this post was submitted on 14 May 2025

323 points (99.4% liked)

Programming

20182 readers

213 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago

MODERATORS

[email protected]

323

GitHub is introducing rate limits for unauthenticated pulls, API calls, and web access (github.blog)

submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

138 comments fedilink hide all child comments

An update from GitHub: https://github.com/orgs/community/discussions/159123#discussioncomment-13148279

The rates are here: https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28

60 req/hour for unauthenticated users
5000 req/hour for authenticated - personal
15000 req/hour for authenticated - enterprise org

(page 3) 38 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 2 days ago (1 children)

is authenticated like when you use a private key with git clone? stupid question i know

also this might be terrible if you subscribe to filter lists on raw github in ublock or adguard

load more comments (1 replies)

[–] [email protected] -3 points 2 days ago (3 children)

This is specific to the GH REST API I think, not operations like doing a git clone to copy a repo to local machine, etc.

load more comments (3 replies)

[–] [email protected] 11 points 2 days ago (1 children)

Good thing git is “federated” by default.

load more comments (1 replies)

[–] [email protected] 28 points 2 days ago (2 children)

Crazy how many people think this is okay, yet left Reddit cause of their API shenanigans. GitHub is already halfway to requiring signing in to view anything like Twitter (X).

[–] [email protected] 17 points 2 days ago (1 children)

They make you sign in to use search, on code anyways.

load more comments (1 replies)

[–] [email protected] 11 points 2 days ago (3 children)

THIS is why I clone all my commonly used Repos to my personal gitea instance.

[–] [email protected] 7 points 2 days ago (2 children)

I recently switched my instance from gitea to forgejo because everyone said to do it and it was easy to do.

load more comments (2 replies)

[–] [email protected] 19 points 2 days ago (1 children)

The enshittification begins (continues?)...

[–] [email protected] 3 points 2 days ago

just now? :)

[–] [email protected] 25 points 2 days ago (2 children)

[email protected]

load more comments (2 replies)

[–] [email protected] 31 points 2 days ago* (last edited 2 days ago) (1 children)

LOL!!!! RIP GitHub

EDIT: trying to compile any projects from source that use git submodules will be interesting. eg ROCm has more than 60 submodules to pull in 💀

[–] [email protected] 25 points 2 days ago (8 children)

The Go module system pulls dependencies from their sources. This should be interesting.

Even if you host your project on a different provider, many libraries are on github. All those unauthenticated Arch users trying to install Go-based software that pulls dependencies from github.

How does the Rust module system work? How does pip?

[–] [email protected] 15 points 2 days ago (1 children)

already not looking forward to the next updates on a few systems.

[–] [email protected] 9 points 2 days ago (2 children)

Yeah this could very well kill some package managers. Without some real hard heavy lifting.

load more comments (2 replies)

load more comments (7 replies)

[–] [email protected] 39 points 2 days ago* (last edited 2 days ago) (4 children)

No no, no no no no, no no no no, no no there's no limit

https://forgejo.org/

[–] [email protected] 2 points 2 days ago

No, no limits, we'll reach for the skyyyy

[–] [email protected] 5 points 2 days ago (1 children)

Dude, this is cool!

[–] [email protected] 7 points 2 days ago

It works really well too. I have an instance.

[–] [email protected] 18 points 2 days ago (1 children)

Until there will be.

I think people are grossly underestimating the sheer size and significance of the issue at hand. Forgejo will very likely eventually get to the same point Github is at right now, and will have to employ some of the same safeguards.

[–] [email protected] 27 points 2 days ago (7 children)

Except Forgejo is open source and you can run your own instance of it. I do, and it's great.

load more comments (7 replies)

load more comments (1 replies)

[–] [email protected] 88 points 2 days ago (2 children)

If Microsoft knows how to do one thing well, it’s killing a successful product.

[–] [email protected] 30 points 2 days ago (4 children)

I came here looking for this comment. They bought the service to destroy it. It's kind of their thing.

load more comments (4 replies)

[–] [email protected] 12 points 2 days ago (1 children)

RIP Skype

[–] [email protected] 14 points 2 days ago (2 children)

we could have had bob or clippy instead of 'cortana' or 'copilot'

[–] [email protected] 14 points 2 days ago (1 children)

Microsoft really should have just leaned into it and named it Clippy again.

load more comments (1 replies)

[–] [email protected] 54 points 2 days ago (3 children)

60 req/hour for unauthenticated users

That's low enough that it may cause problems for a lot of infrastructure. Like, I'm pretty sure that the MELPA emacs package repository builds out of git, and a lot of that is on github.

[–] [email protected] 32 points 2 days ago* (last edited 2 days ago) (2 children)

That’s low enough that it may cause problems for a lot of infrastructure.

Likely the point. If you need more, get an API key.

load more comments (2 replies)

[–] [email protected] 11 points 2 days ago (6 children)

Do you think any infrastructure is pulling that often while unauthenticated? It seems like an easy fix either way (in my admittedly non devops opinion)

[–] [email protected] 6 points 2 days ago

If I’m using Ansible or something to pull images it might get that high.

Of course the fix is to pull it once and copy the files over, but I could see this breaking prod for folks who didn’t write it that way in the first place

load more comments (5 replies)

load more comments (1 replies)

[–] [email protected] 23 points 2 days ago (3 children)

Just browsing GitHub I've got this limit

[–] [email protected] 11 points 2 days ago

i've hit it many times so far.. even as quick as the second page view (first internal link clicked) after more than a day or two since the last visit (yes, even with cleaned browser data or private window).

it's fucking stupid how quick they are to throw up a roadblock.

[–] [email protected] 142 points 2 days ago (3 children)

Probably getting hammered by ai scrapers

[–] [email protected] 100 points 2 days ago (2 children)

you mean, doin' what microsoft and their ai 'partners' do to others?

Also, as Microsoft appears to have recognized scraping for AI training as a problem, are you seizing your own scraping activities on public code and the larger web or is this a case of double standards?

load more comments (2 replies)

load more comments