This is a really cool project and I’ve been following it for awhile. I’m also keen on breaking up the code forges monopolies.
I’ve been dipping my toes into this space mainly because I think code forges as they exist are trying to solve multiple problems at the same time. I think there’s value in splitting this functionality up into discrete services.
For example, most forges: host your git repo, web view, collab tool, ci/cd pipeline, and task management.
I don’t see why these necessarily need to be bundled together.
For example, as long as we are comfortable not having direct access to the git repo, we can have a purely static web viewer for git: https://pgit.pico.sh
For collab, as long as we are comfortable sharing patchsets and reviewing locally, we can have a collab server that doesn’t need a git repo in order to function: https://pr.pico.sh
Then self hosting your own bare git repo on a VPS is trivial.
Git is already decentralized, centralizing it because all the other services require it is the anti pattern
If multiple services have multiple owners it becomes also a question of trust. You either validate one service that fits 80% of your requirements, or validate ten services where each solves one specific requirement.
Also, of course - economy of scale for the infrastructure / integrations between features. Monoliths are still a thing.
But yeah, I agree developer experience may be traded here.
Git was really useful because it allowed decentralization but didn’t require it like CVS or SVN. It catered to the “just clone the repo and create a new branch when you hop on the airline and push updates to origin when you land” model. But it’s really unusual that people really want a hugely distributed model. Typically, people want to go to The Blessed Repo and get The Blessed Code. For example, Linus’s got kernel tree is more important than everyone else’s clone.
It is trivial to set up a VPS with a git remote. Access it with ssh. Done. Git clone fred@fooda.com:/hubs/frog gets you hopping instantly.
I think the issue behind the curtain (attempt at an obscure reference to the wizard of oz) is lock in. And why is lock in such an issue all around us? Why is github so completely focused on lock in rather than service? Behind the curtain of lockin is funding. Paying for it. A business model.
Maybe centralization => lockin => money? Like gmail. Like github. Etc.
If you have no business model for service => money (and we do not!) then this is what you get.
I see you hand waved people who pay money so that forges can operate.
If you have a company you don’t want to pay 20 invoices to different vendors.
If you have a company you don’t want to deal with debugging integration between your CI/CD and web view and git providers, you want to make a ticket and have it fixed.
When you are developing a project you don’t want to spend time figuring out which task management will integrate with other parts.
As a developer you also don’t want to jump through 5 different tools and waste time you want integrated and streamlined experience.
Git being decentralized doesn’t have value besides the fact that I can have my local copy and work on it separately from whatever is there on the central server my company uses.
Inevitably someone will end up paying for Tangled. Their architecture demands an infrastructure piece that actually hosts the forges and PDSs through BlueSky won't always be free. They're also non-trivial to run.
While there may be no technical reasons why these functions need to be bundled together in a forge, there may still be economic reasons (can’t support development as a standalone function) and usability reasons (people want it to arrive “batteries included”). The counter might be “open source proves this can work because people ignore the economics there, too,” but remember that most open source projects die with a single maintainer and the most successful ones have some sort of corporate patrons contributing sponsorship money, engineers, etc.
We recently shipped a change to switch out our OAuth library—which introduced a regression, preventing new users from being added to the default knot and spindle (the git hosting server & CI runner). We just discovered this and pushed a fix—please log out and log back in again and you should be able to create repositories!
First Question: is it possible to change your handle or delete your account on the tngl.sh PDS instance?
Second Question: how much resource does creating and hosting a new AppView entail? For example let's say I make an appview that's essentially the PDS-hosted equivalent of Cloudflare Pages, where a user upload a folder of a static website and the appview just forwards it verbatim at a hypothetical https://atprotocities.org/@cool.guy/... , would you need to bear the brunt of the traffic cost as an AppView host?
Cool product! Knowing a little bit of AT protocol, I can assume that the expression you used, “social-enabled”, is related to that. Does Tangled have plans for more social features or social-enabled simply means AT protocol?
We definitely want to be very social-first down the line! Our focus at present is to nail the core features first, however. The vision is to build Tangled to be a indie/community-focused code forge.
Yeah this thing has actual support for stacked PRs which Github has somehow failed to do for decades. If I ever need some self hosting thing I'll definitely check this out.
