Google Code Deprecates Download Service For Project Hosting 185
New submitter c0d3g33k writes "Google Project Hosting announced changes to the Download service on Wednesday, offering only 'increasing misuse of the service and a desire to keep our community safe and secure' by way of explanation. Effective immediately, existing projects that offer no downloads and all new projects will no longer be able to create downloads. Existing projects which currently have downloads will lose the ability to create new downloads by January 2014, though existing downloads will remain available 'for the foreseeable future.' Google Drive is recommended as an alternative, but this will likely have to be done manually by project maintainers since the ability to create and manage downloads won't be part of the Project Hosting tools. This is a rather baffling move, since distributing project files via download is integral to FOSS culture."
So, "Don't Be Evil..." (Score:4, Interesting)
Becomes, "Don't Be Open."
This is a rather baffling move, since distributing project files via download is integral to FOSS culture."
Considering the recent spate of incidents involving Google taking a shit on the FOSS community that helped to create it, I don't find it baffling at all.
Google is finally turning into the dickhead actor who got rich and forgot who his real friends are.
Re:So, "Don't Be Evil..." (Score:5, Informative)
Re: (Score:3, Insightful)
Any public file sharing system is liable to be abused period. This includes version control systems. It is no excuse for yanking the service. FWIW I have never seen people abuse either of those services for file serving.
Re: (Score:2)
Re:So, "Don't Be Evil..." (Score:5, Informative)
(1) Version control systems, unlike file downloads, are central to the purpose for which Google provides Google Code, to wit, facilitate developer-to-developer collaboration on open-source projects.
(2) Version control systems, unlike file downloads, are not particularly widely abused for hosting malware to be distributed through emailing deceptive links to unsophisticated users.
Re: (Score:2)
Version control systems, unlike file downloads, are not particularly widely abused for hosting malware to be distributed through emailing deceptive links to unsophisticated users.
This is easily prevented by not allowing direct download links. For example, by requiring a hashcode in the HTTP request string accompanied by a cookie which is only set by answering a prompt.
and by restricting the files that can be made downloadable to .tar.gz and .zip files.
Re:So, "Don't Be Evil..." (Score:5, Informative)
I suspect you may have misunderstood how one would actually abuse this.
I email you (or, say, your mom) a link saying Malwarebytes v.10 is now available for download, and it fixes a critical vulnerability and needs to be updated soon or you're at risk. Go to code.google.com/malwarebytes , a project that I've created. I might even populate it with something looking like code that would match, to trick people who are more technical than they really are.
A non-technical user may see that it's it's hosted at Google, and, having some trust for them, they choose to download. Your prompt shows up (what that accomplishes I don't know, so I assume the user, already intent on downloading it, answers it.)
So, by your second rule, they download MalwareBytes.zip, which contains MalwareBytes.exe (actually malware), and voila. 0wned.
The also changed the Lic Terms to D&R (Score:4, Funny)
here's there new Lic terms for all google code:
D&R (Death and Repudiation) License
========
This software may not be used directly by any living being. ANY use of this
software (even perfectly legitimate and non-commercial uses) until after death
is explicitly restricted. Any living being using (or attempting to use) this software
will be punished to the fullest extent of the law.
For your protection, corpses will not be punished. We respectfully request
that you submit your uses (revisions, uses, distributions, uses, etc.) to
your children, who may vicariously perform these uses on your behalf. If
you use this software and you are found to be not dead, you will be punished
to the fullest extent of the law.
If you are found to be a ghost or angel, you will be punished to the fullest
extent of the law.
After your following the terms of this license, the author has vowed to repudiate
your claim, meaning that the validity of this contract will no longer be recognized.
This license will be unexpectedly revoked (at a time which is designated to be
most inconvenient) and involved heirs will be punished to the fullest extent
of the law.
Furthermore, if any parties (related or non-related) escape the punishments
outlined herein, they will be severely punished to the fullest extent of a new
revised law that (1) expands the statement "fullest extent of the law" to encompass
an infinite duration of infinite punishments and (2) exacts said punishments
upon all parties (related or non-related).
Re: (Score:3)
There's. No. Such. Thing. Period.
Re: (Score:2)
Github also had to discontinue file downloads for the simple fact that people abused it and used the service as a way to distribute content unrelated to the open source material.
