Blogs

RedMonk

Skip to content

The Concise Executive Guide to Agile – Book Review

The Concise Executive Guide to Agile (IEEE CS Press ReadyNotes)

Executives are often left with few hand-holds for fitting Agile development into their usual management tasks – setting plans (including budget), measuring success and failure, using leadership to set the plans and spirit that teams operate under, the mechanics of scaling Agile to multiple teams at “big” companies, and most importantly being able to make business decisions with imperfect information.

In a quick 27 pages, Israel Gat covers the tasks management must take on introduce, manage, and then maintain Agile in their organization. Packed into this brief guide is enough information to bring an executive up to speed on what they should be doing if they’ve found themselves in charge of an Agile organization, or if they’re trying to boot-strap to that state.

(It’s available as an ebook directly from the IEEE or as a Kindle edition.)

rev="post-5221" 3 Comments

Categories: Agile, Book Reviews, Reviews.

By cote
August 25, 2010 at 8:52 pm

Dealing with Analysts, 2010 edition

A few years ago I gave this presentation to the Porter Novelli Austin. One of the original folks there, Josh Jones-Dilworth, now has his own marketing firm (Jones-Dilworth, of the mysteriously stealthy home-page), and asked me to come give the talk to his people.

I updated it a bit, but the goal is still the same: tactical advice for getting things from and working with analysts. Also of note: the presentation is targeted at PR, AR, and other people who work on the “sell-side” with analysts. The focus is primarily for “vendors” who want to curry influence & do work with analysts, not “buyers” who want to use analysts as input for their own evaluations, procurement, knowledge, etc.

Jones-Dilworth is a great firm – and not just because they have a kegerator in their office – if you’re in the market for PR, AR, and strategic marketing help, they’re worth checking out.

Disclosure: some of Josh’s past and current clients have been and are RedMonk clients. Josh also gave me a Roku as he had two boxes full of them from that client of his. Also: an espresso and seltzer water from the coffee outfit next door, Once Over Coffee – it was delicious!

rev="post-5218" 3 Comments

Categories: presentations, The Analyst Life.

Tags: ,

By cote
August 25, 2010 at 5:13 pm

Links for August 23rd through August 24th

  • Motorola Buys 280 North – Tech Trader Daily – Barrons.com
    Check out telco ecosystem getting developer happy. As I Tweeterd to my old high school alum @madskeelz, “everyone in the telco space is (finally!) trying to go after developers. Need killer apps beyond voice and sms.”
  • Oracle forms new ‘axis of evil’ against open source, claims Adobe
    Let the JavaFX conspiracy-theories loose!
  • vSphere rounds into form
    “With a 10GB switch, enterprise customers can expect to be able to move eight machines at once across a VMware cluster.”
  • Makara layers DIY platform cloud atop EC2
    The Java + PHP PaaS startup – “The Cloud Application Platform is the set of tools that wrap around this platform cloud layer that allows system administrators to set up software stacks to support Java and PHP applications and then have it automatically scale that infrastructure up and down as workload conditions dictate.”
  • Novell Launches Cloud Security Service for MSPs
    Novell trying to get into the “make the cloud lawyer approved” game.
  • Microsoft ID guru slams ‘duplicitous’ Apple
    “This, according to Apple, includes data such as ‘occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.'” To which Microsoft’s Kim Cameron replied: “I pointed out the obvious: if Apple releases your location and a GUID to a third party on multiple occasions, one location will soon stand out as being your residence…Then presto, if the third party looks up the address in a ‘Reverse Address’ search engine, the ‘random’ GUID identifies you personally forever more. The notion that location information tied to random identifiers is not personally identifiable information is total hogwash.”
  • The Demographics Of Texting And Talking In The U.S.
    “In a survey that explained texting and talking by race, gender, age and geography over a 12-month period ended March 2010, Nielsen found that African-Americans use the most voice minutes every month; women talk and text more than men, and teens on average send a whopping 2,779 text messages a month.”
  • Verizon cloud first to clear credit card test, targets payments segment now
    “Verizon Computing as a Service, or CaaS, the company’s cloud computing solution is the first cloud-based solution to successfully complete the Payment Card Industry Data Security Standard (PCI DSS) audit for storing, processing and transmitting credit card information.” – in a recent podcast with Expensify.com we discussed the difficulty of PCI compliance in relation to cloud computing: looks like Verizon is doing something in the area.
  • Ten things you need to know about Microsoft’s Visual Studio LightSwitch
  • OpenStack cloud fluffer does VirtualBox • The Register

Disclosure: see the RedMonk client list for clients mentioned.

Comments Off on Links for August 23rd through August 24th

Categories: Links.

By linkposter
August 24, 2010 at 6:09 pm

Developer relations in your pocket

Phones

The telco ecosystem is finally waking up to Microsoft’s great epiphany of the 80’s and 90’s: it’s all about developers.

I was reminded of this when one of my high school alums Tweetered me about Motorola buying 280 North, makes of Cappuciono, an Object-C inspired app framework.

While I can’t say I’ve really every heard of anyone wanting to do more Object-C (like) coding, it highlights the fire under the collective back-sides of handset makers, carriers, and others in the telco space who’re seeing the developer ecosystems around Apple and Android disrupting their billion dollar revenue streams.

“…well I am now!”

Every technology need a parade of “killer features” to drive customers and for decades voice is what telcos offered. Remember all the “you can hear a pin drop” ads? While I might yell out “Bula Vinaka, Beachside!” each time AT&T drops my iPhone call, voice isn’t much of a killer feature anymore. There’s texting, of course, which while heavily used, is quickly becoming another undifferentiated feature (read: difficult to make easy money from in the face of cut-throat pricing from competition).

The App Economy

“Apps” are where it’s at now. Thanks to several years of advertising from Apple around the iPhone and the follow-on of Android, consumers are expecting their cellphones to be small computers. Just as with traditional computers, the availability of applications – killer apps – drives interest and buying behavior of the platform, here, various “smart phones” – soon just be “phones.”

Little wonder, then, that you’d see people like Motorola buying their way into application development. There’s a long way to go to build up a healthy and effective developer relations program, but having the actual technology – along with the talent and brand – is the necessary start. The existing cultures are a tremendous hurdle – the corporate structures are not really built around the slippery-slidey world of software and existing revenues are so stupidly massive that it’s easy to have a “what, me worry?” mentality.

