Who owns your domain?

If you are a small company, do you outsource your website development to a web design firm? If so, do you also make them register your domain and maintain? If so, think again!

Some person from a web design firm recently was exploring ways to make money out of the domains of his clients who got busted due to the bad economy and didn’t pay the dues. It appears he seems to be the domain admin of his client’s domains and so he can pretty much do whatever he wants. Like converting it into a website with affiliate links, of if the domain has a decent pagerank, selling paid links etc.

I understand that the web designer is trying to cover the losses, but in process abusing the access to the domain and hosting solution is probably not the right thing to do. That’s my opinion and I am open to read what others think. So, if you have any opinion on this specific topic, please comment on it.

The Math Behind Swoopo.com

Recently I came to know of this website called swoopo.com which auctions various products. However, it’s quite different from eBay. There are many websites and articles that talk about it’s legitimacy (I agree it’s legitimate), I would like to talk about the math behind it and then the tax implications.

Take this completed auction for example. The winner got it at a savings of 79%. Wow, that sounds great, isn’t it? And there is no scam here. The winner indeed got it for only 21% of the product. However, that doesn’t mean that swoopo.com made a huge loss on the product. Infact, you would see in a moment that it made a lot of money.

Let’s study their savings widget which says

Savings:
Worth up to: $1,299.00
Placed bids (250): $187.50
FreeBids (0): $0.00
Final price: $79.31
Savings: $1,032.19

First, all the auctions start with a product price of $0. Each bid costs $0.75 to the bidder (yes, this is one of the differences between eBay and Swoopo). Each bid also increases the product price by $0.01 (in normal bids by $0.15). So, that means, for the final price to be $79.31, there have to be 7931 bids (= $79.31/$0.01). This translates to $5948.25 (= 7931*0.75). Plus, the final price of $79.31. So, a total of $6,027.56. Essentially, Swoopo got $6K for a product worth $1.3K (infact, the $1,299 they mention is the recommended retail price and we all know that by doing comparison shopping we can find the products at much lower prices).

Wait, then what do they mean by “Placed bids (250): $187.50″? Why only 250 bids? Well, that’s right. Those are the bids of only the winner. So, the winner essentially spent $187.50 in bidding and finally another $79.31 to buy the product. So, in total $266.81.

So, this is a very good deal for both the winner and the website. What about the rest? Well, they did their bidding and lost some money. Individually it might be a small amount, but collectively it’s a lot.

Now, rather than doing the elaborate calculations, I will give a simple formula.

The amount that the website makes is always equal to

Final Price * (1 + Bid Price / Raise-Price).

So, for penny auctions it is

Final Price * (1 + 0.75 / 0.01) = 76 * Final Price!

And for normal auctions, it is 6 * Final Price.

One interesting thing to note from the above is, the more bidding happens, it’s only the website that keeps benefiting from it as they make (N*Final Price – Actual Product Price). I think this is different from lottery, where the prize money goes up with more bidding.

Now lastly, I want to talk about tax implications. Unlike eBay, since in Swoopo people are paying for the bids, it’s essentially like gambling. I am not a tax expert, but searching on the web indicated that if someone made 79% savings by this type of auctions, are they expected to report their savings as tax? If someone wins in one auction and loses in another, can they offset the loses against the gains?

Google Apps – eNom or GoDaddy?

I have signed up for several domains through Google Apps. And so far I have always used eNom. I don’t remember what made me pick eNom over Godaddy the very first time, but subsequently I always used eNom because I didn’t wanted to learn yet another Advanced DNS settings user interface.

But when I registered a new domain today I thought I would give GoDaddy a try just for the heck of it. That decision turned out to be a wrong one. Here is why.

Many hosting solutions these days provide unlimited domain hosting with the appropriate plan. The unlimited domain hosting will allow adding as many domains as one wants using the same account. Of course, the overall physical limits such as bandwidth, harddisk etc remain the same but these days even those are practically unlimited. So, the one resource that would become a bottleneck eventually, if you happen to turn many of those addon domains to be successful, is the CPU.

