ChangeLog: March 6, 2020 — Nearing Beta

March 6, 2020March 6, 2020 Christian Hammond Leave a comment

These are exciting times, right? While everyone is preparing for the coronavirus, we’ve been preparing for Review Board 4.0 beta 1.

Review Board 4.0 Beta 1

And the coronavirus.

The shelves are getting pretty empty in my local grocery store, but I’ve kept my sanity.

Preparing for Review Board 4.0 Beta 1

We have an internal target date for 4.0 beta 1, which is coming up very soon, but we’re not prepared to release that just yet. Still a couple factors that might need to delay a week.

This beta will feature:

Posting and reviewing multi-commit review requests
A brand new, streamlined, mobile-friendly administration UI
A full move to Django 1.11, with preliminary Python 3 support (which will affect extensions, so get ready)
Read-only mode, letting you prepare for an upgrade without shutting the whole server down
A new “Overview” mode in the Dashboard showing all incoming and outgoing review requests
A new integration for Jenkins CI
Live thumbnails for video file attachments
Beginnings of accessibility improvements, improving keyboard input, color contrast, and screen reader integration
New JavaScript and CSS components usable by third-party extensions
An overhaul of the diff parsers, setting things up for some major future improvements to diffing capabilities (including our in-development new DiffX proposal)
Removal of a lot of deprecated internal APIs (again, this may affect extensions)

We’re working on the final bits of the administration UI, and expect to be done by end of next week. Everything is in place, with the exception of the Integrations, Extensions, and Security Center pages. But that’s it!

We’ve also been finishing up the work to make our third-party integrations (Travis-CI, Asana, Jenkins, etc.), Review Bot, and Power Pack all compatible with Review Board 4.0, Django 1.11, and Python 3. These are the last big blockers before release.

After all that is done, beta 1 will be a go!

(Assuming none of us get the coronavirus.)

If you are building custom extensions, please get ready to test this beta. Let us know if you plan to test so we can coordinate with you and give you a heads up on what may change.

RBTools 2.0 Beta

RBTools 2.0 features full support for multi-commit review requests. We’ve had the bulk of this work done for a while, but have been really thoroughly testing it in preparation for a beta, which will go out alongside Review Board 4.0 beta 1.

This week, we’ve finished up the work to apply patches from a multi-commit review request (giving the ability to apply all commits sequentially or squash into a single commit), and to fully land changes.

We’re wrapping this up soon. If you test Review Board 4.0 beta 1, you’ll need RBTools 2.0 beta 1.

What else, what else..

Accessibility Improvements

We’re continuing to work toward improving our accessibility story in Review Board. While we’re nowhere close to where we want to be yet, we’ve amended our policies around new UI components to ensure that keyboard usage and ARIA roles are a first-class citizen in any designs.

If you make use of any assistive technologies, such as screen readers, we’d love to talk to you and get your feedback on a few things!

Video Thumbnails

Review Board 4.0 will be making it easier to glance over file attachments for video files. Just like file attachment thumbnails for images and text files give you a preview of the contents, they’ll soon give you a preview of the video as well.

Hovering the mouse over these thumbnails will cause the video to play (muted) until you move the mouse away. Hovering over them again causes the video to resume from where it left off.

This is great if someone’s using video files to demonstrate their feature. We’re hoping to make this the start of some useful UI around videos.

New UI Components

This past week saw the development of several new accessible CSS/JavaScript components, which can be used by extensions:

New Button Classes

We’ve historically had a few different ways to show buttons. Any <input type="button" />, <input type="submit" />, or anything with the .btn CSS class would have a consistent appearance, and could be modified by a set of additional CSS classes.

This has been revised to include <button> (which we oddly did not have before) and anything using the .rb-c-button CSS class (the successor to .btn, which is now deprecated).

Button Groups

A button group (.rb-c-button-group in LessCSS) is a collection of buttons, packed together either horizontally or vertically, providing an almost toolbar appearance.

Pop-up Menus

Pop-up menus

The new RB.MenuView (JavaScript) and .rb-c-menu (LessCSS) component manages a pop-up menu that can be shown or hidden as needed. It supports full keyboard navigation and ARIA attributes for accessibility.

We’re working on moving to this in every place that involves a pop-up menu, including review request actions (like “Update” and “Close”) and the Account, Support, and Follow menus in the upper-right of pages.

Menu Buttons

Menu buttons

RB.MenuButtonView (JavaScript) and .rb-c-menu-button (LessCSS) implements a type of button that displays a pop-up menu when clicked.

There are two main ways this can be used:

As a single button that will show some text and a drop-down indicator, used just to display the menu.
As a group of action buttons, all packed together (but visually separated), containing a final button that displays the drop-down menu.

