Hire Tim

Tim Mitra avatar

A few people have asked about hiring me on contract. So I put together this post:

I am and independent developer and designer working in iOS and web technologies. I have been involved in many app deployments on the AppStore, as the main idea guy or architect of apps; doing client work and some personal apps. Collectively we had over 500K downloads over the last 5 years, which I think it’s better than most. My background is in the graphic arts, print and publishing, and the IT work involved in those trades. However I have always made stuff and consider myself a solutions provider – my unique ability.

While I do wrangle developers, writers and artists, I spend the majority of my time actually writing code and assembling the apps. I am also the person who deals with the actual submission to the AppStore. So I can start an app from pen and paper sketches all the way to the App Store and analytics. While doing so I make stops to assemble copy, create graphics & UX, write the code, assemble the apps, localization, distribute the builds, wrangle git & branches, write server APIs, product management, as well as marketing and promotions. Soup to nuts as any indie IOS developer should be (and hiring out help on big projects).

I am located in Toronto Canada, where I try to run a small development company. I teach introductory courses on iOS development. I write for raywenderlich.com and I founded and host the More Than Just Code podcast.

Tim

resume and references available on request.

Types of SSL certificates

SSL Certificates are available in a number of different configurations, with differing features depending on the needs of the purchaser deploying the certificate.

Validation types

Domain-validated certificates: SSL Certificates for domains ensure that the domain has been authenticated by a recognized certificate provider. Visitors to the site can click on the seal to verify that the certificate is still valid, giving site visitors extra peace of mind.
Organization-validated certificates: When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure.
Extended Validation (EV) certificates: With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).
Wildcard option

Wildcard certificates: A wildcard SSL Certificate helps enable SSL encryption on multiple sub-domains using a single certificate as long as the domains are controlled by the same organization and share the same second-level domain name. For example, a Wildcard certificate issued to Company ABC using the Common Name (“*.CompanyABC.com”) may be used to secure subdomains like login.companyabc.com, payment.companyabc.com and support.companyabc.com.
Code Signing

Code Signing certificates: When customers want to download applications online, install plug-ins and add-ins, and interact with sophisticated Web-based applications, a code signing certificate is a digital signature that identifies the company responsible for the code and confirms that the code has not been modified since the signature was applied.
Site Seals

Site Seals are static or dynamic images that can be placed on SSL secured websites that allows visitors to tell at a glance that they can trust who they are dealing with, that the online site is validated and that they can transact safely and securely. Each of the three brands of SSL Certificates offer different site seals:
VeriSign Secured Seal is available with all VeriSign-branded SSL certificates for installation on pages secured with a VeriSign SSL Certificate. Customers not only see the trust mark, they can click the seal and verify the site in real time. More than any other trust mark, 79% of U.S. online shoppers are familiar with the VeriSign Secured Seal. More information.
GeoTrust True Site Seal is available with every GeoTrust SSL Certificate and shows web site visitors that their information is protected. The GeoTrust True Site Seal can be added to home pages, buy pages, log-ins or any other page on your authenticated site where visitors need to verify a web site. Depending on the certificate, True Site Seals are either dynamic or static and may contain further information about the identity of the certificate owner. More information.
thawte Trusted Site Seal is a dynamic image appearing on websites secured with thawte SSL certificates allowing visitors to tell at a glance that they can trust the site, that the online site is validated and that they can transact safely and securely. More information.

Wireless security in brief

Q. I want to set up a wireless network and my friend tells me all he needs to do is hide the network or use the machine address. Somehow that doesn’t seem very secure, is that all he needs to do?

A. You are correct to be suspicious of this advice. As wireless networks have evolved several progressively better encryption methods have become available. You should be aware of the various choices there are for security – you can have no encryption, light encryption with protocols such as WEP, or more sophisticated encryptions such as WPA2 PSK or Personal and WPA2 Enterprise.

If you choose to have a wireless network, also known as WiFi, you can have an open network by not employing any security, then anyone within range of your network can use your WiFi connection. This is not really a good idea as you don’t know who is connected to your network and what they’re doing.
Every WiFi network is made up of a couple things; a broadcast name, or SSID, and a wireless access point such as Apple Base Station and the protocol to support the various devices that will connect to the network.

When a WiFi lap top or smartphone comes in range of a network it discovers a network by the SSID or name that is “broadcast” by the access point. If the name of a network is not broadcast then the user wishing to connect to the network has to manually enter in the name of the network. However the name of the network is actually broadcast within the packets so with software downloaded off the Internet a user can easily find the name of the network.

