If your IP (and possible your browser) looks “suspicious” or has been used by other users before, you need to add additional information for registration on gitlab.com, which includes your mobile phone number and possibly credit card information. Since it is not possible to contribute or even report issues on open source projects without doing so, I do not think any open source project should use this service until they change that.

Screenshot: https://removed/XsfcfHf/gitlab.png

  • f00f/eris
    link
    fedilink
    English
    15810 months ago

    I remember when gitlab.com was the most accessible alternative to GitHub out there, but it seems they’re only interested in internal enterprise usage now. Their main page was already completely unreadable to someone not versed in enterprise tech marketing lingo, and now this.

    Thankfully Gitea and Forgejo have gotten better in the meantime, with Codeberg as a flagship instance of the latter.

    • @[email protected]
      link
      fedilink
      English
      6710 months ago

      On a tangent, why are all of these companies pushing AI programming? This shit isn’t nearly as functional as they make it seem and all the beginners who try it are constantly asking questions about why their generated code doesn’t work

      • @agent_flounder
        link
        English
        6310 months ago

        We are in the hype cycle so everyone is going bananas and there’s money to be made prior to the trough of disillusionment.

        • Goku
          link
          5
          edit-2
          10 months ago

          Haha so true.

          I tried to use chatgpt to convert a monstrosity of a SQL query to a sqlalchemy query and it failed horribly.

      • lemmyvore
        link
        fedilink
        English
        40
        edit-2
        10 months ago

        It’s their wet dream. Making software without programmers.

        Execs have never cared about the technology or the engineering side of it. If you could make software by banging on a pot while dancing naked around the fire, they’d have been ok with that.

        And now that AI has come along that’s basically what it looks like to them.

      • Dr. Jenkem
        link
        fedilink
        English
        2710 months ago

        VC’s and companies like OpenAI have done a really good job of propagandizing AI (LLMs). People think it’s magical and the future, so there’s money in saying you have it.

      • TimeSquirrel
        link
        fedilink
        17
        edit-2
        10 months ago

        the beginners who try it are constantly asking questions about why their generated code doesn’t work

        Because it ain’t here to generate all their code for them. It’s a glorified autocomplete and suggestion engine. When are people gonna get this? (not you, just in general)

        I use CoPilot myself, but if you have absolutely no idea what you’re doing yourself, you and CoPilot will both quickly hit a dead end together. It doesn’t actually understand what you want the code to do. Only what is similar to what you have already written or prompted for, which may be some garbage picked up from a noob on the web somewhere. Books and research using your meatbrain are still very much needed.

        • @devfuuu
          link
          710 months ago

          It’s not in the interest of all the techbros to sell the new age AIshit as something less that can only do such small thing. They need to hype the shit out of it to get all the crazy investors money that understand nothing about it but only see AI buzzwords everywhere and need to go for it now because of FOMO.

          It’s only gonna get much worse before it is toned down to appropriate usage.

        • @DrQuint
          link
          English
          2
          edit-2
          10 months ago

          Don’t even need to make it about code. I once asked what a term meant in a page full of a certain well known FOSS application’s benchmarks page. It gave me a lot of garbage that was unrelated because it made an assumption about the term, exactly the assumption I was trying to avoid. I try to deviate it away from that, and it fails to say anything coherent and then loops back and gives that initial attempt as the answer again. I was stuck unable from stopping it from hallucinating.

          How? Why?

          Basically, it was information you could only find by looking at the github code, and it was pretty straightforward - but the LLM sees “benchmark” and it must therefore make a bajillion assumptions.

          Even if asked not to.

          I have a conclusion to make. It does do the code thing too, and it is directly related. Once asked about a library, and it found a post where someone was ASKING if XYZ was what a piece of code was for - and it gave it out as if it was the answer. It wasn’t. And this is the root of the problem:

          AI’s never say “I don’t know”.

          It must ALWAYS know. It must ALWAYS assume something, anything, because not knowing is a crime and it won’t commit it.

          And that makes them shit.

      • Badabinski
        link
        fedilink
        12
        edit-2
        10 months ago

        Because greedy investors are gullible and want to make money from the jobs they think AI will displace. They don’t know that this shit doesn’t work like they’ve been promised. The C-levels at Gitlab want their money (gotta love publicly traded companies), and nobody is listening to the devs who are shouting that AI is great at writing security vulnerabilities or just like, totally nonfunctioning code.