The later is great when you want to offer a common action, but make alternative actions easily available.

Like the new pop-up menus, these provide full keyboard navigation and ARIA attributes for accessibility, and are a great building block for extensions to use.

We hope to provide full documentation at a later time on the standard library of UI components we’re building.

New KGB Release Coming

KGB is our Python module for unit tests, which provides the ability to spy on any function and track the calls and results, or override the behavior. It’s incredibly powerful, and we make heavy of use of it in Review Board and all our other projects.

We’ve just fixed up KGB to work with Python 3.8, so we’re preparing for a release pretty soon.

If you’re a Python developer, check out KGB. Tell your friends. Give us some feature requests. Honestly, it’s pretty complete these days, but we need more reasons to bump the version number.

Alright, that’s enough for this ChangeLog.

Coming Up

We may skip next week’s ChangeLog to focus on finishing beta 1, unless we have anything really interesting to report.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

ChangeLog: February 20, 2020 — Accessibility, Student Demos

February 20, 2020 Christian Hammond Leave a comment

Hi everyone, and welcome to this week’s ChangeLog. This week, we want to talk about accessibility improvements for Review Board 4.0, and show you what this semester’s students are working on.

If you want to watch some videos instead of reading a bunch of stuff, jump down to Student Demo Videos!

Accessibility in Review Board

As we revise parts of our UI, introducing new features and designing new CSS Components, we have a goal of improving accessibility. We’re aiming to better support screen readers, improve keyboard navigation, and help people with visual impairments.

This will not be 100% implemented by 4.0, since we do plan to release sometime soon, but we will have laid the groundwork, working toward eventually being fully compliant with the Web Content Accessibility Guidelines (WCAG) 2.1.

There’s a lot that goes into accessibility on the web, but there’s two key areas that are important to get right, and are becoming a core part of our design and CSS component specifications: ARIA attributes and keyboard navigation.

ARIA attributes help screen readers and other assistive technologies understand, navigate, and communicate parts of the UI. They can communicate the intent of a UI component, provide more suitable labels or hints to screen readers, notify as important content updates, and more. They’re important, and we haven’t been good at using them, but they’re now being baked in to the design of any new UI we write.

Keyboard navigation is also very important. Not everyone can or wants to use a pointing device to navigate the UI, and we’ve identified several places where keyboard navigation (and focus presentation) is subpar or flat-out broken. So we’re making this a first-class citizen in new UIs, adding new keyboard shortcuts for important content areas or operations, and fixing cases where navigation is just busted.

To be clear, these aren’t the only focuses — there’s a lot more to the accessibility work than this. Improving accessibility is a long-term goal, and Review Board is a big product. We aren’t holding up 4.0 for this, but rather expect to spend time throughout the 4.0.x release cycle to gradually work on this.

And it’s a current focus of some of our student projects.

Student Demo Videos

In an earlier ChangeLog, we announced our new team of students working on Review Board. The big focuses this semester are on keyboard accessibility and first-time setup improvements.

They’ve been working hard for a month now, and have just completed their first (of three) demo videos. We’d like to show them off.

All videos are uploaded to our YouTube channel. Subscribe to keep up with content as we upload it.

Hannah Lin

Hannah’s been working on implementing keyboard navigation for file attachments, letting users focus on the attachments and control the pop-up menu (for reviewing, updating attachments, deleting, and downloading). That was her first warm-up project.

Her main project for the semester is working on a first-time setup guide, for new Review Board administrators. The goal is to help them get a new server up-and-running fast by walking them through the main setup steps as they progress through the administration UI.

Katherine Patenio

Katherine’s first demo covers some initial bug fixing work for RBTools on Python 3, addressing a problem where --help didn’t always work. She’s fixed this up and added a new layer of unit tests we can build upon.

Her main project for the semester isn’t covered here, but she’s going to be working on the rbt setup-repo command, helping streamline getting a new repository set up with Review Board.

Monica Bui

Monica’s also working on keyboard accessibility. Her focus in this demo is improving the New Review Request page, making sure that all elements can be tabbed to and navigated entirely by keyboard.

Xiaohui Liu

Xiaohui’s first project fixes up tab key navigation in the review request page. Previously, tabbing to fields would prioritize the fields on the right-hand side of review requests (Branch, Bugs, etc.) before the main fields (Description, Testing Done), which wasn’t really intuitive. His fix brings some sanity back to tab orders.

His second project is to implement common support in the UI for keyboard shortcuts, making it much easier for us to bake in better keyboard support on every page with less code to worry about.

Xiaole Zeng

Xiaole’s working on improving help within the product, giving users both a single place to go to when needing to find documentation or other useful information, and finding places within the UI where we can offer better inline guidance. For the latter, she’s working on adding helpful descriptions and documentation links when configuring repositories, based on the selected hosting service or repository type.

