| ▲ | themgt 3 hours ago |
| I have sympathy for some of the GitHub complaints. otoh just went to try to signup for Codeberg and it's down ... 95% uptime over the last 2 weeks? https://status.codeberg.org/status/codeberg |
|
| ▲ | p2detar 2 hours ago | parent | next [-] |
| There have been complaints about it on Reddit as well. I registered an account recently and to me the annoying thing is the constant "making sure you are not a bot" check. For now I see no reason to migrate, but I do admit Forgejo looks very interesting to self-host. |
| |
| ▲ | huijzer 8 minutes ago | parent | next [-] | | > but I do admit Forgejo looks very interesting to self-host. I've been self-hosting it for a few years now and can definitely recommend. It has been very reliable. I even have a runner running. Full tutorial at https://huijzer.xyz/posts/55/installing-forgejo-with-a-separ.... | |
| ▲ | lkramer 16 minutes ago | parent | prev | next [-] | | I moved (from selfhost gitlab) to forgejo recently, and for my needs it's a lot better, with a lot less hassle. It also seems a lot more performant (again probably because I don't need a lot of the advanced features of gitlab). | |
| ▲ | verdverm 2 hours ago | parent | prev [-] | | https://tangled.org/ is building on ATProto 1. use git or jj 2. pull-request like data lives on the network 3. They have a UI, but anyone can also build one and the ecosystem is shared I've been considering Gerrit for git-codereview, and tangled will be interesting when private data / repos are a thing. Not trying to have multiple git hosts while I wait | | |
| ▲ | bpavuk an hour ago | parent [-] | | I, too, am extremely interested in development on Tangled, but I miss two features from GitHub - universal search and Releases. the web frontend of Tangled is so fast that I am still getting used to the speed, and jj-first features like stacked PRs are just awesome. kinda reminds me of how Linux patch submitting works. |
|
|
|
| ▲ | bayindirh 3 hours ago | parent | prev | next [-] |
| I mean, they're battling with DDoS all the time. I follow their account on Mastodon, and they're pretty open about it. I believe the correct question is "Why they are getting DDoSed this much if they are not something important?" For anyone who wants to follow: https://social.anoxinon.de/@Codeberg Even their status page is under attack. Sorry for my French, but WTF? |
| |
| ▲ | bit1993 16 minutes ago | parent | next [-] | | Part of the problem is that Codeberg/Gitea's API endpoints are well documented and there are bots that scrape for gitea instances. Its similar to running SSH on port 22 or hosting popular PHP forums software, there are always automated attacks by different entities simply because they recognize the API. | |
| ▲ | exceptione 2 hours ago | parent | prev | next [-] | | Crazy. Who would have an incentive to spend resources on DDoS'ing Codeberg? The only party I can think of would be Github. I know that the normalization of ruthlessness and winner-takes-all mentality made crime mandatory for large parts of the economy, but still cannot wrap my mind around it. | | |
| ▲ | Kelteseth 2 hours ago | parent | next [-] | | Not just them. For example, Qt self hosted cgit got ddos just two weeks ago. No idea why random open source projects getting attacked. > in the past 48 hours, code.qt.io has been under a persistent DDoS
attack. The attackers utilize a highly distributed network of IP
addresses, attempting to obstruct services and network bandwidth. https://lists.qt-project.org/pipermail/development/2025-Nove... | |
| ▲ | rcxdude 2 hours ago | parent | prev | next [-] | | DDoS are crazy cheap now, it could be a random person for the lulz, or just as a test or demo (though I suspect Codeberg aren't a bit enough target to be impressive there). | | |
| ▲ | Sammi an hour ago | parent [-] | | Is it because the s in iot stands for security? I'm asking genuinely. Where are these requests coming from? |
| |
| ▲ | sznio 2 hours ago | parent | prev | next [-] | | >The only party I can think of would be Github. I think it's not malice, but stupidity. IoT made even a script kiddie capable of running a huge botnet capable of DDoSing anything but CloudFlare. | |
| ▲ | Ygg2 2 hours ago | parent | prev | next [-] | | > Who would have an incentive to spend resources That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it. Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie. As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots. | | |
| ▲ | theteapot an hour ago | parent [-] | | Actually I think that's roughly how threat analysis works though. | | |
| ▲ | Ygg2 32 minutes ago | parent [-] | | For threat analysis, you need to know how hard you are to break in, what the incentives are, and who your potential adversaries are. For each potential adversary, you list the risk strategy; that's threat analysis 101. E.g. you have a locked door, some valuables, and your opponent is the state-level. Risk strategy: ignore, no door you can afford will be able to stop a state-level actor. |
|
| |
| ▲ | tonyhart7 2 hours ago | parent | prev [-] | | its easier for MS to buy codeberg and close it than to spent time and money to DDOS things | | |
| |
| ▲ | letmetweakit 2 hours ago | parent | prev [-] | | That's rough ... it is a bad, bad world out there. | | |
| ▲ | bayindirh 2 hours ago | parent [-] | | Try exposing a paswordless SSH server to outside to see what happens. It'll be tried immediately, non-stop. Now, all the servers I run has no public SSH ports, anymore. This is also why I don't expose home-servers to internet. I don't want that chaos at my doorstep. | | |
| ▲ | letmetweakit 2 hours ago | parent | next [-] | | Yeah, I have been thinking about hosting a small internet facing service on my home server, but I’m just not willing to take the risk. I’d do it on a separate internet connection, but not on my main one. | | |
| ▲ | bayindirh 2 hours ago | parent [-] | | You can always use a small Hetzner server (or a free Oracle Cloud one if you are in a pinch) and install tailscale to all of your servers to create a P2P yet invisible network between your hosts. You need to protect the internet facing one properly, and set ACLs at tailscale level if you're storing anything personal on that network, though. | | |
| |
| ▲ | gear54rus 2 hours ago | parent | prev [-] | | this can be fixed by just using random ssh port all my services are always exposed for convenience but never on a standard port (except http) | | |
| ▲ | bayindirh 2 hours ago | parent [-] | | It reduces the noise, yes, but doesn't stop a determined attacker. After managing a fleet for a long time, I'd never do that. Tailscale or any other VPN is mandatory for me to be able to access "login" ports. |
|
|
|
|
|
| ▲ | Daegalus an hour ago | parent | prev | next [-] |
| Just a reminder, Codeberg is for open source projects only, and maybe some dotfiles and such. Its on their frontpage and in their TOS. |
|
| ▲ | SideburnsOfDoom 3 hours ago | parent | prev | next [-] |
| GitHub uptime isn't perfect either. You will notice these outages from time to time if your employer is using it for more than just "store some git repos", e.g. using GHA for builds and deploys, packages etc. |
|
| ▲ | worldsavior 2 hours ago | parent | prev | next [-] |
| What? It says it's up for 98.56% for the last 2 weeks. |
| |
| ▲ | qwertox 2 hours ago | parent [-] | | That's probably the average. But if Codeberg Translate shines with 99.58%, it is an unnecessary entry which harms the "92.42% Codeberg.org" reality. |
|
|
| ▲ | Sammi an hour ago | parent | prev [-] |
| Because they are Codeberg I'm betting they have a philosophical aversion to using a cloud based ddos protection service like Cloudflare. Sadly the problem is that noone has come up with any other type of solution that actually works. |
