Thursday, December 31, 2009

Go Daddy Domain Renewal

I just renewed our domains with Go Daddy, and things didn't go as smoothly as they have in the past. I tried to use some of the coupon codes they sent me (e.g., gdr1251x, which takes 25% off a $60 purchase), but found that these coupons don't apply to bulk renewals or otherwise discounted items. This was confirmed by a customer-service representative with whom I spoke. Unfortunately, he failed to offer me any discount beyond the bulk rates that were already applied to my shopping cart. He did, however, offer to complete my transaction. I politely declined, as I was not ready to admit defeat.

I tested all of the codes available via the popular coupon Web sites, but none* of them worked for my purchase. I then tried the other coupon codes I had been sent this month, but again no luck. I even tried splitting the purchase into two transactions to avoid the bulk discounts in favor of a possibly larger coupon discount. This didn't work either because some of the domains were still being discounted. Finally, I noticed that some of the expiration-notice emails contained coupon codes for 10% off, with no minimum purchase requirement. The first two didn't work, but the third one did. The winning code was gd50bbpd5. No expiration date was given, but most of the codes that Go Daddy sends by email expire in less than 30 days. If you need it, hurry before it's gone.

*There were coupon codes available that gave a tiny discount for .com renewals, but I was looking for a dollar or percentage discount off the entire purchase.

Saturday, November 28, 2009

LLC Registered Agent, Part 2

We recently switched to a new registered agent, which required us to notify the Secretary of State by filing an updated Statement of Information (Form LLC-12). Unfortunately, we didn't take mail processing times into account, which left us in agent limbo for a few weeks. Apparently, recent budget cuts in California have sharply increased how long it takes the Secretary of State to process requests.

I contacted our former agent, LegalZoom, and they assured me that they would forward any court documents served to us during the period between the time that we signed up with InCorp Services and the time that the Secretary of State recorded the change of agent. As far as I know, they were not required to do this, so I would not recommend relying on the good will of your current agent if you plan on switching. Instead, check the mail processing times in your state, and make the switch early enough for the change to be recorded before the contract with your current agent expires.

Wednesday, October 21, 2009

Annual Filing Division Scam

First there was Annual Review Board. Then there was Business Filings Division. Now there is Annual Filing Division. How many more will there be? None, if LLC owners simply ignore these bogus payment notifications. Save your money, and file your Statement of Information (Form LLC-12) directly with the Secretary of State when it is actually due. The Attorney General can't help you if you've already paid. Please review all solicitations carefully so that you don't end up being a victim.

Sunday, October 18, 2009

LLC Registered Agent

California's Secretary of State requires that each LLC designate a registered agent (or agent for service of process), who will accept summonses or other court papers in the event of a legal action. Failure to comply with this requirement could result in a costly default judgment. Companies operating in California are not allowed to act as their own agents, so this is yet another cost of doing business in the Golden State.

We formed our LLC using LegalZoom, whose LLC packages include one year of registered-agent service. We considered renewing with them, but they charge $159 per year (or $144 per year for a two-year renewal), which is more expensive than many other agents. For example, we received a solicitation from Patel & Alumit, who charge only $50 per year.

The Secretary of State provides a list of private service companies, which is too lengthy to serve as a useful starting point, but can be used to verify that a company can legally serve in this capacity. I found this blog post and this site to be good places to start a search. We selected InCorp Services because of their price guarantee, track record, and Web offerings (i.e., entity management system). They charge $99 per year, but they will match the price of any other registered agent in the same jurisdiction. I called their 800 number and confirmed that this is, in fact, the case. Bonus: If you register through this site, the first year is free!

After hiring a new registered agent, you will need to notify the Secretary of State by filing an updated Statement of Information (Form LLC-12). If you file the updated form outside the normal filing period*, the $20 filing fee is waived, which was the case for us.

Update: Read this to avoid a potential hazard.

*The normal filing period for an LLC occurs every other year during the calendar month in which its original Articles of Organization were filed and the immediately preceding five calendar months. For example, we filed our Articles in October 2008, so our next filing period will be May through October 2010, during which time we must file a new Statement of Information to comply with the biennial requirement.

Thursday, October 8, 2009

Business Filings Division Scam

Different name, same scam. The payment notice we received from Business Filings Division is virtually identical to the one we received from Annual Review Board six months ago, with the following exceptions: The address and phone number are in Sacramento instead of Los Angeles, the seal in the upper-left is slightly different, the words "Please Print Clearly!" have been added, and the price has been increased from $228 to $239. If you received a similar notice, please continue reading.