Next Week

We’re getting a new RBTools release ready to ship, so you’ll see that soon. We’re also testing 4.0 beta 1, and are getting that beta release on the calendar.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

ChangeLog: February 6, 2020 — GitHub API Changes, OAuth

February 6, 2020 Christian Hammond Leave a comment

Busy couple of weeks here. I’ve personally been sick, hence the lack of a ChangeLog last week. Sorry about that!

We’ve made a lot of great progress on getting Review Board 4.0 ready for beta, and updating the ecosystem of packages (such as Power Pack and Review Bot), but there is one urgent thing that came up that’s taking a bit of our time.

GitHub’s Authorization Changes

For many, many years, GitHub’s API has offered several options for authenticating with the API. Our initial integration with GitHub was written 10 years ago, and while it’s evolved over time, it’s continued to use the same original authentication methods to communicate with the API and link accounts.

In November, GitHub announced their were deprecating those methods. Frankly, due to its proximity to the holidays and some time-consuming work on our plate, this announcement slipped by us.

There are really two main ways in which this affects us:

HTTP requests to the API need to change how they pass API access tokens
We can no longer automatically exchange user credentials for an API access token when linking an account for a repository

GitHub API Authentication

GitHub’s APIs have historically taken an ?access_token=... parameter in API requests, and the original code we wrote to talk to the API continues to use this method. (If it ain’t broke…)

The modern approach is to make use of the HTTP Authorization header to pass in the access token. This is more standards-compliant and probably simplifies a lot of URL building and logging on their end.

This week, they began e-mailing users whose accounts were accessing the API using ?access_token=. You may have seen these, if you linked your GitHub account to Review Board. It’s annoying, but it’s designed to be, so that people update their software in time.

We’ve fixed this internally, and are testing to make sure it works everywhere. We’ll have a build out soon (see our timeline toward the bottom of this ChangeLog).

Linking GitHub Accounts

In order to talk to a source code repository, we typically need credentials of some kind. This may be a username and password, an API key/authentication token, or an SSH key.

Traditionally, we’ve been able to get by with taking the credentials right on the repository configuration page, combining the steps of linking an account and creating a repository. This is just easier for many reasons, and worked great with GitHub.

The GitHub process went like this:

We’d provide fields for a username and password to a GitHub account to use for repository access (though we’d never store the password).
When saving the repository, we’d use those credentials server-side to immediately make a request to GitHub’s Authorizations API to request a new access token.
We’d store that token and use it for all future API access.

This token was associated with the user’s account, and could be revoked at any point. We never had to store the password, like we unfortunately must do with some services that lack any form of authentication token capability.

This had always worked before, but it will be changing going forward, as the Authorizations APIs we used is now deprecated.

Short-term, we’ll be changing the dialog to provide instructions on how to generate a personal access token, and a field for providing it (instead of a password). This is an annoying extra step for users, but it’s a working solution we can employ short-term (and we already use this approach for some other services).

Long-term, we need to modernize the configuration experience, taking full advantage of OAuth web flows for linking accounts.

Challenges of OAuth in Review Board

First, let’s quickly go over OAuth (or, more specifically, OAuth2, the modern version of the standard).

OAuth is a standard way for a service (Service A) to request access to another service (Service B), on behalf of a user. You’ve probably seen basically this before when you’ve initiated a “Log In With Facebook” or when you’ve connected some service to Slack. You click a button, a browser window pops up and presents a page on Service B telling you that Service A wants access via your account, telling you what permissions it requests.

While complicated, it’s a pretty great thing to have in the modern world, but it’s not automatic.

Before Service A can even begin this process, someone must register it on Service B (through whatever mechanism is required by that service — this usually requires filling out a form). The result is a Client ID and a Client Secret, which must be stored somewhere and then used when initiating the OAuth process.

The Burden on Administrators

It’s very important that the Client ID and Secret are kept secure and not shared, and this is where things get more difficult for tools like Review Board.

Review Board is open source and self-installed, so we can’t supply a Client ID or Secret as part of the installation. That means an administrator must perform this task, and this can be a real annoyance when just getting started. It’s worse for some services than others.

Fortunately, it only has to be done once per required service, but we try to avoid this extra step when there are alternatives. We do take care of it on RBCommons so users don’t have to, at least.

In the case of GitHub, they’ve thought through this and have some mechanisms (such as App Manifests) we’re looking into that should aid in OAuth registration, but we haven’t yet figured out how this is going to work in the end.

Timeline: When Is This All Happening?

There’s no public information yet on when GitHub will be removing the old APIs, though we’ve been in communication with them and have a timeline we’re comfortable with. They’re still fairly early in the deprecation process, and have a history of handling deprecations very well.

