Сообщение с меткой general
Bash Security Vulnerability Patched (CVE-2014-6271)
On September 24, a serious vulnerability was found in bash, a shell which is ubiquitous on Linux systems. If exploited, this vulnerability could allow arbitrary code to be run on the system. There are a number of different scenarios under which this vulnerability could be exploited, and it affects virtually all versions of bash.
We would like to reassure our customers that that we have patched all of our servers, and have verified that we are currently not vulnerable to this security issue. We have found no evidence that this vulnerability was used against any of our servers. We will continue to follow the development of this issue closely. Please contact us if you have any questions.
UPDATE: The patch for CVE-2014-7169 has now been applied as well on all our servers.
The Heartbleed Bug
On April 7 a security vulnerability in the OpenSSL library was discovered. Named the Heartbleed bug, it has the potential to leak up to 64k of memory on a vulnerable server. This could potentially leak the SSL private key, which would then allow an attacker to decrypt HTTPS traffic to the server.
OpenSSL is used by a majority of web servers worldwide, including RepositoryHosting.com. Fortunately, though, the version of OpenSSL that we are running was not affected by this vulnerability. Therefore, there is no need to rotate your credentials at this time (though rotating your passwords periodically is generally good practice anyway).
We have checked with all the third-party service providers that we use, and they have all patched their systems now. We are rotating all our credentials for their services.
If you have any questions about this, please don't hesitate to contact us at support@repositoryhosting.com.
Support for Additional Languages in Trac
New Languages
We have customers from all over the world, and we are always looking at ways to make our service more international. To help work towards that goal, we have just enabled support for an additional 27 languages in Trac, including everything from Brazilian Portuguese and Hebrew, to Japanese and Swedish. See this page for a full list of the languages; we have enabled support for all languages with at least 75% of their translations finished. We want to thank the Trac community for providing these valuable translations.
Note that although these languages have been enabled in Trac, the rest of our interface, such as the Account Dashboard and support pages, are still only available in our three fully-supported languages: English, Russian, and Simplified Chinese. To update your language settings, simply go to the "Languages and Dates" tab on the Account Settings or My Profile pages.
Upgrades
We have also recently upgraded our repository systems to the latest versions, to keep pace with their rapid development. Subversion has been upgraded to 1.8.3, Git to 1.8.4, and Mercurial to 2.7.
You may have noticed that things have been a bit quiet on the blog recently, as we have been focusing our efforts on infrastructure improvements and other internal projects. However, we have a number of new features planned, so stay tuned.
Diffs in Your Notification Emails
Notification Improvements
I'd like to point out a few changes to our email notifications that we have deployed over the past week. Probably the most exciting is that commit notifications now include a list of all the changes that were made to the committed files. This is shown as a standard unified diff, and saves you time by enabling you to see the changes without having to click through to Trac.
You may enable this feature by going to the Notifications tab on the Project Settings page and selecting the Diffs option. You can also enable it for an entire Category. Note that all new projects will have diffs enabled by default.
While making these additions to our commit notifications, we also did a visual refresh of all our notification messages. The new look includes larger text, a more consistent feel across notifications, and better support of mobile devices.
Replying to Notifications
In a further step to help you to do more from your email, we have added the ability to reply to ticket and commit notifications. This has been a long-requested feature, and allows you to reply back to the person who made the commit or ticket change that you are being notified of. That way you can further discuss the changes that were made. Additionally, if you select the CC option for ticket notifications (see the Notifications tab of the Project Settings page), then everyone who was notified will be included in the email's CC list. Then you can reply-to-all for a group discussion.
We have also integrated this with our Incoming Email feature. Incoming Email allows you to create an email box that your users can send bug reports to, which will then be automatically converted into Trac tickets. Now you can optionally specify an email box that all notification replies go to, so that you can make further changes to the ticket without leaving your email. This includes adding comments and changing ticket attributes. Further notifications would be sent out in response to your changes, continuing the conversation. This option is available on the Incoming Emails tab of the Project Settings page.
We use the email2trac Trac plugin to provide this functionality. For more details on the format for changing tickets, see this page.
Better Performance
You may have also noticed the pages on our site loading a bit faster over the last week. We have been deploying some performance-related changes and have measured a significant improvement, especially in Trac.
We hope you enjoy the new features! Please let us know what you think about the email and performance improvements by leaving a comment below.
Pay with Moneybookers/Skrill
I'm happy to announce that we now support a new payment method, Moneybookers (which is currently being rebranded as Skrill). This new integration allows us to offer more payment options and to better support our customers around the world. We have heard from a number of you that you are unable to use Paypal in your area, but can use Moneybookers. Currently, it looks like Moneybookers is supported in 205 countries compared to Paypal, which supports around 201 countries, and their lists of countries differ somewhat.