Telco arms-dealers like Alcatel-Lucent are working on their own platform, and I’d expect to see more telco ecosystem folks – handset manufactures, telcos, equipment vendors, etc. – try to buy their way into, well, software.

Disclosure: Alcatel-Lucent is a client.

rev="post-5210" 3 Comments

Categories: Community, Marketing, Programming, The New Thing.

Tags: , , , , ,

By cote
August 24, 2010 at 4:20 pm

What's up with "cloud"?

Tonight I’m giving the opening presentation for the newly formed Austin Cloud User’s Group. The idea is to provide a base-line for “cloud computing.” With me, that usually means answering the questions “why bother?” and “what can I do with it?”

The EventBrite ticketing is closed, but here’s the details of the meeting tonight nonetheless. Also, while there’s no site for the ACUG, there’s a Google Group to keep up with the ACUG. Also, they use the hashtag #ACUG.

The presentation is embedded above, or see the listing at Slideshare for download options and such.

Disclosure: several companies mentioned int he presentation are RedMonk clients. See the RedMonk client list.

rev="post-5208" 4 Comments

Categories: Cloud, presentations.

Tags:

By cote
August 24, 2010 at 3:37 pm

Filing your expenses in the cloud – Expensify.com & the Intuit Partner Platform, with David Barrett – make all #008

Expensify.com logo

I’m joined by David Barrett of Expensify.com to talk about how the team built a SaaS and mobile-enabled service to make “expenses reports that don’t suck.” We talk security, data integrations (like with Intuit), and approaches to marketing SaaSes.

Download the episode directly right here, subscribe to the feed in iTunes or other podcatcher to have episodes downloaded automatically, or just click play below to listen to it right here:

Show Notes

  • Why do expense reports?
  • Overview of offering – scenarios of use – fun integrations, what are the challenges of UX?
  • On small business as a market: “Small businesses are not small, big businesses.” – “How the real world is kind of weird.”
  • What’s the architecture, stack, and technologies used?
  • How do they plugin to the Intuit Partner Platform with all this? They do a federated application and use IPP as a good channel for selling to accountants.
  • What authentication and authorization protocols are used? SAML, OpenID, etc. but mostly stuff like PCI.
  • We get into some of the PCI-driven and other security stuff, and doing “real financial transactions.”

Transcript

Michael Coté: Well, hello everybody! This is another edition of the make all podcast, the podcast about fun and interesting stuff going on in the software development – or just software – world, stuff with those “damn computers.”

And as always, this is one of your co-host – or one of your host, Michael Coté, available at PeopleOverProcess.com.

In this episode, we have got a fun topic sponsored by Intuit, and we are going be talking about one of the applications, if you will, if things can still be called that, that’s using the Intuit Partner Platform. With that, would you like to introduce yourself guest?

David Barrett: Hi there! My name is David Barrett, and I am with Expensify. We do expense reports that don’t suck, and we do that by importing your expenses and your receipts right from your credit cards and mobile phones, so we have been doing expense reports through email and then reimbursing everything online, in the glory of QuickBooks and Direct Deposit.

Michael Coté: I was noticing your excellent motto when I was looking at your stuff a little bit ahead of time, and as someone who works at a small consultancy kind of company and travels a lot, you can imagine I have a lot of expenses. So I was getting a little excited about what was going on there because —

David Barrett: That’s right, because we don’t actually tend to make them fun, we just try to make them not suck.

Michael Coté: I think that’s a good qualification there. But yeah, I mean filing expenses is always terrible, especially with older systems. But one thing I was for — as sort of boring of a nook of the world as expense reports are, I was curious why you decided to start an expensing startup. Like how did you convince yourself like, “I want to be in expense filing”?

David Barrett: Yeah, exactly. When I was a kid, I just wanted to be an expense report magnate, I figured that would be — all the chicks would really go for that.

Michael Coté: You had big like Cognos posters on the walls?

David Barrett: Exactly, exactly. No, I think it really happened — probably the decisive moment when I knew is I was filing an expense report, and so our company, every year we take the company overseas. So we take the whole company overseas for about a month, and this one time we went to India, and this miniature sort of economy built up around the receipts, where a $10 receipt, you could buy from someone else for $8, because the pain of actually trying to get that receipt reimbursed was so painful, they would just like basically take a 20% discount just to get the cash upfront.

So I was the sucker who was buying up all these receipts, and I had this gigantic stack of receipt, which I was going to make bank on, and then I would go to actually get it reimbursed. And it took me two weeks to fill up one expense report, and it just took so long, and the entire time I was just pulling my hair out and thinking, there is no way it needs to be this bad.

This occurred to me that, every company I had been at, be it small companies, big companies, expense reporting was always the biggest pain in the ass, so I just decided, we can do this better, this just needs to be done a better way. So I figured, well, there is a good opportunity there.

Michael Coté: And so I mean, not to get too advertising-y, but I am really — since I have to deal with it, I really am interested like, what are those things you do to make it better, like what — as an analogy, I use sites like TripIt and Dopplr for my sort of travel organizing. It seems like a lot of what they do is what I would call, like they do things — they basically don’t do stupid things.

And they do things that are kind of obvious. You can just email your itinerary to it and you can get like an iCal feed and things like that. But I am curious, in the expensing area, like what are those sort of like helpful — they always seem like the kind of obvious, but people just don’t — companies just don’t spend the time to like automate it.

David Barrett: Well, that’s exactly right. I think it’s — I will be honest, it’s a pretty low bar to jump. The typical expense report would be, you have an Excel spreadsheet, you make a bunch of purchases with the cash, and your personal credit cards. You would pick up all the receipts, you got this big stack, and somehow maybe you tape it down on paper, and then photocopy it, and mail it, and all this junk. It’s such a horrible antiquated process, it doesn’t take a lot of creativity to do right.

So the way that we do it is, so first we really — everyone pretty much makes purchases in their personal credit cards anyway, and so we will just, like mint.com, we will just import your expenses straight off from your credit card. And because we are doing that, we are connecting directly to your banking website, which gives us very clear, very clean, tamperproof datasheets, which allow us to satisfy the IRS requirements directly off your credit card.

So for any purchase under $75, we can give you an IRS ready, paper receipt equivalents in purely electronic form, right from your credit card. So for about four out of five paper receipts you would pick up in a business trip, you can literally just throw away entirely. You just don’t have to keep it at all, because we can take care of all of your records straight off of your credit card.

