Collecting Install Base Statistics

Posted on 2012/05/15 by Jay Fuerstenberg

A notice to users of my apps, starting with KEYBOX 2.2.1, Accent 1.0 for iPad and Accent 1.1 for Mac I am collecting install base statistics.

The Story

Recently I had difficulty reconciling the rankings of my Accent app in the Mac App Store and the sales results in iTunes Connect portal.
On its opening day Accent was ranked #1 in the Mac App Store’s Reference category in Japan, even beating out renown apps like Delicious Library 2 among a whole host of others.

Number 1 app in reference category
However, when I saw the sales numbers I was shocked. I expected to see hundreds of sales but I only got 2 in Japan. Yes, two. I let it slide for a day thinking the results would be reflected by the next day. No such deal.

I approached Apple support to ask which wasn’t working, their ranking algorithm or their sales tallying. I’ve had apps rank #1 in a different content aggregator before and know what to expect. Surely an app with only 2 sales could not have reached #1 placement I thought.

Following this thought, an app at #1, even if accidentally placed there, should see a flood of sales the next day because of its high placement. This flood never happened.

Apple gave me the below response that ensured their ranking algorithm was in working order but neglected to answer whether the sales count was correct.

App ranking support mail
Since this time I’ve come to understand a bit about how Apple ranks apps and have arrived at the unescapable conclusion that either their system is broken or the Reference category under which Accent was categorized is a near ghost town. It’s not in Apple’s best interest to tell me which is the case of course.

This isn’t the first time I’ve had issues with the slightly buggy iTunes Connect portal but every time I approach Apple about errors/discrepancies I go in not knowing anything. The whole portal is a black box to me and to every other developer.

I’ve decided to arm myself with information from now on! Introducing the statistics collector!

How Statistics Are Being Collected

This is how it works: My server is notified each time one of my apps is executed for the first time or when it is upgraded. Just to be absolutely clear, this notification contains ZERO private information. I don’t see anything that would identify you.
So what does get sent?

app name
app version
device type (iphone, ipad, mac)
os type (ios, osx)
os version
locale
first execution time
is upgrade? (Y or N)

That’s it! No UDID. No snooping around in your address book. No thumbing through your photos.

Here’s the web request showing me running KEYBOX 2.2.1 for the first time on my iPhone (fresh install):

GET xxxxxxxxxxxxxxxxxxx?app-name=keybox&app-ver=2.2.1&first-exe=20120514072247&dev=iphone&os=ios&os-ver=5.1.1&loc=ja_JP&upgrade=n HTTP/1.1

As you can see, there is nothing private or sensitive here.

What I Learn From These Statistics

This system isn’t perfect. It doesn’t accomplish my goal of knowing how many sales I made. It only tells me when my software is installed on a user’s Mac or iOS device. For instance, users who purchase KEYBOX on their iPhones are also entitled to install it free of additional charge on their iPads and iPod touches. In this case I’ll see 3 installs for one purchase. In fact I won’t even be able to tell if the same person is installing KEYBOX in all 3 devices.

However, if I see 1000 installs but only 5 sales then I know something is not right and can approach Apple with this information. After all, nobody has 200 iOS devices at home. This system is about seeing such wide discrepancies.

In Closing

I have updated the KEYBOX privacy guarantee to reflect the new behavior mentioned above.

I appreciate everybody’s understanding in this matter and I hope I’ve addressed any concerns you might have by this change.
If you have any questions please do no hesitate to contact me at jay [AT] this here domain.

Thank you in advance,
Jason Fuerstenberg

KEYBOX 2.2.1 Released

Posted on 2012/05/14 by Jay Fuerstenberg

KEYBOX 2.2.1 was released today!

It addresses two small bugs involving network connectivity and importing of unusually small backup files.

New KEYBOX Icon

It is recommended that all users upgrade at their earliest convenience.

Accent Now on iPad!

Posted on 2012/04/23 by Jay Fuerstenberg

A couple of weeks ago I announced the release of Accent, my Mac OS X app for quickly finding and copying accented characters and symbols. Yesterday/Today sees the release of it’s little brother, Accent for iPad.

Accent for iPad

Accent and Accent for iPad are for professional writers, bloggers and translators who deal with French, Portuguese and Spanish words and even loan words in English like Résumé and Piñata.

No longer do you need to search online for the character by entering terms like “e accent grave”. With Accent you’re in and out in 5 seconds flat. Literally!

To copy a character you simply tap it and press one of the copy buttons that appear in the popover. You can copy the character as is or its URL escape code if you need to guarantee that it’ll be viewable on a web page.

Despite being the easiest and fastest way to find and copy accented characters, Accent and Accent for iPad are a bargain at only 99¢!

Learn more…

Announcing Accent – A Beautifully Simple Way to Find Accented Characters on the Mac

Posted on 2012/04/10 by Jay Fuerstenberg

I’m proud to announce today the release of a small app that scratches a huge itch of mine, finding accented characters and symbols on the Mac.

Accent is the app that’s missing on OS X and offers a beautifully simple UI for copying accented characters and symbols into your documents and projects, and all without having to spend time searching for them online.

Accent screenshot

With Accent you simply hover your mouse over a character card and buttons appear for copying that character or its URL escape code (for web designers/developers). Click and you’re done! I said it was simple.

Accent costs 99¢ US and supports accented characters from French, Portuguese and Spanish as well as symbols for major currencies, copyrights/trademarks and mathematical markup.

Learn more about Accent…

KEYBOX 2.2 OUT

Posted on 2012/03/28 by Jay Fuerstenberg

KEYBOX 2.2 is now out at last!

This update improves importing speed and robustness and introduces a new face for KEYBOX, a more high-tech one that embodies the advanced techniques KEYBOX uses to keep secrets securely encrypted.

New KEYBOX Icon

I’ll be commenting more on the icon design later. For now I encourage all KEYBOX users to upgrade to the latest and greatest version!

Passphrases Don’t Work, Why We Need Cryptic Passwords

Posted on 2012/03/15 by Jay Fuerstenberg

That moment when a reputable article comes out reinforcing everything you said in an earlier blog post. Back in September I wrote that passphrases are no more secure than regular passwords. I even dived into why that is and tried to tear apart the XKCD comic arguments that were catching on in the internets.

Today ArsTechnica is featuring an article where scientists essentially make the same findings as I: http://arstechnica.com/business/news/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices.ars

The short version of this story… Avoid weak passphrases like “correct horse battery staple”, choose cryptic and hard to remember passwords, and store them in apps like KEYBOX.

KEYBOX 2.1 Available

Posted on 2012/03/14 by Jay Fuerstenberg

KEYBOX 2.1 has now been released worldwide.