My only hesitation is that I'd want it for private use in a company, and it isn't clear to me how to avoid connecting your Tangled instance to the rest of the public network.
Github is no longer a trusted nor a reliable platform. Moving at least the oss stack to atproto (or any other open network) is an excellent way to safeguard it against Big Tech, Government censorship etc. Love to see this.
I was in the first ~100 users to sign up for tangled after seeing that they were roadmapping stacked patch style pull request review and being generally impressed with how quickly they were building and shipping features all off the excitement from a budding community in the world of atproto. I am very excited to see where this goes and how they continue shipping.
There are a lot of opportunities here that could be levered to offer much better experiences and fundamental control and long term viability if they continue to execute this way.
I really like the idea of more decentralized git collaboration. What do people think are the biggest blockers to adoption in this space? Having to run a server or manage some kind of private keys? Is it purely network effect?
Spam, illegal content, and moderation in general. How do you protect against new account spam when any domain could be a PDS and any PDS could host an arbitrary number of users? What do you do about people stuffing ebooks and TV shows in git repositories? If a project is getting piled on with all its issued spammed because of political views of the repo's maintainer, is this considered a problem, and if so how is it fixed?
The advantage of an AppView is that, like BlueSky, you can actually have a central moderation team and consistent moderation policy. Even if people post whatever they want on their own PDS it is possible to curate what people normally see. However, even though I avoid following the drama I can see that the BlueSky moderation team is constantly under fire for some decision or other. Choose your poison.
Nowadays I don't have the appetite for fully decentralised public networks and all the responsibilities and problems they bring. It's nice that AT's content is completely open compared with something like Twitter, but it's so helpful that the day-to-day administration is centralised when you want an authority to appeal to without ending up with the quagmire of "defederation".
A question to ponder: is anyone here going to volunteer to run a "permissive" radicle seed node? (i.e. providing storage and access to arbitrary git repos uploaded anonymously)
But doesn't the decentralized firehose make it easy to build curation? You decide what/whom you want to subscribe to---rest of social media be damned. Why do you care what unmoderated crap is flooding the world outside your cosy corner?
And if you choose to receive a broader sampling, you can subscribe to someone who will curate it for you---either manually, or through algorithms. It seems like an elegant way to have a web-of-trust layer for curation, composed with an algorithmic curation layer---and be able to tune the latter separately to suit user needs, without being beholden to the interests of the platform operator. You can easily switch your subscriptions if you don't like the way someone is curating it, without wholesale losing access to the network!
> A question to ponder: is anyone here going to volunteer to run a "permissive" radicle seed node?
Doesn't opening up curation+subscription solve this problem too? Anyone can curate in opinionated ways, and offer to "host" whatever they are okay with accepting responsibility for (at whatever level of endorsement, so long as it is clearly communicated) and users have the choice to subscribe.
The problem today is that curation is tangled with access to the network, so you're forced to accept the curation provided to you by the owner of the walled garden (and incentives are misaligned)
AtProto does have platform and user managed labelers for the moderation piece, so it's at least built into the protocol. The jury is still out on how well that concept will scale.
Tangled very nicely gets rid of the having to run a server problem, yet still gives you a sovereign platform for doing git from. Truly divine.
The barrier is largely that Tangled is so new. People don't know about it. People don't know what Bsky & the Personal Data Server offer or they haven't been enticed out of the zero energy local minima.
There's some need for more features. For more tangled dev. Ideally for alternate clients, just because. But it's already enormously solid, the early adopters are living the better life, the future is already here and we are just waiting for devs to redistribute themselves appropriately.
I'm increasingly becoming convinced that atproto is pointless. Federation is good, but this idea of implementing "take everything with you" at the protocol level is unnecessarily complicated and centralizing. With Bluesky it might make a little more sense, but with Git? So many better, easier options here. Archive your repo and a) learn how to the do the real decentralized thing OR b) make your own centralized thing OR c) just move to Gitlab or similar.
"Take everything with you" is just downstream from "find or be a trustworthy node."
What’s the “real decentralised thing”? You can already archive your repo—Tangled doesn’t prevent that.
AT Protocol is great for when you’re working with the data surrounding your code: issues, pulls etc. which are much harder to move around, or even just archive from GitHub.
Case in point: Gitea (ironically), they’re stuck on GitHub because their 30k+ issues and PRs cannot be migrated from GitHub due to API rate limits.
