Privacy or Security: One Solution That Can Protect Your Secrets

WBtoonWe all have our secrets. Some we would share, and some we place under lock and key, and it is usually with only our closest ally that we disclose those precious details in hopes of preserving our reputations and even our lives. Notice I don’t say ‘friends,’  because while I have some wonderful friends, some of them can’t keep a secret to save their own lives much less mine. Continue reading…


The Minimalist Guide To Developing Apps

The other day, I was discussing with William how the enthusiasm for a new project tempts us to rush into a project with a list of features, rather than stopping to make a Wireframe, a very important step that saves much time and aggravation.

I’ve never heard of a contractor who builds homes without some form of schematic. The borders of the property need to be mapped out, the lines must be drawn, and the project must be visualized before the first hole is dug. Imagine being halfway through a project when you realize the bathroom is on the wrong side of the house. Whoops.

In software development, a wireframe is a very useful tool and can be created with minimal effort on the back of a napkin, but there are also some very good tools out there that give you a more modern representation. These aid in the understanding of information design, navigation design, and interface design. A good wireframing tool lays out all the buttons and menus and lets you click and drag them into place. Easy peasy.

The mere process of sketching out your website helps you add and subtract features to fit the scope of a project by giving priority to the kinds of information that are displayed and the range of functions that will be available. It goes beyond a mere list, which always gets bigger as the project moves forward, and projects that start that way almost always go over time, as well as over-budget.

There are several wireframe tools out there, both free and paid versions (see below). Paid versions are often more mature and have larger list of features. Free versions are generally newer and are working hard past the awkward teenage years in order to become a paid version. Either way, the mere act of creating a wireframe will save you much time, effort, and aggravation.

Just as web applications need good planning, so do Mobile Applications.  JQuery Mobile has a fun schematic markup on their homepage that gets you thinking about Mobile Development.  They have helped names like Disney and IKEA and allow you to quickly adapt a standard website into a mobile version of your site.

These tools do allow you to upload images to gain a more detailed rendering, but in some ways that defeats the purpose. A black and white representation is often best to grasp work flow and will help you to own the project before you launch development.

Below is a video example from Balsamiq:

Of course this is a good exercise to perform with the developer, but you might even try doing it yourself beforehand.  It’s a simple process that won’t take too much time, but will always give you a return, benefiting both you and your developer.

WireFrame References:
Free Service: Moqups
Paid Services: Mockingbird, Balsamiq


Meaningful Use – The Math behind Health I.T.


The healthcare industry is in a mad rush to get up to digital speeds and to become relevant in the new world of ObamaCare.  The impetuousness came with ARRA (American Recovery and Reinvestment Act of 2009), when the federal government offered to pay medical practices and hospitals the money to upgrade their Health information technology (health IT) if they qualify under Meaningful Use (MU).  It is an investment our government is making that should also provide a healthy return.

The United States spent more on health care per capita ($7,146), and more on health care as percentage of its GDP (15.2%), than any other nation in 2008 and in December 2011, the outgoing Administrator of the Centers for Medicare & Medicaid Services, Dr. Donald Berwick, asserted that 20% to 30% of health care spending is waste.  This waste comes in the form of over-treatment, failure to coordinate care, administrative complexity, burdensome rules and fraud.  So with the government making such an admission, it means they are desperate to see a more efficient system, where tax dollars are no longer lost in the shuffle.

The waste they hope to dispel comes in the form of proactive efficiencies that will help providers reap benefits beyond getting money for an upgrade; reducing errors, increasing the availability of records and data, providing reminders and alerts (making healthcare more proactive), providing clinical decision support, and by automating the process for prescription medication. As redundancies are reduced, costly errors decrease.

What is great about this is that while the Federal government is bankrolling this process, they are not micro managing.  This allows the free market inventors to solve the problems in a way that streamlines the process and really works for medical professionals who will be shopping around for the best solution.

