If you use Kerika+Google — the version of Kerika that integrates with Google — you may be experiencing some login problems this morning. In fact, you may have experienced some problems over the past few days.
We are continuing to investigate this, and so far the problems seem to be on Google’s end, and they also seem to be mostly affecting people who have premium Google Apps, e.g. Google Apps for Business or Google Apps for Nonprofits.
Update: it’s not just premium Google Apps; it’s affecting all sorts of users.
Google authentication is burping
Fortunately, we have not seen any problems with Kerika+Box: Box’s authentication service has been running fine so far.
Some users have written in asking if they can switch to Kerika+Box and still preserve their old data. This is possible, but requires some manual work on the user’s part, and if the problem persists we will put up a blog post explaining how users can do this.
In the meantime, please bear with us, while we bear with Google…
Ben Vaught from the Washington State Office of the CIO has come up an interesting use-case for Kerika’s new export feature that we hadn’t considered: use it to write your weekly status reports!
Kerika lets you export cards from a Task Board or Scrum Board in CSV or HTML format: the CSV format is useful for putting data from Kerika into another software tool, like Excel, but the HTML format is designed for human consumption.
Here’s an example of a card that’s been exported as HTML:
Example of HTML export
By using the Workflow button (on the top-right menu bar), you can adjust your display to show just the Done column on a board, and then further use the Tags button to limit the number of cards that are shown in this column.
For example, you could display just the Done column, and filter the cards to show just the ones that were assigned to you.
Do an HTML export of this, and you will be able to easily cut-and-paste the output into a Word document or email, and submit your status report!
We were thrilled to be part of the Lean Transformation Conference organized by Results Washington week at the Tacoma Convention Center. Over 2,700 people attended — a sellout crowd!
Attendees at Lean Transformation
Arun Kumar, founder & CEO of Kerika, gave a presentation on both days on Distributed Lean and Agile Teams in the Public Sector, drawing upon lessons learned, case studies and best practices from multiple state agencies and private sector firms.
Google’s Authentication service, which all users of Kerika+Google rely upon to sign up and sign in, has been having intermittent problems all day.
Fortunately, they have been reporting this on their Apps Status Dashboard, which they don’t always do, so perhaps the outages are more widespread than normal?
Here’s the picture as of 12PM Pacific Time:
Google Apps Dashboard
We saw a ton of authentication errors from Google this morning: some were because domain policy checks were failing (this affects users of premium Google Apps for Business), some because Google’s servers were timing out with a “504” error.
We have tried to identify all the affected users and reach out to them to explain the situation and reassure them their Kerika data are unaffected.
As of this writing the situation seems to be actually improving a little for the Kerika community: we are seeing fewer errors, and clearly people are able to login to Kerika+Google, although the Google Dashboard is contradicting us by reporting a worsening situation…
A couple of weeks ago we visited a UX team at the Washington State Department of Licensing, and took a photo of the “Post-It Palace” they had built within their cubicles:
With our newest release, we have added a new status indicator that you can use to flag particularly important cards on a crowded board: “Critical”.
Critical status
The reason we added this was simple: no matter how cool and calm we try to be, every so often there’s a mini-crisis and we need to make sure that everyone takes note of some particular cards.
In the past we tried to accomplish this by use of color (e.g. Red), but this wasn’t a satisfactory solution since we want to use colors for other purposes as well.
We also tried marking critical cards as “Is blocked”, because this indicator appears in red text making it very eye-catching, but this too was not a satisfactory solution.
“Critical” works: you can highlight really important cards on a board by marking them with this status, and you can also search for Critical cards as part of Advanced Search.
Here’s another new feature: you can create a new Box Note or Google Doc (depending upon whether you are using Kerika+Box or Kerika+Google) from within a card itself, and have that attached automatically to your card.
Adding a new Box Note
A single mouse-click is all that it takes to create a new Box Note or Google Doc, add it to your card (on any Task Board or Scrum Board), and open that Box Note / Google Doc and start using it.
When you are done editing your new Box Note / Google Doc, you can come back to Kerika and you will find it is already attached to the card where you were working!
All in one mouse-click!
One small adjustment you might need to do: many browser will automatically block pop-up windows. When you create a new Box Note or Google Doc, Kerika tries to open it immediately in a new browser tab, so that you can start using it.
If your browser gives a warning about a pop-up window, please allow pop-ups from Kerika — this is the only use of pop-ups by Kerika, and it makes a great feature even better!
Secure Internet connections used to be implemented with SSL 3.0, which is actually a pretty old protocol now. (About 18 years old, in fact, which means it dates back to the Netscape era :-)
Over the years, SSL 3.0 was implemented by everyone who produced Web servers: e.g. Microsoft, Netscape, Apache, etc.
SSL 3.0 has since been supplanted with Transport Layer Security (TLS), which also comes in several flavors — TLS v1, v1.1 and v.1.2
And SSL was around for such a long time, everyone knew it worked. With TLS, however, bugs are sometimes found in different Web servers, depending upon who is producing (and maintaining) a particular brand of Web server.
In order to get around potential problems with the way a particular Web server had implemented TLS, browser clients (i.e. software that runs in a browser, like Kerika does) will also, very often, try to connect to the Web server using with SSL 3.0 as a fallback protocol.
Well, the good folks at Google found that SSL has a very fundamental vulnerability in it, that’s inherent in the protocol and cannot be patched: in an example attack called Padding Oracle On Downgraded Legacy Encryption (POODLE), an attacker can steal “secure” HTTP cookies or other bearer tokens such as HTTP Authorization header contents.
Angry Poodle
This problem is basically unfixable with SSL 3.0 because it uses RC4 ciphers for encryption, and RC4 is pretty darn old: it dates back to 1987!
(And, yet, according to Microsoft, even last year over 40% of Web connections were using RC4.)
The only way to secure against this vulnerability is to not allow SSL 3.0 as a fallback method for connecting to your Web server.
And that’s what Kerika does: we only support TLS connections.
