22 stories

Don’t move to Git

1 Share

Update: TL;DR: If you don’t like speed, being productive and more reliable coding practices then you shouldn’t use Git. (Please take the material below in good spirit, imagine the main voice is a grumpy friend stuck using SVN; no offense meant!)

So, you’ve heard all your hipster friends raving about git. They say it’s the latest and greatest, and you simplymusttry it. What’s the real story here? I’ll tell you.

Speed is overrated

You’ve heard that git changes the way you work; most operations are local and blazing fast, blah blah blah.

Do you really need all this speed, though? How long can it take to carry out ansvn updatein the morning? Five minutes? 10 minutes? Are those minutes really that big of an issue? Switching branches in subversion might take a few minutes, too. But really, if you have more than two branches, you’re doing it wrong.

And please don’t tell me that those few extra seconds you have to wait after each commit or update add up to anything more than just a tiny inconvenience. Get over it.

Who needs local branches?

Cheap local branching –githas them. But why would you needlocalbranches? You’ve been committing to a remotetrunkfor years and everything has been great. Yes, your team meshed everything together: fixes, new features, proof of concepts. All in thetrunk. Sure, sometimes you have to keep uncommitted changes on your machine for days. But if it works, why fix what’s not broken?

“And no, it wasn’t me that broke the billing system. I just fixed a typo in the About page!”How could you possibly know that there is where the main USD/EUR conversion was happening? You work with such amateurs!

The old workflow has worked until now

Workflow innovation? Efficiency? Pssh, nonsense. Processes have finally been grokked. You have your procedures and they just work. They are documented. You might lose your ISO certification if you make radical adjustments to the way your team works.

Trust me – I had to sit in five architectural board meetings to decide whether to switch from Notepad to Word. Word won by one vote.

Centralized is safer

Do you reallyneeda decentralized version control system? Of course not! You have an IT department for a reason – to separate concerns and lower costs.

Let your DevOps people make sure the central repository is backed up. Why would you need the whole history of the project locally? Are you really going to check who did the first commit on the project?

Merges should be avoided anyway

gitis good with merges.gitis good at branches.gitis good at everything. Aren’t you tired of hearing the same thing over and over again?

Let’s be honest: You shouldn’t be merging because you should not have more than one or two branches anyway. A singletrunkin most projects will do! But let’s say you really need branches, maybe a release branch for some very important upcoming release.

Isn’t it easier to have a person – or even better, a team – dedicated to merge code and resolve conflicts? Somebody familiar with the process? They can look at diffs and email the relevant persons in the company on how to resolve them. Again, if it ain’t broken, why are you trying to fix it? Yeah, if your “merge” team is busy, a release might need to be delayed. But that’s normal. All software teams have delays, right?

Don’t let all your developers buy into this craze where you create a feature branch for each tiny bit of work. That creates fear, uncertainty and doubt. FUD. Enough said.

You don’t have time to train your developers

Developers should be cranking code out. You have deadlines and releases to worry about. How can you spare the time to adopt yet another technology that needs planning and resources? Who cares about the benefits? It’s just not worth it.

I was also against moving away fromCVS. Just saying.


  • For the few that arrived this far without raging:Yes, this is satire.Your spidey sense wasn’t misfiring.
  • For those who did not read to the end and now are mad at me, it’s ok. I knew it would happen.

I’ll end the masquerade:I am agitevangelist!gitis awesome and you should adopt it as fast as you can.

If you want to know more aboutgit, check out our awesomeGit tutorials. And if you are looking for a git repository management tool let me advise you to considerBitbucketin the cloud orStashfor behind the firewall.

The post Don’t move to Git appeared first on Atlassian Blogs.

Read the whole story
1218 days ago
Share this story

Become a leader on the Bitbucket team

1 Share

Bitbucket team

Bitbucket is growing in leaps and bounds; we passed our one million user mark back in June! Expanding the service means expanding the team, so we’re hiring for a number of SF-based leadership positions:

  • R&D Team Lead – Run the team that drives the architectural evolution of Bitbucket.
  • DevOps Team Lead – Lead a team to scale the Bitbucket infrastructure.
  • Design Lead – Have your designs consumed by millions of users.
  • Product Manager –  Define and manage features for dev teams building the next great thing.

