Monthly Archives: May 2010

Should My Software Be Offered As A SAAS Model?

I just read a post on the business of software about how to make a million and one suggestion was to get 1000 customers at $100 and a reply was, getting 1000 customers each month is difficult and that’s why SAAS is good.

That’s what prompted me to write this. Yes, SAAS makes the customer pay each month like any other utility bill. That doesn’t mean every software should be offered as a SAAS model. Actually, it can be offered, but not everyone will be ready to shell out money month after for it.

If farmers were to plant their crop once, put the water and just don’t have to bother any more, but if they charge you for their produce every week, just because you have to eat, would you like it?

What I mean to say is, if your application doesn’t require operational cost, then the customer is only ready to pay for the license. Large enterprise applications such as those offered by SalesForce.com are less than 25% development and 75% operations. They need to make sure to have the database running all the time, do the necessary performance tuning, monitor and ensure the web servers, app servers, email servers and any other technology components are smoothly running. While SAAS enablement itself adds unnecessary complexity which the end users don’t care about, overall the cost is amortized and with good execution, the economy of the scale can be achieved in the operational cost. That’s where the compelling proposition for someone to consider SAAS model. Not because your software is just offered as SAAS for you to bill each month, but because they realize that there is more cost associated with maintenance of the application.

Sure you can offer your software as a web application and claim that you are taking care of the operational aspects. But, unless what you are doing is complex enough, customers won’t buy into it. For example, if you use an open source database and other software components and build your SAAS solution on top if, what prevents the customer to not consider doing the same and hence ask for licensing and not as a SAAS solution? Sure, the customers are running their business and not a software firm. But, there is a price point at which, all these would start mattering. If a company has more than 200 users and they have to pay $50 a month, that’s $10,000 a month and $120K a year. But if the operational cost, including a dedicated IT resource is lesser than that, then your customers will start wondering which route to go and you better have a solid answer why your software should be available only as a service!

2 Comments

Filed under SAAS

JavaMail, GMail, POP3 vs IMAP

I have been experimenting with JavaMail api to fetch Google Apps Email as part of a product idea. Initially, I used POP3 protocol and tried to get the Inbox and that worked just fine. Then I wanted to get the remaining Folders. Well, Google Apps EMail (which is based on their GMail software), organizes by Labels and doesn’t use folders (except may be the Inbox, I don’t know all the details). When I used POP3, the only folder that I managed to get is the INBOX folder. Then I switched to using IMAP and interestingly, it returned not just INBOX bot also the the rest are the labels that I defined. The remaining such as “Drafts”, “Sent Mail” etc provided by default by Google were not present. However, there was a special folder called “[Gmail]” which contains the standard default folders. When debugging was enabled, it indicated that the “[Gmail]” folder had something like

* LIST (\Noselect \HasChildren) “/” “[Gmail]”

while rest of them had
* LIST (\HasNoChildren) “/” “[Gmail]”

Interestingly, with POP3, even the “[Gmail]” is not present. Not sure if this is related to Google’s implementation of the protocol or some limitations in POP3 vs IMAP.

Leave a comment

Filed under Gmail, Google Apps, JavaMail

Java String Passwords

JPasswordField and Console classes return the password as an array and a good practice is to blank out the array characters after making use of the password so that a memory dump won’t reveal the password. This is good. But then, today I am experimenting with JavaMail api and it has a PasswordAuthentication interface that has “public String getPassword()” method. Hmm, so what’s the point in ensuring that secure APIs are used only to make them non-secure in between? Sort of like loading a webpage using https but the form submitted getting posted to http.

This is my third of those rarely “hate java” moments. I documented one in 2008, then another in 2009 and now in 2010. Surely, it’s rare. Isn’t it? :).

