Midnight Oil

We’re currently evaluating possible payment gateways for our new project, DoLeaf. Given that it’s a marketplace app, your standard one-size-fits-all payment system just won’t work. We need to be able to transfer money from any buyer to any seller, and hopefully take a cut for ourselves in the process. With that in mind, we’re looking at both Amazon FPS and PayPal Express (via ActiveMerchant).

Here is our list of pros and cons for each solution:

PayPal Express

Pros

• Can assume that most sellers will already have a PayPal account.
• Buyers are used to using PayPal.
• Integrates with ActiveMerchant, and PayPal + AM looks fairly simple.

Cons

• High barrier of entry for sellers:
  1. Seller must sign up for PayPal Premier or Business account.
  2. Seller must create API credentials (PayPal provides a walkthrough)
  3. Seller must provide us with their credentials (cut & paste, with the possibility of typos and such)
• Credentials are quite sensitive and must be treated as such, with encryption in the database at the very least.

Amazon FPS

Pros

• CoBrand UI can be used to install recipient tokens, making setup easy for sellers.
• Tokens are transferred automatically, meaning no possibility of typos or transmission errors when seller is etting up.
• Can run all the transactions for a cart quickly and seamlessly, rather than 1-per-seller.
• Probably could set up a 1-click ordering sort of system.
• Overall fees will probably be lower since there’s only 1 transaction per sale (rather than 1 for buyer-to-seller and 1 for seller-to-us)
• Tokens are not nearly as sensitive as PayPal API credentials.

Cons

• FPS and Remit are both still kind of unstable.
• Locks us out of ActiveMerchant, unless we want to support multiple pathways.
• No convenient pre-built seller interface. We’d probably need to create an account panel for handling refunds and such.

Thoughts

Overall, I’m leaning toward PayPal at this point. ActiveMerchant and the ability to possibly integrate future payment gateways with ease is a big plus in PayPal/ActiveMerchant’s favor. In addition, people are used to using PayPal for these sorts of transactions. So, buyers in the market we’re targeting will almost certainly have a PayPal account, but not necessarily an Amazon payments account. If only there were a way to make it easier for sellers to get set up.

Anyone else go down this path and come to a different conclusion?

You’re here because you want to be fully RESTful with Flex, found as3httpclientlib, and are now having some troubles. It could be because of the wonky Flash TCP security policies, problems with maintaining Rails sessions, or any one of a handful of other problems. Well, let me take away your burden, friend: Give up now and descend back into the darkness that is GET and POST.

Adobe, in their infinite wisdom, saw fit to only cover the basics with their built-in HTTP services. GET, POST, 200, 404, 500. Maybe there’s more, but not much. Stray into such strange territory as 201 (Created) at your own risk. Luckily, an enterprising 3rd party came along and figured out a way to get around this, creating the as3httpclientlib. Cleverly using XML sockets and connecting to port 80 allows for building your own web service controls inside of Flash. Brilliant! Unfortunately, it’s useless (or nearly so) for use in a real Flash app with a Rails backend. Give up!

I wrestled with as3httpclientlib for a few days, hoping that I could pair up Rails’s RESTful view of the HTTP with Flex. The first hurdle (as you know doubt know by now) was dealing with the Flash TCP security policy files. This stymied me for a few hours, as I had trouble serving the file from localhost to localhost. Eventually though, I figured it out. Still, requiring access to port 843 is a big red flag, as it immediately knocks out shared hosting and many other situations. So, unless you have control of every single server your Flex app will ever need to connect to, you’re screwed. One red flag…

Following my limited success with the policy files, I decided to push ahead. Immediately, I ran into problem two: session management. Without going into too much detail (since I don’t really understand it myself), the session information is not preserved across subsequent calls using the as3httpclientlib. URLLoader uses the browser’s connection to make the requests, and the browser handles transferring the session information back and forth. So, except in certain specific cases, using the URLLoader means that your Rails sessions just work. Not so with the as3httpclientlib. I didn’t test in detail, but it looks like a total game ender. I don’t think it’s possible (or at least easy) to read the cookies from Flash, and you’re going to have to manage sending that information yourself anyway. Red flag number two goes up…

Take my advice: Give up now and go back to URLRequest and URLLoader. The RESTafarian in me hates to say that, but you necessarily have to give up a lot of ivory-tower purity when you descend into Flex development.

Note: This is not a knock against the as3httpclientlib. From what I can tell, it’s a great library. I lay the blame for my problems at Adobe’s doorstep.

I’ve been playing around with Engines a bit at work, and I ran into an issue where I had to restart the server over and over due to class caching issues.

