Whiteboard’s ‘Wizard Lounge Software’ Accepted to Alabama Launchpad!


Whiteboard it is pleased to announce our CEO, Martin Murphy and one of our lead developers, Duncan Smith, have been accepted to the initial round of the 2015 Alabama Launchpad Start-Up Competition!   Martin and Duncan have submitted a product, Peon, via their start-up entity, Wizard Lounge Software. Peon is a time-tracking app for developers, so they can focus on writing code instead of filling out time sheets.

The eleven selected teams are competing for a share of $250,000 to help grow the business further. The initial pitch round will be January 23, 2015, at Evonik Industries. The free, public, event begins at 9:00 am.  Whiteboard will keep everyone posted on Martin and Duncan’s progress, please wish them luck!


The Minimalist Guide To Developing Apps

The other day, I was discussing with William how the enthusiasm for a new project tempts us to rush into a project with a list of features, rather than stopping to make a Wireframe, a very important step that saves much time and aggravation.

I’ve never heard of a contractor who builds homes without some form of schematic. The borders of the property need to be mapped out, the lines must be drawn, and the project must be visualized before the first hole is dug. Imagine being halfway through a project when you realize the bathroom is on the wrong side of the house. Whoops.

In software development, a wireframe is a very useful tool and can be created with minimal effort on the back of a napkin, but there are also some very good tools out there that give you a more modern representation. These aid in the understanding of information design, navigation design, and interface design. A good wireframing tool lays out all the buttons and menus and lets you click and drag them into place. Easy peasy.

The mere process of sketching out your website helps you add and subtract features to fit the scope of a project by giving priority to the kinds of information that are displayed and the range of functions that will be available. It goes beyond a mere list, which always gets bigger as the project moves forward, and projects that start that way almost always go over time, as well as over-budget.

There are several wireframe tools out there, both free and paid versions (see below). Paid versions are often more mature and have larger list of features. Free versions are generally newer and are working hard past the awkward teenage years in order to become a paid version. Either way, the mere act of creating a wireframe will save you much time, effort, and aggravation.

Just as web applications need good planning, so do Mobile Applications.  JQuery Mobile has a fun schematic markup on their homepage that gets you thinking about Mobile Development.  They have helped names like Disney and IKEA and allow you to quickly adapt a standard website into a mobile version of your site.

These tools do allow you to upload images to gain a more detailed rendering, but in some ways that defeats the purpose. A black and white representation is often best to grasp work flow and will help you to own the project before you launch development.

Below is a video example from Balsamiq:

Of course this is a good exercise to perform with the developer, but you might even try doing it yourself beforehand.  It’s a simple process that won’t take too much time, but will always give you a return, benefiting both you and your developer.

WireFrame References:
Free Service: Moqups
Paid Services: Mockingbird, Balsamiq

Meaningful Use – The Math behind Health I.T.

The healthcare industry is in a mad rush to get up to digital speeds and to become relevant in the new world of ObamaCare.  The impetuousness came with ARRA (American Recovery and Reinvestment Act of 2009), when the federal government offered to pay medical practices and hospitals the money to upgrade their Health information technology (health IT) if they qualify under Meaningful Use (MU).  It is an investment our government is making that should also provide a healthy return.

The United States spent more on health care per capita ($7,146), and more on health care as percentage of its GDP (15.2%), than any other nation in 2008 and in December 2011, the outgoing Administrator of the Centers for Medicare & Medicaid Services, Dr. Donald Berwick, asserted that 20% to 30% of health care spending is waste.  This waste comes in the form of over-treatment, failure to coordinate care, administrative complexity, burdensome rules and fraud.  So with the government making such an admission, it means they are desperate to see a more efficient system, where tax dollars are no longer lost in the shuffle.

The waste they hope to dispel comes in the form of proactive efficiencies that will help providers reap benefits beyond getting money for an upgrade; reducing errors, increasing the availability of records and data, providing reminders and alerts (making healthcare more proactive), providing clinical decision support, and by automating the process for prescription medication. As redundancies are reduced, costly errors decrease.

