>>ig0r0+(OP)
This is pretty cool. Anyone have thoughts as to _why_ they’re making this move?

>>ig0r0+(OP)
Seems like Github is feeling heat from GitLab/BitBucket.

I guess the calculation here is that the enterprise contracts are where all the money is, and keeping smaller customers on GitHub is worth the price cut?

>>ig0r0+(OP)
They are commoditizing their complement. So what's their core business?

>>LifeIs+q1
My guess is that they're a Big Company that can land Big Contracts now and that subsidizes small teams.

>>LifeIs+q1
The cynical thought would be drive usage of Github specific features/integrations to increase lock-in

>>ig0r0+(OP)
For those wondering "what makes it worth paying now?", GitHub briefly addresses that:

Teams who need advanced features (like code owners), enterprise features (like SAML), or personalized support can upgrade to one of our paid plans.

>>ig0r0+(OP)
Well, this is amazing! I never would have thought the Microsoft acquisition would have these kinds of results! Congrats to Nat and the GitHub team (and by extension Microsoft) for making this possible!

I wonder whether this is a result of market conditions, or whether GitHub sees this is a first-to-market play of some sort, or whether it's something else. I hate to be a cynic given how much good Microsoft + GitHub have been doing lately, but what prevents this change from being rolled back?

Congrats again! I love using GitHub and look forward to many happy years shipping code on the platform.

>>ig0r0+(OP)
Microsoft could run all of Github free and still make money by integrating with Github and Azure so tightly that it is so easy to run code in Azure if you use Github

But it’s probably just completion in the space

>>LifeIs+q1
Probably to lure in early startups away from GitLab, which has this pricing model (free private repos, pay for required reviews and SSO) for a while now.

>>klinsk+A1
Personally, I have been favoring Gitlab over Github because Gitlab allows private repos on the free tier.

>>klinsk+A1
Yep, GitLab has had this for ages, and GitHub has gone from no private repos on free plans to private repos with only a few collaborators to this.

>>ig0r0+(OP)
The pricing change appears to fall right in line with Gitlab's pricing (Free, $4/user/month, ~$20/user/month, and super expensive). I haven't managed to compare their feature matrices to see if the tiers are closely aligned, but from a glance they look similar.

>>yingw7+R1
> whether GitHub sees this is a first-to-market play of some sort

Could be a response to GitLab, which had a similar offering for years, including unlimited free private repos.

>>ig0r0+(OP)
Very few companies can make me feel like part of their journey like Github (Cloudflare also)

They understand their target audience more than most of the companies out there. When they are making moves such as this, they explain what was behind it. I find it authentic.

>>LifeIs+q1
I suspect Microsoft wants to capture as much developer mindshare as possible and then cross-sell Azure. Reducing/eliminating entry costs for commercial grade features helps to do that.

>>LifeIs+q1
GitHub has significant vendor lock-in, so it makes sense to make it free to capture the market before a competitor gets traction.

[Speculation:]

Perhaps they've run the numbers and can figure out that they make enough money from enterprise clients and will make enough more money from the 'marketplace' being a channel for selling github integrations and addons to cover this cost of not trying to monetize through supporting teams.

It also moves a large base from 'customer' with needed support to free users which don't need the same level of support.

>>ig0r0+(OP)
One thing to note is I had 3 members, it did not automatically downgrade my seats from 5. So in order to get it down to $12 a month I had to go downgrade my seats from 5 to 3.

>>smaili+Q1
Along with the expected limit bumps on Action execution time and package storage.

>>LifeIs+q1
For one they have a good budget from Microsoft, secondly GitLab is good competition and thirdly I would assume they see their revenues in project.amangment and CI/CD features (tie in build workers with Azure etc.) and there is more money to make than restricting users (which can be bypassed realticely easily, while more contributors means more build hosts, means larger azure bills)

>>JamesC+Z1
I have been favoring Gitlab over Github because their CI is the best CI I've ever used. It just works, whereas every other CI found a way to make things hard for me.

You can even spin up postgres and redis instances for tests by just specifying that you want them. It's amazing.

>>JamesC+Z1
As of early last year Github has offered this as well:

https://github.blog/2019-01-07-new-year-new-github/

>>98code+u2
And, unfortunately, 'required reviews' (which IMO are a critical feature).

>>JamesC+Z1
Github has had free private repos for years now

>>ig0r0+(OP)
This is great news! I've always had my repositories spread across GitHub, gitlab, and bitbucket depending on what size group or features I needed but this helps centralize everything to GitHub. That is probably their goal!

>>ig0r0+(OP)
Hi HN, I'm the CEO of GitHub. Everyone at GitHub is really excited about this announcement, and I'm happy to answer any questions.

We've wanted to make this change for the last 18 months, but needed our Enterprise business to be big enough to enable the free use of GitHub by the rest of the world. I'm happy to say that it's grown dramatically in the last year, and so we're able to make GitHub free for teams that don't need Enterprise features.

We also retained our Team pricing plan for people who need email support (and a couple of other features like code owners).

In general we think that every developer on earth should be able to use GitHub for their work, and so it is great to remove price as a barrier.

>>therey+c2
Me too! Microsoft has done a really great job of managing the acquisition without ruining GitHub. GitHub already had a great understanding of their audience and a pulse on the community prior to being bought, so I'm really glad that they haven't lost that now that they're a Microsoft subsidiary.

>>ig0r0+(OP)
Does “for teams” also apply to paid personal accounts?

>>ig0r0+(OP)
Google haven't built up too much of a user base for GCP's Cloud Source Repositories service yet (my speculation), so I wonder if they're viewing Gitlab as an acquisition target.

TBQH, I don't see Gitlab lasting too much longer without an acquisition event of some sort, when facing up against this sort of Microsoft-backed feature funding. And I say this as a bigger user of Gitlab than Github (primarily because of the free private repositories and organisations).

>>SOLAR_+G2
Missed that announcement I guess

>>q3k+O2
can you elaborate on what you mean by this?

because if you're referring to requiring review approvals before a PR can be merged, that's available in the free plan (under branch protection rules).

>>shrika+j3
I think an acquisition of Gitlab would be the only way for me to migrate back to GH from GL. I've been a happy user of Gitlab for years now and have no yearning desire to return to Github.

>>natfri+V2
Hi Nat. Big fan. I've been on GitHub for a long time now. There's a fair bit of friction in issue/PR management for people who have primarily CLI-centered workflows. I know that `hub` and friends exist, but will there be official, supported clients in the future?

Also: are there plans to open source more of GitHub? Post Microsoft acquisition, I have been increasingly concerned about vendor lock-in, EEE, and so forth.

>>ig0r0+(OP)
What safe guards are in place to prevent Microsoft from using GitHub to glean competitive intelligence?

Just like Facebook used Onavo.

https://www.wsj.com/articles/facebooks-onavo-gives-social-me...

>>natfri+V2
This is a great change! One request: I wish that SAML was not an enterprise feature. SAML ought be a basic security feature like 2FA—it's especially valuable for open source teams who might use a mixture of services, and an easily accessible and cheap SSO solution would go a long way in raising the security bar for all teams, not just open source teams.

>>markdo+b2
Maybe, but this move looks to flatten GitHub pricing down to two tiers: enterprise and free, while GitLab has four pricing tiers and the enterprise feature offering doesn't seem to be there (Gold doesn't look too enterprise-y at first glance).

>>Stavro+D2
Couldn't agree more. Gitlab's CI is what made me finally fall in love with CI as a concept. Obviously it was needed before, but it always felt like an ugly chore. With Gitlab, it's one of the first things I do when setting up a new project.

>>natfri+V2
This is completely unrelated to the announcement, but when will Enterprise Server ship support for GitHub Actions?

>>tekkno+J3
Yes, we are working on an official CLI here: https://github.com/cli/cli

I think open sourcing GitHub is an interesting idea.

>>natfri+V2
I would request similar to the sibling post, that at least OpenID Connect or some such SSO could be a feature for us smaller companies that still want to practice good security by doing SSO.

>>cpasca+54
We'll have a beta next month, and should ship this summer.

>>natfri+V2
I'd like to thank you for this change but also in general all the amazing things Github is doing. I haven't finished high school yet but your Github Education pack is SO useful for me and I know I will never have time to use half of the stuff on it.

Thanks to everyone at Github making stuff like this possible and creating such a great epicenter for open source in general. Keep on being awesome!

Also I was wondering, Github is offering so many features for free, but does the company sustain itself through entreprise payments or some other stream? I was just curious. :)

>>raziel+C3
That's odd, https://github.com/pricing mentions it as a paid option.

>>pkamb+33
It seems to, on the upgrade page for a personal account it still says "Pro" but for $4/m

>>thramp+Q3
Agreed. SAML even makes sense for solo dev.

>>etheri+g4
Glad you like the Student Developer Pack. All credit goes to the 100+ partners who provide something like $200k in tools and services to each student who qualifies for the pack. It's kind of mind-boggling, actually.

As for how we sustain ourselves -- lots of big enterprise customers!

>>leesal+Y3
And that's exactly how "sprint 0" should be :)

>>ig0r0+(OP)
Does anyone remember the arbitrary actions GitHub has taken in the past few months and all the "maybe it's time to start leaving GitHub if you want to avoid getting your repositories permanently deleted?"

Or is HN just as susceptible to the narrow news horizon?

>>natfri+V2
Thanks for doing this. Is this effective immediately now? I tried to downgrade to free just now but it's giving me a giant list of features I'd lose if I continue. Also any change to Data pack pricing for LFS Data?

Due to the on-going Pandemic, I've been trying to cut business costs left and right. Github Team was one of those I wanted to cut but it's also so important that I couldn't decide easily. So thanks again for the change. Much appreciated!

>>ig0r0+(OP)
Great news for everyone bar startups competing with them as it looks like Microsoft is turning their multi-billion acquisition of GitHub into a loss leader to get as many devs using their platform as possible, no doubt to flex seamless integrations into Azure which looks like they're executing exceptionally well with their acquisitions & new feature giveaways.

From the side-lines it looks like they're slowly becoming an unstoppable dominant force, what's surprising to me is AWS's / GCP's inaction, they're either asleep at the wheel or they don't see Microsoft's dev mindshare grab as a threat.

>>natfri+V2
Hi! Any perspective of extending SOC2 Report access to the Teams level? Small companies in regulated environments aren't able to jump to enterprise ($$$) so need to look elsewhere to get a SOC2 compliant version control system at a decent price. Love the Github product so it was tough when we had to make the decision to move off of it.

>>natfri+V2
Just want to say that I am _so_ happy and continue to be impressed but what you've done since joining GitHub. Feels like a big shift from even a couple years ago.

On behalf of our tiny team at WorkOS, thanks! :)

>>raziel+C3
Required reviewers I think means in a team of [A, B, C], (A | B) are required but not C.

Unless i’m missing something, it should not be the same as “administrators” - otherwise branch protection rules would be fine.

>>natfri+V2
Hi Nat - this is a really bold move, and shows how competitive the market for developer tooling is.

Does GitHub anticipate that this pricing change will affect the proportion of code that's provided under free / open source licensing on your platform, and if so can you share any information regarding the direction GitHub would like to lead the community in?

>>thramp+Q3
Stuff like SAML is kind of the only leverage freemium SaaS has for rationalizing charging enterprise customers.

>>natfri+V2
Hey Nat -- quick Q, with this change, is there any need for individual developers to pay for "Pro" accounts? Or did the benefits of a "Pro" account just get covered by the "Free" plan?

>>amsull+Y4
I don't work at GitHub, but I believe if you reach out to GitHub Support and sign an NDA they can provide you the SOC-2 report. (Most vendors will do this.)

>>grinic+l5
We reached out and were told we would need to upgrade to the enterprise version. (This was probably 5 months ago before they announced a few startup friendly offerings)

>>ig0r0+(OP)
If you're like us and your entire Github usecase now fits within this free tier, it seems like you'll have to manually downgrade for it to take effect.

> We’re also reducing the price of our paid Team plan from $9 per user/month to $4 per user/month, effective immediately. Existing customers will have their bills automatically reduced going forward.

I don't mind this - we'll likely stay on the paid plan anyways at that price point. But there you are.

>>ig0r0+(OP)
This is an awesome change! In case anyone else was wondering, here's what you lose by cancelling:

    You are downgrading to GitHub Free
    After April 15, 2020, ... features and limits will change:

    Protected branches in private repos
    Draft PRs in private repos
    GitHub Pages in private repos (using 1)
    Wikis in private repos
    Code owners in private repos
    Multiple issue assignees in private repos
    Multiple PR assignees in private repos
    Code review automatic assignment in private repos
    Scheduled reminders in private repos
    Standard support
    2,000 minutes for GitHub Actions (currently 3,000)
    500MB of storage for packages (currently 2GB)

>>colinr+H1
Core business is Azure. Actions, hosting, pushing the C# stack.

>>Stavro+D2
Throwing in a second opinion here for those curious. I've worked with a number of CI systems and had trouble with many.

Gitlab CI has been the opposite of other experiences I've had with well over 10k jobs completed across different projects with diverse needs. Even for small hobby projects it's been great for me, it's nice to easily be able to push updates without having to worry about it. Makes it much easier to iterate and test things out!

>>thramp+Q3
Agree. I sell simple sass product myself and offer SAML to everyone. I view security as a basic right, not something to be used to extract more money for. Charging for additional features is ok, charging for keeping your account more secure is just plain wrong.

>>natfri+V2
Hey Nat glad to see you here. A few days ago one of the biggest team collaborative games (Space Station 13) got banned on GitHub without a public explanation from GitHub staff, but some suspect it was because the code contained bad words and slurs. Do you know if this is why the project was banned, and will these new private team repos be subject to the same terms/rules?

>>natfri+74
I love github, but the fact that it is not open source has always been a big problem to me, especially given that github has become the de-facto home for so many open source projects, yet is not itself open source. I would love to see that change to a model like Gitlab uses!

>>ig0r0+(OP)
To think that John Mayer predicted this in his song _Daughters_ 17 years ago:

[Individuals] become [small teams] who turn into [big enterprises] / So [GitHub] be good to your [individuals], too

>>zentig+N4
Or maybe different people have different needs and HN isn't a single cohesive hive mind

>>7777fp+k2
What exactly is the lock-in mechanism?

E.g. I have git repos where I use multiple remotes (1 Github, 2 Gitlab..). So git is the same as everwhere.. I never felt locked in. It's not too hard to transfer your repos to another provider.

>>pixelm+d5
It looks like pro accounts have vanished? I can't find them anywhere; I assume we just won't be charged from here on out?

>>natfri+74
Oh, I did not realize that was official & supported. Excellent. Looking forward to its maturity.

Unrelated: have you seen https://sourcehut.org/? Thoughts?

>>ig0r0+(OP)
Hmm, literally the only paid feature left on the Teams plan we're using is Draft PRs. I am worried that as it looks like I won't need to pay for this service, that I, my team and my code will become the product to monetize at some point in the future.

>>natfri+V2
I'd like to share feedback on GitHub Actions. Tried it out, and the learning curve was too much. I want to use stuff I already know -- e.g., write a Dockerfile, and then GH could run it on PR builds. The "workflow" concept didn't land for me, and I hope you consider a more generalized, open-source approach to running arbitrary scripts in response to PRs being opened, merges to master, etc.

>>7777fp+k2
> GitHub has significant vendor lock-in

Do they? Unless you're on GitHub Enterprise, migrating is just moving your repos over the weekend, setting up new webhooks, emailing everyone a command to switch their upstream URL, and hoping the new workflow works for you. For teams of <100, this it one of the easier transitions to make.

>>natfri+V2
When will GitHub terminate its contract with ICE?

>>pubby+96
SS13 got banned? Damn, I loved reading that old DM codebase every once in a while. Where have you guys migrated to, GitLab?

>>JMTQp8+b5
Not true. There are other things (like audit logs, invoice/PO payments, better support) that enterprises will still want.

>>natfri+V2
Hi Nat, will GitHub ever support git diff algorithms other than the default?

>>yingw7+R1
I feel like anyone who lived through the 90s could have expected "these kinds of results".

Git is open source and widely supported, which doesn't benefit Microsoft. By causing GitHub-specific features to be an essential part of a "modern" or "industry standard" git workflow, they can capture more marketshare/attention, and cause alternatives to be sidelined. This requires removing all friction to entering the proprietary ecosystem, including purchasing. This, along with the acquisition of NPM, is the "embrace" part.