      • @[email protected]
        link
        fedilink
        110 months ago

        I’m hyped about AI assisted programming and even agent driven projects (writing their own code, submitting pull requests etc) but I also agree that it seems just too early to actually put money behind it.

        Its just so marginal so far, the UI/HMI has too much friction still and the output without skilled programming assistance is too limited.

    • Anarch157a
      link
      1210 months ago

      For my private repos, hosted on my home server, I moved from Gitlab to Forgejo (Git, artifacts and containers images) and Woodpecker for CI builds. Woodpecker is not as powerful and feature complete as Gitlab, but for simpler needs it gets the job done.

  • @[email protected]
    link
    fedilink
    5810 months ago

    GitLab used to be awesome when it was the place to go after MS bought out GitHub. They had premium access for all public projects under a FOSS license and top-tier CI. Then as time went on, they began pulling support for various functions in a very Microsoftian EEE sort of way. First requiring credit cards fir new users to access the CI, then taking away the CI almost entirely except for a practically useless monthly allotment, then taking away the premium access for public FOSS licensed projects. If I were migrating today I would not have chosen GitLab, but it is where I settled after leaving GitHub and my projects have grown to depend on GitLab CI even if I’m now forced to run my own runners due to the extreme nerfs they’ve done to the hosted CI. I mirrored OpenRGB to Codeberg, but since the CI pipelines depend on GitLab I don’t see Codeberg becoming the main hub anytime soon unless they can execute GL CI configs. Sad to see how far GitLab has fallen though, it is unrecognizable from what it used to be as far as support for FOSS prohects goes, especially given how GitLab itself started as a FOSS project.

    • Daniel Quinn
      link
      fedilink
      English
      1610 months ago

      Enshittification, also known as platform decay, is the pattern of decreasing quality of online platforms that act as two-sided markets. - Wikipedia

    • @[email protected]
      link
      fedilink
      1010 months ago

      Maybe it’s time to start listing the enshittification phase of a project on Wikipedia or something.

  • adONis
    link
    5110 months ago

    Maybe it’s just me, but I never liked GitLab in the first place. The UI is just awful to me. Searching through issues, before posting a new one, is just a pita.

    • @[email protected]
      link
      fedilink
      1210 months ago

      The best part of the Gitlab UI is when it gets upgraded and you have to relearn how to find everything.

      • @linearchaos
        link
        English
        310 months ago

        What, did they source their developers from blender?

        • adONis
          link
          1
          edit-2
          10 months ago

          You mean GIMP, right?!

          Imho, Blender really deserves to be treated with more respect. They’re one of the few ones offering a great product for free. Sure, it might seem a bit overwhelming, but so are most of these 3D programs. It’s just a matter of getting used to… but GIMP, booy oh boy

          • @linearchaos
            link
            English
            110 months ago

            About 10 years ago I decided I was going to pick up blender and learn it. No big deal, I used to be really good in radiant so I should be able to catch up. this shouldn’t be that strange. I’ll just pick up a YouTube video how to get started. Just click here click there go to this menu and select that.

            Huh, the menu’s not even there. I go start digging around oh they moved at this point revision. Okay fine. Now everything I look up needs to have that exact point revision. It started out fine I was able to find tutorials starting in the exact version that I needed, but then I started needing more specific tutorials working with non-manifold objects crap like that. Well lo and behold somebody hasn’t covered every point revision in blender for every problem I encountered. Trying to find a video on how to do a certain action or even what the action is called now is potluck.

            I couldn’t even buy a book or download a tutorial series from a previous version because even point releases at that time were night and day apart.

            On The other hand I won’t try to tell you that gimp isn’t a hot mess but it’s got maybe a hundred options 25 of which are the ones I really need to use on a regular basis, and although their locations change and the shapes of the icons the names of them in the menus they’re in don’t move around that much. Blender on the other hand, there’s just s*** all over the place.

            I appreciate that it might have gotten better at this point I don’t have the time anymore.

    • @[email protected]
      link
      fedilink
      210 months ago

      I last used it seriously like 7 or 8 years ago and it was fine. I put it on par with GitHub at the time. The ability to self host for free without too much trouble also really affected my position on it.

      I haven’t really enjoyed the few times I’ve had to use it in the last couple of years, though.

  • TxzK
    link
    fedilink
    5010 months ago

    Fuck GitLab. I used to use it until recently moved all my projects to codeberg. Way better. GitLab is becoming more and more like GitHub.

    • @BOFH666
      link
      2810 months ago

      Forgejo ftw!

