Today I wrote an EDI visualization tool that lets you reformat complex ANSI X.12 EDI documents into a more readable format.

It also allows you to show/hide elements by type, so you can focus in in the information that’s most important to you.

It’s free (as in speech & beer), so have fun*: http://edi-lint.net

———

*assuming reading EDI documents is your definition of fun

Today, we’re releasing an open source Ruby Gem called “aws_xregion_sync”.  (This is what happens when we name projects without the marketing department!)

We use this tool internally to synchronize our AWS AMI images & RDS database snapshots across multiple Amazon regions as part of our disaster recovery process.

Basically, whenever we create a new disc image or take a database backup, they’re sent across the tubes to our disaster recovery region.

For more technical jargon, check out the Readme doc.

I’ve made a couple of lengthy comments on this Google+ post that some may find interesting.  Basically, we’re trying to explain that having specific business rules for routing or validation are fine in the front end of a web app, but that those same rules mustbe re-implemented in the back end in order to prevent bad requests from wreaking havoc.

To quote myself… 

It’s fine to have non-security related business logic in the front end as long as the back end doesn’t rely on it being there. 

For example, if you have a site that builds quotes for loans, you might build the monthly payment calculation and fees into the front end for performance reason. However, your back end should recalculate these amounts independently before confirming the loan. 

A good approach is to assume that someone is going to use your back end via API call that you didn’t write. Therfore, your back end should be fully secure and self contained.

From the original poster…

 I am with you all - it is always good to have couple of logic / validations in the front-end but is it secure to have PUT method in the front-end too? Because this can be a big injection impact if we do this. If the server is hacked the PUT method can be dangerous right? You might have seen lot of CRUD applications, but I feel when inserting the data - I feel it is good to do in server end rather than front-end, am I right?

My response…

In the context of what we’re talking about here, all of the HTTP verbs (PUT, POST, GET, DELETE, etc) have the same concerns.  The issue is that whatever you do on the front end will ultimately result in some message going back to your server.  That message has to be validated on the server side when it comes in.

Sometimes it’s easier to think of this by imagining that the front end program and the server are being written by two different people working at two different companies.  The only thing that each of them knows about the other is the API that’s published.  

The server side says, “I’ll accept a PUT when you need to update the information in the database, but I’m going to double check that you’re logged in and that the data you send me is properly formed.  

"If you’re not logged in, I’m going to throw your request away and return status 401. If you send me a 3 digit phone number, I’m going to throw your request away and return status 400."

The client side (front-end) programmer can (and should) do whatever logic he wants in the interface to replicate the business rule that phone numbers need to be more than three digits. He doesn’t have to put the checks in place, but if he doesn’t, the user will experience errors.  If he does, he can catch the user’s mistake before it goes to the server, which results in a much faster system.

If that doesn’t help, comment with a more concrete example of what you’re trying to figure out.

Another caveat that I didn’t make in the thread, is that you should always assume any logic / rules you put in your client side web code will be printed on a billboard outside your biggest competitor’s window.  Regardless of how obfuscated / minified your JavaScript is, it’s still being sent out into the wild. The “secret sauce” needs to stay on the server.

Everything is an opportunity.  

This morning, we were concerned because our customers couldn’t get to vital tariff information because of the government shutdown.

By lunch, we’d built this: http://www.vfitrack.net/hts

Awesome.

A few months ago, I noticed an area of our application that was performing terribly.  It had always been slow, but with increased volumes, the issue was becoming more pronounced.

I wrote it in a rush while getting ready to demo our first prospective customer.  It was the feature that got us the sale. It doesn’t have proper test coverage. It’s code is a messy stream of consciousness.     

Only a handful of users use this particular feature, but they represent our core power-user group.  Unfortunately, they haven’t been complaining about the slowness.  They’ve simply become accustomed to it.  Their silence gave me the perfect excuse to sweep the problem under the rug.

