A discussion about OAuth and OpenID

Strictly speaking, Facebook supports OAuth, not OpenID. OAuth is a way for your application to act on behalf of someone else on another side, while OpenId exists solely for you to use the other website as an authorization authority. The difference is subtle, however telling that Facebook has explicitly stated that it does not want to be an authorization authority. In practice, however, the two standards are interchangeable, and OAuth works pretty well as a way to authenticate a user.

How Facebook Auth Actually Works

Here’s the flow in four easy steps:

1. The user clicks on a “Login to Facebook” link on your server, which redirects them to another page on your server that handles the authentication.
2. Your Facebook Auth page puts all the parameters for your authentication, such as your app ID and scope, into a URL and sends the user to Facebook via that URL.
3. Once Facebook returns the user (presumably authenticated) to your server, you can use the parameters sent via the URL to request an authentication token from Facebook. This is done via curl or some other server-to-server communication by calling the graph API.
4. You use this authentication token to access the user’s information on Facebook.

Step 1: Get all the data you need

To properly authenticate with Facebook, you need four pieces of data. The first two are your application id and your application secret, both of which are available on your developer application page.

A sample Facebook application page

The second two pieces of data are specific to your implementation. These are the redirect URI, which is used to tell Facebook where to send the user once they are done authorizing your application, and the permission scope, which you use to tell Facebook what permissions you want to request from the user. This latter one actually warrants some more documentation, which Facebook has graciously provided here. Be careful: Users can get really suspicious if you ask for too much data.

Step 2: Redirect your user to Facebook.

With this data, you can redirect your user to Facebook. Facebook will then work some magic and ask the user whether they want to grant your application access to their profile. Don’t forget to urlencode that Redirect URI.

$loginUri = "https://graph.facebook.com/oauth/authorize?client_id={$appId}&redirect_uri={$redirectUri}&scope={$scope}";
header('Location: ' . $loginUri);

Step 3: Request an Auth Token

Assuming that the user authorizes your application, Facebook will return them to your redirect URI with the “code” parameter in the URL. You can use this parameter to request an authorization token from Facebook. In this case I’m using the Zend Request handler to simplify things a little.

$client = new Zend_Http_Client( "https://graph.facebook.com/oauth/access_token" );
$client->setParameterGet('client_id', $appId);
$client->setParameterGet('client_secret', $secret);
$client->setParameterGet('code', $code);
$client->setParameterGet('redirect_uri', $redirectUri);

$result = $client->request('GET');
$params = array();
parse_str($result->getBody(), $params);
$token = $params['access_token'];

Step 4: Read the user’s profile

At this point, you have an auth token that grants you access to read the user’s profile information in accordance to the permissions they have granted you. These permissions are completely blind- you don’t have to additionally specify what you want to access – the requests will simply return the information to which you have access.

$client = new Zend_Http_Client( "https://graph.facebook.com/me" );
$client->setParameterGet('client_id', $appId);
$client->setParameterGet('access_token', $token);
$result = $client->request('GET');
$user = json_decode($result->getBody());

Zend_Auth_Adapter_Facebook

For those of you who would rather not take the above code and wrap it into your own Auth Adapter, I’ve gone ahead and done all that work for you. Below you will find a sample Zend Controller, as well as a pre-baked Auth Adapter. If you come across any major security problems in it, I’d love to know, since I use this adapter myself .

class Zend_Auth_Adapter_Facebook implements Zend_Auth_Adapter_Interface
{
    /**
     * The Authentication URI, used to bounce the user to the facebook redirect uri.
     * 
     * @var string
     */
    const AUTH_URI = 'https://graph.facebook.com/oauth/authorize?client_id=%s&redirect_uri=%s';
    
    /**
     * The token URI, used to retrieve the OAuth Token.
     * 
     * @var string
     */
    const TOKEN_URI = 'https://graph.facebook.com/oauth/access_token';
    
    
    /**
     * The user URI, used to retrieve information about the user.
     * 
     * @var string
     */
    const USER_URI = 'https://graph.facebook.com/me';
    
    /**
     * The application ID
     *
     * @var string
     */
    private $_appId = null;

    /**
     * The application secret
     *
     * @var string
     */
    private $_secret = null;

    /**
     * The authentication scope (advanced options) requested
     *
     * @var string
     */
    private $_scope = null;

    /**
     * The redirect uri
     *
     * @var string
     */
    private $_redirectUri = null;

    /**
     * Constructor
     *
     * @param string $appId the application ID
     * @param string $secret the application secret
     * @param string $scope the application scope
     * @param string $redirectUri the URI to redirect the user to after successful authentication
     */
    public function __construct($appId, $secret, $redirectUri, $scope)
    {
        $this->_appId = $appId;
        $this->_secret = $secret;
        $this->_scope = $scope;
        $this->_redirectUri   = $redirectUri;
    }

    /**
     * Sets the value to be used as the application ID
     *
     * @param  string $appId The application ID
     * @return Zend_Auth_Adapter_Facebook Provides a fluent interface
     */
    public function setAppId($appId)
    {
        $this->_appId = $id;
        return $this;
    }

    /**
     * Sets the value to be used as the application secret
     *
     * @param  string $secret The application secret
     * @return Zend_Auth_Adapter_Facebook Provides a fluent interface
     */
    public function setSecret($secret)
    {
        $this->_secret = $secret;
        return $this;
    }

    /**
     * Sets the value to be used as the application scope (array())
     *
     * @param  string $scope The application scope
     * @return Zend_Auth_Adapter_Facebook Provides a fluent interface
     */
    public function setApplicationScope($scope)
    {
        $this->_scope = $scope;
        return $this;
    }

    /**
     * Sets the redirect uri after successful authentication
     *
     * @param  string $redirectUri The redirect URI
     * @return Zend_Auth_Adapter_Facebook Provides a fluent interface
     */
    public function setRedirectUri($redirectUri)
    {
        $this->_redirectUri = $redirectUri;
        return $this;
    }


    /**
     * Authenticates the user against facebook
     * Defined by Zend_Auth_Adapter_Interface.
     *
     * @throws Zend_Auth_Adapter_Exception If answering the authentication query is impossible
     * @return Zend_Auth_Result
     */
    public function authenticate()
    {
    	// Get the request object.
    	$frontController = Zend_Controller_Front::getInstance();
    	$request = $frontController->getRequest();
    	
    	// First check to see wether we're processing a redirect response.
    	$code = $request->getParam('code');
    	
    	if ( empty ($code ) )
    	{
	    	// Create the initial redirect
	    	$loginUri = sprintf(Zend_Auth_Adapter_Facebook::AUTH_URI , $this->_appId, $this->_redirectUri);
	 		
	    	if ( !empty($this->_scope) )
	    	{
	    		$loginUri .= "&scope=" . $this->_scope;
	    	}
	    	
	    	header('Location: ' . $loginUri );
    	}
    	else
    	{
    		// Looks like we have a code. Let's get ourselves an access token
	    	$client = new Zend_Http_Client( Zend_Auth_Adapter_Facebook::TOKEN_URI );
	    	$client->setParameterGet('client_id', $this->_appId);
	    	$client->setParameterGet('client_secret', $this->_secret);
	    	$client->setParameterGet('code', $code);
	    	$client->setParameterGet('redirect_uri', $this->_redirectUri);
	    	
	    	$result = $client->request('GET');
	    	$params = array();
	    	parse_str($result->getBody(), $params);
	    	
	    	// REtrieve the user info
	    	$client = new Zend_Http_Client(Zend_Auth_Adapter_Facebook::USER_URI );
	    	$client->setParameterGet('client_id', $this->_appId);
	    	$client->setParameterGet('access_token', $params['access_token']);
	    	$result = $client->request('GET');
	    	$user = json_decode($result->getBody());
	    	
            return new Zend_Auth_Result( Zend_Auth_Result::SUCCESS, $user->id, array('user'=>$user, 'token'=>$params['access_token']) );
    	}
    	
        return new Zend_Auth_Result( Zend_Auth_Result::FAILURE, null, 'Error while attempting to redirect.' );
    }
}

/**
 * Sample Facebook Auth Controller.
 * 
 * @author Michael Krotscheck
 */
class FacebookauthController extends Zend_Controller_Action
{
	/**
	 * Application default action
	 */
	public function indexAction ()
	{
		$appId = 'YOUR_APP_ID';
		$secret = 'YOUR_APP_SECRET';
		$redirectUri = 'http://path-to-this-controller-and-action';
		$scope = 'YOUR_COMMA_SEPARATED_APPLICATION_SCOPE';
		
		// Create the authentication adapter.
		$adapter = new Zend_Auth_Adapter_Facebook( $appId, $secret, $redirectUri, $scope );
		
		// Get an authenticator instance
		$auth = Zend_Auth::getInstance();
		
		// This call will automatically redirect to facebook with the passed parameters.
		$result = $auth->authenticate($adapter);
		
		if ( $result->isValid() )
		{
			// Get the messages
			$messages = $result->getMessages();
			
			// Get the user object from the returned messages.
			$fbUser = $messages['user'];
			
			var_dump($fbUser);
		}
	}
}

This particular email was written to demystify the difference (as far as I’m concerned) of all the different parts of a client application. However rather than a heavy discussion on methods and algorithms, what I present here are actually the higher level concepts that govern the structure of an application. I tried to order them in a fairly logical fashion, starting at the “front” of the application (what you see) and moving towards the “back” (the bits that the user should never see).

But first, I feel it is important to understand the difference between business logic and view logic:

• Business logic manages data and enforces business rules. It cleans, saves, reads, compares, and makes sure that the data models are properly updated. It is also important to make the distinction between server-side business logic and client business logic. That which lives on the server is usually focused more on business rules, while that which lives in the client usually cares more about server interaction and data manipulation.
• View logic manages how data is displayed. It manages state, formatters, strings and view indexes, and doesn’t really care about how that data got to where it is, it only cares about how it should be displayed within this particular view.

Having said that, here are the major components of a client application. Caveat, this might not mean much to you Javascript guys.

