Hey guys,
Due to recent controversy around SF.net, some ad blockers (uBlock for example) now prevent you by default from as much as visiting sourceforge.
I understand that there was no harm done specifically to Portable Apps project, but it is worth to think whether it is a good idea to host PA on a site that is widely considered harmful.
Bintray is a good alternative, worth exploring, and they are 100% free for open source apps.
https://bintray.com/#js-anchor-ossSavvy
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
John has previously talked about this issue and his stance about it.
Can't remember the specific thread, but it should popup in the search results.Found it: https://portableapps.com/node/52284
I have seen John's reply. What he might not know at the time of his reply is the fact that ad blockers (and maybe Google Chrome soon?) will prevent people from visiting SF altogether. I feel that this fact is important enough to reopen the issue.
Most likely the SF blocks are to support the rebuild of the site until it is fully back online. Wait another weeek or two and see what happens.
Ed
It's worth noting that the uBlock block is a specific one against SourceForge for political reasons. They didn't like that SourceForge had started putting a bundleware downloader in front of GIMP specifically (which is legal and not a violation of the GPL although something I'd classify as distasteful to say the least). SourceForge has since stopped that process and publicly stated that it will not occur again.
Currently, there are exactly 12 projects on SourceForge out of a few hundred thousand projects that serve a bundleware downloader as part of the Dev Share program. Projects like FileZilla that now support themselves using this program. All of them have specifically signed contracts to allow this setup and are making money as a result.
PortableApps.com does not participate in the Dev Share bundleware program and has never used bundleware in any of our downloads in our over 11 year history.
It's also worth noting that SourceForge's bundleware installer is much clearer than most about what you're installing as compared to many other free and open source apps. Most bundleware installers are just another screen with a next button, like the Wajam offer within FreeFileSync presently, which are easily missed and accidentally installed by just hitting next. But, you'll note that uBlock doesn't block downloads of FreeFileSync or anything from that domain. Lots of open source apps on all kinds of hosts like FossHub, Google Code, etc also include their own publisher-added bundleware that is trickier than SourceForge's, but uBlock doesn't block any of them either. That's what I'm referring to when I state that the uBlock SourceForge block is political rather than being based on any actual protection for any users. If it were based on protecting users, lots of hosts and apps across the web should be blocked from being downloaded by uBlock.
As for SourceForge alternatives, it's something I'm looking into. Currently, there aren't any that fit the bill. Google Code is dead. Github isn't designed for projects with the breadth of binaries we do. Many of the smaller/newer hosts like bintray aren't something I'd trust (their contact page is just a contact form, not even an email address or phone number available). I'm experimenting with hosting our new open source releases on our existing freeware download server and CDN to see how it handles the load while SourceForge is recovering from their storage issues and I can't do new releases there. It's likely not the best option as it will mean more cost per month and I already have a significant personal debt due to PortableApps.com.
Sometimes, the impossible can become possible, if you're awesome!
John,
I understand your position.
Whether the block is political or not, and whether uBlock is in the position to decide what is good and what is bad, and do these guys have an obligation to treat every one fairly — it is not the point.
The point is, the users who want to install a portable app will be greeted by a "this site is blocked" screen, at which point many of them won't continue.
I'd strongly urge you to reconsider bintray. I've met some of the guys there personally on several conferences, and they are great guys. Their business model doesn't involve screwing their customers over — they charge corporations to privately host their binaries, and corporations are happy to pay. Some of the open source projects depend on their distribution mechanisms, for example homebrew (aptitude/yum analog for Mac OS X). And, it's free for open source projects. Github/Bintray seems to be a good choice today for storing the source code and the binaries.
If having a phone (they may be working different hours than you) or email is important to you, tell me if you'd like to see if I can use my connections to have them reach out to you.
BinTray includes both a phone number and email address at the bottom of their TOS page.
Gord? You suggesting a move? I'm inclined to be conservative on this.
Moving from a supplier & supporter isn't half a day's thought
Wm
Nope, not suggesting a move at this time, simply providing the means of contacting this provider if desired.
uBlock is an experimental extension (basically alpha/beta quality) that has a small userbase (200k worldwide in Firefox) compared to the others (AdBlock Plus alone has 19 million). Only technical users have uBlock installed and know how to bypass for sites they would like to download from. Absolutely no regular users should have it installed due to instability and quirky UI and the way the default block lists are configured (rendering multiple top 100 sites only partially functional including several features in Facebook). It's near-unusable on Firefox on my Nexus 6 due to crashing.
uBlock is an interesting extension. I play with it myself. But it's not used widely, not stable, and poorly configured by default. The fact that uBlock - ostensibly an ad blocking extension - blocks sites based on political reasons rather than ads and protecting users will likely inhibit wider growth. Anyone making business decisions based on an extension like that in its current state is not acting rationally.
