This weekend’s upcoming server maintenance

This weekend, we’re beginning a series of upgrades to our infrastructure that should resolve some stability issues we’ve periodically hit with our database server on AWS. It should also help to improve performance across the site.

This work will start Sunday, August 17th at 6AM UTC (that’s Saturday at 11PM PST for those in California). We’re blocking off two hours for the work, at which point the site will be down. It shouldn’t take nearly that long, though.

Going forward, we’re gearing up for a big update to RBCommons. Along with this, we’re planning some further hardware upgrades that should do a lot to further improve performance. We’re planning this for some time in the next two weeks. We’ll announce the details when we’re closer.

If you are worried that your team is going to be horribly impacted by this maintenance window, please let us know!

Updated Sunday, 12:33AM PST: Maintenance is complete, and we’re back up and running!

Read More

RBCommons 2.0 Beta!

A few months back, we finished up the release of Review Board 2.0, a major release offering features such as Markdown text editing, an improved diff viewer, easy posting of existing commits for review, open issue integration in the dashboard, and more.

We’ve been working to update RBCommons for the Review Board 2.0 codebase, and are happy to announce that the first public beta is ready! We’re trying to squash any remaining bugs, so please play around with it and report back to us.

A few important notes:

  • Your review requests and reviews will not sync between the beta server and rbcommons.com. Don’t use it for production work. Your data will be lost when we switch over.
  • The database is from August 4th. Your review requests and reviews made since then will not be there. This is normal!
  • DO NOT make any changes to your billing or cancel your team or user account on the beta! This will affect your main RBCommons account.
  • If you signed up in the past week and your team or user account is not available on the demo server, contact us, and we’ll get you set up.

With that in mind, give it a try at beta.rbcommons.com! Please send us any feedback you have.

We’re planning to switch over by the end of August. We’ll give a heads-up before we go live.

Read More

RBCommons and the Heartbleed SSL Vulnerability

On April 7th, the world became aware of a critical vulnerability in the versions of OpenSSL powering much of the Internet. These were very serious problems that could allow attackers to gain access to certain confidential data on the server. This vulnerability is known as Heartbleed.

The vulnerability was, fortunately, found by security researchers, and companies like Red Hat and Amazon were quick to put out patched builds.

We take security very seriously, and rushed to update and replace our SSL certificates, ensuring our users would be safe in the off chance that anybody had decided to target us. We are not aware of any attempts on RBCommons, and want to keep it that way.

Even though we don’t believe anyone has targeted RBCommons, we still have a couple recommendations for you.

  1. Reset your password, just to be safe. It might be a good time to evaluate whether you’re using a strong enough password, as well.
  2. Turn on two-factor authentication. This will help keep your account secure, requiring a token code sent to your mobile phone in order to log in.

If you have any questions or concerns, please contact us.

Read More

Two-factor authentication is now available!

For the past month, we’ve been testing support for two-factor authentication for user accounts, and are happy to announce that it’s ready!

Two-factor authentication adds a layer of security to your accounts by requiring that you have your mobile device (cell phone or tablet) with you when logging in. Any time you log into RBCommons, a temporary token code will be sent to your device over text message, or generated by a token generator app.

This token code will be required alongside your username and password. If a malicious hacker tries to log into your account, they’ll need your mobile device or they’ll be out of luck. So keep that safe!

 

Enabling two-factor authentication

It only takes a minute to enable two-factor authentication on your account. Simply:

  1. Go to your My Account page and click “Authentication” on the left.
  2. Click “Enable two-factor authentication” on the right.
  3. Choose whether to use a token generator app, like Google Authenticator (recommended), or to receive text messages on your cell number (carrier rates may apply).
  4. Depending on your choice, you’ll receive a simple set of instructions for getting set up.

You’ll receive your first generated token, which will be used to verify that everything was set up correctly.

After you enable two-factor authentication, you’ll have the opportunity to set a secondary phone number to use in case you lose your primary mobile device or app settings. We highly recommend that you do this, especially if you’re using a token generator app.

 

Download your backup tokens!

