Mark McSpadden

The tail end of this week has been quite a frenzy. In addition to doing some rockin things behind the scenes at Banktastic, I’ve been in a pretty in depth discussion with the guys at Trabian (and the rest of the blogosphere I guess) about their tough decision to not open source their CMS and the motivations behind it.

Now, I love me some Trabian and Matt Dean is personally responsible introducing me to Rails and Ruby and much of where I’m at today is a reflection of the personal investment he has made in me.

Back to CMS. My initial reactions when I read the title we a little disappointing, but I knew this coming. However, I quickly went into “WTF” mode when I read the explanation which seemed to point to security as the main reason to keep their CMS closed. This didn’t jive well with me. Open source can work in FIs. I know it can. After a lot of thought, I commented with my concerns.

Matt followed with some insightful clarifications, and we both agreed it would be a great topic for the open Dev chat he hosts on Fridays.

A couple of great things came from this conversation. This chart (drawn by Matt on the fly) gives great clarification to the problem any company faces when looking to open source their software. (Click on image for larger view.)

For software that is running a bank or credit union’s website, I agree with Trabian that this drop off is not something anyone can afford.

This brought me to the following conclusion:

I believe that a mature open source CMS (or any FI software) can be every bit as secure (if not more secure) than a proprietary one. However, the process of opening that source, can provide a season of lessened security and increased administrative strain on the original proprietor of the code.

I am interested in discussing ways the community can help lessen the security drop off and administrative woes for companies that would consider open sourcing their code.

Moving forward

So how do we as a community and industry help companies move towards open sourcing their code in a way that maintains the level of security necessary for our content matter? It’s a great question and I would love to hear thoughts on it from anyone.

My initial thought is something like this.

The collaborative initiative

So the thought here is to invite other organizations to join the project and contribute to it. This does two things:

1. Provides a litmus test gaging the viability of this project as an open source initiative. If you can’t find any companies to jump on board with you, then the chances of snagging enough individual contributors later is pretty slim.
2. Increases the code security. Since opening the code up may represent a dip in security no matter what preparations we make, we use these new eyes to help us increase security. This way the dip doesn’t take us into super bad security land.

The invite only open source

This stage would allow individuals to contribute. I’m not sure if it’s necessary, but it would bump up security even further before the big opening.

It still hurts

The problem with adding any of these “extra” steps is that it still includes a good bit of overhead. In fact, it might even be less overhead just to be up the thing instead of adding in two steps. I’ve got nothing for this one…so anyone feel free to chime in.

---

Those my thoughts. I still dig Trabian. I think they still dig me. And I think we’re closer to addressing some of the real problems that the heightened level of financial software bring to developers and software projects.

The idea has been burning a hole in my brain for the last 3 or 4 months, and I told my self if the thought persisted until June 1, I would share it with everyone else. So here goes.

(What follows is much more ‘stream of consciousness’ than business plan.)

I would like to start a credit union for Dallas area designers and developers. The goal would be to help members of this unique community buy the tools (and toys) of their trade.

I’m thinking about things like “Adobe Loans” or “Monitor Loans” and maybe even structured savings accounts for those that want save up for these and other toys.

One of the unique things about this group is that there is a large number of freelancers. (Can a copy of a 6 month contract help secure a loan? I don’t see why not.)

I’ve been looking into how to start a CU and honestly I’ve got a ton of questions like:

• Does it really matter whether I go for a State or Federal charter?
• How much in assets does the CU need in order to do…anything?
• Do I need a physical address?
• Oh yeah, how do you run a CU with 0 staff?
• Is this whole thing even feasible?

And that’s just the tip of the iceberg I’m sure.

If anyone is interested in imparting CU wisdom my direction, please do. I know many in the CU world have been talking about a new kind of credit union, I think it’s time to start seeing if that can be a reality.

Call me, email me, twitter me. (469.226.9488, markmcspadden [at] gmail, markmcspadden)

Note: To me this all sounds like a great fit for a credit union, but I’m also open to looking other FI models if they would serve this model better. (A prosper group may be able to achieve much of what I’m talking about.)

Last night I gave a presentation to the Dallas.rb group on Ruby message queues. If you’re interested, download the pdf or the demo apps and have a look. (Note: I’m also in the process of producing a voice over version of the presentation. Mostly just to see if it can be done.)

• Ruby Distributed Processing and Message Queues: Dallas.Rb March 2008

Demo Apps from the Meeting. These apps assume you have the starling and memcache-client gems installed.

Checkout doc/README_FOR_APP for some explanation of what’s going on.

• starling_demo
• starling_demo_workling

If you’ve got questions or corrections to anything you see, feel free to give me a shout!