The next will be an expansion of GitHub and NPM's featuresets in ways that are only accessible via branded, first party tools (i.e. not git/ssh/yarn). GitHub has already made some inroads there prior to the Microsoft acquisition with of course the ubiquitous PRs as well as GitHub Issues and Actions. I imagine the ability to check out GitHub wikis as git repos will probably eventually go away to further this.

The last part ("extinguish") is turning off support for non-firstparty tools like git-via-ssh, .patch URL support, issue collaboration via email, yarn, et c. By the time they do this, few people will notice, having acclimated to the entirely-proprietary ecosystem they've been incrementally subjected to.

The goal, as always: a Microsoft editor (VS Code or Atom), editing code in a Microsoft language (TypeScript/.NET/whatever), signed off via Microsoft review software (GitHub mobile), publishing to a Microsoft website (GitHub/npm), running CI on a Microsoft VM (GitHub Actions), pushing code to a Microsoft datacenter (Azure).

It's simply a moat to prevent open, unfettered competition in any intersection of the vertical. Any weak spots (such as GitHub signup friction) are to be subsidized as they will yield benefits when later used as a cohesive whole in an anticompetitive fashion.

>>vermor+v4
So you care a lot about this, but not $4/month care?

>>LifeIs+q1
The fact that they're mirroring Gitlab's offering probably suggests that Gitlab is capturing market share from them. It's probably happening more now, as companies are taking very serious looks at their expenses.

>>ig0r0+(OP)
what is the font for the text in the upper left that says "The GitHub Blog"? Looks cool.

>>thramp+Q3
+1

Even the ability to just “login with gmail” for non-enterprise accounts would be huge

>>vptr+26
But saml is for integration (SSO). Github provides 2fa for free.

What enterprise is paying is the convenience, not security itself.

>>natfri+V2
While we have your here, any plans for more fine-grained IAM for GitHub Apps? It's already a lot better than legacy apps, but it's still pretty broad. Ideally every API call/resource could be specified individually in an IAM policy, so we can only request the minimum permissions possible in our GitHub Apps.

>>thramp+Q3
SAML (and 2FA to a lesser extent) comes with some serious support burdens on the companies offering it. There's a long tail of more or less broken SAML implementations on both the service and identity provider sides, provisioning issues, configuration issues, "Sally can't login on Tuesdays" issues, duplicated slightly-inconsistent data in IdP and Service side records issues...

If you as a SaaS provider outsource your SAML integration to a third party provider like Okta or Auth0, the auth provider pricing is immediately on a "call us" tier, with a per-federation pricing in the low four figures for each company connecting via SAML. Let me just state that again, to have company X connect to my SaaS via SAML, I as the SaaS provider have to pay my auth provider $X,000 per year for the privilege, not counting the base enterprise tier pricing for the auth.

>>dehrma+a7
There are external services that integrate with Github but not Gitlab. (though more and more are also adding Gitlab integration)

>>ig0r0+(OP)
Amazing - thank you!

>>dmw_ng+B5
Why would protected branches go away?

>>thramp+Q3
I'd never heard of SAML before. Is it like a more complicated version of OAuth?

>>vermor+v4
could you elaborate further with use-cases?

>>nogabe+78
SAML is an enterprise feature; it's $21/user/month.

>>mythz+S4
I'm not sure it's great news for those of us who are smaller users of Github. You would expect Github to concentrate even harder on enterprise users now that we're not paying anymore.

I'm not complaining; MS should point GH at where the money is and there is competition you can switch to. I'm just not excited to save a few bucks a month given what will likely change.

>>pubby+96
Private repos are not subject to our Community Guidelines on public content, so no, we don't enforce the same rules there: https://help.github.com/en/github/site-policy/github-communi...

I wasn't aware of SS13, and will look into what happened there. Content moderation at GitHub scale is hard and sometimes mistakes are made.

>>smaili+Q1
There's more, including most sections in a private repo's "Insights" tab still being greyed out. Full feature lists here: https://help.github.com/en/github/getting-started-with-githu...

>>markph+09
They are still a premium only feature.

>>dehrma+a7
How are you gonna migrate issues and actions?

>>angryg+M6
My account still says GitHub Pro but the billing amount has changed to $4

>>ig0r0+(OP)
So it will be free until the competition dies, and then it will be expensive?

Like... everything MSFT and GOOG have ever done?

Great.

>>therey+c2
Speaking of, I just had a momentary panic because Backblaze’s hard disk report timeline is missing a link to the last update (from February) and I thought maybe they’d stopped doing them...

Who else is good at this? I’m somewhat fond of Digital Ocean’s docs.

>>ig0r0+(OP)
I've not been a big fan of GitHub historically, but the pace of innovation since the MS acquisition is really impressive. I wonder how much of that is MS influence vs just MS funding.

>>ig0r0+(OP)
Can you please prioritize stability of your SaaS offering for paying customers? Our dev team and infra gets impacted seemingly every week with github outages, and it especially seems to correlate with delivery of new features. Thanks!

>>sneak+68
Thank you, it summarises it pretty well. MS is back pretty strong.

It's also to note they attacking on two fronts, the open source and startup folks (VS code, github, typescrip, azure) , and the enterprise with communication, productivity tools and cloud infra (Teams, Office 365, Azure)

Owned.

>>natfri+V2
Hey Nat, thank you so much for this! We're a small team from India and we love Github but were always conflicted due to the pricing.

The new flat price of $4/user seems perfect for us. I've already moved one private repo to our org account.

Thanks again ^_^

>>ig0r0+(OP)
yeet

>>harha+t9
Not having to create separate usernames and passwords with yet another service (GitHub)

>>Saaste+Y6
Elsewhere in the thread they say that their big customers earn them enough to keep the lights on.

I’m much happier with a sliding scale model than ad or spyware based models. The problem there is that my experiences have been that a lot of expensive scaling work that you might otherwise have deferred gets done for your biggest customers, and we don’t often get the revenue right to absorb that hit. More than once our biggest customers have ended up having the lowest margins, if you de-fuzz the math.

>>tobinf+g9
Basically, yes. Give me a choice between SAML and OIDC, and I'll choose OIDC every single time.

>>tobinf+g9
SAML has been around longer and handles AuthN and AuthZ

OAuth only does AuthZ. I've always found OAuth more complicated because you have to combine it with other technologies to get AuthN

>>mythz+S4
Agreed. I cannot believe that GCP and AWS are so asleep at the wheel either. If I were them I would literally be throwing money at some of the GitHub folks to have them fix AWS or GCP.

And it was should have been rather obvious when GitHub released the beta of Actions a few years ago. Actions remains the most important thing GitHub has done, ever, in my opinion. It might take a few more years for people to fully realize what this could be. Hope GitHub doesn't screw it up!

>>ig0r0+(OP)
Finally & thank you, I oughta say!

>>mythz+S4
So far Microsoft isn’t taking customers away from AWS. They’re just expanding the total market.

But I do wonder if AWS will try to buy gitlab.

>>sneak+68
I might buy the conspiracy theory except for the fact that Azure DevOps exists and provides all the features of GitHub already with none of the restrictions you've mentioned except that you pay for the service.

>>Operyl+w7
I only follow it loosely but I believe most are planning to move to GitLab if their repos aren't unbanned.

>>roland+Q2
> this helps centralize everything to GitHub.

Oh dear. That doesn't really sound like a good idea in the long term.

So once you place all your projects/repositories on a third party git service like Github and it goes down, what can you do to push that critical change? Might be no big deal for personal projects but unacceptable for big business and open source orgs.

You might as well call the CEO of GitHub for support. A better way is to self-host...

>>oxalor+cb
Just curious what motivates you to pick the $4 plan over free? None of the features there are really deal-breaking for most orgs.

- Required reviewers

- 3,000 Actions minutes/month (Free for public repositories)

- 2GB of GitHub Packages storage (Free for public repositories)

- Code owners

>>markph+09
There's a more detailed table at the bottom of https://github.com/pricing

>>jswny+V9
OK.. maybe it is terminology then because Free public repos have Branch Protection rules. Do you not have those with Free private repos? Or is "Protected Branches" some bigger feature?

>>natfri+I9
> Content moderation at GitHub scale is hard and sometimes mistakes are made.

This is completely fair, but lack of transparency makes it significantly more frustrating.

>>atonse+I7
Yeah but considering SAML is one of the primary asks of enterprise, it kind of makes it a big selling point.

>>angryg+M6
Hi, I'm Erica, GitHub's COO. Pricing for Pro Accounts has been changed to $4/mo.It includes 2GB of Packages storage, 10 GB of data transfer and email support. You can downgrade your account to the Free tier if you'd like by following these steps: https://help.github.com/en/github/setting-up-and-managing-bi...

A full FAQ on pricing is available here: https://help.github.com/en/github/getting-started-with-githu...

Hope that's helpful!

>>markph+Lc
> Do you not have those with Free private repos?

Correct.

>>cjdu+Nb
What is Actions?

>>ig0r0+(OP)
I think GitHub are doing well, but one cannot deny that GitLab has carved out a fantastic niche (on-prem, private instances, OSS, etc) that GitHub doesn't compete in. So while I agree GitHub are "the" company to beat, I think GitLab is doing a good job of contrasting.

PS - No affiliation with anyone.

>>natfri+V2
First of all, thank you, this is great news.

That said, the news made me wonder what exactly I’m still paying for with my personal Pro account. I went to the pricing page https://github.com/pricing and it seems Pro isn’t even listed anymore? And the Billings page https://github.com/settings/billing says “Pages, Wikis, protected branches and more for Pro developers” without any further explanation or link to docs explaining the differences. I can only assume that Pro has the same set of features as the $4/user/mo Team plan, but the messaging is certainly pretty confusing, don’t you think?

(I sure hope this isn’t a sign of neglect for individual developers, who are still the backbone of open source activities.)

>>Saaste+Q8
Sounds like SAML needs the same "everyone gets together to make a FOSS implementation that knows about the weird quirks of all the implementations it interacts with" approach that e.g. the Samba project was founded upon.

>>pkamb+33
If you have a personal paid account ("Pro"), the pricing page now says "Continue with Team". It looks like "Pro" has been renamed to "Team".

>>natfri+V2
Hmm, looks like GitHub pages are a paid feature? One of our private repos hosts our (public) website. Even with the price cut, the Team plan is still almost $100/month more expensive than the grandfathered in legacy plan we currently have that includes GitHub pages.

>>hirako+2b
I don't think it's an attack to try and make good products. Unless they're playing dirty / being anticompetitive, you're just describing a company making dev and cloud products.

>>irrati+ud
Continuous integration (CI) and continuous deployment (CD) services. Essentially when you merge a changeset you can configure a specific branch to automatically test, package, deploy, and integration test that branch with no additional human intervention.

>>dmw_ng+B5
I hope GitHub allows protected branches in private repos. They're really important for everyone, not just enterprises.

>>pubby+96
Whoa, wanted to jump in here! SS13 is, in my opinion, one of the best games of all time when it runs well. Not very many people know about it.

I worry about the community dying and losing my favorite game, but have taken solace in the fact that the source will always be publicly available. If it was banned from GitHub, that's a major problem.

>>rvz+zc
> A better way is to self-host...

Even ignoring the higher cost to set up, are you sure your self-hosted solution will have better uptime? Are you sure you'll be able to get things up and running faster when it does go down than GitHub will when GitHub goes down?

>>mythz+S4
Blazor is slow to start but I think long-term will be a game changer.

>>oefrha+Jd
I went to go downgrade to the free plan and noticed that GitHub Pages static sites served from Private repos still require payment. That will keep me on $4/month for now.

>>jdminh+F9
Unlikely, freemium users would make up the overwhelming majority which has been getting more value & less reasons to need a paid subscription with each release since their acquisition of which I've yet to see any signs of neglecting their existing user base.

IMO Microsoft views GitHub's user base as potential Azure leads and Cloud computing as the current & future lucrative computing utilization business model who has been pulling out all stops to grow Azure as fast as possible.

They're fortunately rich & big enough that they don't need every one of their business to maximize their profits and are more than happy to leverage the synergies in their different assets to funnel more business into Azure.

>>captn3+Ic
Kind of off-topic but for $4/user/month only 2gb of private GH packages storage is laughably low, and the pay-as-you-go pricing model is pretty expensive if you want to use it for docker images.

>>irrati+ud
https://github.com/features/actions

>>Saaste+Q8
This doesn't make sense. Login of any kind can be a tricky problem, you need to handle passwords, rate limits, email verification, password resets, etc. In most popular web frameworks there are libraries you can drop-in that handle all of this for you (like Devise in rails). There are drop-in libraries like OmniAuth (again for ruby/rails) to make handling multiple types of Oauth login simple.

The same could clearly be done for SAML (and I've even implemented SAML and SCIM auth and user management for Okta before in an app, it's not difficult).

The problem is that the only organizations that would make this single issue of SSO support a deal-breaker are bigger companies who can afford to be upsold, so everyone treats this as an up-sell feature. This comes at the expense of the smaller companies, who can't afford to care as much about security. The industry should be making things secure by default as much as possible, and there's a big gap here in what basically every SAAS company is doing.

>>samirs+j8
Looks like it's one of these:

  .alt-mono-font {
      font-family: SFMono-Regular,Consolas,Liberation Mono,Menlo,Courier,monospace;
  }

If you find yourself wondering this a lot, https://chrome.google.com/webstore/detail/whatfont/jabopobgc... is a fun extnesion.

>>kube-s+Ib
For those like me who had never heard these abbreviations:

AuthN: Authentication (who you are) AuthZ: Authorization (what you are allowed to do)

>>microd+ia
When has GOOG made something expensive once the competition died?

I guess for that matter... also when has MSFT? I buy they have, but not aware of any examples of the top of my head.

>>binary+kc
Can it really be called a conspiracy theory when there is proof that MS has done this same sort of thing in the past? Past behavior is a good predictor of future behavior. Saying that someone has been shown to do something in the past, therefore it is likely that they will do the same thing in the future doesn't seem to qualify as a conspiracy theory.

>>natfri+V2
Any plans for free on prem version, like Gitlab?

>>natfri+I9
Do public repos that get banned have access cut off, or are they just forcibly made private?

>>zentig+N4
Microsoft/GitHub is doing something clever this time. They know where the developers are and know that the new consumers are developers, hence 'devsumers'.

So how does Microsoft make them happy? Give 'em free stuff: Free repositories, student pack, ebooks, courses, cloud credits, etc and they come running back to GitHub. There's Sign in with GitHub which makes it easy to claim all the freebies, unlike the rest of the alternatives.

This is why the majority of developers will stay and some would realise that it will all go down and will leave Github and self-host their own git server instead.

>>JMTQp8+Z6
Have you tried other CI/CD platforms? Different providers use different language but the workflow concept underpins all CI/CD pipelines.

>>q3k+h4
A feature that's available for free on public repos isn't necessarily free for private repos, it seems. The wording on the pricing page isn't very clear about this, though.

If they mean that they're now removing required reviewers for public repos in the free plan, that's definitely a big step backward I think.

>>kube-s+Ib
OpenID Connect is the standardized AuthN process built on top of OAuth. It’s “on top of” but in practice it’s a simplification if OAuth for the specific purpose of AuttN

>>oefrha+Jd
I still get a Pro option when going to https://github.com/account/upgrade from a free account, and it seems to match Teams, here's the blurb:

> Required reviewers in private repos

> Protected branches in private repos

> Repository insights in private repos

> Wikis in private repos

> Pages in private repos

> Code owners in private repos

> 3,000 minutes for GitHub Actions

> 2GB of storage for packages

>>Someon+Dd
GitHub absolutely does compete for on-prem installation.

Source: we use an on-prem installation at Vimeo

>>Someon+Dd
Github Enterprise is on-premises:

https://github.com/enterprise

That only really leaves the fact that its OSS that differentiates Gitlab in your list. Not comparing the two, just making sure you're aware.

>>aledal+0a
I'm not sure about actions, but GitLab[1] and BitBucket[2] have the ability to import issues.

[1]: https://docs.gitlab.com/ee/user/project/import/github.html

[2]: https://confluence.atlassian.com/get-started-with-bitbucket/...

>>trough+je
You mean Microsoft's latest attempt at Web Forms/Silverlight, a product that yet again tries to muddy the separation between client and server execution contexts using magic.

Seems like every generation re-invents this idea, and every time it fails for the same fatal flaw: Illusions are just that, and you'll wind up hacking around the illusion if you want to do something not envisioned (or run into a bug in the secret sauce).

