Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

shattered

You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions. This post will try to explain the problem this caused and what prevention and remediation options are available if you run into …

Read More »

CollabNet Hits Stride for 2016

CN logo-transparent

Just more than a year ago I was presented with the opportunity to assume the role of CEO of CollabNet, one of the early pioneers in distributed software collaboration for the enterprise. As the creator of Subversion, the company has deep roots in open source, cloud, Agile and DevOps management. Hence the name, CollabNet has been connecting people, tools and processes together as few other companies can. And, we do it at scale, with our largest customer implementation of TeamForge exceeding 85,000 users. As the software delivery industry has undergone swift and dramatic change, many of the things CollabNet stands …

Read More »

Installing Jenkins for Use with TeamForge

This week I was working with a customer, helping to set up a sandbox environment for them, including helping them to build a local Jenkins server to use with TeamForge.  I’ve done this a few times now, but every time I end up back in the same places, figuring out the same things over again so this time, I’m going to document it for me, and for you.  There’s a pretty good chance, I think, that I’ll end up doing this again for a proof of concept with a prospective customer one day, so having this information handy will be… …

Read More »

So You Want to Centralize?

“7 Steps to Centralize Your Enterprise” So you want to centralize your enterprise? Smart choice – but it’s important to take some factors into consideration if you want to have success. Developers need to ensure representation from each geographic location; understand current development processes and tools; and comprehend the biggest challenges. Furthermore, you need to be aware of, and sensitive to, your project teams’ preferences for existing tools and aversion to change. Before we get started into our list of the “7 Steps to Start Centralization,” let’s tackle the question you are probably asking – “What is centralization, anyway?” Centralization …

Read More »

SVN Edge 5.0 Released – with Java 8 Support

I am pleased to announce the release and general availability of SVN Edge 5.0. Downloads for Windows, Linux and Solaris are available now. If you already have SVN Edge installed, you can update from within the application itself. Windows users should read on though. The driver for this release was support for Java 8. Normally, new releases of Java are not that big a deal because Java has excellent backwards compatibility and code written and compiled for older versions generally works the same on newer versions. I’ve been working with Java since 1.1 and that has always been my experience. …

Read More »

Bulletproof, Military Grade Security – Visualizing the Access Control Mechanisms of Your SCM Solution

Who-can-access-What

Why visualize? Access control is probably not the most sexy or intuitive part of any SCM (source code management) solution. However, understanding how access control mechanisms work is crucial for any enterprise that has to protect its intellectual property. What makes things tricky is that any SCM solution on the planet claims to have proper, powerful, “military grade”, “bulletproof” access controls in place. Looking at the specifics, there are huge differences that can give you a competitive business advantage (or disadvantage). A framework that helps you to visualize the differences in the fine print is a way better approach to …

Read More »

TeamForge 8.0 is here!

This week CollabNet announced TeamForge 8.0 release, and we are very excited about it!  This is the first release in our 8.x series and a very important milestone for us. The 8.0 provides new levels of visibility, reporting and planning for increasingly complex software development processes in enterprise organizations.  TeamForge 8.0 is already available, and you can download an evaluation copy by visiting:  http://www.collab.net/product/teamforge/free-trial. So what are we so excited about? The 8.0 is packed with innovations! Here here are just a few highlights: Most importantly, TeamForge 8.0 has a brand new user interface, with a more modern look and feel. It …

Read More »

Effective SCM Strategy for the Modern Enterprise

Recently CollabNet published the new whitepaper “Effective SCM Strategy for the Modern Enterprise“, which discusses issues that large companies face when working on their Software Delivery Lifecycle (SDLC) infrastructure. While understanding the requirements for repository management is a major part an enterprise IT strategy, when we talked to our customers and prospects, we noticed an interesting (and somewhat troublesome) trend in how people view SCM technology. The key problem we were seeing is that software configuration management (SCM) is typically viewed as a merely technical issue. Business stakeholders often completely rely on the technical experts – users of the SCM …

Read More »

Unexpected Pitfalls of CI/CD Automation: What Your PCI-DSS Guy Will Not Tell You, Part 2

As I promised in my last blog post, I would like to continue the topic of PCI-DSS 3.0, which has been in effect since January 2014. As the January 2015 deadline for meeting the 3.0 requirements rapidly approaches, many companies are working to address areas of the standard that were somewhat neglected in the 2.0 version, such as development tools and processes. It is important to continue developing a better understanding of the standard and its effect on use of development technologies in highly regulated industries. Let’s take a closer look at additional PCI-DSS 3.0 requirements. In my last blog …

Read More »

Migrating from Subversion to Git: What Your PCI-DSS Guy Will Not Tell You, Part 1

It is the time of the year when consumers begin to open their wallets. Retail and credit card processing industries are busily preparing their systems to handle the projected volume of credit card transactions leading up to Black Friday through the New Year.  It is no wonder IT folks are now revisiting their compliance with the infamous PCI-DSS (Payment Card Industry Data Security Standard) to ensure that their companies develop and store code dealing with credit cards in a secure way. If you are not familiar with PCI-DSS, in a nutshell, is a rigorous set of standards for protecting cardholder …

Read More »