As a daily user of Tmux, I can't tell you how happy I am that they've bailed out of there. It was always really odd to me that they weren't either on a self-hosted CVS server somewhere or on GitHub - how all is well in the world.
It works here with Firefox+noscript, but in w3m it messes up when you read an article and forces you to a "need JS" page. I might have added some other hack somewhere in FFx ages ago to get groups working that I've forgotten about.
Oh, wow. Works for me. Confirmed that Noscript is required or any link you click redirects you back to the "rich" site.
This is awesome. Thank you for sharing. It's ugly, but who cares? Finally I can have more than one google groups window tab open and still have smooth scrolling without the javascript flailing around so hard my fans kick in.
google tries very hard to leave the impression that you must have a gmail/google/google+ (not sure, haven't had the misfortune of doing this for some time) account to subscribe.
You can subscribe via email without any google account by sending a message to <groupname>+subscribe @ googlegroups.com, then it acts just like any other mailing list.
so you were misled and confused by google into thinking you need a google account, if only for a while. they try hard to manipulate people. do you see the problem now? yes, you can fight the stream of lies and misdirections, or you can say "thanks, but no, thanks".
I see SourceForge as being to code hosting platforms as GoDaddy is to domain registrars. They both started in the late 90s, exploded, and suffered from their success. They became infested with bad management, became bloated and difficult to use, and employed skeezy money-making tactics. GoDaddy doesn't seem to be in trouble the way SourceForge is, though.
Honestly, I don't see how they aren't in trouble yet. With how long GoDaddy has been around, and how dominant they are in terms of "casual" domain owners, it blew me away when I saw that they have yet to be profitable a single year.
As a customer of both GoDaddy and Namecheap, I have to say that GoDaddy offers a much better, more full-featured DNS control panel. Frankly, I can't see staying with Namecheap.
I really don't get the hate for GoDaddy. SourceForge, OTOH, are reprehensible.
You can use the GoDaddy dns manager (dns.godaddy.com) without having your domain registered there. I use it because it's a much more robust DNS manager. You can manage your external domains with it.
What are the specific concerns with GoDaddy? I've been using them only as a domain registrar, and, well, they do register my domains.. I didn't know there were issues of the same magnitude as with SourceForge. What registrar do you use?
I used to work there. People complain that they use deceptive practices, like a low intro rate and then very high cost automatic renewals. About 3-4 years ago they were bought by some private equity firms and they have been in the process of basically rewriting all their products. I was involved in a one year full rewrite which was later scrapped in favor of reselling Office 365 instead.
>>> People complain that they use deceptive practices,
The last company I worked for had all of their public domains registered through them. The funny thing they figured out was if they registered for a domain or a service, they would get all the way through the order, then wait a day before processing.
Like clockwork, the next day the sys admins would get a 30% off coupon for the stuff they had just started to sign up for the previous day.
It was an easy way to game the system, and made you wonder how over priced their stuff really was.
Actually, it sounds like GoDaddy simply doesn't make money.
"The company lost $143 million last year. Granted that's less than the $200 million it lost in 2013, and the $279 million lost in 2012 -- but GoDaddy admits it hasn't turned a profit since 2009..."[1]
Are there any big projects still using SourceForge? I know "big" is a little subjective here, but it seems like most active projects have already migrated.
Where to, if I may ask? I have some small projects I'm trying to get away from SF, and the mailing lists are the hardest bit --- finding mailing list providers which support bulk import isn't easy.
GroupServer [1] is very nice, a hybrid between an online forum interface and a fully-functional mailing list. The installation and configuration process is fairly involved, though, but turnkey hosting is available through OnlineGroups.net [2], from $2/month [3].
I looked at Discourse, and for the scale of my projects the pricing is unmanageable. Hosted by them it's $1000+ a year; hosted by me it's still $100+ a year ($200+ for the first year). Installing it and running it myself requires spinning up a moderately high-end docker instance, which I'm unwilling to do (not only does it cost money, but I've only just managed to stop running my own servers, and it's great).
Have a look at discoursehosting.com, they have been around for quite some time and they offer 3rd party discourse hosting for much lower price compared to the official discourse.org hosting.
Why don't you pick the one-time install ($100) on a server you already own? If your ML is low-traffic there's no reason it should cost you much more than a couple dollars a month.
