I have a number of Windows servers at work that are used for staging web sites for clients while they are being created.
I wanted to start using versioning on them so that when we work with outside vendors on a project, if/when they overwrite my work, I'd like to be able to go back and get the version before.
My question is that I think I'm not looking for the correct terms in searching for information, but what kind of resources are there to learn how to install the software for versioning or a site to help me get started.
Any and all suggestions would be appreciated.
Steph
Since your development workflow can be decentralized (as in "there isn't always one central repository), DVCS tools, with their common tasks described here) can be more adapted.
Git-Scm
Mercurial (see HgInit.com for a very good tutorial like the kind you are after)
Plastic SCM (which has a DVCS nature)
Related
I work in a corporate development environment that is fairly risk-averse where management is often afraid of change. I've prototyped out how a Jenkins solution for our development team might work, and highlighted some success stories where the pilot implementation has helped, but the time has now come to get it approved to a wider audience and in a more permanent way, and some security concerns have been raised.
Primarily, the concerns so far have focused on the fact that the tool is open-sourced and the plugins are open-sourced and made by community contributors, so management is concerned that somebody could insert malicious code that would go unnoticed by us when we update. My opinion is that if so many other places can make Jenkins work, we probably can too, but that is not necessarily a very compelling argument to our security testing team.
My question is, can anybody tell me how they have secured their own Jenkins implementations, or how what specific Jenkins capabilities (sandboxing, etc) are in place to prevent malicious code from being executed on our systems?
Using 3rd party components either in your software or your infrastructure will always have risks. One very important thing to note is that open source is not less secure than closed source. While probably anybody might contribute code to an open source project, in most cases there is review before it actually makes its way into the project. Of course, a vulnerability may slip through, but how is that different from a software company with lots of developers? A vulnerability may slip through there too, and based on the experience of many of us, it quite often does. :) And in case of closed source, you don't even have the power of a diverse community to spot such security flaws, the best you can rely on are 3rd party penetration tests or code scans, both of which miss many issues.
In case of such a well established project like Jenkins, you can be pretty sure that there is lots of scrutiny on its security, probably more so than any closed source commercial tool you may currently have.
As with any 3rd party component, you should exercise due diligence though. Have a look at online vulnerability databases like NVD regularly to find security issues. Install updates as they come out to mitigate the risk. You should do these for closed source components too.
As for how to secure a Jenkins installation, an answer here is not the right format I think, but there is a whole set of pages on their website dedicated to the topic.
Having said all this and looking at past vulnerabilities in Jenkins, there are quite a few. It's up to you (and your security department) to assess how exactly you would want to deploy Jenkins, and whether those past vulnerabilities are serious enough for you to think the whole tool is not adequate for your environment considering the way you want to deploy it. Again, it's the same process you would follow with a closed source tool too.
At the moment support requests / bug reports made by customers are coming in by mail. It is getting harder to organize priorities and stay at the helm of all this. So I am looking for bugtracking(?) tools. Not all reports are bugs of course, sometimes it's just feature request or support requests.
So my question is: whicht open source bugtracker / support request handling tool do you recommend? I know Mantis which seems to be my front runner for a more elaborate evaluation, but I already worked with it (as a reporter / contributor) and found the GUI a little cumbersome. Another issue is that I thought about using the tool for multiple website projects of different customers.
Intuitively I would prefer to run only one instance of the tool for all projects to have a better overview of all critical issues (independently of the project). Of course customer A should not be able to see customer Bs request (but every customer can have multiple reporting accounts) Is Mantis able to handle that? Can you recommend any other alternatives?
P.S.: I heard about Jira, but I will try to find a free tool for my first try.
It's possible to use email with Mantis, so that you can get incoming email (directly or by forwarding) to Mantis.
Then you can have a workflow in Mantis, f.ex. have an incoming project and customer projects, and you can send email with bcc Mantis and subject containing issue number (I use [1234] as a pattern).
I haven't used other issue trackers as much, but my experience with a customized Mantis is good regarding different kinds of issues and using with email.
Since you're turned to Open source, I'd say install a project management platform like Launchpad, redmine... etc and then create a project for each of your clients (of course you can have multiple accounts for only one client). The bug tracker in these platforms can serve as a support request service.
I'd go for Launchpad because it also has the Q/A feature and blueprints, and is also nice looking and very very user-friendly. And also damn easy to install on a Ubuntu Server.
Kind regards
Are there any tools that go beyond requiring deep and intimate knowledge of every configuration option and nuance and will just setup an application with a minimum of inputs. Something like a wizard that produces the XML configuration based on those simple inputs. I don't care about security I just need the service to work. Ideally the tool would be able to setup IIS6 as well or at least with a given set of options it would produce a list of steps I needed to complete in IIS.
