The wyDay blog is where you find all the latest news and tips about our existing products and new products to come.
wyDay is based in the United States and has customers from all over the globe, including in the European Union. This means that today is a big day. Why? The General Data Protection Regulation (GDPR) is now in full effect. I won’t bury the lede: we’re fully compliant with the GDPR.
For those who don’t know, or whose eyes glaze over at the sight of the word “regulation”, briefly, the GDPR can be best described as a new law that attempts to standardize scattershot regulations that various E.U. member states had thrown together over the years. Ultimately the goal of the GDPR is to protect user’s data (their names, information about them, including seemingly unimportant meta-data). And they way it does that is it gives “teeth” to the regulation in the form of big fines to any company that doesn’t adequately protect their customers data.
This is great news for users (everyone in the world). This means that the next company that experiences a major data breach will paying big for their under-staffing and lax security.
The only people grumbling about these new privacy regulations are companies that don’t want to invest time and money into securing their users data and companies that make money off of selling your data to 3rd parties. But make no mistake, the GDPR is great news for you as a person living in this modern world. Now we just need other countries to take similar steps.
The few extras — things we had planned on doing, but got pushed up due to GDPR coming into effect today — are better user-protections:
Secure 2-factor authentication (i.e. 2fa not using SMS)
Going the extra mile to ensure our customers are using secure passwords.
Most people that would end up on this blog are tech-savvy and already know what 2fa is. But, briefly, it can be described as a second code that you have to enter after you’ve already logged in with your username and password. This second code has, in the past, come from an SMS message to your cell phone. However, recent reporting (and even guidance from the NIST) has shown that sending a “security code,” or any form of 2fa, over unsecured mobile network is a bad idea.
If SMS is bad, then what do you use for two-factor authentication? Enter the Time-based One-time Password algorithm (a.k.a. that Authenticator program on your phone that spits out 6-digit codes).
We’ve very recently rolled out 2fa in LimeLM. And, in the coming weeks, we’ll add the extra security by letting you force your employees to use 2fa if they want to continue to login to your LimeLM account. Read all about it in our “Account security” LimeLM help article.
The next item in the list of making you more secure is actually verifying that your passwords are good. This is not an easy problem to solve. For decades now you might’ve seen “password security” gauges / meters that are shown when you enter your password into a new web app. Aaron Toponce on Twitter recently posted an example used on a real website:
These gauges are worse than useless: they don’t actually tell you if your password is secure and they might tell you that an actually-secure password is bad. The most favorable description I can give these “password meters” is they’re nice-looking pseudoscience. Unfortunately it’s not just toy web-apps that fall for that pseudoscience. Security “aware” companies are prone to garbage-science (those images above are take from Symantec’s Norton product — and it’s still using those bad password indicators at the time of this post).
I’m not alone in the conviction that these password meters are useless (see: Password Strength Indicators Help People Make Ill-Informed Choices or Why you can’t trust password strength meters).
Previously we didn’t care how long your password was. We just assumed customers would make good decisions and not use stupidly small password. Now, we enforce a minimum of 8 characters for passwords (as recommended by the NIST).
So if “password meters” are garbage, how do we ensure you use a good password and, similarly, how do we actually verify that you are who you say you are? Forcing longer passwords solves part of the problem. As does enabling two-factor authentication. But we’re also going a step further and checking if your password has been compromised in another data leak from another company. We’re doing this by using the fantastic data from “have I been pwned?”. This allows us to verify the password you’re using hasn’t already been compromised (or is so weak that a billion other people use it as their password).
All of these things together (plus the intrusion detection built into our back-end) ensure your data remains safe and secure.
– Wyatt O’Day
Founder & CEO of wyDay
On January 1st, 2018 we’re raising prices for all new customers and current customers of LimeLM. We’re also adding a “stepping stone” plan between the Plus and Premium plans (called the “Plus Plus” plan).
Here are the new prices:
|Plan name||Current price||New price|
|Max plan||$349 / month||$405 / month|
|Premium plan||$149 / month||$172 / month|
|Plus Plus plan (new plan)||N/A||$115 / month|
|Plus plan||$49 / month||$56 / month|
|Basic plan||$29 / month||$32 / month|
|Solo plan||$11 / month||$12 / month|
|Free plan||Free forever||Free forever|
We’re raising the prices because:
We want to develop and improve our products faster (this means hiring more programmers and support staff).
We want to fund this development with revenue rather than debt.
