Posts Tagged ‘SaaS’

Freedom and All That

Tuesday, March 3rd, 2009

I’ve just finished posting a new blog entry on XP-Dev.com on the definition of Stories, Tasks and Bugs from XP-Dev.com’s point of view. However, the beauty of it all is that users make XP-Dev.com their own. They end up using it for various other purposes other than software development (and agile at that!). They are free to use it whichever way they see fit.

In my blog entry, I said:

However, this article (and future ones) are only guidelines – you are free to decide on how you’d like to use XP-Dev.com.

“Free to decide” – these words triggered a memory from the past.

Back in 2003 I was doing an summer internship/job with Lec here in the UK and was rushing back to their office from Victoria station in London. I was running late and did not have enough time to read the notice board on which platform I was meant to catch the train from.

I ran to the first person who looked like he worked at the station, and I asked him which is the next train to Bognor Regis (Lec HQ). Apparently there were 2 – one that was leaving at that moment, and another that was leaving in 30 minutes. I wasn’t too sure which one my ticket was for, and showed him my tickets and asked “I’ve got these tickets – which train can I board?”.

As soon as I finished my question, he immediately replied “Take which ever one you’d like – it’s a Free country”. He didn’t bother even looking at the tickets!

With adrenaline still rushing through my heart, I thanked him, ran to the train and boarded it. The train left a minute later.

I have always comeback to this little episode whenever I think of usages of a tool or even idea – let it be a handy tool (screwdriver, etc) or even an edit (one of the team asking whether its OK to use Vim instead of Emacs). I have a 2 second flashback to that moment in Victoria station and reply to them in the same manner – “Its a free country. Do whatever you want.”

And this is the beauty about building tools that people use, like XP-Dev.com. Everyone has their own way of using it and it should be just like that. No hard rules, everyone gets to do it their own way, and everyone is happy.

There’s a saying “With freedom comes responsibility” – so, just don’t do anything unlawful.

Tags: , , , ,
Posted in Internet, Management | No Comments »

5 Tips for Building a Web SaaS

Sunday, February 15th, 2009

I have encountered tons of problems, some small, some large while building XP-Dev.com as a web software as a service (SaaS). To be honest, I was a little too naive and didn’t foresee some of these issues, and I really do hope it will help someone out there who’s thinking of building a SaaS for the masses.

1. Case Sensitivity

Case sensitivity of your unique keys is really important. For example, when you’re building a user database, you need to consider whether User1 is the same as uSeR1 and vice versa. Do note that email addresses are case in-sensitive and you’ll need to be able to cope with that in your application code. If you’re hosting your application on a Linux box, do remember that in general, Unix filesystems are case sensitive, and if you had a directory for User1 on your server, you could have another directory for uSeR1 as well.

On the database side, MySQL has a small bug nifty feature that will actually help you solve this headache a little. If you declare a column as a VARCHAR, searches on it are case insensitive, i.e. if you search for uSeR1, you will get back User1.

If you’re finding some weirdness around Hibernate, MySQL and case sensitivity, do have a look at by past blog about it.

2. Internationalization and Unicode

Just build everything on UTF-8, from the beginning, on each-and-every-file, on each-and-every-request. It will save you a whole load of headache later on when you’re considering releasing your SaaS to the non-english speaking world (and that’s a HUGE motha-** of a world that you don’t want to miss out on).

Use UTF-8 database tables. Depending on your installation, you’ll find that MySQL uses latin1, and that doesn’t bode too well with them accented and asian characters. The trick is to use the ‘CHARACTER SET‘ option when creating your database, and setting ‘charset=utf8‘ when creating tables.

Do use the awesome W3C HTML Validator to ensure that web browsers are reading your SaaS using the correct encoding:

3. Login/Register Lifecycle

Ahh yes, authentication! There’s a ton of research put into answering the question ‘How do I authenticate users on a website ?’. But my gripe is not about the authentication itself – it’s about doing the right thing after authentication.

Here’s a common scenario – User1 visits http://example.com/some/private/service/ which is an authenticated service – i.e. User1 needs to login to example.com to be able to access it. The problem is that some SaaS out there immediately redirect User1 to their ‘dashboard‘ or ‘homepage‘ on example.com – http://example.com/userhomepage.

