Karl Voit  Sep 29, 2023

After basically the whole #Microsoft #Azure cloud was hacked (see list of related sources on https://karl-voit.at/cloud/ ), the first follow-up incidents went public caused by missing containment actions:

60,000 emails were stolen from 10 #USA #StateDepartment accounts
https://www.reuters.com/world/us/chinese-hackers-stole-60000-emails-us-state-department-microsoft-hack-senate-2023-09-27/

If you didn't understand until now: basically EVERYTHING at Microsoft got hacked and Microsoft can't (or won't) get rid of the intruders. Everything authenticated by Microsoft is tainted. Even #Windows auth.

You Can't Control Your Data in the Cloud

Show threadstdevelSep 29, 2023
@publicvoit We really need an user-friendly alternative to #GitHub. Love seeing that both @forgejo and #GitLab work on ActivityPub support. Can't wait to try it out.
Show threadContradiction FinderOct 1, 2023
I have really been baffled by the widespread loyalty to Microsoft by the #FreeSoftware community. I wonder if you have the answer… is it really user-friendliness that causes FOSS devs to embrace #Github with such strong loyalty as to ignore marginalization of people communities excluded by MS? I think of developers as quite technical so I would not have thought user-friendliness is that critical to a forge. #askFedi
Show threadDobody has movedOct 1, 2023
@batalanto my first guess is they embrace GH because it's been here for ages, and it's the largest global platform you can contribute to. Having 20 accounts in different instances just so you can help with projects sounds tedious. I'm not much for a dev, and i love selfhosted git platforms but a central one is often much more... dang... "user friendly"
Show threadContradiction FinderOct 1, 2023

@dobody The lazy login theory has to be the most popular one I keep hearing. I don’t really grasp it because #Github is login-hell for me:

1) submit login creds over tor
2) go to bogus disposable email provider for the address on GH files
3) possibly get blocked by captcha
4) get 2fa code if not captcha-blocked
5) go back to Github to enter code

Every Github login is more cumbersome than a #gitea *registration* process.

Are most Github users using a real email address (thus giving up privacy) to login? Or using clearnet? I’m not sure if tor triggers special treatment that imposes 2FA.

Show threadDobody has movedOct 1, 2023
@batalanto i've never signed into github this way, but then again im not much of a git power user. Does gitea make it easier to use a bogus email addr?
And yes i'm sure most users *definitely* use their real email.
Show threadContradiction FinderOct 1, 2023
@dobody #Github makes it /hard/ to use a bogus email address. A lot of the disposable email services are known to MS & rejected at registration. Mine may only work because the account was created before the acquisition. The reason to use a disposable address is not for ease of use but for privacy.
Show threadDobody has movedOct 1, 2023
@batalanto that much i understand. It just didn't occur to me that it's an actual practice
Show threadContradiction FinderOct 1, 2023
@dobody Not sure how common it is. The key players of a project need to be reachable so they often use a real address. The address creeps into the git repo with every commit, so someone doing a one-off PR might not want their real address in there (spam bots harvest repositories). If I am just writing bug reports then I only give up getting a notification of a reply. I check manually.
Show threadContradiction Finder
@dobody Most gitea instances are relaxed and don’t typically refuse disposable addresses. So registration is easy & login is equally easy.
Oct 1, 2023 at 7:00pmWeb