Skin

A skin acts to describe the containers, colors and graphics that a control or view use. It can change its appearance based on a skin state (not to be confused with view state), and can refer to styles set by the component which it is skinning. It should not have any business or data logic whatsoever.

Control

A Control is the lowest level of functional components which comprise an application. These are our buttons, labels, data grids, view containers and so forth, and they are characterized by the fact that the data they display is not specialized, nor do they contain any real internal business logic at all. They know how to interact with a generic type and dispatch events when a particular action occurs.

View

A view is a collection of controls, containers, formatters, skins and subviews, all connected via a presentation model. It acts to collect and arrange elements rather than figuring out what each piece is supposed to do. As such, Views should contain little to no code at all, and should be managed by states and properties.

Item Renderer

An Item renderer is a very specialized kind of view, which deals with the display of a single piece of data in a collection. As a result, it is the only view which should be dependent on an external piece of data – one that is injected into a property of that ItemRenderer from a parent (the data property). Item renderers may contain Presentation MOdels to help them manage user gestures, but rarely make use of a data model as this is already provided.

Presentation Model

It is the job of the presentation model to act as a mediator between the view and the rest of the application. This does not mean that it should manage data, nor necessarily contain it. Instead, its job is to expose all the methods and data which are being used by the View, which includes models (bindable), states, actions which describe user methods and (in some cases) validators.

Data Model

The data model is a dumb data container. It should contain little-to-no logic on its own, and instead allow the tasks to clean, sort and manipulate anything that is assigned to the model. Thinking of it differently: The Data Model is the authoritative source of any data used in the application. All data starts here and ends here. Views get their data from the Data Model via binding. Tasks retrieve model instances. Presentation models make data available by exposing a public instance of a data model.

Task

Tasks are where our “business” logic resides, in the most generic and granular way possible. As an example, the act of loading a user might require reading the user object, retrieving their preferences, and initializing the application locale. Rather than try to handle this all in one task, it is better to use a SequenceTask or ParalellTask to collect the three different actions. Why? Because your preferences screen might need to reload user preferences after they’ve been saved, but you don’t want to refresh the entire user.

Tasks, much like presentation models, are able to collect any data and utilities they need to achieve what they need to achieve, however when they are done they need to let go of those items and dispose of themselves properly. The important thing to note here is that any business logic that can be put into the service layer should live in the service layer; We don’t want to expose the guts of our business rules to the world, and servers are much easier to protect from questionable data manipulation.

Delegate

A delegate is our service proxy, and acts as a channel back and forth from the database. It allows us access to the business logic that lives on the server in a reliable and consistent way. In most cases, each delegate method will have one task that wraps it and makes sure that the data is properly cleaned and presented.

Utility

Utilities are classes that provide common data manipulation routines that are global to all aspects of the application. A good utility, for instance, would be a method that handles date conversions from GMT to Local and back. A less desirable utility method would be one that formats a piece of data for a specific view, as this should be handled within the view itself.

Libraries

Libraries are the catchall for everything that was left out, and it includes pieces of highly specialized logic that don’t really fit neatly elsewhere. Good examples of this are video encoding libraries, classes that manage encryption, filesystem manipulation and other tasks like that.

VO

A VO, or Value Object (also known as DO/Data Object) is the raw data which we manipulate. It describes a particular Domain Object and acts as a package that we pass from method to model to view. They only contain data related to that same object, and should not contain any formatting logic and only limited validation logic (is-not-zero checks and so forth). Formatting should be handled by the view, validation should be handled by tasks or utilities.

How about this: Am I less of a person because I work in Flash?

I haven’t really (well, sortof) weighted in on the Flash vs. HTML5 debate yet, mostly because the main posters pro and con are both more technically qualified, have a stronger social following, and/or have more backing from marketers. It is the futility of the debate itself that interests me, both from a very personal perspective and from the perspective of an internet veteran.

The nature of the debate that I observe from the comfort of my Laptop is the following:

• Camp A: Here’s a bunch of reasons why Flash sucks!
• Camp B: Nuh-uh! Here’s a list of reasons why that’s not the case!

As you probably realize yourself, this argument structure is essentially religious, and can be replayed whenever two people have different opinions and are not willing to reconcile. It’s certainly not restricted to the technology space (Choice vs. Life anyone?), and the futility of entering into such an argument is well known to anyone who’s ever been involved in a flame war.

Now take this Adobe/Apple debate and pose it to our society (full of technology-advocates, evangelists and gurus), and you’ll soon come to realize that Adobe cannot win this argument, not given its current strategy. This is for two reasons:

1. You cannot win a flamewar from a defensive position.
2. You cannot win a flamewar with reason.

Adobe’s Flash Team are doing an admirable job at defending against everything that’s coming out of Apple, the Javascript community, and the standards purists. Unfortunately by the time they get to debunking these statements the damage has been done, and no matter how quickly they respond they will never get the same media penetration that Apple will. Why? Because people don’t like to be told they’re wrong, and anyone who listens to a flamewar long enough will start to tune out. Just ask Fox News- they make a living on this – and there’s no way you can reach an unreceptive audience no matter how good your arguments are.

Secondly, any aggressor can very easily cherry-pick its arguments to attack the defender on weak points, and thus invalidate their entire argument simply because one point wasn’t well researched. While the overall flash platform is a strong contender on the web, you’ll notice that the argument is focused on a few key shortcomings – performance, accessibility, ‘open-ness’ and the like – in which HTML5 has strength. By defending specifically against these weak points, Adobe is then empowering critics to further choose sub-points where they have strength, and through this cycle the argument is diminished and diminished until at the end all we remember is that Adobe was trying to defend itself and their critics never ran out of anything to point to and say: “Hey you suck”.

Lastly, as I have seen in several cases, arguments have started go get personal, and as soon as you enter that arena you can invalidate someone’s argument simply by pointing out their own shortcomings. To use myself as an example, you can invalidate anything I have to say about Flash and HTML5 by pointing out that I’m not a real CS major, that I haven’t remained at a job for more than 4 years, or that I go so far as to claim that there are people more qualified to talk about this than I in the very first paragraph in this post. My experience and job title doesn’t matter – as soon as you say “Oh, you don’t know what you’re talking about, you’re not a CS Major” you’ve got me completely discredited.

But what bothers me the most is the first concession which the Adobe Community had to make, and that is that their pool of developers draws from the design community and are subsequently not the best. Now, every technology has a wide range of developer competence, yet with Flash it’s becoming a banner cry: “Flash Developers suck”. Your technology choice does not define how skilled you are, and yet it’s becoming pretty clear that those of us who choose Actionscript and Flash are seen as incompetent, less than human, and not worth listening to because we’re blind and ignorant fanboys who don’t understand what they’re missing with [Insert Language Here].

This last point is perhaps the most damaging, because it’s eroding Adobe’s hard-won community. Do you like feeling like a shitty developer? Do you want to be the pariah of the web? Do you like being told that you are the scum of the earth? No, and I don’t either, and if like myself you’re simply trying to make a living, chances are you’re seriously considering learning something else to make sure you remain employable.

So the real question is: Will rational minds prevail? I doubt it.

1- They don’t think of themselves as rock stars.

Arrogance is perhaps a key requirement in being an entrepreneur, but overconfidence will drain your cash pool faster than hookers and blow.

2- They have a proven track record of multiple shipped products.

You don’t want a hotshot kid out of school, you want a seasoned professional, preferably one who knows how to write applications for the industry you’re trying to reach.

3- They care more about frameworks than plumbing.

Unless you’re trying to design a complex new mathematical algorithm (in which case you should probably be partnering with a university research lab), you want someone who can grasp a system rather than a method. If this guy ends up in deep technical discussions about the optimal way of implementing a sort, you’ve got the wrong guy.

4- They’re not willing to work for free

Risk management and strategic thinking is key to long-term project viability. If you have someone willing to work for equity, they’re willing to take risks with your payment processing gateway just as easily as they’re taking a risk on you.

5- They believe in development process and best practices to speed up their work.

The last thing you want is someone who’s trying to reinvent the wheel. Mind you, this also likely means that the first two weeks or so of development you’ll see a lot of development support tools get set up and used before code actually starts, but that’ll give you time to get your documentation in order.

6- They have a positive attitude.

If someone bitches, they’re looking to blame themselves. Instead, you want them to identify their concern as a problem they can solve.

7- They get uncomfortable when you ask about their social life.

’cause, well, currently it’s still socially odd to prefer coding on a saturday night.

8- You don’t want Alphabet/Acronym soup in their technical skills.

Lots of languages means little depth in each, and depth = speed. Pick a serverside language (PHP, .Net, Ruby, etc), pick a database (MySQL, SQLServer, Postgres, etc), and pick a frontend (Flex, Mootools, JQuery, etc). Focus on that. If a dev has only a few languages this does not mean they’re stupid- it means they know how to focus.

9- They’re involved in the community.

Speaking, attending, whatever, you need to make sure their technical skills don’t stagnate, and that they’re willing to accept ideas from outside.

10- You respect them

Respect means you are willing to listen when they tell you you’re full of it, and that’s key in a partnership. You’re not looking for a monkey you can put in a corner who can bang out some code- you’re looking for a partner who’ll act as a technical sounding board.

So now I have this question: What makes for a rockstar business partner?

Cool, huhn? Security concerns aside (Believe me, I am never giving anything on facebook my credit card information), this isn’t exactly new- pushing product information into the Facebook stream was what the original Facebook Beacon was all about, and that was shut down via a class action lawsuit because it published user sales data without user approval. Additionally, pushing rich media applications into the Facebook stream is not new- anyone who’s viewed a youtube video in their Facebook stream knows how seamless that can be. What’s interesting though is that Resource has overcome the legal concerns with two changes: First, by giving users control of what to share when, and secondly by actually launching a full commerce application into something that people check every day.

If your initial reaction is disgust (“What? Another way for people to sell us their stuff? Blegh”) then you and I are pretty much on the same page, however don’t be blinded by other creative uses of this. For instance, if you want to buy someone a Christmas present, wouldn’t it be nice if you saw their wishlist items in the stream? What about gaming- if a friend of yours is playing some kind of a live flash mini game… wouldn’t you want to join them immediately? There are legitimate uses for this that don’t turn your stomach, so I figured I’d write a quick overview on how to put it together.

