Musings: 3 reasons if Google Wallet owns the pipes it’ll be a win

By Ashish Datta | Leave a Comment on Musings: 3 reasons if Google Wallet owns the pipes it’ll be a win

Last week, at Google I/O Google announced a set of sweeping changes to their Wallet product. CNet has a decent run down of what they announced but basically it boils down to the ability to “send money with GMail”, Wallet integration into Chrome to decrease payment friction, and “instant buy” with Google+. All in all, the announcements are interesting but I think what’s more exciting is the potential for Google to truly innovate in the payments space.

In the last few years, companies like Square, Dwolla, and Stripe have been innovating in the payments space but they’ve all been reliant on existing credit card infastructure. With the exception of using Dwolla as a replacement for a check, each of the companies still relies on charging a user’s credit card to complete the transaction. I think this infrastructure piece is the key pinchin for Google Wallet. If Google can sidestep the existing payments infrastructure for Wallet, like they did with the telcos for Fiber, they’ll end up redefining how digital payments work.

Ok, so they own the infrastructure now what can they do?

Better risk analysis, lower costs

As far as processing payments go, cost is ultimately one of the most important factors used in picking a processor. The pricing is so opaque that FeeFighters basically built and sold a business simply by explaining in straightforward terms which processor was the best for your business. If Google had the freedom of controlling the pipes, they’d be able to lower their pricing below everyone else by introducing better risk analysis tools into their payment solutions.

Looking at how the APIs from companies like Authorize.net work, they basically only accept the minimum information required to charge a credit card and nothing more. Google would be able to modernize this by incorporating additional “verifying details” about a user to reduce the risk on a transaction. For example, a charge originating from a 2-factor authenticated Google Wallet user that is at their “home” computer is obviously much less of a risk than an anonymous user using a credit card for the first time. By segmenting risk by user, device, as well as transaction type Google would be able to offer the best rates for “normal” transactions and also accept “high risk” transactions.

Give NFC payments some teeth

Google has tried to push out the NFC powered version of Google Wallet in 2011/12 but it was immediately blocked by major American carriers because it competed directly with their ISIS solution. It shouldn’t come as a surprise that the telcos didn’t want to get relegated to “dumb pipes” for payments as well but it’s also not like ISIS has garnered any real traction either.

If Google controlled the entire stack and could successfully convert Android users to Wallet users, they’d be able to essentially pay the carriers “blood money” to lift the Wallet ban to drive adoption and then hopefully reach a more permanent deal.

Ultimately, true mobile payments need to be freed from the existing credit card restrictions and Google could be poised to deliver just that.

Micropayments that work

People have been talking about “easy” micropayments on the Internet for several years but they haven’t really shaken out. Even today, charging someone $1 for something is a huge PITA and it really isn’t even practical. Between fees and long payment forms, the micropayments still aren’t economically feasible.

With Wallet integrated into Chrome and the infrastructure under their control, Google would be able to tackle this head on by reducing the friction to completing a payment and offering different pricing models for micropayments. Think 2 click checkouts for transactions under $5 and a monthly fee of $5 for merchant accounts in good standing instead of transaction fees.

Despite some reservations, I’m excited to see what Google ends up doing with Wallet and how it ultimately influence the payments space. Another big question is what’s Facebook going to do? Revamp Facebook Credits? Start offering co-branded Facebook credit cards?

Anyway, thoughts or comments welcome.

Symfony2 and Impersonating Users, a Heads Up

By Matt Daum | 2 Comments on Symfony2 and Impersonating Users, a Heads Up

Recently I was working on a project in which it admins were able to impersonate other users.  It’s a fairly easy task to add to Symfony2, merely adding a switch_user reference to your firewall can make it possible, consult the Symfony docs for more on that.  One thing I noticed was that every now and then when testing I would get weird errors after switching between multiple users, however it didn’t always happen.  After some digging around, it turns out when you switch user it does not clear that sessions attributes, ie if you set attribute ‘hello’ to value ‘world’ it would persist after you’ve impersonated another user.  This caused a few issues as on this application we used the session to store a few things like which set of database connections you currently use.

After looking at the SecurityBundle configuration setup it was clear that there wasn’t any options to have it clear all session attributes on switch user.  At this point it was clear I needed to use an event listener as the firewall dispatched the SwitchUserEvent when a user successfully switched user.  Below is an excerpt from my services.yml
This makes it so that it will call the following code on a successful impersonation of a user:

It’s as simple as that, you can get the actual user by calling $event->getTargetUser(). Long story short, the session can have some tainted values when using switch user as all attributes are not cleared.

Bootstrap: Can you rotate Bootstrap icons? Sure you can!

By Ashish Datta | 1 Comment on Bootstrap: Can you rotate Bootstrap icons? Sure you can!

Earlier this week, I was doing some work on a project that was using Twitter Bootstrap and was exclusively using Glyphicon icon set that ships with Bootstrap. The piece of functionality I was building basically involved allowing the user to rotate an image 90 degrees clockwise or counterclockwise. Looking through the Bootstrap icon set, there’s only a “rotate” icon which would work for the “clockwise” rotate but no analogous icon for a counterclockwise rotation.

I didn’t really want to use a custom icon just for this button and I really wanted to consistently use the “icon-*” class names that natively ship with Bootstrap. I’ve used CSS transforms in the past but I wasn’t sure if they’d work for “background-images”, turns out they actually do. In essence, what that means is that I’d be able to use the same “rotate” image for both the clockwise and counterclockwise icons. The CSS you’ll need to do this is:

And then to use it, you’ll just need HTML that looks like:

Of course, you’ll have to be cognizant that this is only going to work on “modern browsers” (looking at you IE), so if you’re supporting older clients you’ll need to mitigate that.

