Docstoc

Backlog

Document Sample
Backlog Powered By Docstoc
					                                                      	
  
Task management software for the Internet, iPhone, and desktop

                      By Allen Pasch
                Advised by Dr. Franz Kurfess

                        March, 2011
                                        Task management software for the Internet, iPhone, and desktop


Table	
  of	
  Contents	
  
Abstract	
                                                                                           4	
  

Overview	
                                                                                           5	
  

	
        Problem	
                                                                                  5	
  

	
        Solution	
                                                                                 5	
  

	
        My	
  Approach	
                                                                           5	
  

	
        Another	
  Approach:	
  HTML5	
                                                            6	
  

	
        Project	
  Scope	
                                                                         6	
  

Existing	
  Software	
                                                                               7	
  

	
        Things	
                                                                                   7	
  

	
        Toodledo	
                                                                                 7	
  

	
        Remember	
  The	
  Milk	
                                                                  8	
  

Design	
                                                                                             9	
  

	
        Synchronization	
                                                                          9	
  

	
        Task	
  List	
                                                                           10	
  

	
        Task	
  Edit	
                                                                           11	
  

Technologies	
                                                                                     12	
  

	
        EC2	
                                                                                    12	
  

	
        RDS	
                                                                                    13	
  

Implementation	
                                                                                   14	
  

	
        Sudoku	
  Breaker	
                                                                      14	
  

	
        Backlog	
  Development	
                                                                 14	
  

Usability	
  Testing	
                                                                             15	
  

	
        Test	
  Structure	
                                                                      15	
  

                                                                                                     2	
  
                                           Task management software for the Internet, iPhone, and desktop


	
        Feedback	
                                                                                  16	
  

	
        Improvements	
                                                                              16	
  

Lessons	
  Learned	
                                                                                  17	
  

	
        Objective-­‐C	
                                                                             17	
  

	
        Unicode	
  Support	
                                                                        17	
  

Results	
                                                                                             18	
  

	
        Completed	
  Work	
                                                                         18	
  

	
        General	
  Opinion	
                                                                        18	
  

Future	
  Work	
                                                                                      19	
  

	
        Features	
  Galore	
                                                                        19	
  

	
        App	
  Store	
  Submission	
                                                                19	
  

	
        Security	
                                                                                  20	
  

Bibliography	
                                                                                        21	
  

Appendix	
  A:	
  REST	
  Service	
                                                                   22	
  

	
        Authentication	
                                                                            22	
  

	
        Making	
  Changes	
                                                                         23	
  

	
        Synchronization	
                                                                           24	
  

	
        Skipping	
  Synchronization	
                                                               25	
  

	
        Error	
  Handling	
                                                                         26	
  

Appendix	
  B:	
  Usability	
  Test	
                                                                 27	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                        3	
  
                                                    Task management software for the Internet, iPhone, and desktop


Abstract	
  
	
  
The	
  goal	
  of	
  this	
  project	
  is	
  to	
  create	
  easy	
  to	
  use	
  and	
  time-­‐effective	
  software	
  that	
  helps	
  users	
  
track	
  tasks	
  wherever	
  they	
  go.	
  To	
  accomplish	
  this,	
  a	
  website,	
  iPhone	
  app,	
  desktop	
  client,	
  and	
  
synchronization	
  system	
  is	
  created.	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                                       4	
  
                                                    Task management software for the Internet, iPhone, and desktop


Overview	
  
	
  
Problem	
  
People	
  work	
  on	
  a	
  variety	
  of	
  tasks.	
  Some	
  tasks	
  need	
  to	
  be	
  done:	
  
         • At	
  a	
  certain	
  time.	
  
         • By	
  a	
  certain	
  time.	
  
         • Whenever	
  there	
  is	
  time.	
  
         • When	
  there’s	
  money.	
  
         • By	
  someone	
  else.	
  
         • With	
  someone	
  else.	
  
         • Before	
  something	
  else.	
  
	
  
Yet,	
  task	
  management	
  solutions	
  normally	
  concentrate	
  on	
  specific	
  types	
  of	
  tasks:	
  
         • Calendars	
  contain	
  tasks	
  that	
  should	
  be	
  done	
  at	
  or	
  by	
  certain	
  times.	
  
         • Notes	
  contain	
  tasks	
  that	
  should	
  be	
  done	
  whenever	
  there	
  is	
  time.	
  
	
  	
  
Also,	
  people	
  need	
  to	
  keep	
  track	
  of	
  tasks	
  while	
  they	
  aren’t	
  in	
  front	
  of	
  a	
  computer	
  and	
  don’t	
  have	
  
Internet	
  access.	
  However,	
  most	
  task	
  management	
  software	
  requires	
  either	
  a	
  computer	
  or	
  the	
  
Internet.	
  
	
  
Solution	
  
The	
  solution	
  is	
  software	
  that	
  can	
  be	
  used:	
  
     • Offline	
  on	
  a	
  mobile	
  device.	
  
     • To	
  manage	
  all	
  sorts	
  of	
  tasks.	
  
     • To	
  collaborate	
  with	
  others.	
  
	
  
Further,	
  users	
  shouldn’t	
  be	
  restricted	
  to	
  a	
  single	
  mobile	
  platform.	
  Otherwise,	
  collaboration	
  
wouldn’t	
  be	
  practical.	
  For	
  example,	
  a	
  group	
  in	
  a	
  software	
  engineering	
  class	
  may	
  want	
  to	
  use	
  a	
  
task	
  management	
  tool,	
  but	
  it’s	
  unlikely	
  that	
  every	
  member	
  would	
  own	
  the	
  same	
  phone.	
  So,	
  the	
  
solution	
  must	
  be	
  accessible	
  from	
  multiple	
  platforms.	
  
	
  
My	
  Approach	
  
My	
  approach	
  is	
  to	
  develop:	
  
     • Native	
  clients	
  for	
  various	
  mobile	
  devices.	
  
     • A	
  website.	
  
             o This	
  allows	
  the	
  software	
  to	
  be	
  used	
  on	
  an	
  unsupported	
  mobile	
  device.	
  
     • A	
  desktop	
  client	
  that	
  runs	
  on	
  multiple	
  operating	
  systems.	
  
             o This	
  allows	
  the	
  software	
  to	
  be	
  used	
  offline	
  without	
  a	
  supported	
  mobile	
  device.	
  
     • A	
  web	
  service	
  that	
  synchronizes	
  the	
  mobile	
  clients,	
  website,	
  and	
  desktop	
  client.	
  
	
  
	
  

                                                                                                                                                       5	
  
                                                    Task management software for the Internet, iPhone, and desktop


Another	
  Approach:	
  HTML5	
  
When	
  I	
  began	
  this	
  project,	
  I	
  assumed	
  that	
  a	
  native	
  client—like	
  an	
  iPhone	
  app	
  or	
  a	
  desktop	
  
client—was	
  the	
  only	
  way	
  to	
  provide	
  offline	
  task	
  management.	
  I	
  was	
  wrong:	
  HTML5	
  provides	
  
another	
  way.	
  
	
  
HTML5	
  allows	
  websites	
  to	
  store	
  data	
  on	
  a	
  client’s	
  device.	
  Using	
  this	
  storage,	
  Backlog	
  could	
  
cache	
  tasks	
  and	
  synchronize	
  in	
  the	
  same	
  way	
  that	
  the	
  iPhone	
  app	
  and	
  Java	
  client	
  do.	
  If	
  I	
  built	
  
Backlog	
  with	
  HTML5,	
  it	
  would	
  look	
  like	
  the	
  picture	
  in	
  Figure	
  1.	
  