For most of the purchases above that, we find they are done online, like airfare, car rentals, things like this, take the email receipt that you were sent from the booking website, forward it to [email protected], and we will take care of it.

It’s kind of like TripIt, how they read the information off the receipts. They are a bit more advanced than we are there. But we basically will take the receipt image and basically keep track of it, such that when it comes time to create the expense report, all of those receipts are already in place. And then for those few straggler paper receipts that remain, we have native apps for iPhone, Android, BlackBerry, and Palm Pre, just take a picture of the receipt, it will upload straight to our servers.

So basically, when you are on the road, when you are just making your purchases, we make it such that you can throw away all your receipts the second you get them, and as a result, when it comes time to make the expense report, well, most of it’s already done for you, and the rest of it is just a couple of clicks away.

Michael Coté: And an implicit thing in there is that, you guys are a SaaS basically, or to use the gold plated buzziness of the contemporary times, you are a cloud based application.

David Barrett: Yes, that’s right. We are in the cloud.

Michael Coté: I mean, it sounds like there is basically this model of like a user, and the user is collecting all these various receipts from, whether it’s kind of like images of the receipts that they have or the integration that you are sucking in from their credit cards, and then there is also like a workflow for approval and things like that, right? I mean, that’s part of —

David Barrett: Oh, yeah, of course, of course. So Expensify is a little unusual in that, the first person we go to in a company is typically not the manager, we go straight to the employee. We just go to the employee and say, if you hate your expense reports, don’t wait to be asked, don’t ask permission, just sign up for Expensify, create an expense report, submit it to your boss, and see what happens. And more often than not the boss is like, great, this looks really awesome!

So typically, the employee will create an expense report, submit to the boss. Boss would be like, this looks good, they will submit it to their accountants. The accountant will be like, wow, this looks pretty good, but the categories are just all totally wrong. They will link up their Expensify account to QuickBooks, will synchronize with the QuickBooks Chart of Accounts and basically take care of all the accounting backend. And then we will turnaround and share and create what’s called an Expense Policy, which will be shared out with the rest of the company.

So basically, we try to use the employees as lead generators, in that every time you submit an expense report, in essence you are introducing us to someone more important than you; your boss, your finance department, things like this. So we try to use the employees as lead generation into the company, and then we turn around and we convert the entire company at a time using an Expense Policy that has, for example, that workflow defined, it specifies who submits to who, who is able to approve reports, reimburse reports, and things like that.

And then of course I should also mention that Expensify has its own integrated payment network, so we can withdraw funds directly from the employer’s account and deposit them directly into the employee’s account through direct deposit. So we try to make the entire expense process, from purchase to reimbursement, electronic.

Because I mean typically — it seems really antiquated that you make a purchase with the credit card, which is electronic, and then you get a paper receipt. And then you take that paper receipt and you type it into Excel, which is electronic, but then you print it out. And then you take that printout and you give it to the accountants, who types it back into QuickBooks again, and then they give you a paper check, and then the paper check is actually deposited again.

There is this huge paper based process that’s typically there, we are just trying to get rid of the paper, such that it’s electronic from purchase, all the way to the reimbursement, takes away opportunities for fraud and error, and just makes it clean for everyone.

Michael Coté: I think that workflow you described is why I haven’t filed expenses since, like, November, just because — I mean, filing expenses is one of those things that the longer you wait, the worse it gets, so the less you want to do it I guess. And it’s also bad from the angle that, like, you are basically screwing yourself out of some money.

David Barrett: Yeah. You are basically extending a zero interest loan to your employer, and then you have to act as your own repo-man to get paid back.

Michael Coté: Exactly. One other thing, as I dork out on expense filing, is there a way you kind of can establish like reoccurring expenses, like if I get reimbursed for like broadband to my house or broadband, I am using like 90s lingo —

David Barrett: My “dial-up connection.”

Michael Coté: That’s right. Do you guys handle those kinds of things?

David Barrett: Yeah. Not as well as we can. Expense reporting is, as humble a field as it is, it’s actually sort of complicated, and there is just so many different things to do, especially in the small business space.

Because I would say the big lesson that we have learned is that, small business are not small big business, they are just an entirely different breed, and they have very — a lot of sort of ambiguous and complicated relationships, and so it’s taking us time to really just work out a product that works in the real world.

Like to give a couple of examples of how — the real world is kind of weird – early on we found that barely half of our expense reports were submitted to someone in the same domain name. Initially we thought, it’s like, oh, people are going to neatly group up by domain name, that just wasn’t the case. And then we started talking to these people, we asked them, it’s like, “what’s your relationship with this other user?” And they are like, “well, he is just this guy, he just works for me some times, sometimes I pay him.”

It’s like, “oh, okay, great!” Well then, you have got this really weird relationships down there, and trying to build or accommodate these unusual relationships is just taking time.

So yeah, there is a ton of stuff that we want to do, like the recurring expense is a great one. OCR and the receipt images is another great one. There is all sorts of really cool stuff to do. We are going to do it all, but it’s just another time.

Michael Coté: Right, that makes sense. So getting into the technology side, I mean, can you describe the basic stack that you guys have? I mean, you have already told us, we have already gone over that it’s a SaaS application, so it’s hosted somewhere, and you have got like various mobile apps that are kind of inputting sources. But I am curious like what you guys built it on from a high level architectural overview?

David Barrett: Sure! So one thing, it’s also a little unusual is, because we don’t just deal with bikes, we deal with real money, like actual dollars flow through our system, and as a result security is just paramount.

So from the very get-go, we had to build a very secure infrastructure, not just because it’s a good idea, but because we have actual banking partners that won’t allow us to operate if we can’t.

So we have sort of three geo-redundant, real-time synchronized data centers. We have basically a C++ and PHP layer for the business logic. We have all the classic web stack for the front-end. Basically it’s a pretty standard web-based application, except with a lot of emphasis on maintaining very, very tight security, much more so than just your typical website.

Michael Coté: It sounds like a lot of the work — how do you handle all the sort of like — for lack of a better phrase, kind of, like, what’s the bus for all the data integration that you are doing, like how are you guys doing that?

David Barrett: Well, yeah. It can get messy. Because we are taking in data from so many different places and spitting it back out even more.

So for example, what we have is this giant import pipeline, such that we can import the information, strengthen the banking websites, and that can get pretty gnarly.