This update improves readability of exported files in Windows text editors, eliminates default automatic storage of secrets DB on iCloud (iOS 5 default setting) amongst other small changes.

It is recommended that users upgrade at their earliest convenience.

LandMarked 1.0.1 Available

Posted on 2012/03/08 by Jay Fuerstenberg

Today LandMarked 1.0.1 was released.

This update fixes one small issue of duplicate images being attached to tweets and emails in certain conditions and it is recommended that users upgrade at their earliest convenience.

My Modest Rig

Posted on 2012/03/06 by Jay Fuerstenberg

Inspired by Chris Eidhof’s “I USE THIS” post, I decided to post about where the magic behind my apps happens.

My Environment:

Mac Mini (2011 model - 2.5GHz, 4GB of RAM, Radeon HD 6630 video card)
White MacBook (2007 model – I forget the specs but they’re not so impressive)
Wi-Fi (AirMac Extreme, not in picture)
USB SuperDrive
2 23″ monitors (1 DELL, 1 SAMSUNG)
iPhone 3GS 32GB, iPod touch 8GB, iPhone 4S 64GB (taking this photo)

My office My Flow:

Dual monitors is a god send for me. I spend most of my day in Xcode and its usually on the left monitor and whatever I’m making is on the right. Safari on the right when I’m looking something up. Also when using inkscape I can edit the XML in one monitor and see the visual changes in the other.

The only downside from having a dual monitor setup is my system’s video performance is a bit slower but I don’t use my Mac for gaming and video playback is sufficiently good. The productivity gains more than make up for it.

I used to have a Power Mac (Dual G5s) that performed great for 8 years but was a bit noisy in summer when all the fans would turn on (burning G5s!). This Mac mini is ninja-silent and fits directly under/between my monitors.

My Software:

XCode I spend most of my day in it. Aside from the app distribution song and dance I’m quitecomfortable in it. It doesn’t hurt that I’ve been using it since 2007.
GitBox * Great Git client by Oleg Andreev.
Safari + Chrome My preferred browsers.
Coda * I’m hardly an HTML expert but Coda is where I pretend to be one.
MarsEdit * Where all my WordPress posts, including this one, are written.
Acorn * + Inkscape Where most of my graphics are made. Acorn is a great raster image editor and Inkscape is forthe vector stuff. Inkscape is a capable SVG editor but very Linux-y and it shows.
TextWrangler My text editor of choice.
DropBox For moving files between machines.

* I try to support indie developers as much as possible. They go above and beyond and I want to reward them for it. The developers in question here are all stand up guys.

LandMarked – 5th Place In Israel’s App Store Navigation Category

Posted on 2012/03/02 by Jay Fuerstenberg

My latest iPhone app, LandMarked, has been steadily climbing the charts of many nations’ App Stores and today a first has happened for me. LandMarked made it to 5th place in Israel’s Navigation apps category (225th place worldwide)! This places it in the first 25 apps list and just on the fold of the App Store’s listing.

Not bad considering that I only release formal PRs to Apple related news sites and don’t engage in banner image advertising of any sort.

I want to thank all the iPhone and iPod touch owners in Israel for helping LandMarked climb so far this fast!

KEYBOX Experimental Sale

Posted on 2012/02/21 by Jay Fuerstenberg

Just a small post to say that I have decided to conduct an experimental sale to test volume pricing with KEYBOX.

Starting today, KEYBOX will be sold at $1.99 USD, down from $4.99! (A 60% mark down)

I’m not sure how long this sale will last or if it will be a permanent move. If the new volume pricing resonates with more customers then I’ll consider keeping it low. Naturally, if there is little change I’ll go back to experimenting with a higher price point.

KEYBOX has been a labor of love for me and I want to see it benefit as many people as it can. For those who have been on the fence about whether to buy KEYBOX or not… NOW IS YOUR CHANCE! KEYBOX will never be more affordable than this!

Introducing LandMarked

Posted on 2012/02/21 by Jay Fuerstenberg

Today my newest iPhone app, LandMarked was released worldwide on the App Store!

What is LandMarked?

Have you ever had trouble getting back to a place you were introduced to by a friend or you accidentally stumbled upon? I have, and I created LandMarked to solve this problem.

LandMarked lets you instantly and easily drop a point on any location, take a photo of it, write some notes, rate and categorize it. Even if you forget where it was, LandMarked won’t.

The rule for using LandMarked is simple: If it’s worth coming back to, it’s worth marking down. And if it’s a really great place you can even share it with friends too. LandMarked is not a social network, but it lets you tweet or mail any place you know people will love.

It’s that simple! So what are you waiting for? Get LandMarked today for your iPhone (it’s FREE!) and start making your mark!

Learn more about LandMarked…

iPad Trademark Kerfuffle – Is It Worth It?

Posted on 2012/02/16 by Jay Fuerstenberg

This week has seen much news about Apple’s trademark dispute with Proview, a Chinese company which purports to own the trademark to the word “IPAD” within China. Trademarked names, at least within western countries, tend to be regarded as case insensitive and are usually registered in ALL CAPS causing obvious overlap here.

The iPad is indeed a great product name but not as great as the product. Apple should know when to hold them and when to fold them and it has past experience in these matters.

Airmac Extreme

Remember the Airport trademark dispute? I-O Data, a Japanese computer parts maker owns the trademark for the word “Airport” in Japan. This forced Apple to rename their Wi-Fi base station the “AirMac”. And now it’s all water under the bridge.

The name is decent but the product is great. I use the AirMac Extreme and whole heartedly recommend it to anybody who wants a trouble-free Wi-Fi base station that doubles as a wireless printer and external hard disk hub.

Going forward, Apple should simply rename the iPad to something else like “iTab” or other within China to appease Proview and go back to selling a great product!

Path & Address Book Privacy

Posted on 2012/02/08 by Jay Fuerstenberg

Vic Gundotra has today shared via Google+ the below report that the Path iOS app has been found uploading each user’s entire address book to the Path servers without first notifying users or otherwise asking permission.

http://mclov.in/2012/02/08/path-uploads-your-entire-address-book-to-their-servers.html

How Path Works

Dave Morin, the CEO of Path was quick to comment on the report and explained this behavior citing the reason below…

“We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.”

Regardless of reason, this is in clear violation of at least rule 17.2 of Apple’s App Store Review Guidelines and possibly rule 17.1 depending on your definition of “user data”.