"Real decentralised thing" here I meant 'using Git in that way that was kind of invented for but no one seems to do,' aka distributed/decentralized with no central server at all.
Why not improve upon https://radicle.xyz? It's been running for a while now with promising future. From my naive understanding of running a radicle node, it consumes around 40G of storage for the current network of 5k repos
The social factor. As someone who is very active on Bluesky, the social inertia of Tangled is great. I like Radicle too, but it's harder to collaborate with people, because it's harder to sell to people.
I was pleased to see that this has CI pipeline support, but am saddened to see that it looks roughly GitHub-actions shaped.
I don't see the point in writing a sequence of serial steps in YAML. A bash script can already do that. YAML configuration for pipelines should be focused on expressing the dependencies of a DAG, not the serial execution of a program.
The point of doing it declaratively is that you can easily expose all that information in the UI, and process it to set up the pipeline in the first place (multiple runners, which OS they run, dependencies between steps).
I agree most of your `run` steps should just be one or two lines to call out to another script though, and you shouldn't split things into multiple steps unless necessary.
How does Buildkite do it? Their website doesn't seem clear but it looks like it also uses YAML, you can just use a script to generate it. Gitlab supports that somewhat awkwardly, and I've definitely had one project where that would have been useful (though I couldn't convince my colleagues to do it).
I don't think it would be difficult to add support for it anyway.
I am obliged to use a public GitHub org for work. Is it “blessed path” to try do the CR part in tangled and sync back to GitHub? I would love to profit from my nice jj habits at the review stage!
Looks cool but I would really like to have this as a mirror of my local git repo server. If tangled goes down or my internet goes I won't be able to work.
Nothing preventing that! You can run a knot server[0] on top of your local git server—which I assume you push to using SSH. Knots serve up your git bare repos over an API (and federate over AT Protocol).
If Tangled’s appview is down, you can still access your own box as you would. Alternatively, you can mirror using git natively by simply adding a push-only remote.
The fact that all the data is open means not only that you could plausibly exit to other providers and keep all your projects data, (issues, prs, etc), but also that it's dramatically easier to build other tools that work on that same data. Triage, labelers, bots, etc, I know these are all possible on GitHub today with their API, but I think the programming model of ATProto removes a lot of friction in building and composing them.
I think there is a sort of thing built on top of Git where the wiki and issues are actually part of the repo itself, I forget the name, a bit like the Fossil SCM.
This is a really cool project and I’ve been following it for awhile. I’m also keen on breaking up the code forges monopolies.
I’ve been dipping my toes into this space mainly because I think code forges as they exist are trying to solve multiple problems at the same time. I think there’s value in splitting this functionality up into discrete services.
For example, most forges: host your git repo, web view, collab tool, ci/cd pipeline, and task management.
I don’t see why these necessarily need to be bundled together.
For example, as long as we are comfortable not having direct access to the git repo, we can have a purely static web viewer for git: https://pgit.pico.sh
For collab, as long as we are comfortable sharing patchsets and reviewing locally, we can have a collab server that doesn’t need a git repo in order to function: https://pr.pico.sh
Then self hosting your own bare git repo on a VPS is trivial.
Git is already decentralized, centralizing it because all the other services require it is the anti pattern
If multiple services have multiple owners it becomes also a question of trust. You either validate one service that fits 80% of your requirements, or validate ten services where each solves one specific requirement.
Also, of course - economy of scale for the infrastructure / integrations between features. Monoliths are still a thing.
But yeah, I agree developer experience may be traded here.
"Git is already decentralized"
Decentralized is a big word.
Git never tackled the decentralized aspect, being served over a master-slave protocol like HTTP means you have a tendency to centralize it again.
Git was really useful because it allowed decentralization but didn’t require it like CVS or SVN. It catered to the “just clone the repo and create a new branch when you hop on the airline and push updates to origin when you land” model. But it’s really unusual that people really want a hugely distributed model. Typically, people want to go to The Blessed Repo and get The Blessed Code. For example, Linus’s got kernel tree is more important than everyone else’s clone.
This!!
It is trivial to set up a VPS with a git remote. Access it with ssh. Done. Git clone fred@fooda.com:/hubs/frog gets you hopping instantly.