About Atlassian

Bitbucket is a part of Atlassian, one of the “Best Small & Medium Companies to Work for in America.” Our products reach over 25,000 enterprise customers globally, including Pixar, Twitter, Netflix, NASA, and Facebook.

With offices in Sydney, San Francisco, and Amsterdam, we’re growing fast, and we’re building a different kind of software company: one that listens to customers, values innovation, and solves customer problems with brilliant simplicity. You’ll have a direct impact on millions of users as soon as you start! Find out more about life at Atlassian.

Sound good?

Show us your résumé, CV, blog, Bitbucket or GitHub profile, open-source contributions, or stuff you’ve built. To find out more, drop us a line at llocke at atlassian dot com. We want to see your amazing work!

Read the whole story
1263 days ago
Share this story

Give Lavabit Money

2 Comments and 5 Shares

Ladar Levison is raising money for legal defense after shutting down Lavabit, the encrypted email service he's been running for ten years.

Levison's problem is that he's barred from talking about what the government told him to do. But from circumstantial evidence, it appears he was being forced to installing monitoring equipment on his servers.

Levison has already taken a big risk by shutting the service down. Not only has he shuttered a project, but he risks prosecution for implicitly revealing the request for surveillance. And he's in the impossible position of trying to mount a legal defense without being allowed to talk about the case.

If you have been at all bothered by the scope of government surveillance on the Internet, please donate to Levison's fund. Even if you can only give a couple of dollars, it's important that we show up in large numbers, not just to support Lavabit, but to send a signal to the next small company that finds itself debating whether to fight a gag order, or publish a national security letter. They need to know we'll have their back.

Even if Lavabit fails in its appeal, the process will create a paper trail that may prove useful to future efforts at reform. We have to pick at every chink in the armor of secrecy.

If we don't support Lavabit, we'll send a signal of a different kind. A wealthy industry, one capable of throwing millions of dollars at the most nebulous of business ideas, will not put its money where its mouth is when it comes to defending the personal liberties it so vociferously advocates on message boards and in blog posts.

For my part, I'm pledging the next five days of Pinboard receipts to the Lavabit legal defense fund. If you've thought of joining Pinboard, or upgrading your account, you can do so now with the knowledge that all the money will go to Lavabit.

Please join me in donating whatever you can afford. Levison is currently $19,000 of the way to a $40,000 goal, but his costs will mount rapidly if the case makes it to higher appellate courts. If you're not comfortable with the rally.org site, there's a direct PayPal link you can use to donate.

Read the whole story
1271 days ago
Share this story
2 public comments
1274 days ago
"If we don't support Lavabit, we'll send a signal of a different kind. A wealthy industry, one capable of throwing millions of dollars at the most nebulous of business ideas, will not put its money where its mouth is when it comes to defending the personal liberties it so vociferously advocates on message boards and in blog posts."
1274 days ago
Why is it that on a day when we want to support "the government," we have to remind ourselves that sometimes "the government" does really dumb, bad things? #shutdown

New congressional vote Triggers in The New York Times Channel

1 Comment and 2 Shares

Keep tabs on the U.S. Senate and U.S. House of Representatives with two new congressional vote Triggers, now part of The New York Times Channel.

IFTTT Recipe: Follow the how the U.S. House of Representatives is voting from your inbox

IFTTT Recipe: Track every time the U.S. Senate votes via Google Calendar

IFTTT Recipe: Keep a history of U.S. Senate votes as they happen

IFTTT Recipe: Notify me when Congress gets back to work!

Read the whole story
1271 days ago
Share this story
1 public comment
1273 days ago
вовремя :)

Git Internals PDF Open Sourced


Over 5 years ago, shortly after GitHub initially launched, Chris pointed out on one of our earliest blog posts this Peepcode PDF on Git internals that I had just written:

peepcode-git pdf page 1 of 121

Well, today Pluralsight has agreed to open source the book under Creative Commons Attribution-ShareAlike license and the source is on GitHub. You can now download and read this book for free. Get it on its GitHub releases page and maybe learn a bit about how Git works under the covers.

Read the whole story
1283 days ago
Share this story

FC5: Manage Those Passwords!