Every time I was about to dig into the code, I found a shiny new feature to write.  Every time I was about to ask a teammate to do it, I remembered how shoddy the work was.  I was embarrassed to hand it off.

This morning, while working on another feature that had to be implemented, I realized that I was going to have to dig into the problem code to make the new feature work.  I took a deep breath and dove in.

An hour later I was done.  Seriously.  I had tests written for the old feature. I had tests written for the new feature.  I had the performance enhancement in place (which turned out to be 2 lines of code.)  I had the new feature in place.

The sad part. Our users, people I have personal relationships with, have had to suffer through the poor performance because I couldn’t muster up the courage to get in there and fix the problem.  The effort I put into avoiding it had to be 10 times the effort it took to fix it.

What have you been avoiding?

Over the years, I’ve probably tried 50 different methods to keep track of work to be done.  Here’s a small sampling of some of the techniques I’ve used:
  • Everything goes on the calendar
  • Google Tasks (web based software)
  • Remember The Milk (web based software)
  • Little notebook in my back pocket
  • Day planner
  • Email reminders to myself and manage from my inbox
  • Scraps of paper on my desk
  • Astrid (Android software)
After all of those iterations, I’ve finally found a workflow that has been effective for me.  It’s relatively low tech, and it only chews up a few minutes each day.

Every morning, I sit down for 5 minutes (sometimes less) and write a plain text list of the things I want to accomplish that day in an Evernote note.  If there are unfinished items on yesterday’s list, I copy them over (if they still need to be done.) Each item is on its own line and there isn’t any special formatting.  I try not to use any special abbreviations since I might not remember later what I meant.  The only standard abbreviation I use is “GRF” which stands for Get Response From and is my indicator that I should hear back from someone about a topic.  
This morning’s list looked like this:

12/5
Change chain integration subfolders on S3
Tariff update
document quick search
Schedule google guides meetings
Prep for project meeting
Project meeting
Call Steve about data migration
Zoho meeting
As the day progresses, I keep the list open in my browser.  It’s also synced to my phone, tablet, and other computers.  Whenever I reach a stopping point on something, I flip to the list to see what I might do next.

As I complete things, I put the word “DONE” to the right of the item and move it to the bottom of the list.
As of right now, the list looks like this:

12/5
Tariff update
fix repeating lines on quick search
document quick search
Schedule google guides meetings - GRF CHRYSTAL
Clear aspect 9 inbox Prep for project meeting - DONE
Project meeting - DONE
Call Steve about data migration - DONE
Call Ricci back - DONE
Zoho meeting - DONE
Change chain integration subfolders on S3 - DONE
Change attachment extension on alliance parser errors - DONE
change quick search to show more than 10 items warning message - DONE

You might have noticed that there are more items on the list than there are in the morning.  That’s because I add items that I’ve completed, even if they weren’t on the list.  The reason I do this is for the emotional payoff. Many times, I get to the end of the day and I feel like I haven’t accomplished much.  Seeing all of the DONE items is a huge payoff and that keeps me updating the list.  It’s like a little game that I play with myself to see how high a score I can get.
Warning! Technical Post:
If you find the need to migrate your ruby Paperclip code from the no longer maintained AWS-S3 to Fog, you might want to pay attention to the following.  It took me hours to get this straight.

Here’s how you define an attachment on your model in before (aws-s3) and after (fog) setups:
#BEFORE

has_attached_file :attached,
    :storage => :s3,
    :s3_credentials => {:access_key_id=>’MYKEY’,:secret_access_key=>’MYSEC’},
    :s3_permissions => :private,
    :path => :id/:filename”,
    :bucket => 'MYBUCKET'

#AFTER
has_attached_file :attached,
:storage => :fog
:fog_credentials => {:aws_access_key_id=>’MYKEY’,:aws_secret_access_key=>’MYSEC’, :provider=>’AWS’}
:fog_public => false,
:url => “:id/:filename”,
:fog_directory => ‘MYBUCKET’

Special callouts to the change from :access_key_id to :aws_access_key_id and :path to :url.
HUGE DISCLAIMER: I’m not a lawyer.  This isn’t legal advice.  Listen to your lawyer, not me.
There’s nothing wrong with lawyers.  While the profession takes a lot of knocks, most of the attorney’s I’ve met have been good people who genuinely want to help their clients.  For a business, lawyers are more than just a necessity.  When used judiciously (pun intended), they can be an excellent resource.  

