2 In our opinion, Ryan Bates is something of a Rails stevedore: since March of 2007 he's been packaging and delivering "Railscasts":http://railscasts.com to the interwebs on a weekly basis. Available through "iTunes":http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=218282043 or via download on the "Railscast website":http://railscasts.com, each episode lasts between five and twenty minutes, with shownotes and additional resources also available on the website. We reckon Ryan's Railscasts are one of those "must read" resources- whether you're a novice, a dabbler, a developer in Rails or a hardcore Railshead. The episodes are a mix of tips, tricks, instructional tutorials and demonstrations of the latest features of Rails. What really makes Railscasts great though, is Ryan Bates' teaching style. There's no ego, no agenda, just infinite patience and a natural teaching mind that is able to explain ideas and construct examples that are truly helpful. Thanks Ryan and please keep 'em coming! 2010-01-24T23:00:12Z 23 2010-01-24T23:00:12Z 2 Every website and application has vulnerabilities, and each of these vulnerabilities can expose your site or business to harm- be it through the loss of valuable data or damage to your company’s reputation if the exposure becomes public. --- Generally speaking, website and hosted application vulnerabilities fit into two categories: security and availability. Security vulnerabilities introduce the possibility of public exposure of sensitive data, either through deliberate or accidental means. Loss of availability can mean either permanent loss of data, or the temporary loss of service, i.e. the website is unable to be accessed. Both kinds of vulnerabilities pose a risk to your business. In particular a security breach or an extended loss of availability could damage your company’s reputation or violate your clients’ privacy. The loss of data (either through theft or equipment failure) can also be detrimental and result in loss of business and damage to your company’s reputation. Below we'll explore the various vulnerabilities and issues your website can be exposed to, and what questions you should be asking your developer to ensure that they are being addressed. It's not an exhaustive list, but it's a strong place to start... h2. Security vulnerabilities Security vulnerabilities can be physical (i.e. physical theft or breach of systems), or can involve the compromise of data or communications. h3. Physical security Physical security relates to protection of the servers and components that host and support your website or application. Physical security is important to ensure that only authorised personnel can access this equipment for approved purposes. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Where are your servers physically located?* * *What security systems are in place to protect them?* </div> h3. Data security Data is the client and business data stored in databases and file systems. Data security involves not only access protocols (how the data is accessed), but also how the data is stored, i.e. encryption. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Is there a strict policy relating to password protecting all the systems and resources? Are both database and file system access protected by the use of strong passwords?* * *Is sensitive data, such as user passwords, stored in encrypted format using strong encryption algorithms?* * *Is sensitive data stripped out of log files, error reports and system support emails to protect the privacy of my business and customers?* </div> h3. Secure communications When you or your clients access your website they are communicating with the application systems. Each time a user logs in, loads a webpage, fills out a form or clicks a link, information flows between the user and the web server. While there is some level of standard security applied to these communications, they can be vulnerable to “eavesdropping”, i.e. when a third party intercepts these communications in order to discover passwords or other sensitive information. This vulnerability can be addressed by encrypting communications via https, a secure http protocol. Another form of communication is when developers or support staff need to access the systems hosting your application. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Does my site need an SSL certificate and use of https?* * *If you access my website system and resources remotely, do you always use secure protocols such as ssh and scp?* </div> h3. Application level security As well securing system infrastructure and communications, security policies can be extended to the application itself. These might include: implementing a password policy (such as requiring users select “strong” passwords that conform to certain rules), session timeouts that automatically log out inactive users, no sensitive information being stored in cookies, implementation of a security model that has well-defined user roles and access privileges. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *If my website has user accounts, do we enforce a password policy?* * *What information is stored in cookies?* * *What features of my website's security model help prevent unauthorised access?* </div> h2. Availability and service reliability A web application is made up of several components: the application source code, the databases that store and retrieve data, the web services that serve the application via the internet, and the equipment that hosts these programs. The equipment requires a specialised environment to maximise running efficiency, reduce the risk of breakdown and provide system redundancies so that a continuous high quality service can be maintained. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Does the machine my website is hosted on have redundancy systems such as RAID?* * *What is the machine's bandwidth capacity? Are there any redundancy systems in place?* * *How has the environment been customised for these machines?* * *Are these machines monitored 24/7/365?* </div> In the case of hardware failure or permanent loss or corruption of data, backups are required. Backups should be made of both data and source code so that the system can be quickly restored in case of a serious loss or failure. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Are there backups made of my website and data?* * *How often are these made, how long are they kept and where are they stored?* * *Do you keep backups of the source code as well?* </div> Another important aspect of service availability is monitoring of the application so that those supporting the application can be made aware of any issues and take appropriate action. Monitoring should cover issues such as availability, performance and errors. <div style="margin-left:2em;margin-right:2em;border-width:1px;border-color:#898989;background-color:#EFEFEF;padding:0.5em;"> h4{margin-top:0;border-bottom-width:1px;border-bottom-style:dotted;}. What to ask: * *Do you monitor my website?* * *What aspects do you monitor- availability, performance and errors?* * *How soon will you know if something is wrong?* * *How will you respond?* </div> 2010-01-21T23:36:04Z 22 2010-01-21T23:36:04Z 2 In Wilkie Collins' "_The Woman in White_":http://en.wikipedia.org/wiki/The_Woman_in_White, poor Laura Fairlie and resourceful Marian Fairlie struggle to outwit and escape the clutches of Laura's evil and sadistic husband Sir Percival Glyde. Set in the mid to late 17th century I greatly enjoyed this novel when I first read it a few years ago. Perhaps the greatest impression it made on me was how truly liberating technology can be. But what does this have to do with Google, Twitter and making the word a better place? Well, let me explain... --- In _The Woman in White_ the nefarious villain Sir Percival manages to manipulate Laura into being separated from her protector and sister Marian, and committed to an asylum under a false name where she languishes while her family thinks her perished. Meanwhile Sir Percival uses her inherited fortune to clear his debts and live the high life. While reading the story the first time it occurred to me that this situation would have been much harder to contrive had just one invention been available to these two women: a telephone. In the time that this novel is set a woman of a certain social position was unable to travel alone, had to do what her husband commanded her to do and had very little control over her own money and finances. In her attempts to protect Laura, Marian spends a lot of time trying to send urgent letters to other men who may be able to help them, like Laura's uncle and the family lawyer. She must wait hours or days for a response and her correspondence is extremely vulnerable to tampering. If she'd had a telephone she could have sorted it all out very quickly. If she'd had email, Twitter or a blog then she would not have been so isolated, alone and vulnerable. If she and Laura had mobile phones they could have maintained contact while physically separated. Laura could have used a smart phone to record Sir Percival's threats and expose his brutality to the world. Inevitably when these technologies first emerge they are the toys of the wealthy and the privileged, but after a while they make their way to the masses and, I believe, ultimately liberate them. Phone, email, internet and mobile technologies allow us all to have a voice, to be heard in our time of need and lead us to being less isolated. Occasionally I get very passionate about how wonderful the internet is and how I think websites can make the world a better place. Usually I get mocked by a certain friend for these views, who wonders out loud how buying shoes online makes the world a better place- although I can counter these days with a remark about how buying t-shirts certainly seems to! One such website that does make a difference recently sprang into being as a result of Google's efforts. It's the "Google Crisis Response: Haiti Earthquake":http://haiticrisis.appspot.com/?lang=en and it's for helping people learn about and locate loved ones who are victims of the earthquake. Here's the deal: _"In the response to the earthquake in Haiti, many organizations worked to create sites where people could find one another, or least information about their loved ones. This excellent idea has been undermined by its success: within 24 hours it became clear that there were too many places where people were putting information, and each site is a silo. The site Haitianquake.com began "scraping" -- mechanically aggregating -- the most popular such sites, like koneksyon.com and American Red Cross Family Links. As people within the IT community recognized the danger of too many unconnected sites, and Google became interested in helping, they turned their work over to Google which is now running an embeddable application at haiticrisis.appspot.com."_ It's not uncommon to hear someone decrying Twitter for limiting our attention span, texting for destroying our grammar and the internet for making us dumb and illiterate, but the same things were said about the printing press and the phone... and every time I hear these complaints I think about Marian and Laura and how lucky I am to live in a less isolated world. And now I will think about the people in Haiti, their families and friends and people who use the internet to make the world a better place. 