Topic: GitHub is shitty, why not a decentralized solution? - page 2. (Read 1312 times)

Not decentralized in the way in which we are speaking. Sure with Git you can have a local copy and others who are working on it will work on their own local copy that is stored thus providing some form of decentralization. Still it is not fully decentralized in a way that it would be censorship resistant, IE theoretically say some government body got wind of you working on some code which they do not want you to work on and raided you and your co-workers you would have nothing protecting you once each local copy has been deleted, in this case there would not be many copies as you are only distributing it with you co-workers there is no trustless party who has copies of your code.

What we are looking at is a solution to prevent a malicious actor from being able to delete the copy locally from only say 5 computers and then your work being gone forever.

The way Git is set up is not meant to have your copy live forever no matter what, it is set up to only have your copy live as long as needed. Huge differences.

It maybe possible to look at this from a fresh prospective, not the least in that the version control architecture (what github really is in essence) level seems rather similar to blockchain in several ways:

github and other version control repository are apache-svn based. (Not include CVS, which is rather outdated and limited in capabilities)  
SVN and blockchain have significant similarities, in that each version (like block) contain transactions where certain edits (diffs) were to be made to the code repository.

The only thing that would be really needed to make the technical leap to HODL the actual repository over thousands, if not millions of nodes containing the diffs (blocks) so that an 3rd party cannot modify the content with strong assurance against tamper.  I can't imagine the consequence of tampering the bitcoin core code that runs thousands of node without being detected by the core team members (not likely, though.. because with core dev checked out source tree hidden .svn folder would have a copy that immediately alert core member that code repo had been hacked).  Also I am a bit concerned how the storage of the blocks contains all the commits, locks (like BTC chain-state), annotations are going to be stored.. The bitcoin core code is somewhat static and 1MB every 10 minute are more than adequate.  But since the scope of the request is to replace the entire github, one must look into decentralized / distributed version (block) storage with parity or other distributed storage that can have good access time but not great in write time due to obvious synchronization issues.  Even if this can be achieved algorithmicly we still need incentive to run node.  Technically this can be achieved but is a lot to consider and to test for this to become a reality.

But why such control is being spread amongst countries to stop specific places from using something that allows usage of open-source applications? If this is being stopped, what's the guarantee that in the near future, these 'laws' are not going to stop you from doing other activities too? Then, where is decentralization and if such solution doesn't/ can't exist, I don't think that such technologies will be evolving any further.

Git is decentralized as is. It stores all the history locally and sends a copy to GitHub AND/OR any other repo you would like. GitHub is just a part of decentralized git ecosystem. It simplifies communication. But I agree - it is good to use more than one repository. And in case of Bitcoin code it is crucial to use several different private repos owned by different people.

I just sent merit for @ETFbitcoin and his side-chain suggestion but I'm not a side-chain fan for several reasons.
That said, it is not unlikely that sidechains with merge mining can do good for the cause: decentralized git.

As of multi-sig issue, I maintain my proposal as it covers more general use cases and is more flexible. For instance, consider adding or removing people with commit rights which is not supported by 1 of n multi-sig solution. My security_settings_file scheme proposal also supports your single entry/subscription requirement as people (their applications) start with synchronizing their SSF in the first steps. This way they find out who (which addresses) have commit rights and continue with looking for their latest commits.

what @ETFbitcoin suggested; a side chain would be perfect for this.
as for specialized blockchain, it obviously can not be PoW like bitcoin because the hashrate will never be high enough to secure it. i haven't really done any extensive research on alternatives but those that i have seen weren't good enough.

the point of multisig was having the 1 single address so that others only have to "subscribe" to one address like watching 3BitcoinCoreGit and get the new outgoing transactions from that. it doesn't have to require more than 1 key, it can be a 1 of 5 multi-sig scheme with 5 main developer each having commit access.

You could built in on top of Bitcoin network by using side-chain with merged mining (just like RSK)

The problem would be bitcoin blockchain that is not scalable and fast enough for multiple active projects with lots of contributions and commits. How do you think about a specialized blockchain with its own token? Obviously, it would need some incentive mechanism, but couldn't we define some sort of incentive for maintaining a permissionless decentralized git system?

Plus, I don't think multi-sig is necessary for big projects with multiple/sophisticated access rights. You know an authorization scheme is just another "file" and you need a web/desktop application for UI anyways. It can easily decide about legitimate commits by checking the keys used against the security settings derived from the above mentioned "file".

maybe a decentralized github clone could be implemented on maidsafe?  Perhaps using gitlab code as a starting point.   Or if not maidsafe, then maybe ipfs or sia for decentralized storage.  But my understanding is that maidsafe facilitates decentralized computing, dynamic websites / apps, etc...

yes / no / why?

here is how you could do it using torrents:
* each time you make a change in code, git produces a file with the changes and the SHA1 hash of it committing it to the chain.
* create a torrent from this file, which is yet another SHA1 hash of the file. by doing that you will start seeding this commit and by share this hash with others they can download and seed it.
* now you need an immutable ledger that you could share these hashes so others can find and download them and you don't want them to be changed and also want them to be timestampted. bitcoin blockchain is perfect for this. you create a new key and each time you had a new torrent hash, you create an outgoing transaction from that key and include the hash inside of an OP_RETURN output from that key. now all you need to do is to share your public key (or address) with others and all they have to do is to watch the txouts, extract the hash and download the torrent/file.

† if it is a big project with multiple user's having commit access that "key" that was created could be a multiple key (aka a multi signature address) that all need to sign the result.

Was thinking about this all day. Thought it would be an interesting pet project. But when trying to learn more about this ... https://forum.bittorrent.com/forum/134-developer-discussion/ seems they killed the project
I guess big companies like BitTorrent are not allowed to "mess" with the current status quo !
This sucks ...

