It’s Christmas for Hackers, Too – Attacks Increase Around the Holidays

The holiday season is upon us, and just as it brings in thoughts of good cheer, hot mugs of cocoa and time spent with friends and family, so, too, does it bring an increase in cyber-attacks. In fact, in past years, security firms have reported a 150% increase in DDoS attacks alone, between the summer months and the end of the year.

What makes the holidays such and enticing time for hackers is pretty clear – the combination of reduced staff, increased vacations and significant upticks in eCommerce and mobile commerce make this time of year too attractive for cyber-criminals to pass up.

Many companies feel the increased attacks anecdotally, but aren’t aware of how enticing their systems are this time of year, how big the threat has become or what to do to protect themselves.
 

Like a Present with a Big Red Bow

There are a number of reasons why the holidays present the perfect time for hacking efforts to ramp up. First and foremost is the increased number of targets created by eCommerce and, more recently, mCommerce.

Retail stores are no stranger to increased sales volume over the last 6 weeks of the year. This year alone, the National Retail Federation predicts a 3.6% increase in sales over 2015, totaling almost $656 billion in sales in November and December.

And with more and more consumers opting to shop online instead of waiting in line, the number of targets has increased for any number of attacks, from DDoS to phishing and spoofing. eMarketer predicts an even rosier holiday season for retailers – with sales closer to $885 billion – and predicts that almost 11% of that will be from eCommerce, or $94.7 billion in sales, the largest eCommerce share to date.

But eCommerce isn’t the only area that can see an increase in attacks over the end of year holidays. In fact, those companies that aren’t involved in retail – which typically has blackout periods for taking vacations – see significant increases in the number of employees out during the holidays. This leaves enterprise organizations with a skeleton crew to identify and mitigate potential cyber attacks.

 

Bigger Every Year

As online shopping has increased, so has the volume of hacking attempts and attacks at the end of the year. The kinds of attacks that happen, and their purpose, range over most of the spectrum, from DDoS attacks to spoofing and botnets.

eCommerce is, unsurprisingly, the biggest target at this time of the year. And the cost associated with these attacks is staggering. An RSA survey in 2013 found that cyber-attacks during the holidays were costing companies close to $480,000 an hour.  And that was 3 years ago.

The cost doesn’t just account for lost sales, either. Businesses also must factor in the downtime associated with an attack, the resources needed to combat the issues, the loss in reputation and loss of revenue from eCoupon abuse and exploitation of other online only offers.

Consumers are also targeted during these attacks. While a DDoS attack can be an inconvenience, phishing and spoofing attacks can mean big issues for shoppers. Sophisticated phishing schemes that set up fake check out pages to capture card and personal information have popped in the last few years, as have entire store fronts that appear to offer great deals, but are actually just collection sites for hackers to gather payment cards and other information on shoppers. The number of these kinds of phishing attacks in 2014 and 2015 were 9% higher during the holidays than they were the rest of the year, and there is no reason to think 2016 will be any better.

These threats go beyond eCommerce as well. With the increase in mobile shopping, mobile site phishing schemes and app store fraud has also increased.  And with many consumers unaware of what to look for to ensure their mobile transactions are safe, it’s easy for criminals to target mobile purchases.

Some of the attack types expand well beyond retailers. Distributed Denial of Service (DDoS) attacks can certainly take their toll on eCommerce sites, but they also harm non-retail companies as well. Without access to online resources companies can be slowed down during one of these attacks, and for those companies that rely heavily on SaaS application for productivity, they can be crippled during an attack. With fewer resources available during the holiday season, it can take longer to spot, and even longer to stop an attack on an enterprise system.

 

Bundle Up Your Systems

The harsh reality is that, as our society and businesses become more reliant on network and Internet services, both the rate and cost of cyber-attacks will increase.

But there are a number of things that companies can do throughout the year to help curb the damage to your systems, and even prevent some of the incoming attacks.

On the low hanging fruit side, make sure that your systems are all appropriately patched and running the latest versions of software. Vulnerabilities in older software are easy to exploit, but even easier to mitigate with a regular update schedule.

If you don’t already have a response plan in place for cyber-attacks and other disasters, add this to your resolutions for 2017. With a plan in place you can make alterations to that plan to accommodate staffing changes over the holidays. A plan also ensures that everyone knows what they are supposed to do in the case of an attack, preventing delays in trying to organize a team before they can get to work on the problem.

You should also consider having a third party help you out as needed. Whether that help is in evaluating your current system or in augmenting your staff when both threats and vacations are at the highest, an outside vendor can provide you an edge that more than pays for itself in salvaged sales and reputation, or productivity and up-time.

Increased cyber-attacks around the holidays won’t be going away any time soon. In fact, you can expect that they will increase and evolve to take advantage of amplified traffic and decreased resources. Well prepared organizations can weather the holiday storm, though, by acknowledging the heavy uptick in attacks during the last 6 weeks of each year and planning to address those problems head on.

The post It’s Christmas for Hackers, Too – Attacks Increase Around the Holidays originally appeared on the Curotec Blog

Mobile Design Predictions for 2017

It’s hard to believe it’s almost here – 2017. We’re launching a year with a new president, the Cubs as World Series champs, and mobile apps and sites top of mind for every organization.

Mobile as a platform has been around for years, and yet each year, just like the web, there are advancements and changes that need to be taken into account as new products are developed, and old ones are updated. We’ve pulled together 10 of the top mobile design predictions for 2017.

 

1 – Mobile First Search Indexing

Google’s search algorithms have, until now, always used the desktop version of websites to catalog and rank pages. But no longer. Google will move to indexing against mobile sites, first. And this isn’t a surprising move on their part considering in 2015 we reached the tipping point – over half of searches are now done on a mobile device. Responsive and dynamic sites won’t have anything to change, but sites that serve mobile customers differently will need to consider making some changes to keep up.

2 – Failure mapping

User experience designers have gone from mapping user paths to mapping user experiences to mapping a user’s journey. In 2017 you’ll see new mapping coming from your UX department – failure mapping. Current mappings show what happens for the ideal user – the one that follows the set path or paths. But what happens to the user that strays from the defined path? Failure mapping makes sure that users that follow non-ideal scenarios will still have a good user experience.

 

3 – Haptic Feedback as part of the interface

Haptic feedback is that tactile response you get when interacting with your smartphone or tablet’s screen. With the increase in high end devices available, and the decrease in the cost of the technology that enables this kind of feedback, interaction designers working on mobile devices now have a new palate to play with – the sense of touch. What you’ll see in the next year is apps and sites that subtly direct the user to toward positive reactions, like clicking the Add to Cart or Checkout buttons on an eCommerce site.

4 – Skeuomorphism

At its simplest, skeuomorphism can be defined as a design style that mimic real-life. Books on a webpage look like real leather, 3D objects cast shadows, knobs appear smooth. This may seem like a design decision, but for the user it’s much more. Because the objects in skeuomorphic design look like objects in our day to day lives, they direct the user and clue them into the object’s use without the need to call out the purpose of the control. And since mobile doesn’t have an abundance of real estate, anything that helps the user divine the purpose of a control leads to a superior customer experience.

 

5 – Non-linear experiences

In the early days of mobile applications, all users were novices. We needed handholding. Many mobile sites and applications catered to this, driving users in a single direction with simplified user interfaces and linear paths through the experience, like an old side scrolling video game. But users don’t look at mobile experiences as dumbed down desktop sites any longer, but instead as a first stop. Like modern video games, mobile interfaces in 2017 will become more sophisticated and less linear to meet user expectation and more closely mirror how they operate in transactional situations.