Doesn't that kinda defeat the purpose of github?
(Not a coder, wouldn't know)
Re: (Score:3)
Re: (Score:2)
No. GitHub uses, as the name implies, Git. You git clone the kiddy porn
FTFY.
Re: (Score:2)
Also, on github you can still tag versions and it'll still put up tar balls you just can't upload some zip file or your own and get it in the same place as the tagged versions.
Re: (Score:2)
So you put the binary content in a file in a branch and provide the link to the generated tar ball for that branch. It's not as if "file sharers" aren't used to having to unpack a archive which was inside another archive (which sometime was in even another archive).
Re: (Score:2)
How were people abusing Github downloads? How are people abusing Google Code? What makes Google think people won't similarly abuse Google Drive?
Re: (Score:2, Informative)
Github used to have an API that would allow you to upload & host arbitrary binary blobs and make them available from your project's download page. They discontinued THAT service, because people were abusing. And probably, causing a lot of expense in disk, file server, and bandwidth costs for github.
You can still create git repositories, and clone them, and upload and share code, etc. etc. etc. You just can't upload arbitrary binary files and redistribute them via github. For projects that want to re
Re: (Score:2)
Except they said they discontinued it because of user confusion rather than abuse. Besides, what's stopping users from distributing "50GB of [their] best porn" as part of a GIT branch?
Re:So, "Don't Be Evil..." (Score:4, Funny)
Would be quite popular, I imagine. All that forking, pushing and pulling!
Re:So, "Don't Be Evil..." (Score:5, Interesting)
Using the file download hosting feature to host malware and sending emails with deceptive links to that malware to distribute it to unsuspecting users seems to be one of the main abuses.
then vet the projects (Score:2)
like google summer of code does, like gcc compile farm does, like slashdot story queue does. its not rocket science.
Re:So, "Don't Be Evil..." (Score:5, Funny)
Re:So, "Don't Be Evil..." (Score:5, Interesting)
Can't use google drive from work.
Re: (Score:2)
They're pushing google drive for downloads. That makes sense on a couple levels -- forced encouragement of google drive and removing redundant functionality -- but this is google so you have to wonder what's next.
Yes, make perfect sense... You see, there's no way in which Google Drive can be misused.
(grin)
Re: (Score:2)
> what is next? Will you need to login with google+ to download?
That is what I expect. I think if Google+ had Facebook's marketshare they would already be doing that sort of thing across most of google''s services.
Re: (Score:2)
And no one was surprised (Score:5, Insightful)
So? (Score:5, Informative)
Github did exactly the same thing quite some time ago, and people didn't complain too much. Why is this a big deal?
Re: (Score:2, Interesting)
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
I believe SourceForge is working on updating their site. I seem to also remember them looking for volunteers.
Re: (Score:2)
Nothing prevents you to put a link to the binaries on your website. And if you can't afford a to host a website, there are still file hosting service happy to finally get some legal files.
Also, you know, there were some malware abusing the system and downloading some files on some popular legitimate projects ( http://news.softpedia.com/news/New-TDL-Malware-Variant-Uses-Chromium-Embedded-Framework-339791.shtml [softpedia.com] ). I don't know many projects affected beside this one and I'm sure Google knows better and this mo
Re: (Score:3, Interesting)
Nothing prevents you to put a link to the binaries on your website. And if you can't afford a to host a website, there are still file hosting service happy to finally get some legal files.
Also, you know, there were some malware abusing the system and downloading some files on some popular legitimate projects ( http://news.softpedia.com/news/New-TDL-Malware-Variant-Uses-Chromium-Embedded-Framework-339791.shtml [softpedia.com] ). I don't know many projects affected beside this one and I'm sure Google knows better and this move wasn't just to mess around with legitimate users and reduce the costs.
Google seems to be cutting lots of services in the name of abuse...
Google Code downloads gone because they were being abused.
XMPP federation gone because it was being used by spammers.
CalDAV gone because... well, that one just seems to be because its open and Google wants to push everyone to their proprietary APIs instead.
I'm just waiting for them to pull the plug on email federation with Gmail and Google web search because they both get used by spammers too...
Guess what; pretty much any useful service is g
Re: (Score:3, Funny)
Re:So? (Score:4, Insightful)
RMS, is that you?