---

I stand corrected again
Seems there is another project .... on github (the irony) https://github.com/xuset/planktos
From what I read there is no solution so far to shard the website into multiple torrents so it's not scalable and would pose an issue for bigger websites.
I would get involved in such a project and help however I can

The only way there would be a GitHub Dapp version IMO would be if the website would be hosted on multiple servers, on users pc. Sort of a torrent system. They would keep the pc open to seed the website content and css. Not sure how you would do such thing, or if it would be possible (not that web dev savvy) but seems like the only way to me.

---

Edit: doing a bit of research it seems there is such an option: BitTorrent's Maelstrom. Not sure if they kept developing it enough...

Guess GitHub is just following some governing rules which they can't brake through.
Take a look at some crypto exchangers and what geo restrictions they have. All of them just avoiding some probable troubles in future.

VPN is your choice buddy!

I definitely agree, Bitcoin's main development code needs to be moved away from Github.

Having bitcoin codebase on github.com is unfortunately creating a central point of failure. Tommorow none knows Microsoft/US govt may decide to launch its own coin and take control of https://github.com/bitcoin repo

I think core development should move to a self hosted solution:

1. Move to an open source self hosted solution like gitbucket  which is mirrored by key members of the community on their domains
2. The updates to  PRs, issues , releases etc should be automatically committed to another meta-bitcoin git repo
3. Both bitcoin and meta-bitcoin  repo are free to be cloned/stored by everyone, so if any points of failure occurs another website can be hosted from one of the community members

Personally, I don't see how being forced to comply with a blatant political agenda increases legitimacy or trustworthiness.  It's just something they're powerless to fight against, so they're simply taking the path of least resistance.



Most governments on Earth have a poor track record on human rights.  I don't know why people always choose to single out Iran.  Again, sounds like pandering to US political agenda to me.



While I don't agree with any of this, it sounds like you can still have a public repository.  Is that really not an option for you?

Here is a quote from the link in the email you cited in the OP:

I am unsure of what you were using GitHub for, however they are required to follow US law being subject to jurisdiction in the US. According to the above, if you are not working for the government or an SDN, you can use GitHub on a personal basis via their free services.

If you are working for the government of Iran, I would point out that the Iran government has a very poor history of Human Rights violations against their own people, and I would encourage you to defect.

You technically could, in the blockchain all you would be storing is hashes of the end file, the file itself would be hosted across multiple servers(Nodes) thus decentralizing it, still you can add contributions on top of others, edit code, etc you would just store the hash of the file on the blockchain reaching concensus that such changes where made by the correct user, etc.

You can also delete contributions as a user would just make the request, store that request on the blockchain thus nodes reach concensus that such user did verify to have such contribution deleted and then nodes would just stop supporting the storage of that file. You can do alot with it as technically these files again are not stored on the blockchain itself as the blockchain just serves as a point of reference.

those looking to read into the file would just request for the file to be sent to them and they can view it, you can make a exact copy of Github in a decentralized manner with a very nice GUI just most people aren´t into it for that most just come to get rich and the usual by putting in no effort.

Either way OP pretty sure you posted this in the wrong category as this has nothing to do with Bitcoin nor its development, please move this as your first post talks nothing about Bitcoins technology or what you want from this thread, it is a simple discussion on why Github isn´t decentralized. I saw on Twitter the other day that some projects are trying to create a decentralized Github still didn´t look into it and pretty sure they aren´t making it much user friendly just a crappy version. IDK.


I could lay out a whole roadmap on how this would work but have no time and the OP as it seems he has no general knowledge on how it would work would spend months researching how it would work before even getting a roadmap in place.

I hope you read my statements again, I'm not against having a decentralized approach with GitHub. I'm just saying it's not going to happen and even if it did, it's not going to solve the problem the OP is having. Which is where there are limitations in his account, that's not my fault, it's the laws that GitHub follows. You are getting the wrong idea, my friend.

What I meant with the part where I said, not about being innocent is that no matter where you are as long as the country you're living in has those kinds of laws where you get restricted, you get limitations. Do you get what I'm saying here? We're not talking about different topics though, but a lot has been changing with the laws in the US.

It is going to be awesome when you have a decentralized GitHub. There is more power distributed to users. My first opinion is about thinking that it wouldn't be happening anytime soon.

So your argument against a decentralized approach to Github which by the way is a major host for most decentralized projects is a bad idea because they are trying to protect members of Github from their own countries laws? I'm sorry but I would disagree with this wholeheartedly. If Bitcoin was made illegal in your country would you still use it? Or would you allow your country to censor your freedom that much? Github are limiting accounts to save their own ass and not that of their customers. Its like the whole debate that Bitcoin should be banned because its used for criminal activities. So what if theres a small amount of people illegally using Github? Innocent members are being limited because of it is that fair? If that is fair then we might as well ban the use of cash too.

It is about being innocent. I'll give another example that I know the americans will relate too if america decided to ban all guns to its people because of the ongoing rise in gun crime over there would you be pleased that one of your amendments were breached? Gun crime in comparison to the population is a minority and yet you would be limiting innocent members of the public. This is why its been hard for this policy to be passed because the people don't want it.
But anyway that's just an example but going onto the "choose another site" this is why a decentralized github would be good. There is problems with Github restricting members depending on where they live if we had a site which was decentralized and had the same features of Github this would be in my opinion beneficial. The only problem with that is there will be a lot more viruses being spread and no one to really take them down.

Although this would be interesting I wasn't aware that Github had paid premium services? Although if that is the case then Github would in fact be well in their rights to cancel any payments made from these countries due to the recent sanctions made by the US. Although again this is another reason why there is a gap in the market for a decentralized approach to Github.