On a side note, seems James Gosling said in a 2001 interview about Java

“One of the things that forced Strings to be immutable was security. You have a file open method. You pass a String to it. And then it’s doing all kind of authentication checks before it gets around to doing the OS call. If you manage to do something that effectively mutated the String, after the security check and before the OS call, then boom, you’re in. But Strings are immutable, so that kind of attack doesn’t work. That precise example is what really demanded that Strings be immutable. ”

Update: Now after all the effort I put in to still use System.console().readPassword() because useless on my Mac (OS X 10.6.3) because the “without echo” is not working (meaning the letters are echoing on the screen). Could be a problem with Apple’s version of Java or may be in the underlying OS X call. Don’t know, but now I am really annoyed.

Leave a comment

Filed under Java

iMac 27 iSight Resolution

I recently got an iMac 27 and it’s a beauty. I have used the Photo Booth and captured both photos and video. Given I shoot most of my video in Full HD format, I am used to a very high quality video. So, looking at the video captured by iSight, it felt not as good. That’s when I wanted to find out the technical details of iSight and I couldn’t find much on Apple’s website. So, I looked at the photo and video files to gather the information and here is what I found.

Photo:

It’s a jpeg image and the file size is 106 KB (Of course, size varies based on the details in the image).

Dimensions: 640×480
Color space: RGB
Color profile: iMac
Alpha channel: No

Video:

It’s a mov file and the file size is 3.1 MB for a 1 minute 2 seconds video.

Dimensions: 640×480
Codecs: AAC, H.264
Color profile: HD (1-1-1)
Audio channels: 2
Total bit rate: 334

I wanted a further break up on the bit rate and more details. So, using ffmpeg, I found

Audio: aac, 44100 Hz, bitrate: 400 kb/s
Video: h264, yuv420p, 640×480, PAR 1:1 DAR 4:3, 20 tbr, 600 tbn, 1200 tbc

Obviously, this is no where close to my camcorder’s full HD video which has

Audio: ac3, 48000 Hz, stereo, s16, 256 kb/s
Video: h264, yuv420p, 1920×1080 [PAR 1:1 DAR 16:9], 59.94 tbr, 90k tbn, 59.94 tbc

So, that’s a huge difference in video quality. Of course, I am not expecting iSight to provide me Full HD support, just wanted to know what it’s capabilities are. It definitely seems to be good enough for video chatting. I liked the fact that it can show even far off objects very clearly, though there is no way to zoom. There are some softwares that provide zooming capability, but that’s only digital zoom.

1 Comment

Filed under iMac 27, iSight

AJAX and 403 Error

You would think people who have websites that get no more than a thousand page views and a few hundred unique visitors have a far more easier life than those admins of the likes of Google and Facebook. To the most part that’s true. But then, even small admins like us face issues for no fault of us.

I have exactly such a small website that has been working just fine and I hardly maintain it. But then, one fine day, I realized that the records in a table were not getting inserted. Initially I thought it may be related to the sqlite db getting too big or corrupt. But it was just fine. Then, I thought the error might be with the AJAX library that I use from Google’s jsapi and moved to the latest version of prototype.js library. Even that didn’t help.

After a bit of one of those pulling my head moments, searching on the web gave me a clue. The script that inserts data into this table has a parameter whose value is a URL. But apparently if you have mod_security installed, it has some rule called 10_asl_rules.conf that triggers a 403 Forbidden error. Who would know that, unless you end up in this type of a scenario? The hard part is, for the large companies their admins would know what changes are being made to their infrastructure (or atleast that’s how it should be). But for small website owners who just get a shared hosting from web hosting company, they have no control. And these web hosting companies don’t realize that it’s their responsibility to inform their customers of upcoming changes and warn them of the repercussions. This is the second time in less than 6 months that my web hosting provider has screwed up things for me. The previous screw up was related to making my domain to be some remote mail server based or something like that because my MX entries (which I wanted for inbound email) point to a Google Apps based servers. So, my outgoing emails that I generate from the website stopped getting delivered. After noticing that none of the registered users were confirming their registration for a few months, I had to dig deep and find out what was going on with the emails. The support guys, after a lot of back and forth, finally tell me that they did this change a few months back.

If you are working for a web hosting company or an executive of one, please take this as a sincere and serious advice that you shouldn’t be changing the configurations without informing your customers.

Leave a comment

Filed under AJAX, web hosting