Microsoft Windows is prohibited at Gitlab (opens in new tab)

I mean, Gitlab is a web platform. It's pretty easy to test how it's going to work on different platforms without needing full machines. Heck, you can even just get Microsoft Edge binaries on macOS and Linux if you want to test Edge. But failing that, VMs are pretty sufficient.

If you would have kept reading, you would have noticed that employees can apply for an exception to the policy.

So if, for example, you are a UX dev and need to test your CSS on Edge, they have a process that allows you to do that.

And it's not "just a bit of money", Microsoft's enterprise product licensing is truly onerous. It's almost a career unto itself just to make sense of it, and it requires a non-trivial amount of infrastructure to support.

I agree. If nothing else they won’t be able to replicate Windows typography, which is different from Linux and OS X. Base fonts are different; kerning and anti-aliasing are different. Web design is still 90% typography, and cutting the largest install base out of your test matrix seems silly to me.

Gitlab is essentially a website, and Microsoft Edge is just Chrome. I think there isn't any reason to test on windows anymore.

Windows is a specific set of skills that takes a lot of people to do properly at any scale. The dedicated resources required are essentially a drain on the whole of IT. My company also bans Windows for the same reasons.

For many years, and in so many companies, the policy has been the opposite.

All company laptops must have windows, anything else needs to be vetted by the IT admin.

Now that the Edge browser works fine on Linux, there's really no need for all these licenses, and someone needs to start to break the unhealthy dependency every company has on Active Directory.

Testing for Windows on a non-Windows machine is far easier than testing for macOS on a non-macOS machine. Of course, having people use both is better. IIRC, Steve Klabnik uses Windows to ensure that Rust supports the platform well.

It doesn't sound like Gitlab doesn't allow windows at all.

This sounds to refer explicitly to using interim personal laptops until departmental hardware is issued formally (which, as I understood it, may then run windows).

Did I misread?

you're gonna have a bad day if you're depending on random employees for testing a site used by millions.

instead, invest in:

- real automated testing (to the extent technically and economically feasible). One hack is to get customers and partners to fund it, then leverage outsourcing.

- feedback from users - make it easy, streamline responses, setup escalation. Understand that you can't nail down everything and quickly triage issues. Scale the team so at least you can do the triage.

Do you also expect that mobile devs do all their primary computing from their phone?

Realistically... Microsoft owns GitHub, and the weird Azure devops-ish solution for git. If an enterprise is on Microsoft, they're going to use one of those two solutions instead of GitLab.

Making IT's life _vastly harder_ to allow employees to maybe use Windows and see a solution the testing team didn't see is not a good trade-off.

That's not even going into how, exactly, Windows is going to make anyone's life better than using a Mac. Realistically, they're at least at parity.

The trade-off here is "make every IT support and supply line more filled with friction" to gain "people can use Windows if they'd really prefer, instead of Mac or Linux". That's a terrible trade-off, and GitLab is making good decisions.

Take into account that they prohibit Windows Home specifically.

In my company I am dealing with buying laptops for new hires - there is no way I am buying laptop with Windows Home edition.

That is problem with explaining people that they should buy laptop with Windows Professional. Whatever the cost is - company is paying. New hires are shy to expense company THAT is the problem.

So I think problem is that people try to buy cheapest laptop they can to "be cheap".

If my company would be on scale of GitLab I probably would not be able to control that but I am specifically buying laptops via my manager - and there is no way we would buy Windows Home laptop.

This document seems to be about the machines that employees at Gitlab are given, not about target machines for testing and deploying software.

They probably have some Windows machines at Gitlab for verifying the experience of Gitlab users/customers who use Windows.

I imagine a developer doing that would have a dedicated Windows machine, or possibly a guest VM, for that activity.

Does anyone know if this policy is causing GitLab's product quality to suffer? I see your argument, but products like BrowserStack and VMs can be employed to mitigate some of the negative effects. It seems premature to call the policy bad without examples of harm it has caused.

Not sure how that compares to all the companies that require Windows.

I guess is is for developers and business but in some other areas Windows would be hard to avoid: physical security systems, guest management systems and a few others.

On top of that, the justification seems more like a baseless rant, citing only one blog post as a source. Ranting engineers should not make business decisions.

> I find this a fairly bad policy.

How many engineers have you worked with that ONLY worked in Windows, and did it better than anyone else...?

It's just a filter.

developers using windows isn’t necessary to test web software on browsers on windows.

Why? Gitlab is not a Windows application per se. Either you use a browser or git on the cli.

> what's not used is not tested

What are they going to test on Windows? It's a web platform that runs on a Linux server... And Rails is kinda annoying to develop on using Windows, you definitely won't put it on a Windows server, what's the point?