Matt Gemmell, directly beneath Dave Morin’s comment, offers a proactive solution to the issue in hashing the data prior to upload (it neatly skirts around Apple’s rules, protects the user’s privacy and still accomplishes the task at hand with zero server-side performance impact). Hashing transforms the private data into a stream of garbage data that is unique for each data entry. It allows Path to go on matching contacts without knowing who those contacts are.

Going Forward

What concerns me about all of this is that this solution is so trivial (anybody developer who understands one way hashing can do it) that Path should have implemented it right the first time (had they care enough to do so).

I want to give Dave Morin and his company the benefit of the doubt here but it’s a bit hard. I don’t think the security and privacy of Path’s users is a topic with which they are concerned. There are simply too many mistakes here to think otherwise. Everybody who follows my blog knows how I feel about privacy matters and usually I would advocate immediately removing the Path app until the issue is resolved but in this case it will do little good. The damage, as they say, is done. The best recourse is perhaps to report this issue to Apple instead.

Many companies violate user privacy, until they get caught, and they need to be taken to task lest this negligent behavior become even more widespread.

Path should consider itself lucky that a sole individual discovered this issue just by poking around and not by having every user’s private data their servers house leaked into the wrong hands as a result of having their servers hacked. It’s still a possibility until they rectify the issue.

Freedom.txt – Add It To Your Site

Posted on 2012/01/26 by Jay Fuerstenberg

Today I added a freedom.txt file to my website.

We Came This Close!

The fact that the SOPA bill made it as far as it did in the American political process is a travesty and warrants that Internet users everywhere finally draw a line in the sand. I make software and without a free and open Internet I most likely could not survive. I too understand the threat of large-scale piracy but I understand that SOPA is NOT the right way to thwart it and that this is more of a power grab under the guise of championing copyright protection.

What Can We Do?

There are many things we all can do (boycotting SOPA supporters being one of them) and perhaps the simplest of those is to install a freedom.txt file on our websites and blogs.

What Good Will It Do?

Putting this file on your servers lets web crawlers count us easily. It’s like a census tallying all the people who believe in Internet freedom. When news articles involving SOPA or related laws are published, they can cite such statistics which provide concrete numbers rather than just a less tangible “public opinion”.

This is far from over and the same hands are behind similar bills being pushed on other nations to ratify. This is now a war. If you believe in an open Internet I invite you to join in and take action today starting by adding freedom.txt to your own websites!

Google PageRank Flaw

Posted on 2012/01/25 by Jay Fuerstenberg

In the autumn of 2008 I interviewed for a front end design and development position at an internet shopping portal company in Tokyo.

It was an excruciating process to say the least. They first had me accomplish a set of assignments.

These included…

Implementing the Google PageRank algorithm as described in Larry Page and Sergey Brin’s paper The PageRank Citation Ranking: Bringing Order to the Web.
Writing an essay outlining my personal thoughts on PageRank
Writing a web spider that could crawl the internet both depth-first and breadth-first

I spent 3 weeks of my spare time getting it all just right and submitted my work for consideration. Reasonably impressed with my work, they invited me for what would become a 5 hour long interview.

Towards the end I was told by my interviewers that my PageRank algorithm was nearly perfect but my essay was puzzling. (only at this point did I learn that the employees of this company were what you could call Google Fanboys Extraordinaire)

I was asked to clarify my essay’s point that PageRank is flawed and the discussion went along these lines…

Me: PageRank does not properly model a given page’s authoritativeness.

Interviewer: And, how, could, that, be?

Me: A link, in and of itself, is not a vote for a page’s authoritativeness.

Interviewer: Uh…. of course it is! You read the PageRank paper we provided you right? Let’s see, it says here you implemented the algorithm nearly perfectly. This was your work right? Explain to me again why you have a problem with PageRank.

Me: A link is merely a reference to another page, nothing more, nothing less. It doesn’t capture enough information to call it a vote.

Interviewer: <Unconvinced, lets out a small chuckle>

Me: <Getting a bit impatient> Alright, let me put these questions to you then.

Me: Is a link from Mothers Against Drunk Driving with the intent to draw attention to an offensive site condoning drunk driving a vote for its authoritativeness? Is a link from a blogger who is against owning firearms to the NRA’s website a vote for its authoritativeness? Is a link from a religious site against abortions to an abortion clinic a vote for its authoritativeness?

Interviewers: <Exchanging looks with one another, waiting for somebody to cut this awkward silence>

Some of these reasons against links being votes were explained in my essay but I suppose were glanced over. I apparently destroyed the foundation upon which a few otherwise intelligent people had built their beliefs. Needless to say I didn’t get the job and that is for the better. I’m by no means a Google worshiper and most likely would not have fit in. I only wish I hadn’t wasted 3 weeks to find this out about them.

Solving The Flaw

The only positive outcome of this interview process is perhaps this blog post. If I can hold out PageRank’s flaw to people interested in a case study of how not to model software some good might come of it.

So to summarize: A link can be a vote but is not necessarily one. The world’s most popular search engine has been improperly modeled around this incorrect view of the problem.

It warrants pointing out that all of this may no longer be true as Google is famous for frequently tweaking their algorithms. But unless their current algorithm is smart enough to guess the linker’s intent, it still isn’t modeled right. To do it right (and cheaply) you need to have the linker tell you the intent of the link.

Authoritativeness is subjective and that makes solving this problem difficult but if I were tasked with at least improving upon this problem I might propose a new HTML attribute for the anchor tag which would declare that intent. Such an attribute would be taken into account by the search engines when judging the link. It might look like this…

<a href="http://www.jayfuerstenberg.com/blog" link-intent="authoritative" />

The lack of an intent would be taken to mean that the reason is unknown and should not count as a vote for that page’s authoritativeness. The only problem with this proposal is that web content developers would need a reasonable amount of time to get onboard with it.

But following the whims of search engine algorithms has never been a big issue for people interested in maintaining their pages’ SEO so it’s a rather small problem.

The True Definition Of Success

Posted on 2012/01/24 by Jay Fuerstenberg

Success is not a binary, it’s a range.

Success is not an occupation like doctor, lawyer, president or other.

Success is not an amount of money in a bank account nor all the possessions you might have.

Success is not about how many friends you have.

Success is not about impressing other people.

Success is not having never failed at anything.

Success is simple. (and it doesn’t come in a new-age 12 easy steps video)

It’s being able to wake up each morning, be honest with yourself, and have the freedom to spend that day in a way that’ll matter to you and make you happy.

Today I was a more successful person than I was yesterday. This is because I did less of the things that aren’t important to me and more of the things that are.

If you feel less successful than you should be after reading this that’s okay. It’s not a failure, it’s an opportunity for more success, that is if you want it to be.