We haven’t touched the prices of LimeLM since we launched about a decade ago. Our new prices roughly match the inflation in the U.S. dollar.
Even with the new prices we’re significantly cheaper than our competitors. In fact, go on our serious competitors websites and try to find a price listed. They don’t. Instead you have to run through the gauntlet of sales-people until you get a price “customized” for your bank account (they’ll charge as much as they think you can afford).
A ton of stuff is coming.
A new product that you can use to manage TurboFloat Server instances is nearly finished. (It will be announced soon with a blog post)
A new LimeLM interface (mobile friendly and much more customizability) is coming.
Hosted instances of the TurboFloat Server are coming (and will be less expensive than running instances on typical cloud hosting).
And those are just the products we’ve talked about publicly. There are other products in the pipeline that all LimeLM customers will get as part of their subscription to LimeLM.
We’ve just released TurboActivate 4.0 and TurboFloat 4.0. With these new releases comes some huge improvements and features. Read on for details, or if you want to jump right in, get them on your API page; it’s free for all LimeLM customers (whether you’re on the free plan or one of our paying plans).
Probably the biggest visible feature of this release is the new verified trials functionality in TurboActivate. This means you can offer trials to your users that are verified with our servers, cryptographically-signed, and locked to that machine, all without having to give your customers a product key ahead of time.
What this means is that a potential customer can download your trial software from your website, and begin using the trial immediately. All of the “magic” of starting the trial for the machine, and making sure customer changes to the machine don’t “reset” the trial, are handled by TurboActivate and our proprietary computer-fingerprinting algorithm.
With our new no-click verified trials in TurboActivate 4.0, there’s no need to collect email addresses of customers. They can just start your app and TurboActivate & LimeLM will work behind the scenes to start (or resume) the trial of your app.
Another feature about our new no-click verified trials is the fact that the customer can’t reset them. Even if the customer completely wiped their hard drive, re-installed their operating system, and re-installed your app, the proprietary hardware-fingerprint algorithm in TurboActivate & LimeLM knows that the computer has already started the trial, and the user will continue exactly where they left off.
There are no limits to how many times you can extend the trials for potential customers.
One of the benefits of this new no-click verified trial system is the ability to track in real-time who is trying your app, how long they used the trial, and how many people are trying it.
All of the plans now have a verified trial limit based on the assumption that about 5% of trial users convert to be paying users. For example, the “Solo plan” (the $11/month plan) has a 300 activation limit, and a new 6,000 verified trial limit (meaning 6,000 different computers or devices can use the verified trial of your app).
Our hardware fingerprinting technology has gone through 4 major iterations (and countless minor iterations) over the past decade. This latest iteration is our best by far (and is a major leap over our last iteration). We’ve eliminated all known real-computer fingerprint false-positives and false-negatives on Windows, Mac OS X, and Linux.
We’ve put a lot of work and testing in this latest iteration to make sure your customers have a great experience using your app.
In previous versions of TurboActivate only a single thread in your app could use the library functions. Now any thread in your app can use the TurboActivate functions and TurboActivate internally handles the access controls.
All of our products now completely support IPv6, all while maintaining full compatibility with IPv4. This means you can use TurboActivate, TurboFloat, and LimeLM in any environment and know it “just works”.
TurboActivate and TurboFloat work with any programming language or scripting language. But we like to write example apps and help articles to speed along our customers’ development. The two newest examples added to the list are for TurboFloat: Delphi (7 and newer) and VBA (Visual Basic for Applications) for Windows and Mac OS X.
We dedicate a lot of time making online activation as fast as possible for the end-user. This means if we can trim off a millisecond here or a millisecond there we will. And we’ve been doing that steadily over the past year, making the speed of the activation about twice as fast as it was this time last year.
Also, we’ve significantly improved our throughput capability (meaning we can handle many, many more activations and verified trials per-second).
This is by no means the end of the line. We have a ton of speedups coming over the next year. The faster we make the activation and verified trials processes the happier your customers will be.
In addition to all of the new cool features, we’ve been chipping away at bugs. See the following links for a full list of features and fixes:
This year we’re making a whole slew of improvements to every one of our products. And we’ll be rolling them steadily. The next big update is coming to the LimeLM web interface. It’s old, it’s ugly, and it desperately needs some love. So that’s what we’re going to focus 100% of our concentration on over the coming months. And instead of rolling it out in one “big update”, we’ll roll it out gradually.