psychoslave 3 minutes ago

One can always host Forgejo themselves if a service level has to be kept under control. With Github that’s not even an option.

I would even consider that moving everything from one single point of failure to an other is not the brightest move.

Reply View 0 replies
p2detar 3 hours ago

There have been complaints about it on Reddit as well. I registered an account recently and to me the annoying thing is the constant "making sure you are not a bot" check. For now I see no reason to migrate, but I do admit Forgejo looks very interesting to self-host.

Reply View 4 replies
  • lkramer 28 minutes ago

    I moved (from selfhost gitlab) to forgejo recently, and for my needs it's a lot better, with a lot less hassle. It also seems a lot more performant (again probably because I don't need a lot of the advanced features of gitlab).

    Reply View 0 replies
  • verdverm 2 hours ago

    https://tangled.org/ is building on ATProto

    1. use git or jj

    2. pull-request like data lives on the network

    3. They have a UI, but anyone can also build one and the ecosystem is shared

    I've been considering Gerrit for git-codereview, and tangled will be interesting when private data / repos are a thing. Not trying to have multiple git hosts while I wait

    Reply View 1 reply
    • bpavuk an hour ago

      I, too, am extremely interested in development on Tangled, but I miss two features from GitHub - universal search and Releases. the web frontend of Tangled is so fast that I am still getting used to the speed, and jj-first features like stacked PRs are just awesome. kinda reminds me of how Linux patch submitting works.

      Reply View 0 replies
bayindirh 3 hours ago

I mean, they're battling with DDoS all the time. I follow their account on Mastodon, and they're pretty open about it.

I believe the correct question is "Why they are getting DDoSed this much if they are not something important?"

For anyone who wants to follow: https://social.anoxinon.de/@Codeberg

Even their status page is under attack. Sorry for my French, but WTF?

Reply View 23 replies
  • exceptione 2 hours ago

    Crazy. Who would have an incentive to spend resources on DDoS'ing Codeberg? The only party I can think of would be Github. I know that the normalization of ruthlessness and winner-takes-all mentality made crime mandatory for large parts of the economy, but still cannot wrap my mind around it.

    Reply View 14 replies
    • Kelteseth 2 hours ago

      Not just them. For example, Qt self hosted cgit got ddos just two weeks ago. No idea why random open source projects getting attacked.

      > in the past 48 hours, code.qt.io has been under a persistent DDoS attack. The attackers utilize a highly distributed network of IP addresses, attempting to obstruct services and network bandwidth.

      https://lists.qt-project.org/pipermail/development/2025-Nove...

      Reply View 0 replies
    • rcxdude 2 hours ago

      DDoS are crazy cheap now, it could be a random person for the lulz, or just as a test or demo (though I suspect Codeberg aren't a bit enough target to be impressive there).

      Reply View 1 reply
      • Sammi an hour ago

        Is it because the s in iot stands for security? I'm asking genuinely. Where are these requests coming from?

        Reply View 0 replies
    • sznio 2 hours ago

      >The only party I can think of would be Github.

      I think it's not malice, but stupidity. IoT made even a script kiddie capable of running a huge botnet capable of DDoSing anything but CloudFlare.

      Reply View 0 replies
    • Ygg2 2 hours ago

      > Who would have an incentive to spend resources

      That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it.

      Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie.

      As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots.

      Reply View 3 replies
      • theteapot an hour ago

        Actually I think that's roughly how threat analysis works though.

        Reply View 2 replies
    • tonyhart7 2 hours ago

      its easier for MS to buy codeberg and close it than to spent time and money to DDOS things

      Reply View 5 replies
      • matrss 2 hours ago

        How do you buy an e.V.?

        Reply View 4 replies
  • bit1993 28 minutes ago

    Part of the problem is that Codeberg/Gitea's API endpoints are well documented and there are bots that scrape for gitea instances. Its similar to running SSH on port 22 or hosting popular PHP forums software, there are always automated attacks by different entities simply because they recognize the API.

    Reply View 0 replies
  • letmetweakit 3 hours ago

    That's rough ... it is a bad, bad world out there.

    Reply View 6 replies
    • bayindirh 2 hours ago

      Try exposing a paswordless SSH server to outside to see what happens. It'll be tried immediately, non-stop.

      Now, all the servers I run has no public SSH ports, anymore. This is also why I don't expose home-servers to internet. I don't want that chaos at my doorstep.

      Reply View 5 replies
      • letmetweakit 2 hours ago

        Yeah, I have been thinking about hosting a small internet facing service on my home server, but I’m just not willing to take the risk. I’d do it on a separate internet connection, but not on my main one.

        Reply View 2 replies
      • gear54rus 2 hours ago

        this can be fixed by just using random ssh port

        all my services are always exposed for convenience but never on a standard port (except http)

        Reply View 1 reply
        • bayindirh 2 hours ago

          It reduces the noise, yes, but doesn't stop a determined attacker.

          After managing a fleet for a long time, I'd never do that. Tailscale or any other VPN is mandatory for me to be able to access "login" ports.

          Reply View 0 replies
Daegalus 2 hours ago

Just a reminder, Codeberg is for open source projects only, and maybe some dotfiles and such. Its on their frontpage and in their TOS.

Reply View 0 replies
SideburnsOfDoom 3 hours ago

GitHub uptime isn't perfect either. You will notice these outages from time to time if your employer is using it for more than just "store some git repos", e.g. using GHA for builds and deploys, packages etc.

Reply View 0 replies
worldsavior 3 hours ago

What? It says it's up for 98.56% for the last 2 weeks.

Reply View 1 reply
  • qwertox 2 hours ago

    That's probably the average. But if Codeberg Translate shines with 99.58%, it is an unnecessary entry which harms the "92.42% Codeberg.org" reality.

    Reply View 0 replies
Sammi an hour ago

Because they are Codeberg I'm betting they have a philosophical aversion to using a cloud based ddos protection service like Cloudflare. Sadly the problem is that noone has come up with any other type of solution that actually works.

Reply View 0 replies