"Why X are doing Y" articles like these pretend that the premise of "X are doing Y" is true, conveniently skipping to the "Why" before proving that the premise is even accurate in any meaningful way.
This is why I never buy headlines that start out with "Why".
> developers are ditching
Proceeds to list but a handful of remotely meaningful repos against the hundreds of thousands on there
The trend is what's interesting here. Github has never been threatened by anyone, because their service was too good to bother for everyone but the most ideologically motivated.
Now their service has become so bad there's a github joke at work every time something is down or slower than it should.
Reputation is a very valuable thing, and Github has destroyed a stellar one in a few month, this is newsworthy.
Developer A makes a move, perceives some benefit, tells developer B, who does the same thing and then tells developer C.
Some of the people consider the move, weigh costs, and make an intelligent decision. Many just think "smart people are doing this, I'll do it too". I really doubt this behavior is unique to developers.
Still, doesn't come close to popularity of GitHub itself today (https://trends.google.com/explore?q=codeberg%2Cforgejo%2Cgit...), but I think the trend of moving away from GitHub is clear both in data and sentiment, both qualitative and quantitative.
And Telegram is a lot more developed and has a much larger percentage of the global instant messenger marketshare, compared to Github vs CodeBerg.
It is not clear to me that Github's service has degraded due to incompetence, it also seems possible that they are just struggling to meet demand as the source code backbone of an internet in a critical moment of evolution. I'm not sure any single provider would fare any better.
Oracle had record revenue in its most recent fiscal year, with record user engagement. So whatever connection you're trying to establish between its fate and that of SO or myspace is off-target, both in terms of popularity and revenue.
Hat tip to Microsoft.
As someone mentioned it's about the trend.
I have heard from people at multiple major open source projects that what is keeping them at Github at this point are free GH Action credits that they get and they couldn't really afford CI/CD if they left. Meaning numbers would be bigger if GH wasn't "paying" projects to stay.
> Why some Americans are switching to soy
Would be more accurate than
> Why Americans are switching to soy
But wouldn't garner nearly the same amount of clicks.
There is conscious exaggeration in omitting 'some' - a fluff-blog click-farm trope I don't enjoy seeing in the developer space.
> why Americans switch to soy
And
> why developers switch to codeberg
But the cynic in me thinks that the form of the headline that drastically overstates the the phenomenon in question by implication is something that has been workshopped and is commonly used because it turns something kind of boring into a spectacle.
I'm pretty sure, shortly after the motorized vehicle was made commercialy available, there were only a "handful of remotely meaningful" people and companies who stopped using horses.
Do tell: How many horses are around on todays streets?
But my point was that it’s a bad analogy. People are opting out of GitHub despite the alternatives having fewer features. You can read that as an ideological choice or as a YAGNI one. If it’s ideological, then there’s no competitive or feature angle at all; people are doing it because it seems right to them.
(To be clear, I have no problem with this. I think GitHub only gets better after public pressure, as we’ve seen with the last N cycles of product atrophy.)
I am exhausted with having to figure out whether someone wrote something or let AI generate it for them.
Reading articles like this has become less pleasurable since the advent of generative AI. There’s no feeling or heart in the article, and it’s one of those cases where I can read the headline, read the article, and wonder why I spent my time reading it.
If there's a trend to leave a platform it won't start with the most entrenched users (largest repos).
They acknowledge your concern in the article and their analysis does apply to those few who are leaving. But to be fair the title can be interpreted either way and the most reasonable read for anyone is "some of them are leaving". I'd find it clickbaity if they said "why developers are leaving en-masse" and then point out to the regular turnover. There's clearly a trend, what's not clear is if it gains momentum.
That's the point being made. Is there a trend? How do we know?
There's always some repos moving between hosting providers for all kinds of reasons. The burden of proof is on the author here to show there's been an increase and they don't do that.
I would also be one of them, but I'm not actually off Github yet. That's because I haven't quiite finished building the thing I'm going to move to.
And not provide any other meaningful data
The key problem is not losing the cars but losing the road builders who are now no longer building roads that lead to you, but rather roads that lead away
I’m not.
Are you perhaps talking about "Top researchers leave USA for the Netherlands" then that was also on the HN frontpage just days ago?
There been so many articles, surveys and papers about how scientists and researchers are leaving the US for the last 1-2 years, that it's hard to keep track. Still, I'm curious to understand what you actually read.
