GitHub is shitty, why not a decentralized solution?

[aliashraf]

I read the article inside the email quote posted in the OP, and it looks like the OP had some kind of paid subscription to GitHub, and that GitHub is unable to accept money originating from Iran (nor from anyone inside Iran) due to US sanctions. My reading of the article posted in the OP is that those in Iran can still access GitHub and have a "free" membership.

No, they don't let people of Iran to have private repositories which is critical for teamwork before launching a project and they have dropped our access to already installed private repositories as well. I have my backups thanks god, but besides losing discussions and pull requests and stuff like that, many people have lost their codes.

The thing is, when GitHub commits censorship now, it can do it again and again and nobody is safe ever. Bitcoin is not a joke to be assured about it not being a future target.

[1714898176]

1714898176

[1714898176]

1714898176

[1714898176]

1714898176

[1714898176]

1714898176

[AverageGlabella]

Do you think that making GitHub decentralized would solve your problem?

You cannot make sure that it is going to make it work because we all know Bitcoin is decentralized and what happened to some countries? They banned or limit the use of it, because they are worried about the “Unregulated Trading” or anything that says bad stuff with Bitcoin but we’re not talking about cryptocurrencies. I think GitHub is trying to comply on where you live, which makes it more legitimate and trustworthy. We’re not talking about anything that regards with what is happening with GitHub, codes and issues, it’s just the fact that the OP has limited access to some features.

Upon reading some replies here, I think the thought of having been acquired by Microsoft, would it be used for more profiting schemes? Maybe advertising in the site itself, knowing that GitHub has gained popularity and is being used by a lot of people, they could easily target people who look at certain codes, etc. Probably another topic created for this.

One good thing that I could think off is that decentralizing the power or the authority in which GitHub is distributed, more power could be disseminated and planning, decision making, etc. would benefit the users and they would have a say in it, in a way. I doubt it’s going to happen anyway.

So your argument against a decentralized approach to Github which by the way is a major host for most decentralized projects is a bad idea because they are trying to protect members of Github from their own countries laws? I'm sorry but I would disagree with this wholeheartedly. If Bitcoin was made illegal in your country would you still use it? Or would you allow your country to censor your freedom that much? Github are limiting accounts to save their own ass and not that of their customers. Its like the whole debate that Bitcoin should be banned because its used for criminal activities. So what if theres a small amount of people illegally using Github? Innocent members are being limited because of it is that fair? If that is fair then we might as well ban the use of cash too.

Well, it's not about being innocent, it's being a citizen to where you live and accepting the terms and conditions in the site. If you are going to use it, you need to comply with it. It's their decision to do that and you cannot do anything about it. It's either you choose another site or just go with it. I don't think GitHub is going anywhere soon.

It is about being innocent. I'll give another example that I know the americans will relate too if america decided to ban all guns to its people because of the ongoing rise in gun crime over there would you be pleased that one of your amendments were breached? Gun crime in comparison to the population is a minority and yet you would be limiting innocent members of the public. This is why its been hard for this policy to be passed because the people don't want it.
But anyway that's just an example but going onto the "choose another site" this is why a decentralized github would be good. There is problems with Github restricting members depending on where they live if we had a site which was decentralized and had the same features of Github this would be in my opinion beneficial. The only problem with that is there will be a lot more viruses being spread and no one to really take them down.

I read the article inside the email quote posted in the OP, and it looks like the OP had some kind of paid subscription to GitHub, and that GitHub is unable to accept money originating from Iran (nor from anyone inside Iran) due to US sanctions. My reading of the article posted in the OP is that those in Iran can still access GitHub and have a "free" membership.

Although this would be interesting I wasn't aware that Github had paid premium services? Although if that is the case then Github would in fact be well in their rights to cancel any payments made from these countries due to the recent sanctions made by the US. Although again this is another reason why there is a gap in the market for a decentralized approach to Github.

[crwth]

So your argument against a decentralized approach to Github which by the way is a major host for most decentralized projects is a bad idea because they are trying to protect members of Github from their own countries laws? I'm sorry but I would disagree with this wholeheartedly. If Bitcoin was made illegal in your country would you still use it? Or would you allow your country to censor your freedom that much? Github are limiting accounts to save their own ass and not that of their customers. Its like the whole debate that Bitcoin should be banned because its used for criminal activities. So what if theres a small amount of people illegally using Github? Innocent members are being limited because of it is that fair? If that is fair then we might as well ban the use of cash too.

I hope you read my statements again, I'm not against having a decentralized approach with GitHub. I'm just saying it's not going to happen and even if it did, it's not going to solve the problem the OP is having. Which is where there are limitations in his account, that's not my fault, it's the laws that GitHub follows. You are getting the wrong idea, my friend.

