this post was submitted on 14 May 2025
330 points (99.4% liked)

Programming

20211 readers
180 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
UlrikHD@programming.dev
330
GitHub is introducing rate limits for unauthenticated pulls, API calls, and web access (github.blog)
submitted 4 days ago* (last edited 4 days ago) by chaospatterns@lemmy.world to c/programming@programming.dev
138 comments fedilink hide all child comments
 

An update from GitHub: https://github.com/orgs/community/discussions/159123#discussioncomment-13148279

The rates are here: https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28

  • 60 req/hour for unauthenticated users
  • 5000 req/hour for authenticated - personal
  • 15000 req/hour for authenticated - enterprise org
top 50 comments
sorted by: hot top controversial new old
[–] midori_matcha@lemmy.world 69 points 4 days ago

Github is owned by Microsoft, so don't worry, it's going to get worse

[–] bitwolf@sh.itjust.works 9 points 3 days ago* (last edited 3 days ago)

Maybe charge OpenAI for scrapes instead of screwing over your actual customers.

[–] traches@sh.itjust.works 144 points 4 days ago (3 children)

Probably getting hammered by ai scrapers

[–] db0@lemmy.dbzer0.com 13 points 4 days ago

The funny thing is that rate limits won't help them with genai scrapers

[–] potatopotato@sh.itjust.works 11 points 4 days ago

Everything seems to be. There was a period where you could kinda have a sane experience browsing over a VPN or otherwise using a cloud service IP range endpoint but especially the past 6 months or so things have gotten worse exponentially by the week. Everything is moving behind cloudflare or other systems

[–] Lv_InSaNe_vL@lemmy.world 39 points 4 days ago* (last edited 4 days ago) (3 children)

I honestly don't really see the problem here. This seems to mostly be targeting scrapers.

For unauthenticated users you are limited to public data only and 60 requests per hour, or 30k if you're using Git LFS. And for authenticated users it's 60k/hr.

What could you possibly be doing besides scraping that would hit those limits?

[–] chaospatterns@lemmy.world 28 points 4 days ago* (last edited 4 days ago)

You might behind a shared IP with NAT or CG-NAT that shares that limit with others, or might be fetching files from raw.githubusercontent.com as part of an update system that doesn't have access to browser credentials, or Git cloning over https:// to avoid having to unlock your SSH key every time, or cloning a Git repo with submodules that separately issue requests. An hour is a long time. Imagine if you let uBlock Origin update filter lists, then you git clone something with a few modules, and so does your coworker and now you're blocked for an entire hour.

[–] MangoPenguin@lemmy.blahaj.zone 13 points 3 days ago

60 requests per hour per IP could easily be hit from say, uBlock origin updating filter lists in a household with 5-10 devices.

[–] Disregard3145@lemmy.world 7 points 4 days ago (1 children)

I hit those many times when signed out just scrolling through the code. The front end must be sending off tonnes of background requests

[–] Lv_InSaNe_vL@lemmy.world 6 points 4 days ago

This doesn't include any requests from the website itself

[–] hackeryarn@lemmy.world 89 points 4 days ago (6 children)

If Microsoft knows how to do one thing well, it’s killing a successful product.

[–] henfredemars@infosec.pub 30 points 4 days ago (4 children)

I came here looking for this comment. They bought the service to destroy it. It's kind of their thing.

load more comments (4 replies)
load more comments (5 replies)
[–] onlinepersona@programming.dev 44 points 4 days ago (5 children)

I see the "just create an account" and "just login" crowd have joined the discussion. Some people will defend a monopolist no matter what. If github introduced ID checks à la Google or required a Microsoft account to login, they'd just shrug and go "create a Microsoft account then, stop bitching". They don't realise they are being boiled and don't care. Consoomer behaviour.

Anti Commercial-AI license

load more comments (5 replies)
[–] NigelFrobisher@aussie.zone 8 points 3 days ago

Probably because of AI agents. This is why we can’t have nice things.

[–] varnia@lemm.ee 10 points 3 days ago (1 children)

Good thing I moved all my repos from git[lab|hub] to Codeberg recently.

load more comments (1 replies)
[–] tal@lemmy.today 54 points 4 days ago (9 children)

60 req/hour for unauthenticated users

That's low enough that it may cause problems for a lot of infrastructure. Like, I'm pretty sure that the MELPA emacs package repository builds out of git, and a lot of that is on github.