I think the issue behind the curtain (attempt at an obscure reference to the wizard of oz) is lock in. And why is lock in such an issue all around us? Why is github so completely focused on lock in rather than service? Behind the curtain of lockin is funding. Paying for it. A business model.
Maybe centralization => lockin => money? Like gmail. Like github. Etc.
If you have no business model for service => money (and we do not!) then this is what you get.
[Edit: "funding" => "is funding"]
I see you hand waved people who pay money so that forges can operate.
If you have a company you don’t want to pay 20 invoices to different vendors.
If you have a company you don’t want to deal with debugging integration between your CI/CD and web view and git providers, you want to make a ticket and have it fixed.
When you are developing a project you don’t want to spend time figuring out which task management will integrate with other parts.
As a developer you also don’t want to jump through 5 different tools and waste time you want integrated and streamlined experience.
Git being decentralized doesn’t have value besides the fact that I can have my local copy and work on it separately from whatever is there on the central server my company uses.
Inevitably someone will end up paying for Tangled. Their architecture demands an infrastructure piece that actually hosts the forges and PDSs through BlueSky won't always be free. They're also non-trivial to run.
4 replies →
While there may be no technical reasons why these functions need to be bundled together in a forge, there may still be economic reasons (can’t support development as a standalone function) and usability reasons (people want it to arrive “batteries included”). The counter might be “open source proves this can work because people ignore the economics there, too,” but remember that most open source projects die with a single maintainer and the most successful ones have some sort of corporate patrons contributing sponsorship money, engineers, etc.
There is stagit as well, but it does not support branches:
https://codemadness.org/stagit.html
Does Pgit support branches?
Yes it lets you generate a tree for any revision
> I don’t see why these necessarily need to be bundled together.
They don't need to be, but it's very convenient.
Hey HN, co-founder of Tangled here!
We recently shipped a change to switch out our OAuth library—which introduced a regression, preventing new users from being added to the default knot and spindle (the git hosting server & CI runner). We just discovered this and pushed a fix—please log out and log back in again and you should be able to create repositories!
Otherwise, happy to answer any questions!
First Question: is it possible to change your handle or delete your account on the tngl.sh PDS instance?
Second Question: how much resource does creating and hosting a new AppView entail? For example let's say I make an appview that's essentially the PDS-hosted equivalent of Cloudflare Pages, where a user upload a folder of a static website and the appview just forwards it verbatim at a hypothetical https://atprotocities.org/@cool.guy/... , would you need to bear the brunt of the traffic cost as an AppView host?
Since its just a regular ol' PDS, you can simply login to Bluesky and change it there!
Cool product! Knowing a little bit of AT protocol, I can assume that the expression you used, “social-enabled”, is related to that. Does Tangled have plans for more social features or social-enabled simply means AT protocol?
We definitely want to be very social-first down the line! Our focus at present is to nail the core features first, however. The vision is to build Tangled to be a indie/community-focused code forge.
Learned recently about their support for Jujutsu at JJ Con last week: https://blog.tangled.org/stacking
Yeah this thing has actual support for stacked PRs which Github has somehow failed to do for decades. If I ever need some self hosting thing I'll definitely check this out.
My only hesitation is that I'd want it for private use in a company, and it isn't clear to me how to avoid connecting your Tangled instance to the rest of the public network.
Github is no longer a trusted nor a reliable platform. Moving at least the oss stack to atproto (or any other open network) is an excellent way to safeguard it against Big Tech, Government censorship etc. Love to see this.
But nobody will pay for his own servers. Big OSS orgs might, but you cannot even provide PR's other than by email.
> but you cannot even provide PR's other than by email
That is a feature, not a bug.
That was the right way from the start
> but you cannot even provide PR's other than by email
Are you referring to Tangled? If so, that’s patently false.
I was in the first ~100 users to sign up for tangled after seeing that they were roadmapping stacked patch style pull request review and being generally impressed with how quickly they were building and shipping features all off the excitement from a budding community in the world of atproto. I am very excited to see where this goes and how they continue shipping.
There are a lot of opportunities here that could be levered to offer much better experiences and fundamental control and long term viability if they continue to execute this way.
I really like the idea of more decentralized git collaboration. What do people think are the biggest blockers to adoption in this space? Having to run a server or manage some kind of private keys? Is it purely network effect?