What is great about this is that while the Federal government is bankrolling this process, they are not micro managing.  This allows the free market inventors to solve the problems in a way that streamlines the process and really works for medical professionals who will be shopping around for the best solution.

To give you some idea of the math involved: ARRA authorizes a net $27 billion in spending to support EHR (electronic health records) adoption through 2017.  In perspective, it’s a shadow of what is spent annually on healthcare by the US Government.  Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP) – together accounted for 21 percent of the budget in 2011, or $769 billion. Nearly two-thirds of this amount, or $486 billion, went to Medicare, which provides health coverage to around 48 million people who are over the age of 65 or have disabilities. The remainder of this category funds Medicaid and CHIP, which in a typical month in 2011 provided health care or long-term care to about 60 million low-income children, parents, elderly people, and people with disabilities. Both Medicaid and CHIP require matching payments from the states that will also benefit from the stimulus.

If the $27 billion spent on EHR eliminates only 5% of the waste, a conservative amount for the sake of argument, the US Government will save $38.45 billion annually.

Is there a downside?  As this data becomes more digitized, privacy advocates are rightly paying attention.  But MU requires that the facility “conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement updates as necessary and correct identified security deficiencies as part of this analysis.”  In other words – they must be compliant with HIPPAA, a topic for another future post

There are always risks with such an overhaul – but the math involved makes an extremely compelling argument in favor of Meaningful Use dollars.

Whiteboard-IT creates custom software for many industries, including the healthcare industry.

Mobile Apps – How To Save Thousands of Dollars

The gold rush is on, and people have hitched their wagons to many different platforms as they pursue the mobile market. The tsunami of technology is hitting us so fast that consumers are both dazed and engaged as new technologies flood their mobile widget du jour. Even more confused are the companies trying to decide what is best for their organization. Trends are being directed by the market as it is played out through supply and demand. The question boils down to our clients in how should they think about Mobile?

Many are asking, “why do we have different concerns for different platforms: the Web, Mobile Web, and Native Apps? What should mobile web be?”

The good news is that it’s more a buffet than a battle – and under the sneeze guard you can choose options based on how you wish your viewers to engage. Do you wish for them to shop, search, entertain, manage, inform, navigate, or connect? Is security your focus or functionality – or both? What is your budget and where should you invest?

Your Choices:
Mobile web (MW) – This is a browser-based application that is not downloaded from an app store and accessed when you type the URL on your mobile device. It allows fluid browsing, but developers need to code through a web-to-native abstraction layer to enable access to device capabilities that are not accessible in Mobile Web applications, such as the GPS, camera, and local storage.

Native App (NA) – This is an application designed to run specifically on the mobile device and allows use of Native Applications like the device camera, GPS, etc.

NA’s can do more heavy lifting with no need to download cookies because everything is loaded on your device, which provides added security and speed in contrast to a MW, which has traditionally been Read-only.  Still, NA’s are also much costlier to develop and need to be almost entirely coded for each device (Android, Blackberry, iPhone, etc..). Adding iPad compatibility, for example, can add up to 50%, due to the development cost. This provides less flexibility when new technology arrives. In contrast, having an out-of-date MW App is virtually impossible because it naturally adapts to the device.

Twitter and LinkedIn have also invested in both MW and NA. Compare the two iPhone screen shots and try to guess which is which:



Technology for MW is improving to a degree that it will soon be undetectable to the user.  Hint: Twitter MW is on the left, LinkedIn MW is on the right.  How did you do?

Compare the difference of the location of the tool bars; how do they act when you touch them? Which one is faster? Do they have the same number of functions?  Will they both allow you to upload a photo?

Boston Globe is another example of a website that has taken a hybrid approach, developing both MW and NA.  Their website is very mobile-friendly, adapting screen size extremely well using HTML-5. One way to test this on your screen is to play with the size of your browser while engaging with BostonGlobe.com. The responsive design is quite deliberate and well done.