There is, however, an issue that I’ve seen time and time again that I think is dangerous to the overall health of a startup business.  Startup managers need to understand the role that their attorneys are playing in the business and need to consider that role in each interaction.  This becomes difficult because attorneys play different roles for a business on different days (and sometimes within the same day).  In startups, where roles are constantly in flux, it’s even more important to understand these roles.
The first role that most people think of when considering attorney’s is as a legal advocate.  Your lawyer represents you and your interests during a legal conflict whether in settlement negotiations or in open court.  This assistance include not only the arguments and documentation of the case, but also the strategy and approach to the case as a whole.  When you’re in this situation, it’s usually pretty obvious. Your lawyer will often take charge while you ride in the passenger seat.

Another role an attorney plays is as a provider of legal counsel outside of a specific conflict.  She may help you with drafting contracts, government filings, reviewing public statements, so on and so forth.  While some of this may be mundane, a good attorney’s insight will go a long way towards preventing your need of the first role above.  She can also help you save a whole lot of money in the long run.
A less commonly articulated role attorneys is that of business counsel.  This role is often amplified in startups.  Imagine you’re negotiating with an investor for one million dollars, and your attorney says, “I’ve seen other clients get 10 million in this situation, so you should go back with a counteroffer.” I consider that business counsel.  Legally, you wouldn’t be at risk for taking the million, and your lawyer might even be wrong about the market.  Asking for 10 million could kill the deal, or make you very right.  This is an incredibly valuable service.  Your attorney should have worked with many similar businesses.  This means she can do pattern recognition that you cannot.  She’s seen companies make poor decisions and very good ones.  Use that knowledge to your advantage.

Where business leaders can get in trouble is when they don’t clearly categorize an attorney’s advice as legal or business counsel.  Legal counsel from your attorney carries a weight and authority.  Like a doctor’s opinion, you’d be stupid to dismiss it without at least getting a second opinion.  In my view, business counsel carries less weight.  Your lawyer’s opinion on your business negotiations should only carry as much weight as you feel comfortable assigning.  It should be mixed with your own opinions and those of other people in your circle of advisers.
As I write this, it seems very clean cut.  In practice it is anything but.  

Let’s take the following sentence, which you might hear in the middle of a long conversation about a complicated document.  Your attorney says, “I think this clause opens you up to unreasonable liability and is not worth the money you’re getting.”  In that single sentence, your attorney just gave you legal (“unreasonable liability”) and business (“not worth the money”) advice.  Both pieces are valuable, but they should be weighed on their own scale.  It’s up to you to be vigilant and apply the right filters to everything your attorney says.  Improperly assigning the business advice the weight of legal advice abdicates your management prerogative to your attorney.  Assigning the business weight to the legal advice could cost you your business (or worse).

The eBook market is still maturing. Innovation abounds. The latest stories are that Amazon is going to introduce a subscription based book store that is all you can eat.

I’d love to see them go a different way.  In my book model, each copy would be tagged with an electronic signature that tragged it to the purchasers account. This would be similar to writing you name on the inside cover. Then you would have the opportunity to virtually lend that book to someone else. When you lent the book, it would leave your library and go into that person’s library.  When that person was done with the book, she could give it back or lend it to someone else. This individual copy could be passed around forever.

Yes, I’m aware that I just created the basic utility of a physical book. Here’s where it gets cool. With a physical book, you lose two things as soon as thebook leaves your possession. You lose the ability to read the book, and you lose the potential joy of seeing all the people who benefit from your purchase.