	
  
Advantages	
                                                                                                                 Figure 1:	
  
                                                                                                                             How Backlog might
HTML5	
  has	
  the	
  following	
  advantages	
  over	
                                                                     look if it were built
native	
  clients:	
                                                                                                         with HTML5.
         • Only	
  one	
  platform	
  needs	
  to	
  be	
  
           designed,	
  developed,	
  and	
  maintained.	
  
         • Clients	
  receive	
  software	
  updates	
  the	
  
           next	
  time	
  they	
  connect.	
  
	
  
Disadvantages	
  
HTML5	
  has	
  the	
  following	
  disadvantages:	
  
         • A	
  user	
  has	
  to	
  visit	
  the	
  website	
  to	
  see	
  
           pending	
  events.	
  
         • Updates	
  may	
  cause	
  unsynchronized	
  
           tasks	
  to	
  be	
  lost.	
  
         • Browsers	
  have	
  not	
  yet	
  settled	
  on	
  a	
                                                       	
  
           single	
  storage	
  mechanism.	
  
	
  	
  
Project	
  Scope	
  
A	
  comprehensive	
  task	
  management	
  solution	
  with	
  support	
  for	
  multiple	
  devices,	
  synchronization,	
  
and	
  group	
  collaboration	
  would	
  take	
  a	
  lot	
  longer	
  than	
  one	
  quarter	
  to	
  implement.	
  So,	
  this	
  project	
  
concentrates	
  on	
  developing:	
  
       • A	
  stable,	
  scalable	
  synchronization	
  system.	
  
       • A	
  website,	
  iPhone	
  app,	
  and	
  desktop	
  client.	
  
       • The	
  minimum	
  number	
  of	
  features	
  necessary	
  for	
  a	
  user	
  to	
  track	
  tasks	
  that	
  are	
  done:	
  
                o At	
  a	
  certain	
  time.	
  
                o By	
  a	
  certain	
  time.	
  
                o Whenever	
  there	
  is	
  time.	
  
                o When	
  there’s	
  money.	
  
       • The	
  ability	
  to	
  add	
  group	
  collaboration,	
  task	
  dependencies,	
  and	
  additional	
  features.	
  
	
  
This	
  project	
  also	
  creates	
  an	
  end-­‐to-­‐end	
  solution.	
  As	
  such,	
  it	
  acts	
  as	
  a	
  proof	
  of	
  concept	
  that	
  the	
  
product	
  can	
  be	
  implemented	
  at	
  every	
  level.	
  
	
  


                                                                                                                                                         6	
  
                                            Task management software for the Internet, iPhone, and desktop


Existing	
  Software	
  
	
  
Things	
  
Things—shown	
  in	
  Figure	
  2—is	
  the	
  most	
  popular	
  paid	
  task	
  management	
  software	
  in	
  the	
  iTunes	
  
App	
  Store.	
  Things	
  is	
  made	
  for	
  Mac	
  OS	
  X,	
  the	
  iPad,	
  
and	
  the	
  iPhone.	
                                                                                   Figure 2:	
  
                                                                                                          The Next list on the
	
                                                                                                        iPhone version of
The	
  Mac	
  client	
  can	
  sync	
  with	
  an	
  iPad	
  or	
  iPhone.	
                              Things. [1]	
  
However,	
  Macs	
  cannot	
  sync	
  with	
  each	
  other,	
  and	
  
mobile	
  devices	
  cannot	
  sync	
  with	
  each	
  other.	
  
	
  
Collaboration	
  is	
  limited	
  to	
  a	
  feature	
  that	
  allows	
  a	
  
user	
  to	
  e-­‐mail	
  a	
  teammate.	
  
	
  
Even	
  with	
  collaboration	
  improvements,	
  Things	
  
may	
  not	
  be	
  useful	
  in	
  groups	
  with	
  members	
  who	
  
own	
  neither	
  an	
  iPhone,	
  iPod,	
  iPad,	
  nor	
  Mac.	
                                   	
  
	
  
Toodledo	
  
Toodledo—shown	
  in	
  Figure	
  3—is	
  a	
  powerful	
  task	
  management	
  solution	
  designed	
  for	
  the	
  
Getting	
  Things	
  Done	
  method.	
  There	
  is	
  a	
  website,	
  
mobile-­‐friendly	
  website,	
  and	
  iPhone	
  app.	
                                            Figure 3:	
  
                                                                                                    The tasks list on the
	
                                                                                                  iPhone version of
Toodledo	
  has	
  a	
  stable	
  synchronization	
  system	
                                       Toodledo. [2]	
  
and—among	
  other	
  things—allows	
  users	
  to:	
  
     • Collaborate	
  with	
  each	
  other.	
  
     • Edit	
  tasks	
  without	
  leaving	
  the	
  task	
  list.	
  
     • Print	
  foldable	
  to-­‐do	
  list	
  booklets.	
  
     • Receive	
  reminders	
  by	
  SMS	
  or	
  e-­‐mail.	
  
	
  
Unfortunately,	
  Toodledo	
  is	
  much	
  more	
  difficult	
  to	
  
use	
  than	
  Things	
  or	
  Remember	
  The	
  Milk.	
  
                                                                                                          	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                 7	
  
                                                 Task management software for the Internet, iPhone, and desktop


Remember	
  The	
  Milk	
  
Remember	
  The	
  Milk	
  (RTM)—shown	
  in	
  Figure	
  4—is	
  a	
  task	
  management	
  solution	
  with	
  over	
  one	
  
million	
  users.	
  There	
  is	
  a:	
  
        • Website.	
                                                                                                             Figure 4:	
  
                                                                                                                                 The Today list on
        • Mobile-­‐friendly	
  website.	
                                                                                        the iPhone version
        • Android	
  app.	
                                                                                                      of Remember The
        • iPhone	
  app.	
                                                                                                       Milk. [3]	
  
        • Sidebar	
  for	
  Gmail,	
  Google	
  Calendar,	
  and	
  
               iGoogle.	
  
	
  
Also,	
  tasks	
  can	
  be	
  added	
  by	
  sending	
  RTM	
  an	
  
e-­‐mail	
  or	
  a	
  message	
  on	
  Twitter.	
  Further,	
  RTM	
  
synchronizes	
  with:	
  
        • Microsoft	
  Outlook.	
  
        • Blackberry’s	
  built-­‐in	
  Tasks	
  application.	
  
        • Windows	
  Mobile’s	
  built-­‐in	
  Tasks	
  software.	
                                                         	
  
	
  
Synchronization	
  issues	
  account	
  for	
  the	
  majority	
  of	
  RTM’s	
  negative	
  feedback.	
  The	
  root	
  of	
  the	
  
problem	
  appears	
  to	
  be	
  that	
  they	
  created	
  different	
  synchronization	
  mechanisms	
  for	
  every	
  client.	
  
But,	
  they’re	
  working	
  on	
  a	
  unified	
  synchronization	
  system,	
  so	
  these	
  problems	
  should	
  disappear.	
  
	
  
I	
  didn’t	
  run	
  into	
  RTM	
  until	
  the	
  fourth	
  week	
  of	
  the	
  quarter.	
  Otherwise,	
  I	
  may	
  have	
  decided	
  
against	
  this	
  project.	
  RTM	
  accomplishes	
  everything	
  I	
  described	
  in	
  the	
  Solution	
  section.	
  Plus,	
  they	
  
did	
  it	
  three	
  years	
  before	
  I	
  started.	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  



                                                                                                                                                8	
  
                                                      Task management software for the Internet, iPhone, and desktop


Design	
  
	
  
Synchronization	
  
Clients	
  synchronize	
  with	
  a	
  REST	
  web	
  service.	
  The	
  web	
  service	
  is	
  located	
  at	
  api.backlog.me.	
  