The big mistake is to force a traditional media strategy into the mobile environment.  Companies need to realize that the world, and even the Web itself, have changed and continues to change quickly.  One advantage of MW is that it has the potential to adapt quickly and with less impact on your budget.  It is no longer the 2nd class citizen of mobile development and could overtake the NA, though Apple’s dominance should not be underestimated.  Consumers love the one-stop-shopping in the App Store, where credit card numbers are stored in one place.  They also like the one-click icons.

But if you ask, “What should Mobile Web be?”  Soon, it can be whatever you want it to be.  MW has as many advantages as Native Apps and should be equally considered.  My opinion is that developing web apps with the idea of using Cordova to make them native is the most cost effective solution for a customer.  It also delivers a good experience in both platforms.

Read this and this for more on this topic.

Know Your Enemy – How To Make Budget

A Programmer’s Haiku
For on-time launches
We admire to dispel
A programmer’s optimism
— Marshall Malone

Experience teaches a developer that the qualities that make great programmers can also break them.

Programmers are artists.  Programming is a synthetic art.  Programmers create something from nothing. Therefore, it is not a stretch to say that a programmer, by nature, is an optimist.

The difficulty, however, is that a programmer’s belief in himself, or a project’s outcome, does not always allow him to factor sound logic in his construction of a timeline.  When this happens, his optimism has failed him and the client.  Most programmers will admit that they consistently underestimate how long it will take them to accomplish a task.

I’m inspired by the book; The Mythical Man-Month, by Frederick Brooks, Jr.; a well-known IBM developer.  At the book’s core, he dispels the notion that adding man-hours to a project will speed the pace of that project.  In fact, he affirms “adding manpower to a late project makes it later.”  In describing this assertion, he uses the analogy that 9 women cannot work together to produce a baby in one month.

The Man-Month, in a timeline, suggests that X number of men can accomplish Y many tasks in Z many months and that the men and months are interchangeable.  (more men = fewer months, more months = fewer men, etc…) As eager as programmers and patrons are to see a project to conclusion, many employ this myth into their logic.  This brings a slow and painful death to their client’s satisfaction.

Brooks says, “Men and months are interchangeable commodities only when a task can be partitioned among many workers with no communication among them.”  In other words; when tasks require heavy communication, the project doesn’t speed up with more effort.  In fact, adding man-hours can slow a project down.

I remember a client’s story; how 2/3 of their team was replaced with “better developers” in the middle of the project.  Though the developer believed and even insisted they would be on time, his reasoning was based on a false and optimistic notion; the mythical man-month.  As the client feared, they launched almost 6-months later than intended, and by the end of the 6th month, everyone was seeing blood.

At the root of this is the understanding that programmers don’t just slip into a project.  They require training by those people who are experienced in the project.  For example; adding 2 men will require at least 3 man-months to get them up to speed; time, which is most likely, not budgeted in the original estimate.  This also means the tasks are redistributed 5-ways so that by the end of the 3rd month, 7 more months of effort remain.  With 5-trained people standing; only 1-month remains in the budget and the product is now late, as if no one had been added.

To hope to get done in 4-months, considering only training time and not repartitioning and extra systems test, would require adding 4 men, not 2, at the end of the 2nd month.  Now, one has at least a 7-man team, not a 3-man [team]…”

And the client suffers as their expectations far exceed the reality.  There are two prices that every client pays when a project falls behind.

  • The financial and psychological costs to both developer and patron because of added man-hours.
  • The impact of late software on a business, which depends on the project to support the business efforts.

As costly as this is, it is a failure by most developers to deploy sound planning principles. Instead of calculating myths, the average project should look like this, according to Brooks:

1/3 planning
1/6 coding
1/4 component test and early system test
1/4 system test, all components in hand

  • The number of months of a project depends on its sequential restraints.
  • The maximum number of men depends on the independent number of subtasks.

From these two quantities one can derive schedules using fewer men and more months.  One cannot get a workable schedule using more men and fewer months.

