Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

shattered

You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions. This post will try to explain the problem this caused and what prevention and remediation options are available if you run into …

Read More »

Why Your Enterprise Needs a Git Strategy (Part 2)

Git Strategy 1 image

Having a plan for adopting Git for your enterprise can lead to great results In part two of our blog series (read Part 1) we share tips of adopting and scaling Git in the enterprise. When considering enterprise-wide Git adoption, it is not enough to only evaluate the SCM needs of your organization. The strategy should view Git as a vital part of the application lifecycle management (ALM) platform. Most Git solutions today have both SCM and ALM capabilities and claim readiness for enterprise-scale Git deployment. There are a few fundamental requirements that your strategy must address to make Git …

Read More »

Why Your Enterprise Needs a Git Strategy (Part 1)

Git Strategy 1 image

A governed adoption of Git can help speed up software development, while ensuring the security of source code. In the first of a two-part blog series we assess the status of Git in the enterprise and discuss major challenges to its adoption. Git is the world’s leading distributed source code management (SCM) system. In a recent CollabNet survey, 87% of the 838 respondents polled indicated that their enterprises either already use or have plans to deploy Git. With its flexibility, speed, and powerful branching and merging capabilities, Git represents an opportunity for global enterprises to drive productivity and accelerate application …

Read More »

Installing Jenkins for Use with TeamForge

This week I was working with a customer, helping to set up a sandbox environment for them, including helping them to build a local Jenkins server to use with TeamForge.  I’ve done this a few times now, but every time I end up back in the same places, figuring out the same things over again so this time, I’m going to document it for me, and for you.  There’s a pretty good chance, I think, that I’ll end up doing this again for a proof of concept with a prospective customer one day, so having this information handy will be… …

Read More »

SVN Edge 5.0 Released – with Java 8 Support

I am pleased to announce the release and general availability of SVN Edge 5.0. Downloads for Windows, Linux and Solaris are available now. If you already have SVN Edge installed, you can update from within the application itself. Windows users should read on though. The driver for this release was support for Java 8. Normally, new releases of Java are not that big a deal because Java has excellent backwards compatibility and code written and compiled for older versions generally works the same on newer versions. I’ve been working with Java since 1.1 and that has always been my experience. …

Read More »

Bulletproof, Military Grade Security – Visualizing the Access Control Mechanisms of Your SCM Solution

Who-can-access-What

Why visualize? Access control is probably not the most sexy or intuitive part of any SCM (source code management) solution. However, understanding how access control mechanisms work is crucial for any enterprise that has to protect its intellectual property. What makes things tricky is that any SCM solution on the planet claims to have proper, powerful, “military grade”, “bulletproof” access controls in place. Looking at the specifics, there are huge differences that can give you a competitive business advantage (or disadvantage). A framework that helps you to visualize the differences in the fine print is a way better approach to …

Read More »

Exploring Task-based CI with SVN and Git

CI is frequently implemented as a dev process and not tied to the rest of the software development life cycle, resulting in a lack of real time visibility across all stakeholders at the project level.  Simply moving CI away from an isolated dev discipline is difficult, let alone scaling CI across an enterprise. One major challenge is achieving the high frequency of integrations while tying the CI process to the business needs and ensuring functional completeness, such as features that span multiple builds. Other challenges in scaling CI are governance and Ops.  CI tooling and adoption is often driven at …

Read More »

Migrating from Subversion to Git: What Your PCI-DSS Guy Will Not Tell You, Part 1

It is the time of the year when consumers begin to open their wallets. Retail and credit card processing industries are busily preparing their systems to handle the projected volume of credit card transactions leading up to Black Friday through the New Year.  It is no wonder IT folks are now revisiting their compliance with the infamous PCI-DSS (Payment Card Industry Data Security Standard) to ensure that their companies develop and store code dealing with credit cards in a secure way. If you are not familiar with PCI-DSS, in a nutshell, is a rigorous set of standards for protecting cardholder …

Read More »

Considering a Migration from ClearCase to Git, Gerrit or Subversion?

Git

Open Source Software offers compelling benefits, including affordability, security & stability, speed of innovation and flexibility.  This especially is evident with OSS source code management software such as Git and Subversion. In this Webinar we will provide a proven framework to guide your decision – when to move, and if OSS is the right answer. We will present a proven path for migration from ClearCase or other proprietary SCM systems that has helped over 30,000 users to make the switch. This webinar will present an actionable strategy, covering the phases of discovery and planning, and  a practical guide for the …

Read More »

CloudForge’s Improved Subversion Service

The Backstory Since joining the CloudForge Development team within CollabNet nearly a year ago, several of my colleagues and I have been primarily focused on delivering improvements to the scalability and reliability of the CloudForge improved Subversion service.  With tens of terabytes of live Subversion repository data being generated and used by tens of thousands of our customers, even the smallest improvements we make to the service have a pretty big impact. CloudForge was built on a strong Subversion architecture, but over the years the ever-growing number of customers put a strain on the platform.  In the original architecture, customers (organizations) were …

Read More »