2010-01-18T00:07:56Z 21 2010-01-18T00:10:01Z 2 Continuing on with the User Experience Festival (as inspired by "Smashing Magazine's article":http://www.smashingmagazine.com/2010/01/05/25-user-experience-videos-that-are-worth-your-time/#more-22480), today sees us listening to Leah Buley of Adaptive Path talk about her experiences in design and user experience. Leah's hand drawn illustrations are really captivating, as is her narrative. The presentation is a great source of good and practical ideas about how to approach design from a user experience point of view. "Watch it":http://www.slideshare.net/ugleah/how-to-be-a-ux-team-of-one?type=presentation (Duration approx 30 minutes) 2010-01-07T23:54:49Z 20 2010-01-07T23:54:49Z 2 Your website is important. Your time is important. Your money is important! So finding the right developer is important too. Below I'll explore some questions you should ask and things you should consider when finding a developer for your website. --- h3. Making the right match A good match is about matching expectations. Small business? Then find a developer who can give you the customised service and dedication you need. Big national brand or company? Then find who has the resources to meet your needs. Matching experience can also be a plus. Developers will often get work through word of mouth, most often through word of mouth in a particular industry. If you sell bmx bikes and the developer has done a lot of cycling-related websites, then they are likely to understand your industry and your needs. Matching values is also important. Look at the developer's website and what values they believe in. Do they value customer service? Speedy delivery? Economic or environmental concerns? Your return on investment? Your customers' needs? Do these values match yours? h3. Analysing their portfolio Take the time to analyse their portfolio. Does it include websites similar in nature to what you want? In a similar industry? Visit some of the websites and really experience them. Do any errors occur? Is there anything that doesn't look or work quite right? Really test the sites out- submit a query or use a feature: how did it feel? Was it clunky or smooth? Be sure to try out the sites in different browsers- do they still look and work OK? Sit back and look at the general visual style of the sites in their portfolio. Do you like it? Does the style suit *your* business? Be honest about what kind of look/feel you want: classic or cutting edge? Does their portfolio have examples of this style? h3. Customer service Good customer service is important not only while your new website is being developed, but later on once it is live and needs support or maintenance. You can test and evaluate a developer's customer service by making an enquiry. Send an email or website query and see if you get a response in a reasonable time frame. Create some important questions you want to ask and measure how quickly and how adequately they are answered. Check out their website to see what their attitudes to customer service are, then see if you can determine how these words are put into action. h3. All the other things Don't forget the things you can't necessarily see on a website or in a portfolio. Is hosting provided- what are the costs and services provided? Can the developer provide other services such as search engine optimisation and marketing, email campaigns, website and visitor stats and reporting? If the information is on their website, take a look at the tools and services they use. Have they been chosen for a reason? If so, do you agree with those reasons? h3. You're allowed to ask Anything! If it's important to you, then you should always feel free to ask your developer about it. Ask for testimonials or if you can contact one of their customers to discuss their service (be prepared to return the favour if you become their customer). You can ask them to prepare a customised portfolio of their work that matches what you're looking for. You can ask what their charge rates are, if they can give you a ball park figure or estimate for your site or idea. You can ask for advice or recommendations. If it's important to you, you can ask to meet them, their team or to see their offices. &nbsp; Because websites are important, we think it's important to take the time to find a developer who is the right fit for you. And your developer will appreciate it too- we take our work seriously and we always appreciate someone else who does as well! 2010-01-07T03:08:50Z 19 2010-01-07T03:09:36Z 2 "Don Norman":http://www.jnd.org/ talks about the Three Ways that Good Design Makes You Happy (on visceral, behavioral and reflective levels) and how emotion relates to design. (found via "Smashing Magazine":http://www.smashingmagazine.com/2010/01/05/25-user-experience-videos-that-are-worth-your-time/#more-22480) --- <object width="480" height="295"><param name="movie" value="http://www.youtube.com/v/RlQEoJaLQRA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/RlQEoJaLQRA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object> 2010-01-06T23:05:45Z 18 2010-01-06T23:05:45Z 2 Love Matthew Handy's "mathematical business cards":http://uk.moo.com/blog/2009/10/15/theres-magic-in-sharing-mathematics/- a great example of combining marketing and creating a useful resource. 2009-12-03T00:31:13Z 17 2009-12-03T00:31:13Z 2 Perhaps I'm a little odd, but I find regular expressions thrilling- a mix of fun and scary, powerful and complex. "Rubular":http://rubular.com/ is a great website for testing out regular expressions for Ruby. I find its responsive ajax interface particularly useful- have your sample text and build up the regular expression piece by piece. 