To give you some idea of the math involved: ARRA authorizes a net $27 billion in spending to support EHR (electronic health records) adoption through 2017.  In perspective, it’s a shadow of what is spent annually on healthcare by the US Government.  Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP) – together accounted for 21 percent of the budget in 2011, or $769 billion. Nearly two-thirds of this amount, or $486 billion, went to Medicare, which provides health coverage to around 48 million people who are over the age of 65 or have disabilities. The remainder of this category funds Medicaid and CHIP, which in a typical month in 2011 provided health care or long-term care to about 60 million low-income children, parents, elderly people, and people with disabilities. Both Medicaid and CHIP require matching payments from the states that will also benefit from the stimulus.

If the $27 billion spent on EHR eliminates only 5% of the waste, a conservative amount for the sake of argument, the US Government will save $38.45 billion annually.

Is there a downside?  As this data becomes more digitized, privacy advocates are rightly paying attention.  But MU requires that the facility “conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of this analysis.”  In other words – they must be compliant with HIPPAA, a topic for another future post

There are always risks with such an overhaul – but the math involved makes an extremely compelling argument in favor of Meaningful Use dollars.

Whiteboard-IT creates custom software for many industries, including the healthcare industry.


Mobile Apps – How To Save Thousands of Dollars

The gold rush is on, and people have hitched their wagons to many different platforms as they pursue the mobile market. The tsunami of technology is hitting us so fast that consumers are both dazed and engaged as new technologies flood their mobile widget du jour. Even more confused are the companies trying to decide what is best for their organization. Trends are being directed by the market as it is played out through supply and demand. The question boils down to our clients in how should they think about Mobile?

Many are asking, “why do we have different concerns for different platforms: the Web, Mobile Web, and Native Apps? What should mobile web be?”

The good news is that it’s more a buffet than a battle – and under the sneeze guard you can choose options based on how you wish your viewers to engage. Do you wish for them to shop, search, entertain, manage, inform, navigate, or connect? Is security your focus or functionality – or both? What is your budget and where should you invest?

Your Choices:
Mobile web (MW) – This is a browser-based application that is not downloaded from an app store and accessed when you type the URL on your mobile device. It allows fluid browsing, but developers need to code through a web-to-native abstraction layer to enable access to device capabilities that are not accessible in Mobile Web applications, such as the GPS, camera, and local storage.

Native App (NA) – This is an application designed to run specifically on the mobile device and allows use of Native Applications like the device camera, GPS, etc.

NA’s can do more heavy lifting with no need to download cookies because everything is loaded on your device, which provides added security and speed in contrast to a MW, which has traditionally been Read-only.  Still, NA’s are also much costlier to develop and need to be almost entirely coded for each device (Android, Blackberry, iPhone, etc..). Adding iPad compatibility, for example, can add up to 50%, due to the development cost. This provides less flexibility when new technology arrives. In contrast, having an out-of-date MW App is virtually impossible because it naturally adapts to the device.

Twitter and LinkedIn have also invested in both MW and NA. Compare the two iPhone screen shots and try to guess which is which:

Twitter:

LinkedIN:

Technology for MW is improving to a degree that it will soon be undetectable to the user.  Hint: Twitter MW is on the left, LinkedIn MW is on the right.  How did you do?

Compare the difference of the location of the tool bars; how do they act when you touch them? Which one is faster? Do they have the same number of functions?  Will they both allow you to upload a photo?

Boston Globe is another example of a website that has taken a hybrid approach, developing both MW and NA.  Their website is very mobile-friendly, adapting screen size extremely well using HTML-5. One way to test this on your screen is to play with the size of your browser while engaging with BostonGlobe.com. The responsive design is quite deliberate and well done.

The big mistake is to force a traditional media strategy into the mobile environment.  Companies need to realize that the world, and even the Web itself, have changed and continues to change quickly.  One advantage of MW is that it has the potential to adapt quickly and with less impact on your budget.  It is no longer the 2nd class citizen of mobile development and could overtake the NA, though Apple’s dominance should not be underestimated.  Consumers love the one-stop-shopping in the App Store, where credit card numbers are stored in one place.  They also like the one-click icons.