Individual reports of scientists leaving are meaningless without overall statistics. If there is a net outflow of scientists from the US, I’m not aware of it, and I certainly haven’t seen any actual statistical evidence for it.
Currently I self-host Gitea [0], use its registry for Docker, NPM etc and act runners [1] for github actions alternative, everything secured under tailnet.
I'm extremely satisfied with that setup. It is batteries included & fire and forget.
Now I use Github only as backup by mirroring my self hosted repos.
For public projects I have workflows that can publish and push containers to both Gitea and Github.
For the personal-opensource ones, I am on Github because this is where everyone is when I want to share/collaborate etc
[edit]
Notable reasons:
- Github runners went oftenly out of space & they were slow. With self hosted runners I don't have these issues anymore because I control the hardware.
Previously I was paying Docker Build Cloud/Depot for performance + Github Pro for extra minutes. Now it's zero cost, superb performance and unlimited minutes.
- I have a centralized registry with private packages and images.
- It's secure, I don't worry if I accidentally make a repo public or leak secrets. I control the access to it in network level.
- I own everything, in case something goes nuts (eg lose access to GH) I'm safe.
I selfhost forgejo (gitea fork) on home sever (nuc), similar setup with tailscale. I was planning to setup git mirror on a remote VM for backup, but since I am the only one using it and have everything on dev laptop and remote backups of nuc server I didn't bother to do that (I know I still should).
Eh? What GH department do you work in anyways? Training Data Sustainability?
edit: If you think I sound like an LLM, I guess that is what happens when most of your interactions in English language are with LLMs.
Why not. But you are saying github as a dumb backup makes sense when you do self-hosting. I don't think you really believe that.
The evolution is when one can finally fully disconnect from GH, the main self hosted platform will continue to operate as if nothing happened.
A migration can have a period of parallel running.
I now run Git on a pi using Gitea and Forgejo. I can now upload files of a size unheard of in GitHub, Claude can make a PR by itself that I can diff, edit, then merge, and even with the mighty power of a single pi 3b+, it feels more responsive.
They certainly are not doing anything to start bleaching it right now.
Hey, this attitude sucks. Would you tell this to someone who got beat up in an alley?
Spend your time making better software you and your friends can use... don't waste the time trying to stop others from making another painfully average codegen machine.
For public code hosting, GitHub have banned too many people/projects for comfort. From security researchers to 18+ game devs, too many have been wrongfully banned.
My personal repos are on Gitlab. The UI is cluttered, but it works well enough.
Biggest problem at the moment is that AI scrapers (curse them and their owners, pox be upon their houses!) sometimes bring things to a crawl. But nothing that a few firewall rules and anoubis won't solve.
If you want a hosted service, go for Codeberg. It’s run by a German non-profit (so it’ll be hard to bite and switch OpenAI-style). Only free/open source projects are accepted, though.
Anyone else used it and have thoughts on it?
Imo, service providers should be neutral and get involved only as far as required by law.
I would not trust Sourcehut. If Drew decides one day that he does not like you, your politics, or your industry, he will just cut you off. That is no foundation to build on.
+ not honouring yearly commitments plans
Loved Bitbucket's Mercurial offering. Looking for a replacement.
Heptapod is a GitLab fork that adds Mercurial support: https://heptapod.net/, free for open source projects: https://foss.heptapod.net/heptapod/foss.heptapod.net
https://hg.sr.ht/ that I learned of from a comment by frabcus on this post.
Thanks for links.
Fluxer figured this out and they're the best discord replacement imo.
Until you have to work with stale GHAS tool configurations, remember whether a project uses rulesets or branch settings or find that comment you wrote on a PR (and then learn that the new PR "experience" fucking hides them above a certain threshold). Those are just the issues I encounter in a typical week.
1: An easy way to start a VM
2: A one-click solution to access it via private https access
So for development, I dont need to dabble with spawning my own Hetzner VM or something. And I also do not have to dabble with getting a temporary domain and DNS so I can set up my own letsencrypt certs and point the domain to that VM.I can just write an index.html, execute "sudo python -m http.server 80", click the link that then opens to something.app.github.dev and test my new web application.
This is why codespaces make starting a new product idea a thing of like 1 minute instead of 1 hour for me.
Anyway, it's not that I don't think GitHub has real issues under Microsoft, but I disagree with the title of the article, as devs are not leaving it in droves, yet.