2009-11-23T06:21:13Z 16 2009-11-23T06:21:13Z 2 The name of the Thoughtbot blog ("Giant Robots Smashing into other Giant Robots":http://robots.thoughtbot.com/) made us laugh out loud when we first found it, followed by a quick vote in the affirmative (carried through at 100%) for most awesome blog name ever. --- The blog itself does not disappoint- with a much more technologik bent than the more lofty and entrepreneurial 37Signals blog, it gets right down into the guts of particular problems and issues. While it's not updated every day, each post is quite lengthy and detailed, thoroughly exploring an issue, event or concept. In a few words: thought-provoking, but practical. In another word: awesome! 2009-11-11T01:33:19Z 15 2009-11-11T01:33:19Z 2 Chances are, if you look hard enough, you can always find a cheaper price. Sometimes we go into this situation with our eyes open: we go Virgin Blue not caring about an inflight meal, buy something second-hand, or obsessively search and bid on eBay for the chance of a bargain. Sometimes, though, we don't go in with our eyes open... --- Maybe we're inexperienced with a particular topic or product, trying to cut costs without really being able to afford the drop in service, or we're persuaded by a slick salesperson. If you're not familiar with the industry or product, it can be hard to tell if someone is over or under charging you. It even happens in the web development industry- and it's not necessarily deliberate. In my time as a web developer I've seen it all- from mailbox pamphlets promising a website for less than $100, to developers drastically under-quoting because they want the job, need the job or undervalue themselves, all the way to the other end of the scale where the customer is viewed as a blank chequebook. While it always pays to shop around, especially when it comes to your website, it pays to think about *why* a quote is less than another- and what it's going to end up costing you. h3. The sting is in the tail Sometimes a developer or service provider will drastically discount the initial costs because they plan to recoup the difference later on. This could be either through hosting fees or charging significantly to update your website. An unscrupulous developer might even be aware that the current proposal isn't adequate for what you need and is banking on later development charged at a higher rate. So if you see someone offering to build you a website for less than $100, be sure to ask about the costs of hosting, and how much it will cost if you need to change something. If you've received a quote that is significantly less than others, ask about charge-out rates for future work. h3. Get what you pay for The old saying is true, even when it comes to web development: you get what you pay for. Found a "friend of a friend" who makes websites after hours? Sure, he'll charge less but he'll have a narrower skill set than a web development team. He might be more of a programmer than a graphic designer, so your site functions well but lacks polish. Or vice versa might apply: the site will look beautiful but be difficult for your customers to use- and you better not look at it in Firefox or Internet Explorer because it's just incomprehensible! If the quote is much less than you expected, or much less compared to others you've received, ask yourself what you're *not* getting for that price. h3. Wait for it, wait for it... A freelance or hobbyist web developer will often charge less than a web development company to produce your website for you. While you are still likely to get a good result and excellent customer service, you might have to wait a while to actually get your website. Freelancers and hobbyists often work after hours, in their spare time or are juggling a full schedule with no one to delegate to. Alternatively, a web development company that really wants your business might discount the price but extend the development time. After all, they'll need to keep paying the bills while making your website, so other (better paid) work might get prioritised higher. If you've received a cheap quote, then ask for an estimate as to when it will be delivered. Double or triple that estimate and ask yourself if that's still an acceptable time line. If it is then go for it! Just be sure to keep on top of the project and ask for regular updates. h3. Starting all over again If you've received a surprisingly inexpensive quote, carefully considered all of the consequences, and are still happy to proceed, then perform one final check: what if it all goes wrong? What if you never get your website? What if it's built using some obscure tool that no one else uses? What if the developer won't hand over the code or your data? Of course, there are always legal avenues you can pursue, but ask yourself if your business could survive a setback like this. If not, don't just go with the cheapest quote- it's not worth it. h3. Money trail Of course, a higher quote or paying more isn't a guarantee for quality, or that you're getting the best. You could be paying for overheads that you don't want: your developer's rent, large retinue of staff, proprietary technology. You should also look closely at what money is being spent on what parts of the project- and if those priorities match your own. Is more money being spent on the visual design than the functional "back-end"? That might make sense if you need your website to be visually engaging but not actually do a lot of complicated things; but make sure that this is the case. If you want to cut back on your spending for your website, think carefully about the different components and how _you_ prioritise them. Make sure you communicate this to your developer and, if necessary, negotiate a price based on a design you create together- then you'll know where and why the cost savings are being made. h3. The bit where we blow our own horn Yes, yes, we're blowing our own horn here but really, this article is the reason we started our own web development business in the first place. Throughout our careers we've either witnessed, experienced or been unwilling participants in some of the above situations, and as a result, our guiding principles are being *fair*, *open* and *transparent* about what we do. When we quote for a project, we strike a balance between the amount of effort we'll need to expend, the skills we'll need and the costs we'll incur, with what the value of the project is to our customer. And if our customer can't afford a lot, then we'll adjust our prices or design to a budget. And that's what _we_ call a fair price. 2009-11-10T00:41:50Z 14 2009-11-10T00:46:40Z 2 Desire lines is the name given to a path made by the erosion of many people walking along the same trail- sometimes completely ignoring existing paths established by designers and architects. --- You can learn more about them from "Wikipedia":http://en.wikipedia.org/wiki/Desire_path or "this article":http://37days.typepad.com/37days/2005/12/follow_your_des.html. It's a lovely name, given to an interesting idea. Often these desire lines represent the most direct or the easiest path from A to B. _"…those well-worn ribbons of dirt that you see cutting across a patch of grass, often with nearby sidewalks ignored—particularly those that offer a less direct route. In winter, desire lines appear spontaneously as tramped down paths in the snow. I love that these paths are never perfectly straight. Instead, like a river, they meander this way and that, as if to prove that desire itself isn't linear and (literally, in this case) straightforward."_ Concepts that apply to the "paths" that we design for people on our websites and applications. When we imagine a "user" we picture some sort of logical, almost robotic, person- one whom we believe has the same destination in mind as ourselves. But what _desire lines_ are our users really following? Unfortunately, websites are not like grassy landscapes that obviously show (to us or other users) what paths people are following. Is there a way we can show these pathways to ourselves and others? 2009-11-09T02:36:30Z 13 2009-11-09T02:36:30Z 2 Because you should always celebrate successes, and because awesome things should be blogged about- there exists the "Succeed Blog":http://succeedblog.org/. 2009-11-08T22:48:01Z 12 2009-11-08T22:48:01Z 2 "Signal vs Noise":http://37signals.com/svn is 37Signal's blog, about "design, business, experience, simplicity, the web, culture, and more". 37Signals is well known in the internets for a few reasons- mostly as the home of David Heinemeier Hansson creator of Ruby on Rails, and also for their range web-based services for managing projects, people and things (Basecamp, Highrise, etc). With a reputation for being opinionated innovators (and, some would say, arrogance), the blog is a great mashup of discussions about many things business and web, but the comments can occasionally suffer from a bit of Tall Poppy Syndrome. All of which gives a great insight into how a "big" software development company works, innovates and is perceived. The most prolific contributors are Jason Fried, Matt Linderman and Ryan Singer. While each of the 37Signals products has its own blog, you'll occasionally hear about new features- but always in the context of a broader discussion, perhaps about usability, business strategy or design/implementation process. And I think that's what sums up what I love about this blog so much- it's the thinking entrepreneur's blog about real practice. Discussions in the comments are also often thoughtful and thought-provoking, and with a large readership you're bound to get a healthy range of views. 2009-10-22T00:42:52Z 11 2009-10-22T00:42:52Z 2 Check out "OpenUpNow,org":http://www.openupnow.org, a non-partisan political movement in the UK (a little like our GetUp! but focused on one issue). The movement (and website) is in response to the scandal in the UK some months ago regarding MPs essentially rorting their expenses system to reimburse themselves for things like mortgages they'd already paid off, adult videos and a &pound;1,600 ornamental duck house. The videos on the site are emotionally packed and highly amusing, but the site design also impresses me greatly. It features muted, "plain paper" colours and textures, all lines, buttons and icons have a "sketched" or drawn kind of style. It could have been overwhelming or too kitschy, but the consistent application of the style (right down to the RSS feed icon), warm colours and simple design mean that it doesn't annoy or distract. This style is really closely aligned with their message: they are a grass-roots, no frills movement powered by the people. A slick and professional "web 2.0" look and feel would be all wrong here, and probably make people feel like *this* group was wasting money on web design- precisely the wrong message for their campaign! 