The eBook has the potential to solve both of these problems. First, the system would allow you to “borrow back” your book. At any time, you could pull the book back to your library. The person with the borrowed copy would have the option to purchase their own copy or wait for you to push it back to them.

Next, and this is my favorite part, the entire gifting chain would be visible to everyone involved. You’d get to learn whether your book went to an old college buddy or was gifted to a school in Kenya.  How cool would that be?

When I shared this idea with someone, their first reaction was,”but then they’ll sell less copies.” That may be true. However, the publishing business is in a race to the bottom on price, and this incremental volume change isn’t going to make a bit of difference at 99¢ per copy.  Publishers need to find ways to create real value for people and use that value to justify a premium price.  It would be an interesting experiment to see if people responded to a higher cost, sharable book next to a lower cost single use book on the same virtual shelf. 

I know that I’d be willing to pay for the joy of sharing knowledge.

A Path for PSL - One Man’s TakeLast night, Philly Startup Leaders held a fishbowl event.  Members of the community came together to discuss the future of the organization both in principal and in practice.  A lot was said, and a lot was shared.  At the end of the night, many words had been expelled from people’s mouths and keyboards, but I’m not sure that anything had fundamentally shifted.  Though I’m loathe to stroke Alex Hillman’s ego by quoting him twice in the same week, I’m going to do so via the tweet pictured below. While I genuinely believe that last night was both engaging and worthwhile, I am concerned that anything that comes from a group that large will be neutered by the process of consensus building.  With that in mind, I thought it would be valuable to contribute my specific, actionable vision for the changes that the organization should make. The Problem StatementPSL is an organization with a clear mission statement that does not clearly align with the “boots on the ground” reality.  The mission statement is tuned to a small, focused group with common goals and motivations.  The actual organization is broad (1000+ members), with a wide range of motivations represented by vendors, entrepreneurs, mentors, students, etc.  The leadership is guided by this mission statement and therefore is running a group that doesn’t actually exists.  Analogously, they are setting the ground rules for a small college class and then are trying to apply them to a raucous high school auditorium.  The problem isn’t the rules or the audience, it’s the mismatch. The Philosophy of the ChangeThe problem can be solved through honesty, transparency, and boundaries.   First, PSL (in both leadership and membership) needs to openly admit that it is a broad community serving more than just leaders of tech startups.  PSL serves everyone who actively participates.  I’m going to pick on Fred Wilf of the Baer Crossey law firm for a moment.  When Fred presented at the fishbowl, he was openly mocked on the live chat because he was a vendor.  While this may (or may not) have been in jest, the underlying view was that vendors are only there to leech off of the group.  From speaking directly with Fred earlier in the evening, I believe that he would feel a sincere sense of loss if he was no longer able to participate in PSL.  This reflects the fact that PSL gives Fred an opportunity to participate constructively in the community, and that is valuable to him beyond any business that might come his way.  In that respect, Fred is served by PSL.  We should all honestly come to grips with all facets of his and other vendors’ various roles in the community. Second, PSL needs to be transparent about who is in the community and why they are there.  We’ve explored Fred’s role above.  Another attendee last night was Kirk Watkins.  