We plan to continue adding new payment options in the future. If you have a preferred payment system that we don't yet support, please leave a comment below and let us know.
Prepaying for your Account
We have also just added support for making one-time payments to prepay for your account for any period of time. This can be useful if you'd like to pay at a different interval, such as annually or quarterly, or if you are having trouble getting the automatic monthly payments to work. We have found that a few of our customers have been restricted by their financial institutions from setting up recurring payments, and this should allow them to work around this. This prepayment feature is now available on the Billing tab of the Account Settings page.
Repository Hosting Speaks Russian
I know it's been a little quiet on the blog here lately, but we've been working hard on a number of new features that we will be releasing soon. Today we are announcing the first one: Russian language support! We have quite a few customers from Russia, and we are now supporting Russian on our home page, support pages, Account Dashboard, and in Trac.
You may switch your account to use Russian from the "Languages and Dates" tab of the Account Settings page. Or, if you would only like to change the language for yourself and not everyone else in your account, you may do so from your My Profile page.
We have some good stuff coming up in the next few months, so keep watching this blog for the announcements. And please leave us a comment with feedback about the translation, or to let us know which other languages you would like to see us support in the future.
Faster Performance with Subversion 1.7
We are excited to announce that we have now fully upgraded our servers to Subversion 1.7.1, Git 1.7.7.3, and Mercurial 2.0. The latest versions contain new features, bug fixes, and performance improvements. See the above links for a full list of what is new.
Subversion 1.7
The upgrade to Subversion 1.7 is particularly interesting. This new version should allow significantly faster access over HTTP(S) due to the addition of what they call HTTPv2. To take advantage of the performance boost, you will need to upgrade your Subversion client to version 1.7 as well, and we recommend that all of our customers do this.
Upgrading your client will also upgrade your checked-out repositories to use the new WC-NG metadata management system. The biggest change here is that you will no longer have .svn directories strewn throughout your project. Now, all repository information will be stored in a single .svn directory at the root of your repository.
Also, Subversion 1.7 comes with a new svnrdump tool that allows you to download a dump of your repository directly from the command-line. You will no longer need to download a backup of your project in order to export your repository as a dump file. You can use this new feature as follows:
svnrdump dump https://myaccount.repositoryhosting.com/svn/myaccount_proj > proj.dump
There are many other changes in the latest version, such as patch support, better merge tracking, and improvements to the serf library. Check out the release notes for the full list.
Repository Hosting is now Bilingual
We have always intended Repository Hosting to cater to an international audience. It is one of the reasons we have priced our services as we have. While other companies have set their prices based on what they think they can get out of their customers, we base ours on what it costs us to actually provide the hosting.
By pricing our services as low as we can, we hope that they will benefit as many people as possible. Whether you are on a small development team in China or Belarus or a large corporation in Brazil, whether a student at university in India or Germany or a consultant in California, whether you have one project or hundreds, Repository Hosting is here to provide you with the tools you need to manage your software development. We are excited to further support our international audience by providing our services in new languages and soon, in new regional data centers.
Chinese Language Support
We decided to start with the largest language group in the world, and are happy to announce that we now support our services in Simplified Chinese. We have quite a number of Chinese customers already and some knowledge of Mandarin Chinese on our team, so it seemed like a natural language to start with. You can click the Chinese flag at the top of this page to take a look.
If you would like to switch the language setting of your account over to Chinese, you may do so easily from the new "Languages and Dates" tab on the Account Settings page. Individual users can also set their language preferences from the My Profile page, and these will override the account settings. These settings affect both the Account Dashboard and Trac (many thanks to everyone who contributed to the Chinese translation of Trac).
Dates and Times
In addition to Chinese language support, we have also added other localization options. You can now specify your preferred timezone, and date and time formats. These settings can also be found on the "Languages and Dates" tab, on the Account Settings and My Profile pages.
What do you think?
How's the translation? Any suggestions about our new features? What other languages would you like to see us support? Please let us know if you have any feedback or ideas by leaving a comment below or sending us an email at support@repositoryhosting.com.
Performance Improvements
We hope you have seen some improvements in the performance of Repository Hosting recently. Over the last couple of weeks we've made a number of upgrades and optimizations that should improve your experience with our services. One of the changes we made was moving to more powerful servers. As you know, we use Amazon's excellent EC2 service, and we just upgraded our servers from "c1.medium" 32-bit instances to "m1.large" 64-bit instances. This gives us significantly more memory, which had been a bottleneck earlier. Additionally, we have identified a number of slow actions in our code and rewritten them, giving a noticeable performance boost to the dashboard page, especially for accounts with many projects.
