Using Kerika for a subset of your Google Apps domain

We had a couple of users write in this week, saying that they were having trouble re-authorizing Kerika for their Google Apps domain following our recent upgrade to OAuth 2.0.

In both cases, it turned out that the Google Apps Admin had previously authorized Kerika only for a subset of their Google Apps domains, i.e. for an Organizational Unit (OU).

Even when the OU has been set up to override the master settings of the domain, Google seems to be giving us an error (specifically, our server is told by Google’s authorization server that “domain policy checking failed” — this is the check that we do to see if the Google Apps domain is authorized.)

The simple fix is to authorize Kerika for the entire domain rather than a subset of users.

Naturally, our users wonder if this means they need to license all of the users registered within their entire Google Apps domain: the short answer is “No” — you need to license only those people who are actually using Kerika.

So, don’t worry about getting stuck with a big bill simply because you authorized the use of Kerika within a large Google Apps domain: all you are doing is making it easy for your colleagues to try out Kerika.

If they try out Kerika and like it, we can talk about licensing then…

No, not Shellshocked

The announcement by CERT yesterday that there is a vulnerability in the Bourne Shell (more commonly known as “bash”) wasn’t great news for anyone running any variant of Unix, which includes Linux and MacOS.

Linux is very widely used for modern Web servers, particularly those running on Amazon Web Serviceslike Kerika does.

There are a number of variants of Linux out there, which makes things a little harder whenever a vulnerability is announced: you have to make sure your particular variant of Linux is patched quickly.

Luckily, this problem was fixed as fast as the notorious Heartbleed bug: within a couple of hours of the report of Shellshock, Amazon and Google (and, most likely, every other cloud services provider out there) started installing patches, and so the Software-as-a-Service (SaaS) world got back into good shape very quickly.

In our own case, we use Ubuntu Linux, and they were equally swift in issuing a patch for Shellshock which we installed yesterday.

On a side-note, we are less enthusiastic about Apple’s announcement that “the vast majority of users are not at risk“.

That’s true only in a literal sense: the vast majority of Mac users don’t ever use the Terminal program to access the shell, and a lot of permissions on Macs are locked down by default (and most users never bother exploring all their administrative privileges).

But, in a practical sense this bland statement from Apple understates the actual risk faced by Mac users: a significant majority of startups use Mac for their software development, which means a critical set of Mac users are still sitting exposed!

The sooner Apple fixes this bug, the better is will be for the startup world.

How to install Kerika on a Google Apps Domain

Since our last released, when we upgraded our integration with Google Apps Marketplace to use the OAuth 2.0 protocol, a number of folks have written in to ask about how they should install and authorize Kerika for their premium Google domains (i.e. Google Apps for Business, Google Apps for Nonprofits, etc.)

Here’s a step-by-step guide for the Google Apps Administrator in your organization:

First, login to with your Google ID. Your screen will look like this:

Google Admin Console
Google Admin Console

On the right side of the screen, you will see a link for Google Apps Marketplace, in the area marked Tools:

Go to Google Apps Marketplace
Go to Google Apps Marketplace

When you click on the “Google Apps Marketplace” link, you will be presented with a search box that looks like this:

Searching for Kerika
Searching for Kerika

Type in “Kerika” in the search area, and you will find us!

Adding Kerika
Adding Kerika

Once Kerika shows up, click on the blue “Install App” button:

Installing Kerika
Installing Kerika

Click on the blue Continue button, and you will be asked to authorize Kerika for your Google Apps domain:

Authorizing Kerika
Authorizing Kerika

And that’s it! Your final confirmation message will show:

All Done
All Done

And at this point Kerika will have been authorized for your entire Google Apps domain. Individual users will be able to sign up without going through any of this hassle.

If you have any difficulties or questions with this, please email us at

Presenting at OFM’s Fall Forum last week

Ben Vaught, from the Washington State Office of the CIO, and I had the pleasure of presenting at the state’s Office of Financial Management’s Fall Forum last week, held over two days at the Thurston County Fairgrounds in Olympia.

Ben talked about the use of visual processes as part of the Washington Business One Stop initiative he has been working on for a while, and towards the end of his talk he showed some pictures of the WIKISPEED garage in Lynnwood, where I first met Ben and Michael DeAngelo, Deputy CIO for the state.

My talk was supposed to have been on Visual Management in government and administrative processes, but seeing pictures of the old WIKISPEED garage, which used to be covered with stickies on all walls (including the massive garage doors!) before the team adopted Kerika to knit together their global community of volunteers, was a wonderful throwback moment!

When it came to my turn, in addition to showing the use of Kerika for cross-agency GIS projects, such as those led by Joy Paulus, I was also able to show examples of Kerika in use by Sherri Hrubi, Danica Ersland and Melissa Wideman, who all work together in OFM’s HR Division.

Several other people presented, including Irene Hill and her design team from the Department of Licensing, Howard Cox from the Department of Enterprise Services, and Eric Gardner from OFM’s Forecasting Division.

Google was flaky for 2 hours today!

Between the hours of 9AM and 11AM PST, Google’s authentication service — which we used to sign in users of Kerika+Google — kept having problems that affected people at random.

It was a tough morning for us, dealing with the flood of “504 System Timeout” errors coming back from Google, and feeling helpless that we couldn’t provide the kind of high-quality user experience that is at the core of the Kerika brand.

The problems finally went away by themselves, but a total of 31 Kerika users were affected and we are reaching out to each of them individually to apologize for the inconvenience, and explain what happened.

This is one of those situations where Kerika cannot do anything to fix the problem: if you signed up as a Kerika+Google user, when you try to login to Kerika you are automatically redirected to Google’s authentication service, which then comes back to Kerika to give us your identity information.