      Self hosting here, also with runners to create a complete ci/cd line.

    • @woelkchen
      link
      1410 months ago

      GitLab is becoming more and more like GitHub.

      Well, duh. That’s the sales pitch: “Like GitHub, but cheaper.”

      • Max-P
        link
        fedilink
        910 months ago

        Except it’s way more expensive than GitHub. They jacked up the prices pretty hard. Now it’s like $15/contributor for private orgs, and it’s like $5 on GitHub for the same and more features.

        • @woelkchen
          link
          310 months ago

          Except it’s way more expensive than GitHub. They jacked up the prices pretty hard. Now it’s like $15/contributor for private orgs, and it’s like $5 on GitHub for the same and more features.

          Free for self-hosting, though.

        • @[email protected]
          link
          fedilink
          310 months ago

          Yeah I’m not gonna lie GitHub has clearly been trying to keep up with gitlabs feature set not the other way around for years

    • lionkoy5555
      link
      110 months ago

      For some people with less tech knowledge with git hosting, what’s the (remaining if any) advantage of Gitlab if alternatives like codeberg exists?

  • @[email protected]
    link
    fedilink
    3410 months ago

    They been doing this for years. Here is a GitLab forum post about it.

    As a gitlab user myself, I prefer gitlab over anything else because of their CI/CD. The free compute units run instantly now, no more queues orwaiting. A couple years ago, my pipelines would timeout after 3 hours.

    • @[email protected]OP
      link
      fedilink
      1510 months ago

      That post is only in regards to the CI feature. But today, even basic registration requires personal identification. You cannot even report bugs on open source projects without

  • @[email protected]
    link
    fedilink
    33
    edit-2
    10 months ago

    I created a GitLab account long before they implemented this, but never used it. Went to post an issue related to self-hosted GitLab on their issue tracker, and it told me my account was banned. I wrote an email to support and they essentially said “an automated system identified your account as a bot and banned you during an account clean up some years ago to cut back on malicious users”. I informed them that this was not at all reasonable, as I’ve never even posted anything on any GitLab account, and that I would be advising my organization to never pay for any GitLab product or service unless legal writes up the contract terms, because I have no faith in them as a vendor.

    Seriously, fuck GitLab. And if anyone from that org wants to discuss this with me, they can pipe their email to /dev/null

    • @[email protected]
      link
      fedilink
      1
      edit-2
      9 months ago

      That is regrettably not too unusual. Many platforms deactivate / ban empty accounts that were inactive for a long time. I guess “aging” accounts before use is something not too uncommon for bots.

  • @[email protected]
    link
    fedilink
    3210 months ago

    Discourse, Git* and more really need federated search.

    It is already hard getting Contributors for projects, even more if you are on some random selfhosted server that nobody finds and everyone needs to create a new account for.

  • Daniel Quinn
    link
    fedilink
    English
    2910 months ago

    Can anyone else confirm this? As a long time user and champion of Gitlab, this is a deal-breaker for me.

  • @[email protected]
    link
    fedilink
    English
    2610 months ago

    Like others, I had an account before this was implemented. I have a couple projects on there, also mirrored to self hosted gitea. Have had people refuse/unable to contribute to the gitlab project due to the kyc requirement, so I’m thinking I will migrate to codeberg soon.

  • @mvirts
    link
    2210 months ago

    No worries, gitlab is a trash Ruby on rails app anyway 😹

    JK I do love gitlab, sad to see the corporate takeover. What features dont you get with the foss version? Can’t figure it out amongst the marketing cruft. Seems like it would be relatively easy to build another hosted gitlab provider.

    So why does gulab need to kyc anyway? And if it’s a legal requirement, won’t GitHub do the same?

  • @[email protected]OP
    link
    fedilink
    2210 months ago

    To add a few more details: After trying several times with different IPs and different browsers, I was able to register by providing only a mobile phone number once. Since that still requires personal information, this is still a very questionable process. (not to mention it took me a day to not be asked for a cred card)

      • thejevans
        link
        fedilink
        1110 months ago

        I would LOVE to switch to codeberg for work, but my work requires that all data be hosted in the US, so I recently pitched GitLab as an alternative to GitHub, even though it’s not perfect.

        • @[email protected]
          link
          fedilink
          1010 months ago

          For work gitlab is fine, I’m sure your company can get the accounts verified for example. At least it’s not microsoft

        • @[email protected]
          link
          fedilink
          710 months ago

          Wait. Wtf does it need to be US specifically? So the goverment has full access to the data or what?