So how did they do that?

If you already have an application you want to run inside the Facebook news stream, then the process of getting it shareable is extremely simple, and is easily accessible to anyone who knows a little bit about flash, HTML metadata and the facebook platform. You have to perform the following tasks, most of which are trivial unless you are trying to do anything covered by a regulatory body (like accepting credit card information). For that you have to have a secure and federally accredited server, and that’s way outside of the scope of this article.

Step 1: Add the “Share on Facebook” link on the page in question.

The first thing you need to do is give your users the ability to actually share your page. This can be as easy as including a particularly formatted link in your product page or as complicated as including FBML in your site’s header and namespace. Note that the share URL can include URL parameters that will customize the content of the page, and should be pointed at the hosted URL of your flash application- this is crucial for step 2.

<a name="fb_share" type="button_count" href="http://www.facebook.com/sharer.php?u=[url to share]&t=[title of content]">Share</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>

Step 2: Add the correct meta tags to the page you want to share.

When a user clicks on the above link, it actually triggers the Facebook Sharer script to scrape the provided URL for metadata that tells it how to share this page. All of this data is contained in the metadata tags of a page, and you can read the extensive documentation here, however the important piece you’re looking for is how to share multimedia content. If you’ll read the documentation carefully, you’ll notice that while all references talk about video, in reality this share functionality allows you to display any flash content in the Facebook stream simply by replacing video_url with the URL to your flash SWF. This is still restricted to user action of course- nobody will see a flash app launched immediately, they’ll still see the icon and title as with any Youtube Video, and the application won’t launch until the user actually clicks on the icon.

<meta name="title" content="video_title" />
<meta name="description" content="video_description" />
<link rel="image_src" href="video_screenshot_image_src url" />
<link rel="video_src" href="video_src url"/>
<meta name="video_height" content="video_height" />
<meta name="video_width" content="video_width" />
<meta name="video_type" content="application/x-shockwave-flash" />

EDITORIALIZING: What worries me on this is that Facebook’s documentation is very clearly targeted at video sharing, and that this may be a violation of their intent of the sharer script. In short, what Resource is publishing as an innovation to social commerce is little more than a hack bolted into a loophole. Even so, I don’t believe Facebook will try to blacklist retailer sites to put this genie back in its bottle, because it both encourages use of their platform while also opening the gates to more legitimate uses. The ability to see that someone is, say, playing a game right now and your ability to join them is only a single click away puts an entire new spin on live online gaming, especially with the recent release of Adobe Collaboration Services, but I digress…

Step 3: Get your domain whitelisted by Facebook

If you paid especially close attention to the documentation linked above, you’ll also note that multimedia sharing won’t work if your domain is not whitelisted by Facebook. This is to protect Facebook from people who might want to distribute illegal content that would get them in trouble (licensed movies for instance), but also gives Facebook ultimate white and blacklist control over any activity they don’t want subverting their functionality. The process is actually extremely simple: Click this link, fill out the form, and wait for them to get back to you. Last time I did it it took less than 24 hours, but that was for a major retail site; your experience might vary.

That’s it. Enjoy!

We all know that students have no money- many of us have been there and scraped by on ramen and coffee often for weeks on end, and now we are all, to a greater or lesser extent, burdened by the cost of our education as we have leveraged part of our future to gain the success we have now. It’s part of our environment. It’s who we are, it’s what we expect, it’s part of our lives, and it will be part of our childs’ lives as they grow up. We don’t think much about it- it’s simply there.

If you’ve watched this video from TED on how schools kill creativity, you know that there are some salient points to be made about how our primary and secondary educational system encourages a certain type of talent – science and maths – while actively discouraging the humanities and arts. While I would love to see more study on the topic, I want to extrapolate on Sir Ken Robinson’s argument and apply it to the space of postsecondary education.

Consider: If you were a student entering college today, and you were told that you’re going to walk out with an average of $23,000 in debt ($33,000 for private schools, according to this study [PDF] ), would you choose a career in engineering or in the fine arts? To quote one student, borrowing so much only makes sense “as long as you’re going to the school for a career that will pay enough”, so it certainly seems like we are actively discouraging pursuit of “cultural” careers in the arts and humanities.

Is this a problem? Good question, but it certainly shapes our national identity. If we want to be known as a country of technical innovators, then this system is perfectly fine as it fills our homes with highly technical thinkers. If in contrast we want to be known as a cultural mecca, it’s the worst thing ever as we are actively discouraging our students from pursuing fields that contribute to that.

But that’s not the point I’m trying to make here, it is simply the path to how I got to this blog post. See, I see this as a problem, and problems need solutions, so I want to take a business-side approach to this issue and ponder on any market opportunities that might exist. After all, if federal programs are unable to meet this country’s educational needs, then private business will have to pick up the slack, and they’re only going to do it if there’s money to be made.

Some Numbers

To take some numbers from this study [PDF], I’ve extracted the following table:

Table 1: Total Student Aid and Nonfederal Loans Used to Finance Postsecondary Education Expenses in Constant (2008) Dollars (in Millions), 1998-99 to 2008-09

What we can easily extract from this is the individual line items which add load to students. The loans are easy, and I am also including Work Study and Institutional Grants. The former, because it’s activity that actively detracts from a student’s attention to their studies (by having a job) and the latter for reasons I discuss below. Given that, I’ve generated the following table:

Table 2: Total unmet need covered by students in Constant (2008) Dollars (in Millions), 1998-99 to 2008-09

Do you see what I see? I see a $128 billion dollar demand for a solution, but demand is only useful if a supply may be found that may be profitably offered to that market. Thankfully, the actual act of marketing any solution you can come up with is easy- between high school career counselors and college students’ naturally viral nature you effectively have a captive audience, assuming your solution is a good one. But unless you’re the treasury or the federal bank you can’t exactly pull $128 billion dollars and slap it on the table, and even if you were I doubt the taxpayers would be willing to pay for that (though we do love our bombers).

Universities as Contributors to the Problem

On of the real culprits in this whole situation is Universities themselves. College Tuition has been increasing at an average rate of 8% a year, while the median household income is hardly keeping up, especially if you take inflation into account. My own Alma Mater for instance (Carnegie Mellon) posted an annual tuition rate of $40,000 dollars this year, which from what I can tell is the highest in the nation and a significant uptick from the $18,000 I was paying in 2000. So how exactly can universities justify this increase?

Fact is, those tuition numbers are simply not real, because universities are skimming the market. Simply put, all the financial data a student is asked to report when they apply for financial aid year after year is used to calculate exactly how much the student and their family can afford. Once they have this number, they will add as many student loans as the student is eligible for (maxxed out of course), and might even add some private loans to it as well. Once they have that number, they will add something called a “Need based grant”, “Merit based grant” or “institutional grant” (or something similar) as a line item to make up the difference because they can’t charge you any more.

This makes identifying a good solution to student debt a far more difficult problem, because as soon as you find a business solution to meet the above noted demand, universities can simply respond by adding another line item to their financial aid calculations and the problem is right back where it started.

Or… is it?

Here’s where things get a little devious, and I apologize for suspending my personal ethics to even suggest this. Consider: If you provide a method for students to raise money against their debt, and universities in response raise their tuition to capture that value so that the debt doesn’t actually go away… then they are increasing the size of the market. That’s right, simply by helping students find a way to meet their debt obligations, the behavior of the other actors in the market environment will ensure that your market size grows. And while this certainly doesn’t provide a real solution to the actual problem, it should have any finance guy’s salivary glands working in overtime.

If, of course, you can meet the demand. In a new and successful way.

Let me explain: I have an Idea- and I think it’s a pretty big idea- but as I’ve moved forward with the tech implementation I’m starting to realize that my biggest hurdle is that I’m not a designer (no matter how much I might think I am). It’s not a question of skill- well, ok, in some cases it is – but more a question of speed: I can sling code with the best of them, but I can’t for the sake of me figure out how to make something easy use and/or pretty without beating my head against the wall for days on end. I don’t have the practice, skills or experience to do that quickly, so I end up finding more and more excuses to refine the technology than really focusing on what matters: the User experience.

As such, the skill set should complement my own- I can handle the implementation, you should be able to handle the look, feel, and experience. This goes beyond simple design, too- we’re going to have to collaborate on feature priorities, but as for the how to and now what that would be left largely in your hands. This means you’ll have to have a strong work ethic, and be willing and able to receive and reciprocate mutual encouragement- if one of us slips, we both fall, so in the truest sense of the word I’m looking for a Partner.

I don’t care about location- we can do meetings by Skype, phone or whatever as long as you are recommended and vetted by someone I know and trust. In fact, if you’re located in Pittsburgh that would be pretty awesome, as the startup community there with InnovationWorks and the Alpha Lab are incredibly supportive of getting endeavors of the ground. That’s hardly a requirement though, so don’t let that turn you off.

There are two real requirements though: 1- You’re a seasoned professional (feel free to define that as you see fit), and 2- You have a highly developed sense of ethics. You’ll understand why that second one is important as soon as you get a whiff of the idea.

What do you get? Well, first of all you get to work with a seasoned code nerd who appreciates (as you saw above) good UI and UX, and really wants to make it part of the core of the team. I can’t exactly pay you- No startup at this stage of the game can, but you’ll be happy to know that I’m not getting paid either (In fact, I’m currently paying for the servers). As for equity- well, partner is partner, and I’m willing to go even-split, but that might include more people down the road as the business side of the idea starts to become more prominent.

So… uh… what’s the idea? There are a lot of people out there who know what it is already- I’m certainly not unwilling to share, but I’m not about to blog about it. I firmly believe that there’s no such thing as a new idea on the internet, and the only way you can differentiate yourself is to do it better. Having said that, a current google search doesn’t turn up with much, so I figure it’s worth a shot.

Interested? Know someone who might be interested? Well then drop me a line, send me some visual samples, get a mutual friend to introduce you and I’ll fill you in on the actual scope of the idea.