But if you ask, “What should Mobile Web be?”  Soon, it can be whatever you want it to be.  MW has as many advantages as Native Apps and should be equally considered.  My opinion is that developing web apps with the idea of using Cordova to make them native is the most cost effective solution for a customer.  It also delivers a good experience in both platforms.

Read this and this for more on this topic.


One Tool That May Keep You Relevant

Last week I wrote about PhoneGap in the context of how I believe it could make mobile development more available to small business.  This week I am writing of another equalizer which can work cooperatively with PhoneGap, and allows mobile friendly sites to be developed without the need for a native mobile application. This provides developers with a write less – do more environment and can buy time for small businesses, hesitant to take the plunge.

Though we are seeing small businesses loosening their development dollars, the mindset of austerity from a down economy is still ever-present.  So as the number of electronic touch-points increases exponentially, the money allocated to keep pace is still being doled thoughtfully and efficiently.

I give you JQuery Mobile(JQM); a turbo boost for your development dollars that gets you to the mobile environment while developing for the web.  Because mobile is quickly becoming the first-screen customers see, businesses can no longer ignore applying effort in this area.

Also notable is the fact that mobile and small screen size are no longer one and the same.  With giant phones like the Galaxy S3 and small tablets like the ipad Mini, net tops, desktop replacement laptops etc, it’s really important to utilize screen real estate, or lack thereof properly, and custom targeting will never get it right.

What happens when you custom target a desktop, then minimize the screen and drag it into the corner? Unless your site is reactive then it will not produce a good experience. Prioritizing columns and replacing icons can provide a great experience without having to custom target screen resolutions.

Still, it’s one thing to develop a mobile app and another to be mindful of the mobile environment. While many business owners are deciding if an app is the way to go, they can now buy time to ponder the question. One way to do this is to bring your website to its lowest common and most efficient denominator, something JQM is helpful to do.

JQuery is the brainchild of John Resig, and is the most popular Javascript library used today.  Its mobile version works with all popular smartphone, tablet, and desktop platforms, and is very easy for a developer to use.

The world now thinks of a website as more than a virtual directory.  And with Google’s emphasis on recency and relevancy of content, websites have much more information from which to cull, which is not always practical for smaller screens.  To help solve this, JQM provides responsive tables that allows developers to prioritize columns  and use abbreviated headers on the page so that only crucial information is displayed.   This releases the pressure on the decision to go mobile and allows you to concentrate on when to go full throttle with a mobile app.

When do you do this?  When you are ready.  It takes a plan that weighs cost vs. profit, and has a good marketing strategy, a good design, good content, and a desire to invest your brainpower – your most important asset.

 

 

 


The Mobile Savior of Small Business

Among the radical changes in the recent world is the impact of mobile devices on modern society.  Quickly becoming the first screen of information for everyone, mobile apps are even being used by the electronically resistant senior population who has found convenient use of large-print apps and the ability to maintain closer contact with grandchildren.  We have seen such a great shift in the past five years so that even the shortest elevator ride has people pulling out their phones to manage their lives.  This poses opportunity, as well as, challenges for businesses trying to stay ahead of the pack.

Big business has been the first mover with custom mobile apps that segment services to their simplest form.  With a few clicks on an iPhone, anyone can re-order medication, purchase movie tickets, or find their way using GPS technology.  To the small businessman, mobile apps are still something to put-off developing because it adds to the development budget, and they resort to mobile friendly sites that only require one build.  This means developing web apps with a width of less than 960 px and reducing the number of pages that display on mobile devices.  A true mobile app requires additional development dollars, but is native to the mobile device, even using geo location sensors and maps.

There are also more challenges involved with mobile apps because, just as web applications must function in multiple browsers, mobile apps must also function in multiple mobile frameworks (iPhone, Android, etc.), adding to the burden and cost of development.  For all the trouble, most small businesses throw in the towel applying their efforts in things they understand.