Example	
  calls	
  are	
  provided	
  in	
  Appendix	
  A:	
  REST	
  Service.	
  
	
  
Attributes	
  
There	
  are	
  two	
  types	
  of	
  attributes:	
  
           • Attributes	
  associated	
  with	
  a	
  task—including	
  the	
  task’s	
  name,	
  priority,	
  and	
  start	
  time.	
  
           • Attributes	
  associated	
  with	
  a	
  user—including	
  the	
  user’s	
  preferred	
  currency.	
  
	
  
Versions	
  
Whenever	
  an	
  attribute	
  is	
  received	
  by	
  the	
  web	
  service,	
  it	
  receives	
  a	
  version.	
  Clients	
  are	
  
responsible	
  for	
  knowing	
  what	
  version	
  of	
  an	
  attribute	
  they	
  have.	
  When	
  a	
  client	
  modifies	
  an	
  
attribute,	
  they	
  tell	
  the	
  web	
  service	
  which	
  version	
  of	
  the	
  attribute	
  they	
  had	
  before	
  it	
  was	
  
modified	
  and	
  when	
  it	
  was	
  modified.	
  
	
  
Merging	
  
If	
  there	
  is	
  no	
  modification	
  time	
  passed	
  to	
  the	
  server,	
  then	
  the	
  server	
  considers	
  the	
  modified	
  
attribute	
  the	
  newest	
  version.	
  Otherwise,	
  the	
  server	
  uses	
  a	
  combination	
  of	
  the	
  modification	
  
time	
  and	
  previous	
  attribute	
  version	
  to	
  predict	
  whether	
  the	
  value	
  is	
  the	
  newest	
  version.	
  
	
  
Specifically,	
  the	
  provided	
  attribute	
  is	
  the	
  newest	
  if,	
  and	
  only	
  if,	
  one	
  of	
  the	
  following	
  is	
  true:	
  
           • No	
  modification	
  time	
  is	
  passed	
  to	
  the	
  server.	
  
           • The	
  previous	
  attribute	
  version	
  stored	
  by	
  the	
  client	
  is	
  the	
  newest	
  version	
  on	
  the	
  server.	
  
           • The	
  attribute	
  was	
  modified	
  after	
  the	
  newest	
  version	
  on	
  the	
  server.	
  
                      o The	
  modification	
  time	
  of	
  each	
  attribute	
  is	
  bounded	
  between	
  the	
  time	
  the	
  
                            previous	
  version	
  was	
  sent	
  to	
  the	
  web	
  service	
  and	
  the	
  time	
  it	
  was	
  sent	
  to	
  the	
  web	
  
                            service	
  to	
  minimize	
  timing	
  issues.	
  
	
  
Keys	
  
REST	
  clients	
  are	
  responsible	
  for	
  registering	
  and	
  retaining	
  a	
  unique	
  database	
  ID	
  for	
  every	
  user.	
  
Further,	
  for	
  every	
  database	
  ID,	
  clients	
  are	
  responsible	
  for	
  creating	
  unique	
  keys.	
  These	
  keys	
  are	
  
passed	
  to	
  the	
  REST	
  service	
  whenever	
  a	
  new	
  task	
  is	
  added	
  or	
  attributes	
  are	
  modified.	
  
	
  
If	
  a	
  task	
  already	
  exists	
  with	
  the	
  same	
  database	
  ID	
  and	
  key,	
  then	
  Backlog	
  will	
  automatically	
  
merge	
  the	
  two	
  tasks.	
  Likewise,	
  if	
  modifications	
  already	
  exist	
  with	
  the	
  same	
  database	
  ID	
  and	
  key,	
  
then	
  Backlog	
  will	
  attempt	
  to	
  merge	
  the	
  modifications.	
  This	
  prevents	
  duplicate	
  tasks,	
  task	
  
dependencies,	
  and	
  notes.	
  
	
  
	
  
	
  

                                                                                                                                                             9	
  
                                                                Task management software for the Internet, iPhone, and desktop


Task	
  List	
  
Users	
  can	
  view	
  their	
  remaining	
  tasks	
  on	
  the	
  task	
  list.	
  The	
  website’s	
  task	
  list	
  has	
  five	
  columns—
as	
  shown	
  in	
  Figure	
  5—but	
  only	
  the	
  Task	
  Name,	
  Priority,	
  and	
  When	
  columns	
  are	
  shown	
  to	
  users	
  
on	
  mobile	
  devices.	
  
	
  
                                                                                                                                                     Figure 5:	
  
                                                                                                                                                     The task list on the
                                                                                                                                                     website version of
                                                                                                                                                     Backlog.	
  




                                                                                                                    	
  
The	
  iPhone	
  app	
  and	
  desktop	
  client	
  only	
  show	
  the	
  Task	
  Name	
  and	
  When	
  columns	
  in	
  the	
  task	
  
list—as	
  shown	
  in	
  Figure	
  6.	
  
	
                                                                                                                       Figure 6:	
  
                                                                                                                         The task list on the
The	
  website,	
  iPhone	
  app,	
  and	
  desktop	
  client	
  have	
                                                  iPhone version of
buttons	
  on	
  the	
  task	
  list	
  for	
  creating	
  a	
  new	
  task.	
                                           Backlog.	
  
Also,	
  clicking	
  on	
  a	
  task	
  in	
  the	
  list	
  allows	
  the	
  user	
  
to	
  edit	
  the	
  task.	
  
	
  
Further,	
  the	
  iPhone	
  app	
  and	
  desktop	
  client	
  have	
  
a	
  “Sync”	
  button	
  that	
  synchronizes	
  the	
  client	
  with	
  
the	
  REST	
  web	
  service.	
  
	
  
The	
  When	
  column	
  is	
  a	
  combination	
  of	
  the	
  Start	
  
Time	
  and	
  Finish	
  Time.	
  The	
  column	
  is	
  formatted	
                                           	
  
according	
  to	
  the	
  rules	
  in	
  the	
  table	
  below.	
  
	
  
“When”	
  Formatting	
  Rule	
                                                                                       Example	
  
Show	
  the	
  Start	
  if:	
                                                                                        Tomorrow	
  at	
  1:45pm	
  
1. The	
  Finish	
  doesn't	
  exist;	
  or	
  
2. The	
  Finish	
  is	
  before	
  the	
  Start	
  and	
  they	
  are	
  both	
  on	
  the	
  same	
  day.	
  
Show	
  the	
  Finish	
  if	
  the	
  Start	
  doesn’t	
  exist.	
                                                   by	
  Tomorrow	
  at	
  1:45pm	
  
Show	
  the	
  Start	
  and	
  Finish	
  if	
  they	
  are	
  on	
  different	
  days.	
                             Today	
  at	
  1:45pm	
  to	
  Tomorrow	
  at	
  1:45pm	
  
                                                                                                                     Today	
  to	
  Jan	
  1,	
  2011	
  
Show	
  Start	
  date	
  and	
  Finish	
  time	
  if	
  they	
  are	
  both	
  on	
  the	
  same	
  day	
  and	
     Today	
  until	
  1:46pm	
  
Start	
  has	
  no	
  time	
                                                                                         Tomorrow	
  until	
  1:45pm	
  
Show	
  the	
  Start	
  and	
  Finish	
  without	
  a	
  date	
  if	
  they	
  are	
  both	
  today.	
               1:45pm	
  to	
  1:46pm	
  
Show	
  the	
  date	
  separately	
  if	
  Start	
  and	
  Finish	
  are	
  on	
  the	
  same	
  day.	
              Tomorrow	
  from	
  1:45pm	
  to	
  1:46pm	
  
                                                                                                                     Dec	
  31,	
  2011	
  from	
  1:45pm	
  to	
  1:46pm	
  


                                                                                                                                                                             10	
  
                                               Task management software for the Internet, iPhone, and desktop


Task	
  Edit	
  
Tasks	
  are	
  added	
  and	
  modified	
  using	
  the	
  task	
  edit	
  view—as	
  shown	
  in	
  Figure	
  7.	
  