They won't install it on my own server. The $100 one-time install fee installs it on a virtual server with Digital Ocean, which then costs $10 a month hosting.
Our Webmin website, mailing lists, downloads, and a few other things are still running on SourceForge, for the time being. (I guess it counts as "big", with 3+ million downloads a year, it has always been a top-ten project in its category at SF.net.)
We moved revision control to github several years ago.
We just haven't had time lately to figure out what to do about the SF.net malware situation, but I can't imagine we'll stay there for too much longer, given the circumstances. We don't provide a Windows installer, so we're probably not at any immediate risk from SourceForge practices, but it doesn't seem like a smart place to be, given their behavior.
I thought you were going to show a virus result - the screen you showed is very unambiguously an opt-in screen, it even has the term "Accept" (as opposed to some other word like next or install) making you look at it - if the text said something else you would be very likely to just click it. The button at the left 'skip' is also clear about your other option (if it said 'cancel' it would sound like you're aborting installation.)
I just don't see how this is a trick. There's not even a "default" option here, except for the Accept button being on the right. How can anyone possibly click the word "Accept" without even glancing at the text surrounding it - even a glance shows you the giant icon with the slogan "Mac Cleaner Clean Up Junk Files on Your Mac"? If you look at the bullet points, the first one clearly identifies what it does. So it's an opt-in screen. There's no default. The action word is "Accept" and the top bullet is about the additional software you would be installing, with a giant picture and caption showing the same thing. Or you can click "skip."
This is above-board if you're going to do this sort of thing. Hell, given how above-board it is I might just click "Accept" in this case! (knowing that the devs opted into it as well.)
It is very, very hard to read this as anything other than an opt-in screen. How can you be any less ambiguous??
EDIT: I didn't even notice, there is even grey small text that spells this out in completely unambiguous words! (Thank you for considering this offer from our advertiser...your choice does not affect installation of FileZilla.)
I honestly don't even know that I would ask FileZilla to change anything whatsoever about this screen. It's great!
You say it's a great screen, unambiguous, very clear. But you then say:
> EDIT: I didn't even notice, there is even grey small text that spells this out in completely unambiguous words! (Thank you for considering this offer from our advertiser...your choice does not affect installation of FileZilla.)
Doesn't the fact that you didn't notice it make you at least pause?
I am ad tolerant. I do not run an ad blocker. If an ad is relevant to my interests I will click it. (I click maybe one ad every six months. I've never bought anything as the result of an ad.) And I loathe this kind of bundling.
We know that users are unable to read dialog boxes. Ask anyone who's worked in support about their experiences of getting people to read back an error message that's displayed on their screen. Every support channel on the Internet will ask people to post screenshots or to copy and paste the output.
IMO there should be an industry standard for how the screens should be worded, what they should look like, what buttons they can or can't include. Yes, we'd see many fewer people installing the malware but that's the point: no-one wants it. I tolerte ads but I see no reason to switch from Google supplied ads to some random adnetwork.
I mean I didn't have to notice, because I didn't have to get that far. I didn't read the rest of the bullet points either. It was just totally unambiguous to me, probably thanks to the giant picture.
I should clarify that I was only referring to this screenshot - https://i.imgur.com/hNDdz4P.png - the other one is worse but I didn't notice ggp had an album of two (unless they changed it.) without the picture it would be a lot worse.
I think people are upset about this not just because extra software is being requested to be installed during the desired installation (it's not just an ad, it's an embedded installer), and not just because SF is trading in on their past reputation, but also because of the type of software that is being installed. Malware is too strong a term for it, it's possibly adware, but definitely junkware. It's software that purports to "make your system run faster" and the methods it goes about to accomplish this may actually make it run slower (clearing the system cache) or even cause corruption (clearing the system cache incorrectly). The software may actually cause problems on your computer while making unsubstantiated claims of helping it.
To be clear, I personally wouldn't mind advertising and installing software from an installer if some minimum criteria were met:
1. The software being advertised was actually checked by someone to confirm it had some use, and was not in fact detrimental to the users.
2. The accept/install button was not put in place of the button that moves the install process along normally.
3. A separate installer window was launched to make it obvious what was happening. No quiet background installs allowed.
What would be less ambiguous would be when you download an installer for an app then the installer installs that app and doesn't attempt to trick you in to "accept"ing what you think is the initial app install but is in fact an entirely different app.
