Organic Maps: GitHub has gone - long live Forgejo
105 points by Helithumper
105 points by Helithumper
Struggled with the tags on this one
Great to see them taking control of their code & community. I hope we continue to see more free software projects follow suit.
Looks like this was the catalyst: https://mastodon.social/@organicmaps/114155428924741370
It should be noted that this there are accessibility & privacy considerations / consequences for your choice of forge / mirrors (or lack thereof)—in this case contributors are blocked by a Microsoft-owned service needing to comply with US sanctions.
I thought it’s great that you can sign in via codeberg but got stopped here:
Authorize "git.omaps.app" to access your account?
If you grant the access, it will be able to access and write to all your account information, including private repos and organizations.
This application was created by @rtsisyk.
With scopes: .
The nice thing about github is that you don’t have to maintain an account for every project. Hopefully this is just some misconfiguration on their part.
The nice thing about Forgejo is that you can host it yourself, without getting permission from a nation state (in most cases). Organic Maps is hosted at https://git.omaps.dev/organicmaps/organicmaps. Organic Maps is a map of the entire world, not just of the parts of the world that the west doesn’t have sanctions against. Self hosting makes sense for them.
They have a mirror at Codeberg, but Codeberg is hosted in the EU, and so is probably restricted by the large list of countries that the EU has sanctions against, although I don’t know details.
I’m all for that, the thing I have an issue with are just the access permissions they ask for when linking an account.
This app, organic maps, is really fantastic. It’s a cleaner way to display the map than Osmand (I think) and as a result I use it most days. There’s another good one, Magic Earth, but I don’t think the source is available to look at.
Osmand is always good to have as a swiss army knife but I really don’t need most of its features.
I’ve been using Organic maps mostly because OsmAnd is extremely slow to render vector maps, showing grey squares a lot of the time. Did you also experience this?
I can’t remember grey squares specifically but a huge reason as to why I switched was how smooth the maps loaded yeah.
Unbelievably stoked about the rise of Forgejo and Codeberg. We actually have a shot at ending the era of proprietary closed source hosts dominating the free and open source software world. GitHub will always have a special place in my heart but nothing lasts forever and I think this next phase seems an unambiguously positive development.
As a financial supporter and near-daily user of Organic Maps, this makes me very happy. Time to reevaluate my Liberapay donation amount. This is such a great project, and it was a key piece in completely ending my dependence on Google years ago. It keeps getting better and better, and I’m excited for their work on the “desktop” Linux version.
I’m curious about the Google independence. How do you do 2FA for things like banks?
As in apps requiring to be connected with the whole Google Play stuff and so on.
What bank requires Google for 2FA?
Many bank apps only work if SafetyNet/Play Integrity is available and reporting that you’re running an unmodified and non-AOSP version of Android, so if a bank requires you to use their own app for 2FA, you wouldn’t be able to log in to their web services without an iPhone or an Android phone running Google services.
But it seems unlikely that any banks already assume that all their customers have a smartphone? Would still prevent mobile app banking though, of course. And eID apps have been rolling out in some European countries, and more and more stuff is relying on such for online identity verification, and I think some of them do depend on SafetyNet or Play Integrity? Not sure, the Swedish one doesn’t.
without an iPhone or an Android phone running Google services.
Right, so it doesn’t require Google, it requires Google if you’re using Android, which I would assume if you’re trying to have no Google in your life, you’re not using.
Many people run Android with no Google services. LineageOS and GrapheneOS are both based on AOSP. Many people who want to have zero Google in their lives also want to have zero Apple in their lives, and for them, fully open source versions of Android is the only option for smartphones. Presumably there also many people who want to not depend on Google but are in fact A-OK with Apple, but I assume @reezer was thinking of people in the former category.
Usually I’ve seen “de-google” folks reach for things like LineageOS, but without Google Play Services
Gotcha! That’s context I’m missing.
There’s some magisk module that allows you to fool the SafetyNet requirement but it is against LineageOS policy to support things like that. Otherwise you are just gonna have to use a computer to access online banking services.
I’ve used this Magisk module in the past. It works great, but eventually, some number of years from now, it will stop working because the way it works is by spoofing a device property that says the device has software attestation (which can be forged) instead of what it really has, hardware attestation (which can’t). When Google decides hardware attestation is widely available enough, we’re all SoL.
