Tools for the Starving Entrepreneur

I found a couple of very interesting (and free) tools that I wish I had known about earlier -

1. SSL Explorer, an SSL based VPN solution. The company behind this product, 3SP, got acquired by Barracuda, but this product is still available from Sourceforge
2. VirtualBox virtualization products. This is a wonderful product and is available for most platforms, including Macs. Quite likely this will be discontinued after the Oracle acquisition of Sun is complete, so download it ASAP. As an aside, Oracle already has 2 virtualization products - their own xen-based one and one from their Virtual Iron acquisition.
   

Textbook Rentals

WSJ is reporting that Case Western will start experimenting with Amazon's Kindle for some of their classes this Fall. I hope this is a success and that we'll eventually see more electronic books going forward. If this happens, traditional book publishers will have to find better ways to remain profitable than resort to printing a new edition every year.

Profit margins of book publishers is a very well kept secret. Publishers invest between $1-2M for the first edition of a new book. If it is a success, they keep printing a new edition every year or two. Interestingly, most of the changes between editions are cosmetic - a few color changes, end of chapter problems rearranged, etc. Ever wondered why? Unless they do this, students will stop buying new books and prefer to buy used books from their seniors in school. Also, the cost of reprinting a successful book is less than $1/copy. Yes, that is right - the books that we typically buy for an average of $80-$120, actually cost about $1 to print. Clearly, it is in the publisher's best interests to suppress the used book market. The real cost, sadly, is borne by the environment.

But, despite the publisher's best efforts, the used book market continues to thrive. I recently heard about Chegg.com, a startup which offers textbook rentals and has a Netflix-style business model. They even allow you to highlight the rented books, so long as you don't make the books completely unusable for the next renter. I'm sure Amazon's Kindle will feature an electronic expiry of the books, using which publishers will be able to offer subscription and perpetual pricing. But, the real question is will the publishing industry survive? What if the authors published to Amazon's Kindle directly instead of using the service of a publisher? How would you stay relevant if you were the CEO of a publisher? I don't know, but would love to hear the thoughts of anyone in this industry

PCI Whitepaper

I wrote a paper on PCI compliance titled "The 5 claims of PCI DSS snake oil salesmen", which is now being run by ThreatPost. Enjoy!

NYTimes calls Tripwire a fall hazard

The venerable NY Times is reporting that the Tripwire used at home can be a fall hazard. However, Tripwire at home offers many advantages (health and emotional benefits) unlike the product used in the Enterprise which has often delivered severe emotional shocks to many customers.

Solidcore has ample evidence that Tripwire Enterprise customers have suffered from different types of shocks including, but not limited to, sticker-shock, pci-coverage-shock and bloatware-shock. Sticker shock hits the customers when they are presented the first quote after the initial demo. Tripwire has recently managed to alleviate the pain caused by this shock through deep discounting of prices.

PCI coverage shock is a recent phenomenon and affects customers who are looking for PCI compliance solutions. At the outset, this shock makes everyone think they were stupid to deploy anti-virus and run vulnerability scans and penetration testing as mandated in PCI DSS sections 5, 11.2 and 11.3. After all, they could have achieved the same using Tripwire had they thought about it at first. However, this shock dampens once the QSAs and other vendors point out that Tripwire's PCI coverage whitepaper is not worth the paper it is printed on.

Bloatware shock is experienced only by customers who have used Tripwire in the past. After-effects of this shock include incredulity and deep anger that Tripwire has not introduced any significant changes to their UI or feature set in the last 10+ years in business. The few features that were added, including Configuration Assessment capability, have made the product more complicated and difficult to use than ever before. Tripwire's marketing department claims that only a minority of customers will suffer from this shock as there are more people who have not used Tripwire than those who have.

These reports have been confirmed by analysts from top-tier firms like Gorretner and the 911 group. Tim Ikestotalk from Gorretner says "It is unrealistic for customers to expect that a product named Tripwire will not deliver shocks. The name itself was chosen to signify how administrators will be shocked whenever they perform tasks that are anything but the most standard and mundane ones". The 911 group adds "Tripwire has been extremely successful in pulling the wool over customers eyes when it comes to PCI coverage. We have been receiving many calls from customers who feel cheated by Tripwire, but we can understand Tripwire's behavior. In these hard economic times, it is indeed very difficult to sell a product that offers so little to so few for such a high cost". Clearly, as the NYTimes puts it "no one had looked at this. It was all anecdotal." Until now, that is.

Names of all characters in this article have been changed to protect them from receiving shocks

Cloud Computing

Having worked for a Grid computing startup has made me a big skeptic about whatever new marketing umbrella the idea gets resurrected under. As you probably guessed, its latest incarnation is called cloud computing.

Here's a witty video that tries to make the concept of cloud computing less cloudy. Hope you enjoy it.

Product Development Process

I chanced upon this document by Laurie in which she describes a typical product development process. We follow a very similar process, except that the MRD is seldom a formal document. Based on the analysis of market requirements from various sources as described here, we write the PRD. The UI mockups are done by our UI designer who works closely with the Product Managers to understand the workflows.

When there is a need to change the layout or the UI elements, our designer provides a static mockup. For workflows, we use Axure Pro, a wonderful wire-framing/prototyping product. Axure allows us to place UI elements, create links to other pages and design a prototype that is easy for our developers to play with and understand. There are two main advantages in using such a prototyping tool -

1. It forces us, the Product Managers, to think through the design a lot more. When only static mockups are provided, the development team has to many assumptions about various corner cases. Given the distance and timezone differences, it is not always possible to validate these assumptions. However, PMs have to address many of the corner cases when designing dynamic mockups and this reduces the gap between what PMs want and what development thinks PMs want. See here for details.
2. These mockups can be used to demo upcoming features to prospects and customers. Axure prototypes look very similar to the real software and helps us get advance feedback about workflows and features that we are planning for future releases.

I'm told dynamic prototypes can also be created using a Visio plugin. This could save you some $ for sure, but I found it a lot harder to use. Unless I am really cash-strapped, I'd consider the $539 for 5 Axure user licenses a big bargain.

100% protection against viruses and malware?

My wife's laptop recently got infected with malware, despite running an up to date version of a leading anti-virus and a spyware detector. Coincidentally, both these vendors have offices in the same street in which my wife works. Wish she could take the laptop over and tell them how badly their products suck. However, reality meant that I had to troubleshoot and fix the problem. After trying out a few other free anti-viruses and malware, none of which seemed to detect/fix the issue, I found Spyware doctor. A fantastic tool that found and fixed the problem - I ended up purchasing a 5-pack license for all our computers at home.

While on that topic, Solidcore's product was tested against nearly 16,000 viruses and malware by NSS labs. The results are available from our website here. We prevented 100% of these viruses, worms and malware. Needless to say, we were thrilled when we heard this and had celebrated in a big way. We are seeing a tremendous uptick in the demand for this product and there has never been as much excitement at Solidcore before.

Just in case you were wondering why I did not put our product on my wife's computer - I'd have done so had it not been her company issued laptop :)

Update on 10/14 - Shortly after I posted this entry, Secunia, an independent testing firm had released the results of their security tests. Symantec won, but Secunia claims in their blog entry that "Even the "high" score from Symantec was disappointing. Symantec detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected!" and the report concludes alarmingly thus - "These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have a much more traditional approach, which leaves their customers exposed to new malware exploiting vulnerabilities."