Nostr Web Client

Github has been requiring authentication now for "untrusted" ip addresses. They also have aggressive rate limits such that a business running build server(s) will likely hit rate limits.

The reason that's a big deal is, many, even more commercial funded OSS projects, publish their artifacts exclusively on GitHub releases, or the GH container registry. Powershell is an example of this. They're not only locking down development, but also the public's access to the applications entirely. It's total control over software development and distribution.

nostr:npub1s3ht77dq4zqnya8vjun5jp3p44pr794ru36d0ltxu65chljw8xjqd975wz plans to help with this, but we aren't going to be an end-all solution. No single SaaS platform will be.

Devs should consider running their own git servers and artifact repositories for their projects. Other self-hosters and plebs can contribute by setting up git mirrors on just about any webserver. Mirror projects you care about!

Devs should also probably be signing their commits so that mirrors can be verified.

Final note. CodeBerg offers a GitHub 1 click repo migration tool.

nostr:nevent1qvzqqqqqqypzq96n3hp2vfmf6z2y8uvvxl97xk86kkalnqghx4p25lzl79c76a7yqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcppemhxue69uhkummn9ekx7mp0qqs07zt6wxcqyfpnee5vne29yanfrjz7zuadufxm3lx85f70rmhnnuql2exdk

Reply to this note

Please Login to reply.

Discussion

semisol 5mo ago

OneDev ftw :)

ChipTuner 5mo ago

All day every day!

semisol 5mo ago

The NFDB/nostr.land code for example is managed on OneDev. Issue management is pretty great (I use it for non-code related tasks as well)

CI was extremely simple to set up, it starts a single-node FDB cluster and runs all the tests.

ChipTuner 5mo ago

I'm still very green when it comes to CI but same for me as well. Tests, containers and so on!

I've even started using it for IaC for my load balancer network.

semisol 5mo ago

One other thing I did was use OpenBao for managing FDB cluster configuration.

That originally started with TLS certificate issuance only, but I needed to manage JWT signer keys as well, and then I put some other configuration in as well that was not completely security related since I didn’t want to deploy a 2nd tool.

Planning to set up an SSH CA soon.

ChipTuner 5mo ago

Oh an SSH CA would be nice! Id like to handle my TLS as well, i'm not happy with my current setup. Still kind of manual for now. Everything was nice and simple until I expanded my LBs XD

ChipTuner 5mo ago

The point is, every day more projects move exclusively to GitHub, and it increasingly becomes the only place to obtain software in any form, regardless of who you are.

Matt 5mo ago

I've noticed this and it's bad, in my opinion. Is it practical to mirror critical software elsewhere? Git and proprietary hosts aren't something I know a ton about. I've used basic Git and GitLab for my personal projects but that's it.

ChipTuner 5mo ago

I mirror the code I rely on and like, except for things that are just too large my servers get upset. Most of the code here is used by my own applications. I vendor most of my dependencies for this reason as well, but for other apps I just use this works. Speaking of which, I need to mirror more things!

https://git.vaughnnugent.com/cgit/

Funny enough I think, git itself has mostly migrated to GitHub. Can't speak for development, but all the documentation links back to GitHub.

Matt 5mo ago

Ha. I didn't even consider git itself being there. I know LT has done A LOT for FOSS, but I've always gotten the impression that he doesn't care that much about it. At least not in the Stallman sense.

ChipTuner 5mo ago

Yeah I find it hard to believe LT uses GitHub, or trusts it, but as far as the public facing resources go, they mostly point to GH in my recent experience.

Matt 5mo ago

Probably the low or free cost hosting incentives they have. Who knows. There's too much behind the scenes for me to keep up with. I'm bearish on FOSS repos being there though.

ChipTuner 5mo ago

> Is it practical to mirror critical software elsewhere?

To answer this specifically, yes I think it is very simple and practical if you are familiar with hosting any kind of web server. Mine just use git on a sysdtemd timer to recurse through directories I initialize and my cgit server hosts the web version. You just need a few MB of disk space, git, and a webserver to accomplish this.

ChipTuner 5mo ago

A little git mirror tutorial

On a linux device you can run the following to initialize a repo in a mirror

```

mkdir

cd mkdir

git clone --mirror #ssh or https should work

```

Note: specifying --mirror is important because it creates a bare repo that can be updated by git with a single command later.

You can run this script in the top level directory and it will recursively sync all of your --mirror repos. It will find all the directories that end in .git which is what happens when using the --bare or --mirror option during a clone.

```

#! /bin/sh

set -x

for DIR in $(find . -type d -name "*.git"); do

echo "Updating repo $DIR"

pushd "$DIR"

git remote update --prune # fails with or without this line

popd

done

```

If you a running a distro that uses systemd you can configure a systemd timer to run the sync script on a schedule to keep your repo synced with the upstream repo

Here is a tutorial I like, it's very hand-holding

https://documentation.suse.com/smart/systems-management/html/systemd-working-with-timers/index.html

Otherwise you can use cron assuming your distro has that option. I prefer systemd timers though :)

Finally, you can serve this directory using apache, nginx or whatever flavor http server you want.