Some immediate thoughts on all of this
The News Roundup
Somewhere last week, news broke out that Github was being acquired by Microsoft or at least that talks were on to close an acquisition deal. Today Bloomberg broke the story that Github has indeed been acquired and that Microsoft will announce the full details on Monday.
Because I live in the IST timezone, I'm essentially from the future and I'm still waiting for USA's Monday to roll around. If this turns out to be true, and I fully expect it is, then the companies will probably launch joint statements full of PR talk aimed at calming the masses and discussing what a wonderful future there is ahead for both of them.
Truth is, Github couldn't turn a profit, hadn't seemed to capture the enterprise market as much, and was still growing in terms of open source (free) usage and employees. It could have gone public, but for whatever reason an acquisition seemed to be a better thing.
A lot of people have already started panicking about this. And that's understandable. Microsoft does not have a good history with acquisitions. Its biggest ones have been flops recently. Skype is a meh and full of bloat. LinkedIn is well... I don't know how to describe LinkedIn except to say I don't use it much anymore. Good job on trying to make a super sticky feed. Except whenever I visit it, it's full of the same rehashed inspirational videos of how to win and loads of "self help" style articles being shared over and over again. Usually with one word descriptions attached to it. That one word might be:
The word "great" is not applicable to the acquisition of Nokia.
Now one can and should argue about the differences in the company at the time. Microsoft was a different place! It really was. Look at it now though. Embracing open source. Full of exciting news. Its cloud offering Azure is looking up. They are the largest contributor to open source on Github for crying out loud.
Github is a smart acquisition!
Sure. It really is. Gitlab, the open source big player in software to store and work with git repos has recently risen to be a force to be reckoned with. They are steadily making themselves a swiss army knife of tools to handle code sharing to code deployments. And from what's going on in the rumour mill that also makes them prime candidates for enterprise software. The rumour mill says that it's been working. Github has instead taken the approach of "we do one thing and we do it really really really well". Which is great. But not good enough for enterprise.
So which companies have cloud offerings and target enterprise customers in software development and could help enhance Github's offering by making it integrate seamlessly?
Google. Amazon. Microsoft. And only one of them is currently running a large share of the market with its operating system. And that same player has a much loved code editor with a premium offering.
Github + Microsoft is a smart offering. But not a neutral one.
Github has been a much loved tool of the open source world. It's the de facto way for people to work together on open source projects and it has fostered a community of passionate (and toxic) people around itself. Much of this goodwill has come from the fact that the company has kept working on solving the problem of working together to make open software. That's been its primary focus as far as the outside world is concerned. It's never been about pleasing any particular vendor. Which means that it's also given rise to an entire economy around it. Tools like Travis and Circle CI and various others have been enabled because Github followed the path of neutrality. It built various pipes into its software and said "hey there developers, feel free to be creative in how you integrate with us". At Buffer, we've made extensive use of web hooks to connect to our custom pipelines to enable continuous deployment. And we've never felt like Github has gotten in the way of that by forcing us towards any other offering. I've never felt like it discriminated based on whether or not I was a paying customer either. I still got all the features except privacy which is fine.
Github with Microsoft could be a very different world. Microsoft may be under a different style of leadership, but it's ultimately a business and Github is a loss maker. At some point they'll want to make it profitable OR turn it into a "loss leader". Either one of these has potential ramifications on neutrality.
Turning towards the path of profitability could push Microsoft to discriminate against free users publishing open source. How many webhooks can free accounts have for example? What use of the API is allowed? Or if introducing restrictions where there was none becomes too much of a PR disaster it could simply limit which new features are enabled for these free accounts in the future.
Using it as a loss leader to drive adoption of its own cloud offerings could see it tilt on the slippery slope towards making less "dumb" pipelines and more "cloud aware" features. Use dumb pipelines for anything else but if you want slick smart integration with your clusters, please switch to Azure.
I personally think that Microsoft would mostly choose the second option since that maintains the status quo while continuing to serve their own purposes. But the problem then is that the attention of Github becomes focused on, what?
And these are just things I can think of 10 minutes after reading the news. I've seen what a parent company team can do to an acquired company 1 year in. Not pretty.
So neutrality is right now people's biggest concern. It was great to have a company that was neutral towards all source code and supported a powerful push in open source development in the last decade. The question is whether that identity will remain. The people who are already concerned about this have begun jumping ship or prepping for the next boat out.
Which boat do you speak of?
In this case, Gitlab.