Using s3cmd to make interactaction with Amazon S3 easier, including simple backups

By Matt Daum | Leave a Comment on Using s3cmd to make interactaction with Amazon S3 easier, including simple backups

We use Amazon Web Services quite a bit here.  We not only use it to host most of our clients’ applications, but also for backups.  We like to use S3 to store our backups as it is reliable, secure and very cheap.  S3 stands for Amazon’s Simple Storage Service, it is more or less a limitless place to store data.  You can mount S3 as a network hard drive but it’s main use is to store objects, or data, that you can retrieve at a low cost.  It has 99.999999999% durability, so you most likely won’t lose anything, but even if you do, we use produce multiple backups for every object.

One thing we’ve noticed is that some people have issues interacting with S3, so here are a few things to help you out.  First, if you are just looking to browse your S3 you can do so via your AWS Console or I like to use S3Fox.  However, when you are looking to write some scripts or access it from the command line it can be difficult if you don’t use some pre-built tools.  The best one we’ve found is s3cmd.

s3cmd allows you to list, update, create, delete objects and buckets in your S3.  It’s really easy to install.  Depending on your distribution of linux you can most likely get it from your package manager.  Once you’ve done that you can configure it easily via ‘s3cmd –configure’.  You’ll just need access credentials from your AWS account.   Once you’ve set it up lets go through some useful commands.

To list your available buckets:

To create a bucket:

To list the contents of a bucket:

To put a file in the bucket it is very easy, just run (ie move tester-1.jpg to the bucket):

To delete the file you can run:

These are the basics. Probably the most common uses that we see are doing backups of data from a server to S3. An example of a bash script for this is as follows:

In this script it will just output the the console any errors. As you are most likely not running this by hand every day you’d want to change the “echo” statements to be mail commands or another way to alert administrators of an error on the backup. If you want to backup more than once a day all you need to change is the way the SQL_FILE variable is named to include hours for example.

This is a very simple backup script for MySQL. One thing that it doesn’t do is remove any old files, there is no reason for this to happen in the script. Amazon now has object lifecycles which allows you to automatically expire files in a bucket that are older than 60 days for example.

One thing that many people forget to do when they are making backups is to make sure that they actually work. We highly suggest that you once a month have a script which will check that whatever you are backing up is valid. This means if you are backing up a database that it checks to make sure that the database will reimport and that the data is valid (ie a row that should always exist does). The worst thing is finding out when you need a backup that your backup failed ages ago and you have no valid ones.

Make sure that your backups are not deleted quicker than it would take you to discover a problem. For example, if you only check your blog once a week, don’t have your backups delete after 5 days as you may discover a problem too late and your backups will also have the problem. Storage is cheap, keep backups for a long time.

Hope s3cmd makes your life easier and if you have any questions leave us a comment below!

Recruiters – Before You Call, Do a Little Research

By Matt Daum | 5 Comments on Recruiters – Before You Call, Do a Little Research

As some of you may know we right now are hiring a mid-level engineer for our team. We’ve noticed in the past few weeks quite the influx of recruiters calling us trying to fill the position. As a company we’ve never used a recruiter in the past, its not that we’ve been closed minded to it, it’s just that we never have had a good experience with one for multiple reasons.  We’re paying the recruiter part a fee for finding us these great people, so they should be doing a little work on their end too.

With a recruiter we expect that the applicant has been pre-screened so that they match what we’re looking for roughly.  Half the time we have anyone call us they don’t even know what type of company we are, come on at least visit our webpage.  I don’t want to have to explain that we are a PHP shop with a heavy Symfony influence, you should already know that.  Of course, once we mention PHP and that we’re looking for a mid level person, the recruiter always has someone that we need to talk to.  This is the best fit for us.

This brings me to my second pet peeve, non-technical recruiters doing technical recruiting.  Now the recruiter know’s we want PHP developers, so they filter their resumes by PHP.  Often the next question is oh are you using Apache? Tomcat? IIS? Node?  For the most part, what does this have to do with it, but no we aren’t primarily using java or a javascript web server.  Often it is clear the recruiter who insists they’ve personally screened the person has no clue what they are talking about, they just are trying to match keywords to a resume.

Third, stop pushing to get me to come to your office to interview candidates I have no idea who they are.  Often on these calls after they’ve learened who we are and what we want, they want me to jump on a call or come into their office to do interviews with their perfect match candidates.  Everyone is busy, I want to see some resumes before going into these first round interviews, otherwise they could be a total waste of both our time.

Lastly, we’re a consulting firm, this means we have clients.  I can’t tell you how many times a recruiter doesn’t look at our clients list and then proceeds to give us people who still work for our clients.  A heads up, most of our contracts do not allow us to hire directly from a client while we are engaged with them (some even for a period there after).  Nevertheless, if the client ever saw us and thought we’d were stealing or aggressively recruiting their employees we can kiss that relationship good bye.

What do I want from a recruiter?  First, I want you to have some technical knowledge, at least know what groups of technologies go together and that LAMP is not a word but an acronym.  Second, take 5-10 minutes, look at our website, projects, blog, and clients make sure whomever you are telling us is a great fit actually has a good chance of being a good fit.  Third, send me a resume, remove all the contact information if you’re worried about us going direct to them, before trying to push me to either jump on a phone interview or come to your office.

Finally, if I’ve said no thank you we’re fine for now, do not continue to email and call me saying that you do have a better candidate.

This may come off as a bit of a rant, but really I hope some recruiters read this and understand that we would be happy to look at your candidates if you’ve put a little effort into making sure they are actually a good fit.