          • @[email protected]
            link
            fedilink
            110 months ago

            Export controls or legal compliance, most likely. Export controls because the code may be a protected technology, or compliance because the company doesn’t have gdpr or some other legal framework.

        • @[email protected]
          link
          fedilink
          English
          510 months ago

          In which case, get your code off the net and use Forgejo to get your own instance, same as codeberg. If hosting location is a real issue, bring it home.

          • thejevans
            link
            fedilink
            310 months ago

            That’s eventually the plan, but I expect that process to take on the order of a year, unfortunately.

        • @uis
          link
          010 months ago

          git clone and say that code is on your computer

      • @[email protected]
        link
        fedilink
        310 months ago

        What’s your experience like with this? I’m seriously considering Gitlab & Github alternative.

        • @[email protected]
          link
          fedilink
          7
          edit-2
          10 months ago

          Codeberg the community is very nice with strong focus on the right to privacy and free software, which I feel reflects itself especially in a lot of copylefted projects on the service.

          Codeberg the collaboration platform is in my epxerience by the simple fact of critical mass quite a bit less ‘collaborative’ for many projects. There’s a couple projects with tight communities, and a lot of single dev projects with maybe a drive-by PR.

          Codeberg the software runs on Gitea (/Forgejo) which is wonderful software - slim, simple enough to get everything done without being in the way.

          There’s efforts to open up the gitea/forgejo forges to federation, which would be a very neat way to fix the collaboration issue and is - in my view - the way forward for open, decentralized collaborative software creation. It’s still quite a ways off (especially from bring mature enough to be used day-to-day) but when it gets there platforms like codeberg will be the first to adopt it and to also benefit massively from it.

        • @[email protected]
          link
          fedilink
          English
          210 months ago

          I don’t use codeberg much, but I have my own instance of Forgejo so I’m using the same software. My experience is that it’s really nice. The feeling is one of having what you need and no bloat.

      • @uis
        link
        110 months ago

        Or sourcehut

    • @[email protected]
      link
      fedilink
      2610 months ago

      If you want people to contribute to your project, Github is by far the best. If you’re off Github, it reduces your visibility by a lot.

      • @[email protected]
        link
        fedilink
        2310 months ago

        You can host your project anywhere you want, setup mirroring to github and drop a link in its description. So you’ll have github visibility and won’t depend on github. Addiitional repo backup is a bonus.

      • @[email protected]
        link
        fedilink
        -110 months ago

        Even just for reporting issues, anyone who is capable of identifying a bug is likely to have a GitHub account. Not so for Gitlab or others.

        Then you’ve got seamless integration with Vscode as a bonus, it’s more like why would you not use GitHub unless you have a specific problem with them.

        • @[email protected]
          link
          fedilink
          210 months ago

          Then you’ve got seamless integration with Vscode as a bonus, it’s more like why would you not use GitHub unless you have a specific problem with them.

          Does GitHub still only permit one account? I remember looking into it awhile back and not wanting to get things mixed up between personal/professional arrangements and the one account policy put me off.

      • thejevans
        link
        fedilink
        010 months ago

        Looks cool. Their hosted service is still in Alpha, so I doubt my work would go for it.

    • @[email protected]
      link
      fedilink
      310 months ago

      I have no idea what everyone is on about.
      Host your own git repo. It’s trivial and built into git and you make every decision about it from the ground up.
      For example you don’t need to worry about registrations or what country it’s hosted in because the country it’s hosted in is your hard drive (or your company’s server rack).
      Then use whatever front-end you want and point it at that private repo.
      It’s only mildly more fiddly to set up and grant access, but it sure doesn’t ask you for a credit card and it sure doesn’t get scraped to train LLMs (unless you make it internet-facing and don’t protect it).
      If you want to stay close to the core experience but still have a decent interface, check out (heh) gitweb and git daemon. Though I wouldn’t mind if gitweb had some of the fancier features, like the “download as zip”/“git clone path/to/branch copy-to-clipboard” buttons.

      • @[email protected]
        link
        fedilink
        910 months ago

        It is not trivial to host a git forge with modern features that allows easy collaboration between anonymous users all over the world.

        • @[email protected]
          link
          fedilink
          310 months ago

          Git forge?
          Just git. Git command line.
          It’s about as trivial as setting up an Apache server.
          The anonymous users part is maybe two lines in a config file.
          The features are almost entirely part of the front-end, which is entirely up to each individual end-user.
          Do you have a web server? You’re already 95% of the way there. A workplace was mentioned in other replies, which likely means this infrastructure is already in place.