 

6 – Animation

Advances in mobile languages like HTML5, CSS5 and JavaScript libraries make animation in mobile experiences a reality. This means that, like haptic directives mentioned above, interaction designers can use subtle animations to help direct user behavior in positive ways. The inclusion of animation also helps to provide a richer user experience, engaging the user more deeply in the application.

 

7 – Increased Use of Video

The past few years has seen an increase in the use of video as part of website design. We’ve moved beyond hero images and have increasingly changed to hero videos on landing pages and as part of page headers. Traditionally, though, mobile pages have veered away from this practice. But consumers crave video content. Hubspot predicts that 79% of Internet traffic will be video based by 2018, and 59% of executives would rather watch a video than read text. And with YouTube reporting 100% increase, year over year, in mobile consumption, the small screen isn’t a deterrent to users viewing video.

 

8 – Advances in Alternative Payment and mCommerce

Alternative payments – everything from Paypal to Apple Pay – are natural resources for consumers shopping on their mobile device. And shopping on mobile they do – mobile purchases are now 42% of all online orders. Consumers are looking to reduce friction in their mobile purchases, and alternative payments like Apple Pay, Android Pay and Samsung Pay, help them do that by limiting the information that needs to be entered to buy something. Making payments, and therefore purchases, easier will only lead to increased revenues for mobile commerce.

 

9 – Age and Ability Responsive Design

There are a wide range of users turning to mobile devices. Some are technically savvy and can find their way around the most convoluted and user-hostile interfaces (although they shouldn’t have to). But others are novices – as older users pick up their phones to browse with and children engage more and more with tablets, there becomes a wider range of user experiences that need to be addressed. Some apps clearly have a defined audience and don’t need to adapt. But other, more general use mobile experiences should to cater to users of varying experience levels. By examining a user’s actions on a site, age and experience can be inferred. With machine learning and predictive analysis, user experiences can be adjusted to respond to the perceived age and experience of the user, dynamically.

 

10 – Increased use of microinteractions

Microinteractions are those tiny, in the moment actions that users take that are meaningful right then. They are single purpose actions – liking a page, logging into a site, changing a setting. Google goes beyond the use of microinteractions to call out micro-moments; those moments when a person turns to something like their phone to watch a video, buy something, or look something up. These moments are like tiny pieces of the user journey, and when put together paint the whole picture of a user’s path to purchase, from awareness to conversion. In 2017, we’ll see an increase in the implementations that take advantage of these moments – from NFC alerts for sale items while in a brick and mortar store to prompting a purchase when searching for movie tickets.

The post Mobile Design Predictions for 2017 originally appeared on the Curotec Blog

We’ve Moved! – Curotec Now at the Radnor Financial Center

As our business has grown so have we, and the time has come for a new address. Curotec has moved to the Radnor Financial Center, just off of Lancaster Ave.

This new space isn’t far from our old offices, but the additional space gives us room to grow. Plus, the view isn’t bad, either. Located in the Main Line, our new offices are in the middle of some of the most beautiful and historic homes in the Philly suburbs.

Here’s where you can find us, now:

Radnor Financial Center
170 North Radnor Chester Road
Suite 150
Radnor PA 19087

The post We’ve Moved! – Curotec Now at the Radnor Financial Center originally appeared on the Curotec Blog

Workplace by Facebook Takes Aim at Competition

Last week Facebook publicly released their new enterprise collaboration platform, Workplace. Referred to as Facebook at Work while in
beta, Workplace is the newest entrant into a growing lineup of platforms intended to help teams communicate better, more frequently and more completely.

But what exactly does Workplace provide for enterprise users? And is it really any different than all of the other platforms available?

What is Workplace?

The short version of that answer is Workplace is a collaboration platform. But just like the other residents in that space, that really doesn’t
mean much out of the context of the application.

Like other collaboration platforms, Facebook’s intention with Workplace is to give teams an alternative to email and meetings; a place where they can discuss projects, ask questions, get answers and connect with other team members via chat, messages and live video. Most of those things are already features Facebook provides for their 1.71 billion user audience on their public platform. But Workplace is different.

Is it Secret? Is it Safe?

To begin with, Workplace isn’t public. In fact, it’s very not public. Access is restricted to your company alone (although, as we’ll see in a moment, there is functionality that allows you to work with other companies). Workplace is a completely different platform from Facebook, which means there is little possibility of accidentally posting your company secrets for all of your friends to see. This is part of the reason that Workplace took so long to come to market – despite the family resemblance, the platform was built from the ground up to be separate from Facebook.

Workplace even looks different than its public sibling, with more muted colors. There are also no ads on Workplace, which makes all of us using Facebook more than a little jealous.

This separation from the public platform and differentiation in look and feel answers a big concern by a lot of companies – namely, you don’t need to worry about your employees using Workplace as a cover for spending their days on Facebook.

 

Peeking Behind the Curtain

Despite being a completely different platform, Workplace leverages a lot of the same features found in Facebook. So those familiar with the social media tool will find a lot here that feels like home.

Workplace has a Newsfeed, chat messaging, and live video. You can also make voice and video calls to others in your organization through the platform. Reactions, such as liking a post, were also brought over from Facebook.

No enterprise is an island, and Workplace takes that into account. Not only can people in your organization create groups around a specific subject – like a project or product – they can also share those groups with other companies outside of your organization that are also using Workplace. This makes collaboration with partners and vendors much easier.

Being a multinational enterprise themselves, Facebook recognizes the global nature of business. To facilitate work groups that can span miles and languages, Workplace has automatic translation built in to the application.

 

How Does It Compare?

So let’s get down to the real question – why should you consider Facebook’s Workplace product when there are so many existing platforms that are well established in the space? As with all enterprise applications, it comes down to what your needs are – each of the tools is the best choice in different circumstances.

But here are a few places where Facebook can be (favorably) compared  directly to a couple of the biggest gorillas in the room – Slack and Saleforce’s Chatter.

Slack vs Workplace

Leaving aside for a moment the discussion of price and subscription model, the biggest difference between Slack and Workplace is the integration of apps and services. At the moment, Slack allows for the integration of outside applications (on a limited basis for the free model, unlimited for paid subscriptions). This includes integrations for project management apps like Trello, application performance like New Relic and even a host of Zoho apps, like Subscriptions, Events and Invoices.

Workplace, on the other hand, has no such integrations. But there are plans to change that. Workplace is already talking to Deloitte, Okta and TBWA regarding integrations. The plans are to partner with outside apps for the areas where Workplace is lacking capabilities and features, such as document storage and collaborative editing. Basically, Workplace doesn’t want to re-invent the wheel. They just want to give it power steering.

Chatter vs Workplace

The comparison between Workplace and Chatter is an interesting one. Chatter, as part of the Salesforce platform, is one of the longest standing and most mature of the collaboration platforms. Because of this, Chatter is hard to beat – the features are well designed and vetted, the integrations already exist and there is an entire marketplace of Salesforce add-ons available.

But where Facebook comes out on top in this comparison is exactly where they planned to. Because Workplace uses the same functionalities and features as the public platform, there are few people in the world who don’t already know how to use it. Almost no training is required.

Between being an interface already so familiar to many and having mobile applications available for Workplace at launch, it’s a no-brainer for use by employees who aren’t desk jockeys.  Field agents, maintenance staff and even retail employees can rapidly come up to speed and participate in the corporate conversation without taking hours away from their work to learn a new system.