[–] Xanza@lemm.ee 32 points 4 days ago* (last edited 4 days ago) (2 children)

That’s low enough that it may cause problems for a lot of infrastructure.

Likely the point. If you need more, get an API key.

load more comments (2 replies)
load more comments (8 replies)
[–] sturlabragason@lemmy.world 39 points 4 days ago* (last edited 4 days ago) (5 children)

No no, no no no no, no no no no, no no there's no limit

https://forgejo.org/

[–] Xanza@lemm.ee 18 points 4 days ago (1 children)

Until there will be.

I think people are grossly underestimating the sheer size and significance of the issue at hand. Forgejo will very likely eventually get to the same point Github is at right now, and will have to employ some of the same safeguards.

[–] FlexibleToast@lemmy.world 27 points 4 days ago (7 children)

Except Forgejo is open source and you can run your own instance of it. I do, and it's great.

load more comments (7 replies)
load more comments (4 replies)
[–] DoucheBagMcSwag@lemmy.dbzer0.com 14 points 4 days ago

This going to fuck over obtanium?

[–] PurpleStephyr@lemmy.blahaj.zone 4 points 3 days ago

RIP yocto builds

[–] theunknownmuncher@lemmy.world 31 points 4 days ago* (last edited 4 days ago) (1 children)

LOL!!!! RIP GitHub

EDIT: trying to compile any projects from source that use git submodules will be interesting. eg ROCm has more than 60 submodules to pull in 💀

[–] sxan@midwest.social 25 points 4 days ago (8 children)

The Go module system pulls dependencies from their sources. This should be interesting.

Even if you host your project on a different provider, many libraries are on github. All those unauthenticated Arch users trying to install Go-based software that pulls dependencies from github.

How does the Rust module system work? How does pip?

[–] adarza@lemmy.ca 15 points 4 days ago (3 children)

already not looking forward to the next updates on a few systems.

load more comments (3 replies)
load more comments (7 replies)
[–] timewarp@lemmy.world 28 points 4 days ago (2 children)

Crazy how many people think this is okay, yet left Reddit cause of their API shenanigans. GitHub is already halfway to requiring signing in to view anything like Twitter (X).

[–] plz1@lemmy.world 17 points 4 days ago (1 children)

They make you sign in to use search, on code anyways.

load more comments (1 replies)
load more comments (1 replies)
[–] daniskarma@lemmy.dbzer0.com 17 points 4 days ago (19 children)

Open source repositories should rely on p2p. Torrenting repos is the way I think.

Not only for this. At any point m$ could take down your repo if they or their investors don't like it.

I wonder if it would already exist and if it could work with git?

[–] thenextguy@lemmy.world 15 points 4 days ago (2 children)

Git is p2p and distributed from day 1. Github is just a convenient website. If Microsoft takes down your repo, just upload to another system. Nothing but convenience will be lost.

[–] witten@lemmy.world 9 points 4 days ago (2 children)

Not entirely true. You lose tickets and PRs in that scenario.

load more comments (2 replies)
[–] samc@feddit.uk 9 points 4 days ago (3 children)

The project's official repo should probably exist in a single location so that there is an authoritative version. At that point p2p is only necessary if traffic for the source code is getting too expensive for the project.

Personally I think the source hut model is closest to the ideal set up for OSS projects. Though I use Codeberg for my personal stuff because I'm cheap and lazy

load more comments (3 replies)
load more comments (17 replies)
[–] Sunshine@lemmy.ca 25 points 4 days ago (2 children)

!codeberg@programming.dev

load more comments (2 replies)
[–] ozoned@piefed.social 20 points 4 days ago

Wow so surprising, never saw this coming, this is my surprised face. :-l

[–] bigkahuna1986@lemmy.ml 23 points 4 days ago (4 children)

Just browsing GitHub I've got this limit

load more comments (4 replies)
[–] atzanteol@sh.itjust.works 19 points 4 days ago (1 children)

The enshittification begins (continues?)...

load more comments (1 replies)
[–] irelephant@programming.dev 14 points 4 days ago

Its always blocked me from searching in firefox when I'm logged out for some reason.

[–] brachiosaurus@mander.xyz 8 points 4 days ago (1 children)

I have a question: why do lemmy dev keep using microsoft github?

load more comments (1 replies)
load more comments
view more: next ›