I made the mistake of getting my family to switch to Signal. It works great for messaging, but it has other issues—beyond the typical SIM-required complaint. I hate that you have to register with a ‘primary’ device on either iOS or Android fueling that duopoly (SoL if you are on a postmarketOS or KaiOS or Capyloon phone… or just don’t want a internet-capable phone). Notifications are sent thru Google’s FSM (news 1–2 months ago that of course Apple & Google send all the metadata to the feds) & refuse to support UnifiedPush (thank goodness the Molly fork does). They’re also not too happy to support alternative clients meaning you are stuck with the shitty, resource-sucking Electron client while not having a web client or native or TUI client. And the worst cherry on top is shipping those iOS emoji to Android & Linux …eww.
toastal
Git provides itself, so forges aren’t even required (the d is distributed version control). Issue trackers don’t need to be attached to the code forge. Even if you like someone else hosting it & an sidecar of integrated bug tracking, it should not require an account with Microsoft if privacy is the end goal—and there’s a host (pun not intend) of other options.
PRISM Break, Calyx live on GitLab (not obscure, supports SSO). Many free software projects like Freedesktop, GNOME, KDE, DivestOS, Briar, Jami self-host the community edition of GitLab. Privacy Tools & Awesome Privacy mirror to Codeberg as well as MS GitHub, presumably to have an escape hatch to the megacorporate bubble & to practice what they preach about privacy. LibreWolf is exclusively Codeberg. Cwtch self-hosts Gitea. Prosody self-hosts its Mercurial server. Choosing not Microsoft GitHub puts you in good company.
If a mailing lists alternative isn’t your thing, Forgefed, federation protocol for software forges, would apply for anyone with a Fediverse account (so Lemmy) could submit issues with Forgejo building it in along with others soon (GitLab expressed interest).
Choosing proprietary tools and services for your free software project ultimately sends a message to downstream developers and users of your project that freedom of all users—developers included—is not a priority.
—Matt Lee, https://www.linuxjournal.com/content/opinion-github-vs-gitlab
Dino, Gajim turn on OMEMO by default & even the TUI Profanity prominently displays [unencrypted] in red at the top by default nudging you to pick OMEMO, OTR, or PGP for end-to-end encryption. The protocol is generic on purpose & meant to be extended with encryption which in the case of private chat applications, is now defacto. Much in the same way, TLS isn’t required since there are application that don’t require it, but defacto, all guides for setting up a XMPP server for chatting applications will suggest TLS where some servers have options like s2s TLS required or it won’t talk to the other server.
Seems weird that there’s a big, red no even when all the defaults point in the direction yes for human-to-human chat. Much in the same way some values are wrong like apps & servers being open source when there very much are proprietary XMPP servers out there like WhatsApp & Zoom. There’s also a reason Tails OS comes with Dino (or Pidgin) & every dark web guide explains how to connect to XMPP thru Tor + OMEMO/OTR, because it can be secure & anonymous enough for criminals & whistleblowers while being lightweight & decentralized.
So contributions require folks create accounts with Microsoft for GitHub? That’s a bit contradictory, but here you are telling folks to raise “Issues” exposing themselves to Microsoft’s ToS & data collection machine. Not to mention all they are doing with Copilot.
Jitsi runs XMPP under the hood so why not just use that as your chat server instead of running two separate servers?
Everything you point to as ‘pros’ for Microsoft GitHub could be applied to GitLab, SourceHut, Codeberg, GNU Savannah, Notabug, Radicle, darcs hub, Smedeeree, Pijul Nest as far as hosting infrastructure where you don’t have to--and with the exception of GitLab being open core & a publicly-traded company, they are open source & not ran by corporations (some as for-profits, but indie, others, as foundations, others as community run). You’re conflating my (and many of our) distaste of capitalism/corporatism by rejecting Microsoft as if it means anti-access or anti-open source/anti-ethical source. Microsoft is 100% an enemy playing the long-con by vacuuming up all these developer adjacent services as megacorporations try to do (see their expanding portfolio of: WSL, Azure, GitHub, Codespaces, Sponsors, Copilot, VS Code, npm, Teams). I also believe it’s only a matter of time til they pull the plug on their APIs like Twitter & Reddit as the board of shareholders demand preventing migration (just like the “Search” is disabled).
There is also no shame in self-hosting these things & you can start hosting most DVCS with SSH + an HTTP server in front of the code even if it doesn’t have some web GUI to browse files so it doesn’t have to be that complicated. NixOS modules or similar can get you a cgit, GitLab Community, SourceHut, etc. all running without too much effort (services.cgit.enable = true), or forming a local collective & sharing resources is cool too & doesn’t need to be each project self-hosting. You can still have ‘barriers’ like authentication if you need that require agreeing to your community’s terms of service instead of Microsoft’s ToS--which is the system used by KDE, GNOME, & many other big FOSS self-hosted GitLab forges.
I’m also not against rejecting some of the tenets of “open source”--with OSI as its definitional gatekeeper--in favor of the copyfarleft, copy fair, Commons Clause, etc. that require corporations contribute code or finances as I don’t think it’s a difficult argument to say our current systems extract values from the Commons more than adding putting folks in positions of not getting to work on their valuable library that everyone relies on, but doesn’t want to help finance its maintenance (see Babel)… in which case, rejecting the corporations in favor of the Commons could be a greater goal than “open source is actually about”.
I don’t like Microsoft Windows at all, but you are absolutely right about doing a good job with backwards compatibility.
Linux isn’t so backwards compatible, but with much of it having open source code, you can often compile it again yourself—tho having been written in a language that offers good backwards compatibility also helps.
As a bonus, they forked to Codeberg while supporting a mailing list on SourceHut (explicitly stating contributions via Microsoft GitHub will be ignored)
But you’re willing to gloss over all methods of contribution (unless the project owner explicitly provided alternatives) require accounts to a proprietary service owned by Microsoft, not owned by your project? Or they way the Microsoft GitHub way is entrenched in the larger community via education & peer pressure to join the social media network.
I don’t see Microsoft with both its history & its shareholder obligations to maximize profit to do anything but try to extinguish—corporations always aim to monopolize.
Replicating all chat history + attachments provides a lot of resilience to the network from a node going down, but at the cost preventing to the home lab user from practically hosting a server which just means everything centralizes around Matrix.org, & when anyone on Matrix.org chats with you or your group, that metadata gets synced back to the central hub server once outwardly funded by Israeli intelligence.