 

The Biggest Difference – Cost

The differentiator that Facebook is really counting on is price. It’s pretty clear that Facebook would rather have you using Workplace than worry about making a profit at the moment.

Their subscription model, after the 30-day free trial, is only $3 per active user for up to 1,000 users. From there and up to 10,000 users, the rate drops to $2. At 10,001 and above, the price is only $1 a user. For educational institutions and non-profits, Workplace is free.

The active user piece is of note, as well. To qualify as an active user, and for Workplace to bill you for that user, they must have logged in at least once during the month. The intent is to keep Workplace on their toes. If the platform doesn’t work, no one will log in and use it. If that happens, well, Facebook doesn’t get paid.

This subscription rate and structure is substantially different than either Slack or Chatter.

In Slack’s case, they operate on a freemium model. Restricted accounts are free, but for paid accounts, the prices are higher than Workplace. For a standard account, Slack is $8 per active user, and $15 if you want features like SSO and uptime SLAs.

Pricing for Chatter isn’t quite as upfront as that of Workplace. With Chatter, you can get a company of up to 5,000 people on the platform by purchasing a single CRM license, which according to their website starts at $25 per user a month for up to 5 users. With that you get something equivalent to Workplace – messaging, status updates, activity feeds, plus things like file sharing. But to get the full suite, including the integrated apps, reporting and so forth, it’s $15 per user.

If you have a small team that will access the CRM features, Chatter might be more attractive than Workplace for your organization. But for smaller teams that won’t use the CRM features, the price plus the training needed to use the platform to its fullest may be higher than you’re willing to pay.

 

As we said earlier, your organization’s needs will drive the choice of collaboration platform best suited to you. But with Workplace entering the market, expect to see some jockeying for position from even the bigger names in the space. Once a heavy hitter like Facebook steps on to the field, all bets are off.

 

 

*None of the comments or comparisons in this column should be deemed a recommendation of a specific product or service.

The post Workplace by Facebook Takes Aim at Competition originally appeared on the Curotec Blog

7 Steps to Adding Ecommerce to Your Business

As a business owner, you likely already have a website. You promote your business there, provide information, probably even have a contact us form. But if you sell products and don’t have an eCommerce presence, you’re missing out on a huge opportunity as well as some serious revenue.

Earlier this year, Forrester Research reported that online sales will increase from $335 billion in 2015 to $523 billion by 2020, with 270 million shoppers browsing and buying online. Without an online shopping experience for your business you’ll miss out on the opportunity eCommerce presents.

In this first post in a series of three, we’ll outline at a high level the 7 things you need to do to add eCommerce to your existing business. In the next two posts, we’ll talk about integrating eCommerce with your existing legacy systems and finally we’ll detail the importance of having a mobile shopping experience available to your customers.

 

Your Roadmap to Adding Ecommerce

Obviously, if adding eCommerce to your business was as easy as flipping a switch, everyone, including your competitors, would have already done it. But that doesn’t mean it needs to be overwhelming. With the right plan, some up front work and the right help, you can be up and running, successfully and in very little time.

1) Check out your competition

Whether you are a small mom & pop store or a large B2B retailer, your first step is to check out your competition online. Start by seeing if any of your known competitors have online stores. What do they sell? Do they list all of their products online, or just a portion of them? What is their web experience like? If you search for them, where do they rank?

Once you understand where your direct competition sits in the online world, expand your search to include online stores in your space. Take note of how well they present their products. Check out their design, how they categorize their products and so forth. Make notes of the sites you like best, and exactly why, so you can share that with your design and development partner later on.

2) Decide what you’ll sell online and when

You might want to start by offering all of your products online, or maybe you want to start with a smaller set of items that are most suited to your online audience. If you’re already offering all of your items by catalog, then moving those items online is an easy transition. If, on the other hand, you only offer products in brick and mortar locations, you might want to review your inventory to see if there are items you only sell to your local customers. Those products could still do well online, but you might want to wait until you’ve got the bulk of your stock available to your online audience before you add these long tail items.

3) Find the right solution for you

There is a good chance that this is the step that will be the most outside of your experience and comfort zone. But it is also one of the most critical. Choosing the right platform to display your products and provide your customer’s with the best shopping experience can be daunting. If you have software systems already in place – inventory, shipping, payment processing, etc. – you’ll want to choose a platform that plays well with them. Many shopping cart packages make it sound like it’s easy to add eCommerce to your site, and that might be true if you’re a smaller shop. But if you’re a larger company or you have many products, you’ll want a solution that can handle your business without adding more work than is needed. This may seem overwhelming, but finding a good partner to understand your needs and help you choose the right solution can make this step infinitely easier.

4) Prepare your inventory

The web is a visual place. Customers are significantly less likely to purchase items from you that don’t have a picture along with the description. You’ll need photos of all of your items that you plan to sell online. But more than that, you’ll also need descriptions of each of your products. You might be tempted, if you already have a catalog, to just use those. But you’ll want to optimize your descriptions for your online audience and, more importantly, for SEO. In addition to using keywords, your product descriptions should be persuasive. You won’t be there in person to sell the item, so your copy will have to do it for you. Hiring a photographer and a copy writer with experience in eCommerce is a good idea, as they will know how to best present your items for an online audience.

5) Check your usability

You may not know why a site doesn’t work well for you – why you find the navigation cumbersome, why the layout seems to keep you from finding what you’re looking for and so forth. But you know it when it doesn’t. Don’t drive away customers just because they don’t enjoy using your website. Make your site user friendly, not user hostile. Web and application usability is an entire discipline within IT, but you can start by using the list you made from the first item in this post to get an understanding of what doesn’t work and what does. Remember, the site isn’t about making it easy for you to find products. It’s about making it easier for your customers to do that.

6) Make sure you have the usual suspects in place

These may not seem important when you’re in the middle of building out your eCommerce division, but don’t forget to take the time to create pages for your site’s Terms of Service, Return Policies, Shipping Policies, Sizes (if applicable) and so forth. These pages may get a low number of visits but they will answer many questions that you and your customer support team won’t have to, and will keep your customers from being confused or frustrated when it comes to returns or knowing when their items will arrive.

7) Be ready to support all your customers

Your customers will come to you from all over once you are online. They will also come to you using different browsers, from different screen sizes and on different operating systems. While you don’t need to support every browser ever built, you should be sure your eCommerce site works on the top three or four (as of the writing of this article they are, in order, Chrome, Firefox, Internet Explorer and Safari). We’ll talk about it more in our third post in this series, but you’ll also want to make sure your eCommerce site supports mobile users, including tablets and phones.

In our next post, we’ll talk about integrating your eCommerce solution with your existing legacy systems, so you don’t have to rework everything before you start down the path to online sales.

The post 7 Steps to Adding Ecommerce to Your Business originally appeared on the Curotec Blog

Your iPhone is at Risk – Apple Releases Critical Update

Apple released a critical update on Thursday, August 26th, to address a series of flaws in the iPhone 6. The flaws, while individually of little concern, combined to allow hackers to remotely jailbreak the iPhone.

The vulnerability was discovered and reported to Apple about a week and a half ago, after a United Arab Emirates human rights activist was targeted by the attack. Ahmed Mansoor reported the issue to researchers at the University of Toronto’s Citizen Lab, who in turn found and reported the issues to Apple.

Mansoor received a text message containing a link. Following the link would have installed a program that would have allowed remote access to his phone, thanks to three previously unknown flaws in the iOS operating system. Once installed, the hackers would have had access to a number of iPhone services, including being able to control the camera and listen in on conversations using the microphone.

