RBCommons and this week’s security news

This has been an interesting week on the Internet, security-wise. A vulnerability in the Bash shell (named “Shellshock”) was announced that allows remote execution of code on unpatched servers with certain configurations. Separately, an undisclosed vulnerability in Xen forced AWS and Rackspace to announce mandatory reboots of many of their customers’ servers. (See Amazon’s announcement and Rackspace’s announcement for more details.)

We’d like to give an overview of how all this is affecting RBCommons and, in turn, you.

We keep a close eye on all security updates available for the software and libraries we use, and are quick to patch our servers as fixes roll out. We’ve also performed many tests to ensure that malicious Shellshock HTTP requests do not impact us. Your data is safe.

Some of the services we use were affected by the mandatory AWS and Rackspace reboots. Earlier today, our mail provider, Mailgun, was temporarily down during the outage, which may have resulted in missing or delayed e-mails for those working on Sunday.

We’ve had a few rare DNS lookup failures, resulting in errors when visiting pages or otherwise interacting with RBCommons. There have only been four so far, and are temporary. If you see a random error loading a page, please just try again. We know this failure has affected a number of other AWS customers as well.

Tonight at 11PM PST, Amazon is scheduling some of our servers for a 6 hour maintenance window. This isn’t the first set of our servers to have undergone the mandatory maintenance, and we aren’t expecting any interruption to RBCommons during this time. However, we may be running at reduced capacity for about 20-30 minutes. We will be monitoring things closely.

If you are repeatedly hitting problems with RBCommons, please contact us!

We’ll post further updates if there’s anything to report.

Read More

Announcing unlimited repositories, PDF document review, and 30-day trials!

We’re very happy to announce some exciting improvements to the plans offered on RBCommons.

 

Unlimited repositories!

We’ve removed the restrictions on the number of repositories your team can set up. You can now add as many repositories s you need without hitting a limit, and at no additional cost. Add all your Git repositories, your forks, open source projects you contribute to, or whatever you like.

This applies to all plans from Starter to Enterprise. If you’re running on the old Micro 2012 or Small 2012 plans, you’ll need to upgrade in order to add unlimited repositories.

 

Upload your PDFs for review

We’ve also introduced support for reviewing PDF documents. Simply drag-and-drop a PDF file into your review request and wait for the PDF to be processed. Reviewers will be able to read through the PDF and comment on any section, just like they can already do with code and images today.

This feature is available on Medium and higher plans. If you’re on a smaller plan, you can upgrade to take advantage of PDF review by changing your plan in your Team Administration page. If you’re interested in trying out PDF review first, contact us and we will temporarily enable it for your team.

 

More time to try RBCommons

For the new teams out there, we’ve increased our trial period from 14 days to 30. This should give you more time to get set up and comfortable with RBCommons.

If you already have a trial subscription, we’ve already gone back and increased your trial to 30 days. You should have received an e-mail from us already. If not, please let us know.

Read More

Welcome to RBCommons 2.0!

It’s here!

We’re so excited to announce the all-new RBCommons 2.0. This is a major update that improves the service in so many ways that we won’t be able to fit it into one post. It’s faster, more reliable, easier to use, and full of polish.

Let’s go over a few of the new features.

 

A super-charged diff viewer

The first thing you’ll see in the new diff viewer is a new file index. At a glance, you’ll see not only what files were changed, but the complexity of the changes. The ring icons beside each file show the proportions of inserted lines, deleted lines, and replaced lines. The thickness of the ring shows how much of the file has been modified.

 

 

In most diff viewers, indentation-only changes look just like any other changes. You have to spend time checking to make sure that the content didn’t actually change along with the indentation.

Not here! Now, indentation-only changes are shown with little markers, which show exactly how many spaces or tabs were used. You won’t have to spend any time looking at whether the text in the line has changed. You’ll know at a glance.

 

 

We’ve also improved the quality of interdiffs (especially when dealing with merges), made moved line detection much smarter, and added an easy-to-use revision selector to quickly jump between diff revisions and interdiffs without reloading the page.

 

The new “New Review Request” page

We’ve completely rewritten the New Review request page, making it simpler to upload your diff and check it for errors. We’ve also gone further and added one-click posting of committed changes for review. Simply select a branch, browse through your commits, and click to post. In seconds, it’ll be up and ready for review.

 

 

Detailed change histories

When you’re working on large changes with several iterations, it’s important to know exactly what changed. We’ve always provided change histories, but they were pretty basic. Now, they’re anything but.

 

 

A slicker dashboard

We cleaned up the dashboard navigation and layout to help you jump between your incoming and outgoing review requests. The sidebar is less cluttered and confusing, and actually useful.

We’ve also addressed two of our most-requested features: Issue counts in the dashboard, and batch closing of review requests.

The Ship It column now shows the number of open issues filed against a review request, if any. These always take precedence over any Ship Its, helping you know at a glance if there’s any feedback you need to address.