For those who need a primer on the Statement of Information (Form LLC-12) and its filing requirements and cost, please review this post. The upshot is that the actual cost of filing this form is $20, and it must be filed once every two years, no later than the month in which you filed your LLC's Articles of Organization. Part one of the scam is charging you 12 times as much to fill out their form instead of the actual form. Part two is demanding payment when the Statement of Information is not actually due.

For additional information, please consult the California Secretary of State's warning about solicitations that target LLC owners.

Monday, September 7, 2009

Drupal Security, Part 3

After hardening our Web server, I revisited the subject of hardening Drupal. There are many topics to consider, but the single most important is keeping modules up to date. In the default configuration, Drupal periodically checks for available updates for installed modules; heed any warnings on the administrative status-report page by upgrading indicated modules as soon as possible. It's a good idea to subscribe to Drupal's security news email list or to follow Drupal security on Twitter in order to receive timely alerts.

The official Drupal site features a wealth of information on how to set up a secure site. The chapter on best practices and the section on secure configurations are good places to start. Once those concepts are incorporated, the next step is to install any appropriate security-oriented modules, such as login security and persistent login. There are currently over 100 such modules available, so it could take a while to determine which are best suited for a particular application. Invest the time.

Before writing any modules or adding PHP code snippets, read the chapter on writing secure code. It covers the common vulnerabilities and how to correctly use the various Drupal APIs to avoid them. The chapter on coding standards is also useful.

Thorough testing during development is critical, and scanners can play an important role in ensuring an application is secure. Drupal modules such as security scanner and outside projects such as Grendel-Scan are available to provide automated penetration testing.

If all of this seems like a lot to absorb, then I recommend reading Cracking Drupal. In this book, Greg Knaddison discusses the various security concepts and how they specifically apply to Drupal. The book is well-organized, and features many useful examples and recommendations. I read the book as a Drupal newbie and then again after a few months of coding, and I learned something from it each time. For me, the scattered nature of the documentation on the Drupal site left me wondering if I was missing anything important; having all the information in one place, however, has given me a well-structured, coherent view of Drupal security.

Monday, August 31, 2009

Linode VPS Update

I've finally finished configuring and hardening our new Linode. Actually, "decided to stop" would be more accurate than "finished" because there is always more that could be done to improve a server's security. The law of diminishing returns definitely applies, though, so you'll have to balance your level of paranoia with the amount of time you can dedicate to the task.

As I mentioned in my previous post, installing a LAMP stack on a Linode is quick and easy. The hardening process is where the fun begins, especially if your sysadmin skills are a bit rusty (or non-existent). The biggest problem is finding information that is current, correct, and applicable to your individual needs. The official documentation for each of the LAMP components is mostly current and correct; however, reading through hundreds of pages to find the parts that are applicable to your situation is definitely time-consuming—even for Evelyn Wood graduates. At the other extreme, there are thousands of Web sites that offer applicable configuration advice, but finding ones that are both current and correct is a real challenge. In most cases, my solution was an amalgamation of various approaches drawn from individuals' documented experiences, which I checked against official references and corrected or improved where necessary.

For me, the hardening process followed the Pareto Principle: I completed about 80 percent of the process in about 20 percent of the time. Completing the final 20 percent was often tedious, occasionally frustrating, and dragged on and on. Nevertheless, I am glad I stuck with it. The time invested now will hopefully save us much more time in the long run.

Being in charge of your own security is one of the drawbacks of using a VPS or dedicated server because of the extra work required; however, it is also a benefit because you can go far beyond the security offered in most other types of hosting services, which must accommodate a wide range of applications and configurations. It's a trade-off that depends on many variables, so you'll have to evaluate your own situation carefully. Just don't fool yourself about how secure your server really is.

Wednesday, July 29, 2009

Virtual Private Server (VPS)

It was only a matter of time. We knew—hoped, actually—that we would eventually outgrow Go Daddy's shared hosting service, but we didn't expect it to be this soon. Before even putting their service to the test with our site launch, we ran into some limitations regarding MySQL permissions: We need to use triggers and stored procedures, and the shared hosting accounts do not allow this, ostensibly because of security concerns.

I contacted Go Daddy, and inquired about virtual dedicated servers, their next higher level of hosting service. This type of account, which is more commonly called a virtual private server, or VPS, uses a technique called virtualization, which gives each user his own operating-system instance. This approach provides many of the advantages of a dedicated server without the high cost; however, the resources of the server are, in fact, shared with others. Each OS instance is insulated from the others, so a mischievous or negligent user cannot affect those with whom he shares the server.