To make a long story short, I was able to force Rails to reload the particular engine I was using by adding the following to the engine’s init.rb:


%w(controllers helpers models views).each {|path| Dependencies.load_once_paths.delete File.join(File.dirname(__FILE__), 'app', path) }
Dependencies.load_once_paths.delete File.join(File.dirname(__FILE__), 'lib')


This worked with Rails 2.1 and an unknown version of the Engines plugin.

So the time for reflection and has come once again, and I’d like to make a simple resolution: Be less of a jerk on this blog and be more constructive.

Reading back through some old posts, I see that I’ve become prematurely curmudgeonly. I also tend to judge too quickly, and am then forced to recant and eat crow. Since I’m not a fan of the taste of crow, perhaps I should hold my tongue for a bit and try to come up with something useful to say, rather than trying to be snarky and clever.

So, here it is:

* Offer only applies as it pertains to this blog. Author will continue to commit douchebaggery in his real life, especially while riding his bike because that makes him better than you.

Have you ever done a search on Google, only to find that some of the results point to the search page of another site? Irritating, right? Still, don’t you wish you could do it, too? Because surely, users would want to see your site’s search pages, right? Turns out, it’s not really that hard to do.

Argh! A SERP in my SERP!

For the most part, in order for Google to index your results, you need to have it linked from somewhere. For content pages, that makes sense. However, for dynamic search results, it’s doubtful that you have links going there. So, we need to find another way to get our results into the index.

Our secret inroad will be your site’s Google Sitemap. This index of content on your site helps Google find content that might otherwise be hidden or unlinked.

Assuming that your search is GET based (instead of POST), which it really should be, it’s now only a matter of adding search URLs to your sitemap. For example, you could add the following:

http://my.site.com/search/term1

http://my.site.com/search/term2

...

http://my.site.com/search/termN

Google will extract these URLs and crawl them just like any other page.

For bonus points, you can get your users to do the hard work of generating the terms to index. Just track the terms that they are searching on in your site, then stick these in your sitemap. If there are too many, then just use the top 1,000 or 10,000 terms.

Before you know it, you’ll have thousands of search pages in Google’s index, irritating (ahem…”informing”) your fellow Internet denizens.

Note: It’s a solid theory, but I haven’t personally tried this yet, so maybe Google is smart enough to discard these results. Let me know if this works for you.

I attended MerbDay in Atlanta this weekend, and while enlightening, it was ultimately a blah experience. In all honesty, I feel like I paid $60 to attend a Ruby meetup and get a breakfast and lunch.

The highlight to me was a quick introduction to HAML / SASS. While not strictly Merb related, both look very cool. Still, when I subtract out the cool factor, I’m not sure there’s a big incentive to use them over straight up HTML and CSS. Nonethelesss, very interesting.

So, all in all, I’m glad I learned a little about Merb, but I don’t feel like I’ve gotten any more from this than I could by perusing a HOWTO and following along at home for an hour or so. I guess that’s why this was $60, instead of being a $$$ multi-day training course.

@merbday twitpay -$60 for making me pay for a ruby meetup

Just a little joke. One of the main presenters of MerbDay helped create twitpay. Seriously, I’m glad I came.

Open mouth, insert foot

I’ve been called out in the comments for judging a little too early, and it turns out they’re right. The day picked up near the end, culminating with a great keynote by Yehuda Katz. Plus, $60 for a day full of good info is still pretty cheap, even it’s presented like an extended Ruby meetup. Throw in breakfast, lunch, and free beers afterward (paid for by Rails Machine) and it turns out to be a pretty good day. So, I end up the one with egg on my face for being snarky and prematurely bitching.

Constructive Criticism

In order to be a little less whiny and lessen my troll karma, I’ll offer the following constructive criticism:

I would say to have fewer presentations and perhaps some breakout sessions with small groups writing an app. Make it a hackfest rather than a list of presentations. Teams of 3 and a script to follow, with gurus prowling the room giving help when asked. Maybe that would suck, but I feel like I’d learn more.

Also, I really don’t think the “write code while you’re following along” approach really works. It’s just too hard to stay with the presenter, and it’s too easy to run into small problems (don’t have this-or-that gem installed, small typo, etc.). Plus, if you try to do a pull and catch up with the real repo, you’ll probably encounter conflicts and that will suck.

So, hopefully this explains my complaints a little better. I’ll try to be more constructive and less snarky in the future.

If you’re using the Facebooker SSH tunnels along with Phusion Passenger, you may run into an issue where you have multiple Rails apps running on your machine at different subdomains. Unfortunately, when facebook makes a request to your tunnel, it’s passed through on port 80 to your local machine and Apache chooses the first defined virtual host to serve the request, which may or may not be the one you want.