And before someone replies "it is nothing like Web Forms!!!" here's a direct quote from Blazor's homepage:

> Blazor can run your client logic on the server. Client UI events are sent back to the server using SignalR - a real-time messaging framework. Once execution completes, the required UI changes are sent to the client and merged into the DOM.

That's literally how Web Forms worked.

>>natfri+V2
This is amazing for us folks towing the line between open-source and proprietary, enabling an open core while allowing access to our closed-source products without having to leave GitHub. Right now, we mirror our GitHub repos to a private Bitbucket server so that our clients can make PRs and such, but now we can just add their GitHub accounts to our team!

We do have a paid plan, right now. Is there any way to continue having that paid plan on the team (paying per user for the extra features) while also adding users who don't share the extra features? We'd like to open up our org to all of our clients who use our private repos, but we don't want them to e.g. have access to all the private k8s cluster configs.

>>Someon+Dd
> "PS - No affiliation with anyone."

Sure, that's why the throwaway account.

>>maskli+Ef
Thanks for the confirmation, that’s what I figured. It would be nice to see this laid out somewhere public, preferably the pricing page, not gated behind a free account.

>>LifeIs+q1
I'll bite: They are shifting profits to CI and service landscape. I paid for 8 seats (previous: $64, now: $32) which gave me 10 000 included CI minutes (now: 3 000). I was just at that limit. Its surprisingly hard to find what the cost per minute is after that, but I guess I can check back in a month and see what my spending ends up at.

I'm sure they have enough info about onboarding and unit economics to see how it will pay off mid to long term.

I'll happily pay for use though, it makes sense and it makes the value addition of github core vs extra more clear.

>>Saaste+Q8
What about OpenID Connect? That seems a lot simpler, and also has open source implementations that aren't too intimidating.

>>taytus+eg
Six years old with 33k karma. What's your definition of a throwaway account?

>>thinkh+xf
I know, I just personally find it to be a fragmented and confusing set of standards. And a lot of people say OAuth when they mean OpenID Connect, which doesn't help with the confusion... or they abbreviate OpenID Connect as "OpenID" which also means something else.

I've never had to clarify what someone is actually trying to accomplish when they want "SAML 2.0"

>>ig0r0+(OP)
Great to hear that! One last thing that would make Github a better alternative to Gitlab for teams is the self-hosted runners for organizations IMO.

>>captn3+Ic
If you check the extended breakdown down the https://github.com/pricing page below the marketing bits, lots of features are not available on private repos unless you're paying for a Teams plan. Depending how you use github it could be an issue:

* protected branches

* codeowners

* draft PRs

* pages and wikis

* multiple assignees (PRs and issues)

* required reviews & status checks

>>tiffan+kb
With GitHub (cloud version) specifically it doesn't (currently) work that way, you still need a "normal" GitHub username and password, and you do the organisational SAML login in regular intervals when trying to access that org's resources. I'm not aware of this being a widespread way of doing SAML, but I guess it supports certain use-cases (like keeping a GitHub identity despite switching jobs/OSS projects).

sources:

* https://help.github.com/en/github/setting-up-and-managing-or...

* https://help.github.com/en/github/authenticating-to-github/a...

[edit: formatting]

>>cactus+ze
Passwords, rate limits, resets, etc. are the same for everyone, and so are the problems and the solutions to those.

SAML on the other hand is different for each organization. Providers pay Auth0 and the like to have developers on staff who know the pitfalls and quirks of ADFS 3.0 on Windows Server 2012 R2, so they don't have to. Dealing with a single Okta as IdP integration is like the absolute best-case scenario there is. There is also zero consistency in what actual data IdPs returns out of the box to the SPs, so now you're walking the customer's admin through setting up the proper attribute mappings, etc.

I also very much disagree that SAML is a net security benefit, at least directly. It's for convenience, top-down visibility and control into what people are using, de-provisioning services, onboarding and offboarding users at scale etc. e.g. problems that only big companies have. Many SAML implementations are just as likely to add truck-sized security holes to the service provider when done poorly, and a lot of them are done poorly.

>>CreepG+O4
It is effective immediately. There is a full FAQ here: https://help.github.com/en/github/getting-started-with-githu... Essentially, "Pro" = Team - the only difference is whether it is an individual account or an organizational account. We'll work to clarify this on the site.

No, there has not been any change to the data pack pricing for LFS data.

Glad this will help you continue building on GitHub!

>>taytus+eg
Account created in 2014 with 33.5k karma...hardly seems like a throwaway account.

>>natfri+V2
Hi, any reason to still have a restriction on number of free bot accounts one may have (currently one)? There are limitations in products built on GitHub that require you to create multiple accounts if you don't want to share tokens between repositories (bad idea security wise): https://github.com/rust-lang/crates.io/issues/849#issuecomme...

>>ig0r0+(OP)
Thank in large part to GitLab for pushing the market forward on affordable collaborative development.

We moved across when GH did their pricing changed. Free CI/CD well before "actions". Never looked back.

>>irrati+Le
It should also be noted that conspiracy theory != false. There are numerous examples of real conspiracies throughout history.

>>ig0r0+(OP)
Sounds like Microsoft is creating a new branch attempting to replicate the Atlassian business model. First get developers hooked on GitHub, then build GitHub integrations into enterprise software, then let developers make the sale to their own employers (primarily because developers like the little green activity boxes).

>>dmw_ng+B5
It's not clear to me whether this is possible under any configuration, but: can you enforce a two-person rule? I'd like all users to be able to merge accepted PRs, but no one should be able to push directly to master (unless an admin specifically elevates permissions to do that).

The only way I can think of is to have a bot be the only one with commit access, and to interact with the bot to do merging. But that seems pretty roundabout.

>>natfri+V2
Hi Nat, with Microsoft now owning Github, I'm really curious to know what the future holds for both Azure DevOps and Github?

I'm a user of both - Github for OSS, and Azure DevOps for private work. IMO, these areas are where they are best suited - pipelines in particular are really powerful in Azure DevOps, and user/permission management, AAD integration and integration with build agents are all excellent.

I really like Azure DevOps, but all this has me worried about it's future - do you know if it's going to continue to exist and be developed in tandem with Github?

>>sneak+68
Speaking as someone who worked at Netscape during the 90s, your comparison is missing on a lot of fronts.

First, Microsoft was evil back then because they didn't just rely on excellent pricing and features (both of which they had) - but also because they leveraged their monopoly in one market (desktop operating systems) to prevent competition in adjacent markets (browsers).

I think it's difficult for people to believe that Microsoft has evolved, and grown more responsible (Hell, I can run linux directly with windows - with kernels available on the Microsoft store) - but you need to follow the evidence.

Also, leadership: Satya Nadella != Steve Ballmer.

>>Someon+4e
AWS has that.

>>captn3+Ic
Hey, captain nemo! The major feature which we're looking for is Github Pages for private repos, coupled with Github actions.

We have multiple client sites (completely static) we're hosting on $5 Droplets (+GST+Backups).

We plan to deploy more such sites and keeping them on Gh-pages (auto build using GH-Actions) would reduce a lot of headaches for us.

Right now we've had all private repos scattered over everyones individual accounts and managing this has been a pain. So it would be nice if there is a single place to keep it all (thanks to free private repos for teams, we'll be migrating all of it to one place soon enough).

With 3 team members, $12/month for all the extra goodies seems reasonable.

We initially used BitBucket but switched to GitHub as we prefer it's UI/UX/Familiarity + a single place to manage both work/open source issues/prs etc is definitely easier.

Oh and gotta need that repo/contributor insight to compete with team mates :P

>>yjftsj+Rc
Agree strongly with this. If a repo is public and gets banned, I think it's reasonable to expect that the community can know why, regardless of the rights or wrongs of the decision.

>>kube-s+Rg
You said "OAuth only does authz and must be combined with other technologies to get authn"; obviously, that's not true, in the sense that you can simply use OIDC --- a dialect of OAuth --- to get both.

Since OIDC is better than SAML, which is probably the scariest security standard on the Internet, I think it's worth being clear to people that OIDC/OAuth is viable.

The SAML authz story, for what it's worth, is pretty shady.

>>samirs+j8
Depends on your system and what fonts you have installed. The font-family is `SFMono-Regular,Consolas,Liberation Mono,Menlo,Courier,monospace;`

In Firefox:

- Right click on the element, select `Inspect Element`

- Click on the Font tab on the right hand side and it will tell you which font is being used.

>>natfri+A4
Good point. For anyone using the Student Developer Pack (or any other similar student offer), ask yourself this: Do you really want to become reliant on software and services that will cost you ~$70k/year as soon as you graduate?

Well, unless they decide to switch market or shut down, in which case you're hosed no matter how much you're willing to pay.

>>ebresc+Uc
Seems kind of odd as Pro isn't listed on https://github.com/pricing as far as I can see.

>>thramp+Q3
Since they just said they were waiting for Enterprise revenue to reach a level where they could free the core product, and since SAML is an important driver of Enterprise upgrades (I've seen it happen), I wouldn't hold your breath.

Now that the core Pro features are free, I wonder if Rob will update sso.tax to set Github to :inf:.

>>buremb+Ug
https://help.github.com/en/actions/hosting-your-own-runners/...

>>derefr+Kd
I agree. There's a million SAML for Java/Python/Node.js/Foo libraries out there, all with a long list of issues and known cases that don't work correctly, security issues etc. but it's the wrong model in my opinion.

Instead of directly bolting SAML into your app, I think a FOSS implementation of an independently running service is the way to go. You run the battle tested open source service (locally / in your cloud), it accepts the SAML assertions and mints something sane like JWTs which can easily be consumed by the service providers, isolating the entire thing from your core app and allowing it be used with any stack. E.g. essentially an open source locally deployed Okta. Doesn't even need to do any user management, just focus on rock solid interoperability and forward all decision making to the actual app server.

>>ig0r0+(OP)
Thanks. I'm not surprised by this. I know this isn't a "mainstream" opinion, but I was fairly happy when MS brought GitHub. I think that the Nadella MS is much more streamlined than the old "Enemy of the State" version that got our undies in a bunch, back in the last century.

>>tobinf+g9
SAML is the de facto standard single sign-on protocol for enterprise-grade applications. If a SAAS app integrates directly with Okta or OneLogin, it probably does so with SAML.

There's a lot of functional overlap between SAML and OIDC/OAuth, but SAML is a very different (and idiosyncratic) protocol; the "what" is the same, but the "how" is very different.

>>hirako+z8
SSO is a security feature, not a convenience. It happens to be a security feature that comes bundled with some extra convenience, but it's not the only one like that; so are password managers.

>>Someon+Dd
Thanks for the kind words!

For developers everywhere competition is great. We recently made 18 new features free and open source https://about.gitlab.com/blog/2020/03/30/new-features-to-cor... and today Github with an improved free plan and their team plan came down to the exact same price as our most affordable plan. BTW Maybe an idea to rename their lowest tier from team, may we suggest bronze? :)

Since you mentioned contrasting here is a quick take on the features that you lose if you go from a GitHub Pro account to a Free account, I got the list from https://news.ycombinator.com/item?id=22867974 :

    Protected branches in private repos => Free on GItLab
    Draft PRs in private repos => Free on GItLab
    GitHub Pages in private repos (using 1) => => Free on GItLab
    Wikis in private repos => Free on GItLab
    Code owners in private repos => Bronze on GItLab
    Multiple issue assignees in private repos => Bronze on GItLab
    Multiple PR assignees in private repos => Bronze on GItLab
    Code review automatic assignment in private repos => ?
    Scheduled reminders in private repos => TODOs are free on GitLab
    Standard support => Bronze on GitLab

For a complete comparison across all the stages (like monitor and defend) please see https://about.gitlab.com/devops-tools/github-vs-gitlab.html

>>ig0r0+(OP)
I just realized I've been paying for Github pro for like a year for absolutely no reason at all.

>>ig0r0+(OP)
My legacy silver org plan (20 private repos) only shows a migration plan to teams at $4/user, is there something I'm missing? The new free tier seems effectively the same or better.

>>irrati+ud
Workflow automation w/ built in CI/CD, package management and code scanning etc.

The most important bit is workflow automation. It can be triggered on most (all?) events github emits

https://help.github.com/en/actions/reference/events-that-tri...

It was super obvious the value prop when it was HCL based. YAML based it kind of looks more like 'another CI'. It's still insanely powerful, just not as developer friendly anymore.

>>ig0r0+(OP)
> We’re happy to announce we’re making private repositories with unlimited collaborators available to all GitHub accounts.

Huh, I thought github made private repos available to free github accounts a while ago?

Looking for historical announcement, aha, it was not with "unlimited collaborators" before.

From Jan 2019:

> GitHub Free now includes unlimited private repositories. For the first time, developers can use GitHub for their private projects with up to three collaborators per repository for free.

https://github.blog/2019-01-07-new-year-new-github/

So what's new is dropping the 3-collaborators-per-repo restriction.

I hadn't actually realized this restriction was there, apparently I've never used a private github repo in a free account! And the messaging from a year ago stuck in my head as "private repos are free on github now", I thought they had already done what they did today, oops.

Above natfriedman writes:

> We've wanted to make this change for the last 18 months,

So apparently they had wanted to do this even in Jan 2019 when they did something less than this...

>>KenoFi+Pd
Github pages are free for public repos, aren't they? Perhaps switching to a public repo is an option.

>>tptace+Vi
For sure. I never said SAML was any good -- I said I found it to be simpler. :)

>>Someon+4e
So Actions is similar to Jenkins?

>>Someon+6g
Well, it seems to be one mode anyway. Even in that mode, it seems more flexible and probably more efficient too, than Web Forms.

>>cjdu+Nb
There are dozens of CI/CD offerings and many are better designed than Github actions, including Gitlab's CI runners.

I don't see what paying Github would do for AWS or GCP. They both have their own code repos, build pipelines, container registries, and more. Even Azure has its own DevOps product.

>>irrati+Le
The real question is whether corporations behave like "someone", like a natural (biological, real flesh-and-blood) person.

Whereas there is a need for legal corporate personhood (so they can enter contracts, be sued and sue others, etc), the extent to which a corporation has a "personality" is very much debatable— sign contracts, sure; but fund political candidates? Have a political opinion even? That's crossing a big phat red line most countries have outlawed (with good reason)— only citizens in their own name (that of a natural person) may participate in the civic life, whether board member/CEO or the lowest paid employee: same rights and duties, in a truly democratic political theory.

Factually, when psychologists attempt to describe the behavior of corporations, they are faced with "sociopathy"— but let's not pretend it's a trait, because it results more likely from the absence of consistency between people, departments, historical periods... it's not and cannot be as stable in space and time as a real natural person.

Corporations are neither good nor bad "people", they are simply not "people", but a different category of objects. We could also demonstrate conversely that natural persons and households belong to very broken categories of businesses... because they're not businesses!

So when we anthropomorphize corporations and businesses like they're people... we really create meaning out of thin air that never was there. If it's a one-man show, sure, obviously. Above that begins a very slippery slope that leads to super PACs and other churches like Evil MS versus Heavenly Apple and what-have-you.

Whatever greatness or horrors we observe from corporations should be attributed directly to the natural people who make those decisions— it's not Boeing that's bad, it's whoever's in charge and whoever condoned it. People. Boeing is just a 6-letter words, you can't put "Boeing" in jail, nor make it "Sir" by a Queen...

So I'd rather praise Nat himself than "GitHub" here, and I'd rather judge him and Satya Nadella in name than "GitHub" or "Microsoft"; recognizing that he (they) can't possibly be alone in this so the praise extends to all employees who strive to make great on a vision... and also the blame lies with them, when they're being disingenuous. People, real people, with real names and a past and loved ones and maybe kids and political opinions. Not an abstract 6-letter name who's already changed in the timeframe I wrote this post, as two new people got hired and another one left.

Indeed, a corporation is a permanent ship of Theseus: who's left, at Microsoft, from the 1990s? How much power do they command? Here is the real link between that era and now, behaviorally. The name matters little, people manning Microsoft 40 years from now will all be new people. Transmission of culture is limited between kids and parents, and even more so between one's predecessor and one's successor at a job.

Microsoft has changed, as a group of people, because well... most of these people have left and new ones came in.