How To Prevent Hacking Of Passwords With Random Passwords

Posted on 2012/01/08 by Jay Fuerstenberg

ThreatPost is carrying an article highlighting the weakness of common words as passwords. I won’t duplicate the article here but I just want to discuss some simple points regarding HOW NOT to do it and HOW to do it.

Some of the pathetic passwords (as in: please stop doing this, thanks!)

123456
11111111
123123

If you have any of these as your passwords please learn more about passwords and specifically how their security is completely contingent on their remaining a secret.

How to secure your passwords against hacking

DON’T USE COMMON WORDS, PERIOD! Hackers have dictionaries of these and only need to look up your hashed password against their dictionaries to find out your password. They can do this in a matter of minutes.
DON’T JUST APPEND A ’1′ OR ’123′ OR SOMETHING EQUALLY PREDICTABLE ONTO A COMMON WORD, THINKING IT MAKES IT UNCOMMON. You’re not a genius, thousands of people before you have used the EXACT same password thinking they too were clever. You are a hacker’s best source of entertainment.
DON’T REUSE THE SAME PASSWORD ACROSS 2 OR MORE SITES/SERVICES. If and when your password gets hacked the damage will spread far. If I hack your Gmail account password I’m going to assume you used this password for your Facebook account, your Flickr account etc…
NEVER, UNDER ANY CIRCUMSTANCES EMAIL YOUR PASSWORDS! Once emailed, they are no longer secure and potentially belong to everybody.
USE A RANDOM PASSWORD GENERATOR! Hackers thrive on patterns so stop giving them. A random password has little to no patterns (depending on the generator). Don’t just stare at your keyboard and make one up yourself, use an app like (shameless plug) KEYBOX to do it for you and help you remember them.

The take-aways from this article

You don’t need to be a highly experienced hacker or cryptanalyst to break hashed passwords. Just use an application like hashcat.
Even the advanced hash algorithms in the SHA family can succumb to recovery if common words are used as passwords. Time to support the BCrypt algorithm.
It’s survival of the fittest out there. Those of you who are aware of the dangers and decide to protect yourselves will fall victim less often. Those of you who keep using ‘password’ as your password are convincing the rest of us that the equivalent of driver’s licenses for computers are warranted.

Security can be easy thing, if you care enough to invest in it and the benefits are immediate and everlasting so get to it if you haven’t already.

Wither KEYBOX lite?

Posted on 2011/12/04 by Jay Fuerstenberg

Now that KEYBOX 2 is slated for release later this month, I am announcing that KEYBOX lite, the 30-day free trial edition, will be dropped.

The purpose of the lite edition was to demonstrate the full edition’s power, quality and professionalism to those who were on the fence about buying it. However looking back at the download-to-purchase ratio, I’m not sure the lite edition was ever really necessary, and if anything, may even be hurting sales.

Although the lite edition can only be used for 30 days, it doesn’t auto-destruct and will remain installed until the user removes it. I suspect the mere presence of the KEYBOX lite icon on people’s iPhone dashboards endows a false sense of security regardless of whether the app is used or not. By removing the choice between lite and full editions I’m asking would-be-downloaders to decide upfront how serious about security they want to be.

People who really understand the importance of digital privacy and security tend to already be victims and don’t need a demonstration. They are glad to pay just about any price if it means avoiding the hassle and stress of remembering and resetting all their site accounts and PIN codes before it’s too late.

People who have yet to personally feel these pains fall into two categories: those who know they never want to, and those who don’t give it much thought. Chances are that those who don’t give their own security much thought will not have arrived at my website in the first place so I’m not overly concerned about them. I want to reach those who are looking into being more secure and are now comparison shopping between KEYBOX and the alternatives.

In the end, security is up to each user and even if you purchase KEYBOX, you may leave it on your iPhone without using it but I would urge you to get value out of it on a daily basis. It’s an investment in your own security.

Removing KEYBOX lite is something I couldn’t foresee myself doing back when I released it but in retrospect makes perfect sense from a security standpoint as well as for sales. I hope users will understand.

If you have any questions or concerns regarding this decision please feel free to let me know at support@jayfuerstenberg.com.

KEYBOX 2 Submitted To Apple

Posted on 2011/12/04 by Jay Fuerstenberg

After weeks of testing KEYBOX 2 against iOS 5.0 and the new iPhone 4S as well as fixing some bugs introduced by both I’ve finished testing and finally submitted KEYBOX 2 to Apple.

Barring any approval process snafus I expect to release it Saturday Dec 17th 2011, just in time for the year end holidays!

Release 2 is of course a free upgrade from the first release and users purchasing it now will not have to pay twice.

I want to thank all the people who’ve expressed their enthusiasm for the next release for their continued patience. I hope to make more incremental releases in the future.

Stay tuned for the release 2 and the new revamped website that will accompany it!

How To Choose A Strong Password

Posted on 2011/11/22 by Jay Fuerstenberg

Google has an excellent page replete with a helpful video on how to choose a strong password. The video reiterates most of the techniques I have advocated on this blog and what KEYBOX encourages and it helps you, the viewer, understand why these techniques are important.

Check it out and stay safe!

Serious Security Flaw in iPad 2

Posted on 2011/10/24 by Jay Fuerstenberg

Some KEYBOX users ask me why it is needed when iOS devices are protected by passcode screens.

I respond along the lines that the passcode screen only prevents people from using the device and not accessing the data that resides within (by backing up that data to a computer).

Now it seems a serious security flaw has emerged that that allows anybody with a Smart Cover to break into an iPad 2, even when protected with a passcode.

9TO5Mac has an excellent breakdown of how to recreate it here. This is yet another reason why apps like KEYBOX are beneficial to people who value their privacy.

If you own an iPad 2, make sure to apply the workaround detailed there.

Thank You Steve Jobs

Posted on 2011/10/06 by Jay Fuerstenberg

Today Steve Jobs passed away and the internet has been abuzz about his contributions and his greatness.

I want to thank him for making me who I am today. Without him I certainly would not have been able to become a software developer, for there would not be this industry in which I could apply my craft. He and Steve Wozniak kickstarted it with the Apple I.

Since then, he has touched literally BILLIONS of people in the same way. Not a bad dent in the universe if you ask me!

He is already being held in the same high esteem as Thomas Edison and Henry Ford and it there should be no contesting his deserving to be so.

Steve, you were and continue to be an inspiration to me and many others. You taught us how to light that fire within each of us and to strive to be our best.

Rest in Peace…

Tap! Magazine Rates KEYBOX 5 out of 5 Stars!

Posted on 2011/09/27 by Jay Fuerstenberg

Tap! The iPhone and iPad magazine published in the UK has rated KEYBOX 5 out of 5 stars!