	
  
	
                                                                                                         Figure 7:	
  
                                                                                                           The task edit page on the
                                                                                                           website version of Backlog.	
  




                                                                                                          	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  



                                                                                                                                      11	
  
                                                  Task management software for the Internet, iPhone, and desktop


Technologies	
  
	
  
EC2	
  
This	
  project	
  is	
  my	
  first	
  experience	
  with	
  EC2—Amazon’s	
  Elastic	
  Compute	
  Cloud.	
  I	
  was	
  expecting	
  
EC2	
  deployment	
  to	
  be	
  a	
  hurdle	
  in	
  my	
  project,	
  but	
  it	
  turned	
  out	
  to	
  be	
  really	
  easy.	
  
	
  
Cost	
  
The	
  website	
  and	
  REST	
  service	
  are	
  currently	
  running	
  on	
  a	
  micro	
  instance	
  in	
  EC2.	
  On	
  average,	
  this	
  
instance	
  costs	
  $14.61	
  a	
  month,	
  which	
  is	
  comparable	
  to	
  many	
  traditional	
  shared	
  web-­‐hosting	
  
services.	
  Yet,	
  the	
  website	
  runs	
  faster	
  and	
  is	
  more	
  secure	
  than	
  a	
  shared	
  web-­‐hosting	
  service.	
  
Further,	
  additional	
  servers	
  can	
  be	
  added	
  if	
  there’s	
  ever	
  a	
  need.	
  
	
  
Minimal	
  Install	
  
Amazon’s	
  minimal	
  install	
  Linux	
  AMI	
  isn’t	
  minimal	
  at	
  all.	
  There	
  are	
  many	
  non-­‐essential	
  
executables	
  that	
  are	
  set	
  to	
  automatically	
  run	
  as	
  root.	
  Further,	
  there	
  are	
  scattered	
  directories	
  
that	
  are	
  writable	
  by	
  anyone.	
  
	
  
To	
  audit	
  the	
  file	
  system,	
  I	
  ran	
  the	
  following	
  command:	
  
           sudo ls -1AlR / > filestructure.txt
	
  
Then,	
  I	
  removed	
  strings	
  from	
  filestructure.txt	
  matching	
  any	
  of	
  these	
  regular	
  expressions:	
  
       •   ^l.*\n
       •   ^total.*\n
       •   ^[-d][-r][-w][-x][-r]-[-x][-r]-[-x] .*\n
       •   ^/.*\n(\n|$)
       •   ^.{7}-{3} \d+ root root.*\n
       •   ^crw--w----.*\n
       •   \n/proc/\d+/.*\n([^\n]+\n)+
	
  
Finally,	
  I	
  went	
  through	
  the	
  remaining	
  list	
  and	
  changed	
  the	
  SETUID	
  and	
  write	
  permissions	
  on	
  
everything	
  that	
  wasn’t	
  necessary	
  for	
  running	
  Tomcat	
  and	
  SSH.	
  
	
  
A	
  Sweet	
  Use	
  
On	
  Linux	
  computers,	
  only	
  root	
  can	
  listen	
  to	
  port	
  80.	
  Yet,	
  I	
  wanted	
  to	
  run	
  Tomcat	
  with	
  limited	
  
privileges.	
  So,	
  I	
  decided	
  to	
  go	
  with	
  a	
  tool	
  called	
  ‘JSVC.’	
  Unfortunately,	
  setting	
  up	
  JSVC	
  requires	
  
compiling	
  C	
  source	
  code,	
  and	
  installing	
  a	
  compiler	
  on	
  a	
  production	
  server	
  is	
  a	
  security	
  no-­‐no.	
  
	
  
So,	
  I	
  created	
  a	
  copy	
  of	
  the	
  EC2	
  instance	
  named	
  ‘backlog-­‐gcc’	
  in	
  the	
  AWS	
  (Amazon	
  Web	
  Services)	
  
Console.	
  Then,	
  I	
  installed	
  GCC	
  on	
  backlog-­‐gcc,	
  compiled	
  JSVC,	
  and	
  copied	
  the	
  compiled	
  
executable	
  over	
  to	
  the	
  production	
  server.	
  
	
  
	
  
	
  
	
  

                                                                                                                                               12	
  
                                                  Task management software for the Internet, iPhone, and desktop


RDS	
  
This	
  project	
  is	
  also	
  my	
  first	
  experience	
  with	
  RDS—Amazon’s	
  Relational	
  Database	
  Service.	
  Like	
  
EC2,	
  RDS	
  was	
  incredibly	
  easy	
  to	
  setup	
  and	
  start	
  using.	
  
	
  
Features	
  
RDS	
  users	
  can:	
  
     • Backup	
  the	
  database	
  automatically.	
  They	
  just	
  specify	
  when	
  the	
  backups	
  should	
  happen.	
  
     • Easily	
  add	
  read	
  instances	
  and	
  Multi-­‐AZ	
  failovers.	
  
     • Add	
  up	
  to	
  one	
  terabyte	
  of	
  storage	
  without	
  taking	
  the	
  server	
  offline.	
  
     • Upgrade	
  to	
  a	
  faster	
  server.	
  
                 o The	
  server	
  will	
  be	
  go	
  offline,	
  but	
  a	
  Multi-­‐AZ	
  deployment	
  will	
  prevent	
  an	
  outage.	
  
     • Rollback	
  the	
  database	
  to	
  an	
  arbitrary	
  time.	
  
	
  
Cost	
  
Unlike	
  EC2,	
  RDS	
  is	
  expensive	
  for	
  a	
  small	
  website.	
  On	
  average,	
  the	
  smallest	
  database	
  instance	
  
costs	
  $80.36	
  a	
  month.	
  With	
  a	
  Multi-­‐AZ	
  deployment	
  for	
  enhanced	
  durability,	
  the	
  cost	
  is	
  doubled.	
  
	
  
Further,	
  with	
  a	
  very	
  light	
  load	
  queries	
  run	
  faster	
  when	
  the	
  database	
  and	
  web	
  server	
  are	
  on	
  the	
  
same	
  machine.	
  So,	
  RDS	
  isn’t	
  worth	
  it	
  for	
  websites	
  that	
  don’t	
  receive	
  much	
  traffic.	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                                13	
  
                                                     Task management software for the Internet, iPhone, and desktop


Implementation	
  
	
  
Sudoku	
  Breaker	
  
This	
  quarter	
  was	
  my	
  first	
  time	
  programming	
  in	
  Objective-­‐C.	
  Rather	
  than	
  making	
  Backlog	
  my	
  first	
  
iPhone	
  app,	
  I	
  decided	
  to	
  give	
  myself	
  a	
  warm-­‐up	
  challenge.	
  So,	
  I	
  started	
  this	
  project	
  by	
  writing	
  
an	
  iPhone	
  app	
  named	
  ‘Sudoku	
  Breaker’—shown	
  in	
  Figure	
  8—that	
  solves	
  Sudoku	
  games	
  as	
  the	
  
user	
  types	
  in	
  the	
  puzzle.	
  