The Microsoft Service Configuration Editor is no better than direct editing of the XMl. I did find a web site that has the right idea but it wasn't able to solve my simple installation. (http://www.noemax.com/support/wcf_binding_configuration_wizard.html).
Is there anything out there that puts some convention into play over this mountain of configuration?
WCF configuration can look very daunting at first, indeed! I like that configuration wizard you linked to - why wasn't it good enough for you?
I don't know of any tool right now, that would solve your problem and help you figure out the proper configuration - it really boils down to learning the ropes and getting to know the ins and outs of it, I'm afraid.
Basically, what I've learned is : don't even start to imagine all the things you could do - try to focus on what you should do (and what you need).
Really, it boils down to about five scenarios as outlined in the excellent book "Programming WCF" by Juval Lowy:
intranet apps (use the NetTcp binding, Windows security)
internet apps (use the wsHttp binding if ever possible, username/pwd or certificates for security)
business-to-business apps (use whatever binding makes sense, secure by certificates)
queue message delivery (MSMQ)
no-security apps (legacy ASMX support, interop with "dumb" webservice clients)
Basically, pick the one you need, and from there, you're pretty much set as to what to do and how to do it. I would definitely recommend checking out Juval's book - excellent excellent resource!
So the question is: which category does your app fit in? Based on that, you can pretty much determine all that's needed from there.
Also, I watched two screencasts that really helped me get over the heaps of configuration options in WCF, and focus on what's really important:
Extreme WCF with Miguel Castro
Demystifying WCF with Keith Elder
Both gave me a good feel for what configuration is really needed - and what is just fluff.
Hope that helps some!
Marc
In my organisation, we have some very inefficient processes around managing requirements, tracking what was actually delivered on what versions, etc, do subsequent releases break previous functionality, etc - its currently all managed manually. The requirements are spread over several documents and issue trackers, and the implementation details is in code in subversion, Jira, TestLink. I'm trying to put together a system that consolidates the requirements info, so that it is sourced from a single, authoritative source, is accessible via standard interfaces - web services, browsers, etc, and can be automatically validated against. The actual domain knowledge is not that complicated but is highly proprietary and non-standard (i.e., not just customers with addresses, emails, etc), and is relational: customers have certain functionalities, features switched on/off, specific datasources hooked up - all on specific versions. So modelling this should be straightforward.
Can anyone advise the best approach for this - I a certain that I can develop a system from scratch that matches exactly the requirements, in say ruby on rails, grails, or some RAD framework. But I'm having difficulty getting management buy-in, they would feel safer with an off the shelf solution.
Can anyone recommend such a system? Or am I better off building it from scratch, as I feel I am? I'm afraid a bought system would take just as long to deploy, and would not meet our requirements.
Thanks for any advice.
I believe that you are describing two different problems. The first is getting everyone to standardize and the second is selecting a good tool for requirements management. I wouldn't worry so much about the tool as I would the process and the people. Having the best tool in the world won't help if your various project managers don't want to share.
So, my suggestion is to start simple. Grab Redmine or Trac and take on the challenge of getting everyone to standardize. Once you have everyone in the right mindset then you can improve the tools you use for storage.
{disclaimer - mentioning my employer's product}
The brief experiments I made with a commercial tool RequisitePro seemed pretty good me. Allowed one to annotate existing Word docs and create a real-time linked database of the identified requisistes then perform lots of analysis and tracking of them.
Sometimes when I see a commercial product I think "Oh, well nice glossy bits but the fundamentals I could knock up in Perl in a weekend." That's not the case with this stuff. I would certainly look at commercial products in this space and exeperiment with a couple (ReqPro has a free trial, I guess the competition will too) before spending time on my own development.
Thanks a mill for the reply. I will take a look at RequisitePro, at least I'll be following the "Nobody ever got fired for buying IBM" strategy ;) youre right, and I kinda knew it, in these situations, buy is better. It is tempting when I can visualise throwing it together quickly, but theres other tradeoffs and risks with that approach.
Thanks,
Justin
While Requisite Pro enforces a standard and that can certainly help you in your task, I'd certainly second Mark on trying to standardize the input by agreement with personnel and using a more flexible tool like Trac, Redmine (which both have incredibly fast deploy and setup times, especially if you host them from a VM) or even a custom one if you can get the management to endorse your project.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I have a team of developers distributed Globally over different time zones.
what are the best tools to achieve maximum productivity in such a team?