 

 

The all-new “Select Rows” column in the dashboard lets you select multiple review requests and close them in one go. It’s very useful when trying to clean up your dashboard if you’ve gotten behind in closing review requests, or if a former teammate leaves. Simply click the pencil in the top-right of the dashboard to add this column, and drag it where you want it.

 

Lots more!

This post is getting pretty long, so we’ll wrap it up. Basically, a lot has changed, and we only touched upon a few of the features. Some others include:

  • Markdown support in all text fields
  • Faster posting of review requests from RBTools
  • Retina icons
  • New support for reviewing different text-based file attachments
  • Reviewers can close issues they filed
  • Easy download of files in the diff viewer

In the coming weeks, we’ll go into more detail on some of the more useful additions in this release, including tips and tricks on how to get the most out of RBCommons 2.0.

This was a pretty major release, so if you have any issues, please contact us immediately so we can resolve them!

Read More

RBCommons 2.0 is coming this weekend!

Updated Saturday, 1:50AM PST: We had some issues with one of the new servers, and had to roll some things back temporarily. This is extending our maintenance window. Hopefully nobody will be too badly affected, but we’ll be down until approximately 5AM PST.

 

We’re making a huge update to RBCommons this weekend. The site will be down for up to 4 hours starting Friday at 11PM PST, as we begin our upgrade to the all-new RBCommons 2.0.

This new update is based on Review Board 2.0, and brings some major improvements to the dashboard, diff viewer, review request change histories, performance, and more. A few of the new features you can expect include:

  • Fewer full-page reloads
  • Faster load times
  • Better, more accurate interdiffs
  • Markdown input for all text fields
  • Indentation markers in diffs
  • Smarter moved line detection in diffs
  • A nicer dashboard, which better displays when changes are approved, or if they have pending issues still open
  • Bulk-closing of review requests through the dashboard
  • Easy posting of existing commits on your GitHub or Subversion repositories, right from the New Review Request page
  • Faster posting of changes using RBTools
  • Better display of exactly what changed in updates to review requests
  • High-DPI icons for those on Retina or equivalent displays
  • Review of text-based file attachments

That’s just a few of the features that this release will bring. We’ll go into more detail after everything’s deployed.

On top of this, we’re moving onto much faster servers, which should help with some of the growth spurts we’ve been hitting lately.

So wrap up your work before this Friday at 11PM PST (Saturday, 6AM UTC). We’ll be shutting down the servers for up to 4 hours as we move to the new servers and begin the upgrade. It shouldn’t take the full 4 hours, but we want to allow for any issues that come up.

Read More

This weekend’s upcoming server maintenance

This weekend, we’re beginning a series of upgrades to our infrastructure that should resolve some stability issues we’ve periodically hit with our database server on AWS. It should also help to improve performance across the site.

This work will start Sunday, August 17th at 6AM UTC (that’s Saturday at 11PM PST for those in California). We’re blocking off two hours for the work, at which point the site will be down. It shouldn’t take nearly that long, though.

Going forward, we’re gearing up for a big update to RBCommons. Along with this, we’re planning some further hardware upgrades that should do a lot to further improve performance. We’re planning this for some time in the next two weeks. We’ll announce the details when we’re closer.

If you are worried that your team is going to be horribly impacted by this maintenance window, please let us know!

Updated Sunday, 12:33AM PST: Maintenance is complete, and we’re back up and running!

Read More

RBCommons 2.0 Beta!

A few months back, we finished up the release of Review Board 2.0, a major release offering features such as Markdown text editing, an improved diff viewer, easy posting of existing commits for review, open issue integration in the dashboard, and more.

We’ve been working to update RBCommons for the Review Board 2.0 codebase, and are happy to announce that the first public beta is ready! We’re trying to squash any remaining bugs, so please play around with it and report back to us.

A few important notes:

  • Your review requests and reviews will not sync between the beta server and rbcommons.com. Don’t use it for production work. Your data will be lost when we switch over.
  • The database is from August 4th. Your review requests and reviews made since then will not be there. This is normal!
  • DO NOT make any changes to your billing or cancel your team or user account on the beta! This will affect your main RBCommons account.
  • If you signed up in the past week and your team or user account is not available on the demo server, contact us, and we’ll get you set up.

With that in mind, give it a try at beta.rbcommons.com! Please send us any feedback you have.

We’re planning to switch over by the end of August. We’ll give a heads-up before we go live.

Read More

RBCommons and the Heartbleed SSL Vulnerability

On April 7th, the world became aware of a critical vulnerability in the versions of OpenSSL powering much of the Internet. These were very serious problems that could allow attackers to gain access to certain confidential data on the server. This vulnerability is known as Heartbleed.

The vulnerability was, fortunately, found by security researchers, and companies like Red Hat and Amazon were quick to put out patched builds.

We take security very seriously, and rushed to update and replace our SSL certificates, ensuring our users would be safe in the off chance that anybody had decided to target us. We are not aware of any attempts on RBCommons, and want to keep it that way.

Even though we don’t believe anyone has targeted RBCommons, we still have a couple recommendations for you.

