GitLab removes its 'starter' tier: Users must either pay 5x more or lose features

Customer: 'It feels like a bit of a kick in the teeth'

Cloudy DevOps company GitLab has removed its $4.00 user/month Bronze/Starter tier, giving users the choice between paying for Premium at $19.00 or downgrading to the free tier and losing some features.

GitLab CEO and co-founder Sid Sijbrandij said yesterday: "The Bronze/Starter tier does not meet the hurdle rate that GitLab expects from a tier and is limiting us from investing to improve GitLab for all customers."

Hurdle rate? This is investment jargon. Sijbrandij linked to a definition which describes it as "the minimum rate of return on a project or investment required by a manager or investor." In other words, GitLab decided it was not making enough money on the $4.00 user/month subscription.

The company's pricing handbook states reassuringly that "when in doubt, we will default to moving features to a lower tier" but the effect of the change is that any features in Bronze that are not in the free tier have been moved up.

How many features? "Each PM went through the buyer based pricing model referenced above for each feature in Starter to determine whether they should be part of Core or Premium going forward. The issue is not public right now, but the output was that all but one feature will be in Premium," said GitLab in response to a question.

Move up ... or back to free?

Sijbrandij said the price hoist will be mitigated by a transition offer. Existing customers with up to 25 users can renew for one more year at the existing $4.00 rate, or get a free upgrade to Premium along with a staggered discount at the next renewal: $6.00 on year 1, $9.00 year 2 and $15.00 for year 3. Larger customers get the mystery "contact your sales rep" treatment.

Some may manage with the free tier. Sijbrandij said that it has 89 per cent of the features in Starter. GitLab offers the free tier "for a single developer" and as an alternative to GitHub's free tier.

Starter, in the now-deleted description, was for single team usage. Features in Bronze that are in free include requiring approvals on merge requests, pipeline code coverage rates, iterations, assigning multiple people to issues, iterations, assigning weights to issues, repository mirroring, code quality reports, code review analytics and more.

The discussion on GitLab's forum is as you would expect. "There is little explanation as to why a 5x increase in costs to maintain starter features on-prem is justified, beyond gaining additional premium features. It feels like a bit of a kick in the teeth" said one customer.

We will definitely change to Github because there is no reason to pay 19$ for the few features we really need. Maybe [we] will hit the hurdle rate there

Another added: "We will definitely change to Github because there is no reason to pay 19$ for the few features we really need. Maybe will hit the hurdle rate there."

Others were more constructive. "Wouldn't it make more sense to have a base user pricing (dunno 4€/month) and add feature bundles?" said a user.

One complication is that GitLab requires that all users in a group are on the same plan. "My department of 40 does the vast majority (90 per cent plus of all commits/MRs) of the coding in the company, but we enrolled everyone within operations as well so that they could contribute on occasion. The rest of those users are never going to be worth spending $19 a month on, but it really sucks having to put up barriers from people who do like to contribute on occasion," said a user on Hacker News - though the company said it is looking at this use case and may "iterate the pricing".

GitLab is in part an open source product, but the open source version is the same as the free tier, so it is not a way to add features unless developers fancy forking the code.

Nobody expects .... the fivefold augmentation

The company does have a generous free tier, but the disturbing aspect of this is the uncertainty it introduces: price increases are expected but not fivefold increases. Source code is easy to migrate from GitLab to an alternative, but migrating all the other parts of a service that presents itself as a complete DevOps platform is difficult, so there is an element of lock-in.

GitLab is second only to Microsoft-owned GitHub in this market. GitHub is tough to compete with in part because of Microsoft's financial clout and the fact that GitHub is more a strategic asset to win developers than a profit centre.

GitLab intends to become a public company and states in its handbook that "the strength of our business model enables us latitude in selecting a favorable public offering environment and not be beholden to a specific date" – though there was a proposed date of November 2020, which it missed.

It is therefore possible that the company is endeavouring to improve its business model ahead of a public offering. In that light, forcing unprofitable customers either to go elsewhere or to pay more may make perfect sense, though it is not so good for the way it is perceived by the developer community. ®

Send us news
Get our DevOps newsletter

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

eSentire warns of remote-access trojans masquerading as PDFs

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants.

Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection shenanigans, in which people Googling for business forms and the like are shown links to web pages published via Google Sites – a Google-hosted web service – that offer a download of whatever materials they were looking for. After clicking on a button to fetch the desired file, the mark is taken to a different site entirely.

Those sites download a Windows executable, masquerading as a PDF or Microsoft Word file, that when opened installs the RAT, meaning a victim has to be duped into running the malicious software after fetching it. The Google Sites pages include common business terms like "template," "invoice," "receipt," "questionnaire," and "resume," in order to convince Google's search algorithm that the pages are relevant for those searches.

Continue reading

Journalists wanted: News reporter and copy editor

Want to write for El Reg or help us polish our output? Apply within

Job alert The Register has a couple of vacancies open on our editorial team that we would like to fill immediately. Without further ado, here are the details:

Continue reading

After years of dragging its feet, FCC finally starts tackling America's robocall scourge

New law implementation, cease-and-desist letters, and mobile companies asked to detail free blocking tools

The FCC is finally taking concrete action on the scourge of robocalls after years of dithering on the issue.

In an announcement on Tuesday, America's telecoms watchdog said it had written to cellular network operators asking them to detail the free robocall blocking tools they provide to consumers. It also released two cease-and-desist letters against two robocalling hosts and said it would track the agency’s actions in implementing a new anti-robocall law.

Just as with an announcement yesterday pushing an internet speed measuring app, the measures taken are soft, rather than strong enforcement, but indicate a clear shift in priorities under the FCC's new chairwoman Jessica Rosenworcel.