We have three phases:

Update the API authentication method
Our plan is to release Review Board 3.0.17 early next week (targeting February 11th, 2020) with this fix.

We are not planning (at this time) to backport this to older generations of Review Board.
Request Personal Access Tokens when linking accounts

This is the manual version of what we’ve been doing behind the scenes. Users will need to generate their own token and supply it when linking an account.

We are planning to provide this a couple months before the API removal date. This is to keep the process nice and simple as long as possible, but to allow time for people to upgrade.
Implement an OAuth web-based account linking workflow

This will likely come sometime after the API removal, and will be in Review Board 4.0. We’ve been planning this anyway, and it’s not (at this time) needed to remain compatible with GitHub. Though it is the better method.

These plans may change as we go. We might decide to fast-track the OAuth web-based flow, for instance, based on other factors.

We still really want to get Review Board 4.0 wrapped up soon, and a lot of “urgent” things like this have come up, causing further delays, so we’re punting what we can for now.

Whew.

That was a lot to talk about.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

ChangeLog: January 23, 2020 — Student Sprint and Django Upgrade

January 23, 2020January 23, 2020 Christian Hammond 1 Comment

What a week it’s been. We have two topics to go over: Last weekend’s student mentorship sprint, and a status update on the big Django upgrade.

The student sprint was great!

Last weekend was our student sprint for CANOSP, kindly hosted by the Startup Edmonton in Edmonton, Canada. There, we met up with our new students from the University of Alberta and University of British Columbia, and spent the weekend getting to know them, teaching them about Review Board and how we do things here, and letting them loose on projects.

We may have been sleepy most of the time (these start early!), and VERY cold (had to sit by a stack of ice cubes to keep warm), but everyone had a lot of fun, and have since been hard at work on their projects.

The main focuses for this semester are accessibility and usability. We’re working to make the product easier to use, improving keyboard navigation, and experimenting with ways to offer useful inline help. Much of this work is slated for Review Board 4.0.

Django upgrade time!

This week also marks the end of Django 1.6 in Review Board. We’ve been working for a long time on getting onto a newer version of Django, which has been a much more complex project for us than for most, and we’re finally ready to bump our Django requirement to 1.11.

Diff showing the change to upgrade to Django 1.11

For those paying attention, Django itself is at 3.0.2, but 1.11 is the last version to support Python 2.7. While Python 2.x is now end-of-life’d, that doesn’t mean it’s not in active use in enterprise, and frankly, many of our users are just not ready to upgrade. So Review Board 4.0 will continue to be providing compatibility for 2.7.

By the weekend, we should be on 1.11, and then we’ll be getting ready to test this in production. If all goes well, a beta will follow soon.

If you build extensions for Review Board, you’re going to need to make some changes to support Django 1.11. We have a bunch of useful information on Django updates on our wiki, which we’ll also include in the release notes. Make sure you give the beta a try and begin porting early.

We offer support contracts that cover development assistance, if you need it.

Back to work!

If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube (featuring student project videos!) if you want other ways to keep up with what we’re up to.

ChangeLog: January 16, 2020 — Review Board Status and New Students

January 16, 2020January 16, 2020 Christian Hammond Leave a comment

Hi everyone. Welcome to the first ChangeLog of 2020! We skipped last week due to the new Review Board 3.0.16 release, so let’s dive in and get caught up.

Review Board 3.0.16

Last Tuesday, we released Review Board 3.0.16. It’s been a long time since 3.0.15, and there are two reasons for this:

Most of our attention of late has been on completing the remaining architectural work on Review Board 4.0 (Python 3 and Django 1.11 porting) and RBCommons user roles and billing updates.
We’ve been trying to carefully design and implement some large backend improvements for repositories and repository configuration, in collaboration with another vendor, and wanted to get it right before we released.

We’ve discussed the repository improvements before, so read that if you want to learn a bit more, but the gist is that we’re giving SCMTools (repository backends) a lot more flexibility in how they present repository configuration, how they’re registered for use in Review Board, and how extra data for repositories get stored. This will lead to some significant improvements in the coming months for a couple of our supported repository types.

Now unless we find some major bug fixes in 3.0.16, it’ll probably be a little while until 3.0.17. We have a backlog of RBTools work we plan to release, and we’re still trying to get 4.0’s architectural rework done.

Review Board 4.0 Status

Most of the rewritten administration UI is in a usable state, and we’re just getting it all ready to be reviewed and landed. After this, we’ll be bumping our Django dependency and performing a bunch of real-world usage tests, just to make sure there isn’t some big breakage some place.

(If you want to learn more about the administration UI work and how it relates to Django and the release, read the ChangeLogs from October 24, 2019, October 31, 2019, and November 7, 2019.)