Go Daddy's economy plan, their entry level VPS, comes with 10GB of disk space, 256MB of RAM, and 500GB of monthly bandwidth. I was offered 25% off the standard price of $30/month for a 1-year commitment, instead of the usual 10% discount. A 20% coupon code further lowered the price to $18/month. The problem is that the Linux distro offerings are quite limited: The latest versions are Fedora 7 and CentOS 5, both of which were released over two years ago. Moreover, a $5/month panel upgrade is required to gain access to either of them. Without the upgrade, the latest distros are RHEL 4, Fedora Core 4, and CentOS 4, all of which were released over four years ago, and none of which supports MySQL 5.0, a requirement for us. Assuming an equal discount on the panel upgrade, the price for Fedora 7 or CentOS 5 would be $21/month.

I researched at least two dozen VPS alternatives, and most were quite expensive by comparison. I spoke with a friend about our situation, and he suggested we take a look at Linode. Wow! Not only do they offer the latest Linux distros, more disk space (16GB), more RAM (360MB), and a highly configurable environment, but it costs only $18/month (after a 10% discount for a 1-year commitment). The only metric where they trail Go Daddy is monthly bandwidth with 200GB, but that is plenty for us at this time.

While conducting my research, the company I came across with the most-similar offerings to Linode is Slicehost. Both offer configurable VPS hosting, with multiple tiers of service to accommodate a growing business. My impression is that Slicehost, a subsidiary of Rackspace, provides top-notch service, and would make a solid choice. However, they offer less disk space (10GB), RAM (256MB), and monthly bandwidth (100GB) than Linode at their $20/month entry-level service. As a bootstrapped startup, price is a strong consideration for us, so we decided to go with Linode. After signing up, it was very simple to install a Linux distro and configure a LAMP server with a functioning Web site. Very cool.

I would recommend services such as Linode or Slicehost to developers, but not to the non-technical or those who prefer Plesk or cPanel. You don't have to be a Linux guru by any stretch, but it helps if you have some familiarity with Linux distros and how to set up a secure site. There are many tutorials available, and both of these companies have active user communities who can provide assistance, so don't hesitate if you're worried about having to go it alone. Linode offers a 7-day money-back guarantee, so there's no risk to take it for a spin. If you decide to sign up with Linode, please consider using our referral code.

Sunday, July 19, 2009

Long Time, No Post

Wow. It's been over a month since my last post. This is actually a good sign, because it is indicative of the intense code development taking place at Truth Rally. I also must give credit (or blame) to Twitter for serving as a release valve for any pent-up urge to blog: There are a dozen tweets on our Twitter account since the last entry here. Granted, most are not blog-worthy, but several deserve more attention.

Over the next few weeks, I expect to report on a number of issues, as well as elaborate on those I've mentioned via Twitter—particularly the ones dealing with our Drupal experiences. For those on the beta-test signup list, we appreciate your patience as we work to complete the site. For those interested in the signup bonus, click here or on the Truth Rally logo located at the top of the right-hand column. Stay tuned.

Monday, June 15, 2009

Go Daddy Shared Hosting

I recently noticed that Go Daddy's shared hosting service does not offer the latest versions of various software—such as PHP and MySQL—which I find disconcerting. I called their technical support number, but was not given a satisfactory answer as to why they do not offer the latest releases—neither major nor minor—of fundamental Web software. Go Daddy's customer support is normally very good, but my question is admittedly more esoteric than what they usually field.

Next, I emailed my question to Go Daddy's customer support in order to give them more time to research the issue. I was told simply that they "have no time line to provide in regards to updates applied to shared hosting servers." Fair enough, but it didn't really get to the heart of my question. I emailed them again with a refined question: "[W]hat is the rationale for not using the latest stable releases of PHP and MySQL?" I was referring specifically to bug-fix releases, and pointed out that numerous security holes had been fixed since the versions they offer. The response this time was that "new releases often contain features that may be exploited in a shared hosting environment and must be extensively reviewed by our administrators for security before being implemented with our network." This answer might apply if I had asked about major upgrades, but I did not. As it stands, the versions they are using have more security problems than the minor upgrades to which I referred.

I refined my question one last time: "[W]hat is the rationale for not installing [bug-fix releases] to fix the many security and performance bugs that currently threaten the shared hosts?" I then implied that I would be blogging about this issue, and wanted to represent Go Daddy's policies as accurately as possible. This time a week went by before receiving the following response:

Your email correspondence has been forwarded to the Office of the President for a response.