Sorry for a long piece; but this truth needs saying, especially in these times if we are to reform our societies to better solve the pursue of a "greater, common good". Mistakes were made (in the legal structure of things), ethical compasses need realignment (let's just admit people from the past couple centuries couldn't get everything right nor possibly predict our present, and let's just move on with our times, our challenges, shall we?)

I'm very interested to hear what Hackers have to say about this, although I suspect it's become a fairly non-controversial, almost benign realization nowadays (used to be ridiculous, then dangerous thinking, now it seems obvious retrospectively like any real paradigm shift).

>>Nullab+cj
C'mon, that's an unnecessarily cynical take. The offers in the student pack are here: https://education.github.com/pack

You can see that there's a lot of overlap and that these offers cover very broad sections of the industry. This gives students the opportunity to explore and develop immediately employable skillsets without impacting their already limited budgets.

>>yjftsj+Rc
Transparency can give bad actors a way to game and workaround the system.

>>JMTQp8+Z6
They opened sourced the runner[0] if you're interested in learning how it works. Understanding the internals of it may or may not help the syntax and concepts of Actions land though.

My guess is that it is unlikely to see your request for a more generalized script or Dockerfile runner realized because that (Dockerfiles) was the original implementation of Actions during the beta; they pivoted away from that to the current form.

[0] - https://github.com/actions/runner

>>Tepix+kl
Yes, I considered it, but that's how unfinished draft blog posts end up on HN ;). We'll probably just stop using Pages and deploy to S3 instead - it's a fairly minimal change.

>>kube-s+nl
For developers, they're both just libraries. As protocols to implement, SAML is drastically harder.

>>ccmcar+fj
We're working on clarifying this.

>>alecbe+Ie
Um, AdWords.

>>amsull+v5
I'm curious why you need the SOC2 report itself instead of some sort of signed statement of compliance. The details of the SOC2 don't seem like they should be important?

>>JMTQp8+Z6
Counterpoint: I've never used Docker at all (I'm a Mac/iOS dev), and was able to get GitHub actions set up and doing what I needed it to in ~30 minutes. Its general similarity to other CI/CD solutions, TravisCI being the one I'm most familiar with, helped a lot.

>>reilly+nj
> Note: Currently, you can add a self-hosted runner to a single repository. The ability to add and manage self-hosted runners for an entire organization will come in a future release.

Still waiting for it for the last few months. :)

>>natfri+V2
Slightly off topic, but I would like to request that you open Github for Education [1] for pandemic-related home-schoolers. Currently it requires verification as an accredited school & credentials. Any help is appreciated.

[1] https://education.github.com/schools

>>2OEH8e+Ol
More likely, ammo in a potential legal battle between GitHub and the banned party.

>>Saaste+wj
+1 Wish I had more upvotes to give. This should exist.

>>muglug+Pf
Not at the $0 price point they don't.

>>irrati+Le
> Past behavior is a good predictor of future behavior.

Is it? Past behavior on the scale of decades, with leadership and org changes, market changes, culture changes in between?

I don't think that my behavior 10 or 20 years ago is a very good predictor for my behavior today.

>>KenoFi+Yl
Or you can use Netlify connected to a private GitHub repo. I use it for my personal website (hugo blog) and it works flawlessly. CI/CD integrated, so it's just push to deploy.

>>wlll+Vf
But you can also run Gitlab on prem for free.

>>edaemo+if
My team stuck with Jenkins, Docker, and custom shell scripts to get the job done.

>>Thaxll+ki
that's just a subset of the features you can develop with actions

>>natfri+V2
Are you still providing services to people who put children in cages?

>>ghshep+ji
> First, Microsoft was evil back then because they didn't just rely on excellent pricing and features (both of which they had) - but also because they leveraged their monopoly in one market (desktop operating systems) to prevent competition in adjacent markets (browsers).

Isn't that exactly what's happening here?

Gitlab competes with Github, but doesn't have the equivalent of Azure to subsidize it with.

Azure competes with AWS and GCP, but Amazon or Google don't really have a Github competitor. (Maybe Google has a small one (?), but I've never heard of anyone using outside their cloud product.)

Bringing Github and Azure closer together is an obvious move.

Github might not be a monopoly in the legal sense, but it's a solid #1 in the space, with strong network effects. On the other hand, Azure is far behind the near-monopoly AWS.

>>Saaste+kh
It's a little odd to say something is not a "net security benefit" and, in the next sentence, make a powerful case for it as a net security benefit. SSO is probably the most important organization security tool there is, and a survey of tech company CSOs will average it in the top 3, if not the top 2 technology acquisitions most would make at a new firm (this is a question I've actually surveyed).

>>Gordon+di
Same question here. We use the hosted version of Azure DevOps for work, but I use github for open source contributions. They both have their place, and DevOps feels more suited to enterprise use than GitHub right now.

>>maniga+Al
I use Gitlab's CI runners and I agree. However, I am pretty excited about the direction that Github is going with their actions. Having a directory of user created actions and integrations seems like gold to me and I hope Gitlab starts leaning that way soon.

>>Gordon+di
Do you plan to make github enterprise available for free on their own premises for teams?

>>Someon+6g
There's nothing magic about it. Web Forms was a great innovation and brought the WinForms model to the web. It was more productive than anything else at the time and directly influenced MVC patterns (which asp.net itself went towards) and component-based UI.

Blazor is the next evolution in client-side and offers an alternative to building component UI with C# running through WebAssembly instead of Javascript. Again it's much more productive and lets backend teams reuse much of the same code, similar to JS/node projects today.

Blazor's server-side runtime is a optional model where all the component logic can run on the server and be delivered over a SignalR connection to further increase productivity and efficiency where it makes sense (highly constrained devices, local intranet apps, etc. There's even experimental projects to bring Blazor for mobile apps.

>>closep+yg
It's not a technology problem. Integration with "foreign" SSOs is complicated no matter what protocol you use, with lots of corner cases and support costs, but these features are expensive for the same reason that single-day-turnaround short-notice flights between Chicago and NYC tend to be expensive: the people who want them have money to spend on them, and it isn't their money. That money pays for the cheap seats everyone else sits in.

>>ig0r0+(OP)
I wonder if this will lead to more closed source software being written. I don't mean by MS specifically, but overall.

>>ig0r0+(OP)
Many comments are saying that Microsoft is doing this move to help cross-selling Azure. I don't see many users of free tier willing to spend money on Azure.

>>closep+7i
This sounds like how my previous company had GitHub configured.

We couldn't push to master, but we could merge accepted PRs. Not sure if this was done with GitHub or with Git itself.

>>Gordon+Li
It seems reasonable to expect this, but it can fall down in practice for several reasons:

* Sometimes legal counsel provide advice that there should be no further response to the individual or organization. Often technical people don't understand this situation, but it doesn't change the merits of the legal advice. In smaller organizations a leader might take a chance in further engagement, if they think it's helpful, but it's unlikely a large organization would expose themselves to this risk.

* Breakdown in internal response processes. You'll find that many people are really uncomfortable in these situations (e.g. compliance team shut down service, but don't "own" the response.) Unless the legal team has written a response and instructions on how to deliver it, you will often see people in organizations avoid giving the response. Things get passed down as low as they can go which doesn't help because there is less experience with handling tough situations. Very often some poor person with support ends up having to give the response and they basically ignore it because they can avoid the situation. This isn't very professional of the organization, but it's a reality.

>>tobinf+g9
SAML is pretty simple, it just uses XML which I think turns people off to it by default. I've implemented it once and I feel like I have a decent handle on what it is (though maybe I've just avoided the worst edge cases).

OAuth is way more complex, I've used it countless times and still get confused by it. It has more complex patterns like having a separate resource server and authentication server, it's used for more purposes, e.g. sometimes for API access and sometimes for login and sometimes a confusing mix of both, and there are big differences between v1 and v2 and some services are still using v1.

>>ig0r0+(OP)
Note: the minimum of 5 seats is removed so if you're using less than that then you'll have to manually remove those seats to avoid being billed.

>>Someon+6g
This is a really cynical take.

I'm also not sure why you are conflating Silverlight with Web Forms - it was never competing with Web Forms, it was client-side only, a replacement to Flash - a better UI and API (at the time) than HTML/CSS/JS.

Blazor is OSS, and doesn't work like Web Forms.

As in your own quote, Blazor uses SignalR - which uses push-based comms, such as Web Sockets; Web Forms was standard HTTP.

>>alecbe+ae
Short answer: Absolutely yes. If you can setup a website using Docker, you can do the same with a Git server on-premise. Many companies have done this without Github for years.

Why you ask? You have total control over the stack, CI, etc and some orgs have in-house sys-admins or IT department to do all the work independent of a third party like GitHub. Maybe you should ask the Linux Kernel Project, WebKit, OpenBSD, Mozilla Firefox and even RedoxOS maintainers about why they self-host their projects which some even have mirrors on GitHub.

On another note I keep seeing this over on some repositories and now because it is 'private' I don't even think it remotely makes sense or is a good idea to even use GitHub to backup private keys even if the repository is 'private'. As long as it is on someone else's server, you're not in control.

>>2OEH8e+Ol
We're living with transparent juridical system and it works fine. Imagine that you could be thrown to jail without explaining a reason. That would be outrageous.

>>binary+kc
Azure DevOps has a really generous free tier too, with unlimited public and private repos.

Just pointing that out - to be clear, I don't buy into all the Microsoft bashing that there is on HN (and I say that as someone who was around when Microsoft gave plenty reason to be hated).

>>ig0r0+(OP)
This announce is not clear to me, as to what really changed. Can I have protected branch in my private repository now?

>>Randal+Hp
Generally speaking that's what Github's "protected branches" are, and it looks like you lose those for private repos when you switch to the free plan.

>>2OEH8e+Ol
How is "game and workaround the system" different from "comply with policies"? Is compliance not the objective?

>>dimini+Bo
This has been possible since long, what am I missing?

>>yjftsj+Ud
If it's not an attack, why do you think they bought NPM (which doesn't sell anything meaningful)? Goodwill?

Make no mistake: this is about control.

>>irrati+Le
In any case a theory along the lines of "company X is planning to do (bad) thing Y" doesn't involve any conspiracies.

Unless you stretch the term so broadly that "I think Apple is planning to produce a mobile phone" becomes a conspiracy theory, I suppose.

>>tptace+oo
SSO is a great benefit to the customers, with real tangible security and management benefits.

I'm however speaking from the point of view of the service provider (the SaaS app) and about SAML in particular. I feel that the addition of SAML into a given service is a net-negative from that service's security point of view. It's a large additional complex attack surface, many open source SAML libraries that I've reviewed have a history (and in some cases open issues right now) of "pants on head" type of security errors. A popular library in use right now, has a known race condition where it gets confused if there are concurrent SAML requests happening.

And that's just the libraries. Then you have to use them correctly. The libraries do the absolute minimum checking since they don't have the context, you have to add a laundry list of your own checks to them. Just recently there was a HN article about taking SAML assertions posted to provider A and re-using them on provider B, where clearly the most basic of checks aren't in place at all. There's all kinds of confused-deputy type of problems I believe most service providers don't think about at all. And that was an easily offline checked attribute, I believe if you'd start to check how many services correctly implement even the basic "inResponseTo" check on SP-initiated flows (which requires a distributed cache on the service provider side), you'd find they don't.

>>natfri+V2
Biz question for you: do you think given enough of a run way i.e time you could have gotten to that enterprise run rate without Microsoft or have customers come to you now that you have Microsoft's backing -- i.e has that made sales easier?

>>pkamb+ke
I'm curious: since GitHub Pages intended to PUBLISH pages, why to make the repo PRIVATE?

>>harikb+Fm
When I signed up for the Student Dev Pack originally in HS, the school district's evil IT department blocked mail from outside domains for whatever reason, so I sent GitHub a picture of my schedule (which had the name of the school and my name on it), and they accepted it. If you have evidence of being a home schooler (I believe there's some paperwork you have to file with the government?), they'll probably take it too.

And for the classroom system, it's open-source (https://classroom.github.com/) and you can run it on a box at home. That'd work given you probably only have a couple users at any one time.

>>Slavik+9u
Sometimes people want to keep the code, commits, etc. private but maintain a blog

>>oefrha+og
It's on the FAQ at the bottom of the announcement blog: https://help.github.com/en/github/getting-started-with-githu...

Though it does require a bit of between the line reading

>>vbezhe+Rq
> transparent juridical system and it works fine

Yeah, criminals are always arrested and convicted. /s

It's a balance. With something as essential as human rights and personal freedom, people (tend to) err on the safe side. Online moderation can err on the other side, since consequences are relatively modest. If you get banned on GH, move to Gitlab or host your own, that's hardly a tragedy.

>>zerkte+Kp
This is a well thought out response with factors that weren't obvious to me - thanks.

>>ascend+9n
I can see that happening at some point... as long as you host in Azure.

>>Gordon+di
Both products have a bright future and millions of users, and so we're continuing to invest in both for the foreseeable future. We're also finding ways to improve integration between them, so people can use them together if they want to. GitHub Actions reuses a bunch of code from Pipelines under the hood, for example.

>>LifeIs+q1
Extinguishing the competition. It's not even the first time. Remember Internet Explorer?

>>sathya+Ir
I'm assuming he means on-prem GHE, for free, which I would doubt since that would eat away their revenue.

>>Saaste+fs
I'm a security researcher with a minor focus in SSO libraries, working on OIDC and SAML right now. I've discovered and reported some of the kinds of issues you're referring to. Both OIDC and SAML are fraught in implementation, but so are all login features.

Meanwhile: we're discussing Github, not a random cat-sharing startup. Github has one of the larger security teams in the industry. The parties implicated in Github SAML are Github, Okta, and Github customers, who do not actually have to implement SAML. Github SAML is not in fact a net-negative for security.

>>tptace+jj
I was _just_ thinking of https://latacora.micro.blog/2020/03/12/the-soc-starting.html and https://sso.tax/ as I was writing my comment!

>>shrika+j3
Gitlab need only wait before GH starts adding Azure-first and Azure-only features, as they are wont to do. At that point they can just offer "the same but for any other cloud provider". Amazon, Google, or IBM, might even throw them a bone.

>>cactus+ze
> The problem is that the only organizations that would make this single issue of SSO support a deal-breaker are bigger companies who can afford to be upsold

That's not true. We are a tiny company (~10 ppl), but SAML, OIDC (or GSSAPI or Radius, if really necessary) support are a deal-breaker for anything we use.

We used to have separate accounts for everything we had. It became a drag, we had to solve it. Nowadays, either it can be integrated with SSO, or we will do without.

> so everyone treats this as an up-sell feature.

And that's the mistake.

>>klinsk+A1
Gitlab, yes. I don't see Bitbucket as much of a player (unless you're in the Atlassian ecosystem and you like it, which seems... rare).

>>sneak+68
Microsoft have already stopped development of Atom, sadly.

>>underd+Om
So far it's been mostly small / independent developers or organizations that were banned, and Github has Microsoft behind it, a $125bn / year revenue company with a legal team 1,500 strong (https://www.bizjournals.com/seattle/news/2019/12/02/how-brad...). I don't think fear of litigation is the issue.

>>Gordon+jq
> This is a really cynical take.

I was a Web Forms developers, I've earned at least that. Blazor absolutely does work like Web Forms, in terms of client<->server integration, just because it uses WebAssembly & SignalR instead of JavaScript & Ajax doesn't really change that but rather obfuscates it. Essentially it is just another set of abstractions attempting to paper over a real boundary.

> As in your own quote, Blazor uses SignalR - which uses push-based comms, such as Web Sockets; Web Forms was standard HTTP.

Which makes it even worse, if the client/server boundary wasn't muddied enough with with the unidirectional magic Web Forms used, now we have omnidirectional instead. As if that will make it less complicated and buggy.

Definitely put me in the "nay" category with Blazor. I've danced this exact tango with Microsoft twice before, and their obsession with making browsers desktop-like applications. WebAssembly is cool tech for one day, they're just abusing it for something that is an inherently bad idea.

>>pubby+96
If it was the bad words/slurs, could that have been resolved by hiding them behind some basic string manipulation (ex. a caesar cipher)? I can see how GitHub wouldn't want a public repo to have objectionable words, but can't imagine the harm from obfuscating stored copy.

>>mythz+S4
As a counterpoint, alternative options like Gitlab and Gitea seem to be doing pretty well.

I think the person who solves project discovery across all these services is going to make a killing.

>>Saaste+wj
Nod to Keycloak / Red Hat SSO here, it’s my goto solution for dealing with identity these days.