Once we’re happy, we’ll ship 4.0 Beta 1. Almost there!

New Semester, New Students

Every semester, we take on a batch of CS students eager to work on some real-world project, currently as part of the CANOSP program run by the University of Alberta, Canada.

It all starts this weekend at a get-together in Edmonton, Canada, where we’ll be helping five new students get set up, go over architecture and standards, and start them on their projects.

We’ll talk more about what they’ll be working on next week, but they mostly center around quality-of-life improvements to Review Board.

Wrapping Up The Week

If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube (featuring student project videos!) if you want other ways to keep up with what we’re up to.

RBCommons: User Roles and Billing Updates

December 21, 2019 Christian Hammond 15 Comments

We’ve just gone live on a major update to the billing capabilities in RBCommons.

Try RBCommons without a credit card

With all the fraud and stolen credit card numbers out there, it’s no surprise that a lot of people wanted to try RBCommons to see if it was the right fit but weren’t comfortable providing their credit card information right away.

We’ve changed our trial so that you can sign up with only your name and e-mail address, and if you decide to keep using RBCommons, you can add your billing information later.

Separate administration and billing user roles

Many companies have a dedicated person for dealing with billing administration for services. Until now RBCommons has only had a single team administrator role, which provided access to both the billing information as well as everything else for the team. We’ve split up these responsibilities into new user roles:

A Technical Administrator can make changes to users, repositories, and other settings, but cannot change or see billing information.
A Billing Contact can see invoices and make changes to the billing information, as well as change which plan the team is on. They’ll also receive e-mails whenever we charge the attached card.
The Team Owner has access to all administration and billing capabilities. This is equivalent to the old team administrator role.

All team administrators have been updated to become Team Owners. To change a user’s roles, visit your Team Administration → Users page and click the pencil icon beside a user.

Improved invoices

Many countries require invoices to contain certain information, such as an official business name and address, or a tax ID. RBCommons now allows you to add this information in Team Admin → Account and Billing, and it will show up on your invoices.

If you’re a business located in the EU, you can put in your VAT ID and we’ll make sure that the generated invoices contain everything you need for your VAT filings.

If your country has invoice requirements that we haven’t met, please contact us.

Add billing e-mail recipients

You can now add additional e-mail addresses where you’d like any and all billing e-mails sent to. This is really useful if you have a purchasing department or some users who need to track receipts but don’t need access to RBCommons.

You can set these over in Team Admin → Account and Billing → Billing E-mails.

Update to the Privacy Policy

As part of this, we’ve made a small update to our Privacy Policy to list Quaderno as a third-party service used in our billing process. This is a good time to review your privacy choices under My Account → My Privacy Rights.

Feedback?

This has been in the works for a long time, and we’ll be iterating on it based on your feedback. So how’s it working for you? Let us know through the Need Help? button in the bottom-right of any page (opt in to Intercom in My Account → My Privacy Rights) or send us an e-mail at support@beanbaginc.com.

ChangeLog: December 19, 2019 — Wrapping Up for the Holidays

December 19, 2019 Christian Hammond Leave a comment

Hi everyone! Welcome to our final ChangeLog of the year.

We skipped last week, preparing for the big upcoming billing feature launch for RBCommons, which we discussed in November. That’s coming very soon, and once it’s done we’ll be getting back to our regular work on Review Board.

Since that’s the big project we’ve been working on, let’s talk about it some more. Buckle up. This is going to be a long one.

Software Companies, Credit Cards, and Tax Requirements

We have four main goals for our RBCommons billing update:

Give teams better invoices and more control over who can manage billing
Better support credit card safety measures like Strong Customer Authentication and 3D Secure
Be able to better meet invoicing and tax standards in more countries
Making RBCommons team sign-up easier for everyone

We talked about the first one before. So let’s focus on 2 and 3. We’ll be discussing these in simplistic terms — the reality is more complex.

Strong Customer Authentication

Strong Customer Authentication, or SCA for short, is a regulation in the EU designed to reduce credit card fraud. It went into effect in September 14, 2019, and effectively adds a step to credit card charges where the purchaser must authenticate/verify the charge, typically using a verification method called 3D Secure.

This impacts you if you do any business with the EU.

Now, there are exemptions to this. Recurring charges may be exempt. Charges from the US or other countries may be exempt (likely temporarily — the world just isn’t ready to fully comply yet). Other transactions considered low-risk are also likely to be exempt. This all depends, though, on the credit card company and the reputation of the seller.