Kirk is an experience businessman who participates in PSL to help younger entrepreneurs refine and grow their businesses.  When you speak to him, he is very clear about why he participates, what he hopes to give (a lot), and what he hopes to get back (not much).  The organization needs to give Kirk, and everyone else a more public and systematic way to express the role they play. Thrird, PSL needs to create some boundaries.  Once we’ve established different roles in the community, it’s natural to admit that not every event is appropriate for every role.  There are times when entrepreneurs need to be able to take off their public face to express worries they’d only share with their peers.  Vendors, and even mentors, detract from these events.  There are other times when startup leaders are looking to expand their networks and learn from those who have been there.  Both vendors and experienced business people add great value in these situations.  PSL needs to help manage these boundaries so each event can blossom from the proper mix of attendees. Brass Tacks: How To Get It DoneRoles, Dues, and Segmentation.  That’s it.  If those three things are addressed, then the sky is the limit. Every member should have to identify the role they play in the community.  The roles are clear and simple.  The board should have final decision making power if a member is improperly categorized.  All existing members should be required to re-register by January 1 and should select a role through that process.  Without further ado, here are the roles: Startup Leader: Any member who is actively participating in a day-to-day role in a company that was legally registered less than 2 years ago and personally owns over 20% of said company. Startup Member: Any member who is actively participating in a day-to-day role in a company that was legally registered less than 2 years ago and does not own over 20% of said company. Sustained Business Leader: Any member who is actively participating in a day-to-day company that is more than 2 years old and personally owns over 20% of said company.Supporting Partner: Any member who intends to solicit members of the community regardless of any other criteria that might put them in another category. The leadership will need to actively address members in other categories that should be Supporting Partners. Student: Individuals actively enrolled in an undergraduate or post-graduate program at a local college / university.General Member: Everyone else.Now for the controversy… Dues.  All members should pay dues.  The objective here is to weed out the passive, casual member.  This modest barrier for entry will lighten the load of having to support a 1000+ member organization when we really probably have a 400 member organization with 600 hangers on.Now for the hedge… In Kind Participation.  All members should have the opportunity to contribute to events instead of paying their cash dues.  For example, a Supporting Partner might participate in a panel event and be given a $100 in kind credit.  A startup leader or student might help setup or tear down an event in return for a $20 credit.  The board should determine the need for participation and relative compensation. Dues:Startup Leaders & Startup Members: $60/yearSustained Business Leaders, Students: $20/year General Members: $80/yearSupporting Partners: $500/year or $5,000 for an entire companyFinally, the organization’s events and communications should be segmented based on the roles above.  Certain events might be open to all, while mentoring events might be just for Startup Leaders and Sustained Business Leaders.  Similarly, the mailing list should be replaced by 3 groups (“Everyone”, “Startup Leaders Only”, and “Startup Leaders-Startup Members-Sustained Business Leaders”).  Whether we leave the mailing list technology in place or go to a forum or LinkedIn group is merely an implementation detail. So, that’s my take on some simple, actionable steps towards moving the community forward.  Congratulations on making it to the end!