	
                                                                                                                                Figure 8:	
  
                                                                                                                                  Sudoku Breaker
When	
  there’s	
  more	
  than	
  one	
  way	
  to	
                                                                             being used to solve
solve	
  the	
  puzzle,	
  the	
  user	
  can	
  click	
  the	
                                                                   a game of Sudoku.	
  
“Solve”	
  button,	
  which	
  uses	
  a	
  genetic	
  
algorithm	
  to	
  find	
  an	
  available	
  solution.	
  
	
  
Results	
  
Sudoku	
  Breaker	
  revealed	
  a	
  bug	
  with	
  my	
  
job	
  scheduling	
  code	
  that	
  I	
  wouldn’t	
  have	
  
found	
  had	
  Backlog	
  been	
  my	
  first	
  iPhone	
  
app.	
  Namely,	
  iPhone	
  apps	
  can	
  crash	
  if	
  
child	
  views	
  are	
  added	
  or	
  removed	
  while	
  
the	
  view	
  is	
  being	
  concurrently	
  repainted.	
  
Since	
  Sudoku	
  Breaker	
  constantly	
  adds	
  
and	
  removes	
  child	
  views,	
  this	
  problem	
  
became	
  especially	
  apparent.	
  Yet,	
  the	
  
same	
  bug	
  in	
  Backlog	
  could	
  take	
  ages	
  to	
                                                                	
  
discover	
  and	
  track	
  down.	
  
	
  
Backlog	
  Development	
  
After	
  Sudoku	
  Breaker	
  was	
  finished	
  and	
  the	
  synchronization	
  system	
  was	
  planned	
  out,	
  I	
  wrote	
  a	
  
Java-­‐based	
  desktop	
  client,	
  then	
  a	
  website,	
  and	
  finally	
  an	
  iPhone	
  app.	
  
	
  
A	
  Better	
  Order	
  
Creating	
  a	
  user	
  interface	
  in	
  Swing	
  was	
  harder	
  than	
  it	
  was	
  for	
  the	
  website	
  or	
  for	
  the	
  iPhone;	
  and	
  
no	
  matter	
  how	
  hard	
  one	
  tries,	
  Swing	
  always	
  looks	
  worse	
  than	
  the	
  other	
  two.	
  On	
  the	
  other	
  
hand,	
  creating	
  a	
  user	
  interface	
  for	
  the	
  iPhone	
  is	
  fast	
  and	
  easy.	
  So,	
  I	
  would	
  have	
  saved	
  a	
  lot	
  of	
  
time	
  and	
  effort	
  if	
  I	
  started	
  with	
  an	
  iPhone	
  app	
  and	
  later	
  tried	
  to	
  imitate	
  that	
  app	
  on	
  a	
  website	
  
and	
  desktop	
  client.	
  
	
  
	
  
	
  
	
  
	
  
	
  

                                                                                                                                                         14	
  
                                                      Task management software for the Internet, iPhone, and desktop


Usability	
  Testing	
  
	
  
Test	
  Structure	
  
I	
  ran	
  two	
  waves	
  of	
  usability	
  tests.	
  Tests	
  were	
  done	
  in	
  person,	
  over	
  the	
  phone,	
  or	
  with	
  an	
  online	
  
survey.	
  The	
  online	
  survey	
  is	
  shown	
  in	
  Figure	
  9,	
  and	
  the	
  full	
  test	
  is	
  in	
  Appendix	
  B:	
  Usability	
  Test.	
  
	
  
                                                                                                                       	
  
                                                                                                                       Figure 9:	
  
                                                                                                                       A usability test for Backlog
                                                                                                                       created with Google Docs.




                                                                                                                        	
  
	
  
The	
  test	
  is	
  a	
  series	
  of	
  four	
  simple	
  tasks	
  that	
  simulate	
  what	
  a	
  real	
  user	
  might	
  do.	
  After	
  each	
  task,	
  
the	
  user	
  is	
  asked	
  one	
  to	
  two	
  quantitative	
  questions	
  followed	
  by	
  an	
  open-­‐ended	
  question.	
  As	
  the	
  
test	
  progresses,	
  the	
  open-­‐ended	
  questions	
  become	
  more	
  difficult.	
  
	
  
The	
  quantitative	
  questions	
  show	
  usability	
  improvements	
  over	
  time.	
  Meanwhile,	
  the	
  open-­‐
ended	
  questions	
  highlight	
  areas	
  for	
  improvement.	
  Late	
  questions	
  are	
  made	
  harder	
  under	
  the	
  
assumption	
  that	
  users	
  get	
  more	
  creative	
  as	
  they	
  go	
  through	
  the	
  test.	
  
	
  


                                                                                                                                                           15	
  
                                                          Task management software for the Internet, iPhone, and desktop

Leading	
  
To	
  make	
  the	
  test	
  more	
  realistic,	
  it’s	
  important	
  to	
  avoid	
  leading	
  the	
  participant	
  to	
  the	
  answer.	
  To	
  
this	
  end,	
  questions	
  in	
  the	
  test	
  use	
  words	
  that	
  are	
  not	
  visible	
  on	
  the	
  website.	
  For	
  example,	
  
‘notes’	
  is	
  used	
  to	
  describe	
  tasks	
  on	
  the	
  test,	
  but	
  ‘notes’	
  doesn’t	
  appear	
  on	
  the	
  website.	
  
	
  
Feedback	
  
The	
  table	
  below	
  shows	
  the	
  most	
  common	
  issues	
  from	
  the	
  first	
  wave	
  of	
  tests.	
  
	
  
Percent	
  of	
  Testers	
                                                                        Issue	
  
     59.6%	
                   The	
  attribute	
  names	
  are	
  confusing.	
  
     34.6%	
                   Completed	
  tasks	
  should	
  look	
  different	
  than	
  uncompleted	
  tasks.	
  
     28.8%	
                   The	
  homepage	
  should	
  have	
  a	
  “Login”	
  and	
  “Sign	
  Up”	
  link	
  instead	
  of	
  an	
  “Account”	
  link.	
  
     28.8%	
                   The	
  time	
  slider	
  is	
  hard	
  to	
  use.	
  
     26.9%	
                   Users	
  should	
  be	
  able	
  to	
  mark	
  tasks	
  as	
  completed	
  from	
  the	
  task	
  list.	
  
     21.2%	
                   Attributes	
  should	
  have	
  examples	
  or	
  explanations.	
  
      9.6%	
                   Registering	
  shouldn’t	
  go	
  to	
  the	
  “Add	
  Task”	
  page.	
  
      9.6%	
                   The	
  time	
  sliders	
  are	
  hard	
  to	
  see.	
  
      5.8%	
                   The	
  calendar	
  should	
  disappear	
  once	
  a	
  date	
  is	
  clicked.	
  
	
  
I	
  was	
  surprised	
  by	
  some	
  of	
  the	
  feedback.	
  I	
  didn’t	
  realize	
  people	
  would	
  have	
  problems	
  with	
  the	
  
attribute	
  names,	
  “Account”	
  link,	
  or	
  being	
  redirected	
  to	
  the	
  “Add	
  Task”	
  page	
  after	
  registering.	
  