I am looking for:
Source Control
Bug Tracking
Build Management
Any other thing that may help
Thanks
For the first two:
Distributed source control, like git
A good issue tracking tool, like Jira
This question is underspecified. Many packages exist for each category that you list, all designed to support collaboration across people distributed globally over different time zones.
So I can make a recommendation, based on open-source tools that have worked for me in the past. You may have specific needs that require more specific solutions, but you didn't mention them. Also, for productivity, it is useful if people can continue to use tools they are familiar with, and you didn't explain what tools your people already know.
In any case, here is my recommendation:
use Subversion for source control
use Roundup as the bug tracker
use make for the build management, use Buildbot for automated, distributed builds
use mailing lists, based on Mailman
For .NET environment:
SVN server: VisualSVN server (free)
SVN client: AnkhSVN 2.0 (open-source)
Continuous Integration: CruiseControl.Net (open-source)
Bug tracker: BugTracker.NET (open-source). But if you can, i would recommend Trac.
I am very satisfied with Assembla - they host SVN server and Trac for your projects for very reasonable prices (or for free if the oproject is public).
Consider Fogbugz for bug tracking. It's helpful.
As source control: why not a distributed system, like git (if you are not using Windows), Mercurial or Bazaar?
For bug tracking, I would go on Trac - it has also an integrated Wiki, that is always useful for project documentation.
As for build management, you could go on cruise control, or ant - I am not really expert on this side.
However, there is something you should really take into consideration: the main issue for distributed teams is not the toolset, is communication.
This is even more important in an "agile" setup, as suggested by your tag.
The best mitigation I have ever seen for this issue is videoconferencing. It is very effective for enhancing communication bandwidth in distributed teams, and with GTalk and Skype is now really inexpensive.
When you say "open source" do you just mean free software, or do you mean "I need/prefer to be able to see the source"?
Note that your decision will be influenced by the nature of your project. There are many free development/project hosting sites that require that your project must be an open source project and free/open to the public.
You may also choose to go with a particular hosting platform based on the language you are using to develop the project. For example, CodePlex (http://www.codeplex.com/) is a site that hosts open source .Net based projects, and Java.Net (http://community.java.net/projects/) hosts Java projects.
The other answers given to your question are solid, here is what I currently use or have used in the past:
A great continuous build tool JetBrains TeamCity. (http://www.jetbrains.com/teamcity/) The tool has out of the box support for many build tools as well as for building Visual Studio solutions out of the box. It is free for teams of 20 or less developers. It also has loads of functionality out of the box, and can be up and running for you in minutes - a remarkably low learning curve without cutting back on features.
A useful SVN repository which is free for two developers, and will save you the time of setting up and administering your own SVN repository is Unfuddle. (http://www.unfuddle.com) Unfuddle also has extra paid-for features and basic task tracking.
Another paid source repository is ProjectLocker (http://www.projectlocker.com) which has low priced SVN repositories and Trac integration for task management.
A useful task tracking tool is Remember The Milk (http://www.rememberthemilk.com) - it does not work on "tickets" like Trac, it is not only for tracking projects, but it does allow you to email each other tasks, and to have shared task lists. I also point them out because the product itself is developed by a distributed development team and you might want to try mail them for advice. :-)
All the best to your team!
A wiki is a must.
It helps as an asynchronous communication media between ans inside the teams. People can share their tips (eg how do I compile this, how to activate traces ... ). It can be used to gather design decisions or changes...
People can ask questions to the whole team without clobbering other mailboxes.
It can also be used to grow the documentation.
There is a gazillion of wiki's, pick one depending on what you plan to do with it.
I think you'll need a few more things to help out with this project than what you've asked.
First, I'll give my recommendations for your list:
Source control: git or svn, if yu use either of these, you'll need a way to let your developers know who checked in what and when, Trac is good for this for svn
Bug tracking: Trac (not Bugzilla), Mantis, FogBuz
Build Management: CruiseControl is great for continuous integration; if you need build scripts try Ant or Maven
Other things you will probably need:
Collaboration tool: Trac has a wiki or pick a wiki of your choice
Chat tools: Even though they are across timezones, instant communication will be needed. IRC, Jabber, Skype, which is great for video or audio calls over the internet.
Project management: you'll need a way to setup your releases (sprints if using Scrum) and your backlog. My favorite tool for this is Acunote: (http://www.acunote.com). There are some other out there but they are more expensive and you get all of the features that you probable don't need.
I hope this helps.
Yes I strongly believe that in distributed teams a tool is important. Communication is hard enough if you are not working locally together. A tool like e.g Agilo for Scrum that is based on trac offers you with a wiki, a planning board (online whiteboard) and supports you in this way to improve the communication with your colleagues.