If you’re ever locked out of your account due to a lost or broken phone or tablet, you’ll need a backup token to get back in. These are a pre-generated set of token codes that you can use when logging in.

After you enable two-factor authentication, click “View Backup Tokens.” You may have to verify your password and auth token the first time. Then, follow the instructions to generate your set of backup tokens.

Make sure you save these somewhere safe!

 

Upgrade RBTools

You’ll need a modern version of RBTools.

If you’re running 0.5.3 or higher, you’re fine, and will receive an authentication token the next time you have to log in through RBTools.

If you’re running an older version, it’s time to upgrade! We’re continually making improvements to RBTools. Speaking of that, watch this space for a new, major RBTools release announcement, coming soon!

Read More

Happy New Year from RBCommons

We hope you had a great 2013. We sure did, and 2014 looks to be even better. We have a number of new things coming in the next several months that we’re sure you’ll love.

 

First, let’s talk newsletters.

Up until now, all our announcements have taken place on our blog and on Twitter, but that’s not always the best way to keep you up-to-date.

We’ve just made it easier to keep current on the latest updates to RBCommons and to RBTools. You’ll now find an E-Mail Announcements section on your My Account page where you can easily subscribe or unsubscribe to our newsletters. These cover RBCommons and RBTools updates, as well as code review tips and tricks.

You’ll only hear from us when we have something that’s worth your time.

We are also not subscribing anyone by default. If you don’t choose to subscribe, you won’t receive any more e-mails from us unless it is truly important.

 

What’s coming in 2014

Over the next couple of months, we’ll be introducing support for two-factor authentication and PDF document review.

Two-factor authentication will help keep your account secure by making use of your mobile devices to verify that it’s actually you logging into your account.

PDF document review works much like code or image review. If you upload a PDF onto a review request, your team will be able to flip through the pages and make comments on sections of the document. Useful for specifications, manuals, or anything else.

We’re also working on a large update to our Review Board software, which RBCommons is based on. Among other things, this release will provide:

  • Markdown support for review requests and comments
  • Easy posting of review requests for changes already pushed to your repository
  • An improved diff viewer with better move detection, better interdiff support, an improved revision selector, and a fresher design
  • Faster loads and fewer reloads
  • Batch operations in the dashboard (useful when you want to close several review requests at once)
  • Full-text search of all your review requests and reviews
  • New API additions for matching review requests and commits
  • Much more. You can see our beta 1 announcement for some details, and keep watching for a beta 2 announcement.

We’re aiming to bring this to you by Summer this year. Sooner, if all goes well. We’ll keep you informed on our blog and newsletters.

Thanks for reading, and have a great year!

Read More

GitHub two-factor auth, and a new My Account page

Tonight’s update introduces support for GitHub accounts protected with two-factor authentication, and a whole new My Account page.

GitHub’s two-factor authentication is a great way to protect your account, and we highly recommend it, especially since there have been a number of attempts made on GitHub accounts in recent weeks. Previously, administrators had to disable two-factor authentication before linking an account for the first time (when configuring a repository), but no longer. The first time you link an account, you’ll be prompted for your two-factor auth token.

If you already have a GitHub account linked for your repositories, you won’t have to do anything. If you’re not an administrator, same. You’re good.

We also rewrote the My Account page. The old page was a holdover from the early days, and was long overdue for a rewrite. You should find it a lot more organized, and we’ll be adding to it over the coming months.

Along with all that, some nice bug fixes and performance improvements. Enjoy!

Read More

Tonight’s round of improvements for teams

We deployed an update tonight that makes some small but very useful changes throughout the site.

Your account menu at the top of every page has been tweaked to show your username, instead of your first name. We found that people sometimes forgot which username they registered with, which this should help a lot with. Inside the menu, you’ll see a little card showing your gravatar, name, and e-mail address, along with the usual menu items for changing your account profile and logging out.

Next to your account menu is your new Team menu. Here you’ll see your team and a menu item for creating new teams. If you’re an administrator, you’ll also be able to get to your Team Administration page from here. If you’re a member of more than one team on RBCommons, it also offers an easy way to switch between them.