Now that we’ve been chosen (muchas gracias), we’ve entered into a tacit agreement with the organizers that we will help them make this years’ SxSW as awesome as humanly possible. No pressure, right? Well, they’ve also thrown us a bit of a curve ball in that we’ve been asked to lead a discussion (Known as a Core Conversation) rather than holding a joint presentation. This means no A/V equipment, and the content coming from the discourse rather than the presentation.

After thinking about it for a bit, I really feel this is a much better format for the topic. Consider: Careers are very personal things, and for either of us to claim that we have all the answers is just a mite bit arrogant. So rather than proclaim to be career management experts (which we’re not), we’re just two people with applicable history who are willing to seek out guidance from others with similar experiences.

Yet it’s also extremely important to frame what the topic is NOT. This is not a way for you to get out of a stifling company, nor a way for you to get your unappreciative boss fired. This is especially not a forum where you can bitch about lazy coworkers who are holding you back. This is a forum where we discuss how to frame your career goals, evaluate your current situation for opportunities, and move from there.

Which brings me to you, our readers, as we’re looking for feedback and information to help us lay the foundations. We’re looking for any kind of feedback- experiences, questions, data- everything from real experiences about why you made a career based move to silly topics about your lucky teddy bear. Spit it out, we’d love to know it.

Flash to iPhone!

Yes, you’ve probably heard it everywhere- the next version of Flash will be able to compile for the iPhone. Chances are you’ve already learned all the details, so here’s a recap:

1. Flash will be able to compile natively to the iPhone. This is a bytecode compiler, not a version of the AIR runtime or anything like that (Well, it might be, but Adobe’s not telling us what’s up).
2. Right Now the support for mobile features is limited. For instance you can write to the camera, but you can’t read from the camera. So AR isn’t an option… yet.
3. Since it’s pretty limited from a hardware standpoint, it will require mastery of a new application and component framework called “Slider” (Introduced today).
4. As Adobe works on a roughly 18 month release cycle, you can expect the new version of Flash CS5 to be out around April/May, with betas available in the next month or three (Though they might accelerate it to coincide with the Catalyst/Builder release slated for Q1).

Flash Player 10.1

Secondly, Adobe announced a new point release of the Flash Player this morning. There are lots of features, but perhaps the largest is that this player has been designed to work on 29 out of 30 mobile platforms (guess which one’s not in the list). Yes- that’s the full flash player available to smartphones. Additionally, here are some more takeaways:

Resource Usage

Mobile devices simply don’t have the computing power of desktop or laptop computers, so one of the major hurdles (and criticisms, if you listen to Apple and Google) is that the Flash Player puts a pretty significant strain on your system. While no amount of player improvement will save you from badly written software, it’s nice to see Adobe put some money into improving their own platform, and we’ll see exactly what the actual impact is.

Multitouch Support

Multitouch screens are everywhere now, mostly thanks to Apple, and for the Flash player to be competitive on a mobile platform it must accept input from a multitouch screen. This now opens the door to multitouch web experiences, which also makes Flash a competitive development platform for interactive walls and the such.

Streaming Enhancements

I doubt you’ll notice the actual impact of this, other than you won’t see as many interruptions while watching youtube… on your phone… while driving. No, really- the streaming enhancements are there to smooth out video playback in an environment where the video player is rapidly moving across different network access points (like cellular towers). You as a mobile user probably don’t realize how often your phone switches from one tower to the next because it’s handled so seamlessly, however it really did become obvious while watching video. If this enhancement really does what Adobe says it will, then live television on mobile devices will actually become technically feasible… while moving.

Mosaic

I highly suspect that this is the rebranding of the Adobe Genesis project which I blogged about some time ago. In short, it’s a way to create a series of interactive pods that can intercommunicate, but which in and of themselves have their own independent functionality. These pods can then be arranged on a page as you see fit (to, say, build out an HR application) and these pages can be managed (either at the page or pod level) by a workflow.

This is probably one of the strongest moves I’ve seen recently into the Enterprise software space (Well, other than the Oracle-Sun acquisition), and means that we might finally see a crack in the armor of monolithic ERP systems.

AIR 2.0

The announcement of AIR 2.0 addresses most of the major complaints people have had with the AIR platform. These are as follows:

1. Native Installer support
   This sounds like you can create an installer which is not dependent on having the AIR runtime installed. There wasn’t too much detail on this, but I’m hopeful.
2. Memory Improvements
   Tweetdeck won’t kill your machine anymore (Well, it still will, but it’ll do less of that- expect a 50% improvement).
3. Launching Native Applications
   It will be possible to launch already installed applications from your AIR application, so if, for instance, you’re building some kind of a file browser, you can now open those files in the application they were meant to be opened in.
4. USB Recognition
   We saw a demo of reading files from a USB drive. While this may mean that only device recognition is possible (hey, there’s some kind of new USB device, but I don’t know what it does), if this is fully built out we can see hardware device UI’s managed completely via the flash platform.

Flash CS5

There are a ton of new features available in the upcoming Flash CS5, and as I’ve talked about the iPhone above, I’ll highlight the other ones here.

• Real Text Support
  This version of “Real Text Support” (Wasn’t there a buzzword like this a few years back?) means left to right, ligatures, underline, strikethrough, paragraph flow and the consolidation of all text embedding.
• XFL as the base file format
  The base file format of a Flash file is moving to XML, so anyone can create/author flash files, and we won’t step on each other’s toes when they’re committed to a versioning system. Personally, I wonder how long it’s going to take Microsoft to write a XAML conversion script.

LiveCycle Collaboration Services

This is what I spent most of my day on yesterday, and will be spending most of my day on on Wednesday as well. In short, it is a way to create live multiuser experiences easily on the flash platform. If that doesn’t make sense to you, think of your favorite webconferencing solution (WebEx, Acrobat Connect, etc) and realize that now you can put this into your branded flash application. Oh yeah, and that works on mobile, too.

To be honest, this is really hard to describe unless you have a working sample, but imagine for a moment that you’re on the ESPN site doing your draft picks for fantasy football. Normally, you’d have to take turns, and it would take forever for emails to work their way around and so fort. Well, if this site was LCCS enabled you would see all the other players in your league interacting real time (no really, you’ll see their mice moving around), and could hand the baton around as to who gets to pick next.

Now, this has been around for a while known first as Cocomo and AFCS- but the big change now is that they’ve announced pricing. The best place to look is here, though I expect it’ll be officially posted somewhere else as well. Something to note- their blog doesn’t appear to be linked from the labs site, so here’s the link to the LCCS Blog.

That’s about it for now. Today is going to be a really long day, so I doubt I’ll be able to post again, but you’ll definitely get an update from me on Wednesday-ish. If I missed anything, don’t hesitate to comment.

There are, in essence, three different ways to consume media on the internet. This is regardless of what kind it is- a solution that would work for sound will also work for video and vice-versa. While technical implementation may limit the formats you can broadcast, those choices are usually made well after the project requirements have been set.

Progressive Download

The first is Progressive Download. This is the easiest and the one you’re most likely to encounter in your day to day life, and will also be the cheapest for you to implement. In essence, you copy a video file and a player out onto a normal web server, and when a user loads the page with the player, that player will start to download the video and begin playing it as soon as it has enough to ensure a continuous stream.

The advantages are many. First, it’s easy to do- dozens of prepackaged players exist, and encoders are pretty easy to find as well. In some cases, you don’t even need a player- quicktime will play directly in your browser as long as you have the plugin. The downside is that your video is available for anyone and everyone to download and, presumably, rebroadcast on their own servers.

If you’re working on a viral campaign this is actually an advantage, but in most cases it’s probably not- who knows how some enterprising individual will mashup your video, right?

Server Based Streaming

The second method is server-based streaming. Rather than using a single web server, you’re now using two: A web server for your player, and a streaming server for your media. The user experience is practically identical- all changes happen under the hood as the user is only receiving the part of the media they’re currently watching. Once a particular second has been consumed, it’s discarded.

The advantages of this method are several: First, it’s a lot easier to detect how fast your client’s connection is, so you can provide them a smaller file that will still give them a good user experience. Secondly it is more secure- your user can’t really save the media without a third-party program, and those fail if you encrypt your stream. Thirdly, you can publish live media streams with this method- concerts, conventions, presentations and the like are now all accessible in real time.

Unfortunately this method isn’t exactly cheap… if done in house. It usually means a new server, server software that will cost thousands, and a developer who knows how to set up and maintain your server. To keep costs low you can contract with a media hosting company that already has the hardware and software set up. The free ones include Vimeo and Youtube, though they limit you to certain players and encryption is usually not available.

Peer to Peer Streaming

This method is (surprise surprise) very popular in the adult industry, but is also used for more common applications like Skype. The role of the server is cut out almost completely in this, as we instead broadcast media directly from one user to another.

The nice thing about this is that you can have a high-quality person-to-person interaction without paying an arm and a leg for bandwidth.

The disadvantages are largely experience related, since one of your users must act as the media publisher via a camera, microphone, or pre-downloaded file. That user will then be limited to how many people they can broadcast to simultaneously by how fast their internet connection is.

Strategies for Selection

Given the above, choosing a media streaming approach is relatively easy. The default is progressive download- if you don’t have a lot of media and don’t need anything encrypted or fancy, just go with that. If that’s not enough for you, decide whether you need a live feed: If not, use a streaming server.

After this things get a little trickier, because live media may be broadcast in many forms. The rule of thumb I use is as follows: If the number of consumers of a single media stream exceed the number of streams that can be provided at the highest bitrate given the internet connection, use a streaming server.

Some examples:

• The Democratic National Convention
  Single source of video, many users: Server Based Streaming
• YouTube
  Many sources of video, many users: Progressive download or Server Based Streaming (I recommend the latter based on scale).
• Pandora
  Many individual audio files, must be secured from copying: Streaming server
• Amazon.com Album Previews
  Many individual audio clips: Progressive download
• Customer service training video (internal)
  Lives on internal network, not live, single video: Progressive download.
• Internet Phone
  Thousands of sources, thousands of consumers: Peer to Peer.

I hope this guide was helpful. If you have any additional questions, don’t hesitate to put them in the comments.