Enter Stripe, Our Billing Provider

We use Stripe, which takes care of most of this. It’s pretty great. However, we weren’t quite in shape to really leverage their support, for a couple reasons:

We were sending our own receipt and failed charge e-mails to customers, and they weren’t accounting for any SCA-related requirements
While our e-mails went out to all team administrators, Stripe will only send their own e-mails to a single e-mail address, which may not even be current (if the team has been around a while and people have moved on), meaning they may not ever get a chance to verify charges

We knew we wanted to rip out all our e-mails, but Stripe’s one-address limitation was causing us headaches.

Now technically Stripe can send to multiple e-mail addresses, but this can only be configured manually through their Stripe Dashboard UI. The API doesn’t support this yet. So we were stuck.

Enter MailGun Routes

We use MailGun as our e-mail provider, and it has a handful of really nice features. One of them, Routes, allows for setting up rules to match incoming e-mails and do something with them, such as forwarding them on to other addresses or to a WebHook.

We found that we can dynamically create routes that match an incoming e-mail address unique to the team and forward it along to all team users responsible for billing. We can then assign that unique e-mail address to Stripe. They look something like this:

match_recipient('.*@mydomain')
forward('user1@example.com, user2@example.com, user3@example.com')

We can create these when new teams are created, update them whenever the list of billing contacts change, and delete them when the team is deleted. Problem solved!

(But seriously, Stripe, add multiple e-mail address support to your API.)

Invoices and Taxes

So this is the big challenge. Complying with international taxes is hard. There just isn’t really a lot of infrastructure out there to help deal with this, and every country has different requirements. I’m not going to give any advice here, but I’m going to point you all to some useful things we’ve found.

Enter Quaderno, The Tax Guide

First, Quaderno. This service provides a number of tools for helping with tax compliance:

You can use it for all invoices and charges if you like, or pair it with something like Stripe
It can let you know if you’re missing any customer information necessary to validate them for tax purposes
It will show you a breakdown of what countries you currently owe taxes to, and give you the necessary information needed to file those taxes
It can even provide a sort of store front, if your needs aren’t too complex

We found Quaderno helpful not just for the tools it provides, but the information. They have an extensive knowledge base on how to comply with tax laws in multiple countries, including tax requirements, invoicing requirements, tax rates and categories, and how to apply for a tax ID in the country.

Just search for “Quaderno <region>” and you’ll find a wealth of information. For instance, here’s their Guide to EU VAT.

Collect Billing and Tax Details

A lot of services aim to collect as few details as possible from customers. This seems like a good approach, especially when you think of the privacy enhancement bills like the GDPR and the California Consumer Privacy Act, but you’ll need to collect a bit more to be tax-compliant:

A full and proper billing address for the company, including country
A tax ID for the business that matches that country

You’ll need to validate these to make sure you’re not accidentally enabling fraud. Most countries make this your problem. Quaderno and other services can help with this.

This information also needs to be on the invoices, and in fact you may need additional details including your own tax ID in that country. Both Stripe and Quaderno can help with this (Quaderno is better geared toward flexible, compliant invoices, but Stripe is better integrated with the rest of the billing process).

So a big part of what we’ve been putting together includes:

New settings for collecting company addresses and tax IDs, and validating them
Switching to Stripe e-mails and invoices for better compliance
Connecting our stuff up with Quaderno to better track tax requirements
Augmenting Stripe invoices with information required to meet the requirements in some countries, based on the customer’s billing location
In-house processes for managing all this complexity

One More Thing: Credit Card-Free RBCommons Trials

RBCommons currently requires a credit card to sign up for the trial. We’ve had it this way for a long time, since it’s easier to seamlessly turn a trial into a paid plan without interruption, and a lot of our early customers were already familiar with us and had trust in our service. As we’ve grown, though, our customer base has widened, and we’ve wanted to remove this step to help make it as easy as possible to get started.

As part of our big billing update, we’re removing the credit card requirement during setup, and instead guiding people to provide it before their trial expires. We hope this will make more people feel comfortable giving RBCommons a try, and experiencing the type of code and document review we offer.

This will all be launching Very Soon Now (TM).

That’s It for 2019!

This is our last ChangeLog for the year, but we’ll be back early 2020. Keep following us on our blog, Reddit, Twitter, Facebook, and YouTube.

We hope everyone has a wonderful and relaxing holiday season! We’ll be taking some time off to spend with our loved ones (but don’t worry support contract customers — David and I are still on call if you need us).

ChangeLog: December 5, 2019 — Student Projects, Repository Config

December 5, 2019December 5, 2019 Christian Hammond Leave a comment

Welcome back, everyone! We’re here with another ChangeLog, this time focusing on a couple things that just wrapped up: This semester’s student projects, and a series of behind-the-scenes repository configuration improvements.

End of a Semester

Last month, we talked a bit about the CANOSP student program run out of the University of Alberta, and showed off some of the work our CANOSP students have done on Review Board.

