I think my productivity would 2x or 3x if gitlab would work on fixing issues with core features such as task planning. There's a lot of minimum viable features that never got improved, especially for those of us on the premium tier.
AI sound cool but at this point I'm just expecting another half baked feature that checks boxes for executives to justify purchasing it.
I fear this is going to be the cause of the slow death of gitlab. They over-promised on far too many features and have underdelivered with many half baked products and MVPs that have been left to rot. I like the product and the company but they clearly tried to do too much in order to gain market share. GitHub needs competition so it would be great for GitLab to thrive, but the state of the product worries me.
I understand your frustration. I recently switched from gitlab to gitea[1] because the feature set is pretty damn close to github and has much more sane UI in comparison to gitlab
I ran a Gitea instance for myself for a while in the past. But I never tried to set up CI with it. Does Gitea support having CI pipelines run for MRs and merges etc, like GitHub and GitLab does? Didn’t see any mention of CI from a very cursory glance at current docs.
Anyone here have set up CI pipelines with Gitea? What was your experience like? Did you make any CI pipelines for Rust code doing things like checking cargo audit, and running cargo clippy, cargo fmt, etc? As well as CI pipelines to automate building and deployment?
I encounter this issue pretty often and it makes code review experience miserable. It's not blocking any work, but it is frustrating enough that for any new project I would try to avoid using Gitlab
And what a typical issue that is. Opened a year ago, initially some requests for internal clarification that went nowhere, plans to be fixed by an upcoming release, then loads of metadata and bot comments with minimal actual work happening, followed by pushing back the release they want to fix it in, followed by reducing its priority, deciding that actually they don't need to fix it and can just throw it on the backlog, more comments about users being affected, and then today a comment that it got brought up in a discussion here:)
Hey - I'm the PM for our Code Review group. Sorry to see you're running in to that issue, it's been a real challenge for us. If you're running in to it pretty often, it'd be great if you could provide some details on what steps you're taking (maybe even record a video) to help us figure out what's going on. For lots of bugs, the hardest thing for us to do is reproduce them... so if you've got a reliable way to do that, it really helps us prioritize things to fix.
> However, I can still reproduce it under certain conditions:
Separately, that's not much of a defense; inconsistent errors are still problems for users. Although, I suppose gitlab only fixing bugs that are 100% reproducible would explain a lot about their product.
GitLab task planning is so terrible we had to give up on it and move to Linear. It's like night and day. I can create ten tickets in Linear in the time it takes me to open the right GitLab board. The good thing is that this has probably saved us money as now fewer people need GitLab licenses.
> AI sound cool but at this point I'm just expecting another half baked feature that checks boxes for executives to justify purchasing it.
Its unfortunate, but just fixing and making an existing product awesome has lower ROI than implementing good-enough features that your competitor has. It may sound stupid, but works business wise.
You have the right level of cynicism, but you should instead direct it at the field of DevSecOps as a whole.
98% of "SecOps" is utterly pointless boxchecking for ass-covering security certifications which waste immense amounts of time and enforce nothing meaningful. You could ABSOLUTELY 10x workflow efficiency there by plumbing the codebase for questions like:
"What are all the OSS libraries you use, and the licenses?"
"What's your test coverage?"
"Do you encrypt your passwords at rest?"
"Are your S3 buckets encrypted?"
instead of wasting developer time answering questionaires nobody reads.
That's a bit unfair, you shouldn't confuse Google (the b2c services that collect a ton of user data to deliver ads) and Google Cloud Platform.
GCP is genuinely quite open. Whereas AWS have the habit of creating proprietary services/making proprietary changes to open source stuff, a lot of what GCP does is based on open source and open standards, done in public, which they themselves push for. Some of their flagship services such as GKE and Cloud Run, their Service Mesh stuff, Cloud Build, etc. run on software open sourced by Google. Of course that's not always the case - BigQuery is fully proprietary, but it's much better than competitor clouds that release the bare minimum publicly to allow consumption, but don't actually make it possible to do the same thing as GCP on your own outside of their environment.
They're implying that the Google brand has such a terrible reputation in terms of privacy that anything touched by it - even if it's just the name - is not trustworthy in many people's eyes. And privacy violations can't be reversed, by the time you have tangible evidence it's too late.
At this point Google is mainly known as online tracking company which loves to cancel projects, and they put a lot of effort into building this image to a point an observer can get the impression it's not an accident.
Maybe GCP, Azure and AWS could pull together the text to train a language model to tell us how to deal with their fucking stupid UIs and arcane terminology. I dread having to use their cloud portals. How do you find a VM by IP address in Azure? that kind of thing.
