We have started a major scheduled maintenance on our servers.

During the weekend the application will be available in Read-Only mode, or just off.

Sorry for the trouble.

We have just released a new version of Clipperz password manager that fixes a bug related to native JSON support. The bug was affecting only those using Firefox 3.1. Beta 1 or Beta 2.

Firefox 3.1 includes TraceMonkey, the new Javascript engine. It’s an evolution of SpiderMonkey that uses a new kind of Just-In-Time (JIT) compiler to boost Javascript performance by an order of magnitude or more.

Unfortunately Firefox 3.1 also introduced a DOM binding (the global object JSON) for the native JSON parser; the DOM binding “shadows” the JSON object from the json2.js library currently used by Clipperz for JSON de/serialization. The native parser doesn’t yet support de/serialization of primitive (string, number, boolean) objects (only object literals and arrays) hence the card creation process results in being broken in Firefox 3.1 Beta.

As soon as Firefox 3.1 will provide full support for JSON de/serialiazation (planned for Beta 3) we will switch to the native JSON parser, taking full advantage of speed improvements.

It’s really nice to start a new year with a bit of love twits from Clipperz users. Thanks!

The first thing most of you do every morning is to open the Clipperz password manager and start your daily routine by quickly accessing your online services. Just one click on a “direct login” link and you are logged in and, depending on your browser settings, each click will open a new window or a new tab. Unless you are using Safari …

In that case there is no way to tell Safari to open a “direct login” in a new tab, it will always open a new browser window. I find it quite annoying, I personally can’t stand having too many browser windows open.

Direct login links have a target = "_blank" attribute and Safari has no (evident) option to decide if the new page should be opened in a new window or a new tab (like Firefox has). But luckily Apple has added a hidden preference, since Safari 3.1, that allows you to tell Safari to stick to one window. Just paste into Terminal the following command and and you’re sorted!

defaults write com.apple.Safari TargetedClicksCreateTabs -bool true

This works great, unless you are like me: I usually launch tens of “direct logins” and I end up scrolling tabs back and forth within a single Safari window. Not very convenient. But with Safari I can solve this problem by easily detaching and grouping together tabs (all email accounts in one window, all bank accounts in another, …).

Unfortunately Firefox does not allow me to detach tabs the way Safari can, but I’ve found a very good solution: Duplicate Tab 1.0.2. A nifty Firefox add-on that allows you to detach tabs and merge windows.

So if you use Safari, I would suggest to set the above hidden preference, while if you prefer Firefox, choose the option to open new pages in a new tab and install the Duplicate Tab add-on. In any case, don’t let your browser degrade your Clipperz experience!

Thanks to Dennis and John for the tips!

picture from inju Flickr photostream

Giulio and I are looking for a job. We have been working at Clipperz for almost 3 years, investing our own money, time and energy. We cannot afford it any longer.

But don’t worry for the future of your favorite password manager, since we will take into consideration only job proposals that leave us enough free time to keep the service running. We won’t stop its development and we will continue to provide support to the about 20,000 registered users. Moreover, there will always be the option to run the Clipperz Community Edition on your own server.

To date Clipperz is a success and a failure all at the same time.

A success because thousands of users love the service and because the underlying zero-knowledge architecture is enjoying a growing acceptance and has spurred a stimulating debate over privacy and freedom for web applications.

A failure because we were unable to tell investors a convincing and easy-to-grasp story and therefore they didn’t see the huge business opportunity arising from zero-knowledge web applications. The presentation below is our latest attempt to tell this story. Hopefully better than we did before.

Feel free to send in your suggestions and to forward the presentation to reputable and passionate investors that could find it interesting. And, as usual, donations are always welcome!

Lately Giulio and I have been busy helping with the organization of BookCamp, a barcamp focused on books, ebooks and digital publishing.

Is there any direct relationship between a password manager and the future of books? Not really, but we do like books and we would like to see more freedom in the publishing industry.

The BookCamp will be a wonderful chance to discuss next generation textbooks, print-on-demand, ebook readers, why DRM (better known as Digital Restrictions Management) is bad and many other topics.

Richard Stalmann, President of the Free Software Foundation, will deliver a speech (via phone) with a quite straight title: “Fighting the Swindle of DRM on E-Books”.

See you at Castel Sismondo in Rimini, next Friday, starting at 16.00. Italian will be the official language, but anyone is welcome!

“Thanks Gutenberg. So long.” (Mario Guaraldi, publisher)

Thanks to the mighty name of Richard Stallman and, hopefully, to the relevance of our call for action, Clipperz ended up on Slashdot.

Ok, I submitted the story myself, but it was for a good cause: promoting freedom and privacy on the web. Clipperz password manager is tired of being the only web application around with a zero-knowledge architecture and an AGPL v3 license!

Interview with Thorsten Zoerner about a neat deployment of the Clipperz Community Edition for the eyeOS platform. Clipperz Community Edition allows you to host on your own server a web service identical to Clipperz online password manager. It’s open source and released under an AGPL license.

Thorsten, you’ve developed an application called “h3oPass 4 Clipperz Community Edition”. What’s that application about?

h3oPass 4 Clipperz Community Edition allows people to use Clipperz from within eyeOS. Web Operating Systems are getting more and more common these days and for any WebOS user it is common to rely on several web applications by different providers. So you need login credentials for each of those – as they do not share one common authentication platform. Users of h3oPass can now manage their passwords within Clipperz and they can access any web service with just one click.

Why Clipperz?

There are password managers around. Some of them come as browser plugins, others are installed on the server. In both cases, the user faces a challenge: either the passwords are not available when moving to another computer, or the user has to blindly trust the server where the passwords are stored. With Clipperz it is different: all the protection is done within the browser while the encrypted data gets stored on the server. Or, in other words, the role of the server is just to store scrambled bits and bytes, while the browser does all the work. This approach has several points of contact with the overall WebOS philosophy and provides better security and privacy.

