It was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors with cross-site scripting attacks. Today came news that an XSS vulnerability had been found in the RubyOnRails development framework – and that applications built on the framework, such as Twitter and Basecamp, were vulnerable to XSS attacks.
The vulnerability was discovered by Brian Masterbrook. He probed Twitter with some Unicode characters and found it vulnerable, tried the same thing on Basecamp and found it vulnerable, and then deduced that it must be a problem with RubyOnRails. He has an excellent and detailed write-up on his site about the process he went through. If you are running RubyOnRails anywhere, stop now and read his post as well as the security notice from the Rails developers and get your servers updated (the patch is in the notice, it will be in the release branch ‘today or tomorrow’).
Many professionals I know are not project managers by profession and yet most at some point or another have had the dubious pleasure of battling it out with a project management (PM) application—MS Project typically the nightmare of choice. It begins with lofty ideals of planning and running an organized project (for once). Yet what usually happens is that they end-up managing the project management tool, rather than have it manage the project. Granted, PM tools have made progress in recent years, with Basecamp from 37Signals leading the charge with a Web-based subscription model that sports a user-friendly interface. The fact remains though that there’s a long way to go before non-project managers can put a hand on their heart and claim that the benefits of using a PM tool outweigh its overhead.
This was that I had in mind when Israeli startup Clarizen approached me, explaining theirs is a project management and collaboration tool specifically aimed at non-project managers. There’s no question Clarizen is a latecomer to the space, but they seem to have the right ingredients: A fairly convenient interface, a smidgen of unique differentiation, and friendly pricing to boot—and $15M in funding doesn’t hurt either, of course.
Clarizen is making two great offers available for TechCrunch readers:
College students now have their own Yammer. Last week, Wiggio came out of beta with a new look and a slew of group messaging and group management features. For each private group that you create, Wiggio provides a Twitter-like message stream from all the group members. But it also includes a slew of other features such as a shared calendar, mass text and voice messaging, file-sharing (including online docs and spreadheets), polling, and more.
Many of these features can be found in other products such as Yammer, Basecamp, WizeHive, and Producteev. But Wiggio is a solid addition to the group messaging family, and it is already gaining some traction by targeting college students and their particular group dynamics (academic, extracurricular, social, committees, sports teams, music/dance, religious, charity, etc.). Wiggio, which has been in closed beta for a year, already has 45,000 users, about 80 percent of which are college students and faculty members.
Yammer definitely started something. The enterprise Twitter service has more competition today from Wizehive, a Web-based group messaging and task management service for businesses. WizeHive just launched in beta. We have 500 invites (just enter “TC2009″ when you sign up).
Although it is similar in many respects to Yammer, Present.ly (our review), Basecamp, Central Desktop, and even in some ways to Producteev (our review), WizeHive is a worthy competitor and adds a few twists of its own.
Web design and programming firm WeBreakStuff just released a new project planning suite, GoPlan, similar to Basecamp and ActiveCollab. You use this stuff when you want to get a team organized around accomplishing project milestones – a lightweight Microsoft Project with collaboration built right in.
The products have a lot of similarities. They’re all web based applications for managing your team projects. Both GoPlan and BaseCamp are hosted pay services made by staunch Ruby evangelists, while the more basic ActiveCollab is an open source PHP installation. GoPlan and BaseCamp prices range from free plans up to beefier pay plans (BaseCamp’s unlimited maxes out at $150/month, while GoPlan tops off at $100/month). Derek over at 5ThirtyOne has a detailed feature comparison of the three.
GoPlan’s project management tool offers modules for note-taking, calendaring (with iCal export), task management, issue tracking, file management and online real-time chat (optional SSL). BaseCamp has a lot of the same features, minus bug tracking and a public project blog. GoPlan has also approached project tracking with a different design methodology. GoPlan not only lets you choose features based on plan levels, but also turn them on and off as needed to keep navigation free of feature clutter.
GoPlan has also shot for a lower price point than BaseCamp (basic $20/$24; premium $100/$150), but with less file storage (GoPlan tops out at 8GB). Their free account gets you everything except calendaring and chat. However, for the paid accounts, GoPlan unlocks features faster. $10/month gives you all of GoPlan’s features for 12 projects of 8 people each. For an extra $20/month you get unlimited users, and 30 projects (twice BaseCamp).
For readers interested in real-time project collaboration, check out our comparison coverage of ConceptShare and Thinkature.
37 Signals’ announced a couple of new features yesterday and today for their popular (100,000 users claimed on home page) and useful Basecamp project management product.
First, Basecamp now hosts files directly on their servers without the need to set up your own FTP server. Files as large as 20 mb can be uploaded.
Second, Basecamp has created a basic affiliate program. If an affiliate pushes new paying members to Basecamp, the user gets credits against their Basecamp fees.