	
  
Improvements	
  
After	
  the	
  first	
  wave	
  of	
  tests,	
  I	
  fixed	
  the	
  three	
  simplest	
  common	
  issues—highlighted	
  in	
  blue	
  in	
  
the	
  table	
  above—and	
  made	
  forms	
  highlight	
  fields	
  with	
  invalid	
  data.	
  Figure	
  10	
  shows	
  the	
  sign	
  up	
  
process	
  after	
  these	
  changes.	
                                                                                                      	
  


	
                                                                                                                   Figure 10:	
  
The	
  average	
  satisfaction	
  levels	
                                                                           Backlog’s registration
                                                                                                                     process after the first
increased,	
  as	
  shown	
  below.	
  
                                                                                                                     wave of usability
	
                                                                                                                   tests.	
  
Signing	
  up	
  is	
  easy.	
  
Disagree	
  Somewhat	
  →	
  Agree	
  
	
  
Creating	
  a	
  note	
  is	
  easy.	
  
Disagree	
  Somewhat	
  →	
  No	
  Opinion	
  
	
  
Creating	
  the	
  second	
  note	
  is	
  hard.	
  
Agree	
  Somewhat	
  →	
  Disagree	
  
	
  
Finding	
  a	
  note	
  is	
  easy.	
  
No	
  Opinion	
  →	
  Agree	
  
	
  
Changing	
  a	
  note	
  is	
  easy.	
                                                                          	
  
Agree	
  Somewhat	
  →	
  Agree	
  

                                                                                                                                                                   16	
  
                                                      Task management software for the Internet, iPhone, and desktop


Lessons	
  Learned	
  
	
  
Objective-­‐C	
  
Objective-­‐C	
  is	
  incredibly	
  easy	
  to	
  learn	
  for	
  someone	
  with	
  a	
  C	
  and	
  object-­‐oriented	
  programming	
  
background.	
  The	
  hardest	
  things	
  to	
  get	
  used	
  to	
  are:	
  
     • When	
  passing	
  a	
  message	
  to—calling	
  a	
  dynamically-­‐typed	
  method	
  of—an	
  object:	
  
             o Brackets	
  surround	
  the	
  message.	
  
             o The	
  message	
  includes	
  the	
  names	
  of	
  target	
  parameters.	
  
             o If	
  the	
  object	
  is	
  null,	
  nothing	
  happens.	
  
     • The	
  programmer	
  increments	
  and	
  decrements	
  the	
  reference	
  counts	
  of	
  objects.	
  
	
  
Unicode	
  Support	
  
Before	
  this	
  project	
  I	
  had	
  almost	
  no	
  experience	
  writing	
  software	
  that	
  handles	
  UTF-­‐8	
  encoding.	
  
So,	
  I	
  didn’t	
  know	
  when	
  or	
  where	
  to	
  specify	
  the	
  encoding.	
  Below	
  are	
  some	
  places	
  I	
  found	
  where	
  
the	
  encoding	
  must	
  be	
  specified.	
  
	
  
   Specify	
  encoding	
  when	
  you:	
                                             Example	
  Code:	
  
Connect	
  to	
  a	
  database	
  with	
  JDBC.	
    poolConfig.setJdbcUrl("jdbc:mysql://" + hostname +
                                                        “/” + databaseName + "?characterEncoding=UTF-8");
Send	
  email	
  with	
  the	
  JavaMail	
  API.	
   message.setHeader("Content-Type",
                                                        "text/plain; charset=\"utf-8\"");
                                                     message.setText(text, "UTF-8");
Digest	
  an	
  MD5	
  checksum.	
                   MessageDigest digest =
                                                        MessageDigest.getInstance("MD5");
                                                     return digest.digest(string.getBytes("UTF-8"));
Load	
  a	
  resource	
  bundle	
  from	
  a	
       Reader reader = new InputStreamReader(
properties	
  file.	
                                   new FileInputStream(languageFile), "UTF-8");
                                                     resourceBundle = new PropertyResourceBundle(reader);
Read	
  ServletRequest	
  parameters.	
              request.setCharacterEncoding("UTF-8");
Write	
  output	
  to	
  a	
  ServletResponse.	
   response.setContentType("text/xml; charset=UTF-8");
Print	
  an	
  HTML	
  page.	
                       <meta http-equiv="content-type"
                                                        content="text/html; charset=UTF-8"/>
Create	
  a	
  database	
  table.	
                  CREATE TABLE Attribute (
                                                        value VARCHAR(4096) NOT NULL
                                                     ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                                17	
  
                                                    Task management software for the Internet, iPhone, and desktop


Results	
  
	
  
Completed	
  Work	
  
During	
  this	
  project,	
  I	
  created	
  a	
  synchronization	
  system,	
  website,	
  iPhone	
  app,	
  and	
  desktop	
  client.	
  
I	
  also	
  went	
  through	
  two	
  rounds	
  of	
  usability	
  testing	
  and	
  built	
  the	
  foundation	
  for	
  a	
  
comprehensive	
  task	
  management	
  system.	
  
	
  
General	
  Opinion	
  
I	
  think	
  Backlog	
  needs	
  more	
  work	
  before	
  people	
  will	
  find	
  it	
  useful.	
  But,	
  I	
  consider	
  this	
  project	
  a	
  
huge	
  success!	
  
	
  
End-­‐to-­‐End	
  System	
  
This	
  project	
  created	
  an	
  end-­‐to-­‐end	
  system	
  encompassing	
  every	
  major	
  component	
  a	
  big	
  
software	
  system	
  would	
  have.	
  
	
  
Limited	
  Timeframe	
  
I	
  had	
  one	
  quarter	
  to	
  work	
  on	
  Backlog.	
  Things	
  has	
  ten	
  developers,	
  has	
  been	
  in	
  development	
  for	
  
more	
  than	
  three	
  years,	
  and	
  still	
  hasn’t	
  implemented	
  synchronization	
  properly!	
  
	
  
Learning	
  
During	
  this	
  project,	
  I	
  learned	
  how	
  to	
  use	
  EC2,	
  RDS,	
  Objective-­‐C,	
  UIKit,	
  the	
  Core	
  Graphics	
  
Framework,	
  Xcode,	
  usability	
  testing,	
  Unicode,	
  and	
  JQuery	
  UI.	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  

                                                                                                                                                      18	
  
                                                  Task management software for the Internet, iPhone, and desktop


Future	
  Work	
  
	
  
Features	
  Galore	
  
For	
  Backlog	
  to	
  be	
  useful	
  to	
  people,	
  it	
  needs	
  more	
  features	
  than	
  it	
  currently	
  supports.	
  
	
  
Features	
  that	
  should	
  be	
  added	
  include:	
  
      • A	
  calendar	
  view	
  of	
  tasks	
  
      • A	
  default	
  currency	
  
      • A	
  forgot	
  password	
  page	
  
      • Alerts	
  for	
  upcoming	
  tasks	
  
      • Customizable	
  priorities	
  
      • Dependencies	
  and	
  dependent	
  tasks	
  
      • Import	
  and	
  export	
  to	
  other	
  systems	
  
      • Notes	
  
      • Revision	
  history	
  
      • Task	
  filter	
  and	
  search	
  
      • The	
  ability	
  to	
  complete	
  tasks	
  from	
  the	
  task	
  list	
  
      • Collaboration	
  
	
  
App	
  Store	
  Submission	
  
Backlog	
  needs	
  to	
  be	
  submitted	
  to	
  the	
  Apple	
  App	
  Store.	
  
	
  
However,	
  the	
  following	
  must	
  be	
  completed	
  before	
  submission:	
  
     • Create	
  an	
  App	
  Store	
  page	
  for	
  Backlog.	
  
     • Add	
  help	
  for	
  iPhone	
  and	
  iPad	
  users	
  to	
  the	
  website.	
  
