Edoceo's Blog

Sites Don't Respect Trademarks of Small Businesses

2013-05-13T21:53:00.000-07:00

Recently we've been in a battle with some of the webs busier sites regarding our registered trademark.

See, many sites let the username represent the owner of the account like twitter.com/edoceo. Many sites (Tumblr, Wordpress/Gravatar, Twitter and others) make no efforts what-so-ever to ensure that these usernames are not crossing trademarks.

According to their policies you could register "Microsoft" and these sites would not mind (but we know that's not true). However, when it comes to small businesses like mine these sites don't care at all. They are full of lame excuses. It super easy check trademark with an API query (http://edoceo.io/trademark)

On some sites we've identified orphaned accounts, that clearly have no usage and formally requested access. We're told things like: it cannot be changed, or there are "data integrity" issues. Bullshit. We know for a fact that at least one of these offending sites is backed by MySQL - UPDATE is a pretty easy statement.

Other bigger carriers such as YouTube and Instagram do respect the trademark. Simply send them a nice letter, using the provided forms and wait a few days. Done and done.

For now, we're looking for legal council in SF to help us out.

Also, we've made a tool called Username Shop which helps to research as well as buy & sell these usernames aftermarket. At least, until these sites start respecting trademarks.

Linode Outage Review - Counting Events

2013-04-26T22:38:00.000-07:00

Yesterday one of out hosting providers had a network hiccup. We use a number of providers and something happens somewhere at least once a week. Network blips are something one simply has to build around, redundancy & failover and all that.

Linode manages their issues well with frequent updates to their status page. Employees participate in their IRC channel as well and are very responsive.

It was however speculated that the Fremont data-centre has more outages than others.

Location	2010	2011	2012	2013	Sum
Atlanta	8	16	20	14	58
Dallas	22	12	30	4	68
Fremont	20	16	22	12	70
London	4	8	18	2	32
Newark	16	6	22	4	48
Tokyo	0	0	6	2	8

Seattle PD Discrimination: Parking

2013-03-22T16:35:00.000-07:00

I had this theory for a while that SPD parking enforcement targets vehicles operated by "poor" people. I heard and saw anecdotal evidence - my beat-up Jetta gets a ticket for a time-violation, while the BMW behind me does not.

So, today we have an actual experiment going on. My beat-up Jetta, a nice BMW and a clean Dodge Doakota have all parked, on the same block in the same 2h limit zone.

The parking time limit is enforced from 8am to 6pm. The BMW arrived around 8:30, my Jetta at 9:00 and the Dodge at 9:10. As yet, we've not see the parking attendants.

09:50 No Sign of Parking Enforcement (PE)

11:14 Parking Enforcement Spotted

Parking enforcement just passed our three sample cars, slowly. I'm sure that each was recognised by their system, they have marked the tires of our sample cars with white chalk.

11:32 Dodge Leaves

The Dodge has left, so now our sample cars are down to two. I'm not wanting to get a ticket on the Jetta, so I'm going to move it now. However, I still assume that by EOD the BMW will still not have a ticket.

12:03 Parking Enforcement Spotted

PE makes another pass, this time using orange chalk markings. An observation of the BMW has no marking, in either white or orange chalk. Cars that were chalked include: Toyota, Honda and an F150 - all on the same block & same zone as the BMW.

13:53 Parking Enforcement - Marking

Didn't see them pass however, I did just look at the cars. Now a new Toyota and a Nissan have been marked with white chalk, the BMW however still has no chalk markings.

16:00 Parking Enforcement Spotted

I just watched the Parking Enforcement dude (same guy I've seen three times today) drive past. Chalking tires, guess what - the BMW - which has been parked since about 8:30 in a two (2) hour zone - still has not been chalked or ticketed.

16:29 BMW Leaves

The BMW just left, roughly eight (8) hours in a two (2) hour limited zone. Tires were never chalked, though the tires of surrounding vehicles was. Not citation was issued, although I saw other citations being given out.

Summary

I've managed to convince myself, after today's diligent observation that SPD Parking Enforcement is not applying the rules the same to all illegally parked vehicles. My theory that the "nice car" would not get a parking citation, while other cars would be targeted played out as I described. Accommodation for the Affluent.

What I'd like to get my hands on now is the data about the citations, make, model, age as well as the zip code of the citation and zip code of the license holder. From that we could build a pretty good model.

I'm betting that the City and the State don't want that type of transparency.

Entrepreneurship & Letting go of Ideas

2013-03-22T10:12:00.000-07:00

In Oct 2010 I had this concept of an IT related skills quiz, community constructed and community graded. Conversations with others in the field led me to register a domain (ibise.org) and create a prototype of the system. The grand scheme was to create some type of community regulated certification system.

Progress was(is?) slow. By 2012: I'd told a few people; created code to handle various question types (pick one, pick many, fill-in and essay) and created a few questions. The breadth of skills represented was small. The name had changed to Opus, and now Ars.

It's hard, very hard, to grow a project when it's not able to get more than 10% of your time. I wanted this thing; however I had no time to grow it. Nor did I feel like spending a few buck to have it populated with questions, polished and published.

Over time the idea morphed around; what was the real issue I'm solving. What did/does/are/were the problems which others in my field faced with regards to representing skill-set? The name changed, more than once (Opus, then finally Ars I/O) which makes it hard to get a good bond with the project.

Time to Let it Go

Recently I came across Smarterer which provides for very similar quiz functionality (limited to pick-one style questions). And the Ars project (as it's now called) had migrated away from the focus on the Skills quiz and become yet another on-line profile. I think we have to let-go of the Quiz part and simply integrate with Smarterer.

I had/have some "my baby" feelings about what I've built so far, so it's tough. However...

From the feedback the my associates gave me the site had morphed into a system that pulls your IT profile from a bunch of sites and makes a pretty display. From fancy Quiz system to simple Resume Editor.

So, yes, now Ars integrates with Smarterer. And, of course Stack Exchange is getting into the Resume business with their Careers 2.0 option, which is suprisingly like Ars.

I'll either have to give more time to Ars to compete with Stack Exchange, or I'll have to let this thing it's morphed into go too.

Backorder Domain Auctions - False Metrics, Lost Revenue

2013-02-22T18:20:00.001-08:00

Domain brokers and re-sellsers are inflating their metrics with false numbers.

The Back Story

Edoceo has been tasked with acquiring a domain name on behalf of a client. We'll call it "V.com"

We review the WHOIS to attempt a direct transaction. This is blocked by the GoDaddy Domains by Proxy addresses. No matter, simply make a purchase attempt via GoDaddy to use their auction system. We began that process and submitted our bid.

The False Metrics

When we first viewed the domain auction with GoDaddy the metrics were zero (0) direct visits and zero (0) auction views. We attempted bid placement however, since we had to login in we were redirected back - now the view count was two (2). Our bid was entered and prompted to visit the shopping cart - for a domain with a bid view count of four (4). Returning back to the domain review page the view count now shows six (6)! We completed the bid process with a view count of seven (7) showing; still zero direct visitors.

Lost Revenue

The domain auction had a few (20+) days to close. Of course, we kept checking on it too. By the time it close the view count for the auction was over 20 - that was 99% us.

The down side is that the seller viewed this as an increased interest in their domain. And while we were interested and bid accordingly ($600) this decade old, unused domain remains unsold.

It appears that the false counts delivered by GoDaddy & Sedo provide a soft-basis for inflated value for the domain holders. Rather than pocket $500, this domain owner will likely lose another $50 over the next five years waiting for another buyer. And with new TLDs coming on-line, the demand for .com is waning.

Whatever, domains are easy to find - $9.95 got us another very cool .co.

Inheriting Sloppy Code

2013-02-13T14:38:00.001-08:00

Just started working with a new company, inherited sloppy code

Recognising Sloppy Code

Developers know it when they see it; non-modular; repeated, disorganised directory structure, editing on production systems. Business operators on the other hand don't, here's some tips.

Examine the Project You don't know code, but if you see many duplicate names. Or files like like home.php, home-0.php, home-12july.php, home-bk.php, home.php~ that is an indicator of slop. More importantly it highlights that there is no code tracking tools in place.

It's very important that the code team use tools like Subversion or Git or Mecurial or Bazaar.

Third Party Review Get a second opinion. Have an alternate, cash compensated dis-interested third party review the code. The the report comes back an mentions duplicated code, lack of structure and other such then we have slop.

If the code as been identified as sloppy, it can be an expensive process to resolve it. It's important to enforce good development practices from the beginning.

Use a Source Control system (Subversion, Git, &c)
Host Multiple Environments: Work, Test, Beta, Live
Review Code with a trusted third party
Test, Test, Test
Control the Team - Don't let them stray or feature creep

Resolving Sloppy Code

Quite a tough problem, clean what is there or throw it out entirely and start over? Depends on the depth of the project. Many times small fixes to the slop can keep the system operational and continue to generate revenue. Rebuilding requires to redefine the specifications and basically re-build from the foundation up. Maintenance time is lost to rebuild-time - or one could bring in a new team for the rebuild.

Smaller teams are forced to try to re-work existing code to a more unified option, perhaps implementing one framework or another. In some circumstances early projects have two conflicting methodologies in-place. And the choice must be made to use one of those two, or fork to yet a third option.

Stealing Passwords with Google Chrome

2013-01-07T09:16:00.000-08:00

Here's a neat trick to steal your friends passwords using Google Chrome.

Environment

The target computer is using Google Chrome, which is currently not signed in to a Google Account. This local Chrome profile has some saved passwords.

The Attack

Using that local Chrome profile sign-in to Chrome with your profile (eg: attacker@gmail.com). Now, because you have Chrome sync enabled all the passwords from the local Chrome profile are now merged with the passwords you've saved in your roaming Chrome profile. Theft complete!

Discovery

We had a computer at the office, a test bed system. We'd have it save passwords for things during test. We never purged the profile. This is similar to what your Victims computer would have.

Then for another test we actually did sign-in to Chrome, at which point the this remote profile had 100s of new usernames & passwords which were clearly from our test environment.

I don't know if it's evil but, it's really fucked up.

Google Play Store Forces TOS Agreement

2012-12-22T17:22:00.001-08:00

If you have multiple accounts on one table or device using the Google Play Store forces users to accept the TOS or it will become completely blocked.

We have one tablet, with multiple accounts configured and one accidental click has left the Play Store unusable, none of the apps can update.

Steps to Reproduce

Use an Android 4.0 or newer device
Add multiple accounts to the device, including one that has not agreed to Play Store yet.
Open the Play Store, it will presently select an existing account.
Select the New Account, you will be prompted to Accept
Decline - Play Store Exits
You are now Stuck - Google is forcing you to Accept due to this bug

The reason that one account should not accept the TOS for the Play Store is that those applications are not "Kid Safe".

The only option now is to remove the account from the device entirely and start over. The average user wouldn't do that, they'd simply enter into this binding contract with Google - even if they didn't want too.

Seems like there is nobody at Google working in QA, bugs like this - and the terrible password issues in Chrome - keep appearing in their products.

API Performance and Availability Monitoring

2012-11-29T12:09:00.000-08:00

For quite some time we've been building out Custos - a network service monitoring tool.

Recently, while working with a few teams to develop external APIs the discussion came around to monitoring API availability and performance.

This was exciting for us! One of the claims we make about Custos is that creating custom monitors is super easy. It follows that a service monitor for almost any API can be created with Custos.

In only a few short minutes we were able to construct a PHP based monitoring script that was able to run a proper HTTP-API request, collect metrics (size, speed) and send the reports to Custos. Super easy!


$ch = curl_init('http://server/api/listTarget');
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
$body = curl_exec($ch);
$info = curl_info($ch);

$ttfb = $info['starttransfer_time'] * 1000;
$ttlb = $info['total_time'] * 1000;
$size = $info['size_download'];

echo "status Good\n";
echo "detail Testing the List Target API\n";
echo "metric ttfb=$ttfb\n";
echo "metric ttlb=$ttlb\n";
echo "metric size=$size\n";

How cool was that?

What is SEM (Search Engine Marketing)

2012-09-25T17:40:00.000-07:00

We've had a recent up-tick it seems in clients wanting to know how to make their web-site more visible to search engines and, more importantly, people. This used to be called SEO but, seems the new phrase is SEM.

The bottom line is this: SEM is a marketing campaigns based on search.

What SEM Is:

The process of marketing your site and or services through search engines; namely Bing and Google. Make sure your site shows up properly for terms that people are searching for. Make sure your using the right keywords. Make sure you're getting links that are on target.

There are dozens of options at your disposal. The basics are:

Build a Quality Site with Quality Content
Acquire Links to your site and pages
Promote via Social Media

Firstly building a quality site, that is having original well-formed content. You'll want appropriate keywords, but don't over saturate. And make sure the site you operate follows current "best practices" (use a tool like: SEO Sorcerer).

Get some links. Ask your blogging friends or those who operate other sites to link to you. Perhaps your web-designer or developer can link to you. There are also tools to purchase links however, those are generally frowned upon by search engines.

More Facebook Likes, Tweets, Plus-Ones and Pins and all that social stuff helps. Perhaps run an advertisement on Facebook or try to introduce a new hashtag on Twitter (or use popular ones in your tweets).

That's the basics of what SEM is. The reality of the situation, like so many other things, is that SEM is a big, complicated realm. It's generally a good idea to get a consultant or other subject matter expert involved to help you. SEM is much to complicated to be executed properly while trying to run your business.

AWS Billing is Broken

2012-08-15T20:50:00.000-07:00

We've been a user of AWS for quite some time, over five years. We interact with AWS services (S3, EC2, mTurk) on at least a weekly basis. Things had been going quite well.

Today Amazon sent a notice about a problem with our account, apparetnly it's been going for some time. We just got a notice about charges on the dates below.

February 1, 2008 - February 29, 2008 for 69.60
March 1, 2008 - March 31, 2008 for 74.51
October 1, 2010 - October 31, 2010 for 64.44

That is quite some time ago (it's Aug 2012 when I write this).

What is going on over at AWS that they lose track of money and then come around and ask for it four years later? Why didn't it come up in my last 48 months of usage? And, who do I contact over there? All we get is an email loop while they threaten my account (was fours day till suspension!)

UPDATE!

Eventually we found Amazon provides telephone based support for this issue. The on-phone support staff was helpful & personable. We came to an agreeable resolution within 15 minutes! That makes a better customer experience than what is offered by many others (I'm looking at you Facebook, Google).

Google Checkout/Wallet Migration Nightmare

2012-08-13T10:38:00.000-07:00

Some time ago Google began this forced migration process of regular Google Accounts into Google Apps accounts - for those that had overlap. For these users data from multiple services had to be migrated or merged. We wrote about it twice: accounts transition and blogger migration. The migration for Checkout has been terrible!

Checkout Migration Issues

Even after months of being told that migration would soon be possible it still has not become so. Our checkout data is now scattered across three accounts. It's a terrible inconvenience to the business. The resolution is drop the other two, of course but for us that is kind of an issue.

Our merchant id and the codes used for integrating our infrastructure into Google Checkout/Seller/Wallet/Whatever-next was in production across multiple servers and multiple applications, some more tied into the management systems than others. Basically, we have to ack/grep a bundle of code/configs for the two IDs that were created in the interim to try and solve the migration/transition issue - and re-test all of it.

We had these three accounts, accountA, B and C; A was the original Google Account that became conflicted with a Google Apps Account (C); B is the interim account that was a temporary holding while migrating. Each had to be bank verified while migrating and then cleaned-up. Checking code on multiple applications across multiple servers takes time - more than you want to spend and of course interrupts existing work-flow.

Sign-In to AccountA
Check Google Dashboard - false positives for subscribed services
Confirm Checkout Settings (9 pages - Preferences, Tax and Integration are important!)
Archive Orders and Financial Data
Search Apps/Servers, Replace IDs
Test - Google lets the same account buy from themselves?
Wait to Process to re-verify for Badge Status

Questions for Google

Why did you force migration before all services could be migrated?
Why has there been no progress on the Checkout/Seller/Wallet migration since?
Do you know it's not cool to mess around wildly with financial systems that many businesses depend on?
Why can't we simply re-assign the Owner role? It's stuck to the '@gtempaccount.com' still (even after creating the migration account like you directed)!

Alternative Solution Path

So, that was quite an inconvenience for us and a few of our clients as well - other payment processors haven't done anything that stupid to date (that I'm aware of). Evaluating a few we've decided that stripe is the way forward. Their system is elegant, secure and very easy to integrate. Since they're dedicated to just one thing it's less likely they'll force you into a lot of work when they mis-manage an infrastructure "integration" project.

Resara, Samba4, Windows7

2012-07-27T14:06:00.001-07:00

RIP Resara

Dramatic news this week when Resara announced their closing. We're sad to see Resara go, competition is good for customers. And to their existing customers: we're offering commercial support services for Resara.

Samba4 Updates

Speaking of Samba based small business servers, our Praxis system has expanded now to offer Samba4 as a "stable" environment - however it should be noted that Samba4 is still in a beta stage.

We've updated our Samba4 How To, and even provided updated Samba4 ebuilds to the Gentoo community.

Samba4 + Windows7

Also, this week gave us the largest Samba4 installation we've executed working with Brian Carolina Help Desk. It initially started with an attempt using Samba 3.6, cause we know it's stable - but Windows7 just would not play nice.

Round and round we went in this environment; and decided to run a Samba4 trial. It worked great! Better than 3.x for sure but there are still some lingering issues (non-browsable shares, homes-magic) but they are trivial to work around.

A test run of Samba4 resolved all the Windows7 issues we were having and eliminated the nasty registry hacks and other stuff - see our Samba4 Reference.

10 Business Model Canvas Tools - Review

2012-07-24T17:44:00.002-07:00

The business model canvas gets mentioned a lot in lean/start-up circles. Here's my quick review of 8 of them.

The current best-list of business model canvas tools is located at http://leanstartup.pbworks.com/w/page/47250326/BusinessModelCanvas.

BM Designer

A free tool, embeddable on blog or web-page, highly interactive UI, good clues/info-tips on the various sections.

BMFiddle

Also free and based directly from Osterwalder. This is a very attractive JS based UI, pretty colours, good prompts for the section data, excellent highlighting/diff viewer. Markdown support.

canvanizer

Free, only requires email (but fakes accepted). Multiple canvas templates (business model, lean, swot, customer journey) to choose from. A very awesome and unique canvas history replay tool.

Business Model Brainstorm Kit

This is an actual, tangible kit for purchase. It comes with magnetic icon blocks that you can stick to surfaces and then draw on. They also have links to some super awesome examples around companies you've heard of (Spotify, Groupon).

The Business Model Canvas & Toolbox

The original, a big PDF to download to help you get started as well as an iPad application. A web-application is in the works.

Business Model Press

This one is a WordPress plugin, if you're already on WP why not give this one a try? It's currently invite only beta.

Lean Canvas

This one provides a nice canvas UI, between $12 and $49/mo and a two person free plan. The Lean Canvas based on the Osterwalder canvas.

Lean Launch Lab

Free for a single user, then plans between $9 and $99/mo. Allows for multiple projects, multiple collaborators. LLL also provides more tools than just a canvas. There are some good tools for experiments and customer interviews for example as well as team communication tools.

Plan Cruncher

Not so much a canvas but a quick plan/model builder; has some very plesant icons to add to the model. Produces a PDF document of your Idea, Team, Product, Revenue, Funding Goals and Partnership. I think this is turning out an executive summary and does really help you focus on the message (with "tweet length" limits)

Opus Business Canvas

update: dropping this canvas tool - use bmfiddle!

This last one is ours, just made it while working through Start-Up Owners Manual. It has a typical canvas layout, allows for markdown input, exportable as markdown as well. Canvas is free and can be shared widely with your collaborators. Our UI is a bit more limited than the others.

Understanding Twilio Costs - It's not $0.01/minute

2012-07-23T12:25:00.000-07:00

We do lots of work with Twilio - it powers our political phone banking software and is the back-end for our virtual branch exchange - and of course we provide development/engineering services for those looking to integrate Twilio.

One significant issue we encounter with almost every new Twilio user is their mis-conceptions about how Twilio bills and what their costs will be.

The Penny per Minute Myth

When we had our main office line hosted on a true VoIP service the cost was $0.01/minute - yes - one cent per minute. We migrated to Twilio - now inbound calls ( which are generally forwarded to another phone number) are billed at $0.03/minute. Where did the other two cents come from?

Traditional providers charge only for one leg of the call - that is the inbound or outbound leg. This leg of the call originates/terminates from your VoIP system (we like FreeSWITCH). On Twilio however there are frequently two legs of the call.

The top example shows traditional VoIP operations - where the call goes to your server, or some "server" you operate and the other side is on your existing infrastructure. With Twilio however that "server" is them.

So, when using Twilio to route (forward) inbound calls to another device you'll be paying for both legs of the call. This is clearly visible in the billing reports from VBX - where the two legs are shown together.

Five Warning Signs about your Technology Person/Team

2012-07-20T12:39:00.001-07:00

It's almost unreal how much your business depends on technology. Computers, Internet, Mobile, Social even the old-school fax machine is technology. It is a critical component of your business.

Over the past decade we've seen numerous times where the technology needs of a business were not being met. Sadly, many business operators are yoked to the wrong fit for their technology providers. Are the consultants, developers, engineers, technicians you work with on a daily delivering the value you need? Are they contributing or cramping your business?

Here are five of the behaviours that, at least according to us, should be taken as warning signs. These actions, or in-action, could be costing you hundreds or even thousands of dollars.

Warning Signs

Solitary Knowledge

Do you have only one? Or perhaps one primary who handles 80% of your technology needs? What happens if your one go-to is not available?

This is a simple continuity issue. If your mission critical systems are in the hands of only one person there is a very large single point of failure. If this person is unavailable what happens? For many the work stops, or is delayed. Think about the difficulty (both time and cost) with finding a replacement.

It is business-critical to have more than one person to depend on for their mission critical systems - such as revenue generating web-sites or in-office desktops.

Captive Knowledge

How widely known are your systems? Where is the documentation? Network maps? Server information and change-logs? Code documentation? Wiki? Source control?

All to often this issue is tied directly to Solitary Knowledge - why document when the team is only one? Without documentation new team members have to scramble in the dark to "get their head around things". This is wasted time for new members. Some times the idea of this sunk-cost when brining them on-board prevents the expansion!

If these kinds of things are not available it becomes difficult to on-board new team members. It also makes comparing new members to existing members impossible. That unshared, internal knowledge that existing team members is being hoarded up. If fact, this prevents new team members from performing to their best ability.

Infallibility

Is your Tech-team "never wrong"? Is their way always the "best"? How do they respond to new ideas? How do they respond to outside review of their work?

Tech folks are known for their arrogance/confidence - and lets not confuse that with infallibility. If your tech-team responds with declination towards others work then look out. When asked about others work do they claim they can do better or faster? If they say yes 100% of the time be wary - nobody is that good.

Superiority/Condescending

How about their review of others work? Or their reactions to the new team members?

Perhaps you're fortunate enough to bring another person to the team - how does your Alpha member behave? Is the new guys work "terrible"? Is there heated discussions where the Alpha raises their voice first? (Big warn!).

Too often we've seen these first members belittle, degrade and insult new members. A bit of hazing is expected but obvious animosity creates an unstable team. It's a clear indicator that the Alpha is not the right person for the job.

Accountability

Are they missing deadlines? Are projects getting pushed later and later? Is working piling up behind them?

If the previous four conditions exist you won't even be able to track this. But, if you were, how do they respond when asked "why was this project two weeks late". You know what responsibility sounds like and if you don't hear it then look out.

Many times these Solitary, Captive, Infallible, Superior tech-types have zero accountability - with no basis of measurement. Which documentation and shared knowledge would demonstrate. Put these systems in place. Soon!

Bottom Line

Don't be afraid to prove-out the people your business depends on. Ask them tough questions. Ensure that you are not critically dependent on one person or team member. Ensure their work stands-up under third party review. Look for positive attitude towards new ideas and team-members.

Here is a check-list of things to have that can help you build an accountable, dependable and reliable tech-team.

2+ humans on the task.
Documentation System - Wiki or something.
Issue/Work Tracking System - track assignments, estimates and completion.
Outside Review - find another person/team to check things out.
Outside Assistance - bring in other helpers on some tasks and gauge response.
Manage their Workload and hold them accountable

mTurk API Needs Your Help!

2012-07-14T16:39:00.001-07:00

Amazons Mechanical Turk is awesome and needs your help. They are hiring so I suggest you contact them! Here is some stuff you can work on:

CreateHIT API needs a way to make the HIT visible in the standard UI
Dispose and Disable behave inconsistently
Worker Feedback exposes their Email Address - a violation of Amazon TOS

You can fix those problems.

Be Careful Of Geo-Targeted Domains

2012-07-01T17:18:00.000-07:00

Just recently we were assisting a young company with a roll-out of a new domain "opus.io" Taking a look in the Google Webmaster we noticed the Geotargetable domains was not configurable.

Hrm, it is for other domains we operate. Well, it's not changeable for .io - but many others are OK.

As usual, domain sellers hype this. And of course Google provides explicit instructions on how to configure Geotargeting.

You can watch what Matt says about it to get the complete story.

GeoTargeting Summary

I'm thinking it breaks down to these two points.

There are 38 blessed non-targeted domains
Other domains are country targeted, "swimming up-stream" to target others

What this means for opus.io is that, it will be seen by Google as more relevant to the British Indian Ocean Territory than US or UK visitors.

Make sure your domain falls in this blessed list for best global visibility, and specifically target that TLD when necessary. You can use this tool to check.

Here's to hoping that Google adds .io to their list of blessed domains soon.

Also, aren't TLDs going to be opened wide-up soon? So, that makes gTLD, rTLD and gccTLD stuff less relevant?

Chrome Extension Content Security Policy & Manifest Version 2

2012-06-20T17:45:00.000-07:00

Starting around Chrome/Chromium 18 extensions are moving to manifest version two and this starts enforcing a content security policy. Many extension developers will need to update their manifest and re-write some code.

Here's what we had to do for the Twilio Client Extension.

Update the Manifest

The Manifest needs to change how the content is loaded.

{
  "manifest_version": 2,
  "content_security_policy": "media-src 'self' https://*.static.twilio.com; object-src 'self' https://*.static.twilio.com; script-src 'self' https://*.static.twilio.com;",
  "background": {
      "page":"background.html"
  },

The previous setting for background_page is gone.

Content Security Policy

This was the more confusing part of this update for me as I'd only had passing exposure to CSP before. Read the W3C docs, it shows where the names like *-src come from.

What our CSP shows is that we load media from self and from all HTTPS hosts inside of the static.twilio.com domain, including static.twilio.com itself. This was necessary otherwise the JS console will throw errors like:

Refused to load script from 'https://static.twilio.com/libs/twiliojs/1.0-392a7f1/twilio.js' because of Content-Security-Policy.

Removing In-Line JavaScript

This part is pretty easy, and you know you should have built your code this way in the first place but, like many, used the in-line methods for "convenience" :)

This means all the stuff that was built like this needs to be removed.


<script type="text/javascript">
var bgp = chrome.extension.getBackgroundPage();
bgp.doCoolness();

$('#some_field').on('click',some_routine());
</script>

Should be re-constructed to load from a source.

<script type="text/javascript" src="j/ext.js"></script>

Of course, now your scripts need to wait till DOM ready, so some things must be wrapped inside of ye-ould event listener.

// 100s of lines of JS here

// Last
document.addEventListener("DOMContentLoaded", function () {
  my_ext.init();
  my_ext.be_cool({duration:'forever'});
});

HTH

Twilio API Paging & GnuTLS Issues

2012-06-20T01:18:00.001-07:00

Just recently we were working on some updates for our hosted twilio application service and ran into some issues with a larger volume of call traffic (32K/mo).

GnuTLS Errors from Twilio

This is a snip of the error that was being spewed out from the cURL library.

56:GnuTLS recv error (-9): A TLS packet with unexpected length was received.

Problem Circumstances

These issues only occurred when paging backwards through the records, and only after few requests have been issues. That is, paging backwards by 1024 records we saw the errors round pages 30 (of 80+). There was no consistent behaviour.

Naturally we contacted the Twilio support team (which is pretty good!) And we through few steps with them.

These issues would still occur when we tried page sizes of 512 and 256 and 128. Other attempts at resolution we tried were using different versions of SSL (SSLv2, SSLv3, TLSv1). All the requests were throwing this error in-side of the 30s timeout that is implemented on the Twilio API.

Problem Resolution

The actual fix for us was a two part process. Firstly, we added a retry loop on our Twilio requests (as suggested by Twilio support).

Also, very important when using the Twilio APIs and paging back through the records is to use the "next_uri" returned in the response. There is a special parameter there AfterSid which provides a good performance hint for the Twilio system.

HTH

Hella Rad Project Management

2012-06-18T11:58:00.000-07:00

We just heard the scoop today (announced on Seattle Tech Start-ups list) that Artefact has launched their unbelievably awesome project management software called 10000ft.

Only 20 minutes ago Shyam sent the email blast. I went straight to check it out. The landing page - was easy, gave clear info in a simply way. A great first impression.

Sign-Up Done Right

Their sign-up process is what all others should aspire to be. One simple page, no requirements for credit-card; get started right now.

And to follow that, their system initialises your environment with some reasonable play data so you can get started right away.

Other Impressions

Their UX team hit the grand-salami! There are awesome user hints the whole way through, it's direct and easy to find the tools you're looking for. The budgeting feature was just about brain-dead easy to use and the reports are easy enough for even the dimmest of PHBs to get.

This is an example of a good team with a laser focus on what their product does: fluid project management. Congratulations to Rob, Shyam and the rest of the 10000ft team.

CapLinked Doesn't Work Right, has No Value

2012-06-17T14:59:00.000-07:00

CapLinked found our company, through the magic of the Internet on May 17th 2012. Since that time they have been bombing our inbox on a weekly basis with worthless messages.

What is CapLinked

CapLinked claims to be a service that helps to make private investment easy and you find Investors and Advisors for your business.

But Edoceo Doesn't Trust Them?

Nope, For a few simple reasons.

Contact via Generic Mail Address

We never contacted CapLinked, instead they contact us. Through a generic email address in our domain (info). Lame. A better demonstration of their legitimacy as an organisation would be to contact through less generic. And, of course our account was created without action on our part so our first order would be to reset the password on an account we never made.

We've had multiple contacts with investors, advisors, angels &c; not once has that contact come through a generically guessable address. Quite the opposite in fact, contact was made via telephone or LinkedIn.

Pre-Fab Account Creation

The initial email was because CapLinked had already created a profile for us! Unfortunately, the profile was incomplete which means any of the other CapLinked users looking at us would think we are lame due to the lack of information on our profile.

It is not cool to automatically create a public profile for a person/company with incomplete information and then ask them to claim it. CapLinked should have waited for us to come to them (eg: like CrunchBase does it).

Non-Functional Un-subscribe

Naturally we tried their un-subscribe option. That did not work.

A sure sign of a poorly operated company is a non-functional un-subscribe system.

Claim Feature Broken

So, finally we tried to claim our company. We were sent a "Claim Edoceo on CapLinked" email with a simple hyper-link. We followed it (incognito window of course). The page showed our incomplete profile with a clearly defined "Claim this company" button - which I clicked.

Within a few seconds I was sent another "Claim Edoceo on CapLinked" email - exact same text, formatting and message - except the hyper-link hash was a bit different. So, naturally we followed that link again. That resulted in the error message: "This company has been claimed by another user.".

Duplicated Companies to Claim

Once we finally get into their system it's odd that there are two profiles for Edoceo - but both have the same stub. Lame.

Summary

First you make an incomplete profile of my company and notify our generic contact address it exists. Then both the Un-subscribe and Claim features of the system don't work. Duplicated company profiles and the only way to get a verified account is to pay $40/mo. Edoceo will stick with traditional methods of engaging investors, advisors and clients.

Edoceo fixes problem like these; we build systems that work. Perhaps CapLinked should contact us to get their system operational?

How many Users can Our System Support?

2012-06-04T15:15:00.000-07:00

This is a question we are frequently asked.

How many users can I support.

The answer is always complicated and conversations typically go something like:

Customer: We are getting ready to scale up; are we ready to handle 100 mega-users?

Edoceo: how many users are on the system now, what resources do you have?

C: We've got a million sign-ups and we're hosted at Rackspace.

E: No, how many servers? What is the environment? How much existing load, &c.

C: We have two servers, it's built with RoR and uses a combination of MySQL and MongoDB (for web-scale). I think we have lots of room - we have 4Gig of RAM - so how many users can we handle?

E: We need lots of data to make that prediction, step one is to measure the current usage and resource consumption, increase the usage and then review the measurements again - that will give us two points on a grid from which we can make linear predictions - of course more samples are better. What do you use for monitoring now?

C: Rackspace tells us when the server is down.

E: :(

This goes on for some time, attempting to translate user-accounts to actual users. There is a world of difference between 400m user-accounts and 400m active users in a 12h period. The critical performance metric is active users.

Once you have a measurement of active users, then we determine what resources active users require. Naturally this necessitates measurement of these resources such as CPU, RAM, HDD, Network and various services such as web-servers, database-servers, caching servers and many other aspects (we could go on and on). Without these metrics capacity prediction will be impossible.

Decide Acceptable Performance, eg 1 second TTLB on homepage.
Determine Active Users, eg: recent session count
Measure resource consumption at current level
Use gauges and equations to predict growth/consumption rates

Finding Active Users

Some determination needs to be made with regard to measuring active users. How long is their session? How frequent are their page requests? Some web-apps/sites have less, some more. Make a determination for your environment. For example we check active sessions that are updated in the last four minutes. That becomes our basis for creating a base-line measurement.

# example script which queries a session database server and publishes metric
val=$(psql \
    --quiet \
    --no-align \
    --tuples-only  \
    --command "SELECT count(id) FROM session WHERE atime >= current_timestamp - '4 minutes'::interval; ")

curl -d "stat=good" -d "metric=users=$val" 'http://custos/api/service/stat?s=...' >/dev/null

Measure Resource Consumption

This is perhaps the most time consuming factor in performance monitoring. Configuring first the collector system and then configuring the environment. There are many monitoring systems to choose from and thousands of scripts for collecting metrics.