If you work with Ruby, check out this survey: http://www.surveymonkey.com/s.aspx?sm=EJH5SAjDpxkqo1AodLt4iA_3d_3d

From my twitter feed:

I have an iphone. I have an iphone on tmobile’s voice and data network. I have an iphone on my home wifi network. I have an iphone.

How it all started

I was browsing through my feeds yesterday and came across this story about an open source effort to unlock the iPhone. As a very happy TMobile customer, I had never considered the iPhone within my reach, but now with an open source unlock and 4GB iPhones reduced to $299, I had to give this thing a whirl.

So I head over to my local Mac store, inquire about the refund policy (14 days, 10% restocking fee if opened), buy my 4GM iphone and then head home to do some more reading. After a little bit, I decide to eat the $30 bucks and unwrap the beautiful piece of machinery. (I’m a nerd, just the hours spent on the effort are worth that small price.)

The Resources

By the time I write this, there may be an installer available, but in case there’s not:

Mac OS X 10.4 and iTunes version 7.4

Apps:

• iFuntastic_3.03
• iActivator
• Installer.app

Tutorial: http://iphone.unlock.no/

The hoop jumping

I am definitely not saying this will work for you. It did for me. If you brick your phone it’s your fault. (I’m not even sure you can brick your phone, you should be able to easily restore it, but disclaimers are cool and I wanted one.)

First I connected my iPhone to my Mac, itunes came up, I canceled out of the activation. Next I fired up iFuntastic and choose the “Restore” option. This is really nice since you start clean and it gives you a file to revert back to should things go crazy. I then tried to use the “Unshackle” feature, but was unsuccessful.

I then decided to try iActivator. It worked great and after following all their instructions, I had an activated iPhone.

Now that my iPhone was activated, I could add the Installer.app to it. After I followed all those instructions, I was ready to start unlocking. I hit the tutorial about half way through step 2 (obviously I used the mac Installer.app instead of ibrickr) and used Installer to install the 3 required packages.

Next I download the required files (oops, those are at the start of Step 2) and moved them to my iphone. I moved them not using the suggested method, but instead did something else. I first joined my iphone to my wireless network. Then I used ssh to login to my iPhone and test that piece of the puzzle. Then I used a mac program called sshfs that basically mounts a drive for you via ssh. After the drive was mounted, I just did a ‘drag and drop’ for the files and folders specified in the tutorial.

I then ran all the tutorial commands, without issue, and at the end, that’s right, an iPhone on Tmobile’s network. Pretty sweet.

Still in trial mode

I still have 13 days to evaluate this setup to see if it’s actually feasible to maintain against the firmware and itunes updates. I’ll be sure and keep you posted!

I’m in Austin at the Lone Star Ruby Conference and I gotta say Day #1 was so packed that I was too worn out to even talk about it last night. A quick breakdown before Day #2 starts…

First the Ruby:

• Some great talks about Ruby as a beautiful, fun, and exciting languague
• Interesting talk by James Edward Gray II about using Ruby as a Glue language to call non Ruby applications within the OS
• Testing…it’s your friend. It now comes in several Ruby flavors.
• Ruby community is cool. We’re nice and smart and taking the world by force.

Other Stuff:

• Day #1 went from 9am until 10pm. They even served us lunch and dinner here at the conference center. So pretty much one seat for 13 hours.
• I got to meet and chat with Gregg and Jason from RailsEnvy.com. The “videos”http://www.railsenvy.com these guys have made for Rails are great and, I’ve got to say, they really know their stuff.

I was reading Jim Bruene’s Mobile Money and Banking today an I got into his most recent article about SMS Banking. I’m interested in the subject and probably would have just stored it away in my mental file, however, Jim was offering a $5 Starbucks gift card just for posting a “substantive comment.”

Having already been to Starbucks today (and $6 poorer for it) I thought I’d share my thoughts on the impact that cell phone service providers will have on the future of SMS and Mobile web banking.

Not long after I submit my comment, Jim emails me to get my physical address so he can mail me the gift card. This exchange struck both of us as kind of funny. We are talking about checking our bank balances and transferring money on cell phones, yet to get me a Starbucks gift card, Jim was going to have to physically go to a Starbucks¹, buy a $5 gift card, put it in an envelope, put a stamp on it, and send it half way across the country to my place. :)

Jim did point out that we’ve come a long way to get to the Starbucks gift card, but it’s pretty apparent to me that we’ve still got a ways to go.

¹ Starbucks does sell gift cards through their website that you can have delivered to anyone you want, however the smallest increment they offer is $15.

If you’re a developer, you know what I’m talking about. You’re doing something seemingly trivial, when you see something, you’re not sure what it is, but it doesn’t look quite right. You squint at it. Then you realize, this is something bad, something big, something really big and bad.

