It seems there should be an easy way to use gitlab or github as a public read-only proxy to changes that are released on the private repo. And then going the other way, sucks up PRs from public sites and lovingly integrates them into the "real" repo on my home machine.
Yes. There are security ramifications. There are availability ramifications. I seems slightly to be trying to skirt GitLab's policies they're probably putting into effect to avoid going bankrupt. But the flip-side is I really don't need a wiki or a bug tracker or whatever else GitLab is working on. I would pay a small amount of cash to just get a public repo mirror.
And we all have different ideas about how to make this "easy". I don't mind running scripts on my local host, but would like to avoid polling the public repo to see if someone's posted a PR. I also don't want to have to run a script in a container on the public repo. So would love it if you could set the public repo to proxy PRs to a remote repo.
Just curious if anyone else has similar requirements. Maybe you have a corporate repo and want to mirror it to a public site like GitLab, GitHub or SourceHut. Maybe, like me, *you* just want a remote repo to stash your code but a public location so your home server doesn't melt down that one time someone slashdots your project.
SourceHut seems like it will someday be a competitor, but I'm frightened away by it's "alpha" state.
Maybe there's a market for something that's more ala-carte?
There may be a glitch with this rollout.
If you are hosting game binaries or Shrek the 3rd we might have some problems, but if you have a genuine source code project that shouldn't be a problem unless you become a DDoS target.
Ctrl-f search doesn't work anymore because it lazy loads the file as you scroll, with a very noticable lag at that.
Some repos are inexplicably limited to 50KiB/s.
And yes I have a powerful computer, very good Internet connection with low latency to GitHub.
You don't get SSO user-group mappings in CE, but heh, if you use Terraform that is easy enough to manage manually even at that size.
For recent events, you could look at stuff how VSCode is supposedly Open Source and yet fully ridded with spyware and also propietary plugins...
On github, having MS at the realm has certainly affected too how DMCA's and such are deal with vs the old Github.
As for DMCA, I think you have to talk to the government officials about how badly it works.
Are there any other recent events that I'm forgetting that make MSFT the biggest enemy of FOSS?
How are they an enemy?
[LOL. A previous edit autocorrected "autopush" to "autopsy." Or maybe it was a Freudian slip on my part.]
Thanks for the suggestion, though. I may go ahead with something like this.
I mean, online resources on other peoples' servers cost money.
A better law would be to forbid "free" offerings by companies. They all are fraudulent "free", since you pay a commercial entity with either money or data. And, corporate "free" rarely stays free.
(This also doesn't have to be a new law, but application of false and deceptive advertising relating to the FTC, around the term of "free".)
Edit: Found the rule, already in FTC's federal regs: https://www.ecfr.gov/current/title-16/chapter-I/subchapter-B...
CSS can famously be made turing complete.
The gradual roll out of this change started with a blog post[0] and included in-app notifications for the owners of impacted groups on GitLab.com.
If the group owner did not log in during the in-app notification period, they were then emailed (the email you received today) notifying that the group was impacted.
[0] - https://about.gitlab.com/blog/2022/03/24/efficient-free-tier...
If I want to find out which git hosting to use, it would be great to try out Gitlab, GitHub, and Bitbucket first (and everyone else try them) so we could assess genuine product usefulness as a group rather than rely on Twitter ads or astroturfing here (no bearing on product)
- You can't retry a failed action, be it manually in the UI or automatically under certain conditions.
- workflows have a pretty low limit for number of jobs - 250 or so. We already split our rspec tests across 300 parallel jobs.
- the UX is full of jank. If I click into an in-progress jobs I often can't see prior logs for the in-progress step until the step completes.
There are also some annoyances that aren't really half-baked, but annoying for Monorepos:
- workflows have to be defined under the .github folder. This means workflows can't be collocated with the code they relate to.
- workflows can't be generated dynamically. At best, you can dynamically trigger predefined workflows, but I don't think they get associated with the PR that triggered them. This makes patterns like dynamically dispatching workflows based on, say, a bazel query for affected rdeps more challenging, if not entirely infeasible.
I honestly believe that what we are seeing is the realisation that money and growth isn't infinite and companies need to return to actually turn a profit, not just grow revenue. That's why we're seeing Reddit, Imgur, Gitlab, Meta, Twitter and others implement changes in rapid succession. It not even that I completely disagree with their choices, I just wonder why a dumb ass like myself who knows nothing of business was able to see broken business models years in advance, while Wall Street and Silicon Valley couldn't... Or did they just not care?
So tldr, the greed is a result of systemic forces, corporate structure, interest rates/inflation, and numbers on a spreadsheet.
https://docs.gitlab.com/ee/user/project/repository/mirror/pu...