A Path for PSL - One Man’s Take

Last night, Philly Startup Leaders held a fishbowl event.  Members of the community came together to discuss the future of the organization both in principal and in practice.  A lot was said, and a lot was shared.  At the end of the night, many words had been expelled from people’s mouths and keyboards, but I’m not sure that anything had fundamentally shifted.  Though I’m loathe to stroke Alex Hillman’s ego by quoting him twice in the same week, I’m going to do so via the tweet pictured below.

While I genuinely believe that last night was both engaging and worthwhile, I am concerned that anything that comes from a group that large will be neutered by the process of consensus building.  With that in mind, I thought it would be valuable to contribute my specific, actionable vision for the changes that the organization should make.

The Problem Statement
PSL is an organization with a clear mission statement that does not clearly align with the “boots on the ground” reality.  The mission statement is tuned to a small, focused group with common goals and motivations.  The actual organization is broad (1000+ members), with a wide range of motivations represented by vendors, entrepreneurs, mentors, students, etc.  The leadership is guided by this mission statement and therefore is running a group that doesn’t actually exists.  Analogously, they are setting the ground rules for a small college class and then are trying to apply them to a raucous high school auditorium.  The problem isn’t the rules or the audience, it’s the mismatch.

The Philosophy of the Change
The problem can be solved through honesty, transparency, and boundaries.  
First, PSL (in both leadership and membership) needs to openly admit that it is a broad community serving more than just leaders of tech startups.  PSL serves everyone who actively participates.  I’m going to pick on Fred Wilf of the Baer Crossey law firm for a moment.  When Fred presented at the fishbowl, he was openly mocked on the live chat because he was a vendor.  While this may (or may not) have been in jest, the underlying view was that vendors are only there to leech off of the group.  From speaking directly with Fred earlier in the evening, I believe that he would feel a sincere sense of loss if he was no longer able to participate in PSL.  This reflects the fact that PSL gives Fred an opportunity to participate constructively in the community, and that is valuable to him beyond any business that might come his way.  In that respect, Fred is served by PSL.  We should all honestly come to grips with all facets of his and other vendors’ various roles in the community.

Second, PSL needs to be transparent about who is in the community and why they are there.  We’ve explored Fred’s role above.  Another attendee last night was Kirk Watkins.  Kirk is an experience businessman who participates in PSL to help younger entrepreneurs refine and grow their businesses.  When you speak to him, he is very clear about why he participates, what he hopes to give (a lot), and what he hopes to get back (not much).  The organization needs to give Kirk, and everyone else a more public and systematic way to express the role they play.
Thrird, PSL needs to create some boundaries.  Once we’ve established different roles in the community, it’s natural to admit that not every event is appropriate for every role.  There are times when entrepreneurs need to be able to take off their public face to express worries they’d only share with their peers.  Vendors, and even mentors, detract from these events.  There are other times when startup leaders are looking to expand their networks and learn from those who have been there.  Both vendors and experienced business people add great value in these situations.  PSL needs to help manage these boundaries so each event can blossom from the proper mix of attendees.

Brass Tacks: How To Get It Done
Roles, Dues, and Segmentation.  That’s it.  If those three things are addressed, then the sky is the limit.

Every member should have to identify the role they play in the community.  The roles are clear and simple.  The board should have final decision making power if a member is improperly categorized.  All existing members should be required to re-register by January 1 and should select a role through that process.  Without further ado, here are the roles:
Startup Leader: Any member who is actively participating in a day-to-day role in a company that was legally registered less than 2 years ago and personally owns over 20% of said company.
Startup Member: Any member who is actively participating in a day-to-day role in a company that was legally registered less than 2 years ago and does not own over 20% of said company.
Sustained Business Leader: Any member who is actively participating in a day-to-day company that is more than 2 years old and personally owns over 20% of said company.
Supporting Partner: Any member who intends to solicit members of the community regardless of any other criteria that might put them in another category. The leadership will need to actively address members in other categories that should be Supporting Partners.
Student: Individuals actively enrolled in an undergraduate or post-graduate program at a local college / university.
General Member: Everyone else.

Now for the controversy… Dues.  All members should pay dues.  The objective here is to weed out the passive, casual member.  This modest barrier for entry will lighten the load of having to support a 1000+ member organization when we really probably have a 400 member organization with 600 hangers on.
Now for the hedge… In Kind Participation.  All members should have the opportunity to contribute to events instead of paying their cash dues.  For example, a Supporting Partner might participate in a panel event and be given a $100 in kind credit.  A startup leader or student might help setup or tear down an event in return for a $20 credit.  The board should determine the need for participation and relative compensation.

Dues:
Startup Leaders & Startup Members: $60/year
Sustained Business Leaders, Students: $20/year
General Members: $80/year
Supporting Partners: $500/year or $5,000 for an entire company
Finally, the organization’s events and communications should be segmented based on the roles above.  Certain events might be open to all, while mentoring events might be just for Startup Leaders and Sustained Business Leaders.  Similarly, the mailing list should be replaced by 3 groups (“Everyone”, “Startup Leaders Only”, and “Startup Leaders-Startup Members-Sustained Business Leaders”).  Whether we leave the mailing list technology in place or go to a forum or LinkedIn group is merely an implementation detail.

So, that’s my take on some simple, actionable steps towards moving the community forward.  Congratulations on making it to the end!