They’ve all been hard at work improving our Review UI support (custom review UIs for different types of file attachments), building up both the underlying capabilities of a Review UI and creating prototypes of new UIs for new types of files.

They’ve just wrapped up their semester and completed their final demo videos. We’d like to show off their hard work.

Nicole Hagerman

Nicole’s focus has been the underlying Review UI support, allowing Review UIs to be more dynamic and to not be limited to a single URL. This work has been a backbone of other student projects this semester, so we’re covering it first.

On top of this, she’s built a new Review UI for more easily viewing JSON files, both in their source form and in a structured tree-based form.

Adil Malik

Adil built a series of new Review UIs designed for reviewing:

XML files, with options similar to the JSON file Review UI built by Nicole
Jupyter Notebooks, a popular tool in the Python world
Audio files, complete with waveforms and histograms, offering both diffing and commenting

These have come along really nicely, and show the power of our Review UI support (and the work done by Nicole Hagerman).

Ceegan Hale

Ceegan split his time between some improvements to our diff viewer and to our Review UIs as well:

Improved the diff viewer’s display of minified files (e.g., .min.js files)
Iterated on our in-progress support for showing Review UIs in the diff viewer
Built a prototype Review UI for viewing archive file attachments (e.g., .zip, .rar, etc.).

Repository Configuration Improvements

A good chunk of my own time these past few weeks has been to rework the code behind the repository configuration page. Along with an assortment of bug fixes, we’re working to make it easier to configure plain (non-GitHub/Bitbucket/etc.) repositories.

Historically, plain repositories all shared the same set of configuration fields. You had your “Path” field, “Mirror Path,” “Username,” “Password”. A few had special fields like Perforce’s “Use ticket-based authentication,” but they were baked into the repository form and dealt with specially. Third-party repository support couldn’t add their own fields, and administrators had to translate concepts like a Git Clone URL into our concept of a “Path.”

As of the upcoming Review Board 3.0.16, each type of repository will be able to provide its own configuration form. For instance, down the road, Git repositories will have a dropdown for selecting CGit, GitWeb, etc. as the repository content access method, instead of forcing people to type in a cryptic URL.

Here’s a mockup:

Bottom line: It’s going to be easier to configure repositories in upcoming releases.

There’s a lot of under-the-hood work that’s been done to enable this, and that work is also going to lead to some future improvements we’re looking forward to building in the Review Board 5.0 timeframe. Can’t wait to write about it.

Wrapping Up

That’s another week done. We’ll be back next week!

So what do you think so far? Are the ChangeLogs interesting? Boring? Is there something else you want to hear about? Please let us know on the community forum so we can improve these going forward.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up-to-date.

ChangeLog – November 22, 2019 — Review Board 3.0.16 Status

November 22, 2019 Christian Hammond Leave a comment

As the holidays quickly approach, we’re trying to wrap up what we can from some of our bigger projects so we can enjoy some much-needed downtime with our loved ones. Thanksgiving is only a week away, and we’ll be taking a short break from ChangeLog in order to focus on stuffing ourselves full of turkey.

So this week will be a but short, but we wanted to go over the next Review Board release on our roadmap, Review Board 3.0.16.

It’s been 5 months!

Yeah, we haven’t had a 3.0.x release in a while. There’s a few reasons for this, and we’ve gone over some of them before. In summary, we’ve been focusing primarily on getting Review Board 4.0 done and adding some much-needed improvements to RBCommons.

Believe it or not, though, there’s active work going into 3.0.16, right now. As in, I’m taking a break from writing 3.0.16 code to write this ChangeLog.

What’s coming?

So there’s an assortment of bug fixes, for sure. Things like:

Subversion diff parsing improvements
Better bullet-proofing when dealing with truncated Bitbucket webhook payloads
Fixes for edge cases where dashboard counters might not update correctly
Some search indexing improvements

Along with that, though, we’re making some more important mini-architectural changes:

New API for updating a user’s name, e-mail address, and active flag (indicating whether they’re still able to use the server)
New API for filtering review requests based on the Branch field
Some future-proofing around registration of SCMTools (which handle talking to repositories like Git and Subversion) and HostingServices (which talk to services like GitHub and Bitbucket)
Allowing repository configuration to show custom forms for different types of repositories (in-progress)

These are actually pretty important improvements that we wanted to finish before releasing 3.0.16. The API changes are based on a lot of user feedback, and we’re going to finally get this to you soon (sorry for the wait!)

The repository-related functionality is going to not only allow for a better repository configuration experience, but to open the door soon for official support for ClearCase.

ClearCase

Historically, our ClearCase support was entirely community-driven. We were dependent on volunteers to develop and test any fixes or improvements going into that support. This was tough for us, because we know many of you out there do use ClearCase and have had trouble upgrading Review Board due to breakages that we just couldn’t do much about.