As we understand, you are inquiring about bug-fix updates for services included within our Shared Hosting environment.

Before we install periodic updates on our servers, each new update must first be fully tested for compatibility in our environment to ensure that widespread issues are not caused when these versions are rolled out on production servers. Please rest assured that after testing has been successfully completed, the respective updates are then installed.

We do thank you for your understanding and hope this information has been helpful to you. Should you have any other questions or concerns with which our office may assist, please feel free to contact us directly.
They state that each new update must be fully tested, which I can appreciate; however, some of the bug-fix releases have been available for several months. How long does this process take? I think it is clear that the advantage of fixing numerous known bugs far outweighs any potential disadvantage of introducing new bugs. PHP and MySQL are open-source software, and all bug-fix releases are carefully vetted, and used immediately by a large community of early adopters. Moreover, all fixed bugs are published, which makes it easier for attackers to exploit a vulnerable system. Granted, this process is not foolproof, but for large projects it has a solid record. I welcome any comments on this issue, as I am by no means a security expert. My intent is not to disparage Go Daddy's upgrade policy, but rather to raise questions which I hope will lead to improved service.

When I discussed this issue with my co-founder, he suggested that this might be a sort of perverse incentive for users to upgrade to (i.e., pay more for) a dedicated server, on which one could install whatever software one desires. Unbeknownst to him, the second email I received actually did suggest that we consider a dedicated host. Less cynically, I suspect that it is probably just a matter of allocation of resources, with the less-expensive shared hosting service naturally receiving less attention. In any event, we will continue to monitor this situation so as to protect Truth Rally's site and users from known vulnerabilities that have yet to be patched. If our service is successful, though, we will be forced to upgrade to accommodate increased traffic, so this issue—at least for us—would then be moot.

Tuesday, June 9, 2009

Yet Another Sprout Update

We received a 30-day warning from Sprout today regarding the widget featured on the landing page of our temporary sign-up site:
Please note: If you don't return to the site in the next 30 days to sign up for either a free account or a subscription, we will terminate your account and you won't be able to log-in. Thank you very much for your support.
Based on the last update from Sprout, the drop-dead date was June 28. Now it appears to be July 9, which means we have been granted an extra 11 days to go live with our actual site (currently in development). The clock is ticking!

Wait a minute. When did they add back a free account? I just now reread the prior warning message from late April, and sure enough I missed this:
In response to customer feedback, we are offering a limited free account, in addition to the four paid levels of Sprout Builder... If you currently have more projects than is permitted in the level you desire, you need to delete projects from your account before subscribing.
The project limit for the free account is three, which is very reasonable. Okay, I just looked at the subcription page and there is a catch: The free Sprout is ad-supported. Our current widget features no ads, so we'll just wait until July to sign up.

Sunday, May 31, 2009

Spring Cleaning

Note: RSS subscribers can skip this post.

As Spring comes to a close, it seemed like the right time to clean up the clutter that has accumulated here at the Truth Rally blog. I've noticed load times increasing, so the first thing to go was the YouTube widget. Ever since Warner Music Group demanded that their content be removed from YouTube, the playlist has been in a perpetual state of flux anyway, as one video after another has been yanked. Besides, I'm probably the only one viewing any of the videos. As you might recall, the music videos were merely test content; the purpose of the Truth Rally channel is to host how-to videos for users of our site.

Next, I thinned out the blog labels, which numbered near 200. Yikes! I consolidated and removed over 70 of them, but there were still too many to fit comfortably on the page. I was unable to find a widget that supported a scrollable or expandable label list, so I just removed the labels. "Let them use search." Finally, I reduced the number of posts per page to five, and deleted one of the AdSense ads. The blog is now spruced up, and loads noticeably faster.

Saturday, May 30, 2009

Pardon the Interruption

I haven't posted in nearly three weeks—by far my longest hiatus since starting this blog last October. There are two primary reasons: one bad and one good. The bad one is that I had to contend with some non-company-related matters; the good one is that we have been so busy coding the new site that I just haven't had the time. We are currently on schedule to begin alpha testing next month.

In the coming weeks, I will be writing about the issues we have faced designing and implementing a Drupal-based Web site, as well as the resources that we have found the most helpful in this undertaking. I had originally planned on writing about each issue as we contended with it; however, given that this is our first Drupal site, the resolution of several problems has unsurprisingly followed a meandering path. Not only would multi-post descriptions of this type be largely unhelpful to readers, but they would also stray too far from the intended business focus of this blog.