A new friend has come into the development community, and it has the potential to narrow the gulf between small and large business.  PhoneGap is a free and open source framework that allows you to create mobile apps using standardized web APIs for the platforms you are most likely already using.  That means, without needing to write code in a new language, developers can continue in their native environments, like HTML, CSS, or JavaScript.  PhoneGap will then recompile the code, turning your web app into a mobile app that runs on IOS, IPhone, IPAD, Android, Blackberry, Windows 7, Web.O.S, and Simbian.

Adobe saw the potential and invested heavily in PhoneGap as part of their plan to compensate for FLASH Players fading relevance.  They have put this service into a pretty package and are adding services such as compiling your code in the cloud, which ultimately improves consistency and offers convenience to the developer. They sell it simply:

Build great apps powered by open web standards. Cut down on development time by re-using your existing web dev skills, frameworks and tools. Get all the benefits of cross-platform development while building apps just the way you like.

Developers should be paying attention because they can use their existing development team without the need to find or create mobile specialists.  It also allows the ability to incorporate sensors, like geo location and cameras, which are native to the mobile environment.

Small business will love this because it simplifies their development strategy and gives them wider access to their customers.  It makes mobile development affordable for everyone and could very well equalize the playing field between big and small business.   For this reason, we are paying close attention to PhoneGap and hope to add it to our list of services very soon.


Know Your Enemy – How To Make Budget

A Programmer’s Haiku
For on-time launches
We admire to dispel
A programmer’s optimism
— Marshall Malone

Experience teaches a developer that the qualities that make great programmers can also break them.

Programmers are artists.  Programming is a synthetic art.  Programmers create something from nothing. Therefore, it is not a stretch to say that a programmer, by nature, is an optimist.

The difficulty, however, is that a programmer’s belief in himself, or a project’s outcome, does not always allow him to factor sound logic in his construction of a timeline.  When this happens, his optimism has failed him and the client.  Most programmers will admit that they consistently underestimate how long it will take them to accomplish a task.

I’m inspired by the book; The Mythical Man-Month, by Frederick Brooks, Jr.; a well-known IBM developer.  At the book’s core, he dispels the notion that adding man-hours to a project will speed the pace of that project.  In fact, he affirms “adding manpower to a late project makes it later.”  In describing this assertion, he uses the analogy that 9 women cannot work together to produce a baby in one month.

The Man-Month, in a timeline, suggests that X number of men can accomplish Y many tasks in Z many months and that the men and months are interchangeable.  (more men = fewer months, more months = fewer men, etc…) As eager as programmers and patrons are to see a project to conclusion, many employ this myth into their logic.  This brings a slow and painful death to their client’s satisfaction.

Brooks says, “Men and months are interchangeable commodities only when a task can be partitioned among many workers with no communication among them.”  In other words; when tasks require heavy communication, the project doesn’t speed up with more effort.  In fact, adding man-hours can slow a project down.

I remember a client’s story; how 2/3 of their team was replaced with “better developers” in the middle of the project.  Though the developer believed and even insisted they would be on time, his reasoning was based on a false and optimistic notion; the mythical man-month.  As the client feared, they launched almost 6-months later than intended, and by the end of the 6th month, everyone was seeing blood.

At the root of this is the understanding that programmers don’t just slip into a project.  They require training by those people who are experienced in the project.  For example; adding 2 men will require at least 3 man-months to get them up to speed; time, which is most likely, not budgeted in the original estimate.  This also means the tasks are redistributed 5-ways so that by the end of the 3rd month, 7 more months of effort remain.  With 5-trained people standing; only 1-month remains in the budget and the product is now late, as if no one had been added.

To hope to get done in 4-months, considering only training time and not repartitioning and extra systems test, would require adding 4 men, not 2, at the end of the 2nd month.  Now, one has at least a 7-man team, not a 3-man [team]…”

And the client suffers as their expectations far exceed the reality.  There are two prices that every client pays when a project falls behind.

  • The financial and psychological costs to both developer and patron because of added man-hours.
  • The impact of late software on a business, which depends on the project to support the business efforts.