Furthermore, we have all of our mobile apps, that we can take in — like receipts in through email, receipts in through all these different mobile applications. And then of course we have a variety of partners that we work with. Probably the most notable of our partners is Intuit, and we work with something called the Intuit Partner Program.

So there is this — I think it’s really interesting in that — it’s kind of like — I call it the iPhone App Store, but for accountants. It’s built into QuickBooks. There is this big button on the top of QuickBooks you click to get to the workplace, and then it lists a whole bunch of applications that are integrated with QuickBooks, and then Expensify is one of those applications.

The Intuit Partner Program has been really great to us. I would say that it brings a steady stream of very highly qualified leads, because though we typically will go to the employee first in order to get into the company, a much more powerful, sort of high leverage point is if you can go straight to the accountants.

But from the marketing perspective, a classic advertising and the ad spend that gets straight to accountants is so expensive, to actually like acquire an accountant onto your system would cost a ton of money. But the Intuit Workplace gives us a direct pathway straight to these accountants. So it’s a very low-cost of sale channel to sign up accountants onto the system, and then from there, we don’t just get a single company, but we can sign up multiple companies, because accountants, especially in the small business space, rarely work for a single company, but manage the books of many companies.

Michael Coté: So I guess, especially in that scenario, of an outsourced accountant, if you will, that’s managing very — whether it being — as opposed to being an in-house one, that’s managing various other companies like — so that’s another sort of small business weird thing that — I mean, it sounds like every relationship you have is usually many to many. Like there is not people on the same domain name and the accountants aren’t working for one company and people are probably expensing the multiple companies, so things get in that very unpure state of end to end.

David Barrett: Yeah. Initially, we were just terrified of this. We were like, oh my God, this is such a mess, but then we realized, this creates a great opportunity. Because of this many-to-many relationship, it makes an inherently vital product, in a few different ways.

Like the first, as I mentioned was, employees introduce us to their employers. So that’s great. Then employers introduce us to their accountants, who introduce us to other employers. So that’s great too.

But then a third one is, as you alluded to, when a company has consultants, and the company tells the consultant to use Expensify, the consultant turns around and use Expensify for the next company as well. So in all these different ways, we get incredibly organic and just this natural viral growth through the mere act of using the product itself.

Of course we can do a bunch of things to really, in sense, the natural viral activity, except it’s great that all of our traffic comes organic. We don’t buy any of our users, they all come to us through these different natural channels.

Again, because the small business is a huge opportunity, but it’s a hugely fragmented opportunity. So you have to have an incredibly low cost of sale, and these different channels, be it like Intuit Workplace, be it like the mobile applications, all provide great low-cost ways to sign up paying users.

Michael Coté: And so like looking at IPP, in particular, like how do you guys integrate into that workflow? I mean, I assume you are not just sort of doing ads through it or whatever, but it actually sort of fits into QuickBooks. I think the concept of like, someone inputs all these expenses and at some point an accountant or someone has to sort of approve it, and then you reimburse them. But what does that kind of integration look like – what does IPP do for you that lets you plug into it?

David Barrett: So there is a couple of different ways. So IPP has its own cloud hosted Flash-based development environment, which is actually really cool, but we don’t use that part. The part that we use is something called a Federated Application. Meaning, we are a website that we host ourselves, but they have tools that allow us to integrate with the Intuit Workplace to do things like centralized billing and single sign-on and essential employee management.

So to give some examples of how that works from, like, an end-user perspective. Let’s say you are an accountant, you are inside QuickBooks, you click the Workplace button. You see a bunch of applications like Expensify. You say, hey, I want to give Expensify a shot. You click the Expensify button. Because it’s built into QuickBooks, it means that we are already connected to that particular QuickBooks file in this very secure fashion.

So when you sort of install Expensify into that QuickBooks file, basically it means that you are already configuring Expensify to use that particular QuickBooks company file, and so as result, from the very start, we already know, oh, okay, this guy is an accountant, we know what company he is at, we know all the employees, we know the ledger system, the categories, we know everything.

So we just jump straight to this various streamlined setup process, where we can say, okay, well, here’s what we think all the categories are, here’s who we think all your employees and contractors are, click this one button and we are just going to set everything up and you are going to be good to go.

Michael Coté: So basically you can sort of pre-populate all the data and the people and like you are saying the categories that you need for expense filing?

David Barrett: Exactly! So additionally, the Workplace has a variety of applications. I mean, probably one of the more notable ones I would say is the — Intuit uses the Intuit Workplace for their applications as well, and like for example, the payroll, Intuit Payroll has this application called ViewMyPaycheck. So if your employees are already signing into Intuit Workplace to do payroll related things, it’s a supernatural point to have them also do expense related things, and they can use the same exact account.

So they don’t have to have a new password, they don’t have to go to the Expensify website or learn anything about us, they just keep going to the Intuit Workplace, as they are already accustomed to, and then they can just click onto Expensify and go straight to us.

Michael Coté: So like you guys are doing — this integration happens basically over the Internet, right? I mean, is it done over SOAP or something else or like how is that stuff playing out?

David Barrett: So I believe it uses SAML as the single sign-on technology, uses — yeah, different SOAP based — actually it came out with SOAP or XML-RPC, one of the two. It’s a super straightforward process.

I mean, one thing I have been actually really pleased working with Intuit on this, is they put a lot — I mean, this is a very strategic focus of Intuit; making this work is very, very critical to the company. They are putting a lot of resources to make this seamless for the partners and they have given us a tremendous amount of support throughout building the application, and then even, perhaps more importantly, after the application has been built, they have really helped us promote it.

They do a lot to optimize their stores to really push certain applications, to really optimize the conversion. And they have made a number of really significant changes and many in direct response to our feedback. So I feel like we have had a really productive relationship, and it has definitely worked out very well for us.

Michael Coté: And like you said, the point of — all the stuff is nice and secure enough for you guys to use, right?

David Barrett: Oh, yeah. Well, I mean, this is operating out of the same datacenter that Intuit uses to process, I think it was something like a trillion transactions through the — I mean, they do the TurboTaxes out of the same place. I mean, they process the Intuit Payment Networks out of there, and so it’s the real deal.