1 Share

Inventing good passwords is hard and so is remembering them, that’s part of the problem. So, how about we get computers to do the tedious stuff for us? Turns out you can, using something called a “Password manager”. Are these things going to end the Federation Conversation? [This piece is part of that conversation.]


If you already use a password manager and know the basics, you can hop down to the Thought experiment section.

First: To those of you who have a lot of passwords and aren’t using a password manager, I’d say: Start now.

Second: If you’re wondering which to use, David Strom’s Best tools for protecting passwords is pretty good, even though it’s enterprise-focused and spends time on management options that I don’t care about.

Third: Here’s what it looks like; a screenshot of me logging into the excellent Tripit travel organizer with the help of 1Password.

Tripit login with 1Password

There’s a Chrome extension, so I click on the key, I type my master password, and 1Password is smart enough to notice that I’m at tripit.com and preselect that account, so I can click on that and my username and password are filled in just like that.

1Password sets a timer, so that if I go back for another login within a few minutes, I don’t have to re-type the master password. But the timer’s pretty damn short, so I end up typing it a lot.

On mobile, the picture is less pretty. When I log into my bank on my Android, I have to leave the bank app, get the 1Password app running, laboriously type in my master password, find the entry for the bank, hit the “copy” button, switch back to the bank app, and hit the “paste” button. I’m assuming this will get better.

By the way, I should mention that the password managers nearly all can be used to store other important secrets like account numbers for banks and insurance companies.

How it works

Your passwords have to be stored somewhere. And the managers take a lot of different approaches. For example, 1Password encrypts ’em all using your master password, and stores that on your DropBox. But there are lots of different approaches, and this matters, so I think providing a summary would be a mistake. Before you adopt a password manager, go and find out exactly how it’s going to manage them.

Thought experiment

Suppose everyone used a password manager. At the moment, a lot of non-geeks just won’t because the user experience isn’t good enough. But suppose we fixed that, made it totally slickI saw a demo of a YubiKey making it a lot less painful on an Android device, so I think things will get better.

In that world, do we need Federated sign-in?

I totally approve of password managers; but I’m still not sure they’re the One True Path to reducing sign-in pain. The rest of this piece will mostly cover password-manager downsides, but once again: That doesn’t mean that I don’t think you should use one. You should.

The post-password era

To get money out of the bank, you need a piece of plastic and four digits. That’s because security pros have long since decided that the something-you-know/something-you-have combo generally trumps passwords in terms of user experience and security. So I suspect that a higher and higher proportion of the times you authenticate, you’re going to use something other than a password; check out the work of the FIDO Alliance. Which means that password managers solve a smaller and smaller piece of the puzzle.

Password paranoia

Now we all know that the spooks (both your own country’s and your country’s enemies’) are watching whatever they can and (more worrying) leaning on tech companies to install back doors, duplicate keys, and otherwise compromise your security.

This is one of the reasons why people worry about Federated sign-in with an IDP: “The spooks might be watching!” And yeah, they might; although the big Internet companies say repeatedly that they only respond to specific warrants.

But then, most password managers are closed-source commercial offerings, and you know what? The spooks can come after them, too. I’d say more but I don’t need to because the 1Password people wrote it up in totally clear no-bullshit language, in On the NSA, PRISM, and what it means for your 1Password data and a follow-up on Quora: “Is it reasonable to assume that developers of popular password management software (LastPass, ...) are/will be forced by law enforcement to install backdoors in their encryption algorithms?” Go read them.

Password expertise

Using a password manager supports you in choosing unique, high-quality passwords. But it doesn’t support the sites you’re signing into in doing a good job of authenticating you, watching for abusers and crooks and spooks, and protecting the passwords you send them.

If you care about that stuff (and you should), an IDP with a big team of dedicated security paranoids doing authentication starts to look better and better.


A password manager reduces the probability that any one of your accounts will be hacked. And if one is, it reduces the probability that the they information they get can be re-used elsewhere. Both of these are good things!

So yeah, go get a password manager and start using it. Bear in mind that even if Federated Identity becomes ubiquitous, you’re probably going to still have two or three different IDP passwords to remember, so let the manager take care of them.

But I don’t think this is a complete alternative to Federated sign-in, not even close.

Read the whole story
1290 days ago
Share this story
Next Page of Stories