  1. Reset your password, just to be safe. It might be a good time to evaluate whether you’re using a strong enough password, as well.
  2. Turn on two-factor authentication. This will help keep your account secure, requiring a token code sent to your mobile phone in order to log in.

If you have any questions or concerns, please contact us.

Read More

Two-factor authentication is now available!

For the past month, we’ve been testing support for two-factor authentication for user accounts, and are happy to announce that it’s ready!

Two-factor authentication adds a layer of security to your accounts by requiring that you have your mobile device (cell phone or tablet) with you when logging in. Any time you log into RBCommons, a temporary token code will be sent to your device over text message, or generated by a token generator app.

This token code will be required alongside your username and password. If a malicious hacker tries to log into your account, they’ll need your mobile device or they’ll be out of luck. So keep that safe!

 

Enabling two-factor authentication

It only takes a minute to enable two-factor authentication on your account. Simply:

  1. Go to your My Account page and click “Authentication” on the left.
  2. Click “Enable two-factor authentication” on the right.
  3. Choose whether to use a token generator app, like Google Authenticator (recommended), or to receive text messages on your cell number (carrier rates may apply).
  4. Depending on your choice, you’ll receive a simple set of instructions for getting set up.

You’ll receive your first generated token, which will be used to verify that everything was set up correctly.

After you enable two-factor authentication, you’ll have the opportunity to set a secondary phone number to use in case you lose your primary mobile device or app settings. We highly recommend that you do this, especially if you’re using a token generator app.

 

Download your backup tokens!

If you’re ever locked out of your account due to a lost or broken phone or tablet, you’ll need a backup token to get back in. These are a pre-generated set of token codes that you can use when logging in.

After you enable two-factor authentication, click “View Backup Tokens.” You may have to verify your password and auth token the first time. Then, follow the instructions to generate your set of backup tokens.

Make sure you save these somewhere safe!

 

Upgrade RBTools

You’ll need a modern version of RBTools.

If you’re running 0.5.3 or higher, you’re fine, and will receive an authentication token the next time you have to log in through RBTools.

If you’re running an older version, it’s time to upgrade! We’re continually making improvements to RBTools. Speaking of that, watch this space for a new, major RBTools release announcement, coming soon!

Read More

Happy New Year from RBCommons

We hope you had a great 2013. We sure did, and 2014 looks to be even better. We have a number of new things coming in the next several months that we’re sure you’ll love.

 

First, let’s talk newsletters.

Up until now, all our announcements have taken place on our blog and on Twitter, but that’s not always the best way to keep you up-to-date.

We’ve just made it easier to keep current on the latest updates to RBCommons and to RBTools. You’ll now find an E-Mail Announcements section on your My Account page where you can easily subscribe or unsubscribe to our newsletters. These cover RBCommons and RBTools updates, as well as code review tips and tricks.

You’ll only hear from us when we have something that’s worth your time.

We are also not subscribing anyone by default. If you don’t choose to subscribe, you won’t receive any more e-mails from us unless it is truly important.

 

What’s coming in 2014

Over the next couple of months, we’ll be introducing support for two-factor authentication and PDF document review.

Two-factor authentication will help keep your account secure by making use of your mobile devices to verify that it’s actually you logging into your account.

PDF document review works much like code or image review. If you upload a PDF onto a review request, your team will be able to flip through the pages and make comments on sections of the document. Useful for specifications, manuals, or anything else.

We’re also working on a large update to our Review Board software, which RBCommons is based on. Among other things, this release will provide:

  • Markdown support for review requests and comments
  • Easy posting of review requests for changes already pushed to your repository
  • An improved diff viewer with better move detection, better interdiff support, an improved revision selector, and a fresher design
  • Faster loads and fewer reloads
  • Batch operations in the dashboard (useful when you want to close several review requests at once)
  • Full-text search of all your review requests and reviews
  • New API additions for matching review requests and commits
  • Much more. You can see our beta 1 announcement for some details, and keep watching for a beta 2 announcement.

We’re aiming to bring this to you by Summer this year. Sooner, if all goes well. We’ll keep you informed on our blog and newsletters.

Thanks for reading, and have a great year!

Read More

GitHub two-factor auth, and a new My Account page

Tonight’s update introduces support for GitHub accounts protected with two-factor authentication, and a whole new My Account page.

GitHub’s two-factor authentication is a great way to protect your account, and we highly recommend it, especially since there have been a number of attempts made on GitHub accounts in recent weeks. Previously, administrators had to disable two-factor authentication before linking an account for the first time (when configuring a repository), but no longer. The first time you link an account, you’ll be prompted for your two-factor auth token.

If you already have a GitHub account linked for your repositories, you won’t have to do anything. If you’re not an administrator, same. You’re good.

We also rewrote the My Account page. The old page was a holdover from the early days, and was long overdue for a rewrite. You should find it a lot more organized, and we’ll be adding to it over the coming months.

Along with all that, some nice bug fixes and performance improvements. Enjoy!

Read More