Not sure what domain your project is in, but unless your target market is "Linux, Emacs users who know C" odds are you're cutting a goodly number of potential users out with that attitude. Certainly there are tools that is appropriate for, but the VAST majority of users don't have a compiler on their systems, much less know how to use one.
Is that a tragedy of the Microsoft-ocracy keeping the world closed for users? I don't think so. [Car analogy coming up] Just because I could technically acquire all of the tools and knowhow to replace any particular part on my car, doesn't mean it's the best use of my money and time to do so. Even if the tools were all free (as in the case of GCC et al.), it's unlikely that it would be in the best interests of a non-techy to take the time to learn to use them, much less learn to troubleshoot them when `./configure && make && make install` doesn't go according to plan. To many people, computers are just tools to get other non-computer related work done, and there's nothing wrong with that. Some people like to tinker with their cars, others just want to drive to work and park them.
Even a user who doesn't know how to fix bugs & recompile can be a useful asset to an Open Source project. I've found that some of my non-technical users are the most details oriented when it comes to finding edge case bugs and documenting what it takes to reproduce them. Often enough those are the kinds of bugs that take me two minutes to fix but would have taken hours to track down if not for a complete reproducer reported by a user.
As far as giving people the wrong idea about Free Software, which is worse: Users thinking Free Software is about the price or that it's unusable junk that only nerd/hacker/terr'ists actually use? I've already read articles where less-than-savy authority/law enforcement types have considered simply having Linux installed on a system as evidence of criminal activity. Making Free Software cryptic and difficult to use (neigh unto impossible for certain groups of users) certainly doesn't advance the cause any.
Re: (Score:2)
I think my car analogy holds fine here. My car is FOSS in this case, but I still choose not to do most of the work myself even if there's nothing legal or technological preventing me from doing it. The software in the post I replied to originally is also FOSS, but the author seems to think that users should be required to do all of the dirty work themselves before they be allowed to use it. The only way I can drive that car is if I know how to install the engine & transmission myself before I start driv
Re: (Score:3)
A true vanguard. You rock!
In order to help your users even further, you may want to think about devolving your app to just pseudo-code. I'm sure that your choice of programming language has given pause to many upcoming Logo programmers out there.
Re:So? (Score:5, Funny)
I prefer avoiding pseudocode altogether, wouldn't want users to get too comfortable. i prefer this approach - a single source file with these contents:
File name: AwesomeSoftware.cpp
/*
don't forget #include the stuff your software will need to compile and run!
enter your code below in proper C++ syntax. It should do what you need.
If you don't know what to write, you should probably go read lots of books
and take a 4 year undergraduate program in Computer Science. Then
maybe you won't be such a fucking retard, luser. I don't work for you, and
I sure as shit am not getting paid by you.
This file is licensed using GPLv3.
*/
I like to then provide a makefile with these contents:
# Make sure you have no errors in your file before you attempt to build!
all :
@ echo "Compiling your shit."
g++ AwesomeSoftware.cpp -o AwesomeSoftware
@ echo "Cleaning up!"
rm -f AwesomeSoftware.cpp
I find this to be the best way to spread the good word of open source and teach people good development practices.
God Bless Richard Stallman. God Bless Linus Torvalds.
Re: (Score:2)
Because it is a crap policy. A lot of people will want binaries or packages rather than download source code. Many people do not even have a versioning system installed or will want to download the latest stable source code rather than muck around with an unstable internal development milestone.
Re: (Score:2, Insightful)
Of course they do. Because most OSS software won't compile without error. 9 times out of ten it takes some amount of fucking about and searching to find what's missing or what arcane thing needs typing at the console to make it build. If you're not a developer don't bother.
Re:So? (Score:5, Informative)
People did complain. Amusingly, the biggest counterpoint was that if you want to offer downloads you should probably use google code which is much more user (rather than programmer) friendly.
Re: (Score:3, Insightful)
Amusingly, the biggest counterpoint was that if you want to offer downloads you should probably use google code which is much more user (rather than programmer) friendly.
That's pretty much my view too.
