The Case for Strip-ing

2009-07-14 20:00:00 -0400


When people ask us if we have any iPhone apps in the iTunes App Store1 and we tell them, “yes,” they invariably get excited. Their expectations of some cool, new, game-changing technology seem to dampen when we tell them about Strip (unless they are cryptography enthusiasts). However, we often hear back from many of these same folks a few months later, telling us that they use Strip all the time, and can’t live without it.

Homer Oh NoOur friends and colleagues are starting to get worried about the bazillion sites on which they’ve set the same password. Maybe I’m preaching to the choir here, but we all do it from time to time. There’s just too many to track: car insurance websites, bank accounts, social networks,newspaper site, some online community where you registered to leave comments, some new online tool you want to try out, a thing here, a thing there. You probably sign up for something new on the Inter-tubes at least once a day.

As far as settings passwords go, you really have two options:

  1. Set something different for each one and actually remember them all (good luck with that).
  2. Use some clever ‘p4ssw0rd123’ or variant for all of them (e.g. p4assw0rd-facebook).

Choosing option 1 is the most secure, and the most difficult. Option 2 leaves you exposed to massive risk – one good guess, a password cracker, or a break-in on a site that didn’t hash your non-unique password could allow an attacker to get into your online bank account. Many sites e-mail your password back to you – then your ‘p4ssw0rd123’ has gone through quite a few tubes and machines in clear text by the time it arrives in your inbox. Which is also on someone else’s computers, isn’t it?

The basic work-flow of Strip was designed to fix this very problem, and it seems to get people hooked. Say you want to sign up for some new web service to try it out, but you don’t want to use that bank account or email account password. You hit the sign-up screen, you get to the password field and you fire up your iPhone (or Palm, for the Old School-ers), open up Strip, create a new entry, and generate a random password. Save it in Strip, set it on the site, and you’re done. Sure, it introduces an extra step, but now your brain isn’t filling up with garbage and you’ve drastically reduced the risk to your online information and identity.

Strip Generate Palm Strip Generate iPhone

Obviously, Strip itself could be a point of potential failure. If you left your iPhone (or Treo) in a taxi like many of our customers have done, you wouldn’t want the cabby or the next occupant to have access to private networks and mail servers. To mitigate this we use high-grade, peer-reviewed open source cryptography to make it very unlikely that anyone will ever unlock your copy of Strip before the heat death of the universe (so long as you set a strong password!) At this point we’ve got 12 years of experience under our belt, and the code is out there for anyone to see, improve, and criticize. We will continue to update Strip’s encryption engine, SQLCipher, to stay on top of the latest encryption updates, protocols, and techniques. We’ve even strengthened SQLCipher since we launched Strip in the App Store. Don’t take our word for it, have a look yourself.

1 Overheard snark last week at FutureRuby: “They managed to build an App Store without actually building an App Store.”


Tempo Maintenance Tonight

2009-07-06 20:00:00 -0400


Starting at 11pm EDT tonight, Tues July 7th, Tempo may be briefly unavailable while we update the application. We’re moving the beta to production!


Prowl

2009-07-06 20:00:00 -0400


I have somewhat consistently maintained that the Apple Push Notification Service for iPhone developers is a really bad kludge. I still stand by that! It’s a poor stand-in for the local system scheduler that’s already on the device.

That said, there’s a proper tool for every job, and APNS is absolutely perfect for Prowl:

Prowl is a Growl client for the iPhone. Notifications from your Mac can be sent to your iPhone over push, with a full range of customization and grace you expect…. As soon as a Growl notification pops up on your Mac, Prowl will forward it to your iPhone or iPod Touch over the push notification service found in iPhone OS 3.0. Which notifications are pushed is configurable, allowing only the important messages to be delivered.

The possibilities there are really huge. Not to mention that it’s a geek’s dream, and perfect for sysadmins. Now you never need to miss those sweet nothings your desktop whispers in your ear when you’re out and about tolerating the company of other fleshy ones. Imagine:

Push

  • unix box: OMG disk is full!
  • mail server: OMG OMG OMG I/O SPIKE!

All kidding aside, this is a nice bridge to between web/internet services on a dedicated connection and mobile devices, and it in no way involves text messages. Anything that cuts into the bottom line of the Text Message Tax Collectors makes me smile.

Another recent innovation with APNS is the arrival of the first middleman, Urban Airship, which handles the details of maintaining state with APNS so you don’t have to construct the infrastructure yourself.

Image snagged from the Prowl website.


