Gitpod Battles ‘It Works on My Machine’ Syndrome with Its CDE
“It’s like a paradox. Developers have moved almost all creative workflows to the cloud, but their own workflow is stuck on their local machine,” Gitpod cofounder and CEO Johannes Landgraf told The New Stack.
Gitpod is betting that the “it works on my machine” refrain will go the way of the Ermahgerd Girl as software engineers shift code development fully to the cloud. In fact, the open source development platform announced in November that its $25 million series A funding — led by Tom Preston-Werner, who is the founder and former CEO at GitHub and now leads Redwood — will be used to build out the company’s CDE platform.
Cloud-Based IDE Can Save Engineering Time
Essentially, Gitpod and CDEs do for development what Infrastructure-as-Code offers a net admin: a way to automate the provisioning of a ready-to-code workspaces for development teams. With a CDE, development shifts off the laptop to the cloud. CDEs also support collaboration, allowing developers to share their code environment via a link.
Gitpod runs on K3S, deployed on Google Cloud Platform. Each development environment runs in a secure container, using the native capabilities of Kubernetes to schedule those containers. A configuration file describing the development environment resides on the root of the repository, allowing developers to spin up the development environment, with dependencies already compiled.
But if you’re enamored with Visual Studio or another IDE, don’t despair. Visual Studio has remote functionality so Gitpod can run it in the browser. Developer David Kramer reviewed cloud IDEs last year and said, “Gitpod feels exactly like Visual Studio Code, and it supports many of the same extensions.” Gitpod ranked as one of his favorite cloud IDEs, along with CodeSandbox, Glitch and Replit (then Repl.it).
“The thing that most stands out about Gitpod, however, is how well integrated it is with GitHub and GitLab,” Kramer wrote. “From logging in, to checking out projects, to committing changes, the experience is seamlessly integrated with the source hosting platforms.”
Also, last year, Gitpod entered into a partnership with JetBrains, where Gitpod can connect to its desktop IDEs, Landgraf said.
“It’s important to understand [that] Gitpod is not about the editing experience,” Landgraf said. “We want to connect to all the tools that developers love using. … So you keep your tools, you keep your muscle memory intact, you do not need to relearn a lot of things. And you just swap the compute and get access to those automated development environments provisioned by us in the cloud, and you connect to them from wherever you want as a developer.”
Gitpod customers say engineers each waste up to five hours per week due to broken development environments, according to a company press release. Landgraf noted that Kent Beck, signatory of the Agile Manifesto, is quoted in the press release as saying he’s seen different numbers on the impact of a CDE, but “it’s certainly tens of percent of working time” saved for developers. That’s because it automates the setup of the development environment, Landgraf said.
“We want to remove all of the friction that developers face today between an idea of ‘Hey, I want to do something,’ and the actual task of doing something,” Landgraf said. “We want to beam them into an environment where they are just always ready to code and can be immediately productive and creative, and all of the setup and and process before — that should not exist.”
The Benefits of CDEs
Developers should be able to connect to the internet and work regardless of what machine they’re using or where they’re connecting from, Landgraf said. Laptops should be like tissues from a box — for each project a developer tackles, there should be a new laptop fully set up, fully configured and provisioned in the cloud, and as powerful as your local Linux machine, he said. After the developer is done with the task, they should be able to close the development environment and start with a new one, he added.
That’s the promise of cloud-based IDEs: For developers, working in the web browser, to be able to access whatever compute power or environment they need, with collaboration simplified. It can also be a money saver, especially for startups who don’t have to pay for extra computer resources they might not use, as developer Shawn Wang noted in a September interview with The New Stack.
Concerns about CDEs
But there are also downsides to CDEs, as open source enthusiast Divya Mohan explored for The New Stack back in January. Mohan, who leads the web technologies production support team at HSBC, noted that vendor lock-in can limit the availability of tools; performance can be uneven; and it can be hard to identify the root cause of problems for large projects (for example, is the glitch in the code or on the CDE?).
“The source of glitches can be tough to identify — and solve,” Mohan noted. “It’s hard to fix an issue when you don’t know the root cause, and overall, that might result in a frustrating experience for early adopters of such products.”
Former Gitpod software developer Geoffrey Huntley has frequently spoken about and promoted Gitpod. In September, he posted his concerns about Gitpod, specifically security issues related to its admin panel and employee access to client data.
The New Stack asked Gitpod about his comments, and Landgraf responded that, “No admin access has ever been possible without authorization.”
“The API backing the admin panel requires authentication and authorization,” Landgraf said in a followup email. “It is merely the frontend that is visible (the web side of things). All admin operations are logged and auditable. Only a limited and well-defined set of Gitpod employees have access to the admin functionality. We are currently working on making the relevant parts of the API accessible only through VPN to provide even deeper defenses.”
Further, he said, security is part of the purpose of Gitpod and infuses all its design decisions.
“Our workspace runtime is designed for security first and pushes the boundaries of what is possible with containers,” he said. “Gitpod as a whole has undergone pen testing, we are SLSA Level 1 compliant (Level 2 is in the works) and SOC2 Type 2 certified. We embrace openness as a means to build a more secure product. We have spoken publicly about the security design of Gitpod, are open source and have responsible disclosure policy, which has been exercised.”