The spying goes beyond those services, however. Once the exploit is installed, hackers have access to the location of the phone and can listen in and record conversations. Even apps using end-to-end encryption, like Whatsapp and Viber, would be subject to access. Additional assets at risk include stored photos, files, and messages in mobile chat apps.

As the number of features available on smartphones increase, so do the number of potential risks. Each of the flaws in iOS flew under the radar – Citizen Lab stated they believed these flaws to have been part of the OS since 9.3.3 or before. (iOS 9.3.3 was released on July 18^th, 2016.)

It was the combination of several flaws that enabled the creation of the larger – and far more dangerous – exploit.

At this time the reported cases are limited to Mansoor, a Mexican journalist and a minority party politician from Kenya. But now that the flaws are known, it is only a matter of time before the larger community attempts to use the security hole on a larger scale.

This is why it is critical that iPhone users ensure they update to the new patch, version 9.3.5. With the smartphone becoming the holder of our credit card information and other personal data, anything providing unfettered access to your phone is a major concern and an opening for identity theft, credit card fraud, and even, with this current issue, corporate espionage.

In 2015, there were over 94 million iPhones in the hands of users. Many of these are in use, on a daily basis, by executives and leaders in enterprises across the country, and the globe. With an unpatched iPhone company files and messages could be harvested from your phone. Even meetings could be eavesdropped on with a compromised phone using the device’s mic.

And this goes beyond executives, to all levels of the organization. It is critical for your IT security teams to encourage all iPhone users, whether issued by the company or not, to update their phones.

Consider having your security teams send an organization-wide message alerting users to the threat and including simple instructions on how to apply the update to their phone. Also, remind your users about good security practices. Reinforcing messages should be an important part of your enterprise security training, especially when the opportunity to do it in the context of a real world example presents itself.

One last note. As of the time of this writing, the vulnerability has not been found in iOS 10 beta. So an alternative is to upgrade to the new OS. But because it is still in beta, the usual caveats and cautions for early adopters apply.

The post Your iPhone is at Risk – Apple Releases Critical Update originally appeared on the Curotec Blog

The Basics of Domain Driven Design

Stop me if you’ve heard this one before.

A developer walks into a requirements review and after a few minutes says “But this is just like part of the application we wrote 6 months ago.”

The lead says “Can we reuse that code?”

The dev says “It would take longer for us to abstract it than to just rewrite it. It’s in there with other functionality specific to that app.”

And no one laughs. We’ve all been in this meeting, felt the frustration bubble up. The business doesn’t understand why it will take so long to build. The IT leadership is shaking their heads because we’re not able to leverage what’s already been built. And the developer is grinding their teeth at having to solve the same problem, again.

For those of us with experience and background in software development, we know this isn’t how it’s supposed to work. What happened to breaking problems down, building re-usable objects, abstracting functional layers?

There are lots of reasons good development practices fall to the wayside. Lack of understanding of the business problem, crunched timeline, and budgets are all excuses for setting aside properly engineering a solution.

Domain-driven Design would like to change that. It’s not a methodology, like Agile, or a process like RUP (Rational Unified Process). Instead it “provides a structure of practices and terminology for making design decisions that focus and accelerate software projects dealing with complicated domains.”

Like all tools, DDD has a time and a place. But when used in the right context, at the right time, and applied correctly it can bridge the gap between the business and developers and lead to efficiency in enterprise development.

What is Domain-Driven Design?

DDD was introduced by Eric Evans in 2003 in his book of the same name. In it, Evans outlines a systematic approach to understanding complex business problems and applying domain models to those problems to create organized and focused solutions.

The intent, of course, is to build better, more re-usable, more cost effective software, especially in the face of highly complex business systems. Evan’s approach enables developers to better understand the business problem and communicate more effectively with their business counterparts.

It is also intended to help developers to better size down problems and fence in what they are building. As the old saying goes, you eat an elephant one bite at a time. But thanks to the evolution of software solutions and network computing, those bites speak to modern software architecture.

As enterprises continue to adopt and adapt to software services, having an approach that maps out how to break a business need down into service, and even microservice components that become useful and re-usable. But starting with services encourages a bottom-up design.

DDD, on the other hand, starts at the top. It directs teams to create a common language with the business before solving the business problem. To understand how it does this, let’s look at the basics of DDD.

 

DDD 101

Clearly, the first thing to understand with Domain-Driven Design is to define what we mean by a domain.

The domain is, basically, the business area we’re talking about. It’s the area of the business relevant to the solution needed, and to help you define and find your domain experts.

Are you talking about a new CRM? You’ll want someone from sales. New call center software? You’ll want a call center manager. A new CAD system? Bring in an engineer.

What you want is someone with a business understanding of the problem you’re trying to solve with a software implementation. That’s your domain expert.

But a common problem with humans in general, and in business to IT communications, is making sure you are all speaking the same language. That’s where the next step of DDD comes in – creating what Evans calls a Ubiquitous Language.

This will be the cornerstone of communication for everyone who works on the project. It will define the language the team will use to talk about the project. And it will evolve and grow over time, through trial and error.

For instance, if you were asked to build a car, you might think “sports car” while the product manager means “family sedan”. So you define that, for the purposes of this project and this domain, “car” means “family sedan”.

It’s a bit of a contrived example, but you can see where not having that definition in place would lead to some costly trouble.

Once everyone is speaking the same language, developers can break down the domain into smaller sub-domains and bounded contexts. A bounded context is like a miniature application, and has its own domain.

Think of an eCommerce system. By itself, it is a context – one where people use the application to shop. But, within that context lie smaller domains, like customer information, payment processing and inventory. Each of these is a bounded context, with one domain.

There is more detail within Domain-Driven Design, much of which is outside of the scope of this article and begins to dive into more technical nitty-gritty.

But the above describes how DDD begins to handle the parts of a project with the greatest potential for complexity – what the business needs are and how to build an understanding across the team.

Breaking the project down, bit by bit, allows the teams to develop highly modular pieces of code. Code that can be re-used. Code that can be refactored without upending an entire system.

 

Benefits to the Enterprise

The greatest gains to the business for DDD come from highly complex applications and domains.

First, the organization as a whole has a greater understanding of the domain, thanks to the need to model it for the ubiquitous language and bounded context.

The enterprise also creates a common language that can be used within the context of building out the solution, but can also be carried throughout the domain and the organization.

Better code can be created because the domain experts are an integral part of understanding the problem, and the solution.

The solution is better organized and focused thanks to the defined contexts.

The enterprise gains re-usable services that can be iteratively improved and changed without taking down entire business systems.

 

Not a Silver Bullet

But DDD is not a silver bullet that will solve every issue in your enterprise.

First, it can be overkill on smaller and less complex projects, or projects with a limited life span or usefulness to the organization.

And while building a domain model can be helpful in and of itself, it isn’t DDD, but only a part of it.
Domain models are time consuming to build and require resources from IT and the business. Likely from multiple business units.

There is much effort at the start required to define the domain, subdomain, contexts and ubiquitous language. And that means greater cost to the organization, up front. With the possibility of the return on that investment being months or years down the road.

Domain-Driven Design is an effective set of techniques for complex, enterprise level software projects that will have years of life within the organization. And principles of DDD, individually, have merit for the organization that is willing to commit resources early on. But just like holding a daily stand up meeting is not the same as implementing Agile, creating a domain map isn’t the same as following DDD.

And yet, for those projects that fit the mold, DDD is worth deeper investigation as a means of bringing greater understanding and more modular development.