The real challenge, however, is “Getting Something Out There” that you can build on. I don’t mean setting up a blog or a couple of static pages, I mean putting in place a scaffolding that you don’t have to replace in its entirety as your business concept matures. The optimal solution then seems to be to use an established software package that can be extended to suit your needs.

Easier said than done. Every CMS out there claims to be extendable, yet not all are created equal. Furthermore extensibility usually requires that you build within their own framework, which then locks you into a third party whom you don’t have control over.

This can be overcome by developing your business services independently, and create a loose integration between your application and your CMS. By doing this you’re suddenly free to proceed with your own plans without the added worry of being locked into a platform.

So why did I choose WordPress and Zend? Well, WordPress has an easily understood plugin structure as well as an active developer community, plus its plugins allow you to do pretty much anything your heart desires. Zend was chosen because it’s a professionally supported application framework with quite a few corporate backers, and it’s written in the same language as WordPress- PHP (Plus, it’s what I know- Added Bonus).

The rest of this post is going to get technical, so I hope those of you who aren’t as geeky as I don’t mind. In essence I describe how to accomplish a loose WordPress-to-Zend integration with all the benefits I described above.

Step 0: Assumptions

Before I begin, there are some assumptions I’m going to make.

1. You know how a Zend MVC application is structured.
2. Your Zend code base will be hosted on the same server as your WordPress install.
3. You are running application stacks on the same primary domain. (blog.fancybrandname.com and www.fancybrandname.com works)
4. Your Zend application will handle user authentication records. This is because you don’t necessarily want to be restricted to WordPress’ table structure.
5. Your application uses the MVC Templating System that comes with Zend.
6. The WordPress integration code will live in the plugins directory on the WordPress side and (with one notable exception) in the ~library/ directory on the Zend side.

Most importantly, please understand that this implementation is NOT for the faint of heart, and requires additional code on your part. I cannot easily make any assumptions about how user authentication is handled within your Zend application, nor what models or methods you have built to simplify object retrieval.

Step 1, Database: Create a linking table

The first fundamental requirement is that we need some way of linking the WordPress user table (usually named wp_users) to the user table in the zend application. Usually this is done via a linking table, that might look something like this:

CREATE TABLE `user_id_link_table` (
  `id_zend` bigint(20) unsigned NOT NULL,
  `id_wordpress` bigint(20) unsigned NOT NULL,
  KEY `id_zend ` (`id_zend `),
  KEY `id_wordpress ` (`id_wordpress `)
);

Step 2, Zend and WordPress: Configure the Cookie Domain

To make sure your authentication cookies are available across your two domains, you’ll need to make sure both WordPress and Zend are looking for the same cookie. The way to do this is to set a wildcard Cookie domain so it transfers from one domain to another. If you look through the various configuration files and session initialization methods, you might see entries like “www.yourdomain.com” or “blog.yourdomain.com” near a reference to a cookie domain. To make sure they transfer, replace all instances with “.yourdomain.com” (the period at the beginning is important). That should ensure that your cookies are portable.

Step 3, Zend: Setting up an integration controller

The first thing we need to do is make sure that your Zend Application is fully loaded. Since you might want to use view helpers in your page templates, this means that we actually have to set up a ‘dummy’ controller that is used for integration purposes only, but which doesn’t try to output anything. This is easily done:

<?php
/**
 * The Integration Controller.
 */
class IntegrationController extends Zend_Controller_Action
{
    /**
     * Index action. Sets up the entire framework but disables output.
     */
    public function indexAction()
    {
        $this->_helper->viewRenderer->setNoRender();
    }
}

Step 4, Zend: Extending the AutoLoader

The fourth step is that we need to extend the Zend AutoLoader, because otherwise it will get confused when WordPress tries to load its plugins. Since we don’t really know which plugins will be loaded ( and thus we can’t explicitly include them in our $PATH ), we’re simply going to restrict the Zend Autoloader to restrict its activities to certain namespaces.

This file is called ~library/Wordpress/Loader.php

<?php
require_once('Zend/Loader.php');

/**
 * The WordPress loader class is a quick filter that ensures only specific application
 * libraries are passed through to load handling.
 */
class WordPress_Loader extends Zend_Loader
{
    /**
     * Override of the loadClass method.
     *
     * @param string $class
     * @param string|array $dirs
     */
    public static function loadClass($class, $dirs = null)
    {
        $parts = split("_", $class );

        switch ( $parts[0] )
        {
            case 'Zend':
            case 'Wordpress':
            case 'YourNamespace':
                parent::loadClass($class, $dirs);
        }
    }

    /**
     * This handler has to be here for Zend_Loader invocation purposes
     *
     * @param class $class
     * @return string|boolean
     */
    public static function autoload($class)
    {
        try {
            self::loadClass($class);
            return $class;
        } catch (Exception $e) {
            return false;
        }
    }
}
?>

Once we’ve extended our AutoLoader, we now have to properly invoke it in our Zend Bootstrapper.

NOTE: You may have to adjust the following code somewhat so it fits in with your application. My own application has a Bootstrap Class within which this is a private method.

/**
 * Application Bootstrapper.
 */
class Bootstrap
{
    private function setAutoLoad()
    {
        require_once ( 'Zend/Loader.php' );
        // Notice that I'm still calling Zend_Loader, but I'm passing the new Classname.
        Zend_Loader::registerAutoload('Wordpress_Loader');
    }
} 

Step 5, Zend: Creating a Session Model

This fifth step is necessary if you’re going to delegate all authentication tasks to the Zend application rather than to WordPress itself. By treating our user sessions like a CRUD-based application, we can abstract it entirely into a Model rather than keeping the code within a Controller. By doing this we can invoke the method from anywhere, including a WordPress plugin.

NOTE: I’m putting this session class into the WordPress namespace, while it really should go into a namespace appropriate to your application.

<?php
/**
 * The session model wraps basic session creation and destruction methods
 * into one single interface. 
 */
class WordPress_Model_Session extends WordPress_Model_Abstract
{
    /**
     * Creates a new session (aka logs in a user)
     *
     * @param string $user
     * @param string $password
     * @return 
     */
    public function create ( $user, $password )
    {   
        // Get our authentication adapter and check credentials
        $adapter    =   $this->_getAuthAdapter( $user, $password );
        $auth       =   Zend_Auth::getInstance();
        $result     =   $auth->authenticate($adapter);

        if ( !$result->isValid() )
        {
            return false;
        }
        else
        {
            // We're authenticated! Add your own logic here.


            return true;
        }
    }

    /**
     * Destroys a session (aka logs out a user)
     */
    public function destroy ( )
    {
        Zend_Session::forgetMe();
        Zend_Auth::getInstance()->clearIdentity();
    }

    /**
     * Constructs an instance of the auth adapter for this model.
     *
     * @return Zend_Auth_Adapter_DbTable
     */
    protected function _getAuthAdapter( $login, $password )
    {
        // Put your authentication plugin loader code here.

        return $adapter;
    }
}

Step 4, Zend: Add an integration method to your Zend Bootstrapper

The last thing we need to do is create a method in our bootstrapper that lets us load the entire application without Zend trying to parse the URL into which it was loaded. To do this, we create our own HTTP Request instance with a URL that invokes the Controller and Action we created in step 3, thus effectively ‘fooling’ the FrontController into thinking it was invoked from somewhere else.

/**
 * Application Bootstrapper.
 */
class Bootstrap
{
    /**
     * Executes the application in a bootstrapped integration state.
     */
    public function integrate()
    {
        // Construct a 'Dummy' Url to use for our Request.
        $uri = sprintf ( 'http://%s/integration/index',$_SERVER['HTTP_HOST'] );
        // Create a new request object
        $request = new Zend_Controller_Request_Http( $uri );
        // Dispatch our FrontController
        $this->_frontController->dispatch( $request );
    }
}

At this point, we’re done with all the work we need to do on the Zend side of things. On to the WordPress Plugin!

Step 6, WordPress: Create a plugin

The sixth step is to make sure that your entire Zend Application is available to WordPress. This is a security risk- the instant someone discovers a vulnerability in WordPress they’ve got access to everything, so make sure you have a competent PHP developer who knows how to secure an application.

<?php
/*
Plugin Name: Zend Integration Plugin
Version: 1.0.0
Description: Allows WordPress to authenticate users against the a Zend Session Model
Author: Michael Krotscheck
Author URI: http://www.krotscheck.net/
*/

class ZendIntegrationPlugin
{
    /**
     * Constructor. Initializes this class.
     */
    function __construct()
    {

    }
}

// Load the plugin hooks, etc.
$zend_integration_plugin = new ZendIntegrationPlugin();

Step 7, WordPress: Load the Zend Framework

The next step is to load your Zend application. By creating a method that explicitly loads our Bootstrapper and then invoking the integration method we created in Step 3 above, we load all necessary classes and dependencies without them interfering with WordPress.

class ZendIntegrationPlugin
{
    function __construct()
    {
        // .... previous code ....
        $this->Wordpress_framework_init();
    }

    /**
     * Initialize the Zend framework for inclusion.
     */
    public function WordPress_framework_init()
    {
        // Import the Zend Bootstrapper. This path needs to be absolute.
        require_once ( '@APPLICATIONROOT@/bootstrap.php' );

        // Create a new Bootstrapper instance and invoke the integration method.
        $bootstrap = new Bootstrap ( );
        $bootstrap->integrate();
    }
}

Step 8, WordPress: Disable Unnecessary Functions

Since we’re delegating all session authentication tasks to your Zend application, we need to explicitly disable many of WordPress’ default functionality related to password and account management. We do this by using the application hooks created explicitly for that purpose.

<?php

class ZendIntegrationPlugin
{
    function __construct()
    {
        // ... previous code ...

