Doesn't seem to be a lot of options for self-hosted/open-core project management software. The existing ones looks pretty bad, and don't come anywhere close to Jira level functionality.
In my experience that's probably a good thing. I've moved from a company using Phabricator to one using Jira. Phabricator had exactly everything we needed and was very nicely designed and worked really nicely.
Jira has everything you need plus loads of other stuff that project managers feel like they need to add. Oh and they'll never clear anything up or fix any config bugs because they don't actually have to ever use the "report bug" form so who cares if there are 100 fields and half of the mandatory ones are hidden in "More fields"? 5 different states for "TODO"? Eh who cares. 3 different ways to say which team a bug is in? Better fill them all in for every bug.
It's better to be missing features than to have features that project managers can configure.
(obviously lacks really fine-grain customization that would be found in other jira alternatives)
https://www.atlassian.com/enterprise/data-center
They also offer Government Cloud.
Edit: I looked again and even your pricing pages have no price. I understand that you may want to restrict yourself to rich companies, but I don't understand the point of posting on HN if that's the case.
That being said, we don't recommend the air-gapped version for personal use. Instead, you can use our open-source Community Edition here: https://github.com/makeplane/plane — you can self-host it and disable telemetry entirely.
If they said "implement a backdoor for us or all your non-airgapped customers lose access tomorrow", are you sure the company would be able and willing to say no?
This includes Projects + Wiki. More here: https://docs.plane.so/core-concepts/pages/wiki
Here's a blog on how you can switch between products within Plane, https://plane.so/blog/introducing-apprail-plane-new-navigati...
This is an AI writing tell: "It's not just x—it's y."
Know who else uses punctuation? People who write. In fact, that's where the AI got the idea.
(Your regular annoying notice that FIPS-compliant crypto is, if anything, marginally less secure than non-FIPS crypto; not that it matters in any material way, just, it's not a flex.)
A week into installation, your cube mate will be complaining that the arrow keys do not work as used to and cannot use alt-tab on the fields, or the color orange and green make their eye hurt. So a ticket is opened, a software update is made, and then the patch is generated. That is 12 month on a good day because all the back track, re-validation, scope creep, auditing, re-validation, third party review, committee blessings, and good idea fairies.
Then you have to get the patch into the environment. Now you need a blood oath from the entire chain of command up to Katie A. where she swears she is going to beat you if you whine about the color scheme again. ;) Three years past, and the changes are implemented. It does not matter because your monitor which had to be TAA compliant and could not be brought in without you soldering everything together is now running off of a hercules video card, yes that green only hercules card. You see only shades of green in the app...
It has support for spaces, real-time collaboration, a rich-text editor, built-in diagrams support and more.
We launched on HN 1 year ago: https://news.ycombinator.com/item?id=40832146
In fact, self-hosting might even do you wrong when things go bad, because AWS is probably better managed and more secure. And they have all their certs, which is legally important.
There are no communication cables between the host system and the wider world.
* air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing.
* In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.
* In 2015, "HELLONE", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.
* Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.
Historically, we did not have wifi and other radio based new fangled data communications. Data connectivity required wires, physical connections. If there was a gap between the two devices that had no wire, just air, that was air gapped. No comms could happen between the two. It is physically isolated. it used to be called "physically isolated" when we used it in the 80's (?). Some say, we stole it from plumbers but that is hogwash (pun intended, you know the backflow prevention thing). I vaguely recall start seeing it late 1990's to 2K in the public?
Mission Impossible 1996 the computer in the room where tom cruise is lowered into the room. That was an example of 90's air-gapped system.
The name stuck because it sounds cool. In my opinion, there is no such thing as true "air-gapped network" any more. There are too many ways to snoop on systems that are isolated, without "physical" and radio connections in the traditional sense (e.g., listen to the "electricity", sounds, power fluctuation, ground vibration, squirrel squeeks).
Don’t want to pick up annual subscriptions, and don’t want any dependency on a third party company that might not last or will start doubling prices in the future after an acquisition - been burned heaps by that.
> Component: Telemetry
> Cloud / Self-Hosted: Opt-in analytics
> Air-Gapped: Disabled by default
What's the difference?
I wish their docker deployment was normal (only docker-compose.yml), not a shell script that launches docker.
It needs ldap auth and better search capability (fts, boolean, filtering).
UI is clunky; everything is editable all the time, so you might end up accidently editing the ticket contents.
All my software works fine in completely air-gapped environments.
viharkurama•11h ago
The interesting part: our air-gapped deployment actually runs faster than our SaaS version. Turns out when you eliminate all network latency, things get snappy.
This post covers the technical challenges we solved (supply chain trust, 2GB bundle size, offline licensing) and why regulated industries need alternatives to cloud-only tools like Jira.
vosper•9h ago
But Jira is not cloud-only?
https://www.atlassian.com/enterprise/data-center
magicalhippo•9h ago
In any case it was clear it's not for small shops like us.
That said, air-gapped is a hefty requirement, so perhaps those customers are predominantly large?
viharkurama•9h ago
magicalhippo•9h ago
We do the similar with our B2B product (in an entirely different niche). We have everything from single-person companies up to very large ones. Similarly we set price based on use-case and requirements.
bpt3•9h ago
$51k for the smallest license they offer.
I still run an old version on an air gapped network and will continue to do so until we're forced to change for some reason. It's not a hefty requirement; we run it for a team of < 10 developers on a small VM and it just works.
magicalhippo•9h ago
bigfatkitten•8h ago
There are lots of very small classified networks out there with only a few dozen users.