This is changing. While it’s still early in development, I’m glad to say we’ll be able to announce a new official ClearCase integration before too long. This will be part of Power Pack and will replace the old, sorta-bitrotted and limited community version.

We’ll have more on this later, but for those of you using ClearCase, we want you to know that improvements are coming. Not for 3.0.16 — again, it’s still early — but before too long.

What about Review Board 4.0?

The last major thing left before beta 1 is a completion of the new administration UI, a topic we’ve also discussed before. This is a big project, required for moving to Django 1.11 and Python 3, but it’s mostly done now. We’re aiming for a 4.0 beta 1 in January, and fast-tracking beta 2 after.

So stay tuned for that after the holidays!

Wrapping Up

That’s it for this week! Again, we’re off next week, probably collectively in food comas. We’ll resume the following week.

If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with what we’re up to.

ChangeLog: November 14, 2019 — Student Demos

November 14, 2019November 14, 2019 Christian Hammond 1 Comment

This week’s ChangeLog is a bit different in focus. Instead of the work we’re doing, we want to talk about some of the work our students are doing.

Want to skip the text but see some cool demos? Scroll down!

Student Programs

For over a decade now, we’ve worked with hundreds of CS students eager to get their feet wet in the industry, mentoring them and giving them cool projects in Review Board to explore. Some have turned into features you use today (such as issue tracking and extensions).

There have been multiple programs over the years that we’ve worked with:

Google Summer of Code
UCOSP (a Canadian university program we were a part of for many years, now defunct)
Open Academy (an experimental university program ran out of Stanford, now defunct)
CANOSP (the phoenix rising out of the ashes of UCOSP, currently focused on the University of Alberta)

We’re currently working with CANOSP, piloting the program and mentoring a small group of students as they build some features and prototypes for Review Board.

This Semester

We have three students this semester: Adil Malik, Ceegan Hale, and Nicole Hagerman. They’re all working on various projects that improve the review experience:

Review UIs for XML, JSON, and Jupyter Notebooks
Hiding the content for minified files in the diff viewer, by default
Supporting binary files in the diff viewer

These projects are considered prototypes at this stage. We’re hoping they’ll make it into a release sooner rather than later, but a big part of this work is seeing how feasible these ideas are and what sort of work still needs to be solved before rolling it into production.

XML, JSON, and Jupyter Notebook Review UIs

Adil and Nicole are both primarily focused on the Review UIs, working together on some aspects to beef up the Review UI capabilities under the hood.

Adil built a Review UI for XML files (letting you diff the tree structure, and providing options for changing how that tree is rendered). He’s also been working on a Jupyter Notebook Review UI, playing with ideas for how these would be rendered, diffed, commented on, etc.

Hey, if you’re interested in Jupyter Notebooks, he’s looking for feedback.

Nicole built a Review UI for JSON files, the counterpart to the XML Review UI. To allow for custom rendering options required by both, Nicole’s been building out our baseline Review UI support, allowing them to define utility URLs that can, for instance, re-render parts of content based on the toggle of a checkbox. Adil’s been working with her on the client side of this.

Binary Files and Minified Files in the Diff Viewer

Ceegan’s been building out a feature that we’ve been wanting to bring for a long time. Years back, when we first wrote Review UIs, we intended to use them in the diff viewer so that images, PDFs, etc. that are part of commits could be reviewed without having to upload a separate file attachment.

The base of this work existed in Review Board but was never completed. There were still some missing pieces, problems to solve. That’s what Ceegan’s focusing on: Prototyping the rest of this, getting binary files in the diff viewer working so we can see what’s left.

To get his feet wet, Ceegan built another really useful feature that will make web app developers out there happy. Minified files (*.min.js, *.min.css, etc.) no longer show up as a giant wall of text. Instead, we note to the reviewer that it’s a minifed file and they might not care about it but they can click to see the content. Just like with deleted files.

Demos!

Throughout the semester, we have our students put together demo videos showing off and talking about their work up to that point. We’ve recently completed the Demo 2 milestone, so we have a nice batch of videos to show off.

All videos are uploaded to our YouTube channel. Subscribe to keep up with content as we upload it.

And here are the videos this semester:

Adil Malik

Ceegan Hale

Nicole Hagerman

Wrapping Up

Our students work really hard for their projects, so if you have anything encouraging to say, you’d make their day by saying it on their videos 🙂

We’re hoping to get these in shape to land as part of Review Board 4.0 and 5.0, but it depends on the work that remains once the semester is over.

That’s it for this week, though. If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on reddit /r/reviewboard, Twitter, and Facebook, and of course YouTube if you want other ways to keep up with the latest.