All posts by user

Google authentication is burping, again.

If you use Kerika+Google — the version of Kerika that integrates with Google — you may be experiencing some login problems this morning. In fact, you may have experienced some problems over the past few days.

We are continuing to investigate this, and so far the problems seem to be on Google’s end, and they also seem to be mostly affecting people who have premium Google Apps, e.g. Google Apps for Business or Google Apps for Nonprofits.

Update: it’s not just premium Google Apps; it’s affecting all sorts of users.

Google authentication is burping
Google authentication is burping

Fortunately, we have not seen any problems with Kerika+Box: Box’s authentication service has been running fine so far.

Some users have written in asking if they can switch to Kerika+Box and still preserve their old data. This is possible, but requires some manual work on the user’s part, and if the problem persists we will put up a blog post explaining how users can do this.

In the meantime, please bear with us, while we bear with Google…

A great response at the Lean Transformation Conference

Our presentation on Distributed Lean & Agile Teams in the Public Sector at the Lean Transformation Conference last week was very well received: the presentation was given on both days of the conference, and attendees were polled by the conference organizers on whether they liked the talks, or not.

  • Session 1 (Tuesday): 100% of the attendees who provided feedback gave Arun‘s talk a thumbs-up.
  • Session 2 (Wednesday): 96% of attendees who provided feedback gave Arun’s talk a thumbs-up!
Arun at Lean Transformation Conference 2014
Arun at Lean Transformation Conference 2014

The Results Washington folks have produced a short video featuring attendees at the conference — we recognize a user or two :-)
 

Writing Status Reports: an interesting use-case for Export

Ben Vaught from the Washington State Office of the CIO has come up an interesting use-case for Kerika’s new export feature that we hadn’t considered: use it to write your weekly status reports!

Kerika lets you export cards from a Task Board or Scrum Board in CSV or HTML format: the CSV format is useful for putting data from Kerika into another software tool, like Excel, but the HTML format is designed for human consumption.

Here’s an example of a card that’s been exported as HTML:

Example of HTML export
Example of HTML export

By using the Workflow button (on the top-right menu bar), you can adjust your display to show just the Done column on a board, and then further use the Tags button to limit the number of cards that are shown in this column.

For example, you could display just the Done column, and filter the cards to show just the ones that were assigned to you.

Do an HTML export of this, and you will be able to easily cut-and-paste the output into a Word document or email, and submit your status report!

When Worlds Collide: Distributed Lean and Agile Teams in the Public Sector

We were thrilled to be part of the Lean Transformation Conference organized by Results Washington week at the Tacoma Convention Center. Over 2,700 people attended — a sellout crowd!

Attendees at Lean Transformation
Attendees at Lean Transformation

Arun Kumar, founder & CEO of Kerika, gave a presentation on both days on Distributed Lean and Agile Teams in the Public Sector, drawing upon lessons learned, case studies and best practices from multiple state agencies and private sector firms.

Here’s the presentation:

Google Apps is having one of those days

Google’s Authentication service, which all users of Kerika+Google rely upon to sign up and sign in, has been having intermittent problems all day.

Fortunately, they have been reporting this on their Apps Status Dashboard, which they don’t always do, so perhaps the outages are more widespread than normal?

Here’s the picture as of 12PM Pacific Time:

Google Apps Dashboard
Google Apps Dashboard

We saw a ton of authentication errors from Google this morning: some were because domain policy checks were failing (this affects users of premium Google Apps for Business), some because Google’s servers were timing out with a “504” error.

We have tried to identify all the affected users and reach out to them to explain the situation and reassure them their Kerika data are unaffected.

As of this writing the situation seems to be actually improving a little for the Kerika community: we are seeing fewer errors, and clearly people are able to login to Kerika+Google, although the Google Dashboard is contradicting us by reporting a worsening situation…

Stay brave.

