A few days ago, one of our users contacted us to let us know that the IBAN included in our donation page was not correct and did not allow to send us some money; we have now fixed that information, and while updating the site content, we can take the chance to provide also some insights on how the project is going.

Current situation

As our users should already know, our application has long been boringly reliable; this is due to a multitude of factors.

Reliable code

Clipperz application is quite reliable; the main concern at the moment is related to OTP functionality, that is not working for some users. The last message of the thread suggests how to replicate the problem, but unfortunately we didn’t manage to take the time required to look into it carefully, yet.

Reliable infrastructure

Clipperz has been using Joyent infrastructure from the very beginning (by heart I would say late 2006).

And we are really happy customers; our application just runs, and it only occasionally needs a reboot to restore its full efficiency.

As the reboot process takes about 30 seconds, and we have to trigger it about once a year, we really have no meaningful incentives to understand the root cause of the problem.

Very few updates

Our public commit history speaks by itself. This may be seen –negatively– as a indicator of a stale project; or –positively– as an indicator of a mature and complete service.

We do have a lot of ideas on how to improve our application, but the current code base (evolved from the original code started in 2006) has reached its limits; its structure and complexity has reached a point where we do not feel confident making further meaningful changes in an effective way.

Financial solidity

Since 2017, Imola Informatica is providing both the financial resources and accounting support required to keep the service online.

It helps that Clipperz itself does requires very few resources to run; these include both the bill of the hosting facility, and the sysadmin time to keep everything running.

Future plans

We are looking for ways to boost the project, but in ways that do preserve its original and founding principles.

People at Imola Informatica are always looking for projects fit for some collaboration with Clipperz, but the constraints we do value are not an easy match with general industry expectations/requirements.

The new introduction of GDPR legislation in Europe though, may provide an unexected support for the kind of approach Clipperz has always had regarding how to take care of users’ data.

In the meanwhile, we have started experimenting with different tools (at the moment, mostly Purescript) in order to be able to code the next version of the application in a way that will provide more confidence in coding and modifying it, compared to what we have been able to achieve using plain JavaScript.

Boringly reliable; almost.

When dealing with security, boring is not that bad an attribute as it may otherwise sounds.

Clipperz has been running prettly smoothly lately, with some degradation of server-side performances we haven’t solved yet, but that is not so bad to negatively impact regular use of our application. stats

Nonetheless, from time to time some hiccups happen also to our smoothly running service; and last Sunday morning was such a time.

We do monitor our service (as you can tell from the graph above), but we do not have automatic alerts to notify us about issues. Last Sunday I was made aware of Clipperz not working by this tweet:

@Clipperz Are there any issues with Clipperz right now? Can’t seem to login. “Login Failed”

Admittedly, it is not very funny to receive a message about your service not working while having breakfast on a Sunday morning.

Even if Clipperz is a free service and we do provide a way for our users to access their own data even when our service down, we don’t like to let anyone down; expecially becasue we know how important the data save on Clipperz may be, as we use Clipperz daily ourselves and we feel the pain when it lets you down.

I quickly finished my breakfast and opened up my computer. I had to “eat our own dog food”, as I had to resort to an offline-copy of Clipperz own account in order to retrieve all the credentials required to enter into our systems. Fortunately the problem was fixed by a simple reboot; half an hour after the first tweet was sent, the service was regularly online again.

After having verified that the service was fully working, I looked into Clipperz’s email accounts and online forum to check if other people had been affected by the outage. Indeed I found a few messages by people concerned about the integrity of their own accounts, as the application was not completely offline, but was instead misbehaving reporting any login attempt as failed.

This was the first message I stumbled upon:

Dear Clipperz developers,

I’ve been using Clipperz successfully in the last six years. I simply love it!

It’s quite amazing that you can offer such a great service with nearly zero technical issues for free. I never tried to contact you in the past since there was simply no need to. It always worked magically. […]

Now, last Sunday was off to a bad start, but messages like this are a great way to restore the mood.

Designing Clipperz we have always been very careful to avoid leaking any information about our users identity; we don’t even know (nor can verify) what usernames are being used. This means that we can’t have any interaction with our users, unless someone decides to write us; but this usually only happens when something goes wrong and –being the service quite reliable– this is not very often.

Clipperz reloaded

Clipperz is now re-focusing on beeing a great free password manager; in order to focus better on these goals, Blockchain related features (certificates) have been removed from the application.

Blockchain notarization features are now part of Marco newly incorportated venture and his shares in the company have been acquired by Imola Informatica.

Imola Informatica has been following Clipperz activities since the very beginning (Giulio Cesare has also been a former employee) and has always shared Clipperz core values and vision about privacy and security.

With its support, Imola Informatica wants to push forward the availability of privacy-respecting tools to everybody.

Clipperz is now managed by a board composed by Filippo Bosi (president) and Giulio Cesare Solaroli (vice-president).

A brand new Clipperz!

Clipperz was launched on April 2007 and since then not much changed in the design of its user interface. We’ve been continuosly improving the underlying crypto and the application logic to make Clipperz faster and more reliable. But we never touched that 2007 look.
Well, today we are happy and proud to announce a brand new design along with several new features you’ve been waiting for so long.

new adaptive Clipperz interface

New team member

We’re excited to announce a great addition to the Clipperz team: Dario Chiappetta. As an experienced software engineer, Dario will add more coding power to Clipperz. Looking forward to your commits! :)

Dario Chiappetta

New faster server

Starting from today, the main Clipperz server is located in Amsterdam. At the same time we are keeping a backup server in Reykjavík where data are mirrored.
Why this redundant setup? To get the best of both worlds: an hyperconnected data center on mainland Europe, combined with the protection offered by Icelandic legal system.

(Image from SubmarineCableMap.com)

Clipperz is hiring a developer

We are looking for a developer interested in working on the Clipperz UI and, most notably, to become a full-time employee and a relevant shareholder in the company.

Help wanted

Web crypto: moving forward

I really appreciated Tim Bray’s post “Trusting browser code”. His pragmatism resonated with me and Giulio Cesare. At Clipperz we’ve been dealing with the issue of secure Javascript code delivery since 2006, but this is still an open issue that is eventually attracting the attention of some bright minds.
This post is an effort to reaching out to the small community of people interested in web crypto in order to share ideas and perspectives.

Tim Bray
(Photo of Tim Bray from AndroidGuys)