If you really wanted to let them add apps people don't want then at the point of download an unchecked box could have an offer for unrelated software and that offer would state something like "software we're getting paid to have installed on your computer". That too would be unambiguous.
It's like someone offers you a bag of sweets and as you take them they say "you're fine with cryptosporidium" under their breath; you think they muttered some marketing slogan and instead you get ill from the sweets. Perfectly acceptable, you even had chance to find out what was in the sweets /s.
When you ask someone about an irrelevant detail related to their status in the community while you are discussing something unrelated, it implies (quite strongly) that you are trying to change the topic from what is at hand to a comparison of credentials, and it also implies that you believe your credentials to be better in some way, somehow giving you an upper hand.
If you are truly independently curious about their startup, ask them separately.
But you were not (you admitted as much). So it's distasteful.
The person has clarified that they wanted to know if I ran a pertinent startup - nope! I don't have anything to do with a software download business model, I'm just a consumer. I install things all the time where I have to decline an offer, and I would never accidentally hit "Accept" under a giant picture of unrelated software.
If you do google the specific thing being advertised (as I would if I wanted to know exactly what I was accepting) you would find something quite mixed. It has nothing to do with the format of the offer though (or with me.) It's like an ad. In the specific screenshot I linked, which is this one: https://i.imgur.com/hNDdz4P.png
Yes, I have no problem seeing offers in that specific format in my personal case as a consumer. No, I have nothing to do with any of these companies.
I'd previously assumed that all smart consumers aware of the near-universal malwareness of bundled software would despise this sort of thing. I'm glad to have my wrong premises exposed.
Not with "Aside:", and not without any other context. Especially since they might bundle software (which you'd want to avoid) without having their own startup. So the question is completely unrelated (and the author of the question admitted it).
If one wants to ask a related question, ask a related question: "Do you bundle adware with any software that you distribute? If so, which software is that?"
Their profile states they have one - I checked the profile to see if they were a shill, they mentioned a startup. I think it could be pertinent; I don't see there being harm in asking, they don't have to answer.
Most users think the way to install a program is to click next-next-next untill the program is installed. Since they downloaded Filezilla, they will expect that program to install, and not other crap. Are they to blame for not reading? Maybe. But nobody actually wants crapware in their machines, so bundling it with your software so that stupid users get it installed is not nice.
Ambiguous or not, surely you can appreciate how ridiculous it is to be bundling closed-source malware with GPU-licensed open-source software, even if it is optional? It is precisely this kind of software that the GPL aims to protect against - people should be in control of their software, and not the other way round. The bundling of malware with Filezilla is so blatantly against the core ethos of GNU, and calls into question the morality of the creators/distributors of said software.
And the fact that it is so unexpected is what makes this misleading. You're installing open-source software, on a mac, no less. You're expecting the bottom-right button to continue the installation. I don't know how you can't see how easily it is for a user to accidentally install this malware.
This definitely isn't the worst offender out there, but you're judging it on a bunch of subjective criteria; some will agree with you, others will still be 'fooled'. Although Sourceforge isn't probably a very common installation source for unexperienced users, I'm willing to bet at least some will end up there via a search engine. Bear in mind that some people will literally have no idea what 'MacKeeper' etc. is, and will assume that it's necessary.
The only objective measure is "is this software required for what I'm installing"; clearly, in this case, MacKeeper fails. There is a degree of trickery, sure, but they are unequivocally trying to trick people into installing something other than what they intended.
I actually got caught on one of these from Adobe - I was doing a flash install, that I'd done many times before, and so was on auto-pilot. It's a bit like clicking send on an email and then remembering you needed to add an attachment (thank you Mozilla for attachment reminders!); a split second after clicking I realised that what I'd clicked on was not the normal license or whatever - by that point it's already installing.
I actually installed the malware because I'd become so used to not dealing with this sort of stuff on my non-windows machines. The install process hijacks your browser by adding extensions, changing the search engines, blows away your prefs and cookies, installs some crap in the OS, etc. Huge pain in the butt. Totally my fault for just blindly bashing on the next button in the installer. I can assure you, the malware in Filezilla is quite real.