The way I looked at things was that Google Code and SourceForge are a lot more centered around what an end user would want to see (either someone who has no idea about version control and coding, or for a library or something like that even a programmer but who just wants to grab a library to use) while GitHub
Re: (Score:3)
Because this is slashdot, and it has become hip to point at any curating or reducing of their free services as violating "dont be evil".
yeah no (Score:2)
some people spent many hours customizing scripts to upload their builds to google code. now those scripts are useless. its fucking bullshit.
Re: (Score:2)
Whats BS is getting a free gift on tuesday, and then complaining when you dont get another on wednesday. They offered a free service: no warranty, no contract, no guarantees, and no cost. That doesnt mean you get a permenant entitlement to run your code on their servers in perpetuity.
Re: (Score:2)
GitHub doesn't have competitors that pay people to spread FUD.
Another one bite's the dust! (Score:2)
And another one gone and another one gone...
Another one bites the dust!
Hey! I'm gonna get you too!
Another one bites the dust!
Github did this recently (Score:5, Informative)
Github did this recently [github.com] too which was annoying, because it was useful. They're not entirely clear why ... "confusing" doesn't seem nearly as likely as "abuse", though I am not aware of any abuse in particular. Since Google is providing Drive as an alternative, and not even immediately removing the service for those using it, it's not even as bad as Github's move, which removed it for everyone. I suppose it's an opportunity to cut another Google dependency though if you really want.
Re: (Score:3, Insightful)
True. But Google Drive is not exactly known for easy to read URLs.
Re:Github did this recently (Score:5, Funny)
True. But Google Drive is not exactly known for easy to read URLs.
What are you talking about, [USER_TYPE:HUMAN UNIT:670288]? [LINE FEED] Values derived from hash functions of sufficient length are superior sorting and indexing mechanisms for long-term persistence of non-volatile data structures. The use of values that map directly to integers provide search efficiency of big-O-one as opposed to [STRING] searching, which is typically big-O-log-n or worse. You, [USER_TYPE:HUMAN UNIT:670288], must have a malfunction in your [LOGIC-PROCESSING DESIGN] and must obtain maintenance before further conversation can be attempted reliably. [END COMMUNICATION]
Re: (Score:3)
You sir/madam/machine/thing have won several internets.
If you would like, I have a recently widowed Nigerian prince who will send them to you.
Re: (Score:3)
CMM LEVEL RATING -2 LUNATIC
Re: (Score:2)
Not really. I want to know first where a URL is pointing to before clicking.
And there is no reason to make a URL not readable to both by the server and by a human.
Only affects Google hosting? (Score:5, Interesting)
I know more than a few projects using code.google.com that have downloads from a separate server, perhaps to get around some inconvienences already built into the system.
Maybe the cost of bandwidth is getting to be significant, or maybe it is due to abuse. The announcement seems to suggest people were creating projects just to distribute large files, probably copyrighted material, (and possibly malware), and getting Google to host it for free.
Still, if you have to set up two or more different services to host your project, why would you bother with the one that didn't allow project downloads? What would be the point of using that on a community project? It would seem this would drive the community away. Perhaps this telegraphs the death knell for yet another Google service?
Re: (Score:2)
Maybe the cost of bandwidth is getting to be significant, or maybe it is due to abuse.
I can't imagine it's bandwidth, because no matter how many projects are there the bandwidth needs are going to be miniscule compared to another of their free services - YouTube.
Re: (Score:2)
Well, most projects don't carry advertising. YouTube does, and it also has other revenue generation programs.
Projects tend to be very small, and the whole thing could be probably better handled by imposing a limit on the size.
But i've seen a couple projects purporting to relate to video processing packages that had entire movies as test data.
These disappeared pretty quickly, suggesting the "test data" (porn) was the purpose all along.
what's wrong with the command line (Score:2, Interesting)
svn checkout enter-url-here
It's how I download everything from google code, and for github I use git. or is the command line "too ancient" to use anymore?
Re: (Score:2, Insightful)
Because end users don't have SVN?
Re: (Score:2)
Distributing software to end users isn't a core purpose of Google Code; the download functionality (which could be, and often was, used for that purpose) wasn't, as I understand it, provided for that purpose, but provided mostly as an alternative to using source control tools to get source code bundles.