2009-10-20T23:44:29Z 10 2009-10-20T23:44:29Z 2 Audio and video aren't that crash hot (sorry), but Stephen Fry's rant about Microsoft Windows makes some fantastic points about the importance of usability and how software and interface are part of our working environment. --- <object width="500" height="315"><param name="movie" value="http://www.youtube-nocookie.com/v/v9FF1DHbjUo&hl=en&fs=1&border=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/v9FF1DHbjUo&hl=en&fs=1&border=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="500" height="315"></embed></object> 2009-10-19T04:01:45Z 9 2009-10-19T04:01:45Z 2 If you've ever contemplated getting a website for yourself or your business, I'm sure the first question that's popped into your head is "How much will it cost me?". Maybe you've received a quote or an estimate from someone and been surprised at the figure being much higher or lower than you expected and wondered if you're getting the right advice. This article is about helping you figure out what the answers to some of these questions might be and why. --- The most honest answer is, of course, _it depends_. It depends on what you want your website to do, it depends on how many people will visit it, it depends on what your business is and it depends on how much you're willing to spend. h3. Who are you? How much your website will cost you does depend to some extent on the size of your business and the industry you are in. If you have a large product line or a well-known brand, if you have a global customer base, or if you are a high profile business, then your website may need to be larger, shinier and have more functionality than, for example, a website for a locally-owned maternity clothing store. The same can be said about the image you want to project- if you want to compete with "the big boys" then your website needs to be on par with theirs... and so will your website budget. h3. What will your website need to do? This is probably the most important determinant in how much your website will cost... what _exactly_ does it need to do? Ask yourself what your business goals are, and be honest about how your website can help you achieve these goals. In our (very humble) opinion every business needs a website for the simple reason of it being another way for people to find out about your business- of its existence, location and what it does. If you don't have a website now, then your first step is to establish one asap. The basics you'll need are: * A good domain name (make it easy for people to find you) * A professional and suitable design (don't settle for something off the shelf) * Two or three pages that include information about your business, how to contact you, and descriptions of your products or services * A blog (blogging about your business, products or services keeps your site fresh and interesting) * A form for people to make contact or give you feedback via your website * Installation of a visitor tracking tool (like Google Analytics) and some search engine optimisation and marketing A website that includes all of the above should cost between $1,000 and $3,000. Of course, you could get it for less, but there can be pitfalls (see my article "But I can get it for less!" coming soon). Keep in mind that if you need anything in addition to that, like a special design or extra modules like a product catalogue, online store or content management system, then the price will go up. The most important advice I can give you about what your website should do is to a) make sure you're addressing a real and immediate business need, and b) don't be afraid to start with the basics and build from there. h3. Who is your developer? Who you choose to develop your website for you can also affect the price- and it's not just all about markup and overheads. At the bottom end of your price scale (probably less than $1,000) you've got the freelancers and hobbyists. They'll be able to make a website for you fairly cheaply, but since they're probably working on it in their "spare time" you may have to wait a while to get it. Depending on their level and type of experience, it may also lack polish and be a little clunky. And while they may help you organise hosting you'll have to manage your website and monitor its health. At the top end of the scale you'll have large website and application development companies. Their prices will start at about $20,000, for which they will build and entirely manage your website, hosting and monitoring it for you. While their size and price tag is no guarantee for quality, where things can get sticky for you is in updating your site. Even small changes are likely to be expensive and, if you're not one of their largest customers (who spends in excess of $250,000 per year on web development), you might not get the kind of attention you need. Between those two ends of the scale is a range of different kinds of web development companies. Depending on their specialisation and capabilities, your immediate benefits are an established business, inexpensive hosting and monitoring services and less overheads. Then it's simply a matter of finding the right fit- see my article "Finding the right developer for you", coming soon. h3. After the honeymoon is over A meme that pops up often in tv shows and movies is that, when a new website goes live, the business will start receiving calls straight away. The site never needs to be maintained, changed or updated... somehow it just keeps magically bringing in customers and money! Sadly, in real life, such things as "road trip dalliances with Brad Pitt":http://www.youtube.com/watch?v=RoL_-3MJAqM and miraculous websites like these, just don't happen. Once your new website is live it needs further commitment from you, in terms of *time* and *money*. You need to spend time keeping your website up-to-date and fresh, fine-tuning the content and performing search engine optimisation and marketing. You should also expect to spend as much on your website every year as you did getting it created- and this is a _good_ thing. If your website is successful, then it is attracting more visitors, encouraging return visits and generating revenue for you. It needs to grow, and you need to fund this growth. Time to crack open the champagne! h3. The real question you should be asking Don't ask "How much will it cost me?", instead ask "What am I willing to spend?". Changing the question changes the whole dynamic of the situation. Firstly, you can *choose the developer you want* and go to them with your budget. Knowing what you're willing to spend, and understanding what your business needs are, the developer will be able to design a website that meets those expectations. Secondly, having a budget for web development helps you think about your website as *a continuous project*, allowing you to *start small* and *build it in response to your business needs*. Having a budget also lets you *plan your spending* and more easily measure your *return on investment*. Most importantly, it takes all of the guesswork out of the equation and lets you be in more control of your spending and your website. 