RSS

Category Archives: business

New Book idea – Startup Accounting

16 May

Commenting on articles has been a bit of a hobby for me lately. In this latest installment I take on the startup entrepreneur. In some circles they can and cannot spell. But how are they able to afford things?

For one; they hire cheap labor. They may be programmers themselves. They hire college programmers trading compensation for internships with ping pong tables or stock options. They practice silent HR discrimination trying to determine who has a family and who has kids. Or trying to determine who can work nights and weekends. Many, however, will not outsource because they are actually trying to protect some unrealistic intellectual property, however, some companies have opened development offices in the remote reaches of the world like Dublin Ireland.

And that’s about. it.

PS: the bit about the HR department was recently reported on the national news.

 
Leave a comment

Posted by on 2012/05/16 in business

 

Tags: ,

Apple OSX mindshare

14 May

Apple’s mindshare is as much their hardware as it is their software.

Just a few minutes ago I was reconfiguring my Mail.app in favor of GMail in the browser and Sparrow or MailPlane on the desktop. This was just part of a whim but it’s probably a good thing that many application developers are so narrowly divided.

I also spent a little time on my BETA version of Apple’s Messages. A replacement for iChat. Some of the preferences were clearly BETA and a lot was leftover from iChat. But after all that I can see that I’m still going to need Skype. Sure iChat and Messages support voice and video chat. I also have FaceTime for my desktop too. But in the end those apps are OSX only.

So long as MicroSoft is putting MS Word on the OSX desktop; Apple should be putting their apps on Windows.

 
Leave a comment

Posted by on 2012/05/14 in architecture, beta, business

 

You have the next great disruptive idea; now what?

14 May

I have one client who wants to build and host everything in their domain. They do not have the killer disruptive app or anything but they have a good idea for a service business that is going to keep them in twinkles for a good long time.

But if you had the next great idea and you wanted to focus strictly on the components that are considered core to the business and not the periphery. For example; instead of a social component you’d connect to Facebook. Instead of an emailer you’d use mailgun. And for logging maybe something like loggly. Of course there is mongodb, puppet and chef services and so on…

When I look at these services the costs seem on the high side per server. And when you combine the costs; they are in the stratosphere. For example; I have a client where I run 4 asterisk servers and 4 admin consoles. I wanted to try newrelic but when I looked at the pricing it was simply too much. The servers were costing 2K/mo for all 8 of them and newrelic was going to cost more than double.

Recently the first client I mentioned; has started to change course. There are some things they are now willing to outsource and something that absolutely need to be internally supported. It’s a tough formula but the line is somewhere between profit and overall cost.

Back to my original question. If I outsourced and managed everything except my core. What is it going to cost? Is it going to be reliable enough? Will it scale?  How do I get to the next step?

But what will it cost?

 
Leave a comment

Posted by on 2012/05/14 in business, Tools

 

Freelance licensing of 3rd party software

11 May

In a related difference of opinion…

As a freelance programmer code comes from 3 places. (1) I write it from scratch, (2) I use some OpenSource code with compatible licensing, (3) I use some of my own libraries that are not strictly licensed one way or the other.

Whatever code I write is usually going to be “work for hire” and so it will become the property of my client. He or she will have to decide what that means to the general public as in OpenSource or if it’s considered intellectual property.

On the other hand, if I included 3rd party licensed software then it’s pretty simple. Everyone has to adhere to the terms of whatever license(s) are written. Just about everything is going to work here. Even the GPL is manageable to a large extent.

The real challenge is what about my code library? My intended license is generally “non-exclusive use”, however, my client wanted to be able to decide whether this code could be used or not. I suppose this sort of position could be reasonable but what I object to is that we are separately negotiating pricing; where my pricing is based on doing as little work as possible by stitching together as much 3rd party code as possible.

The bottom line…. if you want exclusive rights to some code then it needs to be written for you and you have to pay for the labor. So while it is possible to scope some projects of a certain size. It becomes impossible as the assignment grows.

 
Leave a comment

Posted by on 2012/05/11 in business, for hire

 

Tags:

Should Freelance Programmers Offer Warranties?

11 May

I’m currently in the contract phase of negotiations with a potential new client. Every time I read the contract I see something new that I did not pick up on the previous time. It’s only two pages and yet I find myself skimming instead of reading. (and in case you’re interested, he reads my blog)

What is challenging for me right now are the number of vectors of risk against the bottom line. It’s generally understood that everyone is going to disagree on the cost of a project, specially when it comes to cost per hour. And even if you cost the job instead of the labor; both parties are going to try to estimate. Of course there is the underlying incentive to work hard, shave time, and so on.