        // Disable Lost Password, Retrieve Password, and Password Reset
        add_action('lost_password', array(&$this, 'disable_function'));
        add_action('retrieve_password', array(&$this, 'disable_function'));
        add_action('password_reset', array(&$this, 'disable_function'));

        // Remove Password Fields from the wordpress user profile.
        add_filter('show_password_fields', array(&$this, 'disable_password_fields'));
    }

    /**
     * Used to disable certain display elements, e.g. password
     * fields on profile screen.
     */ 
    function disable_password_fields($show_password_fields)
    {
        return false;
    }

    /*
     * Used to disable certain login functions, e.g. retrieving a
     * user's password.
     */
    function disable_function()
    {
        die('Disabled');
    }
}

Step 9, WordPress: Autoload the session

This is perhaps the most complex piece of the plugin, because we have to do three things: First, we have to detect whether the authentication states between your Zend application and WordPress match. If they don’t, we have to either create a wordpress session or destroy it. The tricky bit here is that WordPress requires use of its own user database, so we have to retrieve basic information from the Zend User tables and construct a WordPress user should it not already exit.

Unfortunately, I cannot say how your Zend application is built nor what models exist that would allow you to retrieve a user record. As such I’ve inserted pseudocode in the method below that describes what needs to happen rather than make guesses about your implementation.

<?php

class WordPressAuthenticationPlugin
{
    function __construct()
    {
        // ... previous code ...

        add_filter('plugins_loaded', array(&$this, 'auto_login'));
    }

    /**
     * This method runs after the plugins is loaded, and attempts to detect
     * an out-of-sync session.
     */
    public function auto_login()
    {
        $isZendAuthenticated = Zend_Auth::getInstance()->hasIdentity();
        $isWordpressAuthenticated = is_user_logged_in();

        // Check to see if we're logged out of Zend but still logged in to WordPress
        if ( !$isZendAuthenticated && $isWordpressAuthenticated )
        {
            // Log out of WordPress.
            wp_logout();
            wp_clearcookie();
            set_current_user(null);
        }

        // Check to see if we're logged in to Zend but not WordPress
        if ( $isZendAuthenticated && !$isWordpressAuthenticated )
        {
            // Retrieve the user record from Zend
            $yourUserObject = yourUserRetrievalMethod();
            $wordpress_user_id = yourWordpressIdRetrievalMethod($user);

            // Check for the wordpress user ID, create a new user if necessary.
            if ( $wordpress_user_id == NULL )
            {
                // Retrieve the user creation scripts.
                require_once(ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'registration.php');

                // Create a user object, using the hashed password value (It matter doesn't what you use as long as it's unique)
                wp_create_user($yourUserObject->login, $yourUserObject->password, $yourUserObject->email);

                // Check for a successful insert
                $wordpress_user_id = username_exists($login);
                if ( !$user_id )
                {
                    die("Error creating user!");
                }
                else
                {
                    yourWordpressIdUpdateMethod($user, $user_id);
                }
            }

            // Now that we know we have an existing wordpress user record that matches our Zend Table,
            // try to create a wordpress session
            $wpUser = new WP_User($wordpress_user_id, $yourUserObject->login);
            $wpPassword = md5($yourUserObject->password);
            wp_login($yourUserObject->login, $wpPassword, true);
            wp_setcookie($yourUserObject->login, $wpPassword, true);
            wp_set_current_user($wpUser->ID, $yourUserObject->login);
            return;
        }
    }
}

Step 10, WordPress: Enable Login via WordPress

At this point we are maintaining the authenticated session across our applications, but we don’t yet have WordPress authenticating users against our Zend user table. As above, I can’t make assumptions about how your authentication is set up, but I can show you which application hooks to set up, leaving the rest of the logic for you to fill in.

<?php

class WordPressAuthenticationPlugin
{
    function __construct()
    {
        // ... previous code ...

        add_filter('check_password', array(&$this, 'check_password'), 10, 4);
    }

    /**
     * Override Check Password
     */
    public function check_password($check, $password, $hash, $user_id)
    {
        // Retrieve a user by the WordPress User ID. You can use any class in your Zend application.
        $user = findZendUserByWordpressId ( $user_id );

        // Check for a valid return data.
        if ( $user )
        {
            // Try to log in.
            $sessionModel = new WordPress_Model_Session();
            return $sessionModel->create( $user->login, $password );
        }

        return false;
    }
}

Step 11, WordPress: Enable Logout via WordPress

The very last vanity task to perform is to enable logging out via the WordPress buttons. Again we use an action handler, and in this case we explicitly call the Session destroy method we created in Step 5.

<?php

class WordPressAuthenticationPlugin
{
    function __construct()
    {
        // ... previous code ...

        add_action('wp_logout', array(&$this, 'logout'));
    }

    /**
     * Runs Logout routines against the Zend controller.
     */
    public function logout ()
    {
        $sessionModel = new WordPress_Model_Session();
        $sessionModel->destroy();
    }
}

And that’s it. With all these pieces in place your Zend application should now be integrated with your WordPress intall. Congratulations! Now your startup has a fully functional, plugin ready CMS without being tied to a commercial solution for the long term.

To begin with, this session starts where the 5 minute install stops. There are plenty of tutorials out there that will help you set up your own WordPress blog, so I’m not going to bother repeating them. Instead I’m going to start covering topics that you’ll run into when you want to have your WordPress install do more than what it was originally designed to do.

Since the topics covered are very technical in nature, I will also take the time to demystify some of them. In other words, if you’re already a developer in your own right you might not get much out of this presentation, as I will be covering some basic PHP syntax, server redirects as well as an overview of modifying DNS records.

On the other hand, if you are a blogger who’d like to have a good introduction, or are curious about how WordPress might fit into your corporate environment, this will be an excellent overview.

Section 1: One Install, Many Blogs

11:00AM-11:20AM

If you’re an avid blogger and/or maintain more than one WordPress blog, consolidating all of your blogs onto one single WordPress install can help with everything from plugin management to upgrades. Most plugins, however, naturally assume that they exist on a solitary install, so if you want to use something like Google XML Sitemaps there are some additional steps you need to take. As such, this first part will cover the following topics:

1. Writing a Dynamic Configuration File (PHP)
2. Request Redirects with mod_rewrite
3. Configuring plugins for multi-site use

Section 2: WordPress^μ

11:20AM-11:40AM

In many corporate environments it’s often optimal to manage multiple blogs through one single administrative interface, which is where WordPress^μ (Multi-User) comes into play. Installs such as these are often tricky, because they require a bit more technical expertise to get them set up properly. As such, I will be covering the following:

1. A brief feature overview of WordPress^μ
2. Installing WordPress^μ.
3. Redirecting for subfolders (http://www.yourdomain.com/blogname).
4. Redirecting for subdomains (http://blogname.yourdomain.com/ ).
5. Updating CNAME DNS records for subdomains.

If we have time at the end of the session I will open the floor for any additional questions you might have about installation challenges you might have faced. I can’t promise a comprehensive answer to all of them, but between myself and the rest of the room we should be able to get you pointed in the right direction.

Everyone on that list gets followed. Everyone else gets dropped.

Yes, there are caveats. If I’ve never met you before in my life there’s a good chance I’m not going to follow you anyway, for reasons you’ll see below. Also if we’ve had more than a cursory set of @changes, have emailed each other regularly or (even better) have hung out in person you’re automatically on the list.

The true power of human communication is interaction, discussion and argument. It is not doe eyed consumption of what the latest celebrity has said, nor is it short-burst updates in the hope of being profound. It’s not link propagation, marketing, spin, advertising, or a long list of messages that boil down to “OMG I’m # away from ### Followers, Pay Attention to MEE!”. Human communication and true discussion requires time, effort, and thought, and cannot be acquired via txt messages or 140 character snippets. Think paragraphs. Think books. Think libraries.

Yes, it requires effort. It requires we meet, or have an email exchange, or talk on the phone, or have some kind of meaningful exchange other than “@krotscheck omg that picture is so cute”. Once that social vibe and comfort is established then yes, casual methods of communication (like twitter) are great ways to maintain it over distance, but you can’t do that just because you listened to their presentation at some conference.

If you want me to follow you, you have to convince me to care, and no small “follow” button or automated bot is going to do that. If you want me to treat you like a human being, to really listen to what you have to say, then you really should reciprocate.

Hypocrite? Not really. Listen, I give people day-to-day updates because I assume that they’re interested in what’s going on in my life. I use twitter for banter, not for a meaningful conversation or professional exchanges. Banter, by its very nature, assumes a level of familiarity you can’t just get from a website, and if I don’t feel comfortable bantering with you then yes, you’re not going to get followed.

Yet having said that, a few weeks of scraping the far corners of the web for information on what the next big thing might be has left me with one overarching impression: Wow, my skill set is way out of date.

Of course, that’s to be expected. There are many different levels of being at the forefront of technology: There’s the leading edge, where you’re using the news most broadly supported technologies. There’s the cutting edge, where you’re working on bringing a new idea to a larger audience. And then there’s the bleeding edge, where you’re wantonly investigating every last thing that sounds like it might have impact, but you really cannot tell whether it’ll sink or swim (hence the term ‘bleeding’). As such, trying to remain on the bleeding edge is a dangerous and ultimately frustrating endeavor, because by the time you’ve built up the skills to properly explore an idea either your goal is outdated, your skills are outdated, or both.

As such, it is very rare to see an Agency truly on the Bleeding Edge. Between often unrealistic delivery restrictions and the need to keep everyone billable, it’s rare to see pure technological exploration. In most cases it’s easier and faster to use established tools and technologies because they are known and thus allow us to estimate a project to within a reasonable margin of error. This, by virtue of my definitions above, places agencies as no farther ahead than the leading edge, because by that time the tool makers have come through and made things as easy to generate as possible.

Seems legitimate, yes? Certainly. And yet through my own recent exposure to the technological trends and implementations, I can’t help but conclude that the next iteration of “Really Cool Marketing Apps” are going to be well beyond the technical skill set normal agencies have access to. Let’s take a look at some examples, shall we?

1. Amazon’s iPhone application uses sophisticated Image Recognition to detect what product you’re looking at. These methods and algorithms are by no means easy, and usually require someone who is extremely well versed in computer vision (A skill rarely found outside of academic environments). Who, at your agency, can do that?
   
2. QR Codes are prevalent in asia and are starting to make a dent in the US market for cell-phone based scanning. The QR Code standard uses Reed-Solomon error correction, which involves incredibly sophisticated algorithms that can support polynomial Galois theory. Do you have any experts in Computational Algebra at your agency? I thought not.
   