2009-10-15T23:26:33Z 8 2009-10-15T23:27:48Z 2 Watching this interview today between Jon Stewart of The Daily Show and Chesley Sullenberger (the pilot who safely crash-landed a plane in the Hudson earlier this year) fills me with admiration for this intelligent, thoughtful, skilled and well-grounded man. <table style='font:11px arial; color:#333; background-color:#f5f5f5' cellpadding='0' cellspacing='0' width='360' height='353'><tbody><tr style='background-color:#e5e5e5' valign='middle'><td style='padding:2px 1px 0px 5px;'><a target='_blank' style='color:#333; text-decoration:none; font-weight:bold;' href='http://www.thedailyshow.com'>The Daily Show With Jon Stewart</a></td><td style='padding:2px 5px 0px 5px; text-align:right; font-weight:bold;'>Mon - Thurs 11p / 10c</td></tr><tr style='height:14px;' valign='middle'><td style='padding:2px 1px 0px 5px;' colspan='2'><a target='_blank' style='color:#333; text-decoration:none; font-weight:bold;' href='http://www.thedailyshow.com/watch/tue-october-13-2009/chesley-sullenberger'>Chesley Sullenberger</a></td></tr><tr style='height:14px; background-color:#353535' valign='middle'><td colspan='2' style='padding:2px 5px 0px 5px; width:360px; overflow:hidden; text-align:right'><a target='_blank' style='color:#96deff; text-decoration:none; font-weight:bold;' href='http://www.thedailyshow.com/'>www.thedailyshow.com</a></td></tr><tr valign='middle'><td style='padding:0px;' colspan='2'><embed style='display:block' src='http://media.mtvnservices.com/mgid:cms:item:comedycentral.com:252457' width='360' height='301' type='application/x-shockwave-flash' wmode='window' allowFullscreen='true' flashvars='autoPlay=false' allowscriptaccess='always' allownetworking='all' bgcolor='#000000'></embed></td></tr></tbody></table> I think there are some really important lessons here- not just for pilots, but for any professionals. I simply can't imagine how I would handle a situation like the one that Mr Sullenberger faced. He says he can hear the stress in his voice, but whatever stress he felt he was still able to think clearly and rationally and solve problems. Mr Sullenberger attributes it partly to his nature, but also to his "decades of training". Training that has examined the risks, anticipated as many of them as possible and even prepared pilots for situations that can't be anticipated. We face these situations in software testing- trying to anticipate the risks and problems we could face, creating tests to find and define them. What we struggle with the most in our testing is the risks we can't identify or imagine. Mr Sullenberger also mentions his co-pilot Jeffrey Skiles, and how, during the incident, he was with him "step by step, solving the next problem". Which sounds to me like test-driven or behaviour-driven development: taking one small piece of the problem at a time and solving it. If you can crash-land a plane safely this way, then you sure can develop an application! What really hit home, though, were Jon and Sully's discussion about experience and skill and how it *must* be valued. Mr Sullenberger credits his decades of experience for his ability to deal with this situation and explains how financial pressure on the aviation industry has led to pilots being paid less and crazy cost-cutting measures like taking handy tabs out of an airline emergency manual. He's speaking about the airline industry, but really it applies everywhere: if you don't value the profession, you can't attract the best and the brightest- and isn't that what you always want? I've worked for people who barely understood what I did and who certainly didn't appreciate the skills and intelligence needed to solve the problems I faced. It's disappointing when it happens and the ultimate result is always going to be that you're going to lose that person and all the talent, skills and experience that they represent. If something's worth doing, then it must involve skill, which takes time, determination and investment to grow. You can't just buy it, you can't just assume you'll never need it, and you can't just expect it will be there when you need it without investing in it. I think Mr Sullenberger says it best: "One way of looking at this might be that for 42 years, I've been making small, regular deposits in this bank of experience, education and training. And on January 15 the balance was sufficient so that I could make a very large withdrawal." 2009-10-15T03:51:19Z 7 2009-10-15T03:51:19Z 2 What shouldn't you do when there's a major system outage affecting your customer's systems? According to Air New Zealand chief executive Rob Fyfe don't do nothing. Because if you do, or you drag your feet, or don't mea culpa or even acknowledge there's a problem, then, not only will your customer be very upset, but it will probably "appear in a national newspaper":http://www.theage.com.au/travel/travel-news/air-new-zealand-blasts-ibm-over-system-crash-20091012-gt4p.html (and get blogged about). Mt Fyfe was so upset he blasted IBM, saying in a leaked email: "In my 30-year working career, I am struggling to recall a time where I have seen a supplier so slow to react to a catastrophic system failure such as this and so unwilling to accept responsibility and apologise to its client and its client's customers." Since most systems were restored four hours later, it must have been a fairly catastrophic failure indeed, but I think IBM's handling of the incident has made the situation 10 times worse than it could have been- and is the real reason it's appearing in the press. When something goes wrong, *especially if it affects your customers' ability to service their clients*, the first priority must be communicating that you're aware of the issue and working on a solution. If you can identify the cause, *tell the customer what it is, even if it might be your fault*. The best maxim is to always treat your customers how YOU would like to be treated. As to the apology part... "opinions can be divided":http://37signals.com/svn/posts/1878-sympathize-i-can-understand-why-you-are-u, but I think the best advice is to be honest and proactive wherever you can. I sometimes wonder if IBM's reaction to this incident is simply an inevitable part of outsourcing your support to such a large company. IT support can be such a hard slog- people are always unhappy and frustrated when they call you, the problem is *never* what they think it is, and you're probably not being remunerated very well. When it hits the fan, can you really be surprised that such a small cog in a big machine wants to pass the buck or "escalate the issue" to some other department? Don't always assume that a "big name" like IBM is enough insurance for when something goes wrong- pick suppliers that match your size and needs. And if you're a big company like Air NZ, invest directly in some "home grown" support as well as outsourcing. They'll have your best interests at heart, not just squeezing every cent they can out of the contract. 2009-10-12T04:45:49Z 6 2009-10-12T04:46:13Z 2 Recently I was watching ABC's "Good Game":http://www.abc.net.au/goodgame (you may wonder why someone like me, who doesn't even own a gaming console, watches this show, but the simple reason is that they are interesting and "funny":http://www.abc.net.au/tv/goodgame/stories/s2644212.htm). The "segment":http://www.abc.net.au/tv/goodgame/stories/s2703666.htm was on music in games, in particular a special event in Sydney called "A Night in Fantasia":http://www.eminenceonline.com/anif09/. Performed by the Eminence Orchestra, it features music from anime and games, all beautifully brought to life by a full symphony orchestra. Unfortunately, I only found out about this concert after their *one and only* 2009 performance. D'oh! But it did remind me of a school trip to see a symphony orchestra perform back when I was in Grade 5. It was a special performance for young school children and featured a few different "important" pieces. The conductor would introduce each piece, telling us it's name and also where else we might have heard it- in a famous movie, in a commercial, etc. Besides this being my first experience of live orchestral music (which *nothing* can compare to), it was the first time I became aware of the intertexuality of everything we create and experience. Hearing this music that was familiar in completely another context was like a tap on the shoulder and a sharp reminder to always think about where things come from. Weaving references to other people's creations into what *we* make is another way we communicate with people. A stylistic reference can allude to similar functionality, using certain colours can create associations and engender certain feelings, and popping in a Star Wars reference or too can create an instant feeling of shared understanding... and maybe even a laugh or two. 2009-10-08T04:03:22Z 5 2009-10-08T04:03:55Z 1 I recently was working on some code for a security model. It was pretty standard, with Users and Roles and lots of other stuff that felt like overkill. I hit a bit of a stubbing block when it came to naming my join model. A user has many roles through what?? In the end I copied my database and went with privileges. The result was bc. class User has_many :privileges has_many :roles, :through => :privileges end class Privilege belongs_to :role belongs_to :user end class Role has_many :privileges has_many :users, :through => :privileges end I find that coming up with good names that accurately reflect the intent as one of the biggest programming challenges. It also got me thinking about how to model responsibilities, even though they they weren't needed is this particular case. I think that it would be something like: bc. class User has_many :great_powers, :conditions => {:great => true} has_many :great_responsibilities, :through => :great_powers end 2009-09-21T12:35:42Z 4 2009-09-26T06:02:05Z 2 One of our favourite clients is the crew at "Anchor BMX":http://www.anchorbmx.com.au - their blog keeps us endlessly entertained and amused. Recently we've been helping them out by extending their "online catalogue":http://www.anchorbmx.com.au/stock to include a shopping cart and online ordering through PayPal. By utilising PayPal's merchant services, Rails' adaptable framework and our own awesomeness, we were able to implement the whole project within three weeks and within Anchor's budget. It's a win for everyone! Especially me, because I've just ordered this awesome "Best Friend's tee":http://www.anchorbmx.com.au/stock/204-anchor-best-friends-t-s. 2009-09-15T08:14:59Z 3 2009-09-15T08:18:14Z 1 Hypothetical Solutions has just launched their all new, long overdue blog *Stark Raving Sane*. This is were we will be talking some sense to ourselves and some nonsense not to ourselves. Hence the name. Here you will find our musings on web development and design, as well as news from Hypothetical Solutions. 2009-09-12T01:31:31Z 2 2009-09-12T01:31:31Z Two- one to screw in the bulb, one to write a unit test. Boom, boom! 2009-09-08T09:27:33Z 1 2009-09-08T09:27:33Z