Why h3oPass leverages the Clipperz Community Edition and not the hosted service at clipperz.com?

Because of the way to handle windows within the eyeOS environment.

On the hosted version of Clipperz, when you click on a direct login link, a new window or tab is opened to show the page you just logged into. Running the application from an eyeOS window I had to patch the JavaScript window.open function in order to let eyeOS handle the opening of new windows within the very browser window where eyeOS lives in.

If you look on the screecast below, you quickly recognize, that the applications has two windows: one is derived from the “Clipperz Compact” version that is usually displayed in a browser sidebar, the other is the full version of Clipperz, usually displayed in a regular browser window. I think that this is a very convenient way to use Clipperz within eyeOS.

However, there is another application, that will get released in a few days: h3opass 4 Clipperz Offline Edition. In this case you just download the offline copy generated by any Clipperz instance (a single HTML file) and upload it to your eyeOS account. The application than ensures the windows handling.

What makes a WebOS so fascinating for you?

For me a WebOS is the right tool to create my personal information mashups. It allows me to built my personal view of the world. It brings together my personal CRM page, my IM client, my weblog, my weather forecasts, my phone, … There are thousands of helpful applications out there and Clipperz can log you in with just one click in most cases!

And eyeOS in particular?

One thing I really like about eyeOS is that it was designed to be installed on your own company, school or university server. This gives you control over what people are doing with it - without building a vendor lock in.

Is h3oPass 4 Clipperz your only eyeOS application?

No there is h3oUpload, allowing users to upload documents to an eyeOS server using drag and drop from the real desktop. h3oLaunchr extends that: you are able to open a document directly on the server and edit it on the client.

**Why do you develop eyeOS applications? Which are your motivations?

I like to spend one hour of my life, if what I achieve can save me one minute on every working day. With this in mind, one year ago I started to play around with eyeOS and figured out that it could be used to implement a lot of time saving solutions, hacks that can saves you several clicks every day. For the very same reason I got interested in Clipperz as well: accessing my bank account, remember-the-milk and several other sites with just one click was awesome. h3oPass saved me those magic minute a day (actually even more).

Last question, where could I test h3opass 4 Clipperz or eyeOS?

h3oPass is freely available for download from the eyeOS application repository. You can install it on your eyeOS server or, if don’t have a server, you can get a free one from my homepage. And the quickest way to test it is on my demoserver (username: demo / password: demo).

AJAX Chat is one of the most popular project released under the AGPL license. The SourceForge stats page shows about 200 daily downloads! AJAX Chat represents today a cool integration for several Internet forums based on phpBB, MyBB, PunBB, SMF and vBulletin.

However AJAX Chat has a potential that goes beyond Internet forums: it could bring chat capabilities to any web page. It’s a great candidate for the AGPL Suite. It would also be nice to engage its developers to embrace a zero-knowledge architecture to make AJAX Chat a true off-the-record messaging system.

Its creator, Sebastian Tschan, was kind enough to answer some questions.

What is AJAX Chat and why did you start its development?

ST: It’s an open source web chat based on AJAX. At the start of its development I just wanted to learn more about AJAX. I also liked the idea of having a chat for my own phpBB based community forum which could be used with a browser and didn’t require any plugins to work.

Later I decided to release AJAX Chat as an open source project. The first release was targeted at the phpBB community. There were already some AJAX based chat applications around for phpBB, but all required some modifications to the forum software. AJAX Chat was outstanding for its extremely easy setup and the integration with the forum authentication system.

Why did you choose AGPL for AJAX Chat?

ST: The first version of AJAX Chat was released under plain GPL. As a GNU/Linux user I was already a free software fan, but I didn’t know much about the different licenses. Later I found the time to read about free software (e.g. ”Free Culture” from Lawrence Lessig, articles from Richard M. Stallman) and I eventually realized what it was all about. It was then that I decided to put AJAX Chat under AGPL.

What’s your opinion about the “ASP loophole”? Do you think that AGPL solves that problem?

ST: The “ASP loophole” was the very reason why I finally decided to put AJAX Chat under AGPL instead of using the GPL. I would recommend open source developers to use the AGPL for all their web projects.

Just to say thanks to the nice folks at Palamida. They wrote an interesting commentary to my post on building an AGPL suite and then move each application of the suite onto a zero-knowledge architecture.

Here is what they say:

Marco Barulli is taking the risk of blazing the trail for web services developers to come. Is AGPLv3 the right license? Who knows. Is “zero-knowledge” the right architecture? Maybe yes, maybe no.

• Zero-knowledge architecture is a web services framework in which secure information is distributed only to the endpoint, the service, through a secure and reliable framework that does not allow disclosure or residual existence of any user specific information. […]

• The AGPLv3 assures that the architecture and the source code is transparent and available for scrutiny, thereby insuring a clear implementation of secure practice that can be monitored and verified by the community. […]

Is this novel? No. Is it needed? Of course. “Zero-knowledge” architecture is based on old ideas applied to a new web services paradigm. Trust nobody, encrypt, and double check everything. Clipperz and the zero-knowledge concept is an old idea finding a proper place to start talking about transparent architecture which puts the responsibility of information security in the hands of the users. Is it perfect? Maybe yes, maybe no. It is licensed under AGPLv3, so Marco Barulli is inviting the community to grow what he started. Simple idea, great initiative. Well done.

Too kind! Who is going to join us in this adventure? Clipperz can certainly contribute its password manager to the AGPL Suite with, but who is next? I would love to hear from the smart guys that developed AJAX Chat …