I mean, they have incredible security. I mean, certainly they have been doing financial security as long as anybody, and so as a result there is — which is actually sort of a nice thing, because we deal with a lot of partners, and most people don’t really understand financial security, and so it’s actually quite a pleasure to work with Intuit in that respect, because they understand the importance of this and it’s not just lip service.

Michael Coté: And so along those lines, I am curious, in the same way that sort of Intuit is kind of opening up their platform to other people, like do you guys have sort of opening up and integrating with other people, like are there ways people kind of use Expensify as a platform, or are you guys more of an input situation?

David Barrett: So we actually do have an API, and we have — so, for example, we have a couple of customers that have done their own custom integrations with Expensify. So we have, for example, our own single sign-on technology. So you can build Expensify into your existing intranet, for example.

We have some other partners that have done applications using our credit card import, for example. We have some partners working on some things in the mobile side. So yeah, I think no one doubts the value of having these APIs to enable great integrations with big partners like Intuit, or smaller partners like Outright, and basically partners up and down the board.

Michael Coté: I am also curious, like when it comes to, on the whole point of being secure, like are there — what are sort of the protocols, and like you were mentioning, Intuit uses SAML and things like that, but are there other sort of authentication and authorization protocols that you are seeing are popular, like are there newer ones like OAuth and OpenID, do those even kind of pass muster, or do you have to use sort of the enterprise-grade ones?

David Barrett: No, OAuth, OpenID, these are all — I mean, they are all well-thought out. I mean, nobody is going to come up with a secure authentication protocol that’s not genuine and secure. I mean, no one is going to tolerate that. So OpenID, OAuth, SAML, these all do the trick. They have different pros and cons, and I think all of them are far more complicated than they need to be.

Michael Coté: Right.

David Barrett: But really, very rarely is technology sort of the problem. I would say the important things when it comes to real — when we start talking about real financial security, it’s not so much about protocols, it’s more about standards.

So one of the core — sort of the gold standard in financial security is called the PCI DSS, the Payment Card Industry Data Security Standard. It’s the security standard written by Visa and MasterCard. It’s a global standard. It’s the actual standard used by real banks and real financial institutions. So Expensify complies with the PCI DSS standard. So I think that if you are looking for real security, you should be looking for the PCI compliance.

Michael Coté: That’s basically a list of things: PCI is basically a list of things you should be doing with your service or your technology that makes it so that you are secure enough or whatever, right?

David Barrett: Exactly! It’s like — I think it’s a 280-point security standard, regulating everything from like, how often you change your passwords, all they way up to, the sort of super secure encryption that you use.

Like there is this one piece I think is really cool, I would say it’s the heart of PCI, is something called the Split Knowledge, Dual Control Key, and that is, it’s a type of encryption key that nobody in the world has the ability to decrypt by themselves.

So for example, I have access to half of the key, and then my co-founder has access to the other half of the key, and neither of us can actually decrypt any of our data ourselves.

So even if you were to steal all of our servers and take me hostage, you still couldn’t get any of our data, because that’s not enough. So I think this type of building security by design, where it’s actually sort of mathematically impossible for any individual to get access to the data, is the heart of the PCI DSS, and I think it’s the heart of real financial security.

Michael Coté: Yeah, it’s kind of like those old movies, where there is the nuclear launch guys that have two separate keys, right?

David Barrett: That’s exactly the same thing. In fact, it’s a big nuisance, because it means every time that we start our servers, we essentially have to do this simultaneous key turn. So of course — what’s interesting about that, from an engineering perspective is there are a lot of people who start and go, oh, I am going to make a website, it’s going to swap MySQL up there. I am going to build all this junk, and then at the end, right before I launch, I am going to make it secure.

But the problem with that is, by that time you are screwed, because to do it secure, means that it actually really reflects a lot of your technology choices.

So for example, this is sort of geeking out on the backend side a little bit. But let’s say that, if you are dealing with real money, you want to make sure that your data is — it’s like, if you are moving like a $10,000 expense report, and your server crashes halfway through, like you want to know, like did that money move or not?

So as a result, every time you write any data to disk, you want to make sure that you replicate it to at least one other offsite location.

So at the very start, before you do anything, you really have to have at least two data centers and they have to be replicated in real-time using distributed transactions. That’s just like a bare minimum if you are going to do real financial sort of applications.

Then the third part is, if — in a real world, data centers go down all the time, it’s not unusual for the best data centers in the world, Rackspace and things like this, to go down for hours, days, and so as a result if you need two data centers online at any point in time and either of them go, it means you have to have at least three in order to tolerate the real world. So you have to have at least three real-time synchronized data centers, to do real financial activity, in a way that’s actually sort of reliable and secure. So before you have even started, you have to have sort of these three different data centers.

And then when it comes to like these other requirements, like, okay, this sort of split key requirement, so now it means, you can’t make your servers automatically start themselves, because they require two different people. You can’t just of course upload your key and store it on disk, that doesn’t make any sense. So you have to build for incredibly high uptime, because you don’t want to be in the middle of the night, your servers are going down and you have to keep uploading your keys. That’s such a big thing.

So I think this is why — basically the first year, we spent just building up the secure infrastructure to have this sort of real-time geo-redundant data centers synchronized in a very secure, PCI compliant fashion. It’s a lot of work.

Michael Coté: No – it sounds like it [is a lot of work]. With all the cloud hoopla nowadays, there has been — there is finally like a fair amount of pushback on things, and one of them is just like, “oh, the lawyers won’t let us do it.” But like you are going over like what I think is one of the more technologically sound reasons.

Just like you were saying, if you had one cloud provider, even if they are supposed to be up all the time, eventually they will go down. So you already need two and then you are really going to need three, right? So it’s sort of like, you are going to need to — you need some way of satisfying those physical requirements, and then at some point the cloud becomes a lot less magic cloud stuff and it’s just a good old fashion, like running a —

David Barrett: Yeah. Well, it’s sort of interesting, because yeah, there is a series of things that individually all sound obvious. It’s like, “oh, that’s such a good idea, we should totally do that.” And then when you put like 30 of those back to back, it’s like, “oh my God, to actually do all 30 of these really obviously things is actually quite difficult.”

Michael Coté: Right, definitely. Well, great! That was — like I said, I do a lot of expenses, so talking anything about improving my expense process is great. So that was good stuff.

Long ago in the 1990s, I worked at an online banking startup, where we had many of the same kind of issues, so it’s always nice to dork out about that kind of stuff.