And then I saw the clause referring to Warranties.

Up until this point in my freelance career I had never offered a warranty. When the client took possession of the code they were obliged to test it and release me lock stock and barel… upon payment. But if there is an uncompensated warranty period it creates a potential burden beyond the development period and into other projects that might be ongoing.

Warranties are like an insurance policy offered by the manufacturer. There is a embedded cost in every toaster that pays for the claims. Some of that money goes to major claims and others for self insured. But what is the right amount for freelance software?

 
Leave a comment

Posted by on 2012/05/11 in business, for hire

 

Tags: ,

More Credit Card Fraud, Where is the Bank Fraud?

30 Apr

I just wrote an article about credit card fraud… but here’s some food for thought.

Computers have been in banking for a good many years. Probably since the 1960 or even a little earlier than that. But in recent history we hear about credit card fraud and not banking fraud. The systems are typically integrated and supposed to be equally secure… but the attack vector is always credit cards.

I wonder of saying it was credit card fraud (a) allows the banks to charge more for credit cards (b) allows the government and banks to say our banking and reserve system is secure.

The thing to think about… the credit card company (the issuing processor and all entities) they do not need your social security number. For anything.  Your bank does and they do not need you card number(s).

There are many ways to fix this problem (a) laws, (b) banks (c) technology.

 
Leave a comment

Posted by on 2012/04/30 in business, Complaint Depatment, credit cards

 

Credit Card Fraud! Again? Really?

30 Apr

I’m somewhat of an expert when it comes to credit card systems. I have worked for the likes of NaBanco, First Data, WildCard Systems, MetaVentures, Insight Cards, Klarna, NXSystems. I have also collaborated and certified directly with Visa, MasterCard, American Express, and Discover. I have also designed open and closed loop systems including stealth platforms like insurance eligibility. Finally I have participated in several PCI audits as the target and the auditor.

Yet I was still outraged when I received a letter from a major card brand that my account had been compromised; they go on to reassure me that my social security number and some other private details have not been compromised.

Let me be perfectly clear here.  *** This is utter and total bullshit !!!  ***  I’d like a chance to repeat myself but that might be gloating or looking for business.

Firstly; PCI and may other security and privacy measures are not as secure as I’d like. PCI takes the rent-a-cop approach to security. Observe and record. There is nothing in the PCI document that tells the institution to take an active role.

Secondly; The Rules and Regulations for the various major associations does not go any farther than the PCI when it comes to detection or the active prevention of fraud. Again, observe and record. And unless you are doing something that is going to hurt the brand-name the issuers and acquirers can take whatever risks they deem necessary to capture and keep a cardholder.

The CEO of Klarna (Sweden) is always talking about removing friction from the transaction process. His company’s product does not use credit cards and is similar to Bill Me Later (temporary credit is offered on the fly). Part of what makes his product successful is not that his customer’s credit is tied to their SSN but that the laws in the countries that Klarna operates is mindful of how this private information is being used and in fact the it’s not so private. It’s about as common as your cell number.

who are the players in the credit card process

GLOSSARY

(*smiley*) This is the cardholder. The cardholder is on both sides of the picture because the cardholder deposits his hard earned cash into a bank or makes partial or full payments for credit that had been provided. The cardholder also buys goods or services from merchants. Therefore the cardholder is on both sides of the credit equation.

(M) This is the merchant. The merchant provides goods and services to cardholders. The merchant also pays a percentage of each sale to all of the entities to the right.

(MB) The merchant bank is where the final settlement funds are deposited once the transactions cleared.

(GW) The gateway processor is considered a 3rd party service provider. They provide some level of transaction, reporting or security service for the merchant. They may provide other types of business integration or workflow.

(GW Bank) Depending on the acquirers rules the gateway processor has a clearing bank in order to capture their commission from the day’s transactions.

(AP) The acquiring processor is just a technical entity that processes transactions between the merchant and the association. The AP does not actually have to be a bank but they need to be bank sponsored.

(A Bank) The acquiring processor bank performs the clearing function for the acquiring processor, however, more importantly this bank sponsors the AP’s relationship with the association.