>>shishy+1v
Use a private repo, attach a code action to publish your output of your favourite blog to static html output to a public GitHub pages repo.

>>natfri+V2
Hi Nat, What's the plans for integrating Microsoft's VFS for Git into GitHub?

https://github.com/microsoft/VFSForGit

>>Nullab+cj
And you only use a subset. And your employer is typically very happy to pay money for productivity.

For sure this is to the benefit of the involved companies. But paying for good tooling is normal not strange. When you go to your local handyman he will tell you a lot about good and expensive tools.

>>sneak+68
Luckily history has shown that competitors still exist in a world where Microsoft tried hard to “extinguish”. macOS and Linux still exist, Chrome is the most popular browser (not IE), and most people who use Windows are fairly happy with it. You can try to point to Microsoft’s past behavior as proof that the future of GitHub is dystopic, but I don’t think their past behavior was particularly effective at snuffing out all competition and forcing people into their ecosystem. I suppose this is a matter of opinion, but I think being scared of GitHub sliding into terribleness does seem to be in the realm of paranoid conspiracy theories. Even if it does happen, git will always exist and there will always be alternatives.

>>sneak+68
I think it's worth pointing out that GH was always on this path, to the point where it's actually kind of hard to explain the difference between git and GitHub to fairly technical people.

It's also worth pointing out that it doesn't have to come from malicious intentions.

>>2OEH8e+Ol
So just to be clear, are you arguing that rules shouldn't be clearly laid out, because then people would be able to follow them?

>>Saaste+wj
> it accepts the SAML assertions and mints something sane like JWTs which can easily be consumed by the service providers, isolating the entire thing from your core app and allowing it be used with any stack. E.g. essentially an open source locally deployed Okta

You want Keycloak - https://www.keycloak.org/ - then.

>>toyg+lv
Online moderation is an issue of personal rights.

>>jedber+bc
Gitlab states it wants to go public this year

https://about.gitlab.com/handbook/being-a-public-company/

>>ig0r0+(OP)
Bit disappointed that this isn't an "Everyone Wins" pricing change.

The new plan is a downgrade from the old one. For example, it will only include 3000 Github Action minutes. The old plan included 10000. The next plan up would be > 2 * old price.

Source: https://github.com/pricing vs http://web.archive.org/web/20200406010552/https://github.com...

>>oefrha+og
I think it's Okay. If you are going with the Pro account today you need a particular feature. So you likely know what you are looking for.

>>mythz+S4
> Great news for everyone

Not true.

The new Team plan will be a downgrade in specs from the old teams plan. For example it only includes 3000 Github Action minutes. The old plan included 10000. The next plan up would be > 2 * old price.

Source: https://github.com/pricing vs http://web.archive.org/web/20200406010552/https://github.com...

>>natfri+V2
I currently pay for a Github Silver plan annually ($600). When I try to downgrade to Free I get a message (in red) "You will no longer be able to access your private repositories or create new private repositories."

How do I downgrade without losing all my private repos.

Thank you!

>>freyfo+xD
When you emailed this question to GitHub Support, how did they respond?

>>cactus+Lp
> SAML is pretty simple, it just uses XML which I think turns people off to it by default. I've implemented it once and I feel like I have a decent handle on what it is (though maybe I've just avoided the worst edge cases).

I once tried to implement it, and found that the specification was spread across ~500 pages of dense PDFs. I find it to be complex.

>>jbergs+vg
I think it depends on OS (Linux is $0.008/Minute, but macOS is a lot more - like $0.08): https://github.com/features/actions (scroll to the bottom)

>>thauma+Il
> You can see that there's a lot of overlap and that these offers cover very broad sections of the industry.

True, but that applies as much to their $200k figure.

> This gives students the opportunity to explore and develop immediately employable skillsets without impacting their already limited budgets.

The stuff that's worth using has free or cheaper alternatives anyway.

>>natfri+Ow
I get that you guys want to say that publicly, but let's be real. No company would invest a massive amount of money in a duplicate product. One product will eventually starve.

I guess it is up to us to guess. Anyone?

I see GitHub being the unmovable giant here. Microsoft is publicly developing on it, as opposed to Azure Dev Ops. It has a very large mind-share. More developers are willing to use it without having the Microsoft stigma that some nix people feel.

>>ebresc+Uc
I just tried downgrading from my Pro Account and got:

"Your account can not be downgraded yet because one or more of your private repositories is over the collaborator limit for the free plan. Please make sure that each of the private repositories owned by your account below has 3 or fewer collaborators before downgrading your account. Questions? Please contact support@github.com."

Am I missing something or is this not implemented yet?

>>harha+t9
As a business customer of a SaaS product, being able to revoke any employee's access to the SaaS tool if they are terminated. (Imagine how hard this would be for e.g. the SaaS tool your company uses to view financial reporting if it required every user at your company to create their own username/password. If you wanted to prevent someone from "going rogue" during termination, you would need to have an admin remove their account access prior to termination -- and do it on every SaaS product that person used. With SSO you revoke their access and everything gets locked out.

Source: Watching an alcoholic CTO get fired by the board and taking the startup's hosted Mongo database hostage

>>vbezhe+fr
No, it looks like protected branches are not part of the "Free" tier. It's introduced in the Teams pricing and up.

>>jedber+bc
While Amazon tried to go into the private hosting and ci/cd market, they are not a dev tool company. Microsoft was born as one. When Amazon or Google would buy GitLab they would meaningless integrate it, reduce staff by half and then ruin it over time.

Maybe when Microsoft would have opened up some years earlier, Codeplex would not share the fate of Google Cloud.

>>tptace+Mx
100% agreed, GitHub SAML is unequivocally good. I'm in the "cat sharing startup", so my view and comments are colored by that perspective. Our options are to pay $$$ for a competent auth provider, or take on a much larger and complex security responsibility than it would seem at first, that might end up compromising our entire service.

I have a theory that one reason we don't see many your-SAML-implementation-is-completely-broken reports is precisely because it's a gated enterprise feature, so few independent security researchers have the access or ability to poke and prod at them outside of private penetration tests.

>>pknopf+5E
> No company would invest a massive amount of money in a duplicate product.

I don't mean to be rude, but have you worked at a very large company like Microsoft or Amazon or Google? Redundant products are par for the course because of the byzantine internal politics and funding structures of big companies.

>>freyfo+xD
Martin from GitHub here. Sorry about that message - team are rolling out an update to change the text and should be fixed soon. In the meantime if you ignore that message and downgrade from a legacy plan to Free then you will retain access to your private repositories.

>>trough+je
As a .NET fanboy: no it will not be a game changer. It is too fat and does not fit the rest of the web development model. Similar to Xamarin it will be a platform to run C# and .NET on. It will not be the native or best experience. It will be productive and enable cross form factor reuse of code. Not more, not less.

>>specia+N3
The same safeguards that are in place on Azure (which is used by 99% of Fortune 500s for either Office 365 or cloud stuff), which is to say, ethics, and the fact that if they tried it once most of those companies would reduce their spend with Microsoft immediately. Not to mention the government contracts.

>>oaiey+rB
> And your employer is typically very happy to pay money for productivity.

And that's money that's not going to better equipment. Or your salary. Or whatever else that it could be spent on that would have a far bigger effect.

> But paying for good tooling is normal not strange.

Paying for bad tooling is normal. Good tooling tends to come as a consequence of trying to solve something else.

Bad tooling also tends to be much more expensive to produce, because it's so prone to scope creep. Visual Studio had to build their own Docker wrapper, because telling people to just use it directly would give their users a glimpse of the outside world, and we can't have that!

> When you go to your local handyman he will tell you a lot about good and expensive tools.

The vital difference is that physical tools are expensive to duplicate and maintain. You can't distribute a hammer via BitTorrent.

>>aledal+0a
Exaclty this. On gitlab you can run your CI runners on anything you like. Basically start docker and forget. Curious how github actions compare.

Update: apperantly github also has self hosted runners

https://help.github.com/en/actions/hosting-your-own-runners/...

>>martin+fF
thanks for the fast and reassuring answer, I appreciate it. I'll wait until that message goes away, I can't risk losing my private repos.

>>Saaste+5F
The riskiest components in SSO deployments are SP-side libraries, and those are all open source. If you want to use Okta to drive those libraries, the trial account you need is free.

The worst bugs here are indeed mostly private, but that's because they're feature bugs inside of people's random products; they're like every other bug in that regard. But people do find and report bugs in the SP libraries.

I agree that SAML is risky to implement; since we agree that Github SAML is an unalloyed good thing, we'd be searching for reasons to disagree at this point.

>>bhk+Fr
Compliance with the spirit is the objective. Sometimes the spirit and the letter differ for any number of reasons (many of which are completely reasonable).

People tend to get pretty upset when someone is very clearly complying with the letter while flying in complete opposition to the spirit, and it's not always an easy fix.

>>saagar+DC
Not in the Constitutional sense, and not in anything administered by GitHub.

>>vetina+nC
+1 for keycloak

>>AlphaW+8e
Is it? There are several GitHub alternatives, many completely free as well, and none of the source was lost unless all the maintainers and contributors also delete their local copies.

>>sytse+Hk
One big differentiator that GitHub has vs GitLab is the availability of monthly pricing. This was a deal breaker against GitLab for us.

>>ig0r0+(OP)
I hope developers still default to making their personal repos public after this change. One of the fringe benefits of GitHub is the ability to search across the entire site for uses of obscure, poorly-documented APIs. Defaulting to most repos becoming private would greatly hinder this.

>>pc86+RG
In that case, it sounds like the letter needs to be fixed. It's not fair to expect people to follow an ephemeral ideal of what the rules are rather than what they're told the rules actually are.

>>mgw+DH
Thanks, good point, we're looking at changing this.

>>spencz+6F
Big companies like Microsoft and Google like to burn products with little notice too.

>>oaiey+YA
Nobody's saying it's not possible with a hack or workaround, just that it doesn't work out of the box.

>>kintal+OE
So basically they removed restriction of 3 collaborators from free tier and that's it. Well, pretty useful for a lot of teams, I guess.

>>renata+dI
Like I said, it's not always that simple. When it's not, something less than 100% transparency allows one to look at the given particulars of a case and determine whether or not someone is simply trying to evade the spirit of a rule or not. It gives enforcement actors a little lee-way that they wouldn't otherwise have.

>>plange+ZC
That doesn't preclude AWS (or anyone else) from trying to buy them. :)

I don't know how much control their external board members have, but if an offer came in, the board may be able to force acceptance instead of going public.

>>natfri+V2
Why do you still have a contract with ICE?

>>toyg+My
It seems like in the medium term, staying independent could be a huge boon to Gitlab- like you said, it'd allow them to make high quality integrations with all cloud provider utilities.

In the long term we'd probably see the cloud providers create their own social revision control projects, and then fuck around with private APIs so the quality of the integration between their cloud service and their source control leads you to stay locked in.

Even in that scenario it could make sense for there to be a 'neutral' party like gitlab, though.

I acknowledge this is my own imagination and I've no claim to know the future! :)

>>ig0r0+(OP)
I am very thankful to have GitHub on this planet

>>adverb+3D
It depends how many users you had. https://github.com/features/actions#pricing-details shows that if you have 12 members you can buy the difference in Linux Github Actions and still get ahead. The price on Mac is prohibitive though and yeah you definitely lose out there as I don't think many people on that plan have 120 people.

>>natfri+V2
> every developer on earth

This now includes Iran, Syria, and Crimea. Bravo

>>natfri+V2
> Existing customers will have their bills automatically reduced going forward.

That is a class act right there.

Now, if you would open source github...

I kid. I have zero hope that that will ever happen.

It has always been bizarre (IMO) that arguably the most popular open source dev forge, er, hub, is closed and proprietary. But what can you do?

Remember when all those FOSS devs sent an open letter to github whining about that and begging for attention? https://github.com/dear-github/dear-github (Ironically, they "signed" it by filling out a Google docs spreadsheet! As opposed to, say, patching a file.)

Utterly bizarre.

And now they have done it again, apparently because GitHub serves ICE: https://github.com/drop-ice/dear-github-2.0

They "call upon GitHub to: Immediately cancel your contract with ICE ; Commit yourself to a higher ethical standard with all of your business dealings ..." [in writing]. But they stop short of threatening to leave if GitHub doesn't comply with their demands.

Leaving aside the politics of ICE, and the strangeness of talking to "GitHub" like it's a single person, it seems to me that without taking some action (like moving to e.g. Srht or self-hosting a DVCS hub) that this is just posturing.

Anyway, congratulations on sucking more air out of the room of FOSS development. In the words of the aforementioned, undersigned, concerned peasants, excuse me! users, of GitHub:

> We still believe in GitHub as a platform, as a place to help the open source community make the world a genuinely better place. Please, step up and join us.

>>static+hm
When you're going through SOC-2, your auditor will ask for the SOC-2 report of each critical vendor.

>>m0xte+2J
...and small companies go under or radically morph their products.

There's this irrational demand vocal on social media that large corporations keep their products forever.

>>natfri+I9
I run /tg/station's servers.

A few questions:

Do you think the scale could be handled better if you informed repo owners 1: that their repo was disabled, and 2: why their repo was disabled?

Currently the owner has to contact support to know why it was disabled, our repo was disabled thursday at 5am pdt, we sent a ticket by 6am. We still don't know why it was disabled. Its tuesday. (edit: we did get a reply, vague comment about slurs, nobody's sure if its the nword word filter (so thats getting removed, ironically enough), or the comment from 2014 with a soft-a, (but it can go), or the fact that the meatball food item has a, umm, british name)).

Also, do you think the scale of content moderation would be easier if you tiered repo disables between can be resolved and can not be resolved, and in the former case provide the same 24 hours deadline that you provide line item dmcas, as well as provide access to the owner during any suspension if the 24 hours deadline is not met (That you also provide to line item dmcas)?

All of these unneeded trips to support has to be eating into the efficiency of things.

>>Saaste+wj
If you want JWT tokens, you should be using OpenID Connect instead of SAML. There is very little reasons to use SAML in 2020, it's over complicated and has little support. OpenID Connect does 95% of the same, much better.

If you want self hosted IAM solutions. The most common one is Microsoft active directory. It provides both SAML and OpenID Connect integrations out of the box as of ADFS 2016.

Still, SAML requires to onboard applications individually, create keys, and stuff. It's not plug and play, it really needs humans on both sides to add a new service.

>>pknopf+5E
ADO is widely used inside Microsoft, with a variety of internal extensions to integrate with our internal build & deployment solutions.

AFAIK, there aren't any plans in Azure to give up ADO in favor of GitHub. If anything, with the push to standardize builds internally, it wouldn't make sense to move to GitHub for at least another 2-5 years.

Obviously, I don't speak for my employer and leadership may have other directions in mind.

>>tptace+oo
What's are the other contenders for top 3?

>>Saaste+Q8
It's a paid service, but AWS Cognito supports SAML in a similar way to Okta/Auth0 but with a much lower initial cost (you just pay a reasonable rate for what you use, not multiple thousands of dollars to get it up and running). I used it to build a SAML integration at the end of last year and have been pretty happy with it so far.

>>natfri+V2
Will there ever be an OSS version of GitHub, a la Gitlab?

>>oaiey+WE
> While Amazon tried to go into the private hosting and ci/cd market, they are not a dev tool company

When did Amazon give up?

>>tptace+JG
I'm surprised you'd say SP-side libraries are open source. In my experience, it's always been mostly custom and close source in every company I've seen and done.

You take some open source pieces you can (saml, xml, oidc, ssl, jwt) but permissions, groups, user attributes, keys are always per company then the whole thing together has to be supported into end-user applications running on language and frameworks of the day with their own restrictions, so custom.

>>toyg+lv
That is exactly what I do. I use self hosted solutions for my source code repositories. I just can't digest my code being handled by some other entity. Too important.

>>Notori+kC
Not taking a side on this, but there do exist people who exactly follow the letter of the law to circumvent the spirit of the law.

For example, people who harass others just within the confines of the rules so that they can't be banned from a community solely using the rules.

This is why we need humans to judge the spirit of the rules.

>>m0xte+2J
Google sure, but Microsoft? The company that kept the Zune service alive for 4 years after the product was EOL and with a userbase likely measured in the hundreds of thousands?

https://www.wired.com/2015/09/what-to-do-with-your-zune-rip-...

The company who STILL supports 16-bit apps?

https://www.groovypost.com/howto/enable-16-bit-application-s...