Spam, illegal content, and moderation in general. How do you protect against new account spam when any domain could be a PDS and any PDS could host an arbitrary number of users? What do you do about people stuffing ebooks and TV shows in git repositories? If a project is getting piled on with all its issued spammed because of political views of the repo's maintainer, is this considered a problem, and if so how is it fixed?
The advantage of an AppView is that, like BlueSky, you can actually have a central moderation team and consistent moderation policy. Even if people post whatever they want on their own PDS it is possible to curate what people normally see. However, even though I avoid following the drama I can see that the BlueSky moderation team is constantly under fire for some decision or other. Choose your poison.
Nowadays I don't have the appetite for fully decentralised public networks and all the responsibilities and problems they bring. It's nice that AT's content is completely open compared with something like Twitter, but it's so helpful that the day-to-day administration is centralised when you want an authority to appeal to without ending up with the quagmire of "defederation".
A question to ponder: is anyone here going to volunteer to run a "permissive" radicle seed node? (i.e. providing storage and access to arbitrary git repos uploaded anonymously)
But doesn't the decentralized firehose make it easy to build curation? You decide what/whom you want to subscribe to---rest of social media be damned. Why do you care what unmoderated crap is flooding the world outside your cosy corner?
And if you choose to receive a broader sampling, you can subscribe to someone who will curate it for you---either manually, or through algorithms. It seems like an elegant way to have a web-of-trust layer for curation, composed with an algorithmic curation layer---and be able to tune the latter separately to suit user needs, without being beholden to the interests of the platform operator. You can easily switch your subscriptions if you don't like the way someone is curating it, without wholesale losing access to the network!
> A question to ponder: is anyone here going to volunteer to run a "permissive" radicle seed node?
Doesn't opening up curation+subscription solve this problem too? Anyone can curate in opinionated ways, and offer to "host" whatever they are okay with accepting responsibility for (at whatever level of endorsement, so long as it is clearly communicated) and users have the choice to subscribe.
The problem today is that curation is tangled with access to the network, so you're forced to accept the curation provided to you by the owner of the walled garden (and incentives are misaligned)
AtProto does have platform and user managed labelers for the moderation piece, so it's at least built into the protocol. The jury is still out on how well that concept will scale.
Tangled very nicely gets rid of the having to run a server problem, yet still gives you a sovereign platform for doing git from. Truly divine.
The barrier is largely that Tangled is so new. People don't know about it. People don't know what Bsky & the Personal Data Server offer or they haven't been enticed out of the zero energy local minima.
There's some need for more features. For more tangled dev. Ideally for alternate clients, just because. But it's already enormously solid, the early adopters are living the better life, the future is already here and we are just waiting for devs to redistribute themselves appropriately.
Does Tangled offer any solutions or suggestions for backing up data stored on the Knots?
5 replies →
Github is free and decentralization isn't.
git is. GitHub notsomuch.
1 reply →
The whole point of the submission here is that that's no longer true?
5 replies →
I'm increasingly becoming convinced that atproto is pointless. Federation is good, but this idea of implementing "take everything with you" at the protocol level is unnecessarily complicated and centralizing. With Bluesky it might make a little more sense, but with Git? So many better, easier options here. Archive your repo and a) learn how to the do the real decentralized thing OR b) make your own centralized thing OR c) just move to Gitlab or similar.
"Take everything with you" is just downstream from "find or be a trustworthy node."
What’s the “real decentralised thing”? You can already archive your repo—Tangled doesn’t prevent that.
AT Protocol is great for when you’re working with the data surrounding your code: issues, pulls etc. which are much harder to move around, or even just archive from GitHub.
Case in point: Gitea (ironically), they’re stuck on GitHub because their 30k+ issues and PRs cannot be migrated from GitHub due to API rate limits.
"Real decentralised thing" here I meant 'using Git in that way that was kind of invented for but no one seems to do,' aka distributed/decentralized with no central server at all.
Why not improve upon https://radicle.xyz? It's been running for a while now with promising future. From my naive understanding of running a radicle node, it consumes around 40G of storage for the current network of 5k repos
The social factor. As someone who is very active on Bluesky, the social inertia of Tangled is great. I like Radicle too, but it's harder to collaborate with people, because it's harder to sell to people.
I was pleased to see that this has CI pipeline support, but am saddened to see that it looks roughly GitHub-actions shaped.