3. Augmented Reality involves the manipulation of 3D spacial geometries that requires more matrix algebra and vector calculus than most developers are ever exposed to. While authoring tools are certainly making headway in simplifying that (Adobe’s “Postcards In Space” support in Flash Player is one of them), there will always be a disconnect between what’s embedded into tools and what isn’t.

While we’ll definitely see smaller specialty shops rise up to address complex demand like this, it will still mean a sharp rise in demand for talent that’s traditionally only found in academic environments. In short, if you’re the Technical Director in an agency, and your talent pool is full of Software Developers rather than Software Engineers, you should probably start partnering with your local University to make sure you can source them at a moment’s notice.

More practically speaking, it also means agency costs are going to rise, and that many smaller agencies will be left in the wake because they can neither convince their clients that they have the talent nor can they retain it if they do hire it. This really isn’t news- there are plenty of Brochureware agencies out there that got into the web market and have been floundering since. The big players can afford to take a dive on a project just for the portfolio piece, and will thus gain poaching and award rights.

And yet, there is a ridiculous business opportunity here: If you’re the first agency who can pull off an AR or mobile piece convincingly, and are willing to monetize the expertise (via consulting or whatever), suddenly you’ve got the industry cred of being on the cutting edge. In essence you become the tool creator, with all the benefits and recognition that comes with it.

Yet… how big is it really? Let’s really narrow down our numbers and show you the ridiculous amount of talking that’s going on here. According to the bureau of labor statistics, there were 857000 software developers employed in the US in 2006. While that’s a measly 0.28% of the total american population, it makes a little more sense in context of an area where a conversation can legitimately take place. For argument’s sake, Columbus Ohio’s metropolitan area has a population of 747,755, which means that there are likely around 2147 software developers in the area.

Now let us assume that software developers only talk with one another, and that the Conversation is limited to them. Using myself as an example I talk with at least three other developers every day, about various topics which amounts to an average of 10 conversations or so. Assuming that other developers are like myself it means there are 21,470 conversations happening every day, in Columbus, Ohio, in one small segment of the workforce. Extend that to the entire population and increasing the conversation number to about 20 (We don’t just talk to our direct colleagues, do we?), we’re looking at ~8.5 million conversations amongst software developers, ~14 million conversations in Columbus Ohio, ~17 million conversations that software developers have with their peers, and a grand total of 3 trillion conversations happening in the entire American population, every day, for a grand total of one quadrillion every year. And that’s only an eyeball estimate of actual in-person conversation communication. Who knows what that number is once you include journalism, microblogs, instant messaging…

My, we’re a chatty bunch, ain’t we.

The downside of this, of course, is that being part of “The Conversation” means precisely squat. No matter what that sales guy or social media enthusiast over there tells you, you remain one tiny voice among trillions. Even if you slice and dice the population down to a specialized group that might let you have an impact, that group does not exist in a vacuum and remains influenced by anyone and everyone else that’s out there.

Humbling thought, isn’t it? That’s right, we’re really not as important as we think we are.

It’s fairly common for politicians to convert extremely complex topics into sound bytes. We’ve seen it happen- so and so will take their opponent’s economic policy, pull it apart looking for the slightest thing that might motivate the opposition, and then use it like a hammer to completely discredit their opponent. So has it been with the claims of the 45-day old election propaganda (does anyone still remember how much they cared back then?), so it will be with any and all upcoming elections as long as this firebrand strategy pays off.

One personal pet peeve of mine has been the Main Street vs. Wall Street debate, a catchphrase so overused that it’s rivaling Britney Spears for airtime. These five words attempt to turn two fundamentally different economic management systems into a bullet point, and allow anyone to repeat them in an argument while fully absolving themselves of actually understanding what’s going on. It’s easy, we’ve all been guilty of it: What’s more important? Main Street or Wall Street? The former of course. Why? Because it’s more relevant to more people.

Wrong.

The actual discussion is far more subtle and complex than that, and is rooted in the core difference between two economic management systems: Top Down vs. Bottom Up Capitalism. Fundamentally, these theories attempt to place a framework of understanding around economic activity, so as to simplify an incredibly complex system enough that it may be managed, encouraged, and in limited cases predicted. In other words, we understand that a country’s economy is so complicated that we don’t have a clue what’s happening, but we’ve got a sortof vague idea and theory and based on that are going to see if we can prevent it from getting out of control.

Amusing, isn’t it, that “Wall Street” is a simplification of Top Down Economics (Main Street likewise)…. which is a simplification of something we don’t really understand to begin with, but I digress…

To really set the stage for this discussion however we have to set some common ground.

The heart of a capitalist society is the Individual

While some call this person the “Consumer” while others call this person the “Worker”, fact of the matter is that it’s the same person. The Individual is an economic entity unto itself, and through his or her labor produces value which nets them currency from the market, which is then subsequently reintroduced into the market to support the activities of said Individual. In short the Individual is a unit designed to generate and spend wealth, which allows us to define “corporations” as Individuals within a market. In fact, Corporations and Businesses are usually seen as individuals for legal reasons, so at least there we have some backup.

The economy is measured by the movement of money, not the amount of money.

Let’s get one thing straight: If you have a lot of money in your mattress, it’s paper. It is not being used, it is not increasing or decreasing in value (Well, barring in/deflation), it is not helping you acquire goods and services, and it’s not getting registered on any beancounter’s analysis spreadsheet. The economy is defined by the transfer of money through purchase or other means. If the money doesn’t move, it’s worthless.

A single dollar is valuable

While to you or I a single dollar bill might be fairly trivial in economic terms a single dollar has an incredible impact because it is multiplied across millions of Individuals. Provide a $0.25 tax break to everyone in an economy and you suddenly have millions in surplus capital. Similarly, if you provide a $50 Million tax break to one individual (easier done with companies) you have a similar effect. The scale of either action does not matter, because from the side of the entity offering the tax break it all looks the same. In other words, economic actions may be performed regardless of scale, because a single dollar has value no matter how you slice it.

Competition makes the world go round

The true free market advocate (of which I am one) believes firmly in the rules of fair and equal competition. If the playing field is equal (that’s a completely different argument), then the best company should succeed. Notice how I didn’t say “win”- as with any real life simulation, the idea of winning and losing becomes largely meaningless, because we are not playing on a terminated field: The dice keep rolling, the clock keeps ticking no matter what you do. It is in this environment that those companies capable of making the best decisions succeed, while those that make the worst fail, and through that competition we see the ebbs and flows of today’s market.

Top Down Economics (Wall Street)

The basic theory behind top down economics is that management begins at the top, because as soon as you give an Individual (corporation) with far reaching arms the means to expand its operations it will do so (and vice versa), and the cascade effect of new infrastructure will give the appropriate economic kick in the pants.

There are two problems with this theory: First of all, you cannot easily distinguish between companies whose operations have a global reach vs. a local reach (i.e. you can’t say whether your money is leaving the country), and secondly that you cannot account for pork in the pyramid of corporate power (Like, say, CEO salaries).

Bottom Up Economics (Main Street)

Bottom Up Economics believes that if you provide the small individual with means, they will use it to support themselves and thus encourage the movement of capital through the economy. Furthermore, in search for each individuals capital, corporations become more competitive and thus, theoretically, provide better products and services.

Speaking personally, my own budget has always expanded to consume my income, so I can certainly speak to its effectiveness, but this theory has significant problems of its own. First of all, competition between corporations is as much quality and process (real quantitative moneymakers) as much as it is marketing and message (very qualitative moneymakers). Fact is, you can make crap, have a great sales guy, and shame people into shelling out money. Furthermore, you’re hoping that your individual consumer is spend happy and doesn’t save their surplus.

So which is better?

Both, of course, or neither, depending on the environment. Fact is they both have serious logical holes, and situations exist where, if anything, they’re the worst idea ever. It’s all well and good for you to give money to either the top or the bottom, if they end up behaving the way you expect them to. This almost never happens, but let me give you a couple of drastic situations:

Deflation

If currency is currently in a deflationary cycle, then your average day to day individual will take any money you give them and hold on to it, because they know full well that the special shiny thing they wanted to buy will be cheaper tomorrow… and tomorrow… and tomorrow. In other words, a bottom up economic system will completely and utterly fail in a deflationary cycle, assuming that’s the only factor affecting purchase decisions.

Low Unemployment

If your country currently has the (enviable) problem of low unemployment, then any corporation you give money to is in a bit of a bind. They now have the capital to expand operations, but the local labor market is extremely competitive (and therefore expensive). If they want to expand operations they can choose to stay within your country (at a much reduced effective rate of capital) or they can spend that money overseas for much greater effect. In short, a top-down economic approach will fail in a country with low unemployment, because the money is far more likely to flow overseas.

In both of these cases, the economic theory given completely breaks down, largely because you failed to take into account the conditions in which you’re operating. Other factors could include the level of regulation (more means fairer business practices, less means lower cost of business) as well as corporate/individual taxes (social security/Medicare/regulatory oversight vs. economic capital), and each have some very complex effects on the system.

Expanding this to the real world, let’s take a look at the mid 2000′s: We’re in an economic boom time, and the consumer is flush with credit (if not cash). Business is going great! So why question something that works- We’re going to continue giving tax breaks at the top, keep reducing regulations and continue to deregulate our industries. Business, after all, has proven that they can look after themselves.

And look where that got us. Would a more stringent regulatory strategy have gotten us somewhere better? Perhaps. Would increasing taxes at the top and reducing them at the bottom have kept the field more competitive rather than strangely lopsided? Perhaps. What we do know is that the correct approach to handling the US’s financial and economic matters was not what ended up happening.

Full Circle

And yet we always must have someone who’s right, and someone who’s wrong. Face it, we’re a binary species, and love to be on the winning side. I have many republican friends right now who feel like they’re on the losing side right now, simply because the present administration’s economic policy seems to be to blame for the meltdown that the opposing theory is trying to get us out of. One way or another, we each try to pick one side and go with it, and based on that we win or lose (or rather, we lose the election but we’re still right).