But, using it to distribute arbitrary files also enabled to it to be used to create Google Code projects that were nothing but free hosting for malware distributed via decepti
Re: (Score:2)
It's possible that's what they were thinking (and maybe even said) but it sure doesn't come out from the design of the site, which I've always thought has been well-geared toward the end users. There's a cons
Re: (Score:2)
I think that the goal was to be well-geared toward full-featured developer collaboration (which involves more than just hosting repositories.) The fact that the same features can be leveraged with user-focussed content to also make it an excellent platform for end-user interaction was, I think, a peripheral benefit.
Re:what's wrong with the command line (Score:5, Informative)
Because the average user doesn't want the source code, they want to download a prepared binary in an installer or zipfile?
Re: (Score:2)
Re: (Score:2)
What did I eat for lunch?
deb, rpm, dmg, 64bitzip, 32bit zip (Score:2)
old versions, dev versions, branch versions......
pretty soon you have 500MB of d/l files in your git repo.
We've heard of BitTorrent, haven't we? (Score:5, Interesting)
My MOM knows what BitTorrent is. It's available on nearly every platform in existence; there's even a javascript client, I think? Some browsers now have clients built-in or available via extensions. With DHT supported by most every client, you don't even need a tracker. Web seeding means you don't have to guarantee seeded peers if you've got some HTTP mirror available somewhere.
So, can FOSS projects please grow up and start using bittorrent more? Can we make torrents a little more transparent to users, as well? As in, you click a link and you don't need to do anything else, no external programs, etc? Some big projects like Libreoffice have been using BitTorrent for a while; distributions have been as well even longer.
PS:For the love of god, please pick a sensible chunk size *glares at people who create 300MB torrents with 4MB chunk sizes*
Re:We've heard of BitTorrent, haven't we? (Score:4, Insightful)
yes, that's the thing that AT&T and comcast will threaten then cut your access if you use. good thinking
Re:We've heard of BitTorrent, haven't we? (Score:4, Funny)
Actually the opposite might work too. If bittorrent becomes a favorite distribution protocol for FOSS, that might push ISPs into being more tolerant toward it.
Re: (Score:2)
my nose hurts from the pop I launched through it laughing.
Re: (Score:2)
they are dropping customers for piracy complaints.
Re: (Score:2)
Well, you know, those two ISPs cover only a small percentaje of the planet, so it's not that big of a deal. Also, if your ISP threates to cut you off, just switch to another more serious one.
Re: (Score:2)
I've been using comcast internet subscriber for years and I gotta point out, you're a liar.
Oh yeah, and your pants... they're on fire. Come on down and we'll put that out.
is pirate bay going to provide a web seed? (Score:2)
yet another comment suggesting 'if youve got some XYZ somewhere'.
without mentioning the actual name of 'some xyz somewhere', no company name, no organization name, no url, no link, no nothing.
just some abstract idea that 'out there' is a bunch of free file hosting for everyone. its not true. its just not true.
if you dont have an host to store the web seed, web seeding is worthless.
and of course the amoral douches like pb would never in a million years dream of contributing to the community by web seeding fl
Way to go, Dropbox users (Score:3, Insightful)
Remember when it was normal to move files around with standard protocols, which worked reliably and didn't require any bizarre shit? And then remember when someone came up with a great idea of offering file storage service, with the caveat that you would have to use weird special software in order to upload and download your files, so that we could move toward a situation where it's not always necessarily available (e.g., if the weird software hasn't been ported to your box yet) not as easily scriptable, and just didn't work as well?
People, when that happened, you were supposed to laugh in Dropbox's face, slapping your knee while between chuckles you weakly uttered "oh my god, what a stupid idea! And how insulting for you to think we're stupid enough to fall for it!"
That's what you were supposed to say. Instead, it seems that a bunch of people said, "oh, cooool!!!" instead.
So of course Google had to go make Google Drive, to catch up on being as horrible as Dropbox, so that Dropbox wouldn't get the whole market of stupid people. Stupid people are a valuable market.
But once they had to deal with stupid people and not-stupid people, they had a problem: wouldn't it be more profitable, if we could get non-stupid people to do things The Stupid Way? You know, run our "drive" software instead of rsync, sftp, etc?
So here we are. Thanks, everyone. Thanks for making these fucking weird nonstandard clients the new norm that everyone is expected to put up with. I just realized something: you all didn't really hate AOL, did you? It stopped being "cool" (?!) but you never understood why it wasn't cool, huh?
