Red Sweater T-Shirt

June 4th, 2014

I’m incredibly excited to announce that Red Sweater now has an official shirt, designed and illustrated by the brilliant Susie Ghahremani:

Red Sweater T-Shirt

As I write this, Apple is putting on WWDC, their developer’s conference in San Francisco. This has become a huge, annual tradition that attracts many thousands of brilliant people to a city that is already teeming with many brilliant natives. I try to make the journey every year, in part because it’s a fun time to socialize with old friends, but also because it’s an unparalleled opportunity to meet new people who inevitably change the course of Red Sweater’s progress for the better.

I can recall the occasion many years ago when I met the guys from Buy Olympia, Pat and Aaron, who impressed me with their story of running a full-fledged online store dedicated to highlighting artists’ work, while also developing an impressive array of Mac software for mailing and shipping. It must have been five or more years ago that I met them and they graciously offered to sell a shirt for Red Sweater if I ever wanted to do so.

I can also recall the first occasion I had to appreciate Susie Ghahremani’s art, which was unrelated to WWDC but also took place in San Francisco. It must have been around 2002 when I came across a delightful shirt in a shop called Otsu. I wore that shirt proudly and only realized years later that I could track down the designer and buy many of her other shirts as well. If you’ve ever met me in person, or seen a photograph of me, there’s a good chance I was wearing one of Susie’s shirts.

As luck would have it, I got to know Susie over the years through Twitter and because of a number of mutual friends. And as it turns out, Susie was also friends with the guys from Buy Olympia! We’re all friends! Isn’t that friendly?

So that catches us up to two years ago or so when Susie and I agreed we should collaborate on a Red Sweater t-shirt. I immediately told my wife something along the lines of “SUSIE GHAHREMANI IS MAKING A RED SWEATER SHIRT!” and then, as I do more often than I’d wish, I dropped the ball repeatedly on doing my part to make the dream come true. I chatted with Susie occasionally about how we should finally be making the shirt, but neglected to go the extra mile of talking to her about what the shirt should be and how she could proceed.

A couple months ago, Susie nudged me again about the project and I finally made the case for what I was looking for: a shirt that people would love and want to wear even if they didn’t know what “Red Sweater Software” was. I am so excited by the result: that cute bear with it’s cozy red sweater is exactly the kind of shirt I would have bought and wore proudly had I come across it in 2002. Now it’s exactly the kind of shirt I can wear proudly with the knowledge that, for those in the know, it’s also subtle branding for my Mac (and iOS!) software company. I hope that many of you who are fans of my work or Susie’s will also enjoy wearing the shirt!

Black Ink 1.6.1: Premium Puzzles

May 5th, 2014

Black Ink 1.6.1 is now available for download from the Black Ink home page and from the Mac App Store. This is a free update.

The big change in this release is addition of built-in support for downloading from two authenticated “premium” puzzle sources: The New York Times and the American Values Crossword. Black Ink does not offer subscription sales to these services, but for users who do have a subscription, Black Ink now supports entering your username and password to authorize automatic downloading of the source’s latest puzzle.

For a long time now many users have enjoyed direct downloads of the New York Times premium puzzle because of the happy coincidence that Black Ink and Safari could share the same web browser “cookies.” This meant that if you had logged in to your premium New York Times account via Safari, downloads of those puzzles (after configuring a custom puzzle source) would work automatically. That functionality was broken with Black Ink 1.6 as an unexpected side effect of security sandboxing: Black Ink can no longer access Safari’s cookies. With this update cookie sharing is no longer required for this functionality.

Complete list of changes:

  • New support for premium puzzle downloads from New York Times and American Values Club
  • Fix a bug where the puzzle chooser would appear upon launch even when already opening a document
  • Fix a crash that could sometimes occur while closing a puzzle

I hope these changes make Black Ink even more enjoyable for you puzzle lovers out there.

MarsEdit 3.6.4: Authentication & Bug Fixes

April 28th, 2014

MarsEdit 3.6.4 is available now from the MarsEdit home page, and has been submitted to the Mac App Store for review by Apple.

This release catches MarsEdit up with some recent security-related changes at both Tumblr and Flickr, as well as fixing a number of minor glitches and UI defects.

Tumblr users who have chosen to take advantage of the recently announced two-factor authentication support will want to update to this release to get authentication from MarsEdit working properly again. To connect from MarsEdit, just connect to your Tumblr settings page and click the option to “Generate mobile password.” Yes, this terminology is not the most accurate Tumblr could have possibly used. (Update May 2, 2014: Tumblr now calls them “app passwords” and alludes to other apps. Great improvement.)

TumblrMobilePass

Here is the complete list of changes for MarsEdit 3.6.4:

  • Fix a problem with Tumblr 2-factor “mobile” passwords
  • Update Flickr authentication to support new HTTPS API requirements
  • Fix to support relative URLs in the rich editor, loaded relative to the home page URL
  • Fix to prevent blank display of embedded YouTube videos lacking a URL scheme (http or https)
  • Fix to prevent preview window from reloading completely when a post’s title is edited
  • Fix a Voiceover issue that prevented contextual menus from appearing in the blogs and posts lists
  • Fix some cosmetic issues in the blog settings panel UI
  • Fix an issue where the main window showed up in an awkard position on first launch
  • Fix bugs that caused documents to sometimes show changes when there hadn’t been any

Enjoy!

Heartbleed Statement

April 13th, 2014

By now many people have heard about The Heartbleed Bug, last week’s internet-wide security issue based in a problem with the popular OpenSSL encryption libraries. I have put off making a public statement not because of ignorance about the bug but because I wasn’t sure it was appropriate or necessary. Over the past week I’ve become convinced that it’s a good idea for any affected company or site to fully disclose their exposure and response to the bug.

What was Red Sweater’s exposure?

Our only customer-facing service exposed via HTTPS is the Red Sweater Store, which was affected by the bug. In practice, this means that private customer data including credit card numbers as well as customer names, addresses, email addresses, could theoretically have been exposed to an attacker during the exposure window. Credit card numbers used in the purchase of Red Sweater products are never stored on Red Sweater servers, but are held in memory for a short time in the creation of encrypted transactions with PayPal, our credit card processor.

What was the exposure window?

Although the bug existed in OpenSSL for almost 3 years, I was somewhat lucky in that I had only updated the Red Sweater Store to an affected version of OpenSSL on March 6, 2014, about one month before the vulnerability was disclosed.

What was Red Sweater’s response?

While some larger services were apparently notified of the bug earlier, it was not shared with the public until Monday, April 7. Red Sweater’s secure server was updated with fixed software at around 3:30AM Pacific time on April 8. By 9:00AM Pacific, I had created a new private key for Red Sweater, reissued, and installed the updated certificates. From this point onward there is no known risk of exposure of any private customer data submitted to the Red Sweater Store.

What should customers do?

Theoretically, any affected site has been vulnerable to possible eavesdropping during the exposure window. Because the Red Sweater Store does not incorporate a password or cookie-based credentials system, there is nothing that needs proactive changing to limit further exposure. Because of the wide-reaching nature of this bug, I would advise all users of all web sites to be on guard about possible exposure of private information including credit card numbers. Because of the small exposure window and relatively low profile of Red Sweater, I think the risk to my customers on this site in particular is low.

If you have any questions at all about my response to the Heartbleed bug or to any other security issue, do not hesitate to contact me (Daniel Jalkut, founder of Red Sweater).