The post The Basics of Domain Driven Design originally appeared on the Curotec Blog

HTTPS Exploit Can Steal Your Secure Data – Black Hat 2016

IT security is top of mind for many enterprises these days. And with the announcements coming out of the Black Hat Conference that won’t be changing anytime soon.

On Wednesday, August 3rd at the Black Hat 2016 conference in Las Vegas there was an eye opening demonstration on the need for updated Internet security protocols. At a briefing entitled “HEIST: HTTP Encrypted Information Can be Stolen Through TCP-Windows”, researchers Mathy Vanhoef and Tom Van Goethem demonstrated a set of techniques that would allow hackers to listen in on secured traffic directly, without the need for an intervening network.

Used to transfer information over
the Internet, HTTP is the foundational protocol that enables communication over the Web. HTTPS uses this protocol combined with Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL), to provide secure communication over the Internet. Using HTTPS authenticates the connection between a user’s browser and a web server to protect private information that is passed between the two.

One of the purposes of using HTTPS is to prevent a man-in-the-middle atttack – an attack in which a hacker impersonates each of the end points in the communication. The user’s web browser thinks it is speaking directly to the web server, and visa versa, while the messages are actually being passed through a third party. Because of the end to end authentication with HTTPS it is difficult to impersonate or even eavesdrop on the data being passed back and forth.

With the newly discovered HEIST technique, a man-in-the-middle attack is no longer needed. In fact, as described in detail in this article on Ars Technica, the user only needs to “encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage”. This code can then be used to find out information about the file sizes transmitted from TLS or SSL secured pages and use that information, combined with another attack, to tease your information out of the HTTPS encrypted responses. These could even be small pieces of data with a big impact – like your email address or social security number.

Once HEIST has the files size, it partners with other exploits to use HTTPS’s security measures against itself. You see, most websites use compression in their responses by not repeating text strings within the data. Exploits like BREACH, being discussed on Thursday at the Black Hat conference, use this information to play an intelligent game of true or false. The exploit guesses part of the string, and if it’s right, the response doesn’t grow in size. Instead, the repeated strings are removed by the compression. If it’s wrong, the compression can’t eliminate the string, and the response grows. And now, thanks to HEIST, the exploit knows the file size of the data.

The good news is that a number of tools are being released this week to help teams assess their vulnerability to BREACH. The bad news is that the only way known, at the moment, to mitigate HEIST is to turn off 3rd party cookies. These are on by default in most browsers and will cause a number of online services not to work.

Expect to see recommended changes to your applications to reduce the potential risk associated with these issues and even changes to best practices on how sensitive data is exchanged in Web response messages. With no blanket fixes, these exploits will take time and resources to mitigate and new policies outlining how you’ll handle data going forward. But ignoring the changes could be devastating for businesses and their customers.

The post HTTPS Exploit Can Steal Your Secure Data – Black Hat 2016 originally appeared on the Curotec Blog

The New Definition of Success: RJMetrics Sells to Magento, Spins off Stitch

Building a successful business and then selling it to a big fish in the industry is The Brass Ring for many startups. Yesterday’s announcement from RJMetrics shows they have a firm grasp on that ring with the sale of the company to eCommerce platform giant Magento. But it’s less of a buyout and more of an evolution for the Philly-based company. In fact, the deal is part of a growing trend with tech companies and startups, enabling them to downsize with a purpose – to focus on new initiatives.

RJMetrics, Magento and Stitch

Founded in 2008, RJMetrics couldn’t have launched at a better time. Coming just as words like “data insights” and “big data” were passing the lips of every CIO, RJMetrics grew into a multi-product offering. Their suite gives businesses the intelligence they need to acquire customers, get them to buy and get them to stay.

With those kinds insights, it’s no wonder that RJMetrics caught the attention of California-based Magento. The acquisition, for an undisclosed sum, was announced yesterday and brings a solid competitive advantage to both Magento and their customers. Marketed as Magento Analytics, the solution will put the power of business intelligence and data insights into the hands of B2B and B2C merchants using the Magento platform. This will bring enterprise level analytics and actionable data to non-technical users of the platform.

The deal also acquires half of the current RJMetrics staff and allows Magento to set up a presence in Philadelphia. But what about the other half? This is where the story goes beyond a mere acquisition.

The other half of the RJMetrics staff, including RJMetrics co-founders Jake Stein and Robert J. Moore, have spun off into a new company, Stitch. As Stein points out in his blog post announcing the new company, data has “created a headache for developers”, and Stitch is looking to be the cure.

Taking the Pain Out of Data

An enterprise’s data can live in a myriad of places in today’s connected world. You’ve got CRM data in Salesforce, email databases in Marketo, web and mobile analytics in Google Analytics, and marketing data in Facebook and AdWords, among others. There are multiple teams wanting to look at this data from every angle, and you’ve got a data warehouse ready for it.

The estimate to get all of that data into your warehouse is staggering. The estimate to maintain it is worse.

It’s an all too common complaint from developers on up – connecting data sources and getting that data to look the same for your apps and warehouse is tedious, grinding, and time consuming work. It’s not the kind of work that makes developers happy. And it takes them away from the critical user-centric application work that companies need to focus on.

But data is king, and without it many business critical applications are meaningless.

This is the problem that Stitch was created to solve by offering a managed ETL solution.

When it was initially launched as RJMetrics Pipeline application, the team did a little digging into how much time creating a proper ETL system takes. What they found was staggering, but unsurprising. Building out a solid system for data transformation and loading takes “between 8,000 and 15,000 development hours to get off the ground and then 1–2 developers to maintain on an ongoing basis”.

RJMetrics effectively removed this pain point for hundreds of developers in beta, and now, as part of Stitch, they have the chance to help even more.

Downsizing to Focus – A Growing Trend

The one-two punch of acquisition and spin-off lets the established portions of RJMetrics live on while providing the team with the chance to go heads down on their ETL solution. The new Chairman of the Board and co-founder of Stitch, Moore described the situation as creating “a future that’s exciting without disrupting the universe you’re in”. And with this move, Stitch follows in the footsteps of other tech companies who have re-focused their efforts on fewer products.

Notable in this group is the 37Signals shift that occurred in early 2014. At that time the creators of Ruby on Rails announced the decision to re-focus the company on their core product offering, Basecamp.

The company not only dropped the 37Signals branding, but also decided to divest themselves of their other products including Highrise, Campfire and more. The reason? In an Inc. article at the time, 37Signals co-founder Jason Fried said the change would “allow us to do more things with fewer people”.

Dropping everything but Basecamp allowed the company to focus on doing more with a single product – better features, more access and a more mature platform. Instead of growing their team, they kept it the same size, allowing them to maintain the family-style culture while doubling-down on a product known both inside and outside the tech industry.

Doing Good and Doing Well

The change at 37Signals was accomplished while still holding everything together, customers and employees alike. And despite a strategic layoff earlier in the year, RJMetrics was able to achieve a similar outcome.

In fact, the acquisition/spin-off of RJMetrics isn’t a case of line-your-pockets-and-run. Instead it brings a number of benefits with it

• It brings fresh funding to the Philly startup scene
• It has the potential to create new jobs by establishing a new Magento office
• It has the potential to create new jobs as Stitch grows
• It creates a dedicated, proven team to work on a new product
• It leaves a dedicated, proven team to support existing clients

This isn’t just another acquisition of a startup. It’s part of a new breed of re-structuring that fosters better products with solid, proven teams.

