393
GitLab is reportedly up for sale (www.developer-tech.com)
you are viewing a single comment's thread
view the rest of the comments
[-] barsquid@lemmy.world 12 points 4 months ago

Here is the one where I decided to never trust their code: https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/

As if that isn't bad enough, I am pretty sure they have had other incidents.

[-] 0x0@lemmy.dbzer0.com 13 points 4 months ago

I used to host a Gitlab instance at work. It was dog slow so I started digging into it and discovered they had a serious memory leak in some of their "unicorns," aka Ruby tasks. Instead of fixing the source of the leak they tacked on a "unicorn killer" that periodically killed tasks. The tasks were supposed to be atomic anyway, so this is technically fine (and maybe a good thing in the long run for correctness a la Netflix's Chaos Monkey) but I found myself kind of disgusted by the solution. I dropped it and went for a much sparser Git repo web server.

[-] barsquid@lemmy.world 1 points 4 months ago

That's disappointing. They are pretty consistently choosing the wrong thing. I don't think they know what they're doing.

Unicorn killer does sound great for testing. If they wrote tests around anything I'd be surprised, though. LOL.

If you don't need all the user management and whatever else it definitely doesn't make sense to run their junk.

[-] FizzyOrange@programming.dev 2 points 4 months ago

They do have a ton of tests actually. In their defence, if this task is doing Git things then just killing it when it goes badly is probably the best you can do. Git itself is quite buggy if you stray from the most basic setup. I've had it almost completely destroy my .git directory in the past when using submodules.

On the other hand, Gitlab itself is an enormous entirely untyped Ruby monster, with extremely difficult to follow code. Not in terms of individual functions - except for the lack of types mean you can't really know what they do, they are quite clear and well written. The issue is the control flow between parts of the system. It's difficult to know what calls what, so I'm not surprised they occasionally have to give up.

I had a play with Deno's Fresh web framework recently (Typescript/TSX but mainly server rendered). IMO it's light years ahead of other solutions.

You get full amazing Typescript typing, including in templates (unlike Go for example), but unlike React you don't have to deal with JavaScript tooling or complex client side state management. It's a real breath of fresh air. (Ha that wasn't even intentional.)

load more comments (6 replies)
load more comments (6 replies)
this post was submitted on 29 Jul 2024
393 points (99.5% liked)

Programming

17314 readers
70 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS