All posts by phynds

In wielding power Apple has hurt itself

I have noticed a very interesting reaction recently to the way Apple has been throwing their weight around controlling who and what can be put in the appstore. Until a month or so ago there was a legion of companies and developers in my own circle, figuring out how they would enter the market and what they would develop, but that has changed dramatically in light of Apples series of what I consider large mistakes if not outright blunders. Pulling the storm trooper card on the guys that got the prototype phone, pulling the rug out from under Mono Touch, going to war with Adobe and also seeming to persecute all those that raise a voice in protest has put an enormous chill on most of those that I know that were looking to build applications for the iPhone and iPad. I own an iPhone and have bought an iPad so I am not a hater, just not a blind supplicant. I do not have any products launched or targeted to the AppStore (and have shelved those plans myself for the reasons many others I talk to are), so I really don’t see how I can be punished for speaking my mind (Sad that I now believe that if Apple had a way of punishing me, I now fully believe they would use it).

I think this is an example of Absolute Power Corrupts Absolutely. If you grip power too tightly you lose it and unless the groupies really do outnumber the rest of us this is a dangerous way for Apple to do business. How can we trust developing on a platform where the rules seem to change on a whim and which is controlled by those whose friends are treated no better than enemies…

Advice for Small Org Backup on a Budget

I was recently asked how to cost effectively do backup and Disaster Recovery (DR) for a 50 or so person organization.

Here is what I have found to be a pretty good way to go that won’t break the bank.

For an organization this size I use Backup Assist ( It leverages Windows Backup and has agents for Exchange and SQL.

I then break things into three categories and treat each slightly differently.

Level 1
The things you call critical such as active email, source code, CRM, financial data, etc.

This stuff gets backed up daily and depending on my level of paranoia (how screwed we are if we lose X days) I copy it offsite either to an alternate office or if none exists (your scenario) to either a hosted server at a datacenter somewhere (max on the disk and bandwidth and min on all else which is much less than you $750 per month) or to a server connected via VPN to the company principle’s house (poor man’s hosted server).

Level 2
The things that change often, but just aren’t level 1 such as home directories, business shares and other data.

Data in this category gets weekly backups and usually gets posted monthly to a large USB drive which gets rotated with its twin monthly. The drive with the current data is brought offsite for storage (again maybe to the company principal’s house or maybe a safe deposit box). When the new drive is delivered the old one comes back to be used for the following month’s backup.

Level 3
These are the unchanging files like images, email archives and stuff.

You can either burn these to optical media (if you do muliple copies with one going to the company principal’s house(s) and a copy to the safety deposit box if you got one) or you can lump this onto the USB drive shuffle.

Hope this helps those who might be looking for this kind of insight.

Very sophisticated hack, get used to it…

The latest security threat as outlined here has hit over 100,000 people already and if you read through the details of how organized the attack is you will understand why it has been so successful. The problem is that while we have to protect ourselves from every threat, the bad guys only have to find one vulnerability to lay your plans to waste.

Security is a war, and the hackers are not slowing down their attacks.

Dangerous Interventions

It seems that everytime the government gets involved in high tech, things go wrong. Today I found out that there is a looming intervention that I think could potentially screw up one of the biggest successes in US based high tech, namely processor technology.

If you get time soon check out the petition here.

I would really like to see this kind of meddling prevented.

The Greatest Strength

Lately I have been helping customers find talented developers. As the topic of many books, courses, web sites and numerous other sources (many of which I have read or used) it is a problem that I find keenly interesting.

There are of couse many, many ways to look at it, but I think I have found the single most important strength not just for technical talent. So take this as advice for your own advancement or as the thing to look for and test for when you are hiring. The key strength is to be able to accept feedback and objectively recognize it for truth when it is true and then have the strength of character to actually try to work to improve as a response.

It sounds easy, but it is not. It is also very much at odds with being an ego maniac (in other words those people can’t do it). If someone passes this test then the sky is truly the limit, they will be able to improve, move up the ladders of responsiblity and will likley only be limited by the strength of their intellect.

Try it yourself sometime by asking someone for honest feedback and see if you can act on it. Repeat.

PHP and MySQL vs. ASP.Net and SQL Server

Over the last year I have gotten an education on PHP and MySQL web sites to go along with my existing expertise with ASP.Net and SQL Server.

