RBCommons

RBCommons and this week’s security news

Christian Hammond

This has been an interesting week on the Internet, security-wise. A vulnerability in the Bash shell (named “Shellshock”) was announced that allows remote execution of code on unpatched servers with certain configurations. Separately, an undisclosed vulnerability in Xen forced AWS and Rackspace to announce mandatory reboots of many of their customers’ servers. (See Amazon’s announcement and Rackspace’s announcement for more details.)

We’d like to give an overview of how all this is affecting RBCommons and, in turn, you.

We keep a close eye on all security updates available for the software and libraries we use, and are quick to patch our servers as fixes roll out. We’ve also performed many tests to ensure that malicious Shellshock HTTP requests do not impact us. Your data is safe.

Some of the services we use were affected by the mandatory AWS and Rackspace reboots. Earlier today, our mail provider, Mailgun, was temporarily down during the outage, which may have resulted in missing or delayed e-mails for those working on Sunday.

We’ve had a few rare DNS lookup failures, resulting in errors when visiting pages or otherwise interacting with RBCommons. There have only been four so far, and are temporary. If you see a random error loading a page, please just try again. We know this failure has affected a number of other AWS customers as well.

Tonight at 11PM PST, Amazon is scheduling some of our servers for a 6 hour maintenance window. This isn’t the first set of our servers to have undergone the mandatory maintenance, and we aren’t expecting any interruption to RBCommons during this time. However, we may be running at reduced capacity for about 20-30 minutes. We will be monitoring things closely.

If you are repeatedly hitting problems with RBCommons, please contact us!

We’ll post further updates if there’s anything to report.

Read More

Announcing unlimited repositories, PDF document review, and 30-day trials!

Christian Hammond

We’re very happy to announce some exciting improvements to the plans offered on RBCommons.

 

Unlimited repositories!

We’ve removed the restrictions on the number of repositories your team can set up. You can now add as many repositories s you need without hitting a limit, and at no additional cost. Add all your Git repositories, your forks, open source projects you contribute to, or whatever you like.

This applies to all plans from Starter to Enterprise. If you’re running on the old Micro 2012 or Small 2012 plans, you’ll need to upgrade in order to add unlimited repositories.

 

Upload your PDFs for review

We’ve also introduced support for reviewing PDF documents. Simply drag-and-drop a PDF file into your review request and wait for the PDF to be processed. Reviewers will be able to read through the PDF and comment on any section, just like they can already do with code and images today.

This feature is available on Medium and higher plans. If you’re on a smaller plan, you can upgrade to take advantage of PDF review by changing your plan in your Team Administration page. If you’re interested in trying out PDF review first, contact us and we will temporarily enable it for your team.

 

More time to try RBCommons

For the new teams out there, we’ve increased our trial period from 14 days to 30. This should give you more time to get set up and comfortable with RBCommons.

If you already have a trial subscription, we’ve already gone back and increased your trial to 30 days. You should have received an e-mail from us already. If not, please let us know.

Read More

Welcome to RBCommons 2.0!

Christian Hammond

It’s here!

We’re so excited to announce the all-new RBCommons 2.0. This is a major update that improves the service in so many ways that we won’t be able to fit it into one post. It’s faster, more reliable, easier to use, and full of polish.

Let’s go over a few of the new features.

 

A super-charged diff viewer

The first thing you’ll see in the new diff viewer is a new file index. At a glance, you’ll see not only what files were changed, but the complexity of the changes. The ring icons beside each file show the proportions of inserted lines, deleted lines, and replaced lines. The thickness of the ring shows how much of the file has been modified.

 

 

In most diff viewers, indentation-only changes look just like any other changes. You have to spend time checking to make sure that the content didn’t actually change along with the indentation.

Not here! Now, indentation-only changes are shown with little markers, which show exactly how many spaces or tabs were used. You won’t have to spend any time looking at whether the text in the line has changed. You’ll know at a glance.

 

 

We’ve also improved the quality of interdiffs (especially when dealing with merges), made moved line detection much smarter, and added an easy-to-use revision selector to quickly jump between diff revisions and interdiffs without reloading the page.

 

The new “New Review Request” page

We’ve completely rewritten the New Review request page, making it simpler to upload your diff and check it for errors. We’ve also gone further and added one-click posting of committed changes for review. Simply select a branch, browse through your commits, and click to post. In seconds, it’ll be up and ready for review.

