S3E9: "Git Outta Here"
|Previous Episode||Next Episode|
|S3E8: "When You Have to Swing Both Ways"||S3E10: "DNS Near"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2018-06-16 21:58:26||2018-07-04 01:25:24||"Edita"|
In this episode we provide some initial experiences with some self-hosted GitHub alternatives: Gogs, Gitea, and GitLab.
- Intel seems to have forgotten some key information about their products during the Computex keynote.
- Apple is closing the security hole that law enforcement use to crack iphones.
- Microsoft making proposals for device security.
- Linuxforums.org (no link for you because you were naughty) has had a password hash breach, and they’re (admittedly salted) MD5 hashes.
- Seriously, why are we still storing passwords hashes in md5 in 2018?
- They also seem to be shutting down any discussion regarding the breach.
Starts at 25m35s.
I was drinking chai (specifically, Stash’s Chai Spice Black tea though I didn’t mention it on-air). Paden was drinking nothing. Jthan was drinking water (but we convinced him to drink an Avery Brewing Liliko’i Kepolo for all of you).
- Gogs, Gitea, and GitLab. Make sure you check out last episode for the lead-in for this!
- Not very well-maintained…
- The documentation is terrible.
- Tells user to use wget, but curl (not wget) is part of basic CentOS install.
- Has you install e.g. Nginx from upstream Nginx repo, but it’s in EPEL.
- Their provided Nginx configuration snippet does not work — at all.
- Why don’t they run the actual application on a well-known alternate HTTP port like 8080?
- Lacks some features that makes things less painful for user self-configuration/customization.
- Gogs doesn’t even host their own code on their product. Their primary public repository for their source code is… on GitHub.
- Tries way too hard to be (like) GitHub, right down to the interface.
- LDAP support is fairly weak.
- Poor non-FHS-standard packaging.
- No longer offer any packages (no RPM, no DEB, etc.).
- Many of the same gripes as Gogs (since it’s a fork), especially with their docs (some of it is just flat-out WRONG).
- But it DOES have some additional features.
- TONS of (serious) security issues/incidents!
- Shame it didn’t even work. F-!
- VERY competent competitor for GitHub in terms of features while still maintaining its own independence and feel.
- We all like it the best of the three, BUT…
- It’s a beast and requires a larger amount of system resources than may be appropriate for your organization.
- But they do offer hosted instances as well.
- The install docs are probably the best of the three (and the install is the least painful).
- They get points docked for having users blindly pipe curl to bash, using a script to configure a repository instead of just distributing an RPM to configure a repository (or provide a .repo file), AND they get points docked for their RPM quality. They even use Chef inside the RPM process, which is absolute madness.
- They get half a point docked for using pygpgme instead of, you know, the Python GPGME bindings actually distributed with GnuPG/GPGME libraries. The script doesn’t seem to even require it, which is odd.
- We didn’t mention it on-air and didn’t evaluate it, but there’s also GitBlit which you may want to give a spin.
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h02m45s)
GnuPG was parsing certain strings harmfully, allowing signatures to be spoofed. (It’s only possible if you specify
- Recorded on a Saturday instead of a Wednesday evening (when we usually record). June and July are …weird in terms of scheduling for us this year.
- I was packing for SGDQ2018.
- Jthan was preparing for RMGH 2018.
- The Intel i9 that I mention/have is this.
- AMD bought ATI as I self-corrected on-air.
- I am, indeed, sorry. The quantum state of my apology has degraded to a fixed state, and Jthan was indeed correct about S3E8.
|Intro||Peek-Door Quest||Rolemusic||click||CC-BY 4.0||Outro||Pretend||Malyssa Bellarosa||click||CC-BY-SA 4.0|