy.ca ) English61•2 months ago
The corporate branding, the new “AI-powered developer platform” slogan, makes it clear that what I think of as “GitHub”—the traditional website, what are to me the core features—simply isn’t Microsoft’s priority at this point in time.
Microsoft software is all like this: the features users want and would find most useful are never a priority, nor are the bugs that annoy existing users. The priority is whatever some unholy alliance of management and marketing have pulled out of their corporate bottoms as the focus of this month’s promotion. It doesn’t seem even to be about what would drive sales, since customers like things that work. It’s some logic that only makes sense to the businesspeople who speak that absolutely vapid buzzword slurry that gushes from Satya Nadella’s mouth. I don’t get it, but it’s very consistent with Microsoft.
- magic_lobster_party ( @magic_lobster_party@kbin.run ) 21•2 months ago
They want to make stuff that look good in the quarterly earnings report. They want to show they’re fully committed to AI in all their products or whatever.
They don’t want satisfied customers. They want satisfied investors.
- intrepid ( @intrepid@lemmy.ca ) 10•2 months ago
The same thing happens at Amazon. First they screwed up the product search by treating the user’s query as a suggestion rather than as a requirement. Now reports are coming out saying that the search bar has been replaced by an AI prompt with very badly summarized and often wrong results.
- firewood010 ( @firewood010@lemmy.zip ) 2•2 months ago
M$‘s priority is to draw new people on their products and make people upgrade to higher tiers. Existing users are none of their concern. There are business models who will put the product team to focus on existing users. One way is an open source product run by the users community, another way is product relying on the effect of word of mouth.
- luciddaemon ( @luciddaemon@lemmy.dbzer0.com ) English17•2 months ago
Fediverse version of github when? Unless it already exists?
- The Cuuuuube ( @Cube6392@beehaw.org ) English35•2 months ago
Forgejo is what you’re wanting
- luciddaemon ( @luciddaemon@lemmy.dbzer0.com ) English7•2 months ago
That seems to be it. I didn’t know that existed.
- The Cuuuuube ( @Cube6392@beehaw.org ) English3•2 months ago
I’m glad I get to introduce you to it! The biggest instance is Codeberg. Fediverse integration isn’t there yet but the general consensus is its coming very soon since that’s Codeberg’s main focus for the forgejo project right now
- 𝕨𝕒𝕤𝕒𝕓𝕚 ( @wasabi@feddit.org ) 15•2 months ago
Git is already decentralized
- delirious_owl ( @delirious_owl@discuss.online ) 14•2 months ago
They’re asking for a federated forge, not decentralized VCS.
I should be able to log into my own instance and use that account to open a bug report with your project, for example.
- Flipper ( @Flipper@feddit.org ) 3•2 months ago
Forgejo is working on that, but it’s not there yet.
- intrepid ( @intrepid@lemmy.ca ) 7•2 months ago
Github is more than just git. We need decentralized solutions for associated services and persistently online repos.
- liliumstar ( @liliumstar@lemmy.dbzer0.com ) English10•2 months ago
Something like radicle?
- The Cuuuuube ( @Cube6392@beehaw.org ) English7•2 months ago
Piping
curl
intosh
in install instructions is a fast track to me not taking a project seriously- delirious_owl ( @delirious_owl@discuss.online ) 4•2 months ago
Yeah, like Lemmy
- The Cuuuuube ( @Cube6392@beehaw.org ) English4•2 months ago
Excited for Sublinks…
- gomp ( @gomp@lemmy.ml ) 2•2 months ago
I’ve heard this over and over… what’s the difference security-wise between sudo running some install script and sudo installing a .deb (or whatever package format) ?
- chebra ( @chebra@mstdn.io ) 2•2 months ago
@gomp try comparing it with
apt install
, not with downloading a .deb file from a random website - that is obviously also very insecure. But the main thingcurl|sh
will never have is verifying the signature of the downloaded file - what if the server got compromised, and someone simply replaced it. You want to make sure that it comes from the actual author (you still need to trust the author, but that’s a given, since you are running their code). Even a signed tarball is better than curl|sh.- gomp ( @gomp@lemmy.ml ) 1•2 months ago
Installing a .deb is what I was thinking about.