Ya... I would hardly say MS is known for killing stuff early - more like they've spent years being ridiculed for carrying baggage forward for decades longer than anyone else.

MS might be bad at a lot of things, but I'd hardly say they're known for "burning products with little notice".

>>natfri+V2
This great news, I appreciate the free stuff, but on the other hand free stuff can be tricky as the company must make money. So I hope that your enterprise model will work.

>>m0xte+2J
That is true for Google, but certainly not for Microsoft. Microsoft's support for legacy software is pretty amazing actually.

>>ig0r0+(OP)
The way I read the title and heading, it sounded like teams was now free.

This messaging is very confusing. Teams is not being made free, you need to pay $4 per user. A better message would be: "we're reducing your price to $4pp, and giving you access to more features."

>>natfri+V2
Hi Nat. Just to clarify, do these pricing changes imply that users without a paid plan will no longer receive any e-mail support from GitHub?

Speaking as a long-time user, over the last 10(?) years I've only ever needed to reach out to support@ twice or so, both times with fairly obscure issues that were promptly dealt with -- thank you.

It'd be a shame if the implied change to "community support only" for free accounts means that free users no longer have any direct way to contact support.

>>pc86+RG
That's why the letter of the law needs to be updated to better reflect the spirit. Imagine if police could arrest you, and keep you, without telling you why. That's something that society figured out a long time ago isn't healthy.

>>ig0r0+(OP)
Ouch. Just paid for a yearly pro license at the end of March.

>>binary+7R
Ugh.. did you notice that they also changed what the Free plan includes? Many of the premium features, including unlimited private repos for an org, are now included in the free plan.

I am actually going through the list and thinking my company might be able to do with the free plan from now on.

>>ig0r0+(OP)
Actions, Packages, Sponsors, free unlimited private repos, this...Microsoft's GitHub acquisition has turned out really great so far in my view.

>>taytus+eg
"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."

https://news.ycombinator.com/newsguidelines.html

>>jfoste+Ye
Access is cut off in our case (ss13), i don't know if that's different in user owned repos vs org owned repos.

>>adverb+tD
You can buy extra build minutes. The missing 7k minutes would cost $56, which means teams with 12 or more devs who are using the full 10k minutes will be better off. Smaller teams using more than 10k will be worse off.

It’s probably great news for the vast majority of teams.

>>tptace+Jo
SAML is a technology problem, on top of all other problems.

The messages are under specified and overcomplicated, doing incredibly obscure stuff (XML signing and canonization for one) that nobody can understand and implement. That's mainly why it's so hard to use and there is so little support from libraries.

As security researcher, we could nitpick all days on security being hard, no matter the solution. It is factually true but it doesn't help developers, fact is, developers would be better off ignoring SAML and going with OIDC instead.

>>binary+7R
Normally we'd change the title to be less confusing, but in this case it's a bit tricky, for reasons I've explained here: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

>>leadin+Qh
I've read that more than half of government/regime changes that happened in the 20th century were the result of some kind of coup. In other words, conspiracy is the norm.

>>Haegin+GN
I've looked at Cognito in depth, and it seems like an abandoned service. Hundreds of open issues that got rolled into the Amplify issue tracker, with little to no response. It lacks some pretty basic SAML capabilities, like IdP-initiated logins. If your customers want to put you as an icon in their Okta dashboard or whatever, can't do it. They reported that as being "on their roadmap" in 2017.

It does work for the basic use cases, so I would still consider that an better option than rolling your own for the average service provider.

>>Ensorc+KR
They’re refunding pro-rata.

>>ig0r0+(OP)
Probably not very smart to use this feature, since your so-called "private" repository is an exploit or a leaking employee away from becoming public.

Instead, use a self-hosted Gitlab instance or similar, preferably with an external firewall preventing outbound and non-team inbound connections if feasible.

>>armads+km
As an ios dev too, do you have any favorite actions you can recommend?

>>vbezhe+Rq
1) You can be thrown into jail without any explanation whatsoever.

2) You can be shot without any explanation whatsoever.

3) Your possessions can be taken away, and sold off without any explanation and without recourse.

Links about each of these claims:

https://abovethelaw.com/2018/07/innocent-people-who-plead-gu...

https://en.wikipedia.org/wiki/Shooting_of_Walter_Scott

https://www.forbes.com/sites/jacobsullum/2014/09/11/how-cops... (also applies to, say, cars)

>>user59+QP
What's the closed-source SAML library you're thinking of? Every SAML integration I've seen has been done with an open-source library.

>>user59+vN
MDM or endpoint tracking, and then it gets diverse.

>>natfri+b4
Oh thank god. I was getting close to jumping ship to GitLab, which supposedly has toptier CICD stuff.

Now I can at least compare the two.

>>ig0r0+(OP)
This isn’t really surprising. Microsoft has had a free equivalent for years with Azure Devops (formerly known as Visual Studio Team Service). Azure Devops has hosted build and deployment orchestration with either hosted build servers or local build servers using local agents. It also has private Nuget repositories, project planning, bug tracking etc.

Azure Devops deployment tools are (were? It’s been a couple of years) just as good for deploying to AWS as AWS’s own tools.

>>user59+kS
1. I don't think this particular thread is a good venue to litigate SAML vs. OIDC.

2. I think the product complexity issues are, like, 95% the same whether you use OIDC or SAML.

3. I think no matter how much simplification you got from using OIDC instead of SAML, none of it is going to offset the actual reason why SSO integration is a paid feature.

4. I agree that SAML is much worse than OIDC from a protocol implementor's perspective even if I'm not so sure that it's much better from a developer's perspective, so wouldn't want to find new reasons to disagree.

>>tw04+tQ
Then again there is this list of 346 discontinued Microsoft products, some of which had very short lifespans: https://www.versionmuseum.com/history-of/discontinued-micros...

>>danpal+MS
Nice! Lot's of issues relating to pricing and plans right now so it is not clear that was happening.

>>renata+dI
Law in many countries comes down to "I know it when I see it" from the judges.

>>user59+MM
Unfortunately the demand for SAML is 100% customer driven. As service providers, we don't control the other end (the customer's IdP/AD).

Even in cases where the IdP supports both SAML & OIDC, I see almost no one choosing to use OIDC (a case of the devil you know?). The only real users of OIDC in an enterprise setting I see as a service provider, is G Suite businesses.

>>Nullab+8G
> Visual Studio had to build their own Docker wrapper, because telling people to just use it directly would give their users a glimpse of the outside world, and we can't have that!

Do you actually believe this was the reason behind developing Docker wrapper for VS? I mean you can always try stretching out the worst intention and motives, but do you actually believe this?

Suppose you do, how do you think about the gazillion 3rd party open source extensions to VS code? Did Red Hat develop OpenShift extension because they are part of the conspiracy too? Do you think that this is part of course change due to the IBM acquisition?

>The vital difference is that physical tools are expensive to duplicate and maintain. You can't distribute a hammer via BitTorrent.

The fact that you can distribute software for nearly free doesn't make the cost of producing it to be cheaper than hammer.

>>pknopf+5E
> No company would invest a massive amount of money in a duplicate product.

Google's text messaging and video chat apps didn't get that memo.

>>pknopf+5E
They clearly capture different markets and are both doing well. Why is is it inevitable that one will starve? I feel like that's only likely to happen if a new CEO comes or something and decides to shake things up.

>>amiant+LB
> I don’t think their past behavior was particularly effective at snuffing out all competition and forcing people into their ecosystem

I still buy a Windows license to play video games. I don't want to use Windows or buy a Windows license.

Of course, I could always choose to not play video games, so technically you're correct that I wasn't "forced" into their ecosystem. But I'm still there and I don't want to be. This is a direct result and present day residual benefit of their anticompetitive practices over twenty years ago. These are very long games that they play; you don't make hundreds of billions of dollars by accident.

>>devit+YS
Your proposed solution handles neither the rogue employee nor the exploit scenario. It does incur a lot of additional cost in maintenance.

>>natfri+Ow
As somebody who uses Pipeline (well, VSTS Releases, we're not on Azure Devops yet) professionally, I've got to pick up GH actions now. Hadn't gotten around to it.

That said, like 90% of my Pipeline actions are "screw it, I'll do it all in PowersHell"

>>Saaste+lU
I think this is mostly driven by history. OIDC came in few years after SAML, so people are still thinking of SAML first and asking for it for enterprise integrations.

I'm pretty sure OIDC can be supported everywhere now. Okta, Oauth, PingIdentity, ForgeRock, Microsoft all support both. The last offender was Microsoft but it's included with active directory since 2016 both on premise or through Azure.

I'm working on auth for a big bank and it's definitely there, although not necessarily advertised and not everybody understand what is supported or preferred.

If a company were to only support OIDC nowadays, and maintain that OIDC is the preferred protocol when customers ask "can you do SAML?", I am willing to bet that most customers would integrate just fine either way.

>>popinm+uN
Even then... I don't expect Github actions to go away any time soon. I would expect a lot of the underlying systems, build agents and workers to be the same over time though.

Azure DevOps and Github largely cover different, though overlapping market segments.

I would be slightly more concerned about Github Enterprise and Devops co-mingling over time, as I think that may be inevitable, which makes me concerned over the public/free resources that Github offers in the long run... even then, migrating to Gitlab is an option should that time come. My only hope would be better discoverability and social coding with Gitlab to better match Github over the interim time.

Even then, it's just a possibility and somewhat unlikely that MS would burn this much karma.

>>dimini+Bo
If you REALLY need to self-host, try Gitlab.

>>tw04+tQ
Have you done any development work on .Net in the last 10 years or so. I've been buggered at least 5 times by massive discontinued chunks of stuff and the several reorganisations that got rid of my entire selection of enterprise customer and MS connect cases conveniently.

>>ig0r0+(OP)
By and far the main difference between 'Team' ($4/person/month) and 'Enterprise' ($21/person/month) is SSO/LDAP [0]. The SSO tax is real [1].

[0]: https://github.com/pricing

[1]: https://sso.tax/

>>kerng+2R
It's terrible. AppFabric, WCF, WWF, windows phone. I could go on for hours...

>>polski+Pe
Considering Github Enterprise (which offers on-prem) is their main feature, and main source of revenue (paying for the free stuff) it's really unlikely.

Why not just use Gitlab if you really need on-prem for cheap/free?

>>JMTQp8+Z6
I don't think it was particularly difficult to use... the multi-os targets are probably about the most confusing.

I tend to stick with bare scripts and npm scripts as much as possible though, so the environment doesn't matter as much.

>>zaat+AU
> Do you actually believe this was the reason behind developing Docker wrapper for VS? I mean you can always try stretching out the worst intention and motives, but do you actually believe this?

I don't think there is an explicit conspiracy. I do think there is a negative spiral where IDE addicts (for the lack of a better term) produce tools that "help" others avoid leaving their comfort zone.

I'm not immune to it either. When trying to learn Kubernetes I spent weeks fighting the graphical dashboard before just hunkering down and learning the core concepts and building my own intuition.

And I still like having an integrated environment. But with Emacs I'm at least generally just a `describe-function` or `describe-key` away from peeking behind the curtains.

> The fact that you can distribute software for nearly free doesn't make the cost of producing it to be cheaper than hammer.

Bad analogy. Producing it would be closer to developing the blueprint. Which is:

1. Done once

2. Tends to happen without economic incentives because, as it turns out, you probably want a hammer too

>>anders+fC
It's tough to say that the urge to replace free software and open collaboration protocols with proprietary, closed source pay-to-play tools that the user isn't in control of (the whole GitHub SaaS model) isn't "malicious intentions".

It's replacing an open, free (in both senses), decentralized system with a closed, for-profit, centralized one that expressly benefits a single organization at the expense of everyone else in the ecosystem.

This is not to say that GitHub isn't a benefit over emailing patches around; just that it's probably also worth mentioning that Linus et al have not migrated to this shiny new (centralized) system for the largest collaborative development effort in the history of the world, and, indeed, git itself was developed specifically to avoid a hard dependency on a single, centralized point.

>>jonny_+GR
> Imagine if police could arrest you, and keep you, without telling you why. That's something that society figured out a long time ago isn't healthy.

The judicial system that backs it is a massive beast. If someone wants that level of assurances, they should be paying thousands of dollars for a github account. You get the level of perfection you pay for.

>>cf_+SD
Ok, so that'd cost me USD$56, leading to a higher monthly than previous pricing. So, steering users toward the Action landscape is obviously a better monetization model.

>>tptace+uT
I mean the company is writing it's own code for a significant part. Let's say one has to integrate SAML/OIDC into a Java app of some sort.

One can find an open source library to handle part of the SAML or XML in Java, but it doesn't take the right settings or import user attributes as needed or handle URL redirections properly. So the company has to write a ton of authentication code to make it work. It may start from an open-source library but the result is either separate code on top or an outright fork.

>>veeral+NR
Embrace, extend, and extinguish.

Microsoft is still a company, that called linux a cancer. No trust at all.

>>sneak+68
Other things I assume will fall in the future: accessing GitHub Issues via API (for anyone other than paying enterprise customers), support for third-party GitHub API clients (use our first-party app with built-in spyware only, please), et c.

One need only look at what they've done with Windows and Office and Xbox to see how Microsoft approaches client software.

Here's hoping I'm wrong about all of this.

>>K0SM0S+Fl
People should be praised and be judged.

But dismissing presence of companies culture is as extreme point of view as dismissing possibility of change. To name a few - Oracle, Google, Facebook, Apple, Toyota, Tesla - they are different and quite predictable.

> If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

I am not in "Evil MS" camp but

> Fool me once, shame on you; fool me twice, shame on me

Same as with people - sometimes they change but sometimes they don't

And corporations are inherently dangerous - they maximize profit. Unbound by law, unchecked by people, even amazing people with nicest slogans would make dystopia.

>>devit+YS
How would that solve the "leaking employee" case?

>>microd+em
That's auction driven, not a set price.

>>snazz+W2
> a really great job of managing the acquisition

I mean, if they hadn't done a thing it would have been a great job, too. Pumping in cash to fund previously paid features for free sure goes a long way, too, but the changes they've made so far I'd hardly call managing and more not touching it aside from making paid things free.

>>kevind+nX
Ha! sso.tax, what a great site. As an IT person I always thought this same thing with SSO - even if you have an identity provider, it's often under utilized because nearly everything else needs to go to enterprise pricing for SAML auth. I wouldn't mind paying $1-2 more per user/platform, but as sso.tax tallies, the price jump is often much more.

>>user59+QZ
One will find a library to do the SAML. That library will almost certainly do the XML (most likely with xmlsec1). The library will have a call for the ACS endpoint, for the SSO login endpoint, and maybe for the SLO endpoint; it won't implement the endpoints itself, but it'll implement all the logic of the endpoint.

The company will end up writing a ton of authentication and authorization code --- it'll do that no matter what, because the application will have its own security logic, like all applications do.

(OIDC doesn't use XML. But the story is the same, with different endpoints.)

>>seneca+Ha
That's odd, it's the opposite for me. I did like GitHub, but then setup a Gitea and made sure to figure out how to move things over (even if I haven't done it since they haven't really given me a reason) after Microsoft acquired it. Now I watch every move with a weary eye, though truth be told so far it's going fine (mostly by being hands-off, of course).

I do assume a lot of this is their own money, but with the financial security that Microsoft offers you just can't do much wrong. Even without actual money actually moving, it might still be MS funding that makes the difference.

>>tptace+0U
I basically agree with the points.

Ironically, the first point makes me realize that half the work to bring in a product in an entreprise is to deploy and set it up -properly with authentication- while the other half is to get the budget and approvals to buy it. Thus it's rather relevant to the thread in an unfortunate way.

>>vaylia+ep
Same. I liked that GitHub really nudged you to be open unless you were willing to pay to keep it closed (well, sure, you can go ahead and setup your own server or find a competitor you like, but in the base form, if you want to be part of the ecosystem, be open) and am wondering just how many student projects are now staying behind locked doors because GitHub wants to catch bigger fish.

Not saying they're a philanthropic organisation that should promote open source to the kids or anything, just agreeing about an almost certain side effect.

>>tracke+tY
The YAML configuration is something I have to learn that provides no value-add outside of GitHub. If it was at least based on Docker, you could re-use existing technical knowledge or teach people something that's valuable in other contexts.