As for bintray, like I said, I don't trust any site that has zero information about who they are and doesn't even have a contact page (just a contact form popover). If you know them, I'd suggest to them that they include some actual information about who they are, where they are, what they do, how to contact them, etc, on their site. Then I'd look into whether they support downloads via Windows API components across Windows XP and up (github doesn't), whether they support direct downloads through direct components without a browser (FossHub et al do not), and whether they support the other bits we'd need.
Sometimes, the impossible can become possible, if you're awesome!
Chrome now blocks some SourceForge downloads (http://sourceforge.net/p/forge/site-support/9069/).
While Chrome hasn't blocked the specific PA.c downloads, it could be a matter of time before they decide to do so.
There is a huge JFrog logo in the bottom of the page. JFrog is a company behind Bintray. Their "Contact us" page has all of the contact information, including phone numbers for three countries (and a toll-free), as well as links to twitter, LinkedIn, Facebook etc.
With regards to your other questions, I believe REST API page at https://bintray.com/docs/api/ might answer all of them.
Please get the facts right, it's not Chrome blocking anything, it's Google and it says "Google checks websites to see whether they host downloadable executables that negatively affect the user experience." Now, considering some of Google's well known practices with regard to its shameless monitoring of users browsing history and Google Account activity for marketing, advertising and promotion purposes I firmly believe such a high-handed attitude is more than just a little bit a little cynical!
Also, the continued promotion by yourself of a single supplier of downloads, which appears to provide nowhere near the range of facilities and support that the SourceForge site does is not at all convincing. Have you ever tried to find out what Opensource apps are available on the BinTray site? Yes, there's a largely useless search facility - What's the point of searching if you don't have a clue what range of software they host? Where are the open browsing services which should allow users to explore the software that is hosted? Where is the public access to registered user's Project Pages? Is there easy access to previous versions of software?
There are several alternatives to Sourceforge for OSS hosting, but do any really have the same capacity, experience and the network links with hub sites around the world that are able to jointly manage the level of overall demand for software distribution. I'm sure the owner of this site is well placed to make that business decision, and I am also sure that he is regularly bombarded with promotional material by alternative suppliers. For me, if major universities and other reputable institutions across the world are prepared to work with SourceForge then that's good enough for me. Everyone makes poor business decisions from time to time, not just SourceForge. Just think Google, Microsoft, Apple etc. etc.
"The point is, the users who want to install a portable app will be greeted by a "this site is blocked" screen, at which point many of them won't continue."
Which means they won't use bintray, or any other option, either so why switch.
Ed
SF time is over, everyone is jumping ship and going to a different providers.
Developers (like myself) mainly to github.
I used SF since 2009 and today all my stuff and a lot more is in github.
its simpler, faster, better in every way.
1. ya only git, but like john said, they use git anyway and it is after all the leading scm. its fast and very good for helping many developers work in parallel.
2. its has binary release capabilities which I feel are more simple to use than SF (in SF people start creating directories there and you loose your way and can't tell what you want to download other than in the main download button).
3. huge feature of github is the pull requests, which is the ability for the community to improve projects by contributing fixes/enhancements.
4. no adds!!!! github make money from private repos and enterprise installations, not adds or crapware.
5. project hosting is also done via git and not directly putting files in the host file system like in SF, which is great as that too (like code), is versioned.
6. you have ability to setup a wiki and issues per repo.
I moved also a paf brackets.io wrapper i did (https://github.com/sagiegurari/brackets-portable) from SF to github and I can't understand why it wouldn't work for other installers (and doesn't matter that it is hundreds of installers, as you can setup unlimited public repos)
you can have a portableapps organisation and in it a repository per app, with source code and releases.
it is must more organised and much more transparent for the users to understand what is doing what (no huge amount of different apps in same project and you just get lost) and how to contribute (which is the key factor here).
lets face it, SF is not going to a happy place and you can start counting the days until it become irrelevant.
This current outage they have which they can't seem to get out of is just a joke which should serve as a wake up call.
by the way as for bintray, its a jfrog product and jfrog is a very well known and trusted company, but their business is not project hosting so that is why some might not know of them.
They create registry type apps (artifactory) like maven registry and so on... and it is considered as a very good product and company.
As John said above:
no idea what is windows api components and what it has to do with downloading resources from the web, but you can do simple HTTP call to download any resource from github easily.
github also exposes REST apis to find out exactly what each repo got, from what releases and what artifacts are in each release and so on...
github works just fine and in a very standard way.
not sure why to keep insisting on SF. seriously, I really don't.
I have nothing against GitHub, I use it myself for other things. It has its place, but that is not as a full spectrum hosting solution.