You should start using Cyberduck, it has a Free Client which pops up a window once you installed the free version (but the popup appears only ONCE and does not contain any malware or advertisments), and a paid version without a popup.
Actually, by default, the popup appears every time you close the app, but there's a clear option to suppress it on subsequent occasions for 'this version'. I've never selected that option, so I'm not sure how fine-grained 'version' is; I actually like seeing the reminder because I will, definitely, one day, make a donation, so I appreciate the prompt!
If you are on a Mac, use homebrew-cask (http://caskroom.io). It's like Brew, but for binaries. Works like a charm and you don't get the malware-injecting wrapper.
Not to victim-blame here, but the fact that there's even an "installer" should be a huge red flag. There's no reason a simple FTP program can't be just an .app bundle.
This is great! It still looks like you have to go to SF for the windows installers; am I missing something?
Do you know if there's any plans to move away from SourceForge? If I was in charge of the project, I'm not sure what I'd do. Maybe move all active development to github, but not abandon the SF repo to malware injection?
Do you know anyone else who uses bintray? I'm considering hosting downloads for the open source projects I maintain with them, but never heard of it much before.
SourceForge was founded 1999. Now, 16 years later they start to abuse their power. GitHub was launched 2008. Does this mean we can expect GitHub to start abusing our data by 2024?
Github has a stable business model which depends on their reputation as a host. As I understand it, that isn't something that could ever be said of SourceForge.
I'm not saying github will be around forever, but I highly doubt they'll make the same mistake sourceforge is making now.
Agreed. As a high schooler I loved sourceforge. I would talk it up to people and I had a couple of projects that I put up there. I thought it was the best thing since sliced bread.
Then I saw that famous talk by Linus on git in 2007 (https://www.youtube.com/watch?v=4XpnKHJAok8). Since I had never managed to get SVN working properly for me git was awesome. No server software to install. By the time I wanted to put up another project on the web Github was a thing and I used that. I never looked back, I loved how it was about the code, not how many installer downloads you had.
That for me was the main problem with sourceforge. In the end it was a game (for the devs) to get the most downloads because that was how your projects were judged and ranked. The Github "game" is slightly better and there are multiple ways to play.
I don't think there were decent alternatives back then. Also, their business model has been based on web advertisement. It's a valid point that GitHub has a solid model and might not need to do shady stuff in the long run.
Build a user base with a great free product, abuse that user base for money until it leaves you for some competitor. Build social capital, spend it. The market, on average, doesn't just want profits from a tech company, it wants significant short-term growth in either revenues or userbase, and if the latter reaches saturation the former will occur.
> The market, on average, doesn't just want profits from a tech company, it wants significant short-term growth in either revenues or userbase, and if the latter reaches saturation the former will occur.
Small correction: it's not the "The market" that wants that, its the owner/investors/stock holders that want it.
Which is why I have an easier time trusting a small company owned by its founders, than a big, publicly traded company.
(Iirc github is still privately owned, but they have taken significant investments, so it's somewhere in between).
Quite possibly. As the market matures and gets more competitive, people are being forced to sacrifice every value, one by one, to boost short-term profits. It seems to be a common dynamic in just about every industry.
Both, actually. It doesn't even have to be a conscious choice; if you had every CEO make business decisions at random, those companies that made themselves more competitive would still thrive, while the others would die.
Those who keep sacrificing values tend to outcompete the ones who don't, and so the values end up being sacrificed regardless of however humans rationalize it to themselves while making decisions.
As I understand it, they only block russian IPs from accessing it. That seems ok to me. Every country has it's own laws. There is now completely free speach anywhere around the world.
Well, I just so happen to have a Russian IP, so this particular issue is quite important to me. I think censorship should be everyone's concern, even if it doesn't personally affect you. What if your government is next?
But that doesn’t happen – if a repo violates US law, they remove it completely, even if it would have been completely fine under German law, for example.
If GitHub is hosted in the US, and a repo that is hosted by GitHub violates US law, they probably cannot continue to host that repo in the US and serve it only to non-US clients.
There are lots of big projects that use an email-based code review
workflow: the gcc family (gdb, libstdc++, and gcc itself), git, Linux, Mercurial... You submit the patch to the
mailing list and people comment on your patch inline. You submit
updated patches as necessary until everything looks good and approved.