That said, it looks like the premium features are $29/mo or $99/mo per user regardless if you self-host it or take advantage of their managed SaaS offering. It's somewhat bizarre - there's a lot of costs associated with managing this on-site but no discount for that. I presume they feel that extra overhead cost to the customer of self-hosting breaks even with the perceived or actual added security value of self-managed installations.
I might be reading it wrong, but that's how I see the pricing presented here and associated pages: https://about.gitlab.com/install/ce-or-ee/
EDIT: clarified antecedent
GitLab was drastically cheaper, offering free private repos, and interesting features ahead of GitHub (although IMO always slightly less "sexy" than GitHub, using Ruby on Rails, etc.).
But at the time they gathered (1) serious funding money and (2) influx from MS-asylants their priorities started to change. But they were still the cheaper option for quite some time IIRC. The pandemic and the associated gold-rush/growth in IT pushed the dynamics over the edge I think.
Now their position is not really that different from GitHub's, and I think it is kind of a preference thing.
I can do with both, but I kind of still like the appeal and UX in GitHub. GitLab will always be in my heart, just like ever "Underdog" (even if that was a long time ago).
I could further see myself immediately falling for a third alternative, if it was sexy/unique enough with drastically better UX, and I think that is not even too far fetched.
But there is the thing, GitHub is a platform, not (just) a tool. GitLab still managed to take ground - kudos! That would be the hard part.
To say some service is "Free" (for now) means you're paying something that isn't disclosed. Even if you're paying in time as beta-tester, you're still paying. And you're still paying in data.
Whereas, GitLab on-prem install is largely under MIT license, which is widely considered to be a very permissive license. I could see the FTC coming to similar agreement with that statement.
If anyone else remembers this incident and can link to a source that'd be great for my sanity.
Maybe similar to this: https://news.ycombinator.com/item?id=17214257
I do have a love-hate relationship with MS, but I don't love the fact that they own 80% of my stack (Yes, I know, my choice) between TypeScript, VSCode, NPM, Github, etc..
Also on VSCodium, it only fixes the telemetry bullshit, the custom LSP Plugins that microsoft keeps for themselves or whatever are not available there. so If you want to use for example copilot or other -microsoft official- plugins you can't do so on VSCodium
Also let's add the whole Github Copilot WhiteWashing non-FOSS proprietary code into anyone to steal. Basically breaking the current status quo in favour of the megacorps that can steal it all and respect no licenses
Let's say we have 40 employees who code and 30 employees who create tickets, and we want to get all of the security scanning features that the platform has to offer.
For GitLab, we need the $99/user/month plan because the security features are only available in that subscription. Guest users are completely free, but they're extremely gimped when it comes to issues, so most likely you'll have to have most if not all of your non-coding employees at the $99/user/month tier. Final price is $6930/month (or $3960/month if you can really handle the gimped guests).
For GitHub, you need to pay $19.25/user/month plan for every user and $49/month for every person that commits code for the security features. So that's $1347.50/month for user accounts and $1960 for security features for a total of $3307.50/month.
GitHub is not even half what GitLab wants. It's even less than the gimped guest user experience that you can subject yourself to with GitLab.
The reason so many companies are doing such a terrible job of it right now, is that frankly there aren't many c-levels in tech who are mentally equipped to think about their business that way, and even fewer who have ever been in a position where they had to. Reddit's the latest example of this: 18 years and never been profitable? And Huffman calls himself a libertarian? Good grief.
I'm glad of it. Our industry is filled with basically con-men who have no idea how to run a business profitably (or interest in doing so) but have made up for it by having the right phone numbers etc. It's good that they're being squeezed, because it creates room for people who want to run an honest business.
it used to be:
$0 - for as many users as you wanted
$4 - per user, with some important additional features, including SSO and merge request approvals
$19 - for nearly all the features except very enterprise/security ones
€99 - for all festures.
—-
over the last 2 years they have dropped the $4 option and increased the $19 option.
so now there is a cliff; free for 5: $29 for everything.
Not sure why I would use gitlab over github if thats the up-front hill I will have to climb: for what its worth Perforce also has almost exactly this pricing model and has the games industry by the balls, but perforce has no real competitor.
fwiw I am a gitlab user for 10 years and have advocated for its use, the only reason I haven't migrated off at this point is the switching cost
Plus, I greatly appreciate the transparency of many of the features that Gitlab sells around security outlining exactly which open source tools they use so that you can just go do it yourself on the CI pipeline. The real value for the premium security tier is when you have a team coordinating multiple projects.
I've seen Github try to upsell to enterprise with features that I can just install in a few minutes using the tools that Gitlab tells me about.
Any idea whether they'll eventually chip away at public-visibility open source projects?
"We're not Microsoft" might be GitLab's biggest remaining selling point. And the more savvy open source developers might care disproportionately about that. I'd think GitLab might be trying to lure open source, now that GitHub isn't the warm-fuzzy company that originally landed a lot of it, yet GitHub continues to be the de facto official provider for most major open source projects and ecosystems. Plus that has network effects for landing paying customers. Has GitLab given up on that?