(association) Visa and MasterCard are associations of banks. American express is referred to as an association but was a privately held company at one time. Discover was spun off from Sears and is/was also a proper bank.

(IP) Like the AP, the issuing processor does not need to be a proper bank. The IP need only be sponsored.

(IP Bank) The issuing processor bank handles the clearing and settlement on an on-demand basis. Sometimes this entity is extending credit to the cardholder and sometimes this entity is holding the cardholder deposits. It depends on the individual card program.

(Bank) The cardholder bank is where there cardholder interacts with deposits and payments.

Authorization – this is the first part of a 2 or 3 step process (from the merchant). It depends on where the transaction is being performed. If you are buying a book from the book store then this is the first of 2 transactions. It’s just intended to see if you have enough funds. If it’s a gas station or a restaurant then it’s a pre-authorization — because it is absent of a tip.

Settlement – the settlement process takes place at least once a day (from the merchant). It is when the point of sale device tells the issuers what transactions were actually completed. This triggers the clearing and settlement process.

Clearing and Settlement – The association takes all of the settled transactions and groups them together sending like transactions to the individual issuing processors along with a “demand” file which the issuer uses in order to pay the association.

Single Message System – this is when the authorization and the settlement transaction are performed in one transaction. ATM transactions are typical single message system(s).

PS: There are few differences between credit cards and debit cards. I suppose the actuary have a different view of this but it amounts to the same results. It’s still a 15 or 16 digit card number.

The Short Version

What does all of this mean?

The cardholder bank makes money when you deposit money and potentially gives you a fraction back as interested, once they have charged you fees. The cardholder bank also makes money during the clearing and settlement process as “demand”. The bank does pay processing fees of a sort but the majority of the bank’s gross revenue comes from the transaction.

The reality is that the merchant pays the freight on card transactions. And that is passed through to the cardholder.

NOTE: if you want to create an issuing processor from the ground up then I strongly recommend that you get someone to do the IP for you. Get some cardholders and capture the transaction revenue. You can also use your own system (although you might be processing on someone else’s IP at least you are getting instant discounts. I hope that makes sense) This is the reason that Discover can return 5% on all transactions and the similar for Costco-Amex and others.

What does it all mean?

Someone in the diagram above lost or allowed to be stolen; my data. Whether or not that data is used to perform actual fraudulent transactions should not be my problem. I pay to get the card. I pay to use the card. And I get a fraction of the value in interest if I do nothing… except fees for not using it.

This letter that I received should not be a “get out of jail free” card for whichever entity permitted my data to leak. I should be able to sue them individually because any class action lawsuit only benefits the lawyers and not the cardholders. In fact they should just start dumping money on my doorstep in advance of any bad thing that might happen. And more importantly I will be watching my credit scores for the rest of my life… looking over my shoulder waiting for someone to take advantage.

PS: Suzy Orman once said that you should never cancel a credit card. If you do it will negatively effect your credit score. I have a Delta/Amex frequent flier card that I do not use.  They charge me $100/year for membership and I get nothing in return except that they extended me some credit that I have to pay for anyway if I elect to use it.

In the US our laws seem to protect corporate America and not America. What is good for corporate America is not always good for me!

In Summary

We are not safe and we are paying too much.

I almost Forgot

… the reason for writing this post in the first place.  The association that sent me the letter recommended that I check with the various credit bureaus in order to see whether my personal information was in fact being used. True, that is an option, however, the credit bureaus only give me one or two free reports a year. And if you’ve ever used their services they harass you with FUD and other tough sale pitches and tactics in order to get you into a subscription. The wording in their online Apps is so questionable it was obviously intended to get me or anyone else to make a mistake.

Really what I’m suggesting here is that this service needs to be FREE for the individual. Forever.

 
Leave a comment

Posted by on 2012/04/30 in business, Complaint Depatment, credit cards

 

Tags: ,

Cloud – be skeptical

23 Apr

I like using virtual servers. I often find myself wanting PCI compliant virtual servers but that’s just not going to happen unless I own the hardware. But in the meantime the big boys have me covered. Although the next time I speak to my PCI auditor I have to ask if there is a way to get PCI certified on virtual servers… anyway…

I’m always looking for a bargain… recently I was schooled that Amazon’s EC2 was less expensive than RackSpace’s virtual server. I had to see it for myself and he was correct. It was not much but enough. Of course if I had automated migration or installation scripts that would be one thing (no chef or puppet here). But the savings was not going to offset my time and then the risk of failure. But it was interesting.