As costly as this is, it is a failure by most developers to deploy sound planning principles. Instead of calculating myths, the average project should look like this, according to Brooks:

1/3 planning
1/6 coding
1/4 component test and early system test
1/4 system test, all components in hand

  • The number of months of a project depends on its sequential restraints.
  • The maximum number of men depends on the independent number of subtasks.

From these two quantities one can derive schedules using fewer men and more months.  One cannot get a workable schedule using more men and fewer months.

Until estimating is on a sounder basis, individual managers will need to stiffen their backbones and defend their estimates with the assurance that their poor hunches are better than wish-derived estimates.


Where You May Find Your Next Client

I think of our company as one that provides reliable service, but I have been recently affirmed in this notion when I began reaching out through social media. The results blew me away.

This summer we launched a new initiative to reach out to our personal connections and see whom we know. It wasn’t a difficult exercise, but required that we take a bit of time each day to engage ourselves on LinkedIn. When we began, our combined list of contacts was small, more indicative of our social networking inactivity than the reality of connections.

As we reached out, we did not merely send out invitations to connect and move on, but we relied on thoughtful engagement, going for as much quality as quantity. Our hope was to connect in a more tangible way; making referrals, endorsements, writing recommendations, and providing readable and relevant content on our website. It was important to us that this experience was less about intrusion for numbers sake and more about benefitting those with whom we connected. In other words; if they benefitted – it would be returned to us.

It didn’t take long to see an impact on our bottom line. New connections led to new conversations, which led to new projects. In short order, we nearly doubled the number of people in our network, and the connections we made gave us a great deal of positive feedback. Here’s one such example:

Whiteboard-IT is extremely knowledgeable, providing innovative IT solutions to help resolve my needs in a timely and cost effective manner. They are available at a moment’s notice and are highly responsive to issues that need to be resolved quickly. Bottom line…they do what they say they will do. I have recommended Whiteboard to other colleagues in a variety of businesses and will continue to do so. I cannot say enough good things about their customer service, technical expertise, and business personality.
Jessica Boroff, RN, BSN
 The Compliance Store

Of course she would not have said these things if we weren’t good at what we do. Her recommendation is now posted on our site, which others will also see. But the renewed activity, including these testimonials, has been a priceless part in priming our sales pipeline. And future clients are more confident when they you have mutual connections.

But it goes to show; If you do a quality work at your trade it’s unlikely that everything has completely dried up, fiscal cliff or not. You may find, as we did, that reaching out out to your connections may be of great benefit. It may also generate a nice return.


NoSQL – How a Movement Gives You Speed

In the past, developing web applications meant using SQL. For those relying on relational data, this was no problem. But for those with massive amounts of data, this was like steering a barge – a bulky solution, creating drag-on queries when the intended goal was speed and availability. As Whiteboard looks at the architecture of a site, we have many options from which to choose.

With the oppression of limited Databases came a rebellion, and with that rebellion came a movement. In this case, the NoSQL movement, which arrived with a myriad of motivated programmers caused a pendulum swung that cranked out new opportunities…most of them open-source.

Those opportunities have clever names, and were created by a host of wild enthusiasts to handle a huge quantity of data, especially when the data’s nature does not require a relational model. They are Mongo, Cassandra, Riak, Redis, Couch and Neo4J to name a few.

Cassandra (Apache Cassandra), for example, is a NoSQL solution that was initially developed by the people of Facebook as a hybrid database management system that allows for tunable consistency goals. This means that a query may provide different results from different angles, but it is widely available to users – and fast.

Which brings us to CAP Theorem:

In computer science, the CAP Theorem says that it is impossible for a distributed computer system to achieve these three guarantees at once:

A. Consistency (C) – all nodes and queries see the exact same data at the same time.
B. Availability (A)– 100% uptime.
C. Partition tolerance (P) – the system keeps going even when message loss occurs in part of the system.

To try all three would be like placing child seats in a race car, which of course is built for speed, not a daily shopping trip. To try, you would need to dial down your speed, therefore defeating the purpose of having a race car.