          • @[email protected]
            link
            fedilink
            410 months ago

            So no PRs. No Issues. No CI/CD. That doesn’t work for 99% of actively developed open source projects with >10 devs

            • @uis
              link
              110 months ago

              I know project that is developed by 10.00000001 devs

              • @[email protected]
                link
                fedilink
                310 months ago

                The difficulty of sending patches or reporting issues to the Linux kernel is a feature for them, as it keeps less-experienced devs from wasting maintainer’s time with garbage requests. For most projects it’s a bug.

                • @uis
                  link
                  110 months ago

                  Linus accepted patch from literal child. But to be fair it was documentation style patch from one of kernel dev’s kid.

        • @uis
          link
          110 months ago

          Start mailing list in i2p

    • @uis
      link
      110 months ago

      I probably will move to other inctance eventually. Probably to lavander.

  • @[email protected]
    link
    fedilink
    English
    1910 months ago

    Tried to register with gitlab three times some months back to file a bug against qemu. It rejected my registration silently every time (as in, it appeared to take it but never sent a confirmation email, not even one that got mistaken for spam). I gave up on filing the bug.

  • @[email protected]
    link
    fedilink
    1410 months ago

    Policies like that are almost entirely about minimizing fraud and harassment. It really sucks for people who don’t have mobile phones that support authentication texts or whatever (since, even as you pointed out, the requirement is mostly a phone number) but it also drastically cuts down on fake/harassment accounts.

      • @[email protected]
        link
        fedilink
        1710 months ago

        Gitlab was getting attacked with thousands of spam accounts. Trying to fix the damage almost killed the company

        • @uis
          link
          110 months ago

          So now not harassment, but thousands of spam accounts

    • conciselyverbose
      link
      fedilink
      9
      edit-2
      10 months ago

      It’s disgusting.

      It should be illegal to require any personal information unless you can prove that it’s literally impossible to provide your service without it, and always illegal to share that information with anyone (but a payment provider exclusively for verification purposes) for any reason.

      • @uis
        link
        110 months ago

        It is still legal unless you are in EU.

      • @[email protected]
        link
        fedilink
        410 months ago

        And Github is Microsoft who need those capabilities for basically every other website they sell.

        Whereas gitlab is REALLY good software with… a website nobody ever really asked for but that still needs to exist to sell people that software.

        This comes up with a lot of services. I think everyone lost their god damned minds when overwatch added phone verification?

        Like, I don’t like it. But I have friends who ahve had to deal with harassment campaigns against their products (or persons) and the like and get why you would do what, on the surface, is a pretty trivial ask as a way to remove sock puppets.

        • @uis
          link
          110 months ago

          Except phone number is super cheap.

          • @[email protected]
            link
            fedilink
            110 months ago

            It is still a monetary investment which is a major deterrent to bad faith accounts. This is why so many live games have a “you need to spend 1 dollar to get into the good queue” model. Shit like Escape from Tarkov where people buy accounts en masse are very much the exception.

            But also? The issue is, like with mots things, lower income users. A lot of the cheaper/more affordable “pay as you go” phone plans won’t support the SMS authentication services that these models depend on. Which is why I referenced Overwatch 2 since that was actually a really “good” example of the reasons this is not a good model.

            • @uis
              link
              110 months ago

              TF2. Even in official competetive mm with phone verification and spending money there are lots of bots.

              won’t support the SMS authentication services that these models depend on.

              Is it even legal?

              • @[email protected]
                link
                fedilink
                110 months ago

                There is no one solution that handles everything (or else everyone would just do that). It is always about a mixture of multiple methods.

                Is it even legal?

                This is the internet. Someone will always claim it is illegal in “Europe”. Nobody will care enough to verify one way or the other. And, regardless of whether it is or is not, companies don’t care because most of those regulations are very toothless either due to bureaucratic inertia or just not giving a fuck.

                The fact of the matter is that this is a very common model used by a range of services and it is not going to get challenged any time soon.

                • @uis
                  link
                  110 months ago

                  Can’t say about entire Europe, especially about Kazahstan which has small part sticking out in Europe, but I’m pretry sure EU is not toothless.

    • @uis
      link
      110 months ago

      Credit card, blood sacrificesample. BuT tHiNk Of ThE kIdS!