Doesn't seem to be a lot of options for self-hosted/open-core project management software. The existing ones looks pretty bad, and don't come anywhere close to Jira level functionality.
In my experience that's probably a good thing. I've moved from a company using Phabricator to one using Jira. Phabricator had exactly everything we needed and was very nicely designed and worked really nicely.
Jira has everything you need plus loads of other stuff that project managers feel like they need to add. Oh and they'll never clear anything up or fix any config bugs because they don't actually have to ever use the "report bug" form so who cares if there are 100 fields and half of the mandatory ones are hidden in "More fields"? 5 different states for "TODO"? Eh who cares. 3 different ways to say which team a bug is in? Better fill them all in for every bug.
It's better to be missing features than to have features that project managers can configure.
These days I'd be using Github instead, issues there are also nice and simple. I imagine it would ultimately suffer the same fate in a similar situation though (not that I intend to get there ever again).
The problem with Jira is that it's so customisable and always ends up being customised by "process people" who think all problems can be solved by adding just one more field - but simultaneously it's never possible to customise your bit to work the way you want.
(obviously lacks really fine-grain customization that would be found in other jira alternatives)
https://www.atlassian.com/enterprise/data-center
They also offer Government Cloud.
Edit: I looked again and even your pricing pages have no price. I understand that you may want to restrict yourself to rich companies, but I don't understand the point of posting on HN if that's the case.
That being said, we don't recommend the air-gapped version for personal use. Instead, you can use our open-source Community Edition here: https://github.com/makeplane/plane — you can self-host it and disable telemetry entirely.
If they said "implement a backdoor for us or all your non-airgapped customers lose access tomorrow", are you sure the company would be able and willing to say no?
.so is widely used by software companies as a domain availability solution - think Notion. For regulated environments, the domain doesn’t matter, the architecture does.
With air-gapped deployments, Plane doesn’t rely on any external DNS or domains — .so or otherwise. No license pings, no telemetry, no outbound calls. Everything runs in complete isolation, and customers have full control over the environment.
Also worth noting: Plane’s open-source core (AGPLv3) allows for full transparency and auditability. So any notion of a backdoor is counter to how we operate — and how our users deploy us.
This includes Projects + Wiki. More here: https://docs.plane.so/core-concepts/pages/wiki
Here's a blog on how you can switch between products within Plane, https://plane.so/blog/introducing-apprail-plane-new-navigati...
This is an AI writing tell: "It's not just x—it's y."
Know who else uses punctuation? People who write. In fact, that's where the AI got the idea.
It’s not just a typographic choice—it’s a tell!
Pretty much everything that is professionally published does, and lots of people who care about typography do, that.
Not even in marketing.
"Use smart quotes and dashes" is even one of the options on the MacOS keyboard input sources settings.
(Your regular annoying notice that FIPS-compliant crypto is, if anything, marginally less secure than non-FIPS crypto; not that it matters in any material way, just, it's not a flex.)
A week into installation, your cube mate will be complaining that the arrow keys do not work as used to and cannot use alt-tab on the fields, or the color orange and green make their eye hurt. So a ticket is opened, a software update is made, and then the patch is generated. That is 12 month on a good day because all the back track, re-validation, scope creep, auditing, re-validation, third party review, committee blessings, and good idea fairies.
Then you have to get the patch into the environment. Now you need a blood oath from the entire chain of command up to Katie A. where she swears she is going to beat you if you whine about the color scheme again. ;) Three years past, and the changes are implemented. It does not matter because your monitor which had to be TAA compliant and could not be brought in without you soldering everything together is now running off of a hercules video card, yes that green only hercules card. You see only shades of green in the app...
We built the air-gapped edition of Plane exactly for this.
It has support for spaces, real-time collaboration, a rich-text editor, built-in diagrams support and more.
We launched on HN 1 year ago: https://news.ycombinator.com/item?id=40832146
In fact, self-hosting might even do you wrong when things go bad, because AWS is probably better managed and more secure. And they have all their certs, which is legally important.
There are no communication cables between the host system and the wider world.
* air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing.
* In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.
* In 2015, "HELLONE", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.
* Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.
The only way to move data to and from them is for someone to walk across the gap with physical media.
Historically, we did not have wifi and other radio based new fangled data communications. Data connectivity required wires, physical connections. If there was a gap between the two devices that had no wire, just air, that was air gapped. No comms could happen between the two. It is physically isolated. it used to be called "physically isolated" when we used it in the 80's (?). Some say, we stole it from plumbers but that is hogwash (pun intended, you know the backflow prevention thing). I vaguely recall start seeing it late 1990's to 2K in the public?