First, their UI and UX are very different. Azure is by far the worst (as in pretty much all categories) - even their docs suck, with random broken links (even the links to switch the language of the exemple code) and very weird naming schemes, let alone the actual cloud UI. GCP and AWS are quite decent (for AWS you need to know a bit about how they organise things or use the search, but still).
> How do you find a VM by IP address in Azure?
The point is that you probably don't need to/shouldn't. IPs are ephemeral, don't matter and can easily change, and shouldn't be used for anything like identity.
> The point is that you probably don't need to/shouldn't. IPs are ephemeral, don't matter and can easily change, and shouldn't be used for anything like identity.
Hi, the ip 1.2.3.4 seems to be one of our VMs, and it's relaying spam. Which vm is it?
AWS's UI varies dramatically by product, which is both part of the problem with it (lack of a coherent design language leads to confusion) and makes it hard to talk about AWS's UI. Everyone has a different opinion based on which subset of tools they use.
How quickly things change. I read this as “poor Gitlab had to use whatever janky crap Google can put together” - never mind that Google was a leader in the AI space for years. They completely missed this boat and are instantly looking out of touch.
After 5 years of using gitlab, we’re planning to switch back to GitHub exactly because of copilot and the Polish of their other features. The only hesitation is the SSO tax.
After GitLab's price hikes I've checked their income statements and decided to leave as well.
I'm playing with self hosted Gitea and enjoying so far. Really easy to admin and supports oauth2. It doesn't have all GitLab DevSecOps stuff nor powerful project management features, but we never used those in the first place.
Finally, given current market risks, having less vendors is a huge win.
Why not self-host Forgejo or cgit? Or use Codeberg or SourceHut? There's no reason to eat from the Microsoft hand that his historically always came back to bite developers.
GitLab team member here. We published a blog post[0] yesterday that provides an overview of some features you may be interested in: Code Suggestions, Summarize MR Changes, Summarize My MR Review, and Explain this Code. You can find more information about these features via the links from the blog.
One thing I will say is that I notice lately that GitLab seems to throw in the word DevSecOps everywhere these days almost as if an exec has ordered everyone to use it a minimum of 20 times a day. It feels like the marketing people are pushing some kind of buzzword quota.
Nonetheless, will keep an eye on these features before our renewal cycle in September.
There's this rule - it likely has a name, but I don't know what it is - the rule saying that two-syllable names are by far the easiest, most effortless and most likeable ones to deal with (and any popular name that isn't two-syllable will eventually get a diminutive that is).
DevOps is two-syllable, so it stuck. DevSecOps is three-syllable, so it sucks. That's on top of it looking like it was created by means of someone saying "oh oh and also security, and also security!".
> Ironically, CI/CD and issues being well integrated were the reasons we switched to GitLab in the first place. But since then we stopped using issues.
Hah, yes. Do you have any idea how jarring it is to cheer for migrating issues from gitlab to jira? But it turns out that ugly but feature complete is better than easy to work with and missing key features (ever tried searching for something in issue comments? To say nothing of high level task tracking (management wants to know what blockers we have in this multi-step 23-item epic)).
Kiss of death for Gitlab? A temporary bump in profits while being technically assimilated by Google due to a significant portion of profits being directly dependent on Google? Now people who don't want to contribute to Microsoft training data sets on Github and escaped to Gitlab will be forced to contribute to Google's training data or forced to migrate elsewhere.
Also, Google lost the bid on Github when MS acquired them and Gitlab is the next best thing for them to partner with.
Of course "Explain this vulnerability" does not exactly sound like a compelling use case. This press release is hot garbage that adds to Google's problems instead of solving them by being bland, vague, hand wavy, and unspecific.
I think MS has a the vastly superior play here with e.g. co-pilot, partner ships with openai, and a lot of people already using gpt 4 powered plugins in their IDEs.
The right level of ambition for Google & Gitlab would be "Create a pull request to address this vulnerability" or how about "Review this pull request". Gpt 4 can do code reviews with the codeGpt plugins for vs code and intellij. And it actually finds stuff when you do that.
Or they can just wait for MS to roll that out with Github. I have no inside information as to whether they are planning any such thing. But it's an obvious move and they have a lot of the pieces needed for doing a decent effort for that. Including AI that is more than a press release, actually works, and is being used productively by real developers already.
Why does every press release from Google read like "The dog ate my homework. Again.", lately?
GitLab team member here. Thanks for your feedback!
I have added your suggestion with MR/PR to remediate security vulnerabilities to the feedback issue [0] for the explain this vulnerability feature. The issue is linked from the blog post that provides more details [1].
