Friday, November 21, 2008

Must Do Security

Must do security. Must do security. I'm trying to make that my mantra so I get it out of the way. I did spend most of today on permissions & security, but (don't tell anyone), I spent part of that time on finishing up the permissions UI, which I like a lot better now. It's now (mostly) Ajaxified like the rest of the site, which makes it feel a lot better. I worked on a bunch of tasks today, but I only completed one.

I mentioned the other day that my board of advisers is basically anyone who wants to offer advice. And I mean that seriously. Comment on my blog, send me email, grab me in the hallway -- it's all good. I'm looking for feedback of all types -- kudos, suggestions, and criticisms. If I'm doing something dumb or missed something obvious, I want to know. Just yesterday, Scott Blomquist commented that I'd missed something obvious (it's great how things are obvious after they're pointed out). Now that I'm in the end game, a great way to visualize progress is with a chart. So, here goes. I'll update this in each blog post until I launch.

Note the uptick in Large Tests. In doing the security work, I realized another test I have to do. Basically, if my server goes down, the client can get confused. I already have fixing that on my list of things to do, but I realized that testing it could be a big deal.

I probably won't blog this weekend as I'm going to Seattle Mind Camp. In fact, I'm stopping work for the day to create a mini Puzzle Hunt to bring. I'll be giving away a cool Puzzazz hat as a prize.


Mike Koss said...

I've been going through a similar phase with Two items that have consumed my recent development are Security and Analytics.

Both are "must have" features for a web service. You want to be sure you can both maintain the security of your user's data, as well as guard your site from the abuse that can be so rampant on the Internet.

And I also feel that you have to build in enough Analytics capability so that you can understand how your site is being adopted. Is it meeting your users needs, and is it performing well from a business point of view?

I think most entrepreneurs agree that incremental refinement is the best way to approach the design and implementation of a hosted service. Without Analytics in place, you won't know if your refinements are working, or even if you're on track to create a viable business.

Most young sites can get by initially by just throwing a Google Analytics token on their site. But to really understand your conversion pipeline, you need to track your user's through a service adoption pipeline.

If you can't answer the question "What percentage of my visitors convert to paying/monetizable customers and how long will they stay?", then you don't really have any idea if your product is going to be a success.

Roy Leban said...

@Mike: I think those are great points. For both Puzzazz and Groupthink, I'm doing two things:

1) I'm definitely using Google Analytics. I get a lot of information very easily. For example, I learned that Puzzazz has been accessed from 60(!) countries and all of the states but one. I can track trends easily and I can get a decent idea of what visits look like. And, as you know, I'm hardly an expert at using Analytics. It's a no-brainer.

2) I'm collecting data that I can't currently browse or query, but I'll be able to build some reports later that provide me more information. Building those reports is a post-launch priority.

Post a Comment