BTW, I'm fine with GitLab charging for non-open-source commercial projects. If your startup has more than 5 users, you probably already have salaries in your burn rate, and GitLab is a relatively small cost, for a critical service. (See: TLC's "No Scrubs".) I've happily paid for GitLab in earlier-stage startups.
The real giveaway though, was the fact that stock dividends - you know, the thing that historically you buy stock for - are basically unheard of among all but the biggest companies in tech (and even unheard of among some of those). We have now an entire generation of leaders in tech for whom profitability has been this kind of abstract notion they didn't have to think about much, which explains why they all seem so ham-fisted now that they're being forced to.
Not sure how frequently you're using GitLab but we recently updated our navigation. Feedback on the new nav is being collected here: https://gitlab.com/gitlab-org/gitlab/-/issues/409005
We've also invested heavily in AI features including Code Suggestions which is free for all users while in beta. You can read more about the AI features in GitLab here: https://about.gitlab.com/solutions/ai/
They're also buggy, and in my experience I keep hitting bugs that are long-tail and therefore never prioritized to actually fix.
That's a great example, actually, because they'd like you to think that VSCode is open source... but then if you actually use that you can't access a rather lot of the most useful extensions, which is a completely artificial limitation that appears to be there only to prevent people from actually using any fork.
Freeware could be a good term, but wouldn't it still have the same nothing-is-free issue that GP brought up calling it "false and deceptive advertising"? The term certainly doesn't connote the "why" behind the offering
We had in our backlog to explore a PoC to try out Github, since the announcement of Copilot X.
Now, with this pricing announcement, this PoC will be transformed into a full migration from Gitlab to Github.
I've been happy moving back to GitHub post Microsoft acquisition. If I ever got fed up with GitHub I find Gitea to be refreshingly simple and does basically everything I need.
I do wish the best for GitLab though and am rooting for them. Any company that makes an OSS model work is one worth having hope for.
This incident was Casey Muratori raising an issue about Windows Terminal performance:
https://github.com/microsoft/terminal/issues/10362
https://twitter.com/cmuratori/status/1522471966929653761
https://hn.algolia.com/?dateEnd=1687287343&dateRange=custom&...
Not really. It was a good point but it wasn't clearcut.
Of course I don't think the VScode situation is great but it's far from being "the biggest enemy of FOSS".
That's why I was wondering if there were any other recent events. I've not been keeping track, truly.
https://www.itprotoday.com/windows-78/inside-story-how-microsofts-open-source-code-theft-was-discoveredI think there is a glitch in your mail or something else is going wrong. I'm currently not in any groups and still got an e-mail telling me that my top level group (starting with 5060) has reached the 5 members limit. Searching for the group also doesn't yield any results whatsoever.
Workflows can also be (sort of, depending on what you mean?) dynamically generated by using tojson and fromjson to feed the output of one job into a matrix.
Full disclosure, I work at Microsoft but nothing to do with GitHub.
or they use "free" to nuke competitors from orbit, salt the ground to ensure nobody can get a dime for a decade in this industry, hoard all the expertise then increase your pricing by orders of magnitude like it happened with Google Maps.
I'm not sure if/when this changed, but you can definitely do this now.
> You can only use success or failure states to trigger other jobs, you can't pass values.
This is also not true: you can pipe environment variables to $GITHUB_OUTPUT which can be referenced by future jobs.
If anything, the main issue with GitHub Actions is that it's confusing, and the docs don't make it easy to understand how to do things at a high level.
1) You can set up Github Actions to automatically close pull requests: https://github.com/marketplace/actions/close-pull-request
2) You can use "interaction limits" (in repository settings, under "moderation options") to limit repository interactions to collaborators. This can only be set for 6 months at a time, though, so you'll need to reactivate it periodically.
3) You can archive the project and unarchive it temporarily when making changes, disabling all activity on the fork.
This scheme is basically dumping, where you (a company) lower the price of your good and then flood the market to kill all competitors. Then when they're good and dead, you jack up the prices to extortionate levels and sit back and get piles of money, from people with no choice.
https://en.wikipedia.org/wiki/Dumping_(pricing_policy)
The last big antitrust push we had was against Microsoft. And after the judge was replaced for improper communication during trial, MS and DoJ settled. Basically, was a huge case then "Oops nevermind".
I wouldn't trust MS with my business as an indie dev, that's all
And I wouldn't trust their -true- intentions on FOSS beyond how their incentives align currently with the space
Here's a question for Gitlab: "Why did you require me to give you an email address to sign up?"
The answer to that question means there is no explaining why they didn't use it first, and followed up with at least a couple updates along the way. This is exactly what the address exists on thier db for.