I don't see the point in writing a sequence of serial steps in YAML. A bash script can already do that. YAML configuration for pipelines should be focused on expressing the dependencies of a DAG, not the serial execution of a program.
Buildkite got this right.
The point of doing it declaratively is that you can easily expose all that information in the UI, and process it to set up the pipeline in the first place (multiple runners, which OS they run, dependencies between steps).
I agree most of your `run` steps should just be one or two lines to call out to another script though, and you shouldn't split things into multiple steps unless necessary.
How does Buildkite do it? Their website doesn't seem clear but it looks like it also uses YAML, you can just use a script to generate it. Gitlab supports that somewhat awkwardly, and I've definitely had one project where that would have been useful (though I couldn't convince my colleagues to do it).
I don't think it would be difficult to add support for it anyway.
New tomorrow: "Spaghetti", a no-code platform to run your business on, and "Lock-in", a vault to keep all your important data safe.
Is there any story for private/enterprise work here? the tangled stacked diff review flow looks very good for work stuff.
Potentially! We’ve discussed offering a fully airgapped, non-AT version of Tangled. It’ll be a bit of an undertaking so probably not anytime soon.
Not really: https://tangled.org/@tangled.org/core/issues/60
since ATProto had a Merkle Tree of its own, I wonder if tangled utillize this internally to interop with git
No, they are very different merkle trees and mixing protocols is hard
I'm reminded of Brett Victor and his tangle library (2013).
https://worrydream.com/Tangle/
I am obliged to use a public GitHub org for work. Is it “blessed path” to try do the CR part in tangled and sync back to GitHub? I would love to profit from my nice jj habits at the review stage!
You could mirror it, yeah! Perhaps write a spindle pipeline[0] to push back to GitH*b on merge. :)
[0]: https://tangled.org/@tangled.org/core/blob/master/docs/spind...
Looks cool but I would really like to have this as a mirror of my local git repo server. If tangled goes down or my internet goes I won't be able to work.
Nothing preventing that! You can run a knot server[0] on top of your local git server—which I assume you push to using SSH. Knots serve up your git bare repos over an API (and federate over AT Protocol).
If Tangled’s appview is down, you can still access your own box as you would. Alternatively, you can mirror using git natively by simply adding a push-only remote.
[0]: https://tangled.org/@tangled.org/core/blob/master/docs/knot-...
Ah cool thanks!
This is interesting, what does it give that hosted git doesn't?
The fact that all the data is open means not only that you could plausibly exit to other providers and keep all your projects data, (issues, prs, etc), but also that it's dramatically easier to build other tools that work on that same data. Triage, labelers, bots, etc, I know these are all possible on GitHub today with their API, but I think the programming model of ATProto removes a lot of friction in building and composing them.
I think there is a sort of thing built on top of Git where the wiki and issues are actually part of the repo itself, I forget the name, a bit like the Fossil SCM.
4 replies →
decentralization out of the box for the most part. Its built on ATproto protocol which is used by bluesky/created by them
Git is decentralized.
1 reply →
For stacked diffs, check out https://gitpatch.com/
It doesn’t seem to address this, but I’m curious whether this could be used for trivially relocatable package identifiers.
I don't really get it. What if anything gets stored in your PDS, versus somewhere else?
One easy way to tell is to browse lexicons (https://ufos.microcosm.blue/) and filter by "sh.tangled".
For example, I can see:
- https://ufos.microcosm.blue/collection/?nsid=sh.tangled.repo
- https://ufos.microcosm.blue/collection/?nsid=sh.tangled.publ...
- https://ufos.microcosm.blue/collection/?nsid=sh.tangled.repo...
Here's a link to all of them: https://ufos.microcosm.blue/collection/?prefix=sh.tangled
Having a hard time understanding what that website is showing (eg. what is a lexicon?). Could you explain?
Is it meant to be some kind of filtered sampling from the stream of ATProto events?
1 reply →
I believe the rough separation is, code in git, all the other stuff around it (like what GitHub provides) as lexicon
iirc, a few things are not in lexicon/PDS yet, but intend to be
Not receiving the signup code on email for tangled.org
i just hope, this is really a thin service and not again running with javascript and also works over tor..
I'm not touching anything related to atproto with a ten foot pole