Tuesday, May 12, 2009

Annual Review Board Scam, Part 2

We received a vague form letter from the Attorney General's Public Inquiry Unit in response to the complaint I filed regarding Annual Review Board. Unsatisfied with the uninformative letter, I called the PIU and spoke with a representative. He spoke in generalities and disclaimers until I said those three magic words: Annual Review Board.

He gave me a brief history of the situation, and I told him about the blogosphere's involvement in alerting would-be victims. The upshot is that this company—by stating in their solicitation that their service has not been approved or endorsed by any government agency—is in compliance with California state law. Apparently, some judge, in his or her infinite wisdom, decided that charging more than 11 times the actual fee to file a Statement of Information, without adding any value, is, in fact, a legitimate service. Does law school fog the mind?

Despite the fact that this company is obviously preying on unsuspecting LLC owners, they are not technically breaking any laws—at least, according to the aforementioned ruling, which in my opinion defies common sense. So if you fall for this scam, you will have a very difficult, if not impossible, time recouping any of your money. Take a minute and google any solicitations you receive to ensure they are legitimate before getting out your checkbook.

Wednesday, April 29, 2009

Sprout Update

It's been a few months since we were notified that Sprout would ditch their free service, but they didn't officially begin charging until today. For those who don't recall, their original announcement seemed to give a mere two-week grace period, which was not received well here at Truth Rally. Luckily, they didn't stick to that. According to a recent email:
What if I decide not to pay?
All customers have 60 days to sign up for one of the subscription plans (paid or free). After the two month grace period, we will turn off all sprouts for users who have not selected a subscription level.
It looks like the sprout on Truth Rally will live on until at least June 28, unless we replace it or launch the actual site before then. I'm hoping for the latter.

Drupal Security, Part 2

According to Drupal security expert Greg Knaddison, the warning that I referenced in my first post in this series is overblown. He stresses that keeping Drupal's core, modules, and themes up-to-date is the proper focus. He continues:
Much more important than any benefit you get from hiding the versions of Drupal modules you are using is the benefit to the world and the credibility you gain by writing case studies. Then if you do get hacked people will be more likely to help you.
Knaddison is the author of the forthcoming Cracking Drupal, which details best practices on keeping Drupal sites secure. It covers vulnerabilities inside and outside Drupal, how to identify them, and how to protect against them. After reviewing the table of contents, I've decided to purchase a copy and put its lessons into practice. Furthermore, I've decided to lift my self-imposed ban on publicly discussing our Drupal particulars.

Friday, April 24, 2009

Blog Milestone

This is my 100th post. As Peter Griffin said after announcing to his family that he is fat, "Let me give you a minute to absorb that."

Despite my pledge last year to avoid the fate of most blogs (i.e., abandonment), I'm still a little surprised to reach this milestone. Yes, my blogging rate has slowed since last year, but I am still doing about ten posts per month, which I think is respectable for a startup's journal. The decrease is due primarily to our shift in focus from organizational tasks to software development.

Traffic to this blog, on the other hand, has steadily increased over the past two months, thanks primarily to high rankings in Google search results. In particular, my recent post about a scam targeting LLCs has been my most popular to date: It quickly shot past 100 unique page views, each of which hopefully represents an LLC owner who avoided being victimized. Well, make that all but one (see comments).

Monday, April 20, 2009

Corporation Number

As I described in this post on TurboTax Business, our company is organized as an LLC but is taxed as a corporation; for our situation, this is the best of both worlds. This status, however, led to a problem on the California corporate tax form (Form 100), which requires a seven-digit corporation number, but has no provision for LLCs that have yet to be assigned one. I spoke with a representative at the Franchise Tax Board, who instructed me to leave it blank; however, TurboTax Business considered this an error and prevented me from e-filing the return. I ended up entering all zeroes as a compromise.

As it turns out, this solution worked: We have just received a notice from the FTB assigning our LLC a corporation number. The notice instructs us to use the new identification number "on all California corporation income tax returns, payments, and documents" we file with them.

Wednesday, April 15, 2009

Drupal Security

In an effort to help others, I had planned on sharing our experiences with Drupal as we develop Truth Rally; however, I have since learned that this can pose security risks. For example, revealing any installed modules or themes can make it easier for someone to exploit known vulnerabilities. Even revealing the version of Drupal that is used on a site can make it more vulnerable to attack. As a result, I will only be offering general updates on our development. Those of you who are disappointed can thank all the cyber-assholes out there for ruining yet another good thing.