I‘m a bit surprised that they care about the cost so much - the Dell laptops and the Apple Laptops come in at a price point of 2000 - 3000 USD and the Dell they specifically recommend for Linux use comes with Windows Pro preinstalled. The price difference to the equivalent Linux version is around 70USD. That‘s a negligible difference, especially when you start comparing to the employees wage (It‘s probably about 1 hour of their time, one-time cost)

If they‘d make the point based on lack of internal support capacity, I‘d understand, but caring about the one-time cost of the license is a very weak point.

You wouldn’t use Home SKUs for enterprises anyway, if you want to apply any policy you need Pro/Enterprise. In the end it’s about GitLab dismissing an entire laptop over a $70 upgrade key, or $200 Pro license.

> Due to Microsoft Windows' dominance in desktop operating systems, Windows is the platform most targetted by spyware, viruses, and ransomware.

That may be true, but a much higher proportion of downloaded Mac software lacks code signing. Opting in to that as a developer on the Mac will carry a lot of risk of kafkaesque deactivation and, and most don’t want to deal with that. On Windows, on the other hand, it’s like getting an SSL certificate. Apple’s philosophy on the developer program is antiquated, obsolete, and has compromised the security of the platform.

How many Mac users do you think limit themselves to only signed apps? It’s much easier to do this on Windows (but requires a small amount of technical understanding, or is it too much for Gitlab employees?). But when you enforce the policy at the corporate domain level, you won’t be neutering the machine’s usefulness as you would on the Mac. Unsigned apps on Windows tend to be the janky ones, while the signed apps found on the Apple Store tend to be garbage in my experience.

Relying on “less malware is created for Mac” is a terrible idea in general. This isn’t the 90’s. When you are Gitlab, a high value target for sophisticated, targeted attacks, that won’t help you.

Good Security is a balancing act between safety and convenience, and Apple gets it completely wrong. Therefore I would be very cautious about trusting Gitlab’s security posture given their apparent ignorance on the subject.

From https://developer.apple.com/support/certificates/

> If your certificate expires, users can no longer launch installer packages for your Mac applications that were signed with this certificate.

> Apple Developer Program membership is required to request, download, and use signing certificates issued by Apple.

> Note: Apple can revoke digital certificates at any time at its sole discretion. For more information, read the Apple Developer Program License Agreement in your developer account.

… and many paragraphs detailing what parts of your app will break when certificates are revoked.

There are more nuances involved than I care to list in full here, though I’d be happy to be proven wrong about this.

>> [..] Windows is the platform most targetted by spyware, viruses, and ransomware.

Neither spyware, virus or ransomware has slowed my computer to a halt as much as using GitLab.

All of the reasons are perfectly valid. Just not extremely relevant.

Normally any company looking at that level of operational detail has a problem. But on their case, yes, it's probably because Windows comes from their competitor.

Adding a bunch of work, costs, and risk to yourself that will only benefit your competitor does not feel good. No matter how relevant are the work, costs, and risk.

I haven't had problems with viruses, spyware and ransomware on Windows for years. Microsoft's builtin spyware marketed as telemetry and diagnostics otoh is very difficult to counter even with dedicated tools like O&O ShutUp10. I get why companies don't want to risk giving business secrets to Microsoft.

So they banned a wildly popular OS because it does not satisfy their security guidelines. I just checked, they have no guidelines for securing Windows. So you can't satisfy their Windows security guidelines because the guidelines for securing Windows were never written. What a joke.

Isn't that a case of the wetware that procures the laptops being not quite on the samepage, especially for someone working in geared towards developers company.

A buy something with windows pro is not hard to communicate...

I wonder if the main concern is buying Windows licenses via volume licensing and paying for Software Assurance.

I think there's a good bit of simple butthurt behind it as well, seeing as Microsoft owns their biggest (and far larger) competitor.

> More tenuous reasoning - macOS is not 'free'.

So very obtuse of them to word it this way. Windows has a cheaper license for HOME users who don't need Pro features of a business. It's not the other way.

Definitely a c-level with an axe to grind.

Considering all the security software my corporation forces on all of us, each product hammering my CPU and RAM while I try to compile...windows is an issue for developer productivity. (I'm a windows based developer, I feel the pain)

Can I run an OSX VM on another platform? Nope, not free. Not libre or gratis.

As a long time Windows user, it would take me a considerable amount of time to get used to the operating system and all applications and utilities that I need to be productive. Not saying Windows is great, but it works for me. And I'm pretty sure they don't hire people to learn an operating system.