 

 

Detailed change histories

When you’re working on large changes with several iterations, it’s important to know exactly what changed. We’ve always provided change histories, but they were pretty basic. Now, they’re anything but.

 

 

A slicker dashboard

We cleaned up the dashboard navigation and layout to help you jump between your incoming and outgoing review requests. The sidebar is less cluttered and confusing, and actually useful.

We’ve also addressed two of our most-requested features: Issue counts in the dashboard, and batch closing of review requests.

The Ship It column now shows the number of open issues filed against a review request, if any. These always take precedence over any Ship Its, helping you know at a glance if there’s any feedback you need to address.

 

 

The all-new “Select Rows” column in the dashboard lets you select multiple review requests and close them in one go. It’s very useful when trying to clean up your dashboard if you’ve gotten behind in closing review requests, or if a former teammate leaves. Simply click the pencil in the top-right of the dashboard to add this column, and drag it where you want it.

 

Lots more!

This post is getting pretty long, so we’ll wrap it up. Basically, a lot has changed, and we only touched upon a few of the features. Some others include:

  • Markdown support in all text fields
  • Faster posting of review requests from RBTools
  • Retina icons
  • New support for reviewing different text-based file attachments
  • Reviewers can close issues they filed
  • Easy download of files in the diff viewer

In the coming weeks, we’ll go into more detail on some of the more useful additions in this release, including tips and tricks on how to get the most out of RBCommons 2.0.

This was a pretty major release, so if you have any issues, please contact us immediately so we can resolve them!

Read More

RBCommons 2.0 is coming this weekend!

Christian Hammond

Updated Saturday, 1:50AM PST: We had some issues with one of the new servers, and had to roll some things back temporarily. This is extending our maintenance window. Hopefully nobody will be too badly affected, but we’ll be down until approximately 5AM PST.

 

We’re making a huge update to RBCommons this weekend. The site will be down for up to 4 hours starting Friday at 11PM PST, as we begin our upgrade to the all-new RBCommons 2.0.

This new update is based on Review Board 2.0, and brings some major improvements to the dashboard, diff viewer, review request change histories, performance, and more. A few of the new features you can expect include:

  • Fewer full-page reloads
  • Faster load times
  • Better, more accurate interdiffs
  • Markdown input for all text fields
  • Indentation markers in diffs
  • Smarter moved line detection in diffs
  • A nicer dashboard, which better displays when changes are approved, or if they have pending issues still open
  • Bulk-closing of review requests through the dashboard
  • Easy posting of existing commits on your GitHub or Subversion repositories, right from the New Review Request page
  • Faster posting of changes using RBTools
  • Better display of exactly what changed in updates to review requests
  • High-DPI icons for those on Retina or equivalent displays
  • Review of text-based file attachments

That’s just a few of the features that this release will bring. We’ll go into more detail after everything’s deployed.

On top of this, we’re moving onto much faster servers, which should help with some of the growth spurts we’ve been hitting lately.

So wrap up your work before this Friday at 11PM PST (Saturday, 6AM UTC). We’ll be shutting down the servers for up to 4 hours as we move to the new servers and begin the upgrade. It shouldn’t take the full 4 hours, but we want to allow for any issues that come up.

Read More

This weekend’s upcoming server maintenance

Christian Hammond

This weekend, we’re beginning a series of upgrades to our infrastructure that should resolve some stability issues we’ve periodically hit with our database server on AWS. It should also help to improve performance across the site.

This work will start Sunday, August 17th at 6AM UTC (that’s Saturday at 11PM PST for those in California). We’re blocking off two hours for the work, at which point the site will be down. It shouldn’t take nearly that long, though.

Going forward, we’re gearing up for a big update to RBCommons. Along with this, we’re planning some further hardware upgrades that should do a lot to further improve performance. We’re planning this for some time in the next two weeks. We’ll announce the details when we’re closer.

If you are worried that your team is going to be horribly impacted by this maintenance window, please let us know!

Updated Sunday, 12:33AM PST: Maintenance is complete, and we’re back up and running!

Read More

RBCommons 2.0 Beta!

Christian Hammond

A few months back, we finished up the release of Review Board 2.0, a major release offering features such as Markdown text editing, an improved diff viewer, easy posting of existing commits for review, open issue integration in the dashboard, and more.

We’ve been working to update RBCommons for the Review Board 2.0 codebase, and are happy to announce that the first public beta is ready! We’re trying to squash any remaining bugs, so please play around with it and report back to us.

