Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

shattered

You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions. This post will try to explain the problem this caused and what prevention and remediation options are available if you run into …

Read More »

Why Your Enterprise Needs a Git Strategy (Part 2)

Git Strategy 1 image

Having a plan for adopting Git for your enterprise can lead to great results In part two of our blog series (read Part 1) we share tips of adopting and scaling Git in the enterprise. When considering enterprise-wide Git adoption, it is not enough to only evaluate the SCM needs of your organization. The strategy should view Git as a vital part of the application lifecycle management (ALM) platform. Most Git solutions today have both SCM and ALM capabilities and claim readiness for enterprise-scale Git deployment. There are a few fundamental requirements that your strategy must address to make Git …

Read More »

Why Your Enterprise Needs a Git Strategy (Part 1)

Git Strategy 1 image

A governed adoption of Git can help speed up software development, while ensuring the security of source code. In the first of a two-part blog series we assess the status of Git in the enterprise and discuss major challenges to its adoption. Git is the world’s leading distributed source code management (SCM) system. In a recent CollabNet survey, 87% of the 838 respondents polled indicated that their enterprises either already use or have plans to deploy Git. With its flexibility, speed, and powerful branching and merging capabilities, Git represents an opportunity for global enterprises to drive productivity and accelerate application …

Read More »

Installing Jenkins for Use with TeamForge

This week I was working with a customer, helping to set up a sandbox environment for them, including helping them to build a local Jenkins server to use with TeamForge.  I’ve done this a few times now, but every time I end up back in the same places, figuring out the same things over again so this time, I’m going to document it for me, and for you.  There’s a pretty good chance, I think, that I’ll end up doing this again for a proof of concept with a prospective customer one day, so having this information handy will be… …

Read More »

Distributed or Centralized Development?

  For most enterprises, it’s not a question of or but and Over the past several years, organizations have been affected by new market disruptions that were hard to foresee a decade ago. This is especially true when it comes to the Software Configuration Management (SCM) landscape. Today’s IT organizations must address and manage many new software delivery paradigms, including decentralized development teams, increased use of short-term and remote workforces and greater concerns over intellectual property protection. The combination of these seemingly unrelated forces has created several unique technology and business challenges for enterprise development organizations. Hybrid and Mixed Development …

Read More »

SVN Edge 5.0 Released – with Java 8 Support

I am pleased to announce the release and general availability of SVN Edge 5.0. Downloads for Windows, Linux and Solaris are available now. If you already have SVN Edge installed, you can update from within the application itself. Windows users should read on though. The driver for this release was support for Java 8. Normally, new releases of Java are not that big a deal because Java has excellent backwards compatibility and code written and compiled for older versions generally works the same on newer versions. I’ve been working with Java since 1.1 and that has always been my experience. …

Read More »

Bulletproof, Military Grade Security – Visualizing the Access Control Mechanisms of Your SCM Solution

Who-can-access-What

Why visualize? Access control is probably not the most sexy or intuitive part of any SCM (source code management) solution. However, understanding how access control mechanisms work is crucial for any enterprise that has to protect its intellectual property. What makes things tricky is that any SCM solution on the planet claims to have proper, powerful, “military grade”, “bulletproof” access controls in place. Looking at the specifics, there are huge differences that can give you a competitive business advantage (or disadvantage). A framework that helps you to visualize the differences in the fine print is a way better approach to …

Read More »

Enterprise Open Source Git and ALM Merging – Share Your Views with Our Git Survey

We’ve all gone to Target to buy something cheap, right?  Pretty traditional – lots of racks of clothes and cashiers, right?  Well, Target, like the rest of the world, is changing.  Last month, they acquired a Pittsburgh software company in order to bring “an Amazon-like shopping experience” to in-store customers. The product uses mobile technology, location data, and machine learning to connect a retailer’s app to the in-store shopping experience, and it uses the store’s layout and product locations to deliver customized recommendations and messaging to customers. Has Target shifted from a retail company to a software company? Absolutely. Gone …

Read More »

Exploring Task-based CI with SVN and Git

CI is frequently implemented as a dev process and not tied to the rest of the software development life cycle, resulting in a lack of real time visibility across all stakeholders at the project level.  Simply moving CI away from an isolated dev discipline is difficult, let alone scaling CI across an enterprise. One major challenge is achieving the high frequency of integrations while tying the CI process to the business needs and ensuring functional completeness, such as features that span multiple builds. Other challenges in scaling CI are governance and Ops.  CI tooling and adoption is often driven at …

Read More »

Migrating from Subversion to Git: What Your PCI-DSS Guy Will Not Tell You, Part 1

It is the time of the year when consumers begin to open their wallets. Retail and credit card processing industries are busily preparing their systems to handle the projected volume of credit card transactions leading up to Black Friday through the New Year.  It is no wonder IT folks are now revisiting their compliance with the infamous PCI-DSS (Payment Card Industry Data Security Standard) to ensure that their companies develop and store code dealing with credit cards in a secure way. If you are not familiar with PCI-DSS, in a nutshell, is a rigorous set of standards for protecting cardholder …

Read More »