Mission Impossible 1996 the computer in the room where tom cruise is lowered into the room. That was an example of 90's air-gapped system.
The name stuck because it sounds cool. In my opinion, there is no such thing as true "air-gapped network" any more. There are too many ways to snoop on systems that are isolated, without "physical" and radio connections in the traditional sense (e.g., listen to the "electricity", sounds, power fluctuation, ground vibration, squirrel squeeks).
Spoken as someone who's core differentiator is "self hosted" [0]
Don’t want to pick up annual subscriptions, and don’t want any dependency on a third party company that might not last or will start doubling prices in the future after an acquisition - been burned heaps by that.
> Component: Telemetry
> Cloud / Self-Hosted: Opt-in analytics
> Air-Gapped: Disabled by default
What's the difference?
I wish their docker deployment was normal (only docker-compose.yml), not a shell script that launches docker.
It needs ldap auth and better search capability (fts, boolean, filtering).
UI is clunky; everything is editable all the time, so you might end up accidently editing the ticket contents.
And honestly it does beat a lot of bloated tools out there. But when you need permissioning, history, workflows, audit logs—and your infra lives in a bunker—we try to be the next best thing.
Air-gapped, fast, and without the Jira bloat.
Today, it may include closed private networks with no internet access, still isolated, but with internal connectivity for practical reasons (like backups, logging, or internal auth).
All my software works fine in completely air-gapped environments.
Not hard in principle, just a lot of invisible cleanup to make it truly self-contained. Learned a ton doing it.
If it has a VPN tunnel to some outside server, you shouldn't really call it "self-hosted*
Having worked with airdropped software packaging, next step is a multi node setup.
https://vadosware.io/post/the-future-of-free-and-open-source...
Dread it, run from it, AGPL still arrives. Sustainable F/OSS is the most likely to-still-be-active-5-years-from-now kind of F/OSS.
It used to be the default that self hosted apps didn't telemetry and call home.
I feel there's more than one self hosted foss jira alternative around already, that of course wouldn't telemtry or call home.
Some I used in the past:
https://phacility.com/phabricator/ no longer maintained :-(
I haven't used Phorge, but Phrabricator is easily my favourite tool among the source code portals. The code review system actually works and does not make me tear my hair out. I am completely at a loss why the commercial side of it seemingly failed after all those years, when products such as Bitbucket and Gitlab seem to do well.
A truly airgapped Jira-alternative would be somewhat impractical.
Bit-for-bit reproducible builds are definitely doable, but mean including build dates is tricky, and care needs to be taken with archival file ordering.
Is this such a big departure from the norm? Curious what constitutes normal!
viharkurama•6mo ago
The interesting part: our air-gapped deployment actually runs faster than our SaaS version. Turns out when you eliminate all network latency, things get snappy.
This post covers the technical challenges we solved (supply chain trust, 2GB bundle size, offline licensing) and why regulated industries need alternatives to cloud-only tools like Jira.
vosper•6mo ago
But Jira is not cloud-only?
https://www.atlassian.com/enterprise/data-center
magicalhippo•6mo ago
In any case it was clear it's not for small shops like us.
That said, air-gapped is a hefty requirement, so perhaps those customers are predominantly large?
viharkurama•6mo ago
magicalhippo•6mo ago
We do the similar with our B2B product (in an entirely different niche). We have everything from single-person companies up to very large ones. Similarly we set price based on use-case and requirements.
bpt3•6mo ago
$51k for the smallest license they offer.
I still run an old version on an air gapped network and will continue to do so until we're forced to change for some reason. It's not a hefty requirement; we run it for a team of < 10 developers on a small VM and it just works.
magicalhippo•6mo ago
bigfatkitten•6mo ago
There are lots of very small classified networks out there with only a few dozen users.
There are a lot more user communities course that aren’t necessarily airgapped, but where they have special compliance requirements that pretty much mandate self hosting (or at least bring-your-own cloud.)
jasondc•6mo ago
bpt3•6mo ago
To be more specific, they killed off the legacy Jira Server and now only offer these enterprise versions of Jira and the rest of the suite if you won't move to the cloud.
thaack•6mo ago
bowsamic•6mo ago
GabeIsko•6mo ago
I like the cloud for a lot of reasons. But, making your software worse to make your stock price higher seems like a loser for everyone long term.
magicalhippo•6mo ago
Same experience with JIRA. I read all these negative comments here and elsewhere about how slow and clunky JIRA was, and I couldn't relate at all.