You can also use the machine address to restrict which devices are able to connect. Unfortunately the machine address is also broadcast in the packets and the address can be “spoofed” easily with software. Additionally WEP is also easily hacked the software off the Internet because it is a pretty weak protocol. It’s actually consists of eight characters find which are basically declaring that its WEP and in the rest is the password. So again within about 20 minutes someone that can discover everything they need to get onto the network.
WPA and WPA2 are more sophisticated protocols and consist of 128 bit keys. All of the information transmitted is encrypted. There is a “pre-shared key” that is part of connection. As a 128 bit key it would take trillions of years to decode the password. WPA2 Personal uses a password only and WPA2 Enterprise is a more sophisticated version of authentication, and consists of a certificate authentication method.

So the bottom line is you should use the best security your equipment can support. Preferably WPA2 Personal for a few computers and WPA2 Enterprise for many computers.

Beware poor online security practices.

Please beware of web sites that do not securely save user passwords. As a web developer myself I am surprised at how often user login information is not securely managed and is sent by email over the Internet in plain text.

One such web site is the new Ontario Electronic Stewardship – Steward Registration web site (www.ontarioelectronicstewardship.ca). Make sure that if you register on such a web site that you do not use a password that you can afford to lose. When I registered, they sent me an email “for my records” and in plain text it contained my account number, my email address and the password that I had registered with. I immediately fired off a notice to them – suggesting they review their policies – but I am shocked that an agency that will be collect fees have LITTLE regard for PRIVACY!

If you are a web developer or if you are hiring a web developer PLEASE make sure that your registered subscribers information is securely maintained and protected.

Web sites to beware of (as of date):
boldstreet.com (August 2008)
ontarioelectronicstewardship.ca (March 2008)
http://rth-mh.com – Roy Thompson Hall/Massey Hall
spamarrest.com

Sending outside email inside Rogers

Q. When we have guests on our network they have trouble of sending mail. We are with Rogers and the messages go out but they don’t get delivered. What could be wrong?

A. A few years ago Rogers and Yahoo joined forces so they could manage mail services together using Yahoo’s mail servers. While this benefits the services involved in managing e-mail and spam filtering, it resulted in some new rules and restrictions.

Early in the days of the Internet users were much more friendly and could be trusted on wide scale basis. Since most users on Internet could be trusted security on the systems was much looser and most mail servers could accept and relay e-mail to other users. As the Internet grew more and more nefarious types started to take advantage of this trust. Spammers soon found out this loose policy could be taken advantage of. A server that would accept mail from any e-mail address became known as an open relay.

It is estimated that 90% of all e-mail traffic is actually Spam. These days most mail servers block e-mail from domain names that are not registered among their users. So when a strange e-mail lands on the mail server it is often checked against lists of known spammers or simply refused out right. The latter is becoming the more often chosen protocol and users are now finding that their e-mail is not reaching the intended recipient. Some mail administrators maintain white lists of valid e-mail addresses but this is proved to be a huge task to manage.

If you’re trying to send e-mail via a Rogers/Yahoo you must be using a Rogers e-mail account otherwise you have to add the outgoing e-mail address to your accepted users list. Go to http://mail.yahoo.com and login with your Rogers e-mail account and password. Once you’re logged in click on the ‘Mail’ link in the top right corner. Next click on the “Options” link. You should see a place where you can add an e-mail account. Enter your guest’s or other non-Rogers e-mail address and press the “Add” button, you can skip the next screen and at the bottom you’ll find a validation code. At the same time Rogers/Jack who will send an e-mail to that address. However you can copy the code and simply paste it into the dialog screen and press validate.

When complete you will see the outgoing e-mail address listed and you will be able to send outgoing e-mail from within the Rogers network. It is annoying extra set of steps but you can’t blame Rogers for wanting to protect its clients from the barrage of unwanted mail.

More added June 16, 2009

************************************

Dear Customer,

This is an important reminder about upcoming security enhancements that will require you to make some adjustments to your e-mail settings in your Rogers Yahoo! Mail (Webmail) options.

According to our records you use an alternate e-mail address in the “From” line of your messages. As a result of upcoming security enhancements starting on April 3rd, you will need to make a change to your e-mail settings so you can continue to send messages from this alternate e-mail address.

If you have already updated your e-mail settings in your Rogers Yahoo! Mail (Webmail) options, there’s no need to take further action.

If you have not completed the steps below, it is very important that you update your e-mail settings prior to April 3rd so you can continue to send messages from your alternate e-mail address.

This change should take under 5 minutes to complete. You simply need to:
Sign-in to your Rogers Yahoo! Mail (Webmail) account
Add the e-mail address(es) that you typically use in the “From” field of your e-mail messages to your “Mail Profile”
To get detailed, step-by-step instructions on how to make this quick change, visit:
http://www.rogershelp.com/verify-email.

We are pleased to continually deliver a safe and reliable Internet experience to you.

Sincerely,
Rogers Hi-Speed Internet Technical Support

************************************