Update: See our policy update here.

Tuesday, April 7, 2009

Annual Review Board Scam

Speak of the devil! Shortly after receiving a warning about bogus solicitations, we were targeted with a scam letter from an organization that calls itself Annual Review Board and is based in Los Angeles. In bold letters, they admonish us to "Remit Immediately" in order to "Avoid Penalties, Fines and Suspensions." Here is a copy of the letter:

They want you to pay $228 for something you can do yourself—just as easily—for $20. Now that's chutzpah. Moreover, it's highly unlikely that they will actually file a Statement of Information (Form LLC-12) on your behalf, which means you could end up missing your actual deadline with the California Secretary of State and thus owe a penalty of $250. I feel sorry for any business owners who wind up paying $498* for something that should have cost them $20. In an obvious attempt to keep their sorry butts out of jail for mail fraud, they include this statement: "This product or service has not been approved or endorsed by any Government Agency, and this offer is not being made by an agency of the Government." Duh.

The form itself appears professional, complete with an official-looking seal featuring an eagle and shield. It also includes the LLC's file number, which is issued by the Secretary of State; however, this number, as well as the LLC's business address, is public record. As for the due date, they apparently just chose a day this month—to add to the urgency—instead of the actual due date. To paraphrase Maxwell Smart, If only they had used their skills for niceness instead of evil.

Update: For information on the legality of this scam, read about the Attorney General's position.

*Swindler's fee ($228) plus late filer's penalty ($250) plus LLC-12 filing fee ($20).

Friday, April 3, 2009

SEO, Part 5

March was the first month in which the majority of visitors to this blog arrived via search results. It is an encouraging milestone, which was achieved by following the SEO strategies described in a prior post. Apparently, one of the most helpful strategies is putting relevant search keywords in the URL, which on Blogger is based on a post's original title (or first several words, in the absense of a title).

Nearly all of the organic referrals to this blog have come from Google, so I was curious about one of the referrals from an unfamilar site called Kosmix. I did a little research, and found that my post on TurboTax Business was that site's top search result on the subject. Cool! After looking a little closer, though, it turns out that Google was ultimately responsible for that referral, too:

Tuesday, March 31, 2009

Solicitation Warning

Today, LegalZoom sent me an email alert regarding unscrupulous companies that are targeting LLC and corporation owners with misleading solicitations. The solicitations apparently request the completion of an official-looking form and the payment of a filing fee. The full details of the scam can be found in this alert issued by California's Secretary of State.

It sounds similar to any of a number of scams in which a company accesses your public information (e.g., mortgage or property tax) in order to pass themselves off as an official government office requesting payment. I'm not sure who falls for this type of scam, but obviously someone does given their continued existence. As a general rule, if you intend to pay a government fee or tax, make sure you aren't writing your check to a third party.

Monday, March 30, 2009

Cost of Business

As we approach the end of our second quarter in business, it seems like an appropriate time to review a breakdown of our expenses thus far:

Government     74.2%

The largest expense—by far—is compliance with governmental requirements; taxes and tax-compliance costs account for over 60% of this category. Internet costs, which include domain registration and hosting service, are the next largest expense. We will be starting paid advertisements this quarter, but have engaged only in free activities up to this point. The final category includes mailbox rental, software costs, and office expenses.

Clearly, we are running this business on the cheap. Our motivation for doing so should be equally clear: It's our money we're spending. For that reason, bootstrapped companies like ours typically have a more difficult time justifying expenses than companies with outside funding. This is good when it leads to prudent use of funds; it is bad when it leads to overly cautious spending that slows progress. It is not always obvious which is the riskier route: increasing your burn rate to reduce time to market, or preserving capital and thus increasing time to market. A straightforward risk-reward analysis—particularly for large expenses—can be a helpful guide.

Tuesday, March 24, 2009

Launch Update

Today, we sent an email update to all those who have signed up for Truth Rally's upcoming beta test. The message alerts them to our schedule slippage, and states in part:
Based on our current rate of development and sign-ups, we are moving our launch date to June. Over the next quarter, we anticipate completion of site construction and alpha testing; we will also conduct a formal advertising campaign, which will help us meet our membership goals. We appreciate your patience...
With regard to our forthcoming ad campaign, we received promotional credits from GoDaddy for Google AdWords ($25), Microsoft adCenter ($50), and Facebook Advertising ($50) to get us started. Google is also offering Analytics users a $50 coupon (code: E68N-YPJ2-R4Y3-B4NS-SS) to get started with AdWords; this deal expires April 15, 2009.