Then I realized all those who complained was using JIRA Cloud and we were using on-prem, and it all made sense.
We've since moved to JIRA Cloud ourselves, and I understand now.
We moved and none of the new places had any viable computer room, so literally had to put the rack in a closet And well, that ain't cutting it for physical access control these days. Thankfully we have very simple flows without any BS, so not too many 1-5 second clicks to get things done.
IshKebab•6mo ago
Even Atlassian doesn't use Jira cloud. Btw it's not "JIRA".
magicalhippo•6mo ago
That would explain a lot.
> Btw it's not "JIRA".
When did they change this? I'm fairly certain[1] it used to be JIRA.
[1]: https://confluence.atlassian.com/jira061
eastbound•6mo ago
joeldo•6mo ago
tomrod•6mo ago
JIRA stands for JIRA Isn't Really Awesome.
esafak•6mo ago
tomrod•6mo ago
latentsea•6mo ago
tomrod•6mo ago
nkrisc•6mo ago
justusthane•6mo ago
mikestaas•6mo ago
tomrod•6mo ago
michaelt•6mo ago
1. Unless major customers are actively closing their accounts due to the poor performance, improving performance isn't a priority.
2. The people who pay for it aren't the people who use it, so the performance can get very, very bad before customers start closing their accounts.
latentsea•6mo ago
hadrien01•6mo ago
uxp100•6mo ago
tikkabhuna•6mo ago
nitwit005•6mo ago
Usually with these tools, the performance problems magically vanish if you disable all the integrations people have set up. My company is constantly denial of service attacking Jira with Github updates, for example.
Edit: typo
rkagerer•6mo ago
It worked great in volume testing in our environment. Their IT department installed it on high end servers (hundreds of cores, incredibly expensive storage subsystems, etc) but users complained of latency, random slowness, etc. IT spent weeks investigating and swore up and down it wasn't their end and must be a software issue. We replicated and completely sanitized production volumes of data to try and recreate locally and couldn't.
Finally I flew down and hosted their entire infrastructure off my laptop for a day (I'll skip all the security safeguards, contract assurances, secure wipes, etc). It flew like a thoroughbread at a racetrack. No latency, instant responsiveness, no timeouts, no hiccups. Their entire staff raved about the difference. The results gave the business unit VP what she needed to bypass the usual, convoluted channels, and someone must have lit a fire under their IT VP - by the end of that day their internal techs identified a misconfiguration on their storage arrays and solved the problem. I can only guess how many other apps were silently suffering for weeks or months on the same array. I joked I'd be happy to sell them a laptop or two for a fraction of their mainframe cost.
nonameiguess•6mo ago
Self-DOSing is exactly what it was.
makeitdouble•6mo ago
Also big enough corps give underpowered machines to the mass of employees (anyone not a dev, designer or lead of something) so latency is just life to them.
zelphirkalt•6mo ago
mschuster91•6mo ago
Jira on-prem was dog slow, yes, especially if it didn't live on the same server as the database. But Jira Cloud? It isn't much faster than that! It's a piece of hot mess. Loading placeholders everywhere. Really I have absolutely zero idea what Atlassian is doing, but I know for sure optimizing for performance is not amongst the things they are doing.
mikestorrent•6mo ago
GoblinSlayer•6mo ago
echelon•6mo ago
The dialogues and context menus took forever to show and page navigation was beyond painful.
We had dedicated engineering for maintaining our Jira and Bitbucket, and they still fell over. We eventually moved back to GitHub. (Our usage went from GitHub on-prem pre-MS -> Bitbucket on-prem -> GitHub cloud post-MS.)
I hate Jira regardless of where it's deployed. It's a beast.
firesteelrain•6mo ago
Well except Bamboo. It’s terrible
time0ut•6mo ago
GoblinSlayer•6mo ago
potato3732842•6mo ago
I have to load half a dozen tabs of new tickets and then cycle through them triaging and defining fields in a collated manner to make it so my time isn't hugely dominated by waiting.