This morning I had some StackOverflow page up and there was an advert for MediaTemple. I’ve never used them but I have looked at their service. In the past they offered shared servers… where your app coexisted with others in the same space. (very un-PCI friendly). And some time later they started to virtualize.

(mt) posted this on their landing page:

Virtualization on a Diet
Built on Virtuozzo 4 from Parallels. Lightweight virtualization technology, with less system overhead than Xen servers.

For some reason they seem to think that this is a selling point for me and I think they have it all wrong. This is how they would justify Xen internally and not externally. And it certainly does not make them smarter…

The way I read this:

we wanted to achieve greater VM instance concentration per physical node compared to the competition

Which does not help justify their premium!

 
2 Comments

Posted by on 2012/04/23 in architecture, business, Complaint Depatment

 

Tags: , , , , ,

Why is Mozilla investing in Rust?

31 Mar

A very long time ago I was having a conversation with peers that spilled into a blog post. At the time I was noticing that all of the big boys like Google, Yahoo and others were gobbling up language gurus like Guido.

Now, in hindsight, Mozilla is creating Rust. I do not pretend to know what their real motives are but I do find it interesting to observe. Mozilla’s history is all over the map. It was commercial, then it was open source and non-profit, then it was commercial again under AOL and then it was open-source and semi-nonprofit as the Mozilla Foundation… or something like that.

It just seems curious to me that they would go this route. They have 3 or 4 successful projects. They have uber cool tools that are functionally cross platform. I don’t think they do any pure or applied research in languages to this point in time. Why Rust?

Google’s GO fills a need and they are clearly going to direct the future of the language. Unlike the days of the IBM and Microsoft – OS/2 and Windows wars or the days of Lotus and Excel… There is no API war to be won. Rust could be a fork of GO and it would not matter in the least as it once did.

It seems to me that DSL(domain specific language) is actually being replaced with BSL(brand specific language) and everyone wants to get into the act.

 
Leave a comment

Posted by on 2012/03/31 in business, ProgLang, Tools

 

Tags: , , ,

Programming Challenges are “de-motivational”

30 Mar

I think the title of this article give away the ending. Sorry… I suppose you can stop reading here.

Thank you for reading on… I recently applied for a programming position. In the initial response email from the hiring manager or HR I received a response like:

… and then there is the programming challenge … and it should take 2 days.

Really? Are you kidding? You want me to give up 2 days for what? That was my unfiltered subconscience speaking. But really, that’s a lot to ask. Specially when someone is going to take my 2 days of work and skim it for some quasi critical check boxes and make a summary evaluation.

So I said no.

As for the programming challenge. With over 25 years of practical experience and interviewing on both sides of the fence… I do not do programming challenges if I can help it. They are (a) subjective (b) generally insulting (c) trumpeted by junior silicon valley programmers (d) perpetuated by myth (e) and a sign of lazy managers.

I’ve written about this sort of thing before and I think this summarized the many articles. But this morning I had one of those inspirational moments.

I recently started reading The Developers CodeI’m only part way through the book but I have started to connect with the author. Reading an essay at a time as my toddlers crawled around the living room playing with their toys… I made it into the “Motivation” section.

Having pets in the office was a necessity when you work 10 to 16 hours a day, however, I have to admit that I never liked ping pong, darts or pool table in the place of business. And this is where I fork into two equally important thoughts.

(a) these so called “perks” require more than one person to be stimulating. In one workplace I visited all of the workspace wall are glass so if you are playing ping pong instead of your job (1) everyone sees (2) it requires two. Both have a demotivating effect on team members trying to get work done while others are at play.

(b) the “perk” of our career path is supposed to be the work. I happen to like transactions and databases. Luckily for me there is plenty of work in this space as most applications today are built this way. But the work is it’s own reward.

So when you ask me to take 2 days of my life to work on something that is not going to yield any appreciable results… there is simply no motivation to do the work. It also speaks to the nature of the organization.

As an aside, some programmers like to talk about code as art or science. The field might actually be divided on this note. I do not think it’s either. but that’s fodder for another article.

 
3 Comments

Posted by on 2012/03/30 in business, for hire, management

 

Tags: , , ,

Older posts
Newer posts
 
One Page Docs

Creating a library one page at a time.

One Page Bugs

Reducing the friction of writing and fixing bugs or features.

Follow

Get every new post delivered to your Inbox.

Join 223 other followers