     • Update	
  the	
  Terms	
  of	
  Service	
  to	
  accommodate	
  agreements	
  made	
  by	
  the	
  App	
  Store.	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                       19	
  
                                                     Task management software for the Internet, iPhone, and desktop


Security	
  
	
  
HTTPS	
  Connections	
  
Backlog	
  does	
  not	
  currently	
  support	
  HTTPS	
  connections.	
  Thus,	
  users	
  are	
  vulnerable	
  to	
  network	
  
eavesdropping	
  and	
  man-­‐in-­‐the-­‐middle	
  attacks.	
  
	
  
To	
  prevent	
  these	
  attacks,	
  Backlog	
  needs	
  to	
  be	
  registered	
  with	
  a	
  certificate	
  authority	
  and	
  
configured	
  to	
  handle	
  HTTPS	
  connections.	
  
	
  
Cross-­‐Site	
  Request	
  Forgery	
  
Cross-­‐Site	
  Request	
  Forgery	
  (CSRF)	
  attacks	
  force	
  users	
  to	
  execute	
  actions	
  on	
  web	
  applications	
  by	
  
making	
  them	
  load	
  pages	
  that	
  perform	
  those	
  actions	
  [1].	
  Unfortunately,	
  the	
  Backlog	
  website	
  is	
  
currently	
  vulnerable	
  to	
  CSRF	
  attacks.	
  
	
  
Assume,	
  for	
  example,	
  that	
  a	
  logged-­‐in	
  user	
  visits	
  a	
  website	
  containing	
  the	
  following	
  HTML:	
  
	
  
1 <img src="http://www.backlog.me/task/newproc?name=You+got+hacked!&key=1337">
2 <img src="http://www.backlog.me/account/logout&setlocale=yar">
	
  
The	
  user	
  will:	
  	
  
     • Have	
  a	
  task	
  added	
  named	
  “You	
  got	
  hacked!”	
  
     • Have	
  his	
  or	
  her	
  language	
  changed	
  to	
  Pirate	
  Speak.	
  
     • Be	
  logged	
  out.	
  
	
  
After	
  logging	
  back	
  in	
  to	
  Backlog,	
  the	
  website	
  will	
  look	
  like	
  the	
  picture	
  in	
  Figure	
  11.	
  
	
  
                                                                                                                               	
  
                                                                                                                               Figure 11:	
  
                                                                                                                               The result of a CSRF
                                                                                                                               attack that added a
                                                                                                                               new task, changed the
                                                                                                                               language, and logged
                                                                                                                               the user out.




                                                                                                            	
  
	
  	
  
To	
  prevent	
  CSRF	
  attacks,	
  the	
  Backlog	
  website	
  needs	
  to	
  use	
  random	
  “challenge”	
  tokens,	
  as	
  
described	
  in	
  [2].	
  



                                                                                                                                                 20	
  
                                  Task management software for the Internet, iPhone, and desktop


Bibliography	
  
	
  
[1] “Things	
  for	
  iPhone	
  and	
  iPod	
  touch.”	
  Internet:	
  
     http://culturedcode.com/things/iphone/	
  [Mar.	
  12,	
  2011].	
  
[2] “Toodledo	
  on	
  the	
  iPhone	
  and	
  iPod	
  Touch.”	
  Internet:	
  
     http://www.toodledo.com/info/iphone.php	
  [Mar.	
  12,	
  2011].	
  
[3] “Remember	
  The	
  Milk	
  for	
  iPhone,	
  iPod	
  touch,	
  and	
  iPad.”	
  Internet:	
  
     http://itunes.apple.com/app/remember-­‐the-­‐milk/id293561396,	
  Aug.	
  26,	
  2010	
  
     [Mar.	
  12,	
  2011].	
  
[4] “Cross-­‐Site	
  Request	
  Forgery	
  (CSRF).”	
  Internet:	
  
     www.owasp.org/index.php/Cross-­‐Site_Request_Forgery_(CSRF),	
  
     Sept.	
  4,	
  2010	
  [Mar.	
  8,	
  2011].	
  
[5] “Cross-­‐Site	
  Request	
  Forgery	
  (CSRF)	
  Prevention	
  Cheat	
  Sheet.”	
  Internet:	
  
     www.owasp.org/index.php/Cross-­‐Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet,	
  
     Dec.	
  6,	
  2010	
  [Mar.	
  8,	
  2011].	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                 21	
  
                                                       Task management software for the Internet, iPhone, and desktop


Appendix	
  A:	
  REST	
  Service	
  
	
  
Authentication	
  
	
  
Sign	
  Up	
  
A	
  client	
  registers	
  a	
  new	
  account	
  with	
  the	
  Sign	
  Up	
  call.	
  
	
  
/signup?email=user@domain.ext&password=1234567890123456789012&dbname=myapp&timeout=3600	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <auth database="379">AZOebamxfcmCvVNAZX_yOWia</auth>
	
  
Create	
  Database	
  
A	
  client	
  registers	
  a	
  new	
  database	
  for	
  an	
  existing	
  account	
  with	
  the	
  Create	
  Database	
  call.	
  
	
  
Important:	
  A	
  client	
  should	
  only	
  use	
  the	
  Create	
  Database	
  call	
  the	
  first	
  time	
  a	
  user	
  logs	
  in.	
  All	
  
subsequent	
  logins	
  for	
  the	
  same	
  e-­‐mail	
  address	
  should	
  use	
  the	
  Login	
  call.	
  
	
  
/createdb?email=user@domain.ext&password=1234567890123456789012&dbname=myapp&timeout=3600	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <auth database="380">AZQfOMTJpjLpVEhiyUB4zW0x</auth>
	
  
Login	
  
A	
  client	
  logs	
  in	
  to	
  an	
  existing	
  account	
  and	
  database	
  with	
  the	
  Login	
  call.	
  
	
  
/login?email=user@domain.ext&password=1234567890123456789012&database=380&timeout=3600	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <auth>AZXKu3j1kSx2BbrKFijKPsQ0</auth>
	
  
Logout	
  
A	
  client	
  logs	
  out	
  with	
  the	
  Logout	
  call.	
  
	
  
/logout?auth=AZOebamxfcmCvVNAZX_yOWia	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <success/>
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                                         22	
  
                                                        Task management software for the Internet, iPhone, and desktop


Making	
  Changes	
  
	
  
Add	
  Task	
  
A	
  client	
  adds	
  a	
  new	
  task	
  with	
  the	
  Add	
  Task	
  call.	
  
	
  
/addtask	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <task auth="AZXKu3j1kSx2BbrKFijKPsQ0" key="1"
3      timestamp="2011-04-01T00:00:00.000">
4      <attribute name="name" ref="name-ref">Make Appointment</attribute>
5      <attribute name="priority" ref="priority-ref">4</attribute>
6 </task>
1 <?xml version="1.0" encoding="UTF-8"?>
2 <versions task="103">
3      <attribute ref="name-ref">1023</attribute>
4      <attribute ref="priority-ref">1024</attribute>
5 </versions>
	
  
Edit	
  Attributes	
  
A	
  client	
  edits	
  an	
  existing	
  task	
  or	
  a	
  user’s	
  preferences	
  with	
  the	
  Edit	
  Attributes	
  call.	
  
	
  
/edit	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <task auth="AZXKu3j1kSx2BbrKFijKPsQ0" key="2" task="103"
3         timestamp="2011-04-01T00:00:00.000">
4         <attribute name="name" ref="name-ref">Appointment</attribute>
5         <attribute name="priority" ref="priority-ref">3</attribute>
6 </task>
1 <?xml version="1.0" encoding="UTF-8"?>
2 <versions>
3         <attribute ref="name-ref">1025</attribute>
4         <attribute ref="priority-ref">1026</attribute>
5 </versions>
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                       23	
  
                                                  Task management software for the Internet, iPhone, and desktop


Synchronization	
  
	
  
Get	
  Updates	
  
A	
  client	
  receives	
  updates	
  with	
  the	
  Get	
  Updates	
  call.	
  