This will frustrate users as they have to:

  • Remember the initial URL http://example.com/some/private/service/
  • Login
  • Retype http://example.com/some/private/service/ in the browser’s address bar
  • Press Enter.

The same applied if the user has not even registered for your SaaS.

The solution here seems pretty obvious – keep track of the last URL that a user hit before reaching your authentication pages, and upon successful registration or authentication, just redirect the user back to the original URL.

Most web frameworks will have support for this functionality in one form or another. Do look it up and get it in before the site goes live.

4. URLs and Permalinks

Keep everything in nice encapsulated URLs. This is a subjective area (that has been debated to an extent that it’s no longer funny), but I think having URLs that do not contain query paramaters are:

  • Easier to remember
  • Search engine/SEO friendly
  • Cleaner to regenerate in code

For example, instead of having:

http://example.com/some/private?service=login

You could instead have:

http://example.com/some/private/login

If you’re using a modern web server like Apache, Nginx or Lighttpd, they all provide some mechanism of rewriting URLs so you don’t have to modify your code too much.

5. Application Level Permissions Layers

Most SaaS are essentially database driven applications, and they all access the database under a single user. In some complicated setups, this can actually go to 2 users – one for reading and one for writing. An even more complicated setup, each user of the SaaS will have a database login.

All of these are essentially not enough.

And here’s why – in a world where a normalised database structure is all the hype, there’s a high degree of certainty that data for User1 sits on the same table as data for User2. As far as I know most databases don’t really have row level permissioning and hence, having to rely on your database as your permission layer just does not work.

There is one setup where I thought that it might work – give each user a new table or database. But clearly this is a solution that simply won’t scale.

So, what’s the alternative ? Embed it into your application code. The decorator or facade patterns are extremely powerful for implementing this. Moreover, you can do complex permissioning, for e.g. User1 can read the business object during weekends, but not when User2 is logged in at the same time. OK, fine – ts a bad example, but you get the point.

Why bother going through all this trouble ? Well, here’s a generic use case:

MyCalendar app is a web SaaS online calendar offering. Each user can have multiple calendars, and they are all private to the user. To retrieve a calendar, all a user has to do is visit http://example.com/calendar/<calendar id>/ where calendar id is an identifier on a database table.

Say User1 has calendars with calendar ids 240, 252 and 362. If MyCalendar app didn’t have application level permissioning, User2 would happily be able to view all 3 of User1’s calendar.

So, the natural question to ask is “Do users actually try to do that ?”. YES! They will. I’m not sure whether they are curious, or looking for a security hole, but you will find some users exploring the URLs. What I mean by that is, say User2 has a calendar id of 5442. He/She will try to visit the URLs for calendar id 5440-5449, even though there are no direct links to those calendars that they can see (except 5442).

Using a database driven web framework like Rails and Django is all well and good, but remember to implement some application level permissioning if you have any private data.

There You Have It

5 simple tips that will save you a ton of hassle if you’re building an SaaS. As always, feedback is appreciated.

Tags: , , , , ,
Posted in Uncategorized | 6 Comments »

Pricing Your Product

Friday, December 19th, 2008

My mind has been in a bit of a limbo the past few days, and it is to do with pricing software as a service (SaaS). I have blogged in the past that I do have a few ideas on generating revenue from XP-Dev.com, and pricing these ideas is an absolute pain. To top it all, I am really nervous about it. I have discussed it with a few people and I ended up getting more nervous than when I started the discussion.

However, Eric Sink has written down a few pointers about this. It does not give an answer to the golden question – How much do I charge for my SaaS ? but it does give some advice on how to tackle it. I think it is very well written.

Quoting Eric’s article:

You should consider all of these issues, and probably a few more that are specific to your situation. Look at the decision from every possible angle. Anything you read on the subject of pricing is merely an aid to your own judgment, not a substitute for it.

Amen to that! For now, I shall go back to thinking about pricing ideas for XP-Dev.com and keep my mind in a limbo.

Tags: , , ,
Posted in Management, Programming | No Comments »