Re: (Score:2)
Truth, all of that, of course.
My favorite part is where everyone here's modding down the wise posts as Trolls. But 'ey, if y'all prefer Facebook 2: +ElectricBoogaloo over federation and XMPP, and ridiculous "abuse" excuses over sensible free software download systems, then I don't have all the time in the world to try to steer the USS Consensus closer to the HMS Sense.
Re: (Score:2, Insightful)
Dropbox has a REST API you can use to upload, via standard HTTP, and a website you can use to do the same thing if you're so much of a tard that you can't write a little bit of code.
Re: (Score:2)
Yup, because before dropbox there was a simple and effective rsync client for windows that could and would work to keep some folders in sync across all your computers and be publicly available without needing to setup your own server. All for free
Except there wasn't.
Re: (Score:2)
Remember when it was normal to move files around with standard protocols, which worked reliably and didn't require any bizarre shit?
Ooh, that does ring a bell. There was this protocol for transfering files, what was it called again? Started with F... something something. Would be completely useless today, I'm sure, now that we have Google Drive...
Did Google ever fix Drive's date problem? (Score:3)
The last times I tried using Google Drive, if you downloaded more than one file, it would make a zip file with the files where the dates were all reset to Jan-1-1980. Does it still do that?
That's a deal-killer to me and makes the service unusable. DropBox doesn't do that - so I know it's not technically impossible to so something so difficult as preserve a file's modify-time.
Re: (Score:2)
Sourceforge (Score:3)
Meanwhile, SourceForge reaches out to developers (Score:5, Informative)
Quoting the comments:
Setup looks pretty simple; but, since I don't have code in Google Code, I can't put it to the test. Can anyone attest to how well this works?
SourceForge (Score:2)
Google giveth. (Score:3)
Google taketh away.
Funny, I was just wondering when this will happen! (Score:2)
Gramma (Score:2)
This sentence doesn't parse.
Re: (Score:2)
This sentence doesn't parse.
That is because you have a defective parser. I recommend remedial studies.
Nice way to promote github/bitbucket! (Score:2)
I'm pretty sure lots of proyects will be moving to github/bitbucket/etc now!
Well this really sucks (Score:2)
Old school (Score:2)
Or, you know, FTP.
Re:in future news (Score:5, Informative)
Github did the same thing last year.
Re:Yet Again :( (Score:4, Insightful)
Didn't we all see this coming though? Google used to make it more obvious by slapping "Beta" on everything, but while we aren't paying for it we all know it's the same thing. You get what you pay for.
They try out products that they hope will eventually make them money. You adopt those products because "free" and "kind of cool". Then Google realizes that lots of things are cool, but only some things make money. Product is over, adopter cries.
I like Google products for many things, but I've never felt that I could adopt them for more than personal use because I tend to view products I buy as a long term decision based as much on their long term support prospects as their costs and functionality. That doesn't mean I'm just going to buy Microsoft, but Google has never even pretended that they are in any of this for the long haul, they just put it there and you use it until it isn't there. And when it isn't, they don't apologize because you should have known better.
I think they have a model of throwing things at a wall and seeing what sticks. Perhaps it would be better if they had a mass of product people who were as smart as their developers are and could figure out how to make these things profitable, but I don't think they do. Indeed, I think a good product person is just as rare a quantity as a good developer is, if not more so.
Re: (Score:2)
Re: (Score:2)
love how you guys (Score:2)
who say the solution is xyz, never actually mention the names of xyz.
Re: (Score:2)
An additional benifit is that if you disappear, your projects will live on. If you host your files and code on your own server, when you decided to close it down, it goes with it.
I've seen far too many dead links that I would have loved to see...
Re: (Score:3)
Well, I usually use "genocide".
Re: (Score:2)
"Evil"?
Re: (Score:3, Insightful)
Forgive them. Products of a school system that has taught them that everything they do is worthy. The world owes them. ...
A trophy to every participant. Wining and losing are the same. As long as you show up
Google owes them everything forever. Anything less in their world view really is evil.
They feel they are being ROBBED.
You can not invalidate their feelings. That will make you insensitive and evil.
Re: (Score:2)
"We're grandfathering existing accounts that signed up before day X", duh.
Advanced notice doesn't mean there's a frenzy of new signups; it just means existing users are treated fairly.