>>toyg+ew
> on-prem

>>natfri+V2
Hi Nat, first of all thanks from every developer in the world. I think this is going to be a great step forward for people who don't need enterprise features (yet). One question: is this service going to be available in countries that are currently hit by US sanctions? (eg. Iran) Thanks again

>>yjftsj+Rc
No, it’s not fair. Banning a repo should be taken as seriously as banning a book. Living in a country that is US where github HQ is hosted, freedom of speech should be prized and cared for dearly. For a commercial company, there should be only one reason to ban a repo and that is to abide with a law. For even that company should do everything in its power to prevent that or provide a viable lawful alternative. This should be taken so seriously that each ban should have been reviewed at CEO level. GitHub CEO saying he has no clue, it’s a scale issue and “mistakes are made” is not really acceptable.

>>Nullab+fZ
> I do think there is a negative spiral where IDE addicts (for the lack of a better term) produce tools that "help" others avoid leaving their comfort zone.

Alternatively, many people see value in focusing on what they develop and not have to bother studying the fine details of the underlying platforms they use. As someone who live deep down in detail and assist others using tools in the whole range from IDEs to cli, I have no disrespect for engineers who won't bother spending their time on knowing the subtitlities of the systems where their code will run.

>Bad analogy. Producing it would be closer to developing the blueprint.

Software tools are far from blueprints that are done once, they require constant maintenance to be compatible with changes in other tools and environments, bug and security fixing as well as implementing new features that users request.

Software development is extremely expensive, libre software is free only because someone is paying the cost of production and prefer to distribute it for free. Probably most of the open source software today is paid for by big companies, and their aim is usually to gain something from the investment. Docker wasn't developed as a manifestation of free speech, nor was Kubernetes born under GNU's roof. If not for the piles of money Google and Red Hat spent on it, Kubernetes couldn't be anything resembling the amazing beast that it is.

>>sdesol+FP
Oh sorry, I guess they did not. But their offerings are not really compelling outside AWS deployment.

>>glenne+1U
Yes, I would definitely hate to trust Microsoft with my enterprise software build pipeline because of how they refused to support Microsoft Bob.

>>jjeaff+Sn
Only without costing TCO

>>glenne+1U
well a lot of things in the business section had a different production which could directly import the data from the old one or different migrate the data. like business server essetnial or dynamics marketing most often the new stuff was more expensive. Even skype for business online is upgradable. some stuff has less features, like hotmail which could use all custom domain names and not only godaddy ones like outlook.

>>sneak+oZ
That's kind of my point: doing something to protect the best interests of your company isn't inherently malicious. Sure, altruism has benefits, but they're much harder to measure than the bottom line.

Also, FWIW I think we need to move away from GitHub.

>>m0xte+oX
WCF is still supported and a lot of stuff works on .net core 3.x and more is coming in 5.x. webforms on the other hand... (which should die a more faster death)

>>ig0r0+(OP)
Would it be fair to explain this move as a "user retention" tactic. Perhaps it becomes a more difficult decision for teams to close out their paid accounts, even amidst an economic downturn, when the fees are removed.

One could argue some MSFT acquisitions have been focused on acquiring large swaths of exisiting users moreso than acquiring revenue streams or work product. Github could have been one such acquisition.

>>eastba+CE
I agree, but I think the GP was asking about use cases for a solo dev.

>>ig0r0+(OP)
I'd much rather they threw in more LFS storage on my $7 plan. But I suppose they know that already if they're moving towards a more "freemium" model. First hit is free, and then pay through the nose for LFS.

>>3xblah+071
Maybe GitLab is starting to seem like more and more competition so they're having to add more free features to compete for users.

>>sytelu+s41
I appreciate the idealism here, but the reality is that trying to run a business under the pretense of free speech absolutism can alienate an otherwise profitable market segment. With the loss of that market segment likely comes the grumbling of investors, to whom ultimately the executive management is beholden.

Grumbly investors beget grumbly board members, who then vote to oust executives to correct the profitability problem.

>>nrr+B81
> can alienate an otherwise profitable market segment

How are you going to alienate/lose customers by not getting rid of customers? If anything, I'd argue the opposite; a platform that refuses to ban legal content is one that I find easier to trust (for a counterexample, see Google). It's not even like github-like companies are social networks where you can claim that one user's experience of the platform is made worse by another user's posts.

>>JMTQp8+f31
A lot of things use YAML for configuration... what would you prefer for configuration? XML?

>>ig0r0+(OP)
What's the catch?

>>ig0r0+(OP)
Good on MS / Github for doing this.

>>danpal+jS
This is only true if you're using exclusively Linux runners. If those same 7,000 minutes are on macOS, you're paying $560. On Windows, $112. At my company, we definitely use a mixture of all three for various things, so this will sting, with varying degrees, depending on how often we build new iOS, Mac, and Windows releases.

>>bhk+Fr
Do you honestly not understand a difference between people who comply in good faith vs people who simply skirt the rules?

>>vbezhe+Rq
Are you willing to pay taxes for github usage!? You get what you pay for.

>>Cthulh+Vz
The very first thing a corporate lawyer does is proactively prevent litigation through protective policies that specifically do NOT emphasize transparency.

>>ig0r0+(OP)
437 comments, 6 from Nat Friedman. That seems a little weird for an AMA discussion.

>>ig0r0+(OP)
First you win the developers.

Then you get the apps.

Then you win the consumers.

How long to the next Microsoft Phone?

Wouldn’t want to be Google.

>>ig0r0+(OP)
Bitbucket is in trouble now. With no more paying customer for Git and no support for Mercurial what are they going to do?

>>chubot+ho
The question of whether you are a monopoly is really important. Once effectively everybody is using your platform, there are restrictions on your behavior. Being the category leader is very different than being a monopoly.

And, note, that there is, and obviously wouldn't be, a law against a monopolist giving it's monopoly product away for free - That's kind of like anti-leveraging.

Look at this from a different perspective - free git hosting for teams is awesome. This is unquestionably a positive thing that Microsoft has done. It's good to be a bit cynical, but not to be so cynical that we put blinders on to the wonderful resources that are now being made gratis.

And, as long as they don't try and put some crappy "Microsoft only" extension onto their platform so that the vanilla git doesn't support all of it's capabilities - it hasn't taken that dark step into "extend." Once they do that, then it's worth a post to HN about Microsoft's Embrace-Extend-Extinguish dark past.

>>Wehrdo+YH
I agree that’s a potential concern, but you’re worrying about it a year too late. Individual developers have been able to make repos private on the free plan since January 2019: https://github.blog/2019-01-07-new-year-new-github/. This announcement only affects the cost of private repos for teams of collaborators.

>>natfri+V2
Hey how about introducing a function to create a branches from issues

>>DenisM+0e1
Continue selling Jira plans.

>>DenisM+0e1
They lost that battle a decade ago. I would previously have suggested some kind of enterprise devops offering pairing with their other services but Microsoft will probably get there faster and better.

>>grinic+jM
If you're at that level of auditing I'd expect your company has enough cash to fork over for GHE.

>>jbergs+OZ
Just got an email from Github. Money quote:

> For more than 99% of customers, these changes have lowered their GitHub bills, in many cases quite dramatically. For a very small number of customers who use a large percentage of the free Actions minutes allotment each month, these changes have the potential to cause your bill to increase by $20-50/month, depending on how much you use Actions in the future. To offset that possibility, we’re adding a free credit of $500 to your organization’s GitHub account for you to use in any way you want.

>>natfri+Ow
After listening to episode 321 of The Azure Podcast[0] my understanding was that Azure DevOps would eventually be phased out; question begins at ~10:30 and at about ~12:00 a rough timeline of 5 years was given with guidance to select GitHub if just starting out.

0: http://azpodcast.azurewebsites.net/post/Episode-321-GitHub

>>JohnBo+Z41
Well, probably not because of Bob, but their cloud based offerings have make me wonder about trust.

- Business Contact Manager for Outlook, Outlook Customer Manager

- Microsoft Invoicing, Listings etc.

And these are critical applications for a company.

Have a look at Sharepoint which is widely used and has an uncertain future. Or the strategy behind Lync, Skype and now teams.

But we'll see. Microsoft has shifted in a good way in the last couple of years but their track record in keeping legacy operating system APIs for decades is not necessarily a good indicator of the stability of their other product lines.

>>mgw+DH
Thanks for your inputs! Offering the flexibility of monthly pricing to our customers is definitely one of our priorities. We are currently working on optimizing the online portal to ensure our customers have a seamless experience when monthly pricing is available.

>>ryanis+Tc
And people keep saying that it's a security feature but that's not why large orgs pay for it. It's a "I'll pay you to not have to manually manage account access to all these different services.

>>tracke+S91
I want to write a Dockerfile. I don't particularly have an issue with YAML.

>>nogabe+78
Right but $5/month/service is where it starts to add up. Unless you're managing hundreds of users across a bunch of disparate services the value/cost doesn't work out in your favor.

>>closep+7i
Protected branches are the gateway to the multi-PR-review requirement, so you'd need the $4 GH Teams.

>>sneak+lV
It seems that video game APIs require lots of investment, and Valve has worked on their version of Wine and other stuff which is quite successful at running Windows games on Linux, so you've got that option - giving your money to Valve through Steam. Or you can also get a console.

>>vorpal+Ee1
Yeah, I just see BitBucket as a value-add to sell Jira and Confluence licenses. Some people really like having all that stuff integrated.

Our team doesn't really see the value when it's just fine to have links to PRs or commit hashes but hey, to each their own.

>>plange+ZC
Even before, but moreso after this and the current economic climate, Gitlab is not going public.

Even GitHub was never in a position to go public, that seems to be mere postering to drive valuation or attract M&A offers.

>>globul+n31
People still consider using AWS and Azure as "on-prem". Hypervisor as a service doesn't really change much in the day-to-day operations.

>>maskli+Ef
So basically Pro and Team are the same now?

Edit: The FAQ points to Github product page [1] which list GitHub Team having 10K Actions instead.

[1] https://help.github.com/en/github/getting-started-with-githu...

>>natfri+Ow
Please deprecate Azure devops repos, which my company uses, to let me go back to GitHub. I absolutely hate the UI and miss GitHub greatly

>>sneak+lV
Maybe that's true, but I'd like to think Windows is the current market leader because their desktop OS was the only one on the market at the time that was user-friendly and ran on any hardware (unlike OS X).

>>FpUser+TP
Amazing that you got downvoted for this. I pay for code hosting precisely because I want to see an ecosystem of code hosts, and monocultures are dangerous.

>>amiant+LB
Microsoft needed Mac so they wouldn't become a full on Monopoly. Just like Intel needs amd to exist.

>>ciwchr+vh1
Very valuable comment / insight via the podcast – thanks!

>>kevind+nX
IMO the biggest difference between the two is self-hosting which makes sense for the price difference.

Even setting that aside, SSO is a feature which is very meaningful to businesses and relatively meaningless to individuals. Because of that its often used to differentiate between the customers. This differentiation results in individuals getting a discount at the expense of the businesses; which to me makes sense.

>>klinsk+A1
I guarantee that this move had absolutely nothing to do with competitors and everything to do with Microsofts new rise to dominance. Coding is going to be the next blue-collar job, they are positioning themselves to do well when we reach that inflection point.

>>Shank+Xa1
Builds on macOS and Windows already depleted your minutes credit with a multiplier (Windows 2x, macOS 10x), so this shouldn't change anything

https://help.github.com/en/github/setting-up-and-managing-bi...

>>kevind+nX
I get where you are comming from, but from sales perspective, charging extra for SSO makes total sense.

>>JMTQp8+Z6
Coming from Travis CI and GitLab CI, GitHub Actions was very intuitive and I had it running in the very first take.

The concept of actions is new, but it is brilliant compared to traditional approach of doing everything inside the CI jobs, or bring your own docker images.

>>Gordon+di
As a former member of Azure DevOps, I've heard from my colleagues that the Work Items and Agile features are totally in maintenance mode

>>j88439+7e
They do, even at $4/mo/user plan.

>>alecbe+Ie
Google Maps, translate etc.

>>JMTQp8+vi1
then why not write a dockerfile, and have your yaml, just do the docker build... command?

>>martin+fF
Is the system supposed to be charging for outside collaborators on the Team plan still? The language makes it sound like those should be free now.

>>hinkle+za
Not for the technical aspects, but I'm fond of TransferWise an Signal. Even within Microsoft, their WSL, and new terminal are well-received in open source communities.

>>bdcrav+c8
I'm sure GitHub lands a lot more Enterprise customers compared to Gitlab, but for individual users who use organizations to have a separation in repos, and smaller teams, this price change is very convincing to move to GitHub even for teams, now that private repos are free.

>>ghshep+1e1
EEE strategy doesn't require starting out as a monopoly, it's just that it's easier if you're already a monopoly.

One could argue that EEE is a strategy to gain monopoly status. Microsoft does NOT have a monopoly in this space currently, but perhaps they want to get one (but only in practice, not quite legally recognized as one).

I see nothing wrong with bringing up EEE before it happens. Which scenario is more likely to discourage the tactic (A) nobody cares until the second E or (B) people are worried about any hint of it.

What is Microsoft doing right now to remove EEE from their options? For example, they could release the whole GitHub codebase under AGPL, and that would be quite a reassurance but not a guarantee.

"It is easier to avoid temptation than to resist it" — Dan Ariely

>>kevind+nX
On sso.tax, it states that "Single sign-on (SSO) is a mechanism for outsourcing the authentication for your website (or other product) to a third party identity provider, such as Google, Facebook, Okta, PingFederate, etc."

Isn't this the definition of Federation, rather than SSO?

>>yjftsj+691
We all know that the most vocal on the left, who want to silence anyone who doesn't pander to their political ideals, pressure public companies, advertisers, etc. to 'cancel' those who refuse to go along - drop their advertising, cut off their servers, purge their DNS, ban their accounts, shame them relentlessly until they disappear.

Most US companies these days have no morals, and are easily influenced by these tactics due to greed and fear of being targeted themselves. Silicon Valley and the majority of the big tech companies seem to be especially vulnerable to this, probably due to their own employee demographics.

What many of these companies don't understand, possibly because they live in a relative 'bubble' surrounded by those who think similarly, is that there are a lot of us out there who not only disagree with this type of behavior, but will actively NOT use the services of any company who supports these types of tactics.

>>oliwar+Ch
Bitbucket offered free repos before Gitlab, but Gitlab did an amazing job making it affordable and as good as githubs offerings.

It's always pleasantly surprisingly to go to Gitlab and see how much they continue to improve.

>>jfkebw+J71
Good clarification! If you're a solo dev who wants to sell your side project to any company >500 people, SAML integration is tablestakes. If you're a solo dev who needs to secure your hobby project on the public internet, it's like bringing a Space Shuttle engine to a knife fight.

>>Ayesh+7r1
Bitbucket was certainly more generous than GitHub at the time. I used them too. Their problem was the pricing structure. The break between "free" and "all your money, please" felt pretty harsh. They always appeared to be pushing very industrial companion tooling (eg Jira) which might have suited enterprise customers but wasn't very helpful to a freelancer. That's pretty common in SaaS. Enterprise is easier than volume.

By contrast GitLab's tiers are... Cheap. And it's perfectly feasible to do professional, modern CI flows on their free tier.

It'll be interesting to see what happens next.

>>ig0r0+(OP)
That's awesome, I feel like many companies increase prices over time trying to squeeze more revenue, but that usually requires monopoly power.

I remember from economics that in an idealized, efficient, large market, the price of a product should tend towards the marginal cost of production. In the case of SaaS, that's almost $0 (server costs being fairly low), so SaaS products ideally should all get cheaper over time. Good to see theory matching real-world here.

>>alexba+Ik
Ask for a refund of all the charges, people don't realize that a lot of companies do that these days. You should be upset if they refuse (assuming you genuinely weren't using their premium features).

>>random+fc1
All the places Microsoft has shipped awesome products and won the market didn't have as strong monopoly (or duopoly) effects as in the mobile space. I don't think we'll see a MS phone any time soon unfortunately.

>>atonse+I7
Yes, I'm pretty happy with the new pricing but my employer will probably have to go with the Enterprise plan to get access to the "Audit Log" and HIPAA compliance. :frown:

>>ig0r0+(OP)
I'm confused about the "Collaborators for private repositories" feature. The Free plan shows an "unlimited" number of collaborators but each of the paid plans show "Up to org size". What does "Up to org size" mean? Which organization are you talking about? Does this mean that the free plans have more functionality?

>>alecbe+Be
If anyone from GitHub's around in this thread, would you mind putting "ui-monospace" at the front of that list? SFMono-Regular no longer works in Safari because of fingerprinting concerns.

>>prirun+bc1
I don't think this was really supposed to be an AMA.

>>ig0r0+(OP)
Hi Nat, finally MS responded to the Gitlab threat. Recently Gitlab has announced that they would be making a bunch of products free.

"We're open sourcing rich functionality across Plan, Create, Verify, Package, Release, Configure, and Defend."

https://about.gitlab.com/blog/2020/03/30/new-features-to-cor...

It's good to see that MS has joined the party.

Are there any plans to make GitHub itself available for self-hosting? I am not sure but the go-to place for open source software cannot be closed source.

Cheers,

Tarun

>>oars+2r1
As I understand it, federation enables two separate instances of some particular service to interact. They can still use single sign-on independently for their own authentication needs.

>>jjeaff+ro
I agree, but GitHub must fix the security nightmare that is waiting to happen with GitHub actions marketplace. Seems like this would be such an easy fix, too.

>>spencz+6F
See this: https://news.ycombinator.com/item?id=22872556

>>tracke+cY
Heh, well, there you go - it's exactly why we are using Gitlab. It's going to be a pressure point for them just lke the free private repos has been previously.

>>ig0r0+(OP)
Compare this with Microsoft’s other notable purchase of recent years, LinkedIn.

At LinkedIn they are tightening all of the screws and extracting cash from all comers.

What is different about GitHub?

My guess is GitLab.

This is an old strategy for Microsoft. They used to call it Embrace, Extend, Extinguish.

>>atonse+I7
If it's possible for GH to run a profitable business while offering SAML integration for free, I am 100% supportive of the suggestion. It's hard to say exactly how many enterprises pay specifically or exclusively for this reason, as opposed to other enterprise features, like audit trails.

>>hiram1+3r1
Sure, but that "lot of us" out there is a much smaller and usually much rowdier group of users that time and time again companies have been happy to wash their hands of. You're not profitable enough (and I'm not even getting started on the morality or ethics side of this).

>>hiram1+3r1
https://xkcd.com/1357/

>>ksec+Xj1
So... wouldn't this mean GitHub Team with a single user is better than GitHub pro?

>>candio+qT
So GitHub should aspire to do the same?

>>irrati+rl
minus the infrastructure, maintenance burden, and plugin hell

>>bastar+OI1
This comic is abused so much that I wonder if Randall would ever consider a follow-up poking fun at how it's wielded. It's meaningless in a normative, rather than legal, conversation such as this one.

>>hn_thr+kD1
Organizations can enforce that their repos use only actions that are within the repo, making the build more secure, controlled and auditable.

>>Gordon+jq
Blazor may not work like Web Forms, but the philosophy is similar. Abstract away the fundamentals of HTML/JS, making back-end devs feel like front-end devs.

I started my dev career a long time ago in Web Forms. I went so long without understanding HTTP POST/GET/etc that it harmed me.

Anyone remember UpdatePanel? AjaxControlToolkit? Blazor gives me the same feelings.

>>dflock+Tz
Source?

>>tw04+tQ
What about Atom/VSCode? Atom development looks dead to me:

https://news.ycombinator.com/item?id=21142934

https://github.com/atom/atom/graphs/contributors

>>ksec+Xj1
Now that's just weird, pricing page says 3k for Team.

>>nrr+B81
You making the argument that to make some religious customers/investors happy, it's ok to mistreat LGBTs. After all, they are such minority segment and, you know, we are all here just for shareholder wealth maximization.

>>Saaste+wj
This sounds like Shibboleth. The SP bolts onto httpd and delivers things like user attributes as server variables that apps can simply read. It even works if httpd is a reverse proxy in front of nodejs or whatever else, since you protect the app using location directives which play nice with proxypass directives.

The opposite certainly exists though, for example simplesamlphp which gets commingled into a php app codebase as you described.

>>ig0r0+(OP)
wtf i love microsoft, now.

>>endgam+yk1
Well I've never downvoted a single post no matter how much I disliked it. Personally I consider this a kind of weakness and the whole system as promoting herd mentality. But whatever floats their boat.

>>pc86+GJ
> It gives enforcement actors a little lee-way that they wouldn't otherwise have.

Which can be and often is subject to abuse.

>>natfri+V2
Hi nat, I came here prepared to ask about how this would play out for annual billing customers since I only just set it up in March. On searching, I can't actually find where you charged me, so I suspect you might have pre-empted this.

So instead of a question, this is more thank you. I'm a tiny bootstrapped startup and was only using 3 of the 5 previously minimum seats. I'm a prime beneficiary of this change, and look forward (fingers crossed) to being one of the enterprise customers that pays for everyone else :D

For others, can you elaborate on how this will work for current annual billing customers, I found some vague references but no detail.

Thank you

>>eastba+ks1
If I was in a knife fight, and my buddy showed up and just hit the guy I was fighting with a SSME, I would be totally impressed and also grateful.

>>compsc+cA
> I can see how GitHub wouldn't want a public repo to have objectionable words

I can't. Does GitHub really have nothing better to do than to play nanny cop because I used a naughty word in my code? Are brainfuck interpreters now off-limits? How about drivers for teledildonics hardware? Or libraries specifically for detecting and filtering swear words? Or maybe I just want to vent a bit in a comment every once in awhile because of some annoyance with the language or target platform or problem to be solved?

Fuck that and the horse it rode in on. We're all adults here (well, or possibly teenagers, but let's face it: they've probably already heard much worse at school).

Not that this seems like the real reason why SS13 got nuked anyway; if GitHub really has some kind of anti-profanity rule, they're doing a real bang-up job of consistently enforcing it: https://github.com/search?q=shit / https://github.com/search?q=piss / https://github.com/search?q=fuck / https://github.com/search?q=cunt / https://github.com/search?q=cocksucker / https://github.com/search?q=motherfucker / https://github.com/search?q=tits

>>compsc+cA
If that's official GitHub policy it's both unworkable and exceedingly ignorant of how people use the English language outside of the US. GitHub should have no business telling people how to write their source files.

>>natfri+V2
Can you explain what happened to Atom development?

I've seen numerous posts noting the sharp decline in contribution soon after the acquisition was announced.

https://news.ycombinator.com/item?id=22601451

https://news.ycombinator.com/item?id=21142934

Without an official explanation, given the timing, it'd be reasonable to assume you pulled development resources away from it, the exact thing you actually went on Reddit to claim you wouldn't do:

https://www.reddit.com/r/AMA/comments/8pc8mf/im_nat_friedman...

P.S. I've observed that these kinds of posts tend to turn into a place where people shit on Atom in favor of _insert preferred other editor here_. Feel free to do that here too, but just note that I'm not going to be obliged to engage since it's completely orthogonal to the topic at hand. I think any remaining Atom users at this point are likely already painfully aware that Atom has long since lost the war in developer mindshare, but don't let that stop you from pouring salt on the wound.

>>nrr+B81
I think this is the most sensible answer here. My sibling comments are attempting to draw analogies to other types of censorship of minority groups which don't strike me as apt.

IMO you correctly summarized the forces they are dealing with. These people are just trying to make money. Idealism is problematic for the people invested in the company that aren't there for idealism, but money.

>>maniga+Al
It's all about the ease of use. Manually setting up CI/CD is _hard_ and requires a team to maintain and support it. Whether through a home-rolled Jenkins deployment or Buildkite.

>>ss3000+VV1
I gave up on Atom this month because of the lack of development. Too bad really.

>>koheri+mM
Sears is doing it!

>>ig0r0+(OP)
Nice, now you can share all your secrets with Microsoft, for free.

>>Nullab+WD
As a student, I am hoping the company that I will work for later will pay for it.

At the same time, I am also aware of free and cheaper alternatives for some of the options there.

>>ig0r0+(OP)
Here's a little quiz, which of the three phases are we in now?

a) Embrace

b) Extend

c) Extinguish

>>ss3000+VV1
Microsoft owns Github. Microsoft owns VS Code. VS Code is superior to Atom. Do you need an official comment? It seems abundantly obvious to me.

Nat is the CEO of GitHub, not Microsoft, and despite any promises made on a Reddit AMA a year ago, why would they devote resources to two competing editors?

>>meritt+ZZ1
All I really want is to hear an explanation from Nat Friedman, CEO of GitHub, the human being, who said he wouldn't pull resources away from Atom development and then evidently did so soon after, to end all this needless speculation once and for all (and what you've suggested in your comment is still speculation, however plausible it might seem to you).

It offers very little solace to the few Atom users still hanging on, but I think the least he could do is end the speculation, and provide some certainty on Atom's future as a GitHub/Microsoft funded project so we could decide to either move on or stick around for longer.

Please realize that there still hasn't been an official statement that Atom's development at GitHub/Microsoft has been halted/dramatically reduced, or that they hope to transition it into a community led project, or anything to that effect.

I hope an official nail in the proverbial coffin is not too much to ask for.

EDIT: This comment was a lot snarkier in an earlier iteration. In hindsight, I realize that was in bad taste, so I've reworded it and adjusted the tone. I don't think being needlessly confrontational adds any substance to the discussion here (or anywhere else for that matter), so I would like to apologize for that and hopefully de-escalate so we can resume civil discourse.

>>Someon+7A
Uh, have you used SignalR over web sockets? From a performance point of view its going to be much better than Http based polling. Which should make a different when we are talking about updating the UI.

>>spider+uX1
I gave up on Atom when it was released because it was the most slow editor I have ever seen. It single handy bias me against Electron app until I discover VSCode.

>>ss3000+VV1
You have the explanation laid out pretty well by chipotle_coyote in the comments of one of your linked posts.

https://news.ycombinator.com/item?id=22601557

Specifically:

> But the words of the linked Reddit comment from Nat Friedman were "we will continue to develop and support both Atom and VS Code going forward"; that's a true statement today. Atom is currently being developed and supported. That's a case of adhering to the letter of the statement rather than the spirit, I know. But that circles around to the problem of VSCode's rapid ascent in mindshare -- if your company ends up owning two very similar editors and they both have roughly equal downloads and community interest, you might try to support both equally. But if one of them has orders of magnitude more downloads and community interest than the other, you're going to focus your efforts on the popular one.

>>fileed+C6
GitHub is not git.

GitHub has pull requests, actions (mini CI integrations), other fuller integrations running off github hooks.

It's the issues, and pull requests that are the most immediate lock in. Transfer away and you lose your issues and PR history.

But more deeply it's the integrations. Even if it's all theoretically possible through other providers, if you have a working CI system set up to "just work" through GitHub then there's little chance you'll want to migrate to a different provider and have to re-do all that configuration.

Even with a dedicated dev-ops team it's weeks of disruption, not to mention the possibility to get half way through and discover something doesn't work the same way in [Competitor].

If you're up and running with github PRs driving JIRA issues and JIRA issues feeding into GitHub issues. And you have paid github marketplace integrations delivering value, then you're not going to look at a competitor unless that competitor is offering something that GitHub doesn't do.

Up to now the competitors have only differentiated on price as far as I can tell. There's certainly no killer feature of GitLab that people talk about.

>>poutra+a32
VSCode is electron-based.

>>seumar+I42
This is precisely what he is saying.

>>koheri+Ub1
If it guaranteed that the repos stay up in perpetuity, that sounds amazing, actually.

>>ig0r0+(OP)
However, looks like the Actions minutes included in the Team plan have dropped from 10K to 3K, so if you're currently paying for a team plan and using Actions your costs might not decrease, or might increase a bit

>>meowfa+JJ1
I think Munroe very much approves of it's abuse, when coming from the correct political side.

>>ss3000+b12
Sometimes my wife wants an explanation from me the human being who said he would take the trash out but then never did.

>>poutra+a32
Slow or no slow, I couldn't understand how it works. Windows kept opening wherever one least expected it, i got multiple copies of tabs with some introductory help text when i just wanted to get back to my project etc.

For once, I'm not going to complain that something is made in Electron :) It was unusable to me in other ways too.

>>renata+dI
That sounds like it will lead to a lot more restrictions than there are today.

>>natfri+V2
Introducing pomodoro technique into the tasks would be great.

>>ig0r0+(OP)
What do you think will be the response of GitLab?

>>xapata+W01
Sorry, I meant "leaking employee of GitHub", not "leaking employee of your organization".

>>ig0r0+(OP)
Is it 4$/user on top of the minimum 20$ (which includes 5 users) ? Because my billing still says 20$/month and I have less than 5 users.

>>crypto+Xb2
https://about.gitlab.com/blog/2020/04/14/github-free-for-tea...

>>james_+I82
Then maybe you should own up to the consequences of the choice you made and explain your reasoning for not fulfilling the promise that you made.

>>yellow+2S1
We named our meatballs a old british name.

This was why we got nuked.

If only we knew that 4 days ago when we first got banned, and not, well, 4 days later.

The issue is github works by report only.

You can do what ever you want in a github repo, but if you make a video game on github, and ban the wrong person, they can just go through your repo and look for ToS violations to troll you.

We are literally removing the in game chat word filter for the n word out of fear it could be used to git us banned again by somebody else mad their buggy pr got rejected or their character got banned in game for breaking the server rules

>>ig0r0+(OP)
This is great and I will most likely take advantage of this new offering, but I cant help but wonder why.

"everyone deserves GitHub" is marketing, not a corporate strategy.

How does GitHub stand to benefit from this change? How does more non-paying users help the company?

I am not trying to be a tinfoil hat jerk here. Life in the age of information has taught us all that (again) "nothing is free". So what am I paying here?

>>quadra+Iq1
GitHub’s danger is that it is centralized, not that it is closed source. For example, npm is already open source and Microsoft owning it is still a threat to the ecosystem via their ability to control the software and decide what goes in and what does not.

Microsoft could open source GitHub and it wouldn’t make one bit of difference to their strategy, as it would not pose any danger to GitHub’s defaultness.

Gitea implementing a federated mentions model, plus easy cross-instance linking and federated notifications, plus one-click $5/mo hosted instances on a bring-your-own-domain model would, however.

I am beginning to think we need something along the lines of go modules for the javascript world. Cryptographically assured via merkle hash root, fetchable from any url with a standard protocol, and a public caching proxy. Go got it right, rubygems/pypi/npm most assuredly did not. (To be fair, go modules were designed latest of all of the members of that list, giving them the benefit of hindsight.)

Maybe yarn can go this route ifwhen npm breaks fetch for non-first party tools.

I wonder what would be involved in forking npm (the hosted package repository, not the cli tool).

>>jediea+PF
Isn't that exactly what's already happening? [0]

We got a sales call (seminar) from elastic.co. Despite all the positives, it was a hard value proposition. Why would we switch from Amazon's offering? For us noobs, elastic.co wasn't enough better to entice us to switch.

AWS is clearly scooping up the vast majority of users with their "good enough" offering. (I assume Azure, GCP, do the same.) I'm not saying it's right or wrong. I'm just saying it happens. And now Microsoft has much better forward looking intel.

I've been chewing on this ever since. Feels just like the 90s. I used to write AutoCAD add-ons. We third party developers knew in our bones that eventually Autodesk would steal our lunch money.

FWIW, I closed my personal repos on GitHub, in case any of my wares some day become popular.

--

[0] Amazon Has Gone From Neutral Platform to Cutthroat Competitor, Say Open Source Developers

Community leaders say AWS increasingly poses an existential threat

https://onezero.medium.com/open-source-betrayed-industry-lea...

>>ig0r0+(OP)
This is great news. I can now move some of my projects from BitBucket to GitHub.

However, I wish GitHub supported GitHub Pages for private repositories for free as well.

>>sytelu+sM1
Where did GP make that argument?

>>ketral+q6
Fair enough... Hence also why Google have plenty of Apps users etc even though they have a long track record of dropping even popular products at their whim.

Thanks for reminding me that it really is to each their own, and good luck to you on your path.

>>pc86+yH
The alternatives don't have the mindshare that GitHub has when it comes to open source software. If the community around the game is already weak, moving to another provider will likely weaken it even more. The source won't be gone, but that's only half of what matters.

>>MrSton+Rl2
Blisteringly arrogant of a US company to police the language of another natively english speaking country.

This is not the Scunthorpe problem, this is a culture one.

>>yellow+PQ1
One of the worst things about engineers in general and HN specifically is we all pretend that law is executed like code, in a vacuum, idempotently based on the inputs. That's was, is, and will never be the case.

Abuse can be exposed and punished, and very often is.