Monday, March 23, 2009

Social Hub

Since starting our company, I've become involved in several social networks to help spread the word about Truth Rally. But keeping track of all my accounts, as well as referring others to them, has become unwieldy. That's where UnHub comes in.

UnHub is a free service that provides a simple framework for presenting all of your social-network accounts in one place—your social hub. Unlike social-network aggregators like FriendFeed and Socialthing, which present a unified stream of data from various sites or share data across them, UnHub merely provides a unified URL.

It only takes a few minutes to set up and configure an UnHub account. You can then use your personalized URL to direct others to all of your accounts, which are displayed in a persistent menu bar across the top of the browser window. UnHub also provides rudimentary analytics: the number of times each account is displayed during the current day, past week, and past month, as well as since account creation. Despite its bare-bones design, this is a cool service. Check out my URL for an example.

Saturday, March 21, 2009

A Twitterer, Not a Twit

I finally gave in and signed up for a Twitter account, which I will use to make brief Truth Rally announcements that are not blog-worthy. For those who aren't familiar with this rapidly growing service, it could be described as a micro-blogging social network. Each post, or tweet, is limited to 140 characters, and is public by default. Tweets can be sent and received via their Web site, your mobile phone, or any of several related applications. Twitter seems to be at the center of an entire ecosystem of new services.

Based on monthly visits, Twitter is currently the world's third most popular social network, trailing only Facebook and MySpace. I don't pretend to understand the mass appeal of Twitter, but I do recognize it and decided it was worth joining: Anything that attracts attention to our site is worthwhile. Prior to our site's launch, I don't expect to have much of a following, if any; however, users of the eventual site might find it informative, so I might as well get into the habit of using it now. Those who are interested in following me on Twitter, can do so by clicking the link near the top of the right-hand column.

Coincidentally, Twitter is celebrating its third anniversary today, a tidbit I learned from the first three tweets I received after signing up. Happy birthday!

Friday, March 20, 2009

Drupal Content

Drupal, like any content-management system or framework, is centered around content (obviously), so designing your Web site's content types is the logical CMS starting point. There are two default types of content available in Drupal: page and story, similar generic types that are adequate for only the most basic information. There are also several optional types, which can be enabled to provide specific functionality, such as blog entries or polls. However, most sites will need to define and use their own content types to provide all desired features and functionality.

Content types are easily defined in Drupal using the Content Construction Kit (CCK). New content types come with three default fields: title, menu settings, and body; fields such as author and timestamp are not visible through the CCK's interface. New fields can be defined as one of the following types: text, decimal, float, integer, node reference, or user reference. If this selection proves insufficient, there are hundreds of special-purpose field types available through contributed modules. Other configuration options for the content type and each of its fields can also be set with the CCK, but are beyond the scope of this post.

It is fairly simple to get started with the CCK, but will probably require some trial and error to understand some of the finer points. I recommend just diving in, because it is easy to undo mistakes or simply start over with a new content type or field. Thus far, we have defined nine custom content types, but none will be revealed until Truth Rally goes live.

Wednesday, March 18, 2009

Company Voice

It is important for any company that wants to be taken seriously to make a consistently professional presentation to potential customers. This presentation includes everything that is public: your storefront, Web site, employees' conduct, blog, advertisements, business cards, etc. This can be a challenge to companies that are operating on a tight startup budget, and can require some creativity.

Even though we don't yet feature our business number* on our Web site, it is publicly available through Truth Rally's WHOIS information. (And I let the cat out of the bag in my second back-story installment, though I omitted the area code.) To stay a step ahead, I decided that we needed to get a professionally recorded voice-mail message now. With no money in our budget for this task, I considered the alternatives.

My first thought was to use one of the available text-to-speech products. I tested the current offerings from a variety of companies, and found them to be inadequate. Though they use recorded words from actual voice actors, it is obvious that you are listening to synthesized speech. After ruling out this possibility, I asked a gifted friend if she could help me out. She generously agreed, and recorded a professional message for us. I surprised my co-founder, Mike, with the new message, and he was very pleased. We both think she did a great job and could even have a future in voice acting. Thanks!

*Our company's phone number is 858–IT'S–TRUE.

Monday, March 16, 2009

TurboTax Business

I completed and filed Truth Rally's first tax returns today. I used TurboTax Business 2008, and the process went smoothly, except for two problems that I encountered in the state product (California).