So the last thing I am interested in, I am going to have to go try Expensify to see if I can finally do my six months of expenses. What do you guys have in the future, what are you planning on?

David Barrett: Great! Well, I would say, frankly, more of the same. I know it’s a little bit unorthodox to say that we are just going to really do things — do what we do, just do it better. But we are not trying to do everything in the world here. We try to pick one problem and do it incredibly well.

So let’s see, I started the company in April of 2008. We launched an open beta in sort of April 2009. So we have only been really open for business for like a little bit over a year, a-year-and-a-half, and I feel like we have done a lot of learning throughout that year. And though I feel very good about — we have got lots of users using it and the growth is really good, whenever I look at it, I just see, it’s like, wow, we can do this so much better.

So before we really start expanding in scope too much, I think we are just going to do what we currently do a whole lot better.

Michael Coté: Yeah. Sure. That makes sense. Well, great! Well, thanks for taking all this time to talk with us. It’s good to hear about Expensify and how you guys are integrating with all sorts of services, like the Intuit Partner Platform.

David Barrett: Great! Hey, well, thanks for having me.

Disclosure: Intuit is a client and sponsored this podcast.

rev="post-5205" 5 Comments

Categories: Cloud, make all.

By cote
August 24, 2010 at 10:30 am

Cloupia – Brief Note

Yesterday I had a briefing with Cloupia around their announcement of the Cloupia Unified Infrastructure Controller V2.2 today. Here is my brief note on the call:

201008240919.jpg

Cloudpia is providing a “manager of managers” as we used to call it: a system that layers on-top of various virtualization and cloud technologies to give a birds-eye view and control over everything. Their focus is on providing Infrastructure as a Service (IaaS) management. In the demo, Cloudpia worked with infrastructure based on VMWare, Microsoft Hyper-V, “Citrix Xen,” “RedHat KVM,” Amazon EC2, Rackspace, and “Cloud Storage.”

Their technology relies on the APIs provided by the sub-systems instead of doing their work themselves. This is fine, of course, as their focus is on providing that spanning layer over everything instead of providing the raw platform needed for the “low level stuff” of cloud computing. As such, functionality focus is on

To that end, there is a self-service user interface for going through the workflow of request cloud-based services and doing the reporting and management of said resources. A user comes in, requests an instance, walking through the request workflow including seeing the amount they’ll be charged. Once the instances are setup, the user treats it like any other network-bound virtual guest, SSH’ing or Window remoting in.

Admins are given an interface to configure the clouds used, monitor usage, and setup the various policies that users are bound by. Admins can also setup various catalogs of resources and different images for users to pick from.

All of this is done in, I believe, a Flex-based UI, which gives it a snappy UI and nice dancing charts, including heat-maps of resource usage.

They have a feature called “CloudSense Analytics” that offers to closely monitor resources used and do auto-scaling (up or down, in or out, conceivably) appropriately. There is some basic CMDB integration: generating an XML file with changes to state across the clouds, requiring extra work to fully integrate with existing CMDBs, of course.

When I asked about customers and users, Cloupia said that they have interest from enterprises and some service providers. In particular, several providers are looking to use Cloudpia as their public IaaS offering.

Are you looking for a “cloud of clouds,” or do you prefer just using one technology for your cloud stack?

rev="post-5202" 1 Comment

Categories: Brief Notes, Cloud, Enterprise Software, Systems Management.

Tags:

By cote
August 24, 2010 at 9:21 am

Links for August 23rd

  • Developers unhappy over Oracle Android suit
    "Clearly, Oracle is a strong believer in software patents. And if they can use patents as a lever for revenue generation, they will," says RedMonk analyst Michael Cote
  • Clearwire isn’t Even Halfway to its 4G Coverage Goals
    Clear is interesting to watch from a marketing perspective: they have high goals for customers and coverage and use all sorts of resellers, partners, and channel voodoo to (try and) get there. Wonder why you see Clear being sold everywhere?
  • Let's Take a Closer Look at IBM's Systems and Technology Biz
    TPM says that IBM's hardware business is a dog, and they'll strap software on it to build a single-stack item which will, thanks to software, show profit: "My guess is that sometime in the not-too-distant future, IBM will talk about system revenues for System z, Power Systems, and System x products, adding the software and hardware together and showing a combined profit margin for the systems. This would be a way to keep people from seeing how unprofitable its basic hardware business is and to shift the focus to how profitable the systems are."
  • The Data Center of the Future by Wall Street & Technology
    Quotes like this should be blood in the water to enterprise sales sharks: "Any time you build a new data center, you have a great excuse to do a technology refresh," notes Rubinow. "The mindless thing to do would be to move equipment from an old data center and rearrange it. We've been going to all the vendors of hardware, software, networking — we said, 'We're building a new data center and have the opportunity to change something.' We took the best of what they have. We'll have faster, smaller, more efficient equipment."
  • The Cost of Computing: The Internal Combustion Mainframe
    If you're interested in discussions about computing power broken down by revenue, this is the story for you, e.g.: "An analysis of data from 21 sectors (inclusive of governments) and 133 companies across those sectors reveals that the average company has a computing capacity of about .37 million instructions per second (MIPS) and about .17 servers per $1 million of revenue, meaning the average $10 billion company would have a core platform of 3,700 MIPS and 1,700 physical servers."
  • Oracle names self virtualization king
    "But sells the hodge-podge collection of server virtualization being peddled by its systems competitors way short. IBM, Hewlett-Packard, Fujitsu, Dell, and every other server maker have an equally incompatible mess of server virtualization products. And in that regard, they are most certainly not only close to what Oracle provides, but they exceed Oracle."
  • HP sharp-elbows Dell to bid for 3PAR • The Register
    HP raining on Dell's attempts to get more enterprisey.

Disclosure: see the RedMonk client list for clients mentioned.

Comments Off on Links for August 23rd

Categories: Links.

By linkposter
August 23, 2010 at 5:35 pm

Links for August 19th through August 23rd

Taking it to the limit, and peddling over it

Tofu ice-cream for everyone!

The Links

Disclosure: see the RedMonk client list for clients mentioned.

Comments Off on Links for August 19th through August 23rd

Categories: Links.

By linkposter
August 23, 2010 at 8:43 am

Making apps, not just applications – WaveMaker is the saddle to the cloud

I often talk about the concept of developing “apps” versus full-blown “applications.” The idea is that the current mobile space has shown the efficiency of having smaller applications that narrow down to just one feature, or workflow. That doesn’t apply across the board, but it does contrast with more traditional application development that tends to want to do more rather than less.

