Github 2-factor authentication vs mainland China

Quick(?) question – are there any other SC contributors located in mainland China, who have any idea how to deal with the upcoming github mandatory 2FA?

Perhaps it’s just because I’m having an exceptionally bad day with work, but… I don’t have time to try to make sense of this right now.

2FA isn’t in itself a bad thing, but Western IT entities commonly assume access to resources that are not uniformly accessible everywhere in the world. E.g., Countries where SMS authentication is supported – notice anything missing around the “Ch”-es? Well then, “… you can set up authentication via a TOTP mobile application…” but if that mobile app tries to access IP addresses that are banned here, and if I have trouble with VPN on my phone, then… I would be effectively kicked out.

Really didn’t need this today.



It seems to be a problem. It’s just ridiculous, it should be easy to support SMS code in China.

I don’t know if it will help, but on github some people mentioned Authy, installed via a apkmirror.

Another method, set your 2fa as a security key, and save it in a usb device like this

Out of curiosity, has a switch to gitlab already been discussed?

1 Like

Will read that over later when I have time, at a glance looks useful.

I can’t shake the feeling that github might be taking a deliberately hostile position toward Chinese users, since The Great Firewall bans the site (over some repositories that hosted forbidden texts). I use other sites that sometimes have to send SMS or call my mobile and the failure rate is not zero, but scarcely noticeable. I don’t quite believe github’s rationale here.


1 Like

Can we please keep (geo)politics out of here? One the one hand, I am very tempted to counter your views on this matter, but on the other hand, I don’t want this thread to derail into a political discussion. There are other, better places for this.

FWIW, I also think that GitHub’s 2FA sucks big time.


was talking about the particular problem in China.

With some rather hot takes.

If we stop discussing art, different ideas about computing, life, and fallback into that kind of list… I quit.

Nobody wants that (including me). It’s just that a geo-politics discussion is off-topic for this thread (which is about a specific technical problem and possible solutions).

Microsoft is a monopoly? I thought we were a free software and artists community. Or the part of new kinds of ‘hybrid’ wars nowadays? That’s not controversial either. Sorry, I consider my takes very rational, after experience and study. I share with sincerity and love. Sorry if it annoyed you.

Rather your paragraph about the purpose of the Great Firewall (unless I completely misunderstood it).

1 Like

I hope you don’t think Facebook is a democratic institution, and has nothing to do without anything else, like… capital and imperialism? I lived in countries that went crazy because of hybrid wars, I think nations have the right to protect themselves from things like those. I didn’t talk about HOW they do it. If your concern is with civil liberties, I have bad news for you, capitalist monopolies aren’t that great either, and usually don’t lift 800 million people from poverty (only possible in a sovereign state, impossible in a colony). btw a dear friend wrote this research, very good read:

@jamshark70 have you done the basic step of trying a TOTP app? It’s super easy and the protocol is offline and app agnostic by design. I use Aegis personally.


Yes, I read it worked with Authy, but on a mirror repo since the US blocked google store in China. The usb key seems to be simple too, it’s quite cheap.

I don’t ignore the bad stuff, what some call civilization, others call colonial policy. It’s brutal.

Read Tings’ essay I sent you, it’s very good.

I would strongly support this - the mandatory 2FA is only one among several problems with this platform. We should have evacuated it the moment GitHub was taken over by Microsoft.

Gitea and Gitlab are really good and decentralized platforms - Gitlab even has experimental support for activity pub!
The only thing missing is Github Actions and their free runners :confused: Maybe we can still use the resources of Github Actions but not rely on their workflow?

I also strongly encourage any political discussion about the infrastructure of SuperCollider! The community is responsible for its manoeuvring through the interests of various powerful parties, and we should use the momentum of SC to support countermeasures against these tactics.
I also believe that GPL-3.0 implies moral obligations, i.e. solidarity and support of other FOSS projects.


If it’s not GitLab Community Edition on your server, you don’t control the computing anyway. When the sc project migrated to github, I don’t think many thought about this problem. Now a lot of information (not the git code, but discussions, issues bugs, etc, etc etc) can only be migrated if they allow you to do.

I’m not sure this was for me, but you’re saying I attacked another person based on political or religious affiliation? I think it was the other way around. (Not that I care)

Hi Bernardo no I did not mean this for you specifically, simply a caution that we should all take care not to to let our conversations go down this road.

1 Like

I think the code should say you must respect political affiliation, religion, etc. Not that you must not talk about it. There was one message that was frankly pejorative, and it was not mine. I’m against censorship, but I also respect everybody position on any topic.

I would certainly support a move off of Github, but this particular problem has an easy technical solution.

Don’t use any weird third-party authenticator apps, simply use:

$ oathtool --totp '123456'

Where “123456” is your TOTP code. It will give the same output as Google Authenticator, etc.

Companies really tend to obfuscate how unnecessary authenticator apps are.


No way it’s that simple! ))))))