Until estimating is on a sounder basis, individual managers will need to stiffen their backbones and defend their estimates with the assurance that their poor hunches are better than wish-derived estimates.

NoSQL – How a Movement Gives You Speed

In the past, developing web applications meant using SQL. For those relying on relational data, this was no problem. But for those with massive amounts of data, this was like steering a barge – a bulky solution, creating drag-on queries when the intended goal was speed and availability. As Whiteboard looks at the architecture of a site, we have many options from which to choose.

With the oppression of limited Databases came a rebellion, and with that rebellion came a movement. In this case, the NoSQL movement, which arrived with a myriad of motivated programmers caused a pendulum swung that cranked out new opportunities…most of them open-source.

Those opportunities have clever names, and were created by a host of wild enthusiasts to handle a huge quantity of data, especially when the data’s nature does not require a relational model. They are Mongo, Cassandra, Riak, Redis, Couch and Neo4J to name a few.

Cassandra (Apache Cassandra), for example, is a NoSQL solution that was initially developed by the people of Facebook as a hybrid database management system that allows for tunable consistency goals. This means that a query may provide different results from different angles, but it is widely available to users – and fast.

Which brings us to CAP Theorem:

In computer science, the CAP Theorem says that it is impossible for a distributed computer system to achieve these three guarantees at once:

A. Consistency (C) – all nodes and queries see the exact same data at the same time.
B. Availability (A)– 100% uptime.
C. Partition tolerance (P) – the system keeps going even when message loss occurs in part of the system.

To try all three would be like placing child seats in a race car, which of course is built for speed, not a daily shopping trip. To try, you would need to dial down your speed, therefore defeating the purpose of having a race car.

Cap Theorem suggests that to gain A, one may need to sacrifice C. To gain C, one may need to sacrifice A and so on…

  • SQL allows C and P, but decreases A.
  • Riak focuses on C
  • Mongo gives A and P while, some say, decreases C.

These are debatable assertions, and often dependent on the programmer who is turning the knobs. But even Birmingham’s own MongoDB claims weakness, as its focus is on flexibility, power, speed, and ease of use, while sometimes sacrificing “fine-grained control and tuning, and overly powerful functionality.” Still, it is the rock star of the NoSQL movement and is now being used by SquareSpace, Craig’s List and MTV.

We often use CouchDB, at Whiteboard-IT. Jacob Kaplan-Moss, author of “The Definitive Guide to Django,” claimed here,“Django may be built for the Web, but CouchDB is built of the Web.” As the web is our native environment, CouchDB is the most natural tool for us to use.

The NoSQL movement is has great momentum, though it has earlier roots. Lotus Notes, for example, was forced to write their own database in 1985, which they called NSF (Notes Storage File). Founding member and former CEO, Tim Halvorsen was NoSQL when NoSQL wasn’t cool. He says,

“…we created it from scratch.  At the time, I looked at some of the databases out there (e.g. dBase, etc), and they were all too limited for what we needed.  So, we wrote our own.  Its a “document database”, not a relational database, with each “document” (aka record) having a variable number of fields.  No schema – each record was self-contained, but they could also be indexed (which any database must be capable of).”

History was made and even CouchDB is based on the work accomplished by Lotus Notes.

So – there are many options from which to choose, and if your web designer goes to SQL straight away, it might give reason to ask if others have been considered. Depending on your requirements, you may have another need…the need for speed.



How Safe is Your Web Service

You are probably using several software applications that talk to each other.  Whether you have a custom web application or prepackaged financial solution, getting applications and services to communicate requires a skill, technique, and knowledge to protect your information.  So, what happens when your web service is not secure? What information could you be leaking and how could you be vulnerable?

Security Concerns

The four concerns of web service security are privacy, message integrity, authentication, and authorization.