~snip

It is about being innocent. I'll give another example that I know the americans will relate too if america decided to ban all guns to its people because of the ongoing rise in gun crime over there would you be pleased that one of your amendments were breached? Gun crime in comparison to the population is a minority and yet you would be limiting innocent members of the public. This is why its been hard for this policy to be passed because the people don't want it.

What I meant with the part where I said, not about being innocent is that no matter where you are as long as the country you're living in has those kinds of laws where you get restricted, you get limitations. Do you get what I'm saying here? We're not talking about different topics though, but a lot has been changing with the laws in the US.

But anyway that's just an example but going onto the "choose another site" this is why a decentralized github would be good. There is problems with Github restricting members depending on where they live if we had a site which was decentralized and had the same features of Github this would be in my opinion beneficial. The only problem with that is there will be a lot more viruses being spread and no one to really take them down.

It is going to be awesome when you have a decentralized GitHub. There is more power distributed to users. My first opinion is about thinking that it wouldn't be happening anytime soon.

[UnruffledST]

I understand that you cannot change your contributions in a decentralized system, that's great in some ways but could offerr also compromises with different things, like if the developer himself doesn't want the code anymore or something, he can never delete it. Or it can be seen and it can be archived or something. GitHub is just not for developers too, it's for people who want to see codes and educating themselves, it's already serving its purpose for that.

You technically could, in the blockchain all you would be storing is hashes of the end file, the file itself would be hosted across multiple servers(Nodes) thus decentralizing it, still you can add contributions on top of others, edit code, etc you would just store the hash of the file on the blockchain reaching concensus that such changes where made by the correct user, etc.

You can also delete contributions as a user would just make the request, store that request on the blockchain thus nodes reach concensus that such user did verify to have such contribution deleted and then nodes would just stop supporting the storage of that file. You can do alot with it as technically these files again are not stored on the blockchain itself as the blockchain just serves as a point of reference.

those looking to read into the file would just request for the file to be sent to them and they can view it, you can make a exact copy of Github in a decentralized manner with a very nice GUI just most people aren´t into it for that most just come to get rich and the usual by putting in no effort.

Either way OP pretty sure you posted this in the wrong category as this has nothing to do with Bitcoin nor its development, please move this as your first post talks nothing about Bitcoins technology or what you want from this thread, it is a simple discussion on why Github isn´t decentralized. I saw on Twitter the other day that some projects are trying to create a decentralized Github still didn´t look into it and pretty sure they aren´t making it much user friendly just a crappy version. IDK.


I could lay out a whole roadmap on how this would work but have no time and the OP as it seems he has no general knowledge on how it would work would spend months researching how it would work before even getting a roadmap in place.

[PrimeNumber7]

I read the article inside the email quote posted in the OP, and it looks like the OP had some kind of paid subscription to GitHub, and that GitHub is unable to accept money originating from Iran (nor from anyone inside Iran) due to US sanctions. My reading of the article posted in the OP is that those in Iran can still access GitHub and have a "free" membership.

No, they don't let people of Iran to have private repositories which is critical for teamwork before launching a project and they have dropped our access to already installed private repositories as well. I have my backups thanks god, but besides losing discussions and pull requests and stuff like that, many people have lost their codes.

The thing is, when GitHub commits censorship now, it can do it again and again and nobody is safe ever. Bitcoin is not a joke to be assured about it not being a future target.

Here is a quote from the link in the email you cited in the OP:

<>
GitHub may allow users in or ordinarily resident in countries and territories subject to U.S. sanctions to access certain free GitHub.com services for personal communications in accordance to authorizations issued by the U.S. Treasury Department’s Office of Foreign Assets Controls (OFAC).
<>
Specially Designated Nationals (SDNs) and other denied or blocked parties under U.S. and other applicable law are prohibited from accessing or using GitHub.com
<>
Furthermore, GitHub.com may not be used for purposes prohibited under applicable export control laws, including prohibited end uses described in 17 CFR 744.
<>

I am unsure of what you were using GitHub for, however they are required to follow US law being subject to jurisdiction in the US. According to the above, if you are not working for the government or an SDN, you can use GitHub on a personal basis via their free services.

If you are working for the government of Iran, I would point out that the Iran government has a very poor history of Human Rights violations against their own people, and I would encourage you to defect.

[DooMAD]

I think GitHub is trying to comply on where you live, which makes it more legitimate and trustworthy.

Personally, I don't see how being forced to comply with a blatant political agenda increases legitimacy or trustworthiness.  It's just something they're powerless to fight against, so they're simply taking the path of least resistance.

If you are working for the government of Iran, I would point out that the Iran government has a very poor history of Human Rights violations against their own people, and I would encourage you to defect.