The collection system will likely be one of: Nagios, OpenNMS, MRTG+Cacti but could also be tools from WatchMouse, CloudKick or even our Custos system (currently beta). These system will use the scripts to collect the system metrics and hopefully build nice charts and graphs that are used in the next phase.

What Metrics to Capture

Determining what to capture on the hardware/software side is a bit easier, we almost already know what to measure. Generally we start with the "standard" things such as CPU, RAM, HDD and NIC - that is processor, memory, disk and network.

Making the Predictions

Once these metrics are collected, for some usable time-period then we can start the game of predicting the future. For example: knowing how much, RAM, CPU and other resources are used for 400 users, we can then extrapolate how much resources are needed for 4000 users. The graphs also can show growth rates for data, which can let one know when to upgrade/improve the database back-ends.

Usage predictions are difficult at best, collecting the metrics is the critical first-step to planning for web-site growth.

eNom Doesn't Care about their Credit Card UI

2012-05-16T15:09:00.000-07:00

Almost 12 months ago we reported to eNom that their user interface had a bug. The issue causes an inconvience for users but, it's not fatal. Sadly, it's an easy fix too - but eNom just has done nothing. Lazy.

The eNom Bug

On the account refill page users are presented with form, which includes some account, including phone number. Notice, and this is the bug, that the phone number is mangled on this form. Other parts of the eNom system display this phone number correctly, including their WHOIS data.

Not a serious bug right? The problem is that, when using the refill form customers (like us) don't pay much attention to that field. Why would we? The phone number was set when we created the account and our number has been the same the whole time. But it mangles our data when we save.

Also, how lame is it to have a broken form on your website? Lame. How lame is it when that form is the credit card form? Double lame. Hard to have confidence in a company that cannot manage something so simple as phone number data.

See You in Hell Blogger

2012-04-13T16:03:00.002-07:00

Blogs are dead, or at least this one is. It's so "2000 & late" to be blogging so we're dropping it.

The fad known as blogging is over, "it's dead Jim". The functionality that it used to offer is now replaced by Twitter (worthless), Facebook, Tumbler and Google+ streams (among others). So, stop blogging and start stream-posting! (streamcasting?).

It was kind of nice to be able to replay the Blog feed to our home-page, which is not possible from Google+ (unless using Blstr!) but that was only a marginal gain.

We'll continue to publish useful information about Linux on our Praxis site, about coding web-applications on our Radix site, performance monitoring on Custos and other useful information on our primary site.

Blogging is dead, moving on.

Edoceo's Blog

Sites Don't Respect Trademarks of Small Businesses

Linode Outage Review - Counting Events

Seattle PD Discrimination: Parking

09:50 No Sign of Parking Enforcement (PE)

11:14 Parking Enforcement Spotted

11:32 Dodge Leaves

12:03 Parking Enforcement Spotted

13:53 Parking Enforcement - Marking

16:00 Parking Enforcement Spotted

16:29 BMW Leaves

Summary

Entrepreneurship & Letting go of Ideas

Time to Let it Go

Backorder Domain Auctions - False Metrics, Lost Revenue

The Back Story

The False Metrics

Lost Revenue

Inheriting Sloppy Code

Recognising Sloppy Code

Resolving Sloppy Code

Stealing Passwords with Google Chrome

Environment

The Attack

Discovery

Google Play Store Forces TOS Agreement

Steps to Reproduce

API Performance and Availability Monitoring

What is SEM (Search Engine Marketing)

What SEM Is:

AWS Billing is Broken

UPDATE!

Google Checkout/Wallet Migration Nightmare

Checkout Migration Issues

Questions for Google

Alternative Solution Path

See Also

Resara, Samba4, Windows7

RIP Resara

Samba4 Updates

Samba4 + Windows7

10 Business Model Canvas Tools - Review

Understanding Twilio Costs - It's not $0.01/minute

The Penny per Minute Myth

Five Warning Signs about your Technology Person/Team

Warning Signs

Solitary Knowledge

Captive Knowledge

Infallibility

Superiority/Condescending

Accountability

Bottom Line

mTurk API Needs Your Help!

Be Careful Of Geo-Targeted Domains

GeoTargeting Summary

Chrome Extension Content Security Policy & Manifest Version 2

Update the Manifest

Content Security Policy

Removing In-Line JavaScript

Twilio API Paging & GnuTLS Issues

GnuTLS Errors from Twilio

Problem Circumstances

Problem Resolution

Hella Rad Project Management

Sign-Up Done Right

Other Impressions

CapLinked Doesn't Work Right, has No Value

What is CapLinked

But Edoceo Doesn't Trust Them?

Contact via Generic Mail Address

Pre-Fab Account Creation

Non-Functional Un-subscribe

Claim Feature Broken

Duplicated Companies to Claim

Summary

How many Users can Our System Support?

Finding Active Users

Measure Resource Consumption

What Metrics to Capture

Making the Predictions