Revisiting the (deserted) Post-It Palace

A couple of weeks ago we visited a UX team at the Washington State Department of Licensing, and took a photo of the “Post-It Palace” they had built within their cubicles:

Post-It Palace
Post-It Palace

2 weeks later, this is what we saw:

Revisiting the Post-It Palace
Revisiting the Post-It Palace

Everything is now inside a set of Kanban Boards powered by Kerika+Box!

All done
All done

“Critical”: a new status for cards

With our newest release, we have added a new status indicator that you can use to flag particularly important cards on a crowded board: “Critical”.

Critical status
Critical status

The reason we added this was simple: no matter how cool and calm we try to be, every so often there’s a mini-crisis and we need to make sure that everyone takes note of some particular cards.

In the past we tried to accomplish this by use of color (e.g. Red), but this wasn’t a satisfactory solution since we want to use colors for other purposes as well.

We also tried marking critical cards as “Is blocked”, because this indicator appears in red text making it very eye-catching, but this too was not a satisfactory solution.

“Critical” works: you can highlight really important cards on a board by marking them with this status, and you can also search for Critical cards as part of Advanced Search.

Crtical card
Critical card

One-click integration with Box Notes and Google Docs: a new feature

Here’s another new feature: you can create a new Box Note or Google Doc (depending upon whether you are using Kerika+Box or Kerika+Google) from within a card itself, and have that attached automatically to your card.

Adding a new Box Note
Adding a new Box Note

A single mouse-click is all that it takes to create a new Box Note or Google Doc, add it to your card (on any Task Board or Scrum Board), and open that Box Note / Google Doc and start using it.

When you are done editing your new Box Note / Google Doc, you can come back to Kerika and you will find it is already attached to the card where you were working!

All in one mouse-click!

One small adjustment you might need to do: many browser will automatically block pop-up windows. When you create a new Box Note or Google Doc, Kerika tries to open it immediately in a new browser tab, so that you can start using it.

If your browser gives a warning about a pop-up window, please allow pop-ups from Kerika — this is the only use of pop-ups by Kerika, and it makes a great feature even better!

Pop-up warning
Pop-up warning

Kerika is secure against the SSL 3.0 fallback vulnerability

You may have heard of the “Poodle” vulnerability in SSL, which allows the plaintext of secure connections to be calculated by a network attacker.

This vulnerability was discovered recently by Google engineers; here’s how it works:

  • Secure Internet connections used to be implemented with SSL 3.0, which is actually a pretty old protocol now. (About 18 years old, in fact, which means it dates back to the Netscape era :-)
  • Over the years, SSL 3.0 was implemented by everyone who produced Web servers: e.g. Microsoft, Netscape, Apache, etc.
  • SSL 3.0 has since been supplanted with Transport Layer Security (TLS), which also comes in several flavors — TLS v1, v1.1 and v.1.2
  • And SSL was around for such a long time, everyone knew it worked. With TLS, however, bugs are sometimes found in different Web servers, depending upon who is producing (and maintaining) a particular brand of Web server.
  • In order to get around potential problems with the way a particular Web server had implemented TLS, browser clients (i.e. software that runs in a browser, like Kerika does) will also, very often, try to connect to the Web server using with SSL 3.0 as a fallback protocol.

Well, the good folks at Google found that SSL has a very fundamental vulnerability in it, that’s inherent in the protocol and cannot be patched: in an example attack called Padding Oracle On Downgraded Legacy Encryption (POODLE), an attacker can steal “secure” HTTP cookies or other bearer tokens such as HTTP Authorization header contents.

Angry Poodle
Angry Poodle

This problem is basically unfixable with SSL 3.0 because it uses RC4 ciphers for encryption, and RC4 is pretty darn old: it dates back to 1987!

(And, yet, according to Microsoft, even last year over 40% of Web connections were using RC4.)

The only way to secure against this vulnerability is to not allow SSL 3.0 as a fallback method for connecting to your Web server.

And that’s what Kerika does: we only support TLS connections.

Doing our bit to keep the Internet safe… :-)