Gitlab is an open source product for browsing and maintaining git based source code repos. That's an oversimplification. They also handle issue management, project management, deployments, staging environments and far more core features than I could ever hope to recite from memory. I already mentioned this. They are geared towards enterprise and they have a business model to match.
There's Gitlab CE and Gitlab EE. Gitlab CE is available both in source code so you can host it yourself, or as a freebie to sign up for on gitlab.com. You even get unlimited private repos. Something Github charges (and I happily pay) for. Gitlab's enterprise edition is based off the core of gitlab and simply adds features. You can migrate seamlessly from Gitlab CE to EE because there's no conflict of interests in the core.
The thing is, while Gitlab seems like the next obvious champion of open source given the nature of the product, I feel like this rah rah around it is misplaced. Gitlab is ultimately a VC backed company. Docker was too. And look at how Docker is turning out now. The trend feels like its core is being stripped out and placed under guardianship of foundations like CNCF. The trust of the community waned as people began to be confused what Docker's enterprise future might look like.
I would caution people not to make the same mistake with Gitlab. I personally believe that Gitlab is a wonderful company. Heck, they are on my top ten list of places I'd want to work with apart from Buffer. But there's a long and wide ocean between them being wonderful and the idea that they are neutral enough to become the next big champion of open source code hosting.
So there's no solution?
Neutral is hard, and the only neutral is you.
Git was designed to be decentralized. The platforms that have grown around it however, happen to be centralized. For good reason too. A decentralized word of open source repositories would look like this:
- Jodie Van Hoolsom decides to host their awesome open source work on an instance of GitApart. A smashingly wonderful decentralized git product. They host it up on Digital Ocean.
- Jodie publishes their work to it. A brand new Node JS package that happens to have dependencies on some of Hordol's work whose work also depends on others. Almost all of them host their work on their own GitApart repos. A few host it on this central service that does GitApart hosting for them
- 12000 downloads of Jodie's package later, a problem happens. People are complaining that Jodies package can't be downloaded. Jodie checks the server. It's up. After some digging, they realise that Hordol's server is down! Oh noes. Thankfully Jodie cloned Hordol's work and publishes a new package that points all references to their own server. This doesn't solve things for everyone but over a few weeks, it settles down. Hordol's server comes back online too when Hordol wakes up.
- 25000 downloads later and suddenly Jodie's Twitter pings out saying that their newest package version is a trojan! Jodie's heart sinks and a quick check of the server verifies that Jodie's server was hacked and the hacker inserted malicious code. Of course no one checked the hash signatures to ensure that they downloaded the right thing dammit! Jodie fixes server, issues an apology and starts hosting their package on a central package management service that includes all these hash revision checks and specialized security monitoring for free.
And just like that, we are back to being on a centralized something. For good reason.
Being decentralized and neutral is available today. It's been available for the longest of times. Simply host your own
gittea instance and clone all the software you depend on to it. You can write a few cron jobs to ensure that you are always having the latest versions of code too. You'll also need to add some cron jobs to do the building or at least copy the final builds to your system but hey, it's possible.
Possible isn't easy.
If you want to submit a PR to most projects, things really break down. Each instance could have its own PR format. And to interact with each other is nowhere near as easy as it would be on a centralized service. Efforts to make this easy are come under this broad name "federation". But that doesn't begin to cover how companies like Travis would build plugins for each and every single different hosted software out there. They'd just target the dominant one and that would trigger a cycle of people migrating to the most supported software.
There are layers and layers and layers of pain to build through which all go away under decentralization.
So the only way to be truly neutral is for you to do all the hard work. Build all the pipes. Build everything. Host everything. Maintain everything.
We need a revolution
The world of open source collaboration was a funny place before Github. It involved mailing in your code patches via email. How savage! Github's single greatest contribution to the world of open source may have been its Pull Request flow. It was the rare example of how good UX could trigger a paradigm shift in an industry. We need that same revolution now, but in decentralization.
I'm sad that Github couldn't achieve independence. I'm especially sad since I'm a paying customer. But I hope that this triggers some competition in the space. I hope this triggers real innovation. We need a group of people like the good folk behind the Ghost foundation to build source code hosting that can be painlessly decentralized. Things which solve all the nitty gritties such as collaborating across different instances and make best efforts at enabling best practices in security.
Gitlab isn't that revolution. It could be. It isn't just yet. Gogs/Gittea certainly isn't. Nothing I know of that exists today is. But it's just possible that Github being acquired by Microsoft may lay the seeds for this revolution today.
Or it's just as possible that there'll be a lot of noise, but ultimately nothing will change.
Time will tell. Only time, will tell.