While I was visiting with RedMonk client WaveMaker last week, their CEO, Chris Keene, and I discussed this concept and how WaveMaker is seeing it play out in their user-base.

In addition to watching above, you can also download the video directly, or subscribe to the RedMonk feed to get it and other videos and podcasts downloaded automatically.

As you may recall, we talked with Chris back in 2008 in RIA Weekly episode #11.

Transcript

(There’s also a PDF of this transcript if you prefer.)

Michael Coté: Well, hello everybody! Here we are in lovely San Francisco, and if you could see, we have got a nice view of the Bay Area here. But nonetheless, we are still in the, as you can see, nice offices of WaveMaker. I have a guest with myself. Would you like to introduce yourself?

Chris Keene: Yeah. So I am Chris Keene. I am the CEO of WaveMaker, and we have been building WaveMaker for three years. Launched the product little over a year ago. WaveMaker is a web app development tool. It makes it easy to build web apps, it makes it fast to build web apps, and you create standard web apps.

It’s also open source, and we have got a very active community, we have got about 15,000 registered developers now building apps with WaveMaker.

Michael Coté: We were talking about – obviously on the infrastructure side, cloud computing is very popular nowadays, because it seems like a kind of a more efficient way of doing things, or it’s not always necessarily the case, but it’s an interesting new way of doing technology. And recently, I guess, I would say over the part six months or so, I have seen a lot more interest in application development on the cloud, which I kind of get excited about, because I think the infrastructure layer is, you know, that’s all good and well, but you are going to reach a certain point where you have tapped out the interesting innovation.

Chris Keene: We have kind of a unique position here, because we made a decision when we started WaveMaker that we were going to build a web development tool that ran in a browser. And we weren’t going to use Eclipse, we weren’t going to base it on kind of a standard heavyweight IDE, and there were some specific reasons for that.

The biggest was, that we thought that people eventually would want to build apps in the cloud, from the cloud, by the cloud, for the cloud, without having to download things onto their laptop. That, if you will, that the future of corporate development is going to look a lot more like Facebook and LinkedIn and kind of self-service than it does today.

Michael Coté: It would be completely hosted.

Chris Keene: Yeah. I mean, today, amazingly enough, building anything within the enterprise is like mounting an expedition to Mount Everest; you have got teams of Sherpas, you have got all sorts of people with different specialized skills, it takes weeks, you have got to have base camps. I mean, it’s a heavy, heavy duty proposition.

But if you want to go into Facebook and you want to tell people about the music you like, or where you are going to have dinner, or do a variety of things that to me seem a lot like customizing, extending it, making it do what I want it to do, well, I don’t need Sherpas for that.

Michael Coté: And to be clear, I mean, WaveMaker is basically a tool for developing applications and there is a lot of back-end integration and UI stuff, but what are the deployment — I mean, you can run it locally if you want to, right?

Chris Keene: Right. So when you download, when you go to WaveMaker.com and you do your download, then what you are actually downloading is a full Tomcat Java stack, and you are actually running a web stack on your computer. And when you launch WaveMaker, it actually launches a WaveMaker application in your browser. So one interesting thing about WaveMaker is, we built the tool with our tool.

Another reason that we thought, having a web-based development tool would be pretty powerful. So we have already got — when we launched WaveMaker, we already had a very, very powerful web application that we had developed with it. So it’s a little, the dog eating the dog food kind of thing.

You can build your application running a stack on your computer or you can go to cloud.wavemaker.com, see the exact same thing running in the cloud; in this case Amazon, and build your application there.

Michael Coté: One of the interesting things that I am kind of hopeful that the cloud will pick up the slack on is, I guess we used to call it, like, Rapid Application Development or RAD or line of business apps, but having a bunch of little smaller applications, that to your point, are not like a huge expedition that you go out there and do.

I wonder if that theory of the cloud enabling that kind of smaller app development, do you see that playing out kind of —

Chris Keene: Yeah. I mean, I think, again, it comes back to the Mount Everest thing. If in order to climb a mountain it’s going to cost me $250,000, no matter the size of the mountain, well, then I am going to tend to do a lot — I am going to tend to do a lot more every time I get that thing together.

So IT doesn’t build “apps,” IT builds applications, and the reason for that is, it costs so much for them to get out of bed in the morning, that it’s not worthwhile to get out of the bed to move around a few thing, I have got to do something really big and really meaningful in order to justify the cost, just for them to do anything.

And so what we are really trying to get towards, and you were actually giving this example earlier, is mobile apps. We have the notion now that I have got a mobile app to figure out where the nearest gas station is, and I have got a different mobile app to tell me how to get to my friends’ houses, and a different mobile app — we might have ten different mobile apps that have to do with location.

Well, the way enterprise IT works is, they are going to get together all the requirements, they are going to put together a very heavyweight project and team, and really solve this location issue once and for all. And it costs so much that nobody can afford to go back and revisit that for another five or ten years.

Whereas realistically, the first month this thing is in production people are saying, you know, this actually isn’t the way I want it to work, I need a button over here, I need to do it a little bit different. But of course nobody can do that, because the Sherpas are all gone, they have gone home, and we have got our trophies standing on our bookshelf and whatnot.

Michael Coté: You can sort of have quick and dirty apps if you want, and you can have the more long running ones, but that is like one of the unfortunate things that perfecting IT has kind of evolved into is, it’s very concreted in there. It seems like change is not always the ideal thing, the feature that you want to offer.

Chris Keene: Well, it’s weird too, there is kind of two types of IT; there is the infrastructure IT, which has been focused on doing Service Oriented Infrastructures and really getting the databases cleaned and whatnot, and that part of IT fits perfectly with this idea of apps. The basic services are there.

The problem is, there is no easy development tool sitting on the other side to consume those services. So it turns out, IT built all of this great infrastructure, but then it was so complicated to access it, that the only people that could access it and build apps on it was IT themselves, and so they were never really able to get the benefits of it.

Michael Coté: That’s something you were discussing earlier that reminded me of a funny cartoon of — I think it was a 4-panel cartoon where there was this dead horse that had SOA on it. And I don’t know if you have seen that one. And there’s these few people discussing whether you are going to put it, and then of course the joke is, “well, hide it in the cloud.”