You then start down a roller coaster of emotions and reactions:

1. Denial: “No, my code isn’t really doing that.”
2. Anger: “Why is my stinking code doing this!”
3. Blame: “It’s got to be something wrong with a library or a bad default setting.”
4. Generalization: “I can’t be the only person this is happening to. Is this is happening on every site?”
5. Acceptance: “Ok, this is wrong and it needs to be fixed.”

It happened to me yesterday, while scanning the logs of an internal app looking for bugs. I started noticing something that didn’t seem quite right. My application was logging all the details of login requests, including passwords. That’s right, passwords and their associated usernames were just sitting in my log files, clear text for the world to see.

So I started the panic…all the stages flew by in a matter of minutes. Then I did the constructive thing and hit up Google for an answer. And one was right there for the taking.

If you use Ruby on Rails, you need to add this to your ApplicationController for every application you have

filter_parameter_logging :password, :password_confirmation

What does this do? Well as you probably guessed, it filters the given parameters from being logged in your log files. The request will still be logged, only the specified parameters will be logged as “[FILTERED]” instead of their actual values.

Now I know what you’re thinking, “Why isn’t this taken care of by default?” or “How did I miss this?” The first is valid, the second, well you can console yourself in the fact that for some reason it doesn’t seem to be common knowledge among rails people. Let’s fix that shall we…

Special thanks to Baldur Gudbjornsson’s blog for stopping the panic for me!

I was doing more normal feed scan on Tuesday, when I came across an article by Robbie Wright titled Making RSS Easy. Little did I know it would steal half of my week.

What Robbie and the world didn’t know is that at my day job I’ve been hacking away at a community site for bankers that is all about making industry specific information easier to find and use. With that in mind I started hacking away trying to aggregate FI feeds. The results are as follows:

• Six compiled FI feeds
• A splash page for Banktastic complete with Google Analytics
• A mailing list for the Banktastic Beta Launch
• A deadline for Banktastic Beta

The moral of the story: Don’t read Robbie’s blog :)

Open Source CU just gave me some props for the little disclaimer I’ve been using at the bottom of my emails. Since a mention on OSCU usually brings in some people, I thought I’d explain and expand a little for anyone that’s interested.

First, the disclaimer that appears just under my name on both my personal and professional emails:

Did I just sound like a jerk? If I came across as a little short, it may be due to the fact that I am currently experimenting with different disciplines of email writing. I am currently limiting all my emails to 3 sentences or less. Sound interesting? Read more at http://three.sentenc.es and help cut down on email clutter.

Where did I start?

A few months back I read Bit Literacy by Mark Hurst and made a personal commitment to write shorter emails. The problem was that I didn’t really share that commitment with anyone. You’d be surprised (or maybe you wouldn’t) at how many people got upset when I started sending one and two sentence emails that ultimately lacked the “personal fluff” they were used to. I quickly abandoned the practice for fear of losing all my friends.

The re-birth of the short email

A few weeks ago, I came across the three sentences site through my feed reading and was re-energized. I took a look at the 2, 4, and 5 sentence varieties but ultimately set myself on 3 and haven’t looked back. I quickly threw together the disclaimer, slapped it on my personal email, and asked permission to use it on my work emails as well. Since I work for one of the coolest companies out there I was given the “ok” and that’s where I sit today.

Personal Benefits

So I love writing shorter emails. Not only do I find my writing improving, but I find myself more likely to send emails. I know that if I can keep it short, there is a much better chance that my email will get read and be responded to. I do spend more time writing each email in order to get it under the 3 sentence limit, but to me it’s well worth it.

Hope you’ve found my little journey enlightening!

Update: I just tracked down where this whole sentences thing got started and this looks like the original. His disclaimer may be better than mine:

Q: Why is this email 5 sentences or less?
A: http://five.sentenc.es

I recently started and finished The Paradox of Choice by Barry Schwartz and I have a hard time even explaining how good this book is. You need to buy this book. Go into the bookstore with blinders on (ignore the other choices) and get it today. Seriously.

Ok, so why do you need to read this book? Because it’s all about the mess of choices that we face everyday and how, as the the sub-sub title states, “the culture of abundance robs us of satisfaction.” There is a ton of info in this book about the way we make choices and insight into how we can be happier with the choices we make.

Now beyond just personal enlightenment, if you are someone in industry that is trying to better serve people, this is a must read. It will help you understand how people choose and why they often choose not to choose when presented with too many choices.

I’ve found this book to be extremely beneficial both personally and professionally. It has helped be happier with the daily choices I make and I think it’s helping build better websites.

Ok enough sales pitch…go buy it so we can talk about it.

So I’m blogging more and posting more comments on blogs I read…which overall is a good thing. However, maintaining and following the conversations I get involved in via comments is super tedious. So I looked to my old friend Delicious for help in the matter.