This isn’t a question of us vs. them. This is a question of us actually thinking about the issue, and coming up with the right solution. Intelligence and an open minded approach is the right strategy, and by actually turning off the television and sitting down with a problem by ourselves or as a community, we can easily overcome this problem and solve the issue not just right now, but for future crises as well.

Internet Explorer 6 is old, very old. It was released on August 21, 2001, which in technology terms is archaic. To put things in perspective, the original, first generation iPod was released two months after IE6, shortly followed by the original XBox, subsequently followed by the first monochrome BlackBerry in March of the following year. Processors at the time had barely broken the 1GHz mark, and the Dot-Com bust had come and gone, leaving its mark on Redmond and Silicon Valley.

Since then, many newer and better browsers have been released, all of which do a better job of implementing those standards (Though few do so completely). As a result developing for these browsers has become even more painful, because web developers have to support both the newer, more standards compliant browsers as well as trying to accommodate for IE6′s eccentricities. And yet IE6 continues to appear on spec sheets and software requirements, and is a continued presence in web analytics reports. We’re still stuck with it, so what gives? If it is really so painful to develop for, and really so limiting to the user experience, why has IE6 not been unceremoniously ejected from the web?

Who’s Not At Fault

Blame is tossed around like candy when it comes to figuring out who’s at fault. One of the common ones is the outdated hardware, yet even in the notoriously underfunded and out-of-date nonprofit sector (this study claims 44% of nonprofits operate on 3+ year old hardware), the software is reasonably recent (89% on Windows XP). If anything, the nonprofit sector is ahead of the curve, perhaps because they have to rely on smaller software providers.

The larger part of the guilt is usually laid at the feet of large corporate IT departments. I’m not talking about mid-sized businesses, I’m talking about behemoths that, along with their size, have a reputation of moving incredibly slowly and always being several versions behind on everything. Some people erroneously say that corporations like this don’t want to shake things up by going with something “untested” and “potentially insecure”, but in reality the largest part of the blame for all the frustration they’ve caused isn’t even their fault.

One of the primary systems that large, corporate IT departments maintain are Enterprise Resource Planning (ERP) systems such as SAP, Oracle, Peoplesoft and so forth. These systems are massive- a full implementation will touch every part of an organization from accounting to inventory and requires several years to implement. Their benefits are many- they greatly improve reporting, planning, and in many cases automate core business operations.

Additionally, these systems are ridiculously expensive, not only because of their original licensing fees, but also because these systems have to be highly customized, and at $180/hour plus expenses for a competent ERP consultant that bill starts to add up. With a pricetag of many millions of dollars, installing an ERP may still be easily justified (given the operational benefits it would provide), however providing a positive ROI for the incremental benefits from an upgrade are a lot more difficult generate.

To illustrate, take a look at these two excerpts from a product compatibility matrix for SAP Netweaver ’04 and’07, valid as of April 2008 (the date on the presentation. You can find the version for ’04 here and for 7.0here , and as you can see they don’t exactly support anything but Internet Explorer. Add to that the extremely high cost and only incremental benefit of upgrading and it’s really no surprise that IE6 is still standard at major corporations. The ERP solution is the decision driver, not the browser, and that’s the real reason IE6 is not about to go away.

Product Compatibility Matrix for SAP Netweaver ’04

Product Compatibility Matrix for SAP Netweaver 7

So what happened?

Remember all that hooplah several years ago about how Microsoft was being uncompetitive and monopolistic in its actions within the browser wars? This is the aftermath. By continually encouraging corporations and their software developers to make use of the full capabilities of Internet Explorer 6 and the admittedly feature rich ActiveX controls, they have succeeded at carving themselves the largest part of the browser market. Unfortunately, by doing so they have also forced a large portion of the web into obsolescence.

So who’s really at fault here? Microsoft for pushing its development platform, or the ERP system providers who developed for it. Personally, I think the blame is where you prefer to put it based on your own technological preferences. If you’re a huge OSS fan, Microsoft’s a convenient target. If you’ve ever been frustrated by ERP’s, then the provider is the target-du-jour. Personally, I’m more likely to consider the product managers, directors and developers who made the platform decision without considering the long term implications.

So are we stuck?

Sortof. With the impending release of IE8 web developers will be able to tell the browser to “pretend” to be a previous version, neatly circumventing any future compatibility issues. Unfortunately this only works for Internet Explorer, meaning that ERP developers have no reason to change past behaviors. Until they disengage from using proprietary extensions and ActiveX controls and start relying more on open standards based development, we’ll never truly escape this cycle, though Microsoft has made backwards-compatibility a lot easier.

And that’s exactly what Microsoft wants: Allow their development partners to improve functionality and give their clients reasons to upgrade, while not forcing their other partners (IT departments dependent on ERP’s) into technological obsolescence… sortof. This process will take a while, because IE6 isn’t one of the browsers IE8 can be reset to, but eventually we will see IE6 go the way of Netscape, only to be replaced with… Internet Explorer.

Aaron: did I make .NET changes for the last release?

Michael: Yeah, remember you rewrote the backend to do my laundry?

Aaron: oh yeah

Aaron: how’s that working out for you?

Michael: Well, it works… but the licensing fees on the detergent are killing me.

Aaron: Yeah, I didn’t work out that integration well

Michael: I’m afraid I’m going to have to go with an open source solution.

Aaron: Many of our customers are feeling that way.

Michael: I hear a new one just got released. Have you heard of "Clothesline"?

Aaron: yeah, but I heard that the results aren’t as good if your server room has polluted air

Michael: Apparently it’s super configurable though. Some kind of API called "pins"

Aaron: Nice

Aaron: I’ve seen various distributions

Aaron: Pretty flexible

Aaron: You can install it on a wide variety of platforms

Michael: Still, I’ve read blogs that it only does half the job, and you’d really need a good Washboard operator to make it work.

Aaron: Also, the process is efficient, but slow.

Michael: I thought it multithreads?

Aaron: It can sometimes handle a larger load than the commercial product.

Aaron: It’s a trade off though.

Aaron: Speed or larger processing loads.

Michael: Well, you know me. Always overclocking the machine just to get those stains out.

Bad news like that is almost inevitably followed up by commiseration about how many hours they’ve had to work recently, how they’re constantly under pressure to put in more, or how their coworkers have had enough and have left for greener… or at the very least less stressful pastures. This in and of itself isn’t necessarily bad- we all understand the pressures of marketing and agency work, and a certain amount of dedication to the project deliverables are par for the course. Yet when weekly hours exceed 50 on a regular basis, you’re buying short term productivity by draining both current and future creativity of your talent. Speaking from experience, gradual burnout is still burnout, leaving long-term scars, and the tightening of client budgets and inevitable cannibalization of the RFP bid has resulted in even more frightening stories: Talented designers and developers are going on antidepressants because of their work load (source withheld).

When I heard that, my first response was outrage. My second was to cast the management of those agencies in the worst light possible, as either willfully ignorant or maliciously exploitative. My third was to do a quick mental inventory of all the openings at Resource just in case there was a way I can get them out of that hellhole. Regardless of those, I’m confident in stating this: Those agencies are going to fail.

Ur Doin it Rong

Your talent is your greatest asset. Designers, developers, strategists, information architects, analytics experts, effectively all the people who actually produce whatever deliverable you’ve agreed to are the guts of your operation, and without them you’re simply a self-style executive or sales guy more useful as a hot air balloon.

So lets assume that you’re said executive with a production team, and hard economic times and active competition from other agencies has forced you to cut timelines and reduce your RFP estimates. A few of your employees are forced to work a few extra hours while you’re busy trying to find more clients, but the pressure doesn’t let up, becomes systemic and suddenly you’ve built a culture that expects 100% lifestyle dedication. If this was intentional, shame on you. If it wasn’t, you’re going to need to take drastic measures to fix it.

Your Reputation Is At Stake

As talented SME’s in the digital space we are of course extremely active online, and have a vibrant community of our own. We keep in touch over twitter, email lists, websites, blog, professional networking groups and what have you, and news like “I had to work a 100 hour week last week” gets around quickly. So while your marketing personnel and senior leadership are busy worrying about how your company’s brand is projected to current and potential customers, that same brand is being systematically undermined and destroyed in the professional communities that represent your talent pool. One single negative report is enough to mark you as an agency to stay away from, and in tough economic times it’s going to be much easier to accidentally cause these. In short, you might look good to potential clients, but when you try to hire the talent for that project which will grow your agency to the next level, the community will laugh in your face.

Let me emphasize this: If you put more pressure on your talent, the stress will reduce their creativity and productivity in the short and long run, you’ll have to hire more, which will refuse your offers because you’re known in the community as someone who works your employees to the breaking point. End result: You’ll be unable to produce high quality work anymore, and instead will leave your client with a bad taste in their mouth as you under-deliver on your promises, ensuring little to no repeat business.

And that’s the crux, isn’t it? If the web has taught us anything, it’s that high quality work (shameless plug) is a better sales person than anyone you can hire, and if your HR policies, culture and project management are systematically draining and destroying the talent which produces such work, your agency is either on life support or is one payroll cycle away from being roadkill. All the sexy, high margin projects will go to those that have the talent to consistently produce it, and you’re left with those clients unable or unwilling to pay for it.

It’s simple economics. If your production talent is interested and engaged, you’ll see the product quality increase while efficiency increases as well. We’ve seen this with Toyota and American Airlines, and there’s plenty of evidence that fundamental truths like this easily translate to the agency world.

And while that’s all going on, community leaders like myself as well as your competition will be waiting in the wings, ready to poach your best and brightest at a moment’s notice. So wake up, face the music, and realize that your agency’s bottom line is only as happy as your employees.

The Animated Tile List attempts to fill the Visual Component gap left by Adobe in their current TileListRenderer structure. While not as sophisticated (it doesn’t support drag & drop, mouse commands, or data change transitions for instance), it nevertheless provides an invalidating, caching tile list with smooth selection transitions.

Notable differences: The AnimatedTileList does not poll its children for desired row height or widths, but calculates those directly off of the numRows and numColumns properties, setting them explicitly.