Continue reading

Who'd have thought the US senator who fist pumped Jan 6 insurrectionists would propose totally unworkable anti-Big Tech law?

This one seems as well thought-out as his Capitol rally salute

US Senator Josh Hawley (R-MO) has proposed his latest anti-Big Tech legislation: a complete ban on mergers and acquisitions for companies valued at over $100bn if it may harm competition in any way possible.

The “Trust-Busting for the Twenty-First Century Act” [PDF] will “take back control from big business and return it to the American people,” the senator announced, and it will “crack down on mergers and acquisitions by mega-corporations and strengthen antitrust enforcement to pursue the breakup of dominant, anti-competitive firms.”

The law is intended to put constraints on Apple, Google, Facebook, and Amazon – in keeping with Hawley's political brand of attacking tech companies – and he provides examples of actions that would be prevented, such as Google purchasing Waze and incorporating into its Maps app.

Continue reading

1Password targets developers with Secrets Automation, acquisition of SecretHub

Existing users covered until 2022

Password specialist 1Password has acquired SecretHub, a secrets management platform aimed at IT engineers, and made a new service called Secrets Automation, previously in beta, generally available.

The proliferation of passwords and SSH keys in modern IT has brought with it a tricky management problem, not only for people but also for machine-to-machine communications. Developers may struggle to keep secrets such as database logins secure, when their code will not function without them.

In 2019 researchers at North Carolina State University scanned code publicly committed to GitHub and found that “not only is secret leakage pervasive — affecting over 100,000 repositories — but that thousands of new, unique secrets are leaked every day.” In June 2020, security researcher Craig Hays deliberately leaked server credentials in a GitHub repository and observed an unauthorised login just 34 minutes later.

Continue reading

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

114 fixes for the Windows world – plus fixes from SAP, Adobe, FreeBSD, etc

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).

Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical.

"This month’s release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post.

Continue reading

What's Red and scale-y and shacked up with NEC? A new Red Hat network function virtualization solution, apparently

Living on the Edge as SA networks roll out

The move to 5G has allowed vendors and carriers to fundamentally rethink how their networks are structured. Once the norm, tightly integrated vendor-specific hardware is gradually being supplanted by virtualized alternatives that run happily on standards-agnostic kit. Jumping on the bandwagon is Japanese provider NEC, which today said it would use RedHat's OpenShift Kubernetes platform for its upcoming 5G hardware.

The company said it plans to use OpenShift across its 5G Core and RAN products, intended for both public and private use, as well its Edge and AI platforms.

On the edge, NEC sells a compact data processing device called the UPF mini. The hardware has already been selected for NTT DoCoMo's 5G SA (StandAlone) network, with the device positioned on existing base stations. The company also sells a software-based AI analysis platform for private and local networks, which NEC claimed can help mitigate performance slowdowns caused by congestion.

Continue reading

In the enterprise, Kubernetes has to play by the same rules as other platforms

Shortcuts? What shortcuts!

Sponsored Without a doubt, Kubernetes is the most important thing that has happened in enterprise computing in the past two decades, rivalling the transformation that swept over the datacenter with server virtualization, first in the early 2000s on RISC/Unix platforms and then during the Great Recession when commercial-grade server virtualization became available on X86 platforms at precisely the moment it was most needed.

All things being equal, the industry would have probably preferred to go straight to containers, which are lighter weight than server virtualization and which are designed explicitly for service-oriented architectures – now called microservices – but it is the same idea of chopping code into smaller chunks so it can be maintained, extended, or replaced piecemeal.

This is precisely why Google spent so much time in the middle 2000s creating what are now seen as relatively rudimentary Linux containers and the Borg cluster and container controllers. Seven years ago, as it was unclear what the future platform might look like; OpenStack, which came out of NASA and Rackspace Hosting, was a contender, and so was Mesos, which came out of Twitter, but Kubernetes, inspired by Borg and adopting a universal container format derived from Docker, has won.

Continue reading

Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins

It's like the 2000s all over again, sighs Bitdefender

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.

As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed. Often distributed through BitTorrent in the days of yore, cracked software (also known as warez) appeal mainly to freeloaders who are happy to use a particular suite without paying for a licence.

With Microsoft Office and Adobe Photoshop being two of the most popular software suites in their niches, cracked versions were always going to be popular.

Continue reading

Microsoft's Surface Laptop 4 now includes AMD options for biz customers, boasts up to 19 hours of battery life

Surface Headphones 2+ also available and a range of 'Modern' kit coming in the next few months

Microsoft has opened the order books on the fourth generation of its Surface Laptop, replete with Intel-baiting AMD chippery in the line-up.

Blessedly free of an overexcited Microsoft bigwig describing himself as "pumped" at the sight of some relatively pedestrian hardware, Microsoft's Surface Laptop 4 has arrived in 13.5 and 15-inch guise with a variety of Intel and AMD silicon to choose from.

The new AMD chips are an important update; previously, consumers could select a Surface Laptop 3 not powered by Intel, but businesses were directed Chipzilla's way. This time around a range of updated Intel and AMD silicon is on offer to both customer types.

Continue reading

You know what? Fork this: AWS renames its take on Elasticsearch to OpenSearch following trademark fight

Beta expected in a matter of weeks, production release planned for summer

AWS has introduced the OpenSearch project, the new name for its open-source fork of Elasticsearch and Kibana.

OpenSearch is "the new home for our previous distribution of Elasticsearch (Open Distro for Elasticsearch)," according to a post yesterday, and the code is licensed under Apache 2.0. The Kibana fork is called OpenSearch Dashboards.

The projects are on GitHub, where they are described as "in alpha state." The contributors said: "We've been removing non-Apache 2.0 compliant code and doing a full rename of the project."

Continue reading