But I think that’s a very cynical way [to think of it]. I think that the more optimistic thing is — I mean, it’s true, what you are saying is, is we did spend, we as the industry, spent a lot of time servicizing everything.

Chris Keene: To me, the killer app for cloud is ecosystem. So the cloud doesn’t — everything you can do in the cloud, you can do in other places. So VMware will tell you the cloud is just virtualization, you have been doing that for years.

I mean, that was kind of the Larry Ellison joke, that everything has been renamed cloud including, as you said, SOA. I think what’s interesting though is, putting individual things in the cloud is not much different than putting individual things anywhere, what’s different though is when you have multiple things there.

If my database is in the cloud and accessible there and my reporting is in the cloud and accessible there, and my Salesforce automation is in the cloud and accessible there, and it now becomes very easy, just a matter of service calls, to call all three of them and put something together between them. Now, that’s something you couldn’t get any place else.

So in the data center world, my SFA [Sales Force Automation] was in one silo, my ERP [Enterprise Resource Planning] was in another silo, my database was at another place, and it was a very big typical undertaking to just get those three to talk together. But in the cloud that’s trivial.

So let me give you an example. KANA is one of our biggest ISV customers. They do call centers. They are deploying the call center software for the U.S. Postal Service this year, 20,000, 30,000 employees. They initially built this application as something that was going to run just in the enterprise data center, but because they built it based on WaveMaker, they realized, oh, we could put this in the cloud too.

How many days do you think it took for them to get this application, like 10 or 12 servers, databases, WebSphere, DB2, Enterprise Service Buses; how many days do you think it took them to get onto the cloud, Amazon?

Michael Coté: I think four weeks or so.

Chris Keene: It took them two days.

Michael Coté: What is it the tool does that fits in this kind of development?

Chris Keene: Well, so what’s really great in the case of a KANA and ISV, is they have built this very complicated call center operation application. It’s a set of workflows connected by a set of screens.

Michael Coté: Right.

Chris Keene: And what they have done is, rather than just shipping this whole thing to you as a black box, they have basically shipped it as a series of WaveMaker applications, that you can pick up and edit in the WaveMaker Studio.

So if you decide, at the U.S. Postal Service, if you decide, we want to route things here and not there, that’s a matter of a few minutes. If you decide you want to have a button on this side and not that side, or if you want it to be green and not red, that’s a matter of 30 seconds.

So you suddenly have the ability for the people who are using the application to change the application, just like they would say a Facebook application. Why? Because they don’t have to be Eclipse developers, they don’t have to have anything deployed under the desktop, they just have to have the right permissions to get in and open up the applications, change the workflows, change —

Michael Coté: They can get it online and everything and deploy it online.

Chris Keene: Exactly! So this is where you start seeing a really, really different approach to development. Now, of course this is for doing fairly minor changes. I think if people want to change fundamental things about their business logic, yes, they will still need your Java coders and all of those other things. But those kinds of changes happen much less frequently than the, gees, I need a new field on this form.

Michael Coté: So like you said, it’s about — was it about a year ago that you launched it? Yeah, right. So you were saying, you launched about a little — around a year ago, and like what’s the most recent version that you guys have come out with? Can you kind of bring us up to date on what you have at the moment?

Chris Keene: Yeah. So this one works, the first one didn’t work [smiles & chuckles]. So we are at WaveMaker 6.1 now, and what we have really been focused on is just making it incredibly, incredibly easy to go out and grab services, grab existing Java code, grab data structures, and databases, and turn those into applications.

And the developer community is about 15,000 developers, we have built that in about a year. Just for reference, the Salesforce developer community, they have got 34,000 registered developers that they have created over four, five years.

So we have gotten to about half of our Salesforces in one year, and of course we had a secret weapon, which is, we are open source. So we have got a lot more community involved and we have got a lot more activity, and that’s really kind of what’s driving the momentum.

Michael Coté: And like you are saying, you basically — there is various data sources that you guys can suck — it sucks data from and started using it, and you can build the layers or components or widgets or screens on top of that, and have various workflow attached to it. I mean, what are those data sources that you guys are pulling from at the moment?

Michael Coté: Well, right now we talk to any relational database. We talk to all of the crazy CouchDBs and Cassandras and whatnot. We talk to any kind of a web service, both the kind of formal WSDL, SOAP type web services. But more importantly, we do REST services, RESTful services. Basically what we do is we kind of create a hub, an ecosystem, for just pulling all of these different services, existing code, existing data, and building them into applications. Where we are going is to apply that same capability to SaaS applications.

So for example, imagine that you could kind of point a web development environment at your Salesforce, with your custom fields, all your custom capabilities, and just suck out of it all the data that you needed and change it and then put it back. So treat Salesforce, treat any SaaS application as a database, and imagine again this notion of apps creating small enhancements, small piece of functionality that take Salesforce, which is pretty generic, and tweak it for your business to really make it do what you need for your business. Now, suddenly, Salesforce becomes a competitive weapon.

And any application that you are building, you are taking advantage of all of the Salesforce validation and rules and everything, so you literally can’t write about application against the Salesforce database, it won’t let you.

Michael Coté: Right, right. I mean, it gets back to, like we were saying earlier, that there was a lot of time and effort spent perfecting a service based architecture or an SOA sort of thing, which without that kind of nice layer at the infrastructure, it would be a lot messier when you are actually trying to apply it. So maybe that dead horse actually had some benefit.

Chris Keene: Well, of course the missing link is, so if you take that horse metaphor, there was no saddle for it, there’s no way for people to get up on the horse and go some place. You had to be a master bareback horse rider to be able to do something with it. So WaveMaker is really providing that easy interface that you can stick on top of your Salesforce, on top of your NetSuite, on top of your Oracle Financials, and go some place, do something useful.

Michael Coté: Well, I think we have finally determined the WaveMaker tag line: WaveMaker is the saddle for the cloud. And I think on that Western note, we are going to go get some San Francisco barbecue, which I am looking forward to.

So great! Well, I appreciate you taking the time to talk to us about that.

Chris Keene: Well, thanks a lot Michael.

Michael Coté: That was good stuff.

Disclosure: WaveMaker is a client and sponsored this video.

rev="post-5187" 1 Comment

Categories: Cloud, Programming, RedMonkTV.

Tags: , ,

By cote
August 19, 2010 at 8:22 pm