An easy solution is to use a ServerAlias directive in your vhost file that matches up with your tunnel domain.


<VirtualHost *:80>
ServerName my.local.rails.app.localhost
ServerAlias my.tunnel.domain
DocumentRoot /path/to/rails/app/public
</VirtualHost>


This works because the tunnel will pass the request through to your machine without changing any of the request headers. So, they come through with the Host header set to the tunnel domain, and Apache will match it to your server alias.

Update: (later that day…) A full stomach changes everything. Getting some breakfast lessened my git hatred quite a bit. Still, it manages to irk me on a daily basis, and I hate people who make their ill-thought-out blog posts disappear, so I will leave my hate-filled rant for posterity and a warning to myself not to post before I eat breakfast.

Update 2: (Feb 2010) I’ve been meaning to update this for a long time. I’m a 100% convert to git now. I’ve had my religious epiphany. I couldn’t understand how great it was at first, but over the past year I’ve finally wrapped my head around it. So, to all you haterz out there like me, just keep persevering. The light is there at the end of the tunnel. Now, back to the original rant…

Ok, I’m angry, so I’ll go ahead and make a ranty, heretical statement:

But wait! Micah, aren’t you the ultimate Rails fanboy? Don’t you jump on the bandwagon for everything the rest of the Rails lemmings do? RESTful routing? .html.erb instead of .rhtml?

Yes, in general, I do follow all the other Rails conventions and try to stay on the bleeding edge. I hate to feel like I’m falling behind, and that’s an easy feeling to get in the Rails community. So, I try to follow all the trends and at least educate myself on what it means and how it works. In most cases, like being RESTful, I eventually come to understand the underlying concept and appreciate the change. Learning new things often involves suppressing your own skepticism and the urge to stick to the known path.

So how is git different? Well, I’ve been using it for a few months, and the list of cons just keeps growing, while the list of pros stays nice and small. Sure, it’s fast, merging is dead simple, and I can scoff at all my friends still using subversion. But, every single time I want to do something, I have to look up a whole slew of commands. Why can’t I just memorize them? Because they’re horribly arcane and obtuse.

Want an example? Try deleting a remote branch. This seems like something one would do often, after merging a feature branch into the master. However, rather than using something simple, like “delete the remote branch”, you have to cast some arcane spell. For me, deleting a remote branch involves Google, every goddamn time.

The spark that set me off today was my attempt to connect to multiple repos on Unfuddle. For organizational reasons, I need to have multiple user accounts. Juggling usernames and passwords is bad enough. Luckily, they’ll allow me to use the same OpenID for both accounts. Still, when I tried to add my public ssh key, it complained that you cannot use the same public key for two accounts. Apparently, Github has the same policy.

Well, that was two hours ago, and I’m still trying to figure out how to get git to use my shiny new ssh key that is not named id_rsa. A little stumbling around got me some instructions on Github, but right at the top it says that it’s not an ideal solution and should only be attempted by advanced users. Hmm, using multiple different keypairs for different source control repositories does not exactly sound like an advanced feature. Do they recommend we use the same password for all our websites as well? Seems like a pretty basic concept to me.

Update: I was called “borderline retarded” in the comments for blaming git for the policies of github and unfuddle. Harsh, but true. I conflated git with hosts who provide git, and that’s not fair. So, github and unfuddle, my anger shifts to you!

Further, the recommended solution requires editing configuration files for ssh. So, I have to be an experienced ssh user to use git effectively? That’s ridiculous. Seriously, how many developers ever modify their ssh settings? I’ll muck around in git config files without worrying too much. Change settings in ssh without extensive research? Forget about it. Mess that up and you’ll lock yourself out of your machine, or worse, open it up wide to script kiddies who know more about ssh than you.

From a usability perspective, git sucks, and that’s that. If anyone feels compelled to defend git, please do so in the comments. However, don’t tell me how to do the things I’ve bitched about here. Tell me why it has to be so goddamn hard. To make an analogy, it reminds me of the Rails vs Java mentality. Java web apps are horribly convoluted. Sure, you can write tons of arcane XML and eventually maybe get your WAR deployed into Tomcat correctly. But why? Why waste time on this crap when it can be so much easier? Why spend minutes and hours trying to understand the obscurities of git when subversion, the ugly stepchild that it is, is still easier to use?

Subversion has its problems, but dear God why did the Rails fanboys have to jump to a worse solution? Now, in order to keep my certified fanboy card, I need to spend my precious development time tinkering with git, and then writing blog posts about how much I hate it.