Anyway, my primary domain is hosted on a specific server of the hosting provider. Over time, this server domain will remain the same but the IP address can change. Not often, but it did happen once in the last 2yrs. Prior to this happened, I always used to specify the IP address and create the A record in the DNS settings. But one fine day, my website stopped working and it was because of the change in the IP address. From then on, I removed all the A records and created a wild CNAME record. This would allow my top level domain name to point to subdomain name of the server that hosts my website. Something like

@ xyz.hostingprovider’sdomain.com CNAME

From then on, I never had any problems. One drawback with this approach is that resolving my domain name to the physical address requires additional lookup.

Anyway, it turns out that GoDaddy doesn’t support wildcard CNAMEs. So, I had to leave a single A record with the server’s ip address.

Next time I have to pick a domain registrar with Google Apps, you know whom I would go with.

Google Apps & Privacy

I use Google Apps for many websites. One of the reasons is that for just $10 a year, I can register the domain with privacy protection and also get a nice email application. Recently I have chosen not to renew one of the websites. So, the domain expired. Then, to my dismay I found my information when I searched for the expired domain in one of the whois directories.

What’s not clear to me is, if this is a standard practice where the privacy information is no longer protected once the domain is expired or if it is something specific to the terms & conditions between Google and eNom. Whatever be the case, I think it is inappropriate to not protect the privacy just because the domain has expired.

The One Dollar SAAS Solution

Back in 98 when I signed up for a web hosting solution, I was paying about $30 a month with very little hard-disk (in MBs), bandwidth (MBs again) and CPUs (probably also in MHz though I don’t remember) shared by many others like me. But for the last two years, I have a hosting account for which I pay about $8 a month with unlimited hard-disk and bandwidth and much better CPU and what’s more unlimited domains and databases and on and on.

Yesterday I found that one of the SAAS vendors was using another SAAS vendor for one of their online services. And the pricing was about $19.95/month per single agent. That’s when I realized that in a decade from now, the SAAS landscape is going to evolve in ways similar to the web hosting solutions.

There are going to be big players and then there are going to be smaller ones. The reason why some web hosting providers are able to offer the “unlimited” promises are because they know that more than 90% of the small startups don’t use even 1% of what they were being allocated. So, collectively it would seem like unlimited resources.

Right now a lot will be invested in defining a SAAS platform and infrastructure. But in a couple of years, hopefully people will rely on more standard components. One great example I can think of is the cpanel. Today most web hosting solutions provide cpanel to manage the account. Anyone switching a hosting provider usually doesn’t have to learn a new system to manage the account. Eventually SAAS will evolve to this stage and at that time, the SAAS solutions will be offered with the “unlimited” offering and very cheap prices.

Ofcourse, just like the dedicated hosting solutions are still expensive, there will be SAAS offerings for high-end customers who would pay more.

3/14 is a Pi Day

So it seems March 14th has been officially named as the Pi day. The value of Pi is roughly equal to 22/7 which is equal to 3.14159…. So, that’s why 3.14 is used to represent the Pi day.

So, what if you are in a country that uses a different date format? For example, in India, the dates are written as dd/mm/yyyy rather than mm/dd/yyyy. So, perhaps such countries should consider July 22nd as the Pi day? To represent 22/7?

Is Open Source Saving You Money?

May be. But here is an interesting conversation I had with a guy who worked for me in the past. Recently he contacted me to suggest technical solution for something. He also said “I would like to know whether any freeware which would address this kind of requirements”. I replied him pointing to a webpage that contained a lot of commercial and open source solutions. And asked “Why are you looking for a open source? Is your customer not ready to pay for commercial software? .” (If you read this carefully, you would notice I used freeware and open source interchangeably but that seems to be usually the perception to many anyway).

The reply to my email mentioned “The reason why we were thinking about open sources is that , We can customize open sources as per our requirement and absorb the license cost into services . Also, We can delink any technical risk which could be faced by customers. It was purely a cost benefit option in terms of customer and implementing partners.”

So the interesting observation for me is that next time a consulting firm recommends an open source solution, realize that the reason for that is not entirely the benefits of open source over a commercial solution but the fact that the consultant might be hoping to get the license piece of your allocated budget moved towards consulting service!

Interestingly in this specific case, they went with a commercial solution as they couldn’t find a similar open source alternative. Perhaps the estimated consulting cost outweighed the cost of licensing.

The intent of this post is not to mention that open source is not the right way to go but to make people realize why someone might propose going with open source solutions.

The Toilet Testing

Testing software is an important step within the software development lifecycle. However, sometimes I think it’s overdone. A lot of time and effort, which translates into money, is wasted in testing for every corner case. The problem with software is, if there are N variables and each on average has M values, then there are N^M variations and it simply is not possible to test all these cases. It is possible to identify some critical test cases that cover this exponential space. I mean, I am not talking about the more test cases, the more the coverage. Instead, it is likely to be possible that carefully picking a set of distinct test cases can actually cover a broader space. However, this is a difficult task and requires a much more coordination between developers and QA teams and obviously the problem is that this seldom happens.

Usually large corporations can afford to spend a lot of money on quality testing. Or may be that’s not correct given the quality of software we see from some of the large corporations. On the otherhand, perhaps they are actually spending a lot of money and effort, but not to do it the right way.

So, the question really is, what if you are a small company or just an individual service provider? Can you afford to spend so much time on testing? Given that the software testing is often wrongly linked to construction industry and people keep questioning why can’t there be building blocks that can be easily plug-and-played, I am going to take an analogy from the construction industry as well.

Say someone got a new house built. When they move in, would they put some sand down their toilet and get it clogged? The point is, there is an expected behavior and then there are all sorts of “I-want-to-break-this-thing” actions. Obviously the builder has not taken any special steps such that the home owner doesn’t shoot his foot by doing something stupid and clogging his toilet.

Yet, there is a lot of emphasis on corner case testing or in some cases monkey testing where any random data is fed into the system. Part of the problem for this is that the QA team is considered doing it’s job based on the number of bugs discovered. However, the goal should be not on just how many bugs are found, but how many bugs are found by customers after the product is released. What good is if the customers are able to find bugs inspite of all those zillion test cases verified, filed as bugs and fixed by developers? Why did the test cases that the customer is interested in not tested?

For small companies and ISPs, the best thing is to focus more on the features that help the customer and less on fixing every possible incorrect data scenario. Customers are not interested in putting a string where a number is required, they are only interested in using the software to do their business, or homework or their freelancing gig. Whatever the case may be, your software is just yet another tool to get things done for the day. They have no passion in discovering issues with either their toilet or your software.

The Cost Of Performance, Or The Lack There Of!

Recently I helped someone to build a dropship like solution. The product data from the provider was accessed using a web service. Initially I was expecting the number of items would be just a few hundred and carefully hand picked. However, he just choose to put in thousands of items. As a result, the cron job setup to pull the item data on a daily basis was running for much longer duration and also consumed higher CPU. As a result, his shared hosing solution couldn’t handle it and the cron job used to get killed due to the quota limitations.

I thought about ways to sync the product data without reaching the resource limits but that meant a lot of redesign and would have costed him quite a bit upfront for the development. So obviously, not designing a program keeping the resources under which it has to work in mind has a cost.

But here is the kicker. He decided to go from shared to dedicated hosting that costed him 20 times more per month than what he was paying! Yeah, that’s 20 times more! He would probably recoup the money he would have to spend to optimize his program for performance within a year if he could go with the shared plan.

When the cost of performance tuning goes up, with hardware becoming cheaper and cheaper, it becomes cost effective to live with sub-optimal programs most of the time. However, in cases like SAAS or hosting solutions where the hardware is loaned, the extra cost would add up over time.

Why Is Open Source Less Secure?

Recently phpbb got hacked. Then, I just read the slashdot post How To Argue That Open Source Software Is Secure?.

Would a bank not have a safe with secret access codes just because it has installed the latest high-tech surveillance system?

What I am trying to say is, if a closed source software company argues that “hae, our software is likely to be more secure than an open source code because we don’t give out the implementation details”, then all things being equal, it’s a very compelling competitive advantage as far as security is concerned. Of course, “all things being equal” is not true. For example, the time to respond to a security bug for a commercial software might be more than for an open source code. This is because the number of eyes that can look at the code and fix the issue is a lot for open source project. But do note that the number of eyes that can look at the code and identify potential loop holes are also plenty.

So, I think it’s important for each side of the aisle to realize that their philosophies offer different comfort levels to their customers rather than each one expecting the other side not to consider their philosophy has any weakness.