  • Privacy refers to ensuring that messages are not visible to anyone except the web service and the web service consumer. Traffic should be encrypted so that machines in the middle cannot read the messages.
  • Message integrity provides a guarantee that the message received has not been tampered with during transmission.
  • Authentication provides assurances that the message originates from where it claims it did. Both a legal term as well as a technical term, non-repudiation refers to the concern of not only authenticating a message, but proving the origin of that message to other parties.
  • Authorization refers to ensuring that only consumers who should have access to a resource of your web service actually have access to that resource. Authorization requires authentication because without authentication an attacker could pretend to be a highly privileged user.

Building a web service or API (application programming interface) requires a methodology for exchanging secure information, and there are two popular solutions: SOAP and REST.

Technology Choices

Simple Object Access Protocol (SOAP) is a popular protocol specification. It is a complicated specification and some developers, though well-meaning, leave security vulnerabilities.  An example of a vulnerability is SOAP injection. What is SOAP injection? It occurs when the server attempts to parse the XML message from a client. If the XML message is malformed, meaning that it does not follow the rules that the server expects it to follow, the server may return an error message that actually shows code and gives insight into the underlying system. Developers may turn off this behavior. However, this is often forgotten before a deployment.

REST (Representational State Transfer) is an architectural style for distributed systems. The World Wide Web is one such distributed system. REST has become a popular architectural choice for designing web services. Such web services are referred to as RESTful web services. An advantage of using REST is that the security vulnerabilities are well known as they are the same vulnerabilities that impact web sites. This means that developers who are familiar with website security will be able to leverage their knowledge to secure RESTful web services.

Final Thoughts

Developers working with either of these technologies must be concerned with the four security points. No methodology or architectural choice ensures that your information is well-protected. It is important that your consultants explain the architecture they plan to use and how their implementation plan accounts for security concerns. If your developer does not have a detailed answer, it is a red flag.

Ajax your ASP.NET MVC Application with Pathbinder

Gracefully Degrading AJAX Page Loading

The goal of this article is to demonstrate a technique for enabling AJAX loading of content for ASP.NET MVC web applications. The technique uses Pathbinder. It gradefully degrades so that in browsers without JavaScript, the users will navigate pages as normal. The method of making this happen involves translating internal site links to have a ‘#’ in front of the href path on pageload and then using AJAX to load these pages into the content area of the page without reloading the entire page. For users who do not have JavaScript enabled, the links will work like normal links. On the server-side, we must respond to AJAX requests by rendering the page without its master page. For normal requests, we will render the page with its master page.


Pathbinder is a jQuery framework packaged with couchapp.  It was inspired by sammy.js.  Pathbinder makes it easy to respond to changes in URL paths with JavaScript event handlers.  Why is this relevant as changes to URLs usually reload the page? URL Paths refer to ‘#’ portions of the URL. The part of the URL following the ‘#’ is used to store the state of a page and changes without reloading the page. When a user clicks on a link to ‘#/foo’, the path in the URL will change but the page will not reload.  Pathbinder will trigger events registered for this URL path to allow the application to modify the page.


Say Hello

The JavaScript

// Register event 'hello-world' to be triggered on '#main' when URL path changes to #/hello-world
// note that the '#' should not be included in the URL path when registering the event
$(“#main”).pathbinder(“hello-world”, “/hello-world”);

// Bind an event handler to the event 'hello-world'
$(“#main”).bind(“hello-world”, function() {
	$("#main").html(“<p>Hello World</p>”);

Altering Standard Link to Load Pages with AJAX

Now that we have a basic understanding of pathbinder, it is time to write the JavaScript that will change the regular links on
a page into AJAX links. We will write a function called handleAnchor that will perform three tasks: bind an event-handler named
after the anchor’s href to the ‘#main’ content area that AJAX loads the page into the content area, register the event in pathbinder
on the ‘#main’ content area, and alter the anchor’s href to have a ‘#’ infront of the url in the href attribute.

   var handleAnchor = function(indx, anchor) {
      var href = $(anchor).attr('href');

      if (!href) { return; }

      $("#main").bind(href, function() {
          url: href,
          success: function(data, textStatus) {

      $("#main").pathbinder(href, href);

      $(anchor).attr('href', '#'+href);