Side note: SafetyNet requirements are cursed and more than anything else, dumb. Back when I was on LineageOS, I had my bootloader unlocked because you can’t install GApps with a locked bootloader. I wanted to use Netflix, which requires a SafetyNet attestation (god knows why because the DRM stuff is totally independent of SafetyNet). I had originally decided to leave my device unrooted, for security reasons… except that Netflix’ SafetyNet requirement forced me to root, in order to spoof the software attestation prop and circumvent SafetyNet.
So their original goal was to make sure I was using a locked down device, but what they actually accomplished was forcing me to compromise my device’s security even more than I wanted to originally. Good fucking job.
I haven’t worked with a bank yet that didn’t allow sufficient access in a mobile browser, except for some restrictions related to mobile check deposit. I would encourage anyone using a bank that requires an app for mobile account management to find another bank and tell the old one why you’re leaving.
I’ve never installed banking apps on my phone (I did use my credit union’s app on my wife’s phone for the rare mobile check deposit, but now we have an account with a bank that allows mobile deposit through their browser interface). For 2FA specifically, my credit union lets me use standard TOTP even though they initially branded it as “Google Authenticator”. I firmly reject services that require a proprietary app. I do as much in a browser as possible, and I use FOSS apps for things I want to work offline. Really, Google was my only exception (for Maps and Fi) for the longest time.
I finally moved to OsmAnd and Organic Maps maybe four years ago, and ported my number to a phone number provider built on FOSS two years ago (wrote about it on my blog). I used to prefer OsmAnd, but Organic Maps has been my default for a while since they added better address lookups.
How do you do 2FA for things like banks?
My bank1 just works without SafetyNet. I never tried my bank 2 but it should work too.
I was just talking to my friend about how great organic maps is. it’s a testament that open source UX can be good.
I use it nearly every day, and it’s great. no notes. everything I’ve gone “man, I wonder if” – yep, they implemented that. from double tap to zoom, to refocusing the view automatically if you accidentally screw it up.
there has never been a better time than now to escape walled gardens.
also, shoutout to https://ente.io, another open source app that got me off of icloud photos in 1 day. I’m not sponsored, I just want more shit like this to exist.
I looked at forgejo and dismissed it rather immediately as a pixel for pixel knockoff of GitHub. With no independent design vision I can’t think of it as healthy…
Forgejo is designed to make it very easy for people to migrate off of github and onto an open source, self-hostable, and soon to be decentralized platform. I really appreciate that I was able to escape from github to codeberg with one button migration, no data loss, no change to my workflow or to the workflow of users who followed me from github. [Okay, the CI server and “pages” functionality works differently.]
migrate off of github and onto an open source, self-hostable
This is for better & worse depending on the personality type. If you are looking for a seamless tradition & not looking to learn anything new, that can work, but it leaves a lot to be desired for fixing some of the fundamental issues (namely the flaws of the “pull request” model, copying all the YAML from Actions / trying to maintain parity while not being in control of it). I am the type that would prefer to upend the status quo with something fundamentally better than this approach. The closer you go towards copying the upstream, the more your pitch for why just comes down to X, but open source which is philosophically compelling, but not in any way technically compelling (which is more motivating in many cases).
soon to be decentralized platform
They’ve said this for so long I have stopped holding my breath for ForgeFed. I am concerned about its usage too—if trying to be a clone, you risk copying all of the bad social media features. That said, breaking down the requirement to always create accounts will help contributions.
Sure, we absolutely need alternatives that explore ways of being fundamentally better than github. I didn’t explore any of them when I jumped away from github, because my goal was to get away from being under Microsoft’s control with the least amount of effort and disruption to my workflow. If my goal had been to improve my workflow using a different development model, I would have looked at other alternatives. Just saying that Codeberg and Forgejo have a valuable role in the ecosystem. I’m not advocating for a Forgejo monoculture. Maybe ForgeFed will be eternally irrelevant and someone else will create a much better design for decentralized forges that will be widely adopted. That would be great.
someone else will create a much better design for decentralized forges
Radicle is already an incredibly solid p2p “forge”, but it needs more work to be done on features, UX, moderation, privacy, etc.
It is not a pixel for pixel knockoff of Github. Also Gitlab looks the same. It’s a repo browser and looks like, eh, a repo browser.
It even had “remain compatible to gitea” as a requirement for long time, restraining their ability to design things independently even more.
In a way, it can be a good thing to start a project as “fork/clone of XYZ” and stick to that for a while. The ambitions to move in other directions will come soon enough, but having some structure established before you start to tear down everything might increase the chance that you’ll still have something workable in the end.
If you want something autochthonous you can use Bugzilla, Trac, Phabricator or one of many other options. Forgejo is very much designed to liberate the people who are tied to GitHub.