We are currently finishing up a number of new features and UI improvements that will be released soon. These new features are aimed at providing more efficient ways to manage large numbers of projects and users, and generally improving the user experience. They include a completely revamped dashboard. Expect to see the release of these new features within the month.
One Year of Repository Hosting
It has been one year since we launched Repository Hosting to fight the injustice of overpriced and unreliable hosting, and in that time we have seen many people come join our band of renegades. We believe that many of you share our frustration with the other hosting services out there, and we have enjoyed developing a service that is simple and reliable in contrast. After launching Repository Hosting last year, we immediately started enhancing our service with powerful new features. We have had the opportunity to talk with many of you and listen to your feedback, and we know that many of you have enjoyed using Repository Hosting as much as we have creating it.
How far we've come
We believe strongly that our customers should not be charged more for additional features that cost us nothing. This is the basis of our motto One Plan, One Price; we will never nickel and dime you, no matter how many features we add. Over the last year we listened to your feedback and have strived to build Repository Hosting into a service that is powerful, simple, and enjoyable. Some of the features we have been busy adding include:
- Eclipse integration
- Free automated backups, including uploading to S3
- Emailing tickets into Trac
- Updating ticket status from log messages
- Sending notifications to Twitter, Campfire, Basecamp, CIA
- Shared Drives with WebDAV access
- Custom themes, logos, and domain masking
- Agile workflow support via Agilo
- Time Tracking support
- Trac plugins
Our Goals for the next year
We have big plans for this year. We are continuing to add the serious features you expect from a repository hosting service, only at our simpler, fairer pricing model. We don't want to give anything away too early, but there are some big features coming out soon. Ok, here's one hint: Mercurial.
One thing we would like to improve this year is our communication with you, our customers. That means more frequent blog posts and tweets (@rephosting). It also means better updates to our status page, as there were a few instances this past year where the page was not updated when we had an issue. We are also looking into other methods for improving communication between us and our customers.
We learned this year that our customer base is extremely diverse, as we have customers from all over the world. One of our goals is to make Repository Hosting the most international friendly hosting service. Our plans include data centers in new locations and support for additional languages. If there is a language you would really like to see offered, please let us know, if you haven't already.
As always, we are here to serve you, so let us know if you have any feedback on our services, or if you have any suggestions for new features. Thank you for a great first year.
The Renegades at
Repository Hosting
Repository Hosting Reforms Git, Subversion Hosting Industry
We should have written this blog entry three years ago -- in fact, we should have started Repository Hosting three years ago.
We know this because during the last three years, we have tried or used practically every Trac, Git, and Subversion hosting service out there. And to be honest, until six months ago, all we had to show for our effort was frustration. We decided to find out why were so frustrated and discovered three distinct answers.
First, so many of the Git and Subversion hosting services are just not reliable. We have tolerated too much downtime for too long. The bottom line is that companies in this industry have tried to cut costs by adopting approaches to infrastructure that are simply not reliable.
Secondly, our industry seems to be full of people who write a small amount of glue code around a handful of open source utilities and charge $25/month for it. We simply do not believe that the value added by these companies can possibly justify these kinds of prices.
Thirdly, and probably the most frustrating thing of all, too many companies obscure their real prices behind complex plans and feature matrices. They charge people like us more money when we have three programmers instead of two, or fifteen projects instead of ten, or want to do something simple like download a backup.
It has to stop -- and we are just the team to stop it.
Repository Hosting confronts each of these issues head on...
- Reliability: We have leveraged our extensive knowledge of Amazon EC2 to create a reliable, scalable and cost-effective hosting platform at Amazon.
- Integration: We have chosen to integrate well-established, open source, standards-compliant products in a way that is truly seamless.
- Pricing Transparency: Finally, we are introducing transparent pricing to the Git and Subversion hosting industry. One Plan, One Price: $6/month (plus $1 for every gigabyte of storage above 2GB). Every feature, every security consideration, every positive support experience is yours.
Are you a solo freelancer with a few active projects over the past year? One Plan, One Price means $6/month. Are you a small web design firm with 15 people and hundreds of projects for which you are responsible? One Plan, One Price means $6/month.
We like to think of ourselves as your own personal team of renegades, bucking mediocrity to bring you the absolute best software project management hosting. Take advantage of our 30 day free trial and you too will wish we had launched Repository Hosting three years ago.
Yours Truly,
The Renegades
of Repository Hosting