The post The New Definition of Success: RJMetrics Sells to Magento, Spins off Stitch originally appeared on the Curotec Blog

How To Do It All: Meeting the Mobile Needs of Clients and the Enterprise

Mobile has rocketed past many other initiatives in the enterprise. And looking at the data, that’s no surprise.

• Pew Research reports that 68% of Americans have smartphones, with the percentage for ages 30-49 being closer to 83%
• According to a recent KPCB Internet Trends report, mobile search (at 51%) has superseded web searches from the desktop
• One-third of respondents on a Vanson Bourne survey indicated they would completely abandon a brand after a single poor mobile experience
• A recent report by Computerworld cited mobile in the top 5 initiatives that CIOs would give more dollars to in their budgets in 2016

And the stakes are too high for an enterprise to fall short in this critical area. In fact, in a recent Forrester post, Mobile was identified as a key success imperative for CIOs. They go so far as to identify not just company revenue, but even a CIO’s job security, as potential risks to ignoring the enterprise’s mobile needs.

 

Challenges for Mobile in the Enterprise

The needs of mobile audiences have evolved as quickly as the number of devices. Making your site responsive or replicating an entire application are not options in a mobile first world.

The smart company recognizes that not only do their customers demand a solid mobile solution, but that their workforce needs the flexibility of mobile access. An enterprise’s internal mobile solutions increase productivity and create consistency in the information accessed and shared. Moreover, younger and tech savvy employees will judge the company on the quality of its mobile access and applications. Your internal apps can make or break your place as an employer of choice.

The challenge, of course, is the multiple demands on both your teams and your budget. Building apps for customers, porting internal tools for mobile use, and addressing the inevitable concerns regarding management, support and security can be a drain on your available resources. But with planning and some strategic choices, you can execute a successful mobile strategy.

 

Planning for the Differences

It’s true that the needs of your customer will be different than the needs of the organization’s internal teams. Even your different business units will have needs that may drive you to the creation of multiple internal apps. But where there is divergence, there is also commonality.

All of your apps will have some functionality that can be shared across your mobile landscape. Identity management, access control and even similarity of look and feel can be common elements that can be developed once and extended to each application.

Understanding the common elements and the differences aren’t enough, though. To make sure you’re getting the most out of your development dollars, you need to make sure you understand what the end user needs. It’s important to take the time to understand the user experience for your apps before you build to prevent missteps and costly directional changes down the line.

 

Options for Balance

Once you understand the user’s needs, it’s time to balance the development work. The traditional path of iterative releases with added functionality, though, is only one tool in your cost savings tool chest.

Your customers are looking for a great mobile experience. Bringing in a partner to create a custom mobile experience can create the app your customers demand without derailing your development projects or taxing your development resources.

But what about internal users? They are looking for apps that are quick and easy to use, that let them get their jobs done efficiently. Rapid Mobile App Development (RMAD) tools, like those in the Salesforce Lightning App Builder, can quickly get your internal resources up and running, saving you time and money.

 

Doing it All

The importance of your mobile strategy cannot be understated. The demand for mobile apps will only increase from within your organization and from without, and each quarter without mobile solutions can put your organization further behind in profits and in the competitive landscape. But you can get it all done once you understand your user’s needs and marry the build outs to the right tools for the job.

Think about your mobile strategy as it stands today. What really needs to be custom? Do you have tools that can be built quickly using an RMAD? And how much value can the right partner bring to your mobile strategy?

The post How To Do It All: Meeting the Mobile Needs of Clients and the Enterprise originally appeared on the Curotec Blog

Pokémon Go users, gotta catch em all

We see them in the streets and in our shopping malls. Frantically swiping their phones and battling each another’s Pokémon for points and bragging rights. These are the app users of Pokémon Go, a new augmented reality(AR) or virtual reality(VR) mobile app which has seen over ten million downloads in less than one week.

Like it or not, there are some major learning lessons we can take away from the Pokémon Go epidemic. I am calling it an epidemic because it is by far one of the most viral apps we have seen in quite a while. Let’s examine what Niantic, makers of Pokémon Go, did so well in their development and execution of the app.

The game takes place in the real world

When most people think of playing video games, they think of sitting on the couch and staring at a screen while exerting the minimum amount of physical energy possible. Nintendo Wii changed that way of thinking to a certain degree by introducing games that required physical movement to interact, however, they still took place from the comfort of your own living room.

With games using AR technology, the entire physical world is now the playing arena. This means users must walk, run, bike and move around the physical world in order to complete tasks required to advance in the game.

This guy now has people pulling up in front of his house like stalkers tapping on their smartphones all hours of the day and night because his house is a Pokémon gym. By looking at his Twitter feed he seems to be mostly a good sport about it though.

This is what I’m a little leery of. People pulled up, blocking my drive way as they sit on their phones. pic.twitter.com/WpRbilk6g6

— Boon Sheridan (@boonerang) July 10, 2016

The game blurs the lines between what is real and what is virtual. A major feature of the application includes the virtual creatures showing up in your camera view embedded into the real world around you. This taps into a fantasy many of the app users have to experience what it would be like to live in a world where the creatures actually exist among us. AR makes it easier than ever to be fully immersed in the game’s plot and live the true role of your character.

It taps into our competitive nature

Pokémon Go requires you to spend time hunting down creatures and then powering them up at virtual gyms found in real life locations. Users can then challenge other users by taking over a rival team’s gym or battling their Pokémon for points. If a user neglects to defend their gym it can be lost. This is what makes the game so addicting. Users feel that if they don’t keep playing, they will miss out on potential Pokémon, lose their gym or simply fall behind in the game while their friends continue to advance beyond them.

What is more interesting is that the demographic is not limited to the younger crowd like the other traditional Pokémon games were. Instead, this new application is attracting people of all age demographics including people in their 30’s, 40’s and 50’s. This shows the makers not only understood how to tap into viral sharing aspects of human psychology, but they also understood how to touch our competitive nature. In fact, Pokémon Go currently has more daily active users than Twitter! Users are also spending more time using the app than many major social networks.

Users are getting all the exercise

One reason many gamers use to finally pull themselves away from a video game is the realization that they need to get outside and do some physical activity. It can feel bad to sit on a couch all day and do nothing productive with your time. With Pokémon Go, users are already doing that while they play and it gives the users a really good feeling of accomplishment. The game takes place throughout the course of their day as they navigate their way through the physical world. There have been social posts of users complaining their feet are sore and their legs hurt, but they can’t stop walking around hunting Pokémon.

Pokemon GO might be the most exercise we’ve gotten as a nation since those Harlem Shake videos.

— Ian Simkins (@iansimkins) July 11, 2016

In addition to this, there really are gyms and Pokémon that can be found in all sorts of locations all over the world. By using the app you may find new places of interest right in your own town that you never even knew existed.

The social response and PR was very strong

Immediately after the game launched, people took to social networks and posted about it. Major publications wrote articles about it. And people talked about it with their friends. Whether or not you have an interest in playing the game or care to know how it works, you probably already have heard quite a bit about it unless you live under a rock.

One of the more interesting sharable components of the game and likely the reason it caught on so quick is largely due to the fact the game does take place in the real world. So users can snap pictures of a recognizable place with a friendly little creature hanging out. Many users would even go as far to stage the image with a person or object in the background interacting with Pokémon creature.

All this viral exposure took the internet by storm and it’s the reason the app is now the number 1 app on the app market and has tens of millions of downloads. Whats even more interesting is the numbers behind the app itself. Nintendo and Niantic spent roughly $30 million building the application. The app currently is making $1.6 million per day and growing. In less than 3 weeks the developers will fully recoup their investment and start to profit. Not to mention, Nintendo stock is going through the roof and Wall Street has been eating it up!

