I’ve just finished moving from WordPress to Chyrp, which aims to be something like a self-hosted version of Tumblr, which should give me flexibility to extend the blog to do things like integrate web services. Since I don’t write full-on blog posts as frequently, I’d like to get in the habit of writing smaller posts, as well as sharing links and videos.

There are different categories for different types of posts (links, videos, texts, etc.). Each has individualized RSS feeds; just add “/feed” at the end of the URL and magic should happen.

About 2 weeks ago, I showed a teaser for my new iPhone app, Lockbox. I was deliberately ambiguous, as I wanted to surprise everyone at WWDC with it. After getting some much-needed feedback on the app, I’d like to talk about what Lockbox actually is.

Lockbox is an app that lets you store encrypted photos and notes on your iPhone. Encryption requires that users enter some sort of key into the system, as a means of proving that the person who stored the data encrypted is the person trying to decrypt it. This has historically been done with passwords, which are easy to turn into a key. However, the iPhone’s screen doesn’t really lend itself to entering a complex password. The alternative that Apple has put forward is a 4-digit PIN number. This is too insecure; it would take at most 10,000 iterations to brute force the password, which is child’s play. Clearly, another system is needed.

Lockbox solves this problem with a very unique and innovative means of key entry. Rather than using a password or a PIN, Lockbox lets users draw a gesture with their finger on the screen. The gesture can be as long or as short as the user wants. In my tests, I’ve found the best gestures to be somewhere between 12 and 20 cells, which increases security over PIN numbers against brute forcing by 2 and 4 orders of magnitude respectively. And, as a bonus, gestures are much easier to remember and much faster to enter.

Lockbox will allow users to store encrypted versions of photos and notes. The raw key is never stored on disk, and is overwritten a few times when the application quits. Encryption and decryption is completely transparent and happens in the background. Furthermore, Lockbox is using industry-standard algorithms (specifically SHA-1 and AES). There are two advantages to this: first, the encryption algorithm currently has no known weaknesses; second, these algorithms are hardware-accelerated on the iPhone. Photos can be added from the photo library or the camera, and notes can be edited directly from within the app. Once you get past authentication, the user interface will be very familiar to users of the Photos and Notes apps already on the iPhone.

I’m currently working on getting the app finished, and will hopefully have it ready for the App Store on or near launch. Everyone who has seen it at WWDC has been completely blown away by how easy it is to enter these gestures. Furthermore, I’ll be exploring other options for key-entry. I already have a handful of ideas on other implementations, including one which I’m calling antigestures. However, I’m keeping that a secret for now. 🙂

I’m going to make this one quick, as it’s really late and I’m in the process of packing for WWDC.

• Tubular 1.0 has been released! Check it out at the awesome new site.
• Announcing Lockbox, gesture-based photo and note encryption for your iPhone. Coming this summer.

See you all at WWDC/the Internet!

So, 2008 has gotten off to a very interesting start. So far, I’ve found out that I had to leave Rochester, found out that I don’t have to leave Rochester, released the Tubular public beta, and accepted a position as a Cocoa engineer at Ambrosia Software. It’s been an absolutely crazy few weeks, and we’re only midway through February. With that in mind, I’d like to take a look at what 2008 holds in store for past, present and future projects.

First, the obvious. Tubular is completely on track for a 1.0 release very soon. The public beta is going very well, and the newest version, 1.0b2, is the most stable and feature-complete build yet. Of course, there are still bugs to be fixed, which is why it’s not at 1.0 yet. The march continues on towards that very important goal.

One thing to note is that while Tubular’s development has been somewhat stagnant for a little while, that’s not to say I haven’t been thinking about it and its future. From a product perspective, there’s a million things I want to do in Tubular, but the underlying architecture hasn’t been there to support these future-looking features. So, to make it work, I’ve been reworking some of the plumbing that moves data around inside the app. Some of this labor has already started to bear fruit in development builds of Tubular, although the new features that will result from it won’t show up until 1.1. But suffice it to say, there are a lot of new features in the works.

One thing I didn’t realize at the onset of this project is how to difficult it is to manage and maintain a large list of people, as well as sending out thousands of emails at once. Turns out you get put on spam filters and stuff like that. Recently, to make this problem more manageable, I set up SugarCRM on my new Slicehost server. This tool is fantastic, and helps me keep track of bugs, support emails, registrations, announcements, and more. I’ll hopefully be expanding on SugarCRM in the future, as it has quickly become the hub of my business, and having a full-featured customer relationship management tool has saved me a ton of time. It’s a very powerful and sophisticated tool which contains a bit of extra cruft (which is to be expected; its mostly intended for people in sales), but once you get the system working for you, it becomes indispensable.

Aside from Tubular, I hope to be releasing a good amount of source code over the next few months. The first project I’ll be open-sourcing is my popular app DeskTunes. I’ve been told that it doesn’t work properly in Leopard, and the whole app (aside from some utility code I had lying around) was created in 6 hours, so there remains some cleanup to be done on the codebase. It should be ready to go pretty soon, and of course I’ll announce it when that happens. However, for the most part, I’ll be removing myself from any active development (not that there ever was any).

There are some other pieces of code I’ll be releasing over time. I’m not sure what exactly will make it out yet, so I can’t give any insight as to what it will be, but there will definitely be some good amount of code released before summer.

One more thing…

There is a project that I’ve been planning for over 9 months, and has been under development for a little less than a month. It is Mac-based, and it will be open-source. It won’t be released until after Tubular hits 1.0, and I’m not going to be giving out any details just yet. However, I will tease just a little bit: One of the major goals of this project is to start a huge revolution in Internet-based software. Details forthcoming. 🙂