I once worked at a CDN (you know, 99.9% *nix) that didn't allow Linux machines because corporate IT didn't know how to fix them and their remote cough spyware cough didn't work on them. We even told them they don't need to support us at all and we're all old school unix admins, didn't matter, corporate policy. Windows or mac.

I would suspect that there's a valid reason (probably along the lines of "we are set up to remote manage a bunch of linux and macos machines, and our tools work on them; we don't want to add more overhead") but that the person writing the page didn't entirely understand the reason.

"Mac or linux, but not windows" is a somewhat common policy, or certainly used to be, and it's never about the cost _of the licenses_ (except for tiny companies, perhaps).

What if they're worried about the telemetry that would be going to their biggest direct competitor? Not a defense, just a curious thought.

Ideological doesn't mean petty. It's not somehow beneath serious people to have beliefs about your company and to stick to them.

I agree, it's very petty. Engineers should keep their personal vendettas out of business.

And make a screenshot to verify that you encrypted your disk ;))))

The lost art of (fleet-)administration.

Although not even hinted at in the doc, I personally find the tedium of buying and provisioning and monitoring licenses worse than the cost of it. I suppose you are also inviting risk in the form of an audit.

I had to look again and might have missed it, but I didn’t see where Gitlab expressed concerns about the cost of Windows Professional version. They had concerns with team members sourcing they’re own Windows laptops which would traditionally come with Home Edition and need to be upgraded adding to the IT overhead.

Where were the cost concerns on buying windows licenses?

I wonder how much that goes back to predatory enforcement where one person using a home/personal license inappropriately could lead to costly audit requests … or the suggestion that if you buy an enterprise license the problem will go away. People have long memories about that kind of thing.

No harping on cost was done. This is a overhead issue, and the same things apply to IBM and Oracle software. Whenever the product needs artificial management to only deal with the specifics of contracts and licences that's just a drain on the business.

While I think not allowing windows is a silly policy, Apple laptops still sell for a serious premium after 3 or 4 years of use. I've worked for companies where this was the sole reason for Mac being the default laptop you got. If you wanted/needed anything else, you had to specifically ask for it.

Woah, that tweet led me to:

"GitLab plans to automatically delete projects if they've been inactive for a year and are owned by users of its free tier."

Which I hadn't heard. That's.... something.

Did you ever use it?

I have, extensively, and found the user experience excellent. Still miss it now I'm using github plus a bunch of other tools.

I work there. (And have for the last 5 years.) Obviously I can't divulge anything confidential, but ask a more specific question and I'm happy to answer from my vantage.

I don't get it, is the complain about the "you can ensure your teams are working at the right things at the right time" part?

How is wanting your products to be aligned with their vision evidence of dysfunction?

To be fair ... they got a lot of middle management catch phrases into that description. Going to be an easy sell to the board.

This self-description seems to be targeted at PHB that need convincing why their team should use Git

Mobile device management is the topic. You can manage windows devices remotely, just as you can manage MacOS devices. No need for them to check in. It „just“ takes some effort, and if you have multiple operating systems to support, the effort is multiplied. But a company of their market cap and size probably should have the funds for a team dedicated to this.

>But with gitlab, everyone is working in their own networks around the world.

VPN? You know like dial in into your lan?...the original use-case for vpn's?

Azure AD? A VPN with access to the domain controller?

Nah, GitLab just hates Microsoft.

My corporate win 10 laptop does all those things fine when WFH.

They just set it up, couriered it to my house, gave me my password and off I went.

It does all its GPO update, carbon black policies etc. over the VPN exactly the same as if I was in the office.

Worst case scenario gitlab would just need to courier equipment globally via a decent carrier like DHL, but probably a drop in the ocean compared to other staff costs.

Don’t they have software like Intune for this purpose?

IIRC Apple is the same way. It requires extremely special dispensation to even get a Windows VM (ex: iTunes & Safari on Windows groups).

It's not uncommon at all, to be honest. I've done IT at startups where we said "Mac Only". Why? Because supporting multiple platforms is a lot of work. You need to do everything twice. All the software security done twice (and differently for each). Rolling out something new to the employee base? Two different sets of instructions. Setting up conference rooms with power bricks and video adapters? Had to be done twice (though this was a while ago, that is less of an issue now).

For small teams, it's just a workload that may not be doable. It's not like someone in IT says "I hate Windows, we're going to go Apple only", but often times a "Well, we're 90% Mac already, lets stick to just that". And yes, even with the "Apple Tax" its still overall cheaper to buy/support just macs.

Yep; you basically cannot fully enforce a moratorium on Windows without seriously pissing off finance (Excel on Mac is a joke, and Excel Online can't run macros, which is 98% of the value behind Excel)

I had a 15" Inspiron 15R SE almost 10 years ago, I loved that it had a big screen without a numpad.