What we learned

Many times we think of old trends as a thing of the past, but using the right combination of technology and human psychology we can literally transform a business overnight and make a massive revolution that overtakes existing dominant social platforms in less than one week time. The world is so dynamic and trends evolve very quickly with technology, but AR is just getting started and does not appear to be going anywhere for a while. This is one of the rare cases where building a fully fleshed out application instead of a minimum viable product turned into a huge hit overnight.

The post Pokémon Go users, gotta catch em all originally appeared on the Curotec Blog

How to test market viability before you start building

So you think you are sitting on a great product idea, but need a little bit more validation before you cough up the big bucks and invest in building it out. Whether you are a startup entrepreneur or Fortune 500 enterprise, there is a large amount of risk involved with bringing a new product to market. For one, it can take months or years of research and development to fully flesh out the product concept and complete the development process. If you have a physical product you have even greater risk of potential wasted manufacturing and warehousing costs if the product launch flops. The markets are flooded with all kinds of products both virtual and physical and it is more important now more than ever to understand your market viability before you start developing your product in a black box.

We encourage anybody we talk with to do the proper market research to ensure the consumer demand is there, the timing is right and the market is not flooded. There are several aspects to this process.

Market Research

When diving into a new business model, industry market or product development initiative, the first thing you need to do before anything is learn about the market. Some of the questions you will want to answer for yourself are:

• Is there a market currently for this product
• What is the size of this market
• What types of customers purchase this product
• Are there competitors already in the space
• How many competitors am I going up against
• How established are the competitors
• What is the pricing model for the product

Competition can be a deterrent to many people, but there is another way to look at competition. In business, competition not only establishes a baseline for you and helps you set a target goal for where you need to go, but even more interesting, competition is a sign you are on the right track. When entering a market with no competition, you have to sometimes ask yourself, “Is there really a market for product”?

There is a give and take with everything though. If you feel your market is already over saturated with competition it may be time to look at a new niche. The ideal time to enter a market is when there is already one to three competitors doing what you are trying to do, so they have accepted the greatest risk and proven there is viability, but they are still infant enough that you can catch up to them and get into the market early.

Learn from the Competition

Now that we have established that competition is good and healthy for your product startup, lets see what you can learn from them. It is important to get as much information about your competitors business model, pricing model, customer base and more. There are several ways you can do this, here are a few:

• Read their website, sign up for their newsletter and follow their social feeds
• Give them a call or stop by if you are local (In some cases they may be willing to discuss their business with you, sometimes they may be threatened and potentially rude)
• If you have a common relationship with anybody who has used their product, ask them about it and why they purchased that product from that company
• Purchase their product yourself if it is affordable and makes sense for you to do so
• Some people will also call the company posing as a potential customer and listen to the company’s sales process, depending on the nature of the business and industry this could be potentially illegal or unethical, so be sure to consider that before trying this option

At the end of the day, there is only so much you can learn from your competition because lets face, they probably won’t be waiting in line to hand over everything they learned through their research and failures to the new guy/gal on the block.

Perform a Smoke Test

Smoke tests are a great way to quickly test if there is a market and what the cost of acquiring new customers might be for your business. In the age of digital marketing it’s now extremely cheap to run a smoke test and it’s a no brainer if you are entering into a new market. One thing to consider before going in is that a failed smoke test may be an issue with your marketing approach and not the business model itself. But either way, it will give you some insightful information for a low cost. Here is how to do it:

1. Identify who will buy your product.
2. Create a compelling message for those people that explains your product and the value it offers.
3. Using a visually appealing interface, create a one page landing page with your compelling message and a signup form (simply ask for name and email).
4. Create an advertising account with Google Adwords, Facebook, Linkedin or another social ad platform that makes sense (To determine which ad platform is the best for your product relate your target demographic to the demographics using each of these platforms. Testing on multiple ad platforms is not bad either).
5. Run your ads for a few days. Usually a budget of around $500 should be enough to give you some insightful data about user response.

If you get success with your smoke test that is validation that you are headed down the right path and should continue investing time and energy into your product. If you got a failure result from your smoke test, it can mean one or several of the following:

• You didn’t identify the right demographic with your ads
• Your landing page did not compel users to take action
• The product messaging does not speak to the customer in the right way
• People don’t understand your product because they need education around it
• Your product truly is not viable and you should consider a pivot

Interview Potential Customers

Hopefully from your smoke test you have created a list of several people who would like to buy your product (If not, you at least know who you market demographic would likely be). Talk to these people and learn about their needs. Ask why they signed up on your smoke test page. Learn what value your product brings to them. Often times you can uncover some unique hidden value you didn’t even know you had. We once worked with a company that started out targeting their product to specific demographics of high school students, but ended up learning there was also a viable market for prisoners who were going to be released shortly. Sometimes the correlations can be hard to make, but are there right in front of your face.

Gut Check

So you passed all the checks above? Great!! Now we are at the final check and arguably the most important one. The gut check. You have all kinds of data and research on your product, the market and the customers in your market, but let’s throw all of that out the window for a minute. How do you feel about your product and market? Do you love it? Will it get you out of bed every morning and keep you working late into the evening? Will you be so excited to tell everybody about it? Is your motivation to build this product focused on the fact that you love the concept of the product and how it helps people much greater than the idea of benefiting financially from the product and business?

If you feel a burning passion to build your product concept and answered affirmatively to the gut check questions then it’s likely time for you to do what you know you have to do.

The post How to test market viability before you start building originally appeared on the Curotec Blog

Why We Need More Women Coding

History has a way of repeating itself. For example, the phrase, “history has a way of repeating itself” has been written before. So… case in point. But in all seriousness, as technology jobs become more and more ubiquitous and in-demand, there seems to be a familiar pattern with them, as with most maturing industries past: a lack of, and need of, more women taking part.

Many women are involved with the tech industry as it stands, but as far as the actual programming, or coding, it still seems to largely be a, “boys club.” The interesting wrinkle in this case, however, is that women aren’t so much excluded by their male counterparts, but more that fewer of them tend to think of computer programming as a viable career option. And we, as a society, need them to.

A Little Perspective

Women, in general, have a unique perspective and methodology as it relates to problem solving. And technically, that’s what coding is, a form of problem solving. Incidentally, women comprise the majority of internet users and even internet purchasers, so it only makes sense that women would have a unique insight as to what can be considered, “intuitive.” So one of the main reasons more female programmers are needed is that more end users are female, on average. And while I’m getting dangerously close to an early 90’s stand-up routine, it’s certainly not men who know best what women want.

Job Creators

Another reason the tech industry needs more female talent is because it needs more talent in general. And it makes little sense to pull from only 50% of the available talent pool (or is it 49%?). As mentioned above, the majority of people who code from an early age and see it as a potential long term career tend to be male. Not so much due to some concerted effort to keep girls out, but more due to a lack of concerted effort to get girls in. Although, with programs such as Girl Develop It in Philadelphia, the trend is shifting in a positive direction.

More women becoming coders can only benefit the economy, and therefore society, as well. The job market is a traditional barometer for how a society is thriving (or not), so as a matter of simple arithmetic, more women in programming positions = more jobs being filled in an industry that needs them filled = better overall economic standing.