I had lunch with a friend the other day, and he pitched me an idea he had for an iPhone/Android/whatever app. When he was done, he asked, “What do you think?” Without thinking, I answered with, “Hmm, sounds neat. Cool idea.” He told me that’s what everyone said. It was then that I realized he had asked the wrong question. Instead of asking, “What do you think?”, phrase it like this:

Friendly Optimism

If you’re asking friends (or even just generally polite people) about your idea, they won’t want to hurt your feelings. They can tell you’ve got a lot of enthusiasm and excitement tied up in your idea, and it would be a real jerk move to throw cold water on that. So, they answer, “Cool idea!” or perhaps “That’s neat. You know what else you could do?” Very few will give you real, jarring, critical feedback. Instead, they’ll try to be good friends and cheer you on. Unfortunately, you need a reality check, not a cheering section.

Ask to be bruised

If you make it clear that your goal is to get real, unbiased feedback, you pave the way for someone to be honest without seeming rude. In addition, if you explicitly ask them for negative feedback, they will be pressed to come up with specific criticisms, instead of vague encouragements.

Once the truth starts flowing, take some notes and ask for more. Resist the urge to get defensive and just let your reviewer express their opinions. Once they realize that you’re truly appreciative for the beating they’re giving, they’ll really start to build up steam. Thirty minutes of this can generate some truly exceptional insights. You may think you know what sucks about your idea, but others may be able to poke holes in it you never imagined.

React and Adapt

No idea is perfect, and your job as an entrepreneur is to overcome and adapt to the imperfections in your idea. If you can’t recognize and counter your own weaknesses, then your success will be severely limited. It’s nice to get a pat on the back every now and then, but it’s absolutely necessary to get raw, unfiltered criticism. Very few will give this freely, so it’s up to you to drag it out of them.

I attended ASW2 this Friday, and while I enjoyed it much more than last time, I still decided not to return on Saturday and Sunday. Consider it a mixture of laziness and desire to work on other stuff.

Update: Just to be 100% clear: I think ASW2 was a good time, I just had a lot on my plate. The main reason I quit is because weekends are the only times I can work on my own startup stuff, and it’s a big investment for me to spend that time on other pursuits. I’m glad I went on Friday, and if I had more free time I might have stuck it out. But, all things equal, the TODO stack for Obsidian Portal doesn’t shrink on its own.

Using Amazon Mechanical Turk, do human reviews of dating website profiles to help people look their best.

Charge a flat fee of $10 for a review. This gets farmed out to two MTurk workers for a rate of $3 each, leaving a profit of $4 for the service. The MTurk workers review the person’s profile and give specific, personal criticism of their photo and bio.

Each review is 100% satisfaction guaranteed. If the customer is dissatisfied, they get their money back…and the MTurk worker doesn’t get paid! Over time, MTurk workers get better, to the point that they can churn through the reviews and make $30-$40/hr, all the while earning money for us!

Essentially, it’s an excuse to play with MTurk. I think MTurk is a fascinating idea, and there are some really cool things that could be done with it, assuming the workforce is steady and high enough quality can be ensured.

Get Me A Date made it to the top 5 (out of about 30 ideas), but when the time came to pledge support for a project, only my new friend John stood up. So, we disbanded and moved to Giving Time.

I spent a little time with the GivingTi.me team, but eventually decided to quit. I liked the idea and the opportunity to work with some new people, but there was one person on the team who really rubbed me the wrong way. Chris wanted to run all the conversations, and seemed to think very highly of himself due to being a CTO of a local startup and having an MS in Software Engineering from Tech. Well, I’m also the CTO of a startup (I give myself titles for AisleTen whenever it’s convenient) and have an MS in Artificial Intelligence from Tech, but I don’t think that’s really all that relevant at Startup Weekend. Skills and personality are important, not titles.

When I was asked if I would be there Saturday morning, and I said no, Chris asked, “Is it because of me?” Rather than play it down and be nice, I was blunt and said yes. If I’m going to spend a weekend hacking away on a never-make-money project, it had better be with people I like and respect. Why spend your free time getting bossed around and talked down to? At the time, I declined to elaborate, since there were about a dozen people in the room, but I am proud of myself for being straightforward and honest.

Ultimately, I didn’t find any of the ideas all that compelling. Plus, I’ve been tweaking some stuff on ObsidianPortal, so that’s where my heart is at the moment. It’s hard to concentrate on something when you wish you were somewhere else.

Anyways, I wish everyone the best, and I hope some good stuff comes from the weekend. I know I’ll be working on Obsidian Portal most of the time, so it’s still a startup weekend for me.