	
  
/updates?auth=AZXKu3j1kSx2BbrKFijKPsQ0	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <attributes more="false" version="1026">
3      <attribute name="name" task="103" version="1025">Appointment</attribute>
4      <attribute name="priority" task="103" version="1026">3</attribute>
5 </attributes>
	
  
/updates?auth=AZXKu3j1kSx2BbrKFijKPsQ0&version=1026	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <attributes more="false" version="1026"/>
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                             24	
  
                                                         Task management software for the Internet, iPhone, and desktop


Skipping	
  Synchronization	
  
	
  
Create	
  Key	
  	
  
A	
  client	
  can	
  create	
  a	
  key	
  with	
  the	
  Create	
  Key	
  call.	
  
	
  
Important:	
  Keys	
  generated	
  by	
  the	
  Create	
  Key	
  call	
  are	
  only	
  unique	
  compared	
  to	
  other	
  keys	
  
generated	
  by	
  the	
  same	
  call.	
  Therefore,	
  the	
  Create	
  Key	
  call	
  should	
  never	
  be	
  used	
  in	
  conjunction	
  
with	
  other	
  key	
  generating	
  mechanisms.	
  
	
  
/createkey	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <key>56833</key>
	
  
Get	
  Attributes	
  
A	
  client	
  can	
  retrieve	
  the	
  attributes	
  for	
  a	
  task	
  or	
  a	
  user’s	
  preferences	
  with	
  the	
  Get	
  Attributes	
  call.	
  
	
  
/get?auth=AZXKu3j1kSx2BbrKFijKPsQ0&task=103&max=10	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <attributes>
3      <attribute name="name" version="1025">Appointment</attribute>
4      <attribute name="priority" version="1026">3</attribute>
5 </attributes>
	
  
Search	
  
A	
  client	
  can	
  retrieve	
  a	
  list	
  of	
  tasks	
  with	
  the	
  Search	
  call.	
  
	
  
/search?auth=AZXKu3j1kSx2BbrKFijKPsQ0&max=10	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <results count="1">
3      <attributes task="103">
4          <attribute name="name" version="1025">Appointment</attribute>
5          <attribute name="priority" version="1026">3</attribute>
6      </attributes>
7 </results>
	
  
/search?auth=AZXKu3j1kSx2BbrKFijKPsQ0&max=10&start=1	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <results count="1"/>
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  


                                                                                                                                                       25	
  
                                                    Task management software for the Internet, iPhone, and desktop


Error	
  Handling	
  
The	
  server	
  returns	
  a	
  list	
  of	
  errors	
  when	
  a	
  call	
  cannot	
  be	
  processed.	
  
	
  
/signup	
  
1 <?xml version="1.0" encoding="UTF-8"?>
2 <errors>
3          <error code="required"
4             ref="dbname">A database name must be provided.</error>
5          <error code="required"
6             ref="email">An e-mail address must be provided.</error>
7          <error code="required"
8             ref="password">A password checksum must be provided.</error>
9 </errors>
	
  
Temporary	
  Issues	
  
Most	
  errors	
  indicate	
  that	
  a	
  call	
  will	
  fail	
  every	
  time	
  it’s	
  attempted.	
  However,	
  there	
  are	
  four	
  
exceptions,	
  as	
  shown	
  in	
  the	
  table	
  below.	
  
	
  
Reference	
              Code	
                                                       Description	
                               Temporary	
  
server            maintenance                       The server is down for maintenance.                                                  yes	
  
server            timed-out                         The server timed out. Please try again.                                              yes	
  
                                                    A 503 error occurred while processing
server              503-error
                                                    your request.                                                                   yes	
  
                                                    An internal error occurred on the
server              internal-error
                                                    server.                                                                      maybe	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  



                                                                                                                                              26	
  
                                               Task management software for the Internet, iPhone, and desktop


Appendix	
  B:	
  Usability	
  Test	
  
	
  
Sign	
  up	
  on	
  www.backlog.me.	
  Then,	
  respond	
  to	
  the	
  following	
  statement.	
  
	
  
Signing	
  up	
  is	
  easy.	
  
o Disagree	
  Strongly	
  
o Disagree	
  
o Disagree	
  Somewhat	
  
o No	
  Opinion	
  
o Agree	
  Somewhat	
  
o Agree	
  
o Agree	
  Strongly	
  
	
  
Why	
  did	
  you	
  answer	
  the	
  way	
  you	
  did?	
  
	
  
	
  
Create	
  a	
  note	
  to	
  yourself	
  on	
  Backlog	
  saying	
  when	
  you	
  need	
  to	
  pay	
  your	
  next	
  phone	
  bill.	
  
	
  
Then,	
  respond	
  to	
  the	
  following	
  statement.	
  
	
  
Creating	
  a	
  note	
  is	
  easy.	
  
o Disagree	
  Strongly	
  
o Disagree	
  
o Disagree	
  Somewhat	
  
o No	
  Opinion	
  
o Agree	
  Somewhat	
  
o Agree	
  
o Agree	
  Strongly	
  
	
  
What	
  took	
  the	
  most	
  time?	
  
	
  
	
  
Create	
  a	
  note	
  to	
  yourself	
  on	
  Backlog	
  saying	
  that	
  you	
  have	
  a	
  doctor's	
  appointment	
  between	
  1pm	
  
and	
  3pm	
  next	
  Monday	
  that	
  will	
  cost	
  you	
  $200.	
  
	
  
Then,	
  respond	
  to	
  the	
  following	
  statement.	
  
	
  
Creating	
  this	
  note	
  was	
  difficult.	
  
o Disagree	
  Strongly	
  
o Disagree	
  
o Disagree	
  Somewhat	
  
o No	
  Opinion	
  


                                                                                                                                        27	
  
                                                      Task management software for the Internet, iPhone, and desktop

o Agree	
  Somewhat	
  
o Agree	
  
o Agree	
  Strongly	
  
	
  
How	
  could	
  this	
  have	
  been	
  easier?	
  
	
  
	
  
Go	
  to	
  the	
  note	
  about	
  your	
  phone	
  bill,	
  and	
  say	
  that	
  you've	
  paid	
  it.	
  
	
  
Then,	
  respond	
  to	
  the	
  following	
  statements.	
  
	
  
Finding	
  a	
  note	
  is	
  easy.	
  
o Disagree	
  Strongly	
  
o Disagree	
  
o Disagree	
  Somewhat	
  
o No	
  Opinion	
  
o Agree	
  Somewhat	
  
o Agree	
  
o Agree	
  Strongly	
  
	
  
Changing	
  a	
  note	
  is	
  easy.	
  
o Disagree	
  Strongly	
  
o Disagree	
  
o Disagree	
  Somewhat	
  
o No	
  Opinion	
  
o Agree	
  Somewhat	
  
o Agree	
  
o Agree	
  Strongly	
  
	
  
How	
  could	
  this	
  have	
  been	
  easier?	
  
	
  
	
  
What	
  was	
  the	
  hardest	
  thing	
  to	
  do?	
  
o Sign	
  up.	
  
o Create	
  the	
  first	
  note.	
  
o Create	
  the	
  second	
  note.	
  
o Find	
  the	
  first	
  note.	
  
o Change	
  the	
  first	
  note.	
  




                                                                                                                 28