Leveling the Arraying Field

As history does have this strange tendency to repeat itself, I believe it is somewhat inevitable that over time more and more women will find themselves enthralled with the creative process that is web and computer programming. While it may not be immediately apparent to the layman, coding is a technical art form. And all art benefits from diverse and unique angles of approach.

As it stands, the male to female coder ratio is still rather lopsided, but less so than in recent years past. And the technology industry has only benefited from this increase in perspective and talent. So for all of these reasons this trend needs to continue to be encouraged.

The post Why We Need More Women Coding originally appeared on the Curotec Blog

Developing on the web for a multi lingual audience

For many organizations, the natural progression for market expansion and client outreach is in the expansion to international markets and/or non-English speakers. In 2016, it’s no longer a matter of “if,” but “when” and “why haven’t we yet?” At Curotec, we’ve helped many companies spearhead multi-lingual website initiatives over the years, and felt it pertinent to share some of the key factors we’ve learned about the process so as to help your firm make that leap confidently and as smoothly as possible. If there is one main underlying concept to which the rest of this guide is to stay consistent, it is that when taking the step to develop a multi-lingual website, you must do your due diligence, and know your new market like the back of your proverbial hand. Do the necessary research into the language(s) and market(s) into which you endeavor to expand. Accurate translation, while critical, is only one step in the process. This guide should help shine a light on many of the other important concepts to keep in mind when spearheading a multi-lingual initiative. Multi-lingual Content If you’re developing a multi-lingual website, your back end concerns come secondary to your content. Your content is the life-blood of your website, and as such should be regarded as the most important factor in building multi-lingual functionality. And translation accuracy can and will make or break your efforts to reach out to speakers of other language. This is not limited to syntax, and proper verb conjugation. For example, Spanish speakers in Mexico do not speak the same as Spanish speakers in Spain. Likewise, Canadian French is not precisely the same as in France. This is, again, where your initial research and due diligence come into play. Mind the English idioms you may be used to and be aware that they do not tend to translate. More pertinent to web traffic specifically, research other websites in the regions and languages to which you’re expanding because the SEO (search engine optimization) keywords that garner high traffic in English may not be the same in other languages. Google Trends is a great resource to assist in this kind of research. As for the translations themselves, there are two main factors to bear in mind when developing your multi-lingual content strategies: 1. Existing content as is. 2. Future content, and changes to the existing content. A website’s content, generally, is not a static thing. It is like a living, breathing entity that changes, grows, and evolves. So your translation strategy needs to account not only for accurate like-for-like translation of the content that already exists on your site, but also the future additions and changes that are inevitable. Some resources at your disposal for translation include: – An in-house translator. Obviously it would be ideal to have a native speaker on staff who is familiar with a given language’s intricacies. – Use of a third party translation service. Many such companies exist that can play the role of translator if none exist in-house. – CAT (computer assisted translation) tools. A great baseline, but far more effective when combined with human translation efforts. A healthy combination of the above resources is your safest bet for content translations. It is also important to note that “content,” in this context, is not limited to simply paragraphs of text. Images, for example, can often need “translation.” English words may appear within a given image, or the image may have less relevance in different countries, and could call for replacement should your research deem it necessary. Again, intimate awareness of your target market/region/language is imperative. The forms that appear on your website will also be in need of translation. Contact forms, for many businesses’ sites, is the most important method of direct communication to and from clients or partners, so those forms need to be as natural as possible. Another not-so-obvious translation factor to keep in mind is when dealing with languages whose written forms are read right to left, such as Hebrew or Arabic. Or in the case of Chinese, Japanese, or Korean, are read top to bottom, right to left. You will want to specify, “rtl” under the “dir” attribute in your site’s config files. Likewise, languages with non latin characters can be managed by your CMS (content management system) via a Unicode (UTF-8 encoded) character set. Your multi-lingual strategy is not limited to simply the content that appears on your website. For example, you will also want to determine how your website’s URL should be structured, through which you have several options: -Subdomain: Spanish.YourSite.com -Subdirectory: YourSite.com/Spanish -Top level domain: YourSite.es Cookie Law Another consideration that may not be obvious, especially to American website owners, is the legal implications of establishing a web presence in other countries. As of May, 2011, any website either hosted in, or directed toward, countries in the EU are required to follow “Cookie Law.” Cookies, as you may or may not know, are little files websites and apps store on a user’s computer or device to store basic information like login credentials, preferences, settings, and visitor tracking or other pertinent analytics. Cookie Law simply states that if your site utilizes cookies, it must make a user aware of this and obtain his or her consent to do so. This is typically done via dialog box that opens upon your site’s loading, and makes a user aware that cookies will be used, what kinds of cookies will be used, and then presentation of a clickable choice whether or not to give consent. As it pertains to this Cookie Law, you have 3 choices, and each has its own pros and cons: 1. Comply with the law. This has the obvious upside of being legally compliant and therefore worry free about any legal ramifications involved in non-compliance. The downside is that if someone chooses not to allow the cookies, your site may not operate properly or at maximum efficiency. 2. Don’t comply with the law. Non compliance can result in fines and/or having your site taken down. Likewise, users in the EU who are used to the option may distrust your site, and therefore distrust your company. We are absolutely not advocating the non-compliance option, but are listing it here for the sake of being thorough. Just note that even if you think it may be worth the “gamble” to avoid the annoyance of a consent dialog, and are able to avoid being caught, there still may be latent consequences in users avoiding your site and harboring ill will toward your brand. 3. Don’t use cookies. Depending on what your business does, and how it utilizes its web space, this may be an entirely workable solution for you. However, most websites of even lower complexities make use of cookies in some capacity. So be aware of potentially limited functionality if this is your chosen method for addressing EU’s Cookie Law. Development Frameworks Since you’re working to develop a multi-lingual web site, another decision you’ll need to contemplate is the framework with which to build it. You have several options for this, and your comfort and familiarity level with various platforms will likely dictate which route you take. While you are not limited to these options, we have 3 recommended development frameworks for your multi-lingual efforts: 1. WordPress. With a plugin called Multisites, WordPress can be a powerful tool for creating multi-lingual functionality. Multisites will allow for each of the above three URL/domain options, and also has additional plugins such as Multisite Language Switcher, Zanto, and Multilingual press to synchronize multi-lingual content once properly configured. Alternatively, you can also clone your website’s content into the new language, which prevents you from needing to redo theme customization, widgets, links, menus, etc. Just note if you opt for cloning as opposed to synchronization, a user will be redirected to your home page if he or she switches languages. 2. Laravel. Laravel is a framework with native localization functions, albeit along with Ruby on Rails (below), is far more complex than WordPress. However higher complexity means more control for a developer familiar with these frameworks. Laravel’s “Lang” class provides for a developer a convenient method for the retrieval of strings (code-speak for variables containing ‘strings’ of ASCII characters) in different languages. These strings are stored in files within your “app/lang” directory, with subdirectories created for each language you wish to support on your website or application. 3. Ruby on Rails. Like Laravel, Ruby on Rails development is a touch less novice-friendly than WordPress, but tends to be the preferred framework for development firms like ours. You can initialize l18n (short for “Internationalization”) support for your Ruby on Rails application, and then have the ability to Internationalize your website or app. This means you can abstract every locale-specific element and then localize it, which then provides the necessary translations for those abstracts. The development framework you use is, again, a matter of taste, experience, and your chosen working method for content management and translation. Coding and configuration specifics for these frameworks are far beyond the scope of this document, however you can always reach out to as for more information and advisement on the nitty gritty of multi-lingual development

The post Developing on the web for a multi lingual audience originally appeared on the Curotec Blog