The Tap! VERDICT reads: “A simple and secure way of storing passwords, personal details and even images.“

Thank you to the fine folk at Tap! Magazine for this generous endorsement of KEYBOX!

New Weather App by Sophiestication

Posted on 2011/09/27 by Jay Fuerstenberg

Sophia Teutschler has done it again with her new weather app Magical Weather!

Magical Weather’s interface is understated and uncluttered yet manages to communicate so much useful information with a single glance.

It’s on sale now for 99 cents so don’t wait! Go grab it today!

Site Hacked Today

Posted on 2011/09/26 by Jay Fuerstenberg

I regret to notify my readers that www.jayfuerstenberg.com was hacked today. I apologize to all the users who were unable to reach my site during the period for which it was unavailable. Currently I am following up the matter with my hosting company InMotion Hosting, who have been overall great hosts.

What this means for visitors, users of KEYBOX

As I do not collect user information either via my site or via the KEYBOX app there was absolutely none for the hacker(s) to discover. This site is literally a set of static web pages and a blog. All the content within is open to the public and there is nothing to be learned by hacking into it.

There was no damage except the inconvenience to visitors. The content of this site is managed on my local machine using Coda and MarsEdit and I can reconstruct the site at whim.

I’m happy to say that KEYBOX was instrumental in both protecting me from further damage and in quickly getting me back up on my feet. Because I never use the same password twice the hackers were only able to get so far (FTP access apparently). The other aspects of my site remained completely intact. Nevertheless, with KEYBOX’s help, I generated new strong random passwords for every part of my site that uses them.

Going Forward

Nothing serious was lost except an hour of my time fixing things and writing this blog post. Well, that and my professionalism.

I want everybody to know that I am serious about security and guard my passwords with KEYBOX (I’m not only the developer, I’m perhaps its biggest user) and it is as safe as can be. I suspect the hacker gained entry to my site via a weakness in-between myself and the hosting company (across the wire). KEYBOX was what kept a bad situation from becoming worse and I’m thankful for that.

I hope you’ll continue to enjoy visiting my site and I hope to hear from more of you.

Sincerely,

Jason Fuerstenberg

UPDATE: It appears a large number of sites hosted by InMotion Hosting were subject to a defacement attack. They have issued a statement to this effect.

Quick Update to Yesterday’s Software Patent Petition

Posted on 2011/09/25 by Jay Fuerstenberg

Just a quick update…

The open petition to direct the patent office to cease issuing software patents yesterday was a hit!

Thank you to everybody who participated!

Direct the Patent Office to Cease Issuing Software Patents

Posted on 2011/09/24 by Jay Fuerstenberg

The US White House is hosting an open petition to let American citizens voice their opinions on software patents. As I’m not American I cannot directly participate but I can spread the word.

For those not versed on software patents, I’ve voiced my opinions regarding them in a previous post.

The abolishment of software patents will trigger innovation in America and throughout the world, creating jobs everywhere and driving healthy competition as a result. Everybody but lawyers stand to benefit.

Don’t wait, sign the petition today and make it clear you’ve had it with software patents!

Stop the Spying

Posted on 2011/09/24 by Jay Fuerstenberg

DEM is running an article concerning worrisome amendments to Canadian law, that if permitted, would provide warrantless recording of any internet user’s electronic communications.

To my fellow Canadians, please spread the word about Bill C-50, C-51 and C-52 and sign the www.stopspying.ca petition.

AU To Carry The iPhone 5 In Japan!

Posted on 2011/09/23 by Jay Fuerstenberg

According to this Yahoo Headlines Japan article, KDDI has revealed on September 22nd that it has officially signed on to carry the next-generation iPhone under its AU carrier brand. AU will sell the iPhone 5 (tentative name) in October.

The old one-carrier-per-country model previously favored by Apple is being abandoned in its bid to better compete with Android which is supported by all 3 major Japanese carriers.

It is expected that this move will have a deep impact on current smartphone shares for iOS and Android.

Also, it is curious that NTT DoCoMo was not the next carrier to offer the iPhone as its network is much better prepared for it. Prior to the arrival of smartphones, AU was better known for its less-is-more strategy and its limited 3G network rollout as a reflection of this. It’s clear that KDDI has cemented its reversal of this strategy with this announcement.

Interesting times ahead!

Portable Media Security

Posted on 2011/09/23 by Jay Fuerstenberg

David Harley has written a thoughtful post at ESET ThreatBlog on the insecurity of portable media like CDs and USB thumb drives.

Portable media, by virtue of its portability, is obviously more prone to loss and theft than say, stationary desktop computers. For this reason it is crucial that encryption be used to protect any data stored by these devices.

With the advent of the iPhone equipped with encryption apps, we would hopefully see less incidents of private data leakage. Ultimately it is up to people to be aware of the options and risks, and to make the proper choices.

Choosing a Safe Password

Posted on 2011/09/22 by Jay Fuerstenberg

A lot of opinions about what makes a password strong have been thrown about lately. Unfortunately, a lot of them are wrong.

If you only take away one thing from this article let it be this… Don’t believe everything you read about password best practices. Today I’m going to dispel some of these myths and I want to tackle 2 approaches in particular that concern me.

Correct Horse Battery Staple – http://xkcd.com/936/

This comic has been linked to a lot since its release and at least gets points for trying. The only problem with it however is that it relies on common dictionary words. According to Oxford Dictionary there are 171,476 words in current use in the English language. If we were to assign a unique number to each of these 171,476 words and use a 4-word combination of them we’d end up with a truly staggering amount of combinations to exhaust! Problem solved right?

No. The average English speaking person can’t even spell “hippopotamus” correctly and is limited to a vocabulary of 25,000~50,000 words (this number varies depending on demographics, education level etc… and is still disputed). And of these, most people limit themselves further to words dealing with their daily lives: “coffee”, “office”, “stapler”, “fire” and other equally common words. That is if they are not completely lazy and go with “password123″.

What we end up with is maybe 500 highly common words that would form the pool from which to construct such pass phrases. 500 words in 4-word combinations is just under 62.5 trillion combinations. Sounds great right? ”My little brother will have to pass the work onto his grandson before my password will be discovered!” I hear you say. Except with a technique called brute force searching, 62.5 trillion combinations can be computed in significantly less time. In fact, the more patterns a hacker can discern from your word choice the smaller the search space and the process will speed up accordingly.

Furthermore this approach does not scale. There are only so many nonsensical word combinations a person can remember. After a while they begin to diverge and soon you can’t tell if it was “house ball sky dog”, “ball cucumber torch pin”, or “house pin sky torch”.