Deep Thought

2009-07-01 20:00:00 -0400


The Well was the first social network.

Although, I’m just being a contrarian to the social network hypers. The good old BBS probably pre-dates the Well, anyway.


Tempo's New Look: An Introduction

2009-06-30 20:00:00 -0400


In preparation for taking Tempo’s new design out of beta and moving it to production, we’ve put together this overview of what has changed.

Will I still be able to use the old interface?

No, this is it! We’ve spent quite a lot time and hard work responding to your feedback and incorporating it into the new design. We know it’s not going to make everyone happy, but we’re pretty certain that after you use it for a little while, you won’t miss the old skin.

We are planning to make the move as early as next week, so if you still haven’t taken a look at the new version, if you still haven’t told us about that one thing that’s missing that you really need, now’s the time to try it out and get in touch!

The Layout

Time Fullscreen S

The basic layout consists of a left-side navigation bar, a footer (unseen in the image above) and desktop-window-like modules in the main content area. What you are looking at above is the Time screen, which is new to Tempo. Well, sorta.

In the initial version of Tempo, there was one screen that did just about everything – entering new time, reporting, viewing, exporting, etc. This became more and more cumbersome as we added features. For starters, you had to modify the current report view just to see your own time! In the second major revision of Tempo, we tried splitting a ‘My Time’ screen off of the main reporting screen, but it was poorly received. Our design skills just weren’t up to snuff, so we reverted.

In the new design, however, I think we’ve really nailed it, thanks to nGen Works. The Time screen gives you stats pertaining to your recent performance and a full listing of all your time (reflected in the API, as well).

Time Stats S

It also allows you to easily switch between full-form entry of time, with all the various options laid out for you, and the simple command-line entry that we prefer here at Zetetic:

Entry Form Full S

In the image above you can see the new tagging setup we blogged about recently, which includes support for Suggested Tags on a project! Here’s the command-line entry form, on the same Time screen:

Time Entry S

One other big change here is in the table showing entered time. Have you ever found yourself looking at a data set, and thinking, “Hmm, what else is on this project?” Or, “I’d like to see all entries this goofball has tagged with ‘foo’.” Now, it’s as simple as clicking on the labels on an entry to dial up a new report on the Reports screen, fitting that criteria!

But, I’m getting ahead of myself. Before we discuss reports, let’s take a look at another one of the major design changes:

Sidebar S

The Sidebar

One of the biggest changes is the introduction of a sidebar for navigating the application. There were a couple of things we wanted to emphasize here, aside from providing quick and easy access to the main areas of interest on the site.

The Add Time link produces a modal dialog (sample) allowing you to enter new time from anywhere in the application, even the Project or Account screens. Your Reports links out to a full listing of each of your saved reports, with creation dates and details, and the report links below it provide you quick and easy access to those reports you need to run at the end of each billing cycle.

Reports

The Reports screen is what used to be the one-stop-shop for all reporting functions in Tempo. This is probably the interface that changed most dramatically:

Fullscreen Reports S

Still at your fingertips alongside Tempo’s powerful reporting are the charts, exports, invoicing, locking, batch-tagging, and saved reports features. There’s something about these various features that always threw new users, and hopefully this new design makes it clearer: they all pertain to the current report! E.g. If I dial in all time billed to Spacely Sprockets for the current quarter and then click on Export or Invoice, I’ll be exporting or invoicing all the time billed to Spacely Sprockets for the current quarter!

For those of you who are used to Tempo, these functions haven’t changed much, beyond their skin:

Blinksale Invoice S

Exports Tagging S

Projects

We needed to give the Projects screen some love to bring it into the fold of the new design, and also to pave the way for new features. The project listing itself isn’t new, but hopefully breaking out the team management helps to make things a little bit more obvious for new users:

Projects View S

Team Projects S

Coming soon: individual project dashboards! Each project will have its own page where we can provide project-specific tracking and statistics.

Account

Finally, the account screen got a facelift. This is where all manner of things are handled, from billing to user profile to account preferences, it was all here and it was getting to be a long mess! This time around we’ve sectioned things off to make it way easier to work with.

Full Account S

That about wraps up the major changes in this round of hacking. It’s mostly design-centric, aside from some non-insignificant API changes you should be aware of, if you have your own software that interacts with Tempo’s API. We’re not done yet, there’s still more tweaking to do, more fixes to implement that have been sent in by our always-helpful customers! There’s still time to comment on the changes and make your voice heard, please get in touch right away if you haven’t already; we’re looking to push this out next week, barring any show-stoppers.