Then, we use the identity information to log you into the correct Kerika account.

Normally, all this happens really fast: you click on the Sign In button at Kerika, Kerika redirects your browser to Google, Google responds immediately, and within a couple of seconds you are logged into Kerika.

It all happens so fast and smoothly, 99.999% of the time, that most people are completely unaware that their browser was even redirected to Google in the first place — it’s something you might notice only if you have a very slow WiFi connection, and you are paying close attention to your browser’s status bar.

But every once in a while, Google won’t respond when you get redirected there by Kerika. In that case we retry again several times, and then finally Kerika does a “timeout”: it gives up.

(This problem has happened before, and as software developers ourselves, we are, of course, very sympathetic to other software companies that experience occasional bugs and hiccups, but Google can be irksome in their lack of transparency.)

This happens so infrequently that we didn’t really have any special code in place to tell users why they were not able to login, but that’s going to change starting tomorrow: if Google’s servers are not responding fast enough, we will show a special page to the user explaining what’s happening, so they understand the situation better.


Google has been flaky all morning

Between 9AM and 11AM Pacific Standard Time, Google’s authentication service threw up about about 60 errors, which gave many of our users a rough ride.

The problem was that Google’s authentication servers were timing out repeatedly, showing errors like this:

Request URL:
Request Method: GET
Status Code: 504 Gateway Timeout

There isn’t anything we can do in this situation to help our Kerika+Google users, unfortunately, since Google’s authentication service needs to be up and running in order to log in to Kerika.

The silver lining in this cloud, for now, is that this is a relatively rare occurrence.

More screen space to work with, in the “Max Canvas” mode

Kerika has had a “Max Canvas” mode for a while: if you click on the green square button at the top of a task board, your view of the board would expand to take up the full browser space:

Max Canvas button
Max Canvas button

This was handy when you wanted to work on just one board: your view of that board filled up the available browser space, and you weren’t distracted by the rest of the Kerika “chrome” (i.e. the application’s menus and buttons).

What we found, however, is that most of our users work on several boards at the same time: they have boards that they created for themselves, e.g. personal Kanban Boards, as well as Kanban and Scrum Boards that their colleagues had created.

So, in reality, most people need to achieve several goals simultaneously:

  • They need to be able to have a Max Canvas view that maximized their view of a board.
  • They need to be able to switch quickly from one board to another.
  • They need to know when there are new (unread) updates on boards that they are not currently viewing.

To make all of this possible at the same time, we have improved our Max Canvas view, by adding a button that makes it easy to switch between different boards (including your Home Board):

New Max Canvas view
New Max Canvas view

To the left of the Max Canvas button is a new Tab Switch button: clicking on it shows you a list of all the currently open Kerika boards, and this lets you quickly switch to another board without having to leave the Max Canvas view.

New Max Canvas view
New Max Canvas view

This view is smart: if a board has unread updates, it’s entry shows up in orange, consistent with how we let you know that you have unread updates anywhere in Kerika.

And if a board has overdue cards, it’s entry shows up in red, as with “Sprint 43″ in the example shown above.

The Max Canvas view also has a Search button built into it, so you can do searches without existing the Max Canvas view:

Search in Max Canvas view
Search in Max Canvas view

All of this makes the Max Canvas view of Kerika much more useful than it was before, and it’s all part of our grand strategy to make Kerika more useful on iPads!

A more elegant way of coloring cards

With our newest update to Kerika, we have introduced a more elegant way to show colors on cards.

The old method we employed filled in the top of each card with a selected color (which was white, by default). Here’s an example:

Old style of colors
Old style of colors

There were a couple of design problems with our old approach:

  • It severely limited the palette of colors we could use, to a small handful of light pastels. Anything darker would make it difficult to read the card’s titles.

And, to be blunt, it was excessive: the colors tended to dominate the board’s view, to the point of being distracting.

Our new design is more subtle: it lets you see the colors without calling too much attention to them:

New styling for colored cards
New styling for colored cards

Now, the colors appear in a “dog-eared” style, which gets them out of the way while still making it easy to see if a card is colored.

This new approach will also make it easy for us to add more color choices in the future and, in particular, to add darker and more vibrant shades, since we will no longer have to worry about having sufficient contrast with black text overlaying the colors.

Our newest version: tablet improvements, Google Apps Marketplace upgrade

Our newest update to Kerika serves up a rather long list of changes; the two big areas for improvement were:

  • We have updated our integration with Google Apps Marketplace to use OAuth 2.0, since Google is retiring its OAuth 1.0 implementation.
  • We have made a bunch of improvements for using Kerika on iPads, with the Safari or Chrome browsers.  (We still need to work on Android tablets, which, unfortunately, present too much variety…)

The OAuth 2.0 upgrade and iPad improvements are described in previous posts; here we want to highlight some of the other changes and improvements we made with this new version:

In addition to being less distracting, this new design will enable us to expand the palette of colors we can offer: the old design restricted us to only the lighter pastel colors.

New styling for colored cards
New styling for colored cards


  • We have redesigned our “Max Canvas” view so that it provides the most useful display, when you need the most space available to view a large board. In particular, you can now access Search even when you are in the Max Canvas view.We have improved security, by implementing secure cookies.
  • We added some subtle animation effects to improve usability. (So subtle, in fact, that you might not even notice them if you are an existing Kerika user, which is just what we want.)

In terms of infrastructure and other under-the-hood improvements, we have expanded our use of JUnit automated tests and done a bunch of bugs fixes, as usual.

There’s a lot of improvements being done on Kerika, and at a very fast rate. Make sure you subscribe to our blog to keep up!