Their binary downloads are a mess. Documentation is hard to find by Googling, and the documentation I can find generally goes in this loop:
The only thing I can find is this: downloads of larger files via API and/or HTTP seem to consistently have a lot of problems (downloads corrupt/not finishing).
I may be wrong, and I would be happy for someone to prove me so, but this is the online evidence I can find.
Another thing to consider is this: changing to GitHub means a lot of work for John in changing the current download system to work the way GitHub works, potentially to the point of the updater/app store needing a ground-up rewrite. That's a lot of work for one person, even without trying to run the business.
Github redirects HTTP connections for a download to their binary service to an HTTPS connection. The HTTPS connection doesn't support older encryption methods required by Windows XP. The PA.c Platform's Updater/App Store uses the Windows API to download apps. Thus, anything hosted on Github fails to download in the platform on Windows XP. Try it right now using the platform on Windows XP and try to download DB Browser for SQLite. It'll fail. This applies to any Windows XP instance even if you've upgraded to IE8, applied the POSReady registry hack to enable updates, and applied every optional update available.
Please stop suggesting Github for binary downloads. They don't support Windows XP (on purpose). They are not designed for a project like this with hundreds of different apps.
Sometimes, the impossible can become possible, if you're awesome!
That's due to minimal security requirements.
Soon browsers will also require minimal security requirements from websites such as specific SSL algos (dropping support for v3, moving from sha1 to sha1, and so on....).
so either browsers will block SF or SF will upgrade and xp users will get blocked. either way, its a temporary situation.
I see no issue with that.
also I would suggest not to hold up a platform for xp users which are less than 12% and going down when you have windows 7 looking like the new xp of the past (meaning everyone sticks with windows 7 and are not upgrading that quickly).
And now with we are already in the windows 10 era, there is really no reason why keep things back for such users.
at the end, you can wait. that is... until reality forces a change which I believe will have to come not too far now.
If it was me, i would prefer to plan ahead and start migrating away from SF.
And if the platform was on github, that preparation would have been implemented by other contributes probably.
The key is starting small, not everything in a bulk, but a change has to start.
I don't think we'll be ditching our hundreds of thousands of Windows XP users because github made a change that almost no other websites have. github also refuses to serve binaries over http, so that's not a workaround. You do realize that not everyone around the world has the means and money that you do, right?
Your point is moot anyway since, as explained above, github isn't even designed for projects like ours with hundreds of apps anyway.
Sometimes, the impossible can become possible, if you're awesome!
Please read more carefully, I didn't write github once in my last post.
I was talking about security and fact is that you will soon run into reality where websites won't serve resources over http without ssl and without modern algos.
you can ignore, but that won't help.
its just not secure and web clients won't allow it anymore so websites won't support it.
here few links on how the world (google/mozila/microsoft/...) is forcing the world to work differently and more secured by removing support for old algos.
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-polic...
http://googleonlinesecurity.blogspot.co.il/2014/09/gradually-sunsetting-...
http://www.bit-tech.net/news/bits/2014/10/15/google-mozilla-sslv3/1
Bottom line, you can do whatever you want, and you seem very defensive so I doubt if you fully understand the problem.
But I guess we will all see it soon enough.
As for money, I also use ubuntu. its free.
money is not the reason people use xp.
Its more of habit and ignorance.
Money is very much the reason why people still use Windows XP. Understanding switching to Ubuntu, whether or not it'll even work on the old hardware you have (chances are it won't as there aren't drivers for lots of 10 year old parts), whether you can replace some of the software you depend on, are all important things to consider. All of those things cost money or money to pay someone else to do it or teach you... unless you happen to have the ability and time to learn it yourself. I've supported folks living in less-well-off areas of the world for over 10 years and it's a bit unfair of you to characterize them so broadly and negatively. Don't assume others have the same means or ability that you do and don't ascribe reasons to their behavior based on your personal experience.
I'm well aware of the changes afoot in HTTPS-space on both the server and client side as a user and technical supporter of both. We can easily support Windows XP on an ongoing basis without affecting any of the newer changes coming down the pipe. We can't do that on github because it doesn't support older algos and redirects HTTP to HTTPS, which is what that whole part of the thread was about.
Sometimes, the impossible can become possible, if you're awesome!
OK, I think this is all an extended advert.
No more play.
Wm
So... if people don't think SF is a good idea, they must be advertising something right?
here you go -> http://www.infoworld.com/article/2931753/open-source-software/sourceforg...
nice read.... probably advertisement.
saying "sf not as good as it used to be, let's look at options" is fine.
saying bintray, bintray, bintray is the bit I perceived as advertising.
github seems redundant to the discussion given what JTH has said.
So, realistically, what are the options?
Wm