Most governments on Earth have a poor track record on human rights.  I don't know why people always choose to single out Iran.  Again, sounds like pandering to US political agenda to me.

So, people of Iran(like me), Cuba, Syria, North Korea and Crimea (200 millions?) are subject to US Trade Controls as a whole and they can't use GitHub accordingly  

Any comments?

While I don't agree with any of this, it sounds like you can still have a public repository.  Is that really not an option for you?

[btc_enigma]

Having bitcoin codebase on github.com is unfortunately creating a central point of failure. Tommorow none knows Microsoft/US govt may decide to launch its own coin and take control of https://github.com/bitcoin repo

I think core development should move to a self hosted solution:

1. Move to an open source self hosted solution like gitbucket  which is mirrored by key members of the community on their domains
2. The updates to  PRs, issues , releases etc should be automatically committed to another meta-bitcoin git repo
3. Both bitcoin and meta-bitcoin  repo are free to be cloned/stored by everyone, so if any points of failure occurs another website can be hosted from one of the community members

[UnruffledST]

Having bitcoin codebase on github.com is unfortunately creating a central point of failure. Tommorow none knows Microsoft/US govt may decide to launch its own coin and take control of https://github.com/bitcoin repo

I think core development should move to a self hosted solution:

1. Move to an open source self hosted solution like gitbucket  which is mirrored by key members of the community on their domains
2. The updates to  PRs, issues , releases etc should be automatically committed to another meta-bitcoin git repo
3. Both bitcoin and meta-bitcoin  repo are free to be cloned/stored by everyone, so if any points of failure occurs another website can be hosted from one of the community members

I definitely agree, Bitcoin's main development code needs to be moved away from Github.

[Dancing_Coin]

Guess GitHub is just following some governing rules which they can't brake through.
Take a look at some crypto exchangers and what geo restrictions they have. All of them just avoiding some probable troubles in future.

VPN is your choice buddy!

[Chlotide]

The only way there would be a GitHub Dapp version IMO would be if the website would be hosted on multiple servers, on users pc. Sort of a torrent system. They would keep the pc open to seed the website content and css. Not sure how you would do such thing, or if it would be possible (not that web dev savvy) but seems like the only way to me.
Edit: doing a bit of research it seems there is such an option: BitTorrent's Maelstrom. Not sure if they kept developing it enough...

[Chlotide]

Nice finding, but it won't work in this case (distributed/decentralized Git) because there's no version control or update content feature.

It might serve as documentation website which rarely needs to be updated though.

Was thinking about this all day. Thought it would be an interesting pet project. But when trying to learn more about this ... https://forum.bittorrent.com/forum/134-developer-discussion/ seems they killed the project
I guess big companies like BitTorrent are not allowed to "mess" with the current status quo !
This sucks ...
I stand corrected again
Seems there is another project .... on github (the irony) https://github.com/xuset/planktos
From what I read there is no solution so far to shard the website into multiple torrents so it's not scalable and would pose an issue for bigger websites.
I would get involved in such a project and help however I can

[pooya87]

~

here is how you could do it using torrents:
* each time you make a change in code, git produces a file with the changes and the SHA1 hash of it committing it to the chain.
* create a torrent from this file, which is yet another SHA1 hash of the file. by doing that you will start seeding this commit and by share this hash with others they can download and seed it.
* now you need an immutable ledger that you could share these hashes so others can find and download them and you don't want them to be changed and also want them to be timestampted. bitcoin blockchain is perfect for this. you create a new key and each time you had a new torrent hash, you create an outgoing transaction from that key and include the hash inside of an OP_RETURN output from that key. now all you need to do is to share your public key (or address) with others and all they have to do is to watch the txouts, extract the hash and download the torrent/file.

† if it is a big project with multiple user's having commit access that "key" that was created could be a multiple key (aka a multi signature address) that all need to sign the result.

[danda]

maybe a decentralized github clone could be implemented on maidsafe?  Perhaps using gitlab code as a starting point.   Or if not maidsafe, then maybe ipfs or sia for decentralized storage.  But my understanding is that maidsafe facilitates decentralized computing, dynamic websites / apps, etc...

yes / no / why?

[aliashraf]

~

here is how you could do it using torrents:
* each time you make a change in code, git produces a file with the changes and the SHA1 hash of it committing it to the chain.
* create a torrent from this file, which is yet another SHA1 hash of the file. by doing that you will start seeding this commit and by share this hash with others they can download and seed it.
* now you need an immutable ledger that you could share these hashes so others can find and download them and you don't want them to be changed and also want them to be timestampted. bitcoin blockchain is perfect for this. you create a new key and each time you had a new torrent hash, you create an outgoing transaction from that key and include the hash inside of an OP_RETURN output from that key. now all you need to do is to share your public key (or address) with others and all they have to do is to watch the txouts, extract the hash and download the torrent/file.