There are a lot more user communities course that aren’t necessarily airgapped, but where they have special compliance requirements that pretty much mandate self hosting (or at least bring-your-own cloud.)
jasondc•9h ago
bpt3•9h ago
To be more specific, they killed off the legacy Jira Server and now only offer these enterprise versions of Jira and the rest of the suite if you won't move to the cloud.
thaack•9h ago
magicalhippo•9h ago
Same experience with JIRA. I read all these negative comments here and elsewhere about how slow and clunky JIRA was, and I couldn't relate at all.
Then I realized all those who complained was using JIRA Cloud and we were using on-prem, and it all made sense.
We've since moved to JIRA Cloud ourselves, and I understand now.
We moved and none of the new places had any viable computer room, so literally had to put the rack in a closet And well, that ain't cutting it for physical access control these days. Thankfully we have very simple flows without any BS, so not too many 1-5 second clicks to get things done.
IshKebab•9h ago
Even Atlassian doesn't use Jira cloud. Btw it's not "JIRA".
magicalhippo•9h ago
That would explain a lot.
> Btw it's not "JIRA".
When did they change this? I'm fairly certain[1] it used to be JIRA.
[1]: https://confluence.atlassian.com/jira061
eastbound•9h ago
joeldo•8h ago
tomrod•7h ago
JIRA stands for JIRA Isn't Really Awesome.
esafak•2h ago
mikestaas•7h ago
tomrod•6h ago
michaelt•6h ago
1. Unless major customers are actively closing their accounts due to the poor performance, improving performance isn't a priority.
2. The people who pay for it aren't the people who use it, so the performance can get very, very bad before customers start closing their accounts.
latentsea•3h ago
uxp100•9h ago
tikkabhuna•8h ago
nitwit005•7h ago
Usually with these tools, the performance problems magically vanish if you disable all the integrations people have set up. My company is constantly denial of service attacking Jira with Github updates, for example.
Edit: typo
rkagerer•1h ago
It worked great in volume testing in our environment. Their IT department installed it on high end servers (hundreds of cores, incredibly expensive storage subsystems, etc) but users complained of latency, random slowness, etc. IT spent weeks investigating and swore up and down it wasn't their end and must be a software issue. We replicated and completely sanitized production volumes of data to try and recreate locally and couldn't.
Finally I flew down and hosted their entire infrastructure off my laptop for a day (I'll skip all the security safeguards, contract assurances, secure wipes, etc). It flew like a thoroughbread at a racetrack. No latency, instant responsiveness, no timeouts, no hiccups. Their entire staff raved about the difference. The results gave the business unit VP what she needed to bypass the usual, convoluted channels, and someone must have lit a fire under their IT VP - by the end of that day their internal techs identified a misconfiguration on their storage arrays and solved the problem. I can only guess how many other apps were silently suffering for weeks or months on the same array. I joked I'd be happy to sell them a laptop or two for a fraction of their mainframe cost.
makeitdouble•6h ago
Also big enough corps give underpowered machines to the mass of employees (anyone not a dev, designer or lead of something) so latency is just life to them.
zelphirkalt•8h ago
mschuster91•8h ago
Jira on-prem was dog slow, yes, especially if it didn't live on the same server as the database. But Jira Cloud? It isn't much faster than that! It's a piece of hot mess. Loading placeholders everywhere. Really I have absolutely zero idea what Atlassian is doing, but I know for sure optimizing for performance is not amongst the things they are doing.
mikestorrent•1h ago
echelon•7h ago
The dialogues and context menus took forever to show and page navigation was beyond painful.
We had dedicated engineering for maintaining our Jira and Bitbucket, and they still fell over. We eventually moved back to GitHub. (Our usage went from GitHub on-prem pre-MS -> Bitbucket on-prem -> GitHub cloud post-MS.)
I hate Jira regardless of where it's deployed. It's a beast.
firesteelrain•6h ago
Well except Bamboo. It’s terrible
time0ut•6h ago
bigmattystyles•3h ago
john01dav•3h ago
jeron•9h ago
Notion, take notes
yodon•9h ago
viharkurama•9h ago
Msurrow•9h ago
bobmcnamara•8h ago
Feds are DMCA immune, so no real recourse.
bigfatkitten•8h ago
bobmcnamara•5h ago
atonse•7h ago
Usually you do have recourse via procurement channels and reps. If you file a complaint with that agency stating that they’re using a license without paying for it, it will result in at least an investigation.
michaelt•6h ago
I wouldn't. I'd hire some Peter Gibbons type, who only does about 15 minutes of real, actual work in a typical week. Then I'd tell them they can finish early if all their pending cases are closed.
bobmcnamara•5h ago
https://arstechnica.com/tech-policy/2008/08/air-force-cracks...
bobmcnamara•5h ago
Hopefully this was fixed, but this was the standing precedent at the time.
unethical_ban•5h ago
fc417fc802•7h ago
> probably be much cheaper than building and maintaining an air-gapped licence solution
I think this is an unwise attitude to take. There's something to be said for a simple picket fence. Even though someone could easily hop it if they wanted to, they lose plausible deniability and in most cases that's all that really matters at the end of the day.
unixhero•7h ago
isatty•6h ago
This is the least surprising thing I’ve read all day.
jagged-chisel•3h ago
- it is not at all surprising that when you remove cruft, code performs batter
- it is not at all surprising that this is not common enough amongst software engineers to even consider these things (competing business interests probably cause this often)
graealex•2h ago
Seems like engineers forget to test these things nowadays.
Too•27m ago
I’m more surprised to hear that bug still hasn’t been fixed. Luckily I don’t use Windows myself since many years ago.
chooma•3m ago
beardedwizard•2h ago