>Windows Home Edition is notoriously hard to secure.

This is bullshit. In Windows 10 Home the Group Policy Editor is removed, and domain-join is not supported, however bulk security changes (i.e. Security Policies) can still be implemented directly to the registry with scripting.

Device management becomes much more complicated when you have multiple OSes, though. Unless your company is small enough that self-management remains viable, you have to hire for both Windows and Mac administration experience, and/or shell out a pretty penny for cross-platform "enterprise" device management software.

Microsoft ecosystem is really hard to dip a toe into.

Properly supporting a handful of machines practically means bringing AzureAD or Exchange. AzureAD brings in elements of Exchange (like outlook), which brings in weird default settings like teams/sharepoint/onedrive.

Apple has done a lot of work in supporting Microsoft Exchange, but it's still janky as hell (just browse r/macsysadmin and you'll see).

So, you have two choices.

1) support the monoculture, life will be easier.

2) get a bigger IT department.

People are happy to spend a boatload of money avoiding the second option, so, monoculture it is.

That‘s very funny since almost all repairs on apple devices that I‘ve seen took longer than a day. Apple had [1] some very funky policies about shipping spare parts that essentially required the repair shop to have the laptop on their workbench before ordering the spares.

[1] or even still has, it‘s been a while

No you can just buy another one on the spot if repair lead time is too long.

And you need to have an appropriate Time Machine backup target...

This is why I find this policy ironic and silly. MacOS is the largest target of choice for bad actors as late because the ratio of high value/low chance of rejection users have migrated to Mac over the past few years because of the whole "Macs are safer" myth. To the point that an exploit for MacOS goes for a lot more money not because they are all that rare but because the value of the targets is greater.

MacOS CVE details as late: https://www.cvedetails.com/vulnerability-list/vendor_id-49/p...

Windows: https://www.cvedetails.com/vulnerability-list/vendor_id-26/p...

Note how the windows ones are more up to date and patched faster? That's because Mac only does major updates on a cycle and doesn't patch out of band ever if they can avoid it. So yeah I think this is all theater and people's own biases being silly. But if it works for them then that's fine.

Even with WSL2?

I think WSL solves that problem

> Microsoft has a lot of bad stuff coming their way, for good reason.

There are several good things that are currently coming out of microsoft:

    - vscode
    - typescript
    - github
    - npm
    - edge (at the moment, microsoft at least as strong supporter of PWAs as Google; and possibly even stronger)

Windows is probably not one of them.

There may not be a "diversity and inclusion" requirement, but I wonder if using an alternative OS could be considered reasonable accommodations in disability law? I'm totally blind and interviewed at a startup and when I told them I needed a Windows machine for accessibility reasons they decided it wasn't worth having me do the take-home coding project. At that point I decided if they were going to refuse to make what I consider a reasonable accommodation I'm glad I found out before wasting time on a take-home project. If the job was IOS development, then they'd have a point, but it was all back-end work that could just as easily be done with WSL under Windows as Mac OS.

People would have accepted this reasoning had they claimed it.

Allowing (especially encouraging?) Linux is a huge green flag for me. I personally don't care if they also allow others to use other OSes. If the company can support the systems and they can interoperate with me, it's fine with me.

VS Code works on both MacOS and Linux

See https://code.visualstudio.com/download

Going to an anti Microsoft shop sounds good on paper, then you find out garbage like Miro and Confluence is the replacement for office and you change your mind...

In a VM.

I bought an M1 Max for the extra displays support, and the 64gb RAM support.

Not that I need 64g, that was more because I found a decent deal on one that happened to be 64g. But I sure don’t complain about it :)

Me too, so many companies enforce windows only with no way to get a linux machine or a mac that it's great to see it playing differently, I can only hope things will change when a new generation who has never used windows will come in the workforce

because windows can't run browsers anymore? I would say they don't give a f*ck on the operating system you use, as long it includes a browser.

It's just their workforce, where they don't want to see anyone working with windows.

100% Agreed. The really aggressive "fuck Microsoft" rhetoric is going to burn a lot of these startups over the long haul. It's incredible to me the number that still seem to be operating in an ideological bubble that was originally created 2 decades ago.

A lot of Serious Business happens on top of Microsoft technology right now, and the companies responsible for tending to solutions in this space are made extraordinarily uncomfortable by this kind of aura being given off by vendors like Gitlab.

Can Gitlab really afford to alienate double-digit % of its TAM in favor of this ideological position? It seems like they are already having financial difficulties based upon other recent articles.

You don't need Windows to build Web apps that run on it.