惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Securelist
L
LangChain Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
月光博客
月光博客
S
Schneier on Security
Simon Willison's Weblog
Simon Willison's Weblog
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
美团技术团队
S
Security @ Cisco Blogs
人人都是产品经理
人人都是产品经理
L
LINUX DO - 热门话题
S
SegmentFault 最新的问题
D
DataBreaches.Net
C
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Security Blog
Microsoft Security Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
N
News | PayPal Newsroom
W
WeLiveSecurity
F
Fortinet All Blogs
The Hacker News
The Hacker News
The Register - Security
The Register - Security
P
Palo Alto Networks Blog
Engineering at Meta
Engineering at Meta
T
The Exploit Database - CXSecurity.com
Vercel News
Vercel News
G
GRAHAM CLULEY
博客园 - 聂微东
P
Privacy International News Feed
P
Privacy & Cybersecurity Law Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
G
Google Developers Blog
T
Tailwind CSS Blog
V
Vulnerabilities – Threatpost
L
Lohrmann on Cybersecurity
T
Tenable Blog
Cisco Talos Blog
Cisco Talos Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
Security Affairs
云风的 BLOG
云风的 BLOG
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
B
Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hugging Face - Blog
Hugging Face - Blog
T
Threatpost

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
How to escape vendor lock-in in your Git collaboration workflow
Alan West · 2026-05-17 · via DEV Community

Last March I watched a small open-source project I contributed to get nuked off a major hosting platform overnight. No warning. The maintainer's account got flagged by some automated system, and suddenly months of issues, PRs, and discussions were just... gone. The Git history survived because everyone had local clones, but the conversation around the code? Vaporized.

That incident sent me down a rabbit hole. Why does our collaboration metadata — the stuff that actually makes Git workflows social — live on a single server we don't control? The repo itself is distributed. The issues, reviews, and patches are not.

The root cause: Git is decentralized, but everything else isn't

Git was designed by Linus Torvalds to be decentralized. Every clone is a complete repository. You can pull from any peer, push to any remote, work offline indefinitely. That's the whole point.

But here's what Git deliberately leaves out:

  • Identity — Git doesn't know who you really are. It trusts whatever you put in user.email.
  • Discovery — There's no way to find a repository without an out-of-band URL.
  • Collaboration metadata — Issues, pull requests, code reviews, and discussions don't exist in Git itself.

So we bolted those features onto centralized platforms. Which works great, until it doesn't. The platform goes down. Or removes your project. Or changes its terms. Or gets bought. Suddenly your "distributed" workflow has a single point of failure that lives in someone else's database.

I started exploring peer-to-peer alternatives a few months ago. The most interesting approach I've found stores everything — identity, discovery, collaboration — in Git itself, then gossips between nodes. The project I've been poking at is Radicle, which calls itself a sovereign code forge built on Git.

Step 1: Identity, not accounts

In a peer-to-peer Git world, you don't have an account. You have a cryptographic key. Your identity is a public key that signs everything you publish. No central registry can revoke it.

# Generate a new identity - this becomes your 'account' forever
rad auth --alias alan-west

Enter fullscreen mode Exit fullscreen mode

This creates a keypair stored locally. Your DID (decentralized identifier) is derived from the public key. Nobody can take it away because nobody issued it in the first place.

Step 2: Repositories as first-class peer-to-peer objects

Once you have an identity, initializing a project for peer-to-peer collaboration looks like this:

# Inside an existing Git repo
cd my-project
rad init --name 'my-project' --description 'Yet another todo app'

# This creates a Radicle ID - a content-addressable identifier
# that you can share with anyone, no DNS or central registry needed
rad inspect --rid

Enter fullscreen mode Exit fullscreen mode

The Radicle ID (RID) is the equivalent of a repository URL, but it's cryptographic. It points to your repo wherever it currently lives on the network, not to a specific server.

Anyone can clone it from any node that has it replicated:

# Clone using the RID - works as long as ANY peer in the network has it
rad clone rad:z3gqcJUoA1n9HaeesA8YpcwujzNMc7

Enter fullscreen mode Exit fullscreen mode

If your node goes offline, peers who already replicated the repo can still serve it. The repo only "dies" when every replica disappears, which is a much higher bar than "the central platform decided to remove it."

Step 3: Collaboration that survives the platform

This is the part that solved my original problem. Issues and patches (the peer-to-peer equivalent of pull requests) are stored in Git refs on the repository itself.

# Open an issue - this gets committed to the repo's collaboration refs
rad issue open --title 'Memory leak in worker pool' \
               --description 'Heap grows ~5MB/hour under load'

# List issues - works offline because they're local Git data
rad issue list

Enter fullscreen mode Exit fullscreen mode

The mental model that finally clicked for me: imagine every issue and review comment as a Git object stored in a special namespace, signed by the author's key, and replicated alongside the code. When you sync, you get the conversations too.

For pull-request-style workflows:

# Create a patch from your current branch
git checkout -b fix-memory-leak
# ... make changes ...
git commit -am 'Fix worker pool leak by closing idle connections'

# Publish the patch - this is your 'PR'
rad patch open

# Reviewers can fetch and check it out locally
rad patch checkout <patch-id>

Enter fullscreen mode Exit fullscreen mode

I haven't run this at team scale yet — my experiments have been with two or three peers — but the workflow feels familiar enough that I'd trust it for a small project.

Step 4: Running a node

To participate in the network beyond your local machine, you run a node that gossips with other nodes:

# Start the node daemon in the background
rad node start

# Check what you're seeding
rad node status

# Track a repo so your node keeps it replicated
rad node seed rad:z3gqcJUoA1n9HaeesA8YpcwujzNMc7

Enter fullscreen mode Exit fullscreen mode

Nodes form a mesh. When you push to your own copy, the changes propagate to peers who are tracking your repo. There's no "main" server. The repo's availability is the union of every node that's seeding it.

Tradeoffs I've hit so far

I'd be lying if I said this is a drop-in replacement for the centralized workflow. A few honest observations:

  • Discovery is harder. Without a built-in search index, you find repos by sharing IDs out of band, which feels like 1999 Usenet vibes.
  • Web UIs are sparse. There are HTTP gateways for browsing, but the polish isn't where mainstream platforms are. If your team includes non-CLI folks, expect friction.
  • Replication is best-effort. If only you and one other peer have a repo and both go offline, it's effectively gone. Treat it like any other distributed system — your data is only as safe as the number of independent replicas.
  • CI/CD integrations are DIY. You can wire something up via the HTTP API, but you're building the pipeline yourself.

Prevention tips for whatever you choose

Even if you stick with a centralized host, the original incident taught me a few defensive habits worth applying:

  • Mirror automatically. Run a cron job that pushes to a second remote (even a self-hosted bare repo on a cheap VPS). git push --mirror is your friend.
  • Back up the metadata, not just the code. Tools that archive issues and PRs to local files exist for most major platforms — set one up before you need it.
  • Keep collaboration artifacts in-repo when you can. ADRs, design docs, and changelogs in docs/ survive any platform migration. Tickets in a third-party issue tracker do not.
  • Treat your local clone as the source of truth. If everyone on the team has a recent clone, the worst-case recovery is "we lost some PR comments," not "the project is gone."

Peer-to-peer code forges aren't going to dethrone the big platforms next year. But for personal projects, infrastructure repos, or anything where you genuinely care about not having a censor in the loop, the tooling is finally past the fun-science-experiment phase. I'm running a node for my own stuff now. Worst case, it's a fancy backup. Best case, it's the future.