On April 7th, a major web vulnerability called “Heartbleed” was disclosed to the internet. This vulnerability affected a popular security library called OpenSSL, and as a result it affected the security of a large number of sites on the internet, including Splitwise. (A good rundown of who was affected can be found here.)
Shortly after noon on April 8th, the bug was patched on all of our servers. We also issued a new SSL certificate for splitwise.com and initiated the expiration of our old SSL certificate. As a result, we are no longer vulnerable to Heartbleed.
We have no reason to believe that any Splitwise user data was compromised via the Heartbleed vulnerability or that we were the target of an attack, but we are continuing to monitor for any unusual behavior. In addition, we’ve taken this opportunity to implement a few additional security measures, to update passwords for important server components, and to generally review how we respond to security issues.
1. The Heartbleed bug was patched shortly after 12pm EDT on Tuesday, April 8th. We issued new a SSL certificate a few hours later, and also revoked our old certificate.
2. As a precaution, we are logging out all users who visited the Splitwise website on April 7th and 8th.
3. Changing your password is recommended as a precaution, especially for users who logged in or created an account during the affected period. You can also log out of all your existing Splitwise sessions by clicking here.
2010 US Population Density, By Zip Code, in XLS and CSV
2007-2011 US Unemployment Rate By Zip Code, also in XLS or CSV
Unemployment and population density are probably two of the most important local statistics you might hear quoted about a city or town. Our US Population by Zip Code post from September has gotten rather popular, and a polite commenter requested population density and unemployment rate. So here they are, totally free and in the public domain, in two different formats (see above).
How did I get this data? Two different Census APIs (the Decennial Census 2010 and the ACS 5-year 2007-2011), combined with the square-footage by ZCTA listings from the 2013 U.S. Gazetteer Files.
I was planning to use this post to document my methods and send everyone on their own journey through the data, but it got too long and I realized that I wanted to talk a more systematic approach. In a follow up post, I will explain how to pull Census data yourself for different variables at different geographical resolution. But if you need a jump start now, my first and most helpful guide was the National Civic Day Of Hacking support slides.
The whole Splitwise team is proud and thrilled to announce the release of the most wonderful Android app we’ve ever designed – Splitwise Android v3. It’s a whole new look and the result of many months of toil by Marshall, with help in the last couple months from Ryan and Caleb. Testing was carried out by the whole team as well as volunteer testers from our user base, to whom we are very grateful.
To my thumbs and eyes, our Android app has gone from a source of embarrassment to one of the most polished productivity apps in the Play Store. Some highlights from the new build:
Unified logo and color scheme and a look that embodies the Android style
Pay friends via PayPal (for US users only)
Simplified and streamlined “Add Bill” dialog
Push notifications for new expenses and edits
Sidebar menu to easily find balances with groups or people
New friend view, including both group balances and private IOUs
Last week, we learned from GeekWire that Google has applied for a patent on our bread and butter technology: tracking groups of bills split with friends. The patent application describes a system of shared balances and payments between friends in a group – exactly what Splitwise and some of our competitors have been doing publicly for years. Google currently has no group-splitting product, and one can only assume they are considering adding a splitting service to Google Wallet. (Google, if you want to integrate Splitwise with Wallet, reach out to us).
I’m going to kick off a multi-part series on US Census data by offering a totally free download, in XLS or CSV format, of something strangely hard-to-Google: the 2010 US Census population by Zip code (technically, by ZCTA). Splitwise is offering these files free of charge and in the public domain, and I can’t believe how many other sites are charging for them!
But the difficulty I had in creating this data set and using the US Census website has inspired me to write a bit more about how to use one of the world’s most interesting open data sources.
It’s my great pleasure to announce version 3 of Splitwise for iPhone and web, which Marshall has memorably code-named “Fat Rabbit.” This is a major new relaunch, which changes our look and feel and adds popularly requested features like expense search, offline mode, bill editing, and push notifications. Perhaps most notably, we’ve entered the world of “mobile payments” with iPhone payments via PayPal.
We have decided to relaunch Splitwise today, in spite of yesterday’s bombing of the Boston Marathon. We are deeply upset by the attack, and many dear friends of Splitwise were near the scene of the bombing or experienced a near miss. Our thoughts are out to anyone affected by the tragedy. In light of everything, we believe that the most ethical thing for Splitwise to do is to go ahead with business as usual.