This menu also gave us the opportunity to make another change. When you visit RBCommons.com, you’ll now be taken directly to your dashboard, skipping the old and shabby “home” screen altogether.

One last thing, for administrators. The interface for adding or editing review groups in the Team Administration page was not up to par. We’ve revamped this, and it’s much nicer, particularly for user selection.

And that’s it! Enjoy, and keep the great feedback coming.

Read More

Announcing new abilities for team administrators

Nobody likes a cluttered dashboard. It makes it harder to see what’s left to review in a day, and can have an impact on how often people check for what needs a review.

Sometimes this happens because someone has left the company. Sometimes people forget.

One of the most frequent requests we’ve had is to give team administrators a way to manage the mess. Today, we’re happy to announce that this feature has finally arrived.

Team administrators now have the ability to modify, close or reopen any review request on their team. You can also leave a message in the close description saying, for example, that the original owner left the company, or that the change was committed to a certain branch.

When posting through RBTools, you’ll also be able to post changes on behalf of another user, by passing the --submit-as=<username> flag to rbt post (or post-review, if you’re still using that). This is very useful if you’re looking to automate creating review requests.

In the future, we plan to make it possible to grant these abilities to other members of your team without giving full administrator rights.

Read More

Announcing support for Beanstalk and Bitbucket Git

We’re happy to announce that we’ve added support for two heavily requested code hosting services: Beanstalk, and Bitbucket Git repositories.

 

Welcome, Beanstalk!

Beanstalk is a code hosting and development service with support for Git and Subversion. It integrates with a variety of services and offers easy deployment to servers. They offer a free 30 day trial, and have reasonably priced packages for teams and businesses of all sizes.

To add a Beanstalk repository to RBCommons, you first need to enable API support for your account. Log into Beanstalk and click Account on the top-right. Then scroll down to Developer API and enable it.

Then, on RBCommons, simply add a repository and choose Beanstalk as the hosting service. Enter your Beanstalk account domain (the mydomain part of mydomain.beanstalkapp.com), your repository name, and save. You’re set up!

 

Bitbucket Git is finally here

As of today, you’ll be able to use Git repositories hosted on Bitbucket. Before today, Bitbucket was only usable with Mercurial. You can simply add your repository like any other repository. Just choose Bitbucket as the hosting service, and Git for the repository type.

You will need to install RBTools 0.5.2 and use rbt post in order to post your diffs for Bitbucket Git repositories. Unfortunately, due to some limitations in the Bitbucket APIs, you cannot use git diff or older versions of RBTools.

 

To all new users

We have guides for helping you get set up quickly. Please see our Getting Started guide, and Posting Patches for Review.

If you’re signing up for Beanstalk or Bitbucket Git support, let us know! You can tell us where you came from when creating your team.

Read More

Site Update: New goodies and speedups

We’ve deployed some new updates to RBCommons that should please many of you. Let’s go through the highlights.

 

New “Depends On” field

When you’re working with several inter-dependent changes, it’s helpful to give your fellow teammates a heads up on what depends on what. That helps them prioritize what to review, and gives them some context on what they’re looking at.

We’ve added a Depends On field to review requests for listing the review request IDs your change depends on. Each listed review request will then show that they block your change. A small change, but one we’re sure will be helpful to many of you.

 

Performance Improvements

We’ve worked hard to improve performance for uploading new diffs. From here on, as you begin to upload and view more diffs, we collect more information on what files and revisions we know exist, and which we know don’t exist. We use this to avoid some of the lookups we used to do before against your repositories.

For those of you who are very active and use GitHub, this drastically reduces the API lookups we have to do, speeding up diffs, and making it even harder to hit the dreaded GitHub API rate limits.

 

Nicer dashboard refreshing

The dashboard used to do a full-page reload every so often to refresh your view, which was.. noticeable. It was also pretty nasty when your connection to the server was interrupted, or when it tried to refresh during an RBCommons server upgrade, as you would come back to an error page.

You won’t see these issues anymore. The dashboard intelligently refreshes itself without a full page reload, and is resistant to temporary outages.

 

And more

There’s also a handful of bug fixes and some interface polish, particularly around issue tracking. We hope you like this update.

Read More