The first problem dealt with our company being an LLC that is filing as a corporation: California's corporate form (Form 100) requires the entry of a seven-digit corporation number. As an LLC, we have only a 12-digit file number, issued by the Secretary of State. For this field, TurboTax accepts only entries containing up to seven digits, and has overrides disabled. After several fruitless Google searches, I called Intuit to see if there is a way to get around this; there is not. I then contacted the Franchise Tax Board, but was repeatedly kicked out of the queue because of the high call volume. So I did some investigation and found another number to call, waited on hold for 40 minutes, and found out how to deal with the problem: leave it blank, and a corporation number will be issued upon filing. TurboTax, however, did not like that solution, so I eventually entered all zeroes to make it happy. I assume the FTB will not be confused by this obvious placeholder.

The other problem was that the state product did not correctly compute our estimated taxes for 2009. In California, the minimum franchise tax of $800 must be paid with the first installment of estimated taxes using Form 100-ES; however, TurboTax computed that we owed nothing. I filled out the form manually, and sent the FTB a check for the full amount.

To save the cost of postage, I filed both returns electronically (e-file). This required me to have an electronic signature, which means that I had to sign Form 8453-C and then obtain an electronic copy of it in PDF format. TurboTax customers who don't have access to a scanner can use Intuit's free Fax-to-PDF service. My first attempt at using this service failed to deliver in the promised five minutes, but the status report gave me four possible reasons for the failure. I reasoned that the cause was insufficient fax resolution, so I increased it to "super fine" and re-faxed the form. This also failed, so I increased the resolution to photo quality, which succeeded. TurboTax then attached the delivered PDF signature file, and e-filed the returns. They say that federal returns will be officially accepted within two days, and state returns, within five days. However, our federal return was accepted by the IRS within three hours and the state return was accepted by the FTB just 90 minutes after that. Excellent.

For our first tax year, we owed no taxes—not even the minimum franchise tax, which is waived during the first year for entities filing as C corporations. Because we had only expenses during 2008, we ran a net operating loss (NOL), which can be carried forward to offset future profits in order to reduce our future tax liability.

Overall, I would recommend TurboTax Business, and plan on using it again for tax year 2009. It would be nice, though, if TurboTax—as well as QuickBooks—was more aware of the concept of LLCs filing as corporations. For the most part, it just treated us as a corporation, and ignored the subtle differences, which made me slightly less confident about using the product.

Sunday, March 15, 2009

QuickBooks Is Disappointing

I finally got around to doing Truth Rally's books using QuickBooks Simple Start, and I regret to report that it was anything but a "simple start." The main problem with QuickBooks is that it seems to be designed for (and, perhaps, by) accountants who lack computer skills, rather than non-accountants who have computer skills—the clearly larger audience. It lacks the step-by-step interview approach offered by companion Intuit product TurboTax, and also lacks its intuitive user interface. I found the tutorials and help features to be useless; I grew weary of seeing the words "ask your accountant."

For example, I wanted to know how to properly record startup expenses and organizational costs, since we just started our company. TurboTax expressly asks for both of these items, but a search in QuickBooks' help utility retrieved no relevant topics for either of them. A search for capital contributions, another necessity for a new company, returned only a definition, but no instructions on how to enter them. This level of incompetence is inexcusable—and frustrating. As a result, I turned to Google and found many others with similar questions, but few and imprecise answers. Fortunately, after some trial-and-error, I was able to get everything working.

After being a satisfied user of TurboTax for many years, I expected QuickBooks to have a similarly intuitive interface and an equally authoritative level of help available. Needless to say, I was sorely disappointed on both counts. I now understand why there are so many QuickBooks trainers out there, and why there are so many Web pages that document QuickBooks traps and other failings. If it were not for QuickBooks' integration with TurboTax, as well as the hours I've already spent learning it, I would look elsewhere for a better product.

Wednesday, March 4, 2009

Upgrading Drupal

Upgrading Drupal is even simpler than installing Drupal—at least for minor revisions, such as the recent security releases. Before performing the upgrade, I skimmed the many comments on the Drupal site pertaining to upgrade problems, which put me in a cautious mood. However, I simply followed the instructions in the included file UPGRADE.txt and all went smoothly.

The upgrade instructions on the Drupal site are not as well organized as those in the aforementioned file, so I recommend ignoring the former and using the latter. Yes, there are 14 individual steps, which might seem like a lot, but the steps are straightforward, with most taking less than a minute each to complete.

Nearly all Drupