Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday January 09 2019, @02:53AM   Printer-friendly

Submitted via IRC for SoyCow1984

If you’re a GitHub user, but you don’t pay, this is a good week. Historically, GitHub always offered free accounts but the caveat was that your code had to be public. To get private repositories, you had to pay. Starting tomorrow, that limitation is gone. Free GitHub users now get unlimited private projects with up to three collaborators.

The amount of collaborators is really the only limitation here and there’s no change to how the service handles public repositories, which can still have unlimited collaborators.

This feels like a sign of goodwill on behalf of Microsoft, which closed its acquisition of GitHub last October, with former Xamarin CEO Nat Friedman taking over as GitHub’s CEO. Some developers were rather nervous about the acquisition (though it feels like most have come to terms with it). It’s also a fair guess to assume that GitHub’s model for monetizing the service is a bit different from Microsoft’s. Microsoft doesn’t need to try to get money from small teams — that’s not where the bulk of its revenue comes from. Instead, the company is mostly interested in getting large enterprises to use the service.

Source: https://techcrunch.com/2019/01/07/github-free-users-now-get-unlimited-private-repositories/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Thexalon on Wednesday January 09 2019, @04:17AM (6 children)

    by Thexalon (636) on Wednesday January 09 2019, @04:17AM (#783977)

    OK, so let's say you're some sort of independent developer, and you put some stuff in a private repo. And that means the general public doesn't have access to your stuff. So far so good.

    But guess who does have access to your stuff? Microsoft. Which is a bit of a problem if you're developing something that could potentially compete with Microsoft.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by JoeMerchant on Wednesday January 09 2019, @01:44PM (1 child)

    by JoeMerchant (3937) on Wednesday January 09 2019, @01:44PM (#784095)

    Is there a good encryption wrapper solution for git yet?

    Would seem to be fairly easy to keep the local repo "in the clear" for all your tools to work with, while cloud hosted copy is obfuscated with cryptographic key.

    --
    🌻🌻 [google.com]
    • (Score: 2) by lentilla on Thursday January 10 2019, @12:32AM

      by lentilla (1770) on Thursday January 10 2019, @12:32AM (#784364)

      I do not believe that would be possible - at least for your stated use-case.

      Git (and similar) work by keeping a collection of differences between versions. For instance: if version one is "the cat sat on the mat" and version two is "the dog sat on the mat", your repository really only has to remember the original version and "replace with 'dog', at character 5".

      Whilst git happily allows storage of binary data (it might even be an encrypted representation of something else), there is no advantage conferred by using a source control system other than as a pure repository for a chunk of binary data. The "diffs" would be meaningless.

      (Remember that the encrypted version of "the cat sat on the mat" and "the dog sat on the mat" likely differ at each bit position, so there is no space saving either.)

      If one wanted to keep the advantages of git (above and beyond a pure repository of BLOBs [binary large objects]) the THE SERVER NEEDS TO HOLD THE ENCRYPTION KEYS, which kind of defeats the whole purpose. Let me just restate that for clarity: unless the server can decrypt the data (for which it needs the keys), it can not do any of that "source control magic".

      So: 1) git already allows encrypted transport; 2) if you want to store a project - encrypted - on the cloud - you'd be better off using a versioning filesystem rather than something designed for working with source code.

      You are already on track with your original idea: keep your repository local and regularly run "git bundle", encrypt the resulting file using PGP, and upload the result.

  • (Score: 2) by darkfeline on Wednesday January 09 2019, @07:36PM (3 children)

    by darkfeline (1030) on Wednesday January 09 2019, @07:36PM (#784247) Homepage

    Read the terms of service, GitHub/Microsoft don't own your code. If companies weren't afraid of violating copyright on software, they wouldn't be using clean room techniques when developing software to avoid to possibility of copyright infringement (rumors about Uber notwithstanding).

    --
    Join the SDF Public Access UNIX System today!
    • (Score: 2) by Thexalon on Wednesday January 09 2019, @08:09PM (1 child)

      by Thexalon (636) on Wednesday January 09 2019, @08:09PM (#784259)

      I know they don't own your code, but they sure as heck can read it, and even if they don't violate copyright by simply taking your code and compiling it, they can violate any trade secrets locked up in that code and as long as they keep the fact that they used your algorithms secret from you they can get away with it scot-free.

      That' why I advocate setting up your own git repo if you're doing anything important: It's not hard, and will probably do a better job of protecting your code.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 2) by darkfeline on Friday January 11 2019, @02:07AM

        by darkfeline (1030) on Friday January 11 2019, @02:07AM (#784798) Homepage

        I doubt Microsoft would want the risk of reading their customers' code. If there's even the suspicion that Microsoft stole some code, all they have to do is go to discovery and "Whoops, in the logs here say employee X looked at these guy's code". That's not going to look good in court (and "losing" the logs doesn't look good in court either). They don't even need to prove that the code is copied, the plaintiff can just claim MS's code is "heavily inspired" by their code.

        That's why clean room techniques exists. You cannot allow your devs to even glance at any potentially similar code without raising questions about copyright ownership.

        --
        Join the SDF Public Access UNIX System today!
    • (Score: 2) by stretch611 on Wednesday January 09 2019, @08:19PM

      by stretch611 (6199) on Wednesday January 09 2019, @08:19PM (#784266)

      Let's assume that you make something really really good.

      Microsoft steals it.

      Who is going to win, the lawyers you can afford or the lawyers Microsoft can afford?

      --
      Now with 5 covid vaccine shots/boosters altering my DNA :P