A few important notes:

  • Your review requests and reviews will not sync between the beta server and rbcommons.com. Don’t use it for production work. Your data will be lost when we switch over.
  • The database is from August 4th. Your review requests and reviews made since then will not be there. This is normal!
  • DO NOT make any changes to your billing or cancel your team or user account on the beta! This will affect your main RBCommons account.
  • If you signed up in the past week and your team or user account is not available on the demo server, contact us, and we’ll get you set up.

With that in mind, give it a try at beta.rbcommons.com! Please send us any feedback you have.

We’re planning to switch over by the end of August. We’ll give a heads-up before we go live.

Read More

RBTools 0.6.2 is released

Christian Hammond

This evening’s release of RBTools 0.6.2 fixes several bugs throughout rbt post and rbt patch.

Mercurial users will find that rbt patch now behaves as expected especially for Git diffs. No need to manually fetch and patch by hand anymore.

We’ve fixed some breakages that users hit with error messages coming from Review Board under certain conditions, and some compatibility issues with Perforce, ClearCase, and Git.

You can upgrade to RBTools 0.6.1 by typing:

    $ sudo easy_install -U RBTools

(If you’re on Windows, you shouldn’t need to type “sudo.”)

See the release notes for the full list of changes.

Read More

RBTools 0.6.1 is released

Christian Hammond

We have just released RBTools 0.6.1. This release improves upon April’s release of RBTools 0.6, fixing numerous bugs that have been reported to us over the past two months.

These fixes cover compatibility issues with different types of repositories, misleading or useless error messages, crashes in certain edge cases, and issues running on different operating systems.

You can upgrade to RBTools 0.6.1 by typing:

    $ sudo easy_install -U RBTools

(If you’re on Windows, you shouldn’t need to type “sudo.”)

If you’re running an older version, now’s a great time to upgrade! We outlined the major improvements in our RBTools 0.6 announcement.

See the release notes for the full list of changes in 0.6.1.

Read More

RBCommons and the Heartbleed SSL Vulnerability

Christian Hammond

On April 7th, the world became aware of a critical vulnerability in the versions of OpenSSL powering much of the Internet. These were very serious problems that could allow attackers to gain access to certain confidential data on the server. This vulnerability is known as Heartbleed.

The vulnerability was, fortunately, found by security researchers, and companies like Red Hat and Amazon were quick to put out patched builds.

We take security very seriously, and rushed to update and replace our SSL certificates, ensuring our users would be safe in the off chance that anybody had decided to target us. We are not aware of any attempts on RBCommons, and want to keep it that way.

Even though we don’t believe anyone has targeted RBCommons, we still have a couple recommendations for you.

  1. Reset your password, just to be safe. It might be a good time to evaluate whether you’re using a strong enough password, as well.
  2. Turn on two-factor authentication. This will help keep your account secure, requiring a token code sent to your mobile phone in order to log in.

If you have any questions or concerns, please contact us.

Read More

RBTools 0.6 is released

Christian Hammond

RBTools 0.6 has just been released, and it’s a big one. We spent a lot of time simplifying the process for posting and updating review requests, and we think it’s going to make life a lot easier for just about everyone.

Posting using Git or Mercurial used to require dealing with --parent and --revision-range, along with our custom revision syntax. Now all you have to do is pass native revisions or revision ranges to rbt post, like so:

$ rbt post HEAD
$ rbt post main-branch..feature-branch
$ rbt post 123:126

Compare this to the old way of doing things:

$ rbt post --parent=HEAD^
$ rbt post --revision-range=main-branch:feature-branch
$ rbt post --revision-range=123:126

We’ve also improved how “guessing” descriptions and summaries from commits work. In previous versions, you needed to run rbt post -g to enable guessing, but in 0.6, it’s now automatic for new review requests. This means less typing and less work to do.

That behavior can also be changed through new GUESS_FIELDS settings in .reviewboardrc. This is covered more in the documentation.

A few other goodies:

  • Feature and performance improvements for Mercurial
  • Git repository hook scripts for auto-closing review requests and requiring approval for pushes
  • Many new configuration options

And more.

A couple important notes. We’ve removed support for the old post-review tool. Running post-review will now tell you to use rbt post instead.

We’ve also removed support for Python 2.4. You will now need 2.5 or higher. We strongly recommend that everybody upgrades to Python 2.7.

See the release notes for the complete list of changes.

Read More