It turns out that I purchased a web site a little over a year ago that supports gamers who play World of Warcraft (a game I have played for years). The site gets about 100,000 unique users a month with just shy of a million page views a month. The site was written in PHP against a MySQL backend and is just not driving the revenue yet to justify porting it to ASP.Net and SQL Server (though as you will read here the balance of pain is shifting that equation). It turns out that we end up rebooting the system pretty damn often which was a problem with IIS back in the old days, but not one I have had in recent versions.

We have thrown more hardware at the system, brought in professional help and it just seems that at these levels of use the system runs down and needs a kick and sometimes intensive care.

My point here is that it has been an education for me to validate what I suspected, there is no magic with the non-MS stack. It can hang in some regards, but it seems that for really heavy loads, MS has got them beat on stability. I am working on an ASP.Net with SQL Server site now that handles similar traffic and it just doesn’t suffer the same issues.

I plan to dig deeper into the tech here if for no other reason to figure out what it takes to port the site to ASP.Net with SQL Server.

Usability is King

I have been working on commercial products for a long time and repeatedly have seen companies compete with similar solutions. Often one is the technology leader and innovates while the other plays catch up and only survives by clever marketing. Sometimes the laggard can become the market leader, but typically only if the innovator makes a mistake (the classic example of a market leader losing ground due to a mistake is when New Coke came out).

When it comes to software products the rule is pretty simple, mistakes in usability are the ones that cost marketshare fastest. Customers are pretty tolerant of technical issues and bugs since all sofware has them, but if the user feels stupid when trying to use your product, they will switch very quickly to an alternative.

Bottom line is that mistakes of ususability are more costly in a competitive market than almost anything else, design wisely.

PDC Notes

I just got back from the Microsoft PDC in LA and have been thinking about what I saw there.

It turns out that I have come to a couple of conclusions that I will surely post more about in the future, but for now here is the overview.

First there were several Windows Azure announcements that have swayed me from skeptic to seeing a real chance for Azure to be a contender. Chief among my concerns was the fact that I just didn’t see companies doing a big rewrite just to leverage a cloud solution. Now it is much easier to port an existing application to Azure and there is the option to customize the hosted image. I also saw a demo that no one else seems to have noticed (or I was imaging things). I could have sworn I saw a demo where SQL data hosted behind the company firewall was opened up for consumption by an Azure hosted application. I plan to watch that keynote again to make sure I know what I am talking about so consider this a disclaimer.

Second, I am now confident that Microsoft will not abandon either WPF nor SilverLight developers since there were already announcements to make both able to run with the same assemblies. A small step, but when coupled with the fact that VS2010 is built with WPF I think the two technologies are both valid for development (I was worried about the future of WPF until recently).

There was of course more, but those will have to wait for other posts.

Contracts 101

For many, many years I have been writing and reviewing contracts between my company and clients. As a result I have some insights into how things can be made to work more simply.

First up, this is not legal advice, just me sharing some experiences. You should always run your contracts by your lawyer to ensure you aren’t painting yourself into a corner you did not intend.

Second, I have always tried to standardize contracts as much as possible and educate prospective clients up front as to what our process was for setting up contracts. Often the client will have their own ideas and their own contracts, but life is much better if you get the majority of clients to use your system rather than having to make a project out of every deal. I find that the more reasonable my process and contracts the more likely the client will accept my contracts rather than insist on using their own.

Third, you must always remember that contracts are to govern the relationship between you and the customer when things to wrong. They almost never come up when the project comes off to mutual satisfaction. They are insurance if done well and they are a death sentence if they are done badly in cases where the project goes off the rails.

Fourth, contracts are not personal, they are just part of business. If you are doing business with someone you like and trust then there is a temptation to skip on the contractual completeness or correctness. THIS IS A MISTAKE! Always think in terms of what would happen if the project went sideways and the person you had to deal with was not the one with whom you set things up. This has happened to me on a regular basis and the only defense is to have solid contracts.

I hope to post more information like this in the future.

PDC BOF Session on Security

I am packing tonight to head to the PDC in Los Angeles and wanted to tell anyone else who will be attending that I am hosting a Birds of a Feather session at lunchtime on Thursday on security hype.

The thesis is that we are seeing a steady stream of over hyped security “issues” that tend to remind me more and more of the ads for the evening news that say things like “Your water could be killing your children, details at 11″. We plan to discuss how this trend is hurting actual preparedness for the real threats.

Hope to see some of you there.