I’d appreciate not being called lazy for mentioning a lack of investment on Microsoft’s side to secure their paid and fairly lucrative service that they bought a popular code hosting platform to integrate with.
Can someone explain what this somewhat recent phenomenon is where people feel the need to defend the worlds biggest billion dollar businesses, that are also often subsidized by tax payer money in weird ways?
How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
> How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
Honestly I think the problem is more a rosy view of the past versus any actual change in behavior. There have always been defenders of such companies.
> How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
They hired a ton of people on very very good salaries
The original comment said to stop giving money to these companies if they are not giving you a satisfactory service.
The opposite, to be lazy and to continue giving them money whilst being unhappy with what you get in return, would actually be more like defending the companies.
The original comment actually criticized Microsoft for a lack of investment to secure their paid and fairly lucrative service that they bought a popular code hosting platform to integrate with.
The opposite we see here: to not criticize them; to blame Microsoft's failure on the critics; and even to discourage any such criticism, are actually more like defending large companies.
I won't "defend" Microsoft in this case, but I am always annoyed by phrases like "world's biggest billion-dollar businesses... bablah".
Their size or past misbehaviors shouldn't be relevant to this discussion. Bringing those up feels a bit like an ad hominem. Whether criticism is valid should depend entirely on how GitHub Actions actually works and how it compares to similar services.
There is a massive problem in open source where some people equate pointing out a problem with being too lazy to solve it — when in reality this just stifles the conversation. Especially when a prerequisite to any group project accomplishing anything is to first discuss the problem to be solved.
No that's actually a completely different issue. You're talking about volunteers working on side projects that are sometimes foundational to the way the internet works and then people feel entitled to tell them what to do without contributing.
Here we are talking about one of the worlds most valuable companies that gets all sorts of perks, benefits and preferential treatment from various entities and governments on the globe and somehow we have to be grateful when they deliver garbage while milking the business they bought.
No, that's actually the same issue. "Entitled to tell them what to do without contributing" is not a problem. Let them tell whoever what to do, the response is always the same: "patches welcome," or if that isn't even true (which it doesn't have to be), "feel free to fork."
don't confuse 'receiving something you did not pay for' with 'being allowed to feel entitled to anything' is all. 'open source' is just that, nothing more. if you want a service with your source, be prepared to sponsor it.
I still think people should want things and be vocal about what they want. This is the natural way for people to know what needs to be built. It is different from demanding something.
And besides that, a lot of people on here do pay for Github in the first place.
Well, actually, no, not everyone is free to use alternatives. Anyone using CI for "Trusted Publishing" of packages to PyPI or npm needs to use GitHub Actions or GitLab CI/CD. CircleCI and Travis CI are not supported. So many big open source projects for the two most popular languages in the world are now locked out of the alternatives you propose.
(I find it extremely sketchy from a competition law perspective that Microsoft, as the owner of npm, has implemented a policy banning npm publishers from publishing via competitors to GitHub Actions - a product that Microsoft also owns. But they have; that is the reality right now, whether it's legal or not.)
Trusted Publishing on PyPI supports Google Cloud and ActiveState as well. It’s not tied to GitHub or GitLab. To my recollection I looked at CircleCI support a while back, and ran into limitations on the claims they exposed.
(It can also be extended to arbitrary third party IdPs, although the benefit of that is dependent on usage. But if you have another CI/CD provider that you’d like to integrate into PyPI, you should definitely flag it on the issue tracker.)
I was never convinced that trusted publishing solves any security problem, other than letting pypi eventually solve the problem of banning russian/iranian/whatever people just by relying on github doing it for them.
> unless they put the money where their mouth is, it's just noise
I used to work for a Japanese company, and one of their core philosophies was “Don’t complain, unless you have a solution.” In my experience, this did not always have optimal outcomes: https://littlegreenviper.com/problems-and-solutions/
I don’t make the purchasing decision for my employer, but I certainly have to deal with their fallout, so I’ll keep complaining if that’s okay with you.
I've used CircleCI quite a bit in the past; it was pretty good. Feels tough for them to compete with GHA though when you're getting GHA credits for free with your code hosting.
I used Travis rather longer ago, it was not great. Circle was a massive step forward. I don't know if they have improved it since but it only felt useful for very simplistic workflows, as soon as you needed anything complex (including any software that didn't come out of the box) you were in a really awkward place.
I had a considerably better time with CircleCI in the past than with Github Actions currently. It feels much more like a complete product rather than a tacked on mess, I hate how disproportionately we count running cost just because we have numbers for it (vs. DX and velocity which are hard to measure and impossible to predict)
CircleCI made great steps the last few years, f.e. to better support proper DRY working, supporting OPA policies-as-code, VSCode extensions with "dry-run" options.
To be clear, I do think CircleCI is a better product than GHA. I just think there's a lot of air sucked out of the room by GHA being available 'for free' and out of the box.
Also, honestly, I don't care about any of those features. The main thing I want is a CI system that is fast and customisable and that I don't have to spend a lot of time debugging. I think CircleCI is pretty decent in that regard (the "rerun with SSH" thing is way better than anything else I've seen) but it doesn't seem to be getting any better over time (e.g. caching is still very primitive and coarse-grained).
> Anyone can complain as much as they want, but unless they put the money where their mouth is, it's just noise from lazy people.
Once I'm encharged of budge decisions of my company I'll make sure that none will go to any MS and Atlassian product. Until then I'll keep complaining.
buildkite is leaps and bounds above the others. especially if you need to really tailor your workloads to the change diff (say in a monorepo), the dynamic pipeline support is superb.
really surprised there are no others though. dagger.io was in the space but the level of complexity is an order of magnitude higher
What that type of section usually means is "there's someone from Microsoft that signed up for our service using his work account", sometimes it means "there's some tiny team within Microsoft that uses our product", but it very rarely (if ever) means "the entire company is completely reliant on our product".
These include
- https://circleci.com/
- https://www.travis-ci.com/
- Gitlab
Open source:
- https://concourse-ci.org/ (discussed in the context of Radicle here https://news.ycombinator.com/item?id=44658820 )
- Jenkins
-etc.
Anyone can complain as much as they want, but unless they put the money where their mouth is, it's just noise from lazy people.