I'd rather self-host than deal with the ambiguity and threats. Invariably from people who don't even make anything.
I have plenty of concerns around "AI" and project governance and IP law. My projects are copyleft, I'm in favour of free software, bleah bleah bleah.
But this just looks like pitchforks and mob behaviour.
I dislike GitHub and i'm using a shared host for my website which wouldn't let me install something like Forgejo (this is by choice as i don't want to bother with sysadmin stuff, my site is almost all static HTML with only a couple PHP scripts for some minor tasks). So i guess i'll be migrating to GitLab, even though i do not really like its UX. Or maybe i'll use some other Forgejo instance like CodeFloe. URLs aside, migrating between Forgejo instances should be easy.
The downside is then having to worry about backups. But also lack of all the other "forge" things like issue tracking and so on. And lack of public exposure.
Frustrating, really. I felt welcome on Codeberg up until now. But that Mastodon thread is... wow.
7. You must not share projects that mostly consist of code written by "generative AI"-tools (including services such as *Claude*, *OpenAI Codex*).
Who defines "mostly"? And what's the definition of "written"? If I'm heavily prompting, curating, reviewing, and editing after the agent has gone through, is that somehow now "allowed?" Who makes the decision and how can I appeal?Almost everything I write now has some agentic aspect to it, and I'm by far not the only one. That wasn't the case when I started my projects but it is now.
But I'm a software engineer with 25-30 years of experience and a computer nerd since 1979 when they wheeled the Apple II into my Grade 1 classroom. I'll reserve the right to decide what tooling I use to write my copylefted free software.
Given the Mastodon thread linked above I don't trust the people involved to be the judge jury and executioner. Insults flew freely and moral absolutism with it. I'll just pull my project off their infrastructure rather than be subject to their personal whims.
Every organization has a stance. We're just become used to companies that take a stance of "as long as we get paid".
Many of us are capable of more nuance that that and don't apply the label "slop" to everything where generative AI is involved. The linked Mastodon shows no nuance, and neither does your reply.
Two things can be true at once: GitHub has degraded into a "slop" cesspit and that agentic tooling has legitimate use cases.
Finally people can also legitimately object to a host mandating what tools can be used in authorship even if they don't particularly care for those tools themselves.
Hardware requirements are nowhere close to high either.
Forgejo is a single self-contained ~110MB binary (it contains all assets) you can drop anywhere and it'll just work - depending on your needs you most likely wont even need to bother with a DB server as it can use SQLite (my local install is doing that).
Also FWIW personally i find Forgejo's UX much better compared to GitLab.
a corporate/b2b saas environment without stuff like this is often a non starter.
- SOC2
- ISO/IEC 27001:2022
- ISO/IEC 27017:2015
- ISO/IEC 27018:2019
- VPAT 508
https://about.gitlab.com/security/
no mention of these on the forejo site, so i can’t put “our internal software is all SOC2/ISO NUMBER compliant” as a bullet point on a slide deck.
it is theatre. but it’s industry theatre.
> ISO/IEC 27001 requires that management:
> Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
> Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
> Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
probably not. but it does mean you can focus on the rest of your stack rather than having to go through every single process from the ground up.
(Aside: I would likely never use Gitlab by choice, and would consider looking into Forgejo)
I use zot within my ci for containers and an apt proxy but I’m missing a solution for github api calls for my ci runners
Do they? Or is it that a new account is opened every second? Because I’ve been seeing so many spammers and scammers that those numbers have to be skewed.
Github for private repos has long had security issues, every time a serious issue announced it makes me wonder how long it's quietly existed and been exploited, and how many other holes are currently exploited that aren't well known.
Before github, people hosted their own repos all the time. Learning about alternatives, even if they aren't for you in all cases, is still worth it.
Has anyone had any issues with codeberg or other alternatives?
I’m gone.
Any site that does that. I’m gone. I’m not waiting around for your bullshit.
It’s so scammy and dumb looking anyway.
Cloudflare ruined half the web.
Codeberg might be cool? I’ll never know because they use Cloudflare.
Cloudflare makes me leave websites every day and never return to them.
Dumbest technology ever implemented. It’s joke anyway - DDoS is easily handled far more elegantly.
Of course, it aint going well.
I mean things like comments on issues/PRs, stars, followers, finding existing repos, seeing which projects are popular, and getting drive-by contributions.