We used to have on-prem and it was probably about an order of magnitude better, but still nowhere near "XP in a VM accessing a site on localhost" level snappy.
bigmattystyles•6mo ago
sam_bristow•6mo ago
Sometimes it feels like Jira is so incredibly configurable but is really missing the "pit of success". There is a way to make it nice to use and reasonably performant, but you really need to go into it with a strong plan. And even then it's really easy to balls it all up in short order if you're not vigilant.
john01dav•6mo ago
crabbone•6mo ago
The annoying part is the amount of garbage fixes in JIRA's UI. For example, because of the loading speed, and me losing patience with it, if I don't wait for the page to finally finish loading and click on the "create" button, then instead of the modal dialog for issue creation, I get a whole new page for issue creation. Both options are atrocious from UX perspective (because usually I need to copy text from the issue I was reading into the issue I'm creating), but at least when it's a modal window, I can pop open the developer tools and delete the modal part that prevents me from copying the text from the issue otherwise blocked from interaction.
Also, it looks like due to speed, some queries simply don't finish on time, and randomly, searches don't find all the issues they should. Especially searches that ask for "s.t. parent issue has such-and-such properties".
Ultimately, JIRA isn't built to scale (ironically, since it's written in Java, which was always defended as being slow for small problems but scaled well). The code has a lot of assumptions about some operations being fast enough to not require buffering / incremental implementation. And sometimes you hit the combos of such unoptimized operations and have to wait minutes for the program to respond.
j45•6mo ago
Out of the box it is pretty generic. When I learned what it could actually do, it revealed itself as a sponge that can uniquely absorb complexity. Having someone familiar with JIRA show the ropes went a long way.
Some of these new development tools are pretty nice though. Variety is good, especially with the changes from Pivotal Tracker, etc going away.
_fat_santa•6mo ago
On-prem is great if everyone is coming into the office, but I think orgs should pay more attention to the "remote experience" of their on-prem tools.
jeron•6mo ago
Notion, take notes
yodon•6mo ago
viharkurama•6mo ago
Msurrow•6mo ago
bobmcnamara•6mo ago
Feds are DMCA immune, so no real recourse.
bigfatkitten•6mo ago
bobmcnamara•6mo ago
atonse•6mo ago
Usually you do have recourse via procurement channels and reps. If you file a complaint with that agency stating that they’re using a license without paying for it, it will result in at least an investigation.
michaelt•6mo ago
I wouldn't. I'd hire some Peter Gibbons type, who only does about 15 minutes of real, actual work in a typical week. Then I'd tell them they can finish early if all their pending cases are closed.
bobmcnamara•6mo ago
https://arstechnica.com/tech-policy/2008/08/air-force-cracks...
atonse•6mo ago
And unpaid software licenses are a violation.
Now maybe the client in this case may have had some kind if ownership clause, etc. but in general, procurement people tend to be pretty neutral in my experience.
Then again, over only dealt with small contracts (< $500k)
GabeIsko•6mo ago
We have had companies outright refuse to even give us a price when we told them we wanted to investigate buying a license. Such a PITA.
bobmcnamara•6mo ago
Hopefully this was fixed, but this was the standing precedent at the time.
unethical_ban•6mo ago
Cthulhu_•6mo ago
bobmcnamara•6mo ago
fc417fc802•6mo ago
> probably be much cheaper than building and maintaining an air-gapped licence solution
I think this is an unwise attitude to take. There's something to be said for a simple picket fence. Even though someone could easily hop it if they wanted to, they lose plausible deniability and in most cases that's all that really matters at the end of the day.
unixhero•6mo ago
isatty•6mo ago
This is the least surprising thing I’ve read all day.
jagged-chisel•6mo ago
- it is not at all surprising that when you remove cruft, code performs batter
- it is not at all surprising that this is not common enough amongst software engineers to even consider these things (competing business interests probably cause this often)
graealex•6mo ago
Seems like engineers forget to test these things nowadays.
Too•6mo ago
I’m more surprised to hear that bug still hasn’t been fixed. Luckily I don’t use Windows myself since many years ago.
chooma•6mo ago
chrisandchris•6mo ago
andy_ppp•6mo ago
sethaurus•6mo ago
zaphirplane•6mo ago
thfuran•6mo ago
andy_ppp•6mo ago
thfuran•6mo ago
andy_ppp•6mo ago
bsoles•6mo ago
Some developers' judgement about needed dependencies can be suspect though: https://news.ycombinator.com/item?id=29241943
Sponge5•6mo ago
red-iron-pine•6mo ago
(presumably read in Adam Something's voice)
thyristan•6mo ago
Cthulhu_•6mo ago
vanschelven•6mo ago
Can't we just read this as "there are 2 wins here: security and performance"?
Which is not surprising, but still a GoodThing(TM) right?
illiac786•6mo ago
spacecadet•6mo ago
beardedwizard•6mo ago