† if it is a big project with multiple user's having commit access that "key" that was created could be a multiple key (aka a multi signature address) that all need to sign the result.

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

Plus, I don't think multi-sig is necessary for big projects with multiple/sophisticated access rights. You know an authorization scheme is just another "file" and you need a web/desktop application for UI anyways. It can easily decide about legitimate commits by checking the keys used against the security settings derived from the above mentioned "file".

[ABCbits]

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

You could built in on top of Bitcoin network by using side-chain with merged mining (just like RSK)

[pooya87]

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

what @ETFbitcoin suggested; a side chain would be perfect for this.
as for specialized blockchain, it obviously can not be PoW like bitcoin because the hashrate will never be high enough to secure it. i haven't really done any extensive research on alternatives but those that i have seen weren't good enough.

Plus, I don't think multi-sig is necessary for big projects with multiple/sophisticated access rights. You know an authorization scheme is just another "file" and you need a web/desktop application for UI anyways. It can easily decide about legitimate commits by checking the keys used against the security settings derived from the above mentioned "file".

the point of multisig was having the 1 single address so that others only have to "subscribe" to one address like watching 3BitcoinCoreGit and get the new outgoing transactions from that. it doesn't have to require more than 1 key, it can be a 1 of 5 multi-sig scheme with 5 main developer each having commit access.

[aliashraf]

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

what @ETFbitcoin suggested; a side chain would be perfect for this.
as for specialized blockchain, it obviously can not be PoW like bitcoin because the hashrate will never be high enough to secure it. i haven't really done any extensive research on alternatives but those that i have seen weren't good enough.

Plus, I don't think multi-sig is necessary for big projects with multiple/sophisticated access rights. You know an authorization scheme is just another "file" and you need a web/desktop application for UI anyways. It can easily decide about legitimate commits by checking the keys used against the security settings derived from the above mentioned "file".

the point of multisig was having the 1 single address so that others only have to "subscribe" to one address like watching 3BitcoinCoreGit and get the new outgoing transactions from that. it doesn't have to require more than 1 key, it can be a 1 of 5 multi-sig scheme with 5 main developer each having commit access.

I just sent merit for @ETFbitcoin and his side-chain suggestion but I'm not a side-chain fan for several reasons.
That said, it is not unlikely that sidechains with merge mining can do good for the cause: decentralized git.

As of multi-sig issue, I maintain my proposal as it covers more general use cases and is more flexible. For instance, consider adding or removing people with commit rights which is not supported by 1 of n multi-sig solution. My security_settings_file scheme proposal also supports your single entry/subscription requirement as people (their applications) start with synchronizing their SSF in the first steps. This way they find out who (which addresses) have commit rights and continue with looking for their latest commits.

[igordata]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

[2double0]

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

But why such control is being spread amongst countries to stop specific places from using something that allows usage of open-source applications? If this is being stopped, what's the guarantee that in the near future, these 'laws' are not going to stop you from doing other activities too? Then, where is decentralization and if such solution doesn't/ can't exist, I don't think that such technologies will be evolving any further.

[btctaipei]

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

You could built in on top of Bitcoin network by using side-chain with merged mining (just like RSK)

It maybe possible to look at this from a fresh prospective, not the least in that the version control architecture (what github really is in essence) level seems rather similar to blockchain in several ways:

github and other version control repository are apache-svn based. (Not include CVS, which is rather outdated and limited in capabilities)  
SVN and blockchain have significant similarities, in that each version (like block) contain transactions where certain edits (diffs) were to be made to the code repository.

The only thing that would be really needed to make the technical leap to HODL the actual repository over thousands, if not millions of nodes containing the diffs (blocks) so that an 3rd party cannot modify the content with strong assurance against tamper.  I can't imagine the consequence of tampering the bitcoin core code that runs thousands of node without being detected by the core team members (not likely, though.. because with core dev checked out source tree hidden .svn folder would have a copy that immediately alert core member that code repo had been hacked).  Also I am a bit concerned how the storage of the blocks contains all the commits, locks (like BTC chain-state), annotations are going to be stored.. The bitcoin core code is somewhat static and 1MB every 10 minute are more than adequate.  But since the scope of the request is to replace the entire github, one must look into decentralized / distributed version (block) storage with parity or other distributed storage that can have good access time but not great in write time due to obvious synchronization issues.  Even if this can be achieved algorithmicly we still need incentive to run node.  Technically this can be achieved but is a lot to consider and to test for this to become a reality.