I started by adding all the articles I’ve commented on to Delicious with appropriate tags plus two of my own homegrown tags: watching and contributed. Why two tags? Eventually I’d like to move articles off my “watching” list, but would still like a place to track down all the conversations I’ve “contributed” to.

Next, I wanted to be able to go to my “watching” tag in Delicious and quickly open up all the links. Hmmm…there’s not really a way to do that. So my buddy JS and I spent a half hour together and made our own. Here is the finished product that you can just drag into your “Bookmark Toolbar” on FF: DOAL: Delicious Open All Links

Now, anytime you are viewing a page in Delicious using FF, you can easily open all the links by clicking on that bookmark. (I don’t know what to tell you non-firefoxers…maybe someone in the comments can help you out.)

So, if you’re not a nerd, you should probably stop here. However, if you like Javascript, I’ll give you a quick walk through of what I did to get this thing going.

First, I went to my selected Delicious tag and opened up Firebug to start playing around. Using the inspect method, I see that the only “h4” tags on the page are the ones that house the links I want. Being a regular prototype user, here was my first attempt via the Firebug console: (Ok it’s not the first thing I typed, but my first real attempt)

$$('li.post h4 a').each(function(element) {window.open(element.href)});

Wow…that is good looking, sexy, one line JS! But it doesn’t work. For some reasons the “window.open” event wasn’t firing as expecting when inside the “each” function.

So I move to something like this:

var links = $$('li.post h4 a'); 
for(var i=0; i<links.length; i++) {
  window.open(links[i].href)
};

Ah the for loop…it’s been a while. This code works in Firebug, so I condense it to one line, put “javascript:” in front of it, paste it into the address bar, and hit enter. No go. ”$$” is not a function. Crap. Assuming prototype lives everywhere is a bad assumption. Let’s try to make it work without my favorite JS library.

var h4s = document.getElementsByTagName("h4"); 
for(var i=0; i<h4s.length; i++) {
  window.open(h4s[i].getElementsByTagName("a")[0].href)
}; 

Sweet. This working in the address bar, and opens up the right links, but it’s causing my Delicious page to go away. Let’s fix that.

var h4s = document.getElementsByTagName("h4"); 
for(var i=0; i<h4s.length; i++) {
  window.open(h4s[i].getElementsByTagName("a")[0].href)
}; 
window.refresh();

That’s better. Now all you do is right click in your bookmark toolbar, choose “New bookmark”, name it and insert the one line version of the code with “javascript:” in front of it and you have a Delicious extension!

I’m open to re-writes and suggestions for better efficiency, so if you’ve got ideas, let’s hear them.

Seriously who talks like that? Unfortunately too many of us that build web apps speak this way through the copy we use on our sites. Trey Reeme recently re-inspired me to stop talking like a techie and start talking like a human.

So I’m trying to do better, but it’s not all that easy. I’ve been in tech-land a long time. So I thought I’d start a personal “techie to human dictionary” to help me out. You can checkout this page to see where I’m at. (Don’t get your hopes up, there’s only 4 entries.)

I’d much appreciate any feedback or ideas! I’d really like to see this thing be a real resource…so let’s get started.

Day 2…wow…what a day. Started with a great session on banker to banker collaboration and ended with a monumental whiteboard of promise and hope. Sound a little dramatic…maybe…but then again maybe not. The amount of space it is taking up in my mind can only be explained by something that truly is revolutionary.

Even with the picture of that whiteboard almost tattooed in my mind, the thing that sticks with me the most from Day 2, is Jesse’s unwillingness to let the rest of us settle for the Jesse Robbins solution. There were several times in our afternoon discussion where I could almost feel the room waiting to let Jesse take this project and run all the way with it, filling us in where appropriate. However, much to Jesse’s credit, that was not the path that was taken, nor was it the path that was needed. What needed to happen was a room full people talking to a whiteboard, venting frustrations and forging solutions.

And now we sit with an even greater task ahead, continuing forward without sitting in the same room and staring at each other until someone speaks. I am excited about the road ahead, not just for the promise of an open source solution to an industry issue, but also for the collaboration that will occur between bright people and experimentation of the technologies that will best facilitate this conversation.

Day 1 of BCBS was a whirlwind and honestly wore me out. (Hence I’m recapping in the morning and not last night.) It was my first BarCamp event in general and I have to say, I’m sold!

But even beyond the BarCamp experience, being trapped in a room all day with people that eat, sleep, drink, and breathe the financial industry is truly unique. I said it last night and I mention it in the sidebar of this blog, passionate people are awesome! They are contagious. For all the talk about how bad corporate cultures can become in the presence of a few bad people, I have think that just the presence of one of these people in an organization is culture changing and if you were lucky enough to have two I would expect nothing less than earthshaking innovation.

Well it’s off to Day 2!