Now explain why it was not used for it's only legitimate reason for existing in your posession, first, let alone followed up with a few updates as the deadline got closer.
You have a communication channel that not only is good for this, but exists for this exact sole purpose in the first place. If you aren't going to use it for that, then you have no legitimate reason to have it and I want you to delete it.
i just logged in and there is no indication of any limit.
i had to step through every group to find out where the limit was reached.
turns out that there was one group that had two sub groups which added up to 5 members. at the group overview this is listed as "two" (for the two subgroups). it would be very helpful if the group overview (https://gitlab.com/dashboard/groups) would list the total number of people as well as flag every group where the limit is reached or crossed.
but, you say the limit is 5 people. in this group there are exactly 5 people, yet the warning claims 'Your top-level group is over the 5 user limit and has been placed in a read-only state.'
how can that be? 5 is more than 5?
it doesn't matter in my case because this is an old project no longer worked on, so read only is fine, and there is no need to act, but i think you need to work on your system because i am sure there will be more cases like that.
lastly i want to add that while that limit is fine for small businesses, it is an absolute disaster for FOSS projects. FOSS projects don't have the funding to pay for your service, so they won't. their only option is to leave. if any of my projects get any traction then i have no choice but to go look for a more FOSS friendly service. i thought gitlab was that, i wanted to make a point against github and support their most likely competitor by drawing attention to you.
gitlab really does not gain anything by enforcing this limit for FOSS projects. FOSS projects often have many members that are not very active. a busy startup with 5 members probably creates the same activity and uses the same resources as a FOSS project with 50 members because most of those 50 members rarely contribute to the project.
or instead of limiting members, limit how often the more expensive resources are used. like limiting how often the CI is running.
i urge you to consider to allow a higher limit for groups that only have projects that use a FOSS license.
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
You might find it easier to manage those permissions with gitolite if you want to restrict the users to just git access, and to just some repos.
[1] https://about.gitlab.com/blog/2016/07/20/gitlab-is-open-core...
Gitlab is almost certainly the most unethical company I’ve ever seen.
I've found them extremely unreliable both in my free account (every failure takes 1-2 mins away from my 50 minutes!) and in my employers paid subscription so we self run but run into issues with not being able to scale runners enough to meet developers demands.
Its also super annoying that you can't use your own docker containers hosted on ECR on public runners (no way to provide auth)
Yeah this is odd - it's slightly annoying having to docker login as part of jobs.
https://en.wikipedia.org/wiki/Criticism_of_Microsoft
What surprises me is that the tech crowd is so ready to bend over for one of the worst companies on the planet in the software domain. These are the very same people that abused the legal system in every way that they could in order to slow down the adoption rate of open source. They are still doing this today but quietly, for instance by incentivizing municipalities and other government layers to use their software (for free if necessary) just to stop adoption of equivalent open source solutions.
What specifically?
I'm not trying to be difficult, but linking to a lengthy Wikipedia page is not an argument. From a quick glance a number are old, and a number are just non-issues (e.g. "Mono patent concerns", which was just some baseless FUD mentioned by Stallman once almost 15 years ago), but I didn't read the entire page. "Incentivizing municipalities and other government layers to use their software" could just be normal business practice (or something shady – much depends on the details).
I have _no_ groups with the id's mentioned in the email.
Also, I'm a solo hobbyist dev, there are no groups with more than one user in it.
Not seek profit: An organization can accept donations to sustain its work, but it can’t seek to make a profit by selling services, by charging for enhancements or add-ons, or by other means.
so i can't sell services to sustain the project? there is a large difference between earning some money to help fund the project, making barely enough to be able to work on the project fulltime and actually making enough of a profit to afford commercial services.
if i am employed and work on a FOSS project on work time, then i am not selling any services, nor am i making a profit.
if i do exactly the same but as a contractor, then i am selling a service.
you may want to elaborate how you interpret and verify this rule.
also i'd rather have less free services but a more liberal allowance on commercial activity. like a regular free account but without the user limit.
user limits are very frustrating because they prevent me from managing all potential contributors, even if they are not very active.
Github Actions might not be the best but so is Buildkite. It's not exactly strictly better in every way.
Having used all 3 mentioned, it'd be Gitlab > Github > Buildkite for CI/CD for me.
Github wins at least by the sheer community support. Every vendor has an action.
As far as incentivizing municipalities is concerned, they are currently in the docket for anti-trust violations just like they were in the past. Historically MS would swoop in on any governmental org in Europe that would successfully implement FOSS solutions instead of MS based stuff. Not to make money, but just to maintain dominance, another anti-trust play. And they never stopped doing that.
You mention buildkite as something you think is a lot better than GH Actions. I'm curious if you've also used the Gitlab equivalent and can compare (I haven't, really).
I've not tried Gitlab.