Even a signed tarball is better than curl|sh.
If you have a pre-shared trusted signature to check against (like with your distro’s repos), yes. But… that’s obviously not the case since we are talking installing software from the developer’s website.
Whatever cryptografic signature you can get from the same potentially compromised website you get the software from would be worth as much as the usual md5/sha checksums (ie. it would only check against transmission errors).
- chebra ( @chebra@mstdn.io ) 1•2 months ago
@gomp Why would you be taking the signature from the same website? Ever heard of PGP key servers?
- gomp ( @gomp@lemmy.ml ) 1•2 months ago
That would be “a pre-shared trusted signature to check against”, and is seldom available (in the real world where people live - yes, there are imaginary/ideal worlds where PGP is widespread and widely used) :)
- The Cuuuuube ( @Cube6392@beehaw.org ) English1•2 months ago
A deb is just a zip file that gets unpacked to where your binaries go. A shell script you curl pipe into shell could contain literally any instructions
- gomp ( @gomp@lemmy.ml ) 2•2 months ago
Binary packages have scripts (IIRC for .deb they are preinst/postinst to be run before/after installation and prerm/postrm before/after removal) that are run as root.
BTW the “unzip” part is also run as root, and a binary package can typically place stuff anywhere in your system (that’s their job after all)… even if you used literal zip files they could still install a script in ways that would cause the OS to execute it.
- The Cuuuuube ( @Cube6392@beehaw.org ) English1•2 months ago
Yeah I’m over simplifying on purpose here. The bottom line is piping into
sh
is dangerous
- ◤◢◤◢◤◢◤◢ ( @mrus@lemmy.sdf.org ) 1•2 months ago
Just install it manually via cargo then.
- piracysails ( @piracysails@lemm.ee ) 6•2 months ago
I once heard of torrent git
- intrepid ( @intrepid@lemmy.ca ) 16•2 months ago
I don’t know what’s happening at github, but even the tree page rendering is annoyingly slow now. I wish they stopped ruining a working product by bloating it up with unnecessary ‘features’.
- belated_frog_pants ( @belated_frog_pants@beehaw.org ) 12•2 months ago
It was bought by Microsoft and all efforts are going towards AI shit. Once they have your subscriptions to copilot, windows, github, etc, they dont give a fuck about making anything easier for you
- toastal ( @toastal@lemmy.ml ) 5•2 months ago
Hey now. A lot of that effort has been poured into turning a code forge into a corpo social media platform like Microsoft LinkedIn as well as a way to siphon out a percent chunk of donations via Sponsors too.
- wuphysics87 ( @wuphysics87@lemmy.ml ) 11•2 months ago
“GitHub”
- DavidDoesLemmy ( @DavidDoesLemmy@aussie.zone ) 8•2 months ago
They should try Bitbucket
- kbin_space_program ( @kbin_space_program@kbin.run ) 8•2 months ago
Based on the article, the problem is that Github isn’t being treated as legacy software, but isn’t able to load a full file using the currently popular JS framework they are using.
- toastal ( @toastal@lemmy.ml ) 5•2 months ago
I want to see good forges for alternative DVCSs. Git itself feels like legacy software full a truckload of arcane commands & flags with bad defaults that just keeps bloating. Most software makers at this point have never even used a non-Git VCS.
- corsicanguppy ( @corsicanguppy@lemmy.ca ) English6•2 months ago
legacy software full [of?] a truckload of arcane commands & flags with bad defaults
You need to learn about xargs. It’ll make you cry. But when I needed to properly parallelize a RHSatellite run - wow is pulp ever a bag of shit - so it would finish in under 9 hours and not trip over itself with 105 (no shit) different repos, it was integral.
There are three different kinds of regular grep, and they have incompatible command line switches.
I’m not gonna list the plethora of tools with arcane and/or lengthy option lists, but I do wish I could impress upon you the idea that every tool evolves , and evolution is usually coupled with growth and specialized additions.
- spikespaz ( @spikespaz@programming.dev ) 2•2 months ago
I’d like to add my opinion that git is definitely not the worst offender
- sexy_peach ( @sexy_peach@beehaw.org ) 5•2 months ago
Amazing