Memorable Passwords – http://lifehacker.com/184773/geek-to-live–choose-and-remember-great-passwords

First let me say that I have a tremendous amount of respect for Gina Trapani. But this time I’m afraid she is wrong. Why? Again, patterns.

What makes the password memorization technique she advocates easy for you to use makes it equally insecure for hackers who anticipate that you’ll follow her advice. Using public knowledge like a spouse’s name or your anniversary date is questionable at best. If I know you, chances are I know your spouse. Even if I don’t know you I can dig through your trash and find out.

The only way this excels compared to the XKCD approach is that it’s easier to associate a password to a web site because there is an underlying pattern uniting them, not that this is a good thing remember. It’s just harder to get confused.

What Makes A Password Safe?

The short answer: randomness.

The long answer:

Don’t use patterns.
Use nonsensical words or sensical ones, whatever you like. Don’t follow a rule.
When possible, don’t limit yourself to how you choose your passwords.
Use numbers, punctuation, spaces and even Kanji characters if you feel like, or don’t.
Go short or go long. The choice is up to you.

Remember, from whom are you trying to keep your password safe? Your nosy siblings and coworkers? Or somebody more nefarious like a hacker? Your password is only as safe as it is unknown to people who would attempt to discover it. Understanding the discussed tools and knowledge they possess should demonstrate why just about all the advice flying out there is flat out wrong.

But It’s Still Too Hard To Remember “e$-UqPs3″

That IS hard to remember, there’s no contesting that. But again, what makes it hard for you to remember makes it more secure. A hacker is still going to pull out the brute force search here and will perhaps arrive at your password. However this password is stronger if for no other reason than it has no discernible patterns.

Moreover, if you occasionally change your password it becomes a moving target. By the time the hacker finds your password, you’ve already moved on to a new one!

How should you remember this password? Don’t. There’s an iPhone app for that! All you need to do with this app is create one memorable login password behind which all your hard-to-remember passwords are protected. This memorable login password is encrypted with an algorithm called BCrypt which is extremely resilient against brute force attacks because it takes an inordinate amount of time to encrypt each password. So even if you lose your iPhone the likelihood of your login password being discovered is near zero.

There is no magical solution that will result in memorable and safe passwords. But we can up the ante against hackers by equipping ourselves with the tools and discipline to combat theirs.

KEYBOX 2 – Code Complete!

Posted on 2011/09/22 by Jay Fuerstenberg

Just an update for everybody eagerly awaiting the newest release of KEYBOX…

I’ve officially finished work on Release 2 and will be heavily testing it while waiting for Apple’s supposed iPhone hardware refresh to be announced on October 4th. Barring any issues I’ll release KEYBOX 1 week after I get my hands on an iPhone 5, and well after the iPhone commotion dies down.

I want to thank everybody for your continued patience!

Jason Fuerstenberg

Development Posts moving to Dedicated Blog

Posted on 2011/09/21 by Jay Fuerstenberg

As of today, posts whose intended audience is primarily software developers will be hosted in a dedicated blog: http://www.jayfuerstenberg.com/devblog/

I hope doing so will allow this blog to focus more on general topics that all readers can appreciate.

Thank you for your understanding!

Jason Fuerstenberg

MUFG, The Unprofessional Bank

Posted on 2011/09/20 by Jay Fuerstenberg

Disclaimer: This post is a rant, but also an advisory for ex-pats residing in Japan against using the Bank of Tokyo – Mitsubishi UFJ, or MUFG for short.

As my readers know well, I’m not the biggest fan of Japanese banks and as of today even less so.

Since July I have been selling KEYBOX for iPhone and decided to use MUFG as my bank for receiving my 70% earnings from Apple. I already had an MUFG account as their branch and ATM locations are convenient for me.

Opening the additional bank account to keep the money separate was a battle in its own right. You see, MUFG frowns upon account holders having more than a single savings account. Why, I couldn’t tell you. Another mystery of Japanese banking perhaps. I had to explain to them my purposes with the account and really twist the branch manager’s arm to get permission.

And now that I have the account and KEYBOX is selling I have been eagerly awaiting my first deposit from Apple, a measly 890 yen for the first week of sales, but still – my first cheque!

Only it was not meant to be. MUFG rejected the payment.

Rejected payment mail from Apple

As you can see they neglected to mention why.

I finally had time to go to the bank today and get my answer. I prepared EVERYTHING. Whenever you visit a Japanese bank they will refuse service if you’re lacking your inkan (ancient ID stamp), and bankbook. I brought all that and everything else that could identify me so that turning me away wouldn’t be an option for them. Lastly, I printed the above e-mail Apple gave me as well as the Bank Information page in iTunes Connect to show them I registered the account correctly.

When I asked why the payment was rejected I was completely floored by their answer, or should I say lack of one.

They don’t know why it was rejected. Seriously.

If you know anything about business in Japan you know that companies here have an almost unhealthy fetish for documenting everything, EVERYTHING. The idea is that if a mistake is made we can backtrack in the documents to find the reason and improve upon the processes to prevent it in the future. Well MUFG didn’t document squat.

MUFG then told me the paying bank has to be contacted to learn the reason the accepting bank refused the payment. Yes, you’re reading this right. I hope, I really really hope it’s just MUFG that is capable of being this fucking retarded. It’s like I stomp on your foot and you ask me why I did it, only to have me tell you that only you could possibly know.

I tried to make the teller see reason that MUFG made the decision and therefore should have a documented reason to justify that decision. Being the robot that she was, she just kept repeating this “you gotta contact the paying bank” nonsense to me. Then I got tired of it all and asked to talk to her manager.

This goes on and on and in the end there was no resolution. MUFG says it will try and contact the paying bank on my behalf and get back to me but I’m not sure there is much of a point and I’ll likely close the account.

Before leaving, the teller then updated my bankbook and lo-and-behold the 2nd payment from Apple was accepted. So it seems there was certainly no mistake on my part and that it is MUFG that can’t decide whether payments from Apple are worth accepting or rejecting.

I’ve learned my lesson the hard way that we can’t expect much from Japanese banks.

Tomorrow, on the recommendation of friends with experiences in these matters, I’m going to open a bank account at Shinsei Bank. They are a smaller Japanese bank but have a more international mindset and level of service. The rest of the Japanese banking industry is quite literally stuck in the Edo-era (17th~19th century) and it’s too frustrating for us 21st century foreigners to deal with.

If you’ve just moved to Japan or are planning to do so in the future AVOID THE BIG BANKS (MUFG, Mizuho, etc…) and go with international banks or Shinsei Bank instead. They work the same way banks do abroad so there won’t be as much friction for you.

UPDATE: It seems MUFG is not only a bad place to take your banking business, it’s also a bad place to be employed according to this GlassDoor post.

Scarlett, I Heard about your Nude Pics and I Want to Help

Posted on 2011/09/17 by Jay Fuerstenberg

Dear Scarlett Johansson,

I’m sorry to hear about your private pics getting leaked out onto the internet. As it turns out I created an app called KEYBOX that could’ve prevented this unfortunate happening. These screenshots show what I mean…

Unfortunately, most people seek my app out only after becoming victims like yourself.

In a previous blog article entitled “How to Keep Photos Private on iPhone – A Step by Step Guide” I demonstrate how KEYBOX can be used to encrypt images so that even if your iPhone is stolen your private photos won’t be easily recovered and subsequently won’t be leaked out on the internet.

If your new phone ends up being an iPhone, contact me and I’ll gladly help you get KEYBOX up and running.

Best of Luck!

Jason Fuerstenberg

How to Keep Passwords Secret

Posted on 2011/09/12 by Jay Fuerstenberg

Not like this…

Password on paper for all to see

If you do this, you deserve to have your account hacked.

The Great East Japan Earthquake – 6 Months Later

Posted on 2011/09/11 by Jay Fuerstenberg

Today marks the 6 month anniversary of the Great East Japan Earthquake.

Much of the Tohoku region of Japan still lays in waste as a result of the tsunami that ensued after the megaquake and it will be decades before it is restored.

With that in mind I would ask that you please find it in your hearts to donate money to the Japan Red Cross.

http://www.jrc.or.jp/english/relief/l4/Vcms4_00002070.html

Lastly, I would ask that you please pass the word on to family and friends to bring more awareness to this cause.

Sincerely,

Jason Fuerstenberg

KEYBOX Release 2

Posted on 2011/09/04 by Jay Fuerstenberg

I’ve been hard at work on the development of KEYBOX Release 2 and I’m happy to report that it is nearing completion.

My plan is to make it available after I’ve confirmed compatibility on the next version(s) of the iPhone with iOS 5.0.

Aside from many improvements, Release 2 includes an important fix for a compatibility issue regarding importing secrets via Safari 5.1 in Mac OSX Lion. Safari 5.1 caught me off-guard because I released KEYBOX just prior to obtaining lion.

As much as I want to get this fix into everybody’s hands as soon as I possible I am not willing to do so at the expense of getting caught off-guard again by such OS changes. I could risk breaking the working order of KEYBOX for everybody.

Having said all this, I appreciate everybody’s patience and Release 2, like all upgrades, will be free of charge, and a worthwhile one you’ll all love.

Tokyo Man Runs the Apple Logo as Tribute to Steve Jobs

Posted on 2011/08/28 by Jay Fuerstenberg

PcMag is reporting an interesting story about a man who ran a portion of Tokyo (close to where I work in fact) in the shape of the Apple logo as a tribute to Steve Jobs. His run began on the western end of the Imperial Palace extending as westward as Shinjuku. All in all it took him 2 hours to complete his run.

MAC Address as UDID Replacement

Posted on 2011/08/23 by Jay Fuerstenberg

I have been testing the solution proposed by StackExchange user ‘shipmaster’ for obtaining a MAC address as a device ID.

I’m a private person, as everybody knows, so I won’t be posting the MAC addresses of my various iOS devices but I will say that I was able to confirm the the MAC address’ suitability as a UDID replacement.

How I conducted my testing

Across two iPhone 3GS units and one iPod touch 4th gen unit with two apps (KEYBOX and KEYBOX lite) I was able to reliably retrieve the per-device MAC addresses across distinct apps regardless of whether using Wi-Fi, 3G (only tested on iPhone 3GS as iPod touch doesn’t do 3G) and in Airplane Mode.

I do not own an iPad or iPad 2 with which to test but I suspect MAC addresses will make for reliable UDID substitutes there also.

It would be great to hear from iPad owners who have tried this technique. Please contact me at jay@jayfuerstenberg.com.

PHP Crypto Bug Found

Posted on 2011/08/23 by Jay Fuerstenberg

An embarrassing day for PHP as threatpost is reporting that PHP 5.3.7 includes a rather serious cryptography bug…

In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value.

As anyone worth their salt knows (sorry, couldn’t resist), salts are meant to nullify the advantage of rainbow tables which drastically shorten the period required to successfully carry out a brute force attack. Salts are left unencrypted as they are used again for hashing login passwords and the like. As such there is no hashed password here but instead just a known salt used as not only one password but everybody’s password.

Very scary! PHP team, next time unit test!

Troubleshooting Failed Imports in KEYBOX

Posted on 2011/08/22 by Jay Fuerstenberg

Some KEYBOX lite users who are upgrading to the full edition of KEYBOX are reporting issues where the below error alert is shown.

Failed upload

I apologize for any troubles you may be experiencing and offer a few workarounds for this:

Remove other apps from memory by double clicking the home button and making the bottom list empty. This is especially important for people with large secrets files (1MB or larger).
If you’re using Mac OS X 10.7 Lion try using Firefox. Safari 5.1 (included in Lion) seems to be more susceptible to this condition.

I believe I have identified and solved the culprit and will be making the fix available in KEYBOX release 2 after thorough testing. Your patience is much appreciated.

If you have any questions or concerns please contact me at support@jayfuerstenberg.com.

Early Earthquake Warning in iOS 5

Posted on 2011/08/22 by Jay Fuerstenberg

Nobody in Eastern Honshu (Japan’s main island), myself included, will ever forget the March 11th M9.2 Mega Quake.

An earthquake of this scale produces aftershocks the likes of M6~7 and during the first month we witnessed aftershocks at least M5 every hour. It tested everyone’s nerves to say the least.

Shortly after the megaquake many iPhone owners proceeded to download a free app ゆれくるコール (Roughly translated: It’s about to shake call). For a few months this app worked extremely well. The sound it emitted was similar to the early warning we hear on TV.

But in recent months this app’s reliability has degraded. So it’s welcome news (as reported by 9to5mac.com) that Apple will be embedding early earthquake detection service directly into iOS itself!

This is a facility DoCoMo subscribers have had forever, even in feature phones and it’s a joke among Japanese and expats here that we hope to be near a DoCoMo user whenever the big one hits! Now we’ll have to extend that to iPhone users on SoftBank as well!

Overcoming UDID Deprecation by Using GUIDs

Posted on 2011/08/21 by Jay Fuerstenberg

As posted yesterday, the UDID is being deprecated from from iOS 5 and will possibly be phased out in iOS 6.

This is mostly a good thing. Since the UDID does not change between the apps we use nor the sites we visit a very specific bread-crumb trail of our movements can be determined. It’s akin to leaving your business card at every restaurant and shop you patron. If all those cards were entered into a shared database the type of person you are and what your likely interests are can easily be guessed.

However, some of us developers simply want a means to distinguish the users who use our apps. The UDID was the silver bullet and its deprecation presents challenges for us.

A GUID is one partial solution to this. GUID stands for Globally Unique IDentifier.

The properties of a GUID

Each is only issued once
Not linked to the device generating it
Does not have 1:1 relationship to a user

Unlike a UDID which is tied to the device, a GUID is not necessarily tied to anything. It’s just a unique ID.

A user could have many GUIDs so it’s impossible to say that GUID A and GUID B are 2 distinct people as the same person could own both. However for most purposes a system which separates content by GUID can reliably keep my documents separate from yours on the cloud.

GUID Generation In Objective C

Generating GUIDs is trivial. KEYBOX generates GUIDs to uniquely identify each secret across exports and imports. Here is the relevant snippet of the GUID generation implementation used by KEYBOX.

+ (NSString *) generateGuid {
	CFUUIDRef uuid = CFUUIDCreate(NULL);
	CFStringRef uuidStr = CFUUIDCreateString(NULL, uuid);
	CFRelease(uuid);
	 [(NSString *) uuidStr autorelease];
	 return (NSString *) uuidStr;
}

It won’t help determine the exact device or its user nor will it help track users across sites or apps but it will help to assign identifiers like Twitter User Numbers to users who want to sign up to a cloud-based service.

In the end it may prove the most balanced ID system for users and developers.

UDID is Deprecated in iOS 5

Posted on 2011/08/20 by Jay Fuerstenberg

TechCrunch’s Erick Schonfeld is reporting today that iOS 5 comes with a big surprise in that developer access to the UDID, the device’s unique ID number, is being deprecated.

What does this mean?

As early as i0S 6 perhaps, we developers will no longer be able to uniquely identify devices. These are good and bad outcomes of this. Developing user profiles based on the apps downloaded and ads clicked begins to get a bit creepy and this will now be thwarted. But some of us developers use the UDID in ways that are not evil per se.

What about KEYBOX? Is it impacted by this change?

Somewhat, yes.

KEYBOX lite uses the device’s UDID to detect when a user is importing an export secret file onto the same device that generated it when the secret file is obviously older than the install date. In other words, cheaters who thought they could back up their secrets, uninstall KEYBOX lite and reinstall it and get another free 30 days of use.

KEYBOX lite then issues a stronger recommendation to purchase the full edition. After all, anybody who loves KEYBOX enough to go through the hassle of reinstalling it over and over ought to just purchase it and support further development.

At no time was this UDID ever transmitted in any form to my site or any other by KEYBOX or KEYBOX lite. In any case I will phase out this check in KEYBOX release 2. I don’t like relying upon deprecated functionality in my apps.

Researchers Find Weakness In AES

Posted on 2011/08/19 by Jay Fuerstenberg

Summary: KEYBOX is unaffected by recent research findings against the AES-128 encryption algorithm.

It was reported a couple of days ago (17th of August 2011) that researchers found the first weakness in the AES-128 algorithm. This weakness is said to reduce the amount of time required to brute-force attack an encrypted secret by a factor of 4. This means that a secret could be hacked in 1/4 the time it would normally take had this approach not been discovered.

As any visitor to my website is well aware AES-256 is the cryptography algorithm used in KEYBOX. I would like to take this time to spell out what all this means for all KEYBOX users.

How this impacts KEYBOX?

It doesn’t. At all.

The research is applicable only to AES-128, a much weaker variant of the AES-256 algorithm. The article explains that AES-128 becomes AES-126 as a result of this exploit. That is to say that the effort required to encrypt secrets is 4 times less but still so high as to be impractical.

The key quote which spells out how much effort is now required to discover a secret’s contents via brute-force:

To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key.

AES-128 is still regarded as a strong algorithm, even after this discovery. Furthermore, KEYBOX uses the much stronger AES-256. The number of computation rounds used here is considerably higher than that of AES-128 and it’s strength is equally higher. You and I will be long passed away before our secrets could be broken into.

Conclusion:

The sky is not falling. There is no change needed in how KEYBOX should operate as such attack vectors were well considered during its design and development.

If you have any questions or concerns please contact me at jay@jayfuerstenberg.com.

Apologies for Outage Today

Posted on 2011/08/19 by Jay Fuerstenberg

Today around 8pm Japan Standard Time the server hosting the www.jayfuerstenberg.com domain was unavailable for an unknown period of time.

I apologize to visitors who were denied access and am working with my hosting company to identify the nature and period of the outage.

I’ll report any findings here as they become known to me.

Sincerely,

Jason Fuerstenberg

Back to School Sale for Articles by Sophiestication!

Posted on 2011/08/19 by Jay Fuerstenberg

I love to support indie developers and Sophia Teutschler is the talent behind Articles, the refined Wikipedia client for iPhone.

She has just announced a Back to School Sale making Articles for the iPhone now only $0.99! The iPad edition is similarly marked down to $1.99!

It’s a great deal for a great app so run to the AppStore and grab your copy today!

I Forgot my Login Password!

Posted on 2011/08/18 by Jay Fuerstenberg

Lately I’m seeing an increase in support emails from KEYBOX customers who have lost/forgotten their login passwords.

The only time I don’t enjoy supporting those who support me is when I’m powerless to help them. It pains me to say that the same high-grade security measures that thwart hackers from discovering your login password also prevent me from helping you recover it.

There is simply no way to fix losing your login password except by deleting and re-purchasing KEYBOX and I don’t want you paying me twice.

The best recourse is prevention!
Release 2 will help with this. In the meantime, please choose easy to remember but personal passwords.

One point of caution: Don’t choose words from a predetermined list like this. They are very insecure (remember: predetermined = bad, random = good) and it’s disconcerting to see their use being advocated.

Instead, make up a word or sentence comprised of words that don’t exist and is otherwise non-sensical but is easy for you and ONLY you to recall and spell. You gain the advantage of not having your password in a list that hackers also reference.

Some customers are deciding to write down their passwords on paper. I highly recommend against this but in the end I can’t prevent you. At least hide those papers and don’t write “my KEYBOX password!” on them. Also don’t make your login password the same as your iPhone passphrase or passcode.

We all forget passwords from time to time. It’s half of the reason people use KEYBOX in the first place. KEYBOX’s basic premise is: choose a single password and let KEYBOX do the rest.

But remember, that password is as valuable as all the secrets protected by it so choose it wisely!