Or does that matter less than I imagine once you self-host and mirror public repos back to GitHub/Codeberg?
People using Claude Fable to just make replacements for disgustingly enshittified software. We desperately need browser extensions to help make websites less scummy across the board as well.
This was during the kidnap-and-rape-kids-in-cages days and before they started a general policy of kidnapping and/or summarily executing law-abiding citizens in the street. There are more reasons now to disassociate with collaborators with the US federal government than ever. I guess I could say I dropped GitHub before it was cool?
https://github.blog/news-insights/company-news/github-and-us...
Microsoft is a morally bankrupt and despicable organization, just like Meta, Amazon, and modern Google and Apple. Anyone still doing ongoing business with them in 2026 is, imho, a fool.
So that would be almost everyone.
I say! Well done! Bravo! Bravo! Encore! Encore!
Now do a foaming-at-the-mouth diatribe about how predatory, unethical libertarian crypto-scamming shills such as yourself and Trump are crashing the economy while violently tearing society apart into a tiny oligarchy and widespread poverty. Extra points for plugging your latest sociopathic crypto scam as the final solution.
Codeberg had one job, serve my repo, it didn't do that, when brought up, I was told it was a feature not a bug, they could maybe whitelist me but that wasn't my problem, it was that random people got totally blocked or from accessing the repo. I moved back to github.
But you find seeing the text for a couple of seconds too annoying to use codeberg? Maybe it is more than 2 seconds for you?
Everyone has their views on what is acceptable in the world and what they will put up with. Just, to my point of view, I think codeberg is trying to fight the good fight in keeping llms from crawling their website.
Interestingly, someone mentioned that you may get the garbage when searching Codeberg using Google's `site:codeberg.org`
[0] https://codeberg.org/Codeberg/Community/issues
[1] https://codeberg.org/Codeberg/Community/issues/2603
[2] https://codeberg.org/Codeberg-e.V./requests/!~codeberger~!.g...
With that said I never used code berg because of Anubis. Something about anime girls popping up turns off any desire to use the product.
[0]: https://iocaine.madhouse-project.org/
The site linked is excluded from the wayback machine.
If only we had research on the effect of a second or two's effect on user experience.
I wouldn't have a problem with it if it was on expensive endpoints like search or deep history dives, where it matters for server load. But it's every single page, out of some strange sense of righteousness.
https://news.ycombinator.com/item?id=48845668 explains it better than i did.
I accessed through mobile, maybe got a bad ip, i don't don't know. But i never could access my repo, and incidently a day before when i tried to share some markdown file in the repo, they told me it wasn't there (i thought it was a them problem then, as i didn't see it).
So that experience and the way it was handled totally ruined my trust. If randomly people can't even access the repo, and that is "working as intended", what's the use to host it there.
The problem is blocking or speed-bumping users in general, everyone else besides themselves.
They didn't put things on a public hosting site for them to be hidden or obfuscated or even to have a tiny friction inserted between a user and that user discovering their stuff, or following a link to something.
Saying "2 seconds" as though that makes it insignificant is completely missing the point. 0.2 seconds, if it's 0.2 more than some other path is the same as a total block. Having a link to something do anything at all other than instantly provide that thing is outrageous and unacceptable, if you care about the experience you want to present to your users or audience.
(Still, I'd say codeberg was at least among the best options if you want someone else to host it for you. The bad job of providing a bad experience for legit users while trying to block AI scrapers can be true at the same time as no one else is doing any better without some other worse strings attached like github.)
* For every Git commit, fetch the version of every file in the repository at that commit.
* See git blame for every file at every commit.
* Attempt to download the archive of each repo at every commit.
* Run every possible pull request search filter combination.
* Run every possible issue search filter combination.
* Fetch each of those URLs at random from some residential IP in Brazil that had not ever accessed my server before.
Afterward, it dropped to several hundred. Expect anti-attack features to keep getting stranger and more visible as scraper get still more aggressive.
Or one someone with too much money and too little sense misplaced a decimal point in their ScraPy setup?
And the cruel irony is that these are FOSS Git repos I'm publicly sharing. I'd've been fine with them cloning the repo and analyzing away to their heart's content. That's not the way their scraper's wired, though.
I can’t tell if it’s incompetence or malice.
so I left.
must be harder than I think running a src forge