It's pretty low-tech, but like plain text itself, it's also very easy
to participate. There's no setup involved other than an email client.
And rewrites don't require you to add more commits, thus cluttering
history; or to `git push --force`, thus destroying the previous
version of the patch that people had commented on. It's also trivial
to cherry-pick and rebase: just apply the patch. You can do this even
with a VCS that doesn't have rebase or cherry-pick commands.
There are definite advantages to the email-based system.
Even if there are no problems with github PRs in themselves, the tmux developers will certainly have an established workflow for reviewing patches and applying them. The last thing they want to do while they're migrating from one hosting site to another is to upend their entirely functional code review workflow when that's not the thing that's broken and forcing the migration...
I don't know about tmux, but personally I find that it's pretty rare that you want to apply a submitted patch verbatim.
Generally there's a need to clean it up a bit and bang on it with some testing. I suppose that bigger projects can just bounce that back to the submitter to fix up and resubmit, but if a smaller project wants to encourage contributions the maintainers really need to do that.
There's also the point that projects with established mailing lists where patches are discussed probably don't want to move to github's web UI for those discussions.
I believe, and I might be very wrong, that tmux is developed in the OpenBSD CVS tree, and patches are then merged from there to Github. The patches would need to be applied to the code in CVS, so a Github pull-request would be useless.
I prefer GitHub comments over inane mailing lists where you either get everything, or nothing. GitHub's issue notifications are opt-in per issue, and still come by email if you want.
People who only take patches by email are being jerks.
Horrid. Besides poor threading (I'm speaking about the UI itself), it's unbelievable how HEAVY google groups feels when loading and using their web interface. It's so sad to think that google groups was the best interface ever to nntp in the past when it took over dejanews.
But it doesn't stop there. I had endless problems with regular subscribers ending up as junk. Likewise, as a subscriber, I had several issues in the past with subscription, where I had to contact the owner of the list and "debug" the issue (like there's anything to debug really: it just goes to junk and there's nothing you can do).
It doesn't help that google groups doesn't show prominently the fact that it's a regular list you can subscribe to without creating any account.
Fortunately, google groups generally plays well with gmane.org, so as long as they don't screw that up, I couldn't care less.
It's not bad, to be honest, just a bit awkward to use if you don't have a google account (it's sometimes fairly hard to subscribe without one).
I wouldn't recommend it for FOSS projects. Unfortunately, there's not much alternative out there. I'm currently looking at Discourse, which has a mailing list mode. We might move to that.
I participate in several Google Groups for large projects. I hate it - I find navigation not obvious, discussions aggregated poorly, formatting inconsistent and content not prioritised.
they lose emails. subscriber sends an email to the list, it's accepted, and then it only appears in the web interface, nobody receives an email. or, the mailing list does distribute the email but it never appears in the web interface.
No clue, but I hate it so much that I routinely abstain to partecipate to the discussions of the projects who happen to choose it for their mailing lists. I just can't help it.
Most projects have quite a lot on the table without worrying about hosting all the time. There are bugs you have a hard time fixing or even finding, there are many opinions on how the project should develop (including some real paying customers if you are a successful project), there are people problems in the team. And hosting is something that probably hasn't been touched for years. Maybe the guys who configured it the first time around aren't even on the team any more.
Without big news something so basic is probably not even on the table.
Don't think Google Code would have been much of an improvement. I'm pretty sure Google has abandoned further development on it and have so for a while now.
Ugh, what a PITA this is going to be (my project JOE is on sourceforge and people are starting to complain). All links point to sourceforge, so how long will they take to update? When I search for "TMUX source download" I get sourceforge. If sourceforge takes over your abandoned project, I imagine that they will remove forwarding links to the replacement.
I remember that the fist problem occurred to me that wasn't not solved by Google was solved by asking in the mailing list of tmux, and now it it moved to Github, I can finally ask question at the issue page.
Please don't do that. The issues page is for issues, not support. Even if TMUX is one of the few projects where the maintainers don't mind answering support questions on the issues page (not likely), it's a bad habit to get into.
Please ask support questions on StackOverflow, or the mailing list, or IRC. Not the issues page. It makes life much harder for the maintainer.