Cap Theorem suggests that to gain A, one may need to sacrifice C. To gain C, one may need to sacrifice A and so on…
Example:

  • SQL allows C and P, but decreases A.
  • Riak focuses on C
  • Mongo gives A and P while, some say, decreases C.

These are debatable assertions, and often dependent on the programmer who is turning the knobs. But even Birmingham’s own MongoDB claims weakness, as its focus is on flexibility, power, speed, and ease of use, while sometimes sacrificing “fine-grained control and tuning, and overly powerful functionality.” Still, it is the rock star of the NoSQL movement and is now being used by SquareSpace, Craig’s List and MTV.

We often use CouchDB, at Whiteboard-IT. Jacob Kaplan-Moss, author of “The Definitive Guide to Django,” claimed here,“Django may be built for the Web, but CouchDB is built of the Web.” As the web is our native environment, CouchDB is the most natural tool for us to use.

The NoSQL movement is has great momentum, though it has earlier roots. Lotus Notes, for example, was forced to write their own database in 1985, which they called NSF (Notes Storage File). Founding member and former CEO, Tim Halvorsen was NoSQL when NoSQL wasn’t cool. He says,

“…we created it from scratch.  At the time, I looked at some of the databases out there (e.g. dBase, etc), and they were all too limited for what we needed.  So, we wrote our own.  Its a “document database”, not a relational database, with each “document” (aka record) having a variable number of fields.  No schema – each record was self-contained, but they could also be indexed (which any database must be capable of).”

History was made and even CouchDB is based on the work accomplished by Lotus Notes.

So – there are many options from which to choose, and if your web designer goes to SQL straight away, it might give reason to ask if others have been considered. Depending on your requirements, you may have another need…the need for speed.

 

 


How Safe is Your Web Service

You are probably using several software applications that talk to each other.  Whether you have a custom web application or prepackaged financial solution, getting applications and services to communicate requires a skill, technique, and knowledge to protect your information.  So, what happens when your web service is not secure? What information could you be leaking and how could you be vulnerable?

Security Concerns

The four concerns of web service security are privacy, message integrity, authentication, and authorization.

  • Privacy refers to ensuring that messages are not visible to anyone except the web service and the web service consumer. Traffic should be encrypted so that machines in the middle cannot read the messages.
  • Message integrity provides a guarantee that the message received has not been tampered with during transmission.
  • Authentication provides assurances that the message originates from where it claims it did. Both a legal term as well as a technical term, non-repudiation refers to the concern of not only authenticating a message, but proving the origin of that message to other parties.
  • Authorization refers to ensuring that only consumers who should have access to a resource of your web service actually have access to that resource. Authorization requires authentication because without authentication an attacker could pretend to be a highly privileged user.

Building a web service or API (application programming interface) requires a methodology for exchanging secure information, and there are two popular solutions: SOAP and REST.

Technology Choices

Simple Object Access Protocol (SOAP) is a popular protocol specification. It is a complicated specification and some developers, though well-meaning, leave security vulnerabilities.  An example of a vulnerability is SOAP injection. What is SOAP injection? It occurs when the server attempts to parse the XML message from a client. If the XML message is malformed, meaning that it does not follow the rules that the server expects it to follow, the server may return an error message that actually shows code and gives insight into the underlying system. Developers may turn off this behavior. However, this is often forgotten before a deployment.

REST (Representational State Transfer) is an architectural style for distributed systems. The World Wide Web is one such distributed system. REST has become a popular architectural choice for designing web services. Such web services are referred to as RESTful web services. An advantage of using REST is that the security vulnerabilities are well known as they are the same vulnerabilities that impact web sites. This means that developers who are familiar with website security will be able to leverage their knowledge to secure RESTful web services.

Final Thoughts

Developers working with either of these technologies must be concerned with the four security points. No methodology or architectural choice ensures that your information is well-protected. It is important that your consultants explain the architecture they plan to use and how their implementation plan accounts for security concerns. If your developer does not have a detailed answer, it is a red flag.