MS is great but I have been waiting for Copilot X for months and no invite. Wondering when they will release the upgrade, it's been a year since no big changes.
Gitlab got their nice IPO pop. At this point I imagine that they would love for Amazon or Google to buy them at a modest premium. As a standalone company, they can't unlock the same synergies that Microsoft/Github can.
It looks like they're picking their suitor now. Google could certainly take a page from the Nadella playbook and use them to bolster their third place cloud offerings. GCP needs an ecosystem of developer tools to give it a shot in the arm.
I predict that the same thing is ultimately going to happen with HuggingFace and the smaller clones (Replicate, etc.) They'll pick a tech giant to partner with, accept a large investment, and eventually look into an acquisition.
Yup, GitLab features are actually fairly good (much better than GitHub IMHO). By far the biggest thing I would ask for is polish. Flesh out existing features, fix bugs, improve UX flows and improve performance.
GitLab team member here. Thanks for your feedback - depth over breadth is a guiding principle for product investments in 2023 (FY24) [0]
Bug fixes, UX improvements and performance improvements are added to the monthly release blog post, for example GitLab 15.11 [1] - in case you want to follow these updates more closely.
GitLab team member here. Thanks for your feedback. I'm curious about what kind of mistakes were made with the Kubernetes Operator [0]? Maybe there are open issues to learn more about your concerns? Thanks!
Why are the links inside the article being redirected through c212.net which in itself redirects to cision.net ? Why not put gitlab links directly inside the article ? What the fuck.
Feels like AI is prompting some sort of tech consolidation pattern getting ready for the "next phase". But there are risks associated with an ever-narrowing set of tech providers, e.g., if this goes in the direction of enhancing lock-in and/or your tech provider becoming your competitor.
The more general (and in some sense gratuitous and unnecessary) risk is the carte-blanche of big tech to pursue any and all business models that are digitally based (e.g. adtech) in any combination they see fit.
Creating and enforcing clear rules about who does what with what responsibilities and liabilities etc would help explore that exciting but also very risky AI enabled "next phase" of IT without constantly second guessing what is really going on and what disasters it might be stoking...
Bizarre choice for a domain huh, googlecloudpresscorner.com…
With all the domains in the world, they pick one that almost looks fake. Why not presscorner.google.com? (Or why not their TLD…)
Anyways, I look forward to some new improvements in Gitlab. Seems a little vague on the details, but I think some different flavors of LLMs should prove interesting. Seems likely it’d spit out different results than what OpenAI might give you.
Might indicate that Gitlab is going the direction of getting swallowed by Google though. Feels like these tech companies are playing Katamari and swallowing up everything to make these massive vertical stacks.
I think it's due to cookies. That's why there's e.g. googleusercontent.com, ggpht.com etc. That way if users find a way to upload malicious content (or e.g. blog is compromised) you can't get users' Google cookies
They have their own tld, .goog, they could surely have put the website under their instead to at least gain some trust, instead of the current abomination of a domain.
Or, you know, just use subdomains which has existed since forever...
Subdomains don't solve the problem, because Google very much intentionally puts the user session cookie on the root of .google.com, thereby sharing with all subdomains.
Yes, but I read that as suggesting they could use their own tld OR use subdomains. If you open a new domain on that tld, you don't need subdomains to protect Google account cookies.
Google's cookie situation is complicated, because they have one login that people expect to work across mail.google.com, docs.google.com, drive.google.com, etc. Without going to a ton of server-side gymnastics, the most seamless way to connect all those properties is to set the session ID cookie on .google.com, allowing access to all subdomains recursively.
There's no way to exclude certain subdomains, so once you've decided to share a cookie between subdomains you have to use a new domain if you want to exclude a site from sharing.
Partnering with the incomprehensibly byzantine andcomplacent architect of the SEOpocalypse AND "late-to-the-ai-party" Google does not give faith that the solution will be more performant or private than Github's copilot.
This is just another in a series of terrible blunders in the last year that has wiped out any goodwill I had towards gitlab. WTF happened, did they get a new CEO or something?
I'm not even sure Google needs to spend the additional ~4B that they need to acquire Gitlab fully (they own a stake already), if Gitlab already agrees to let them train on their data.
How was Github Co pilot trained? None of these companies have revealed their sources. But we still know OpenAI itself trained on the google C4 and Pile databases. Who knows maybe even SciHub aswell. We have moved way past asking, well that is illegal zone. As you might know Pile has over 2 million pirated books in it and it is easily downloadable even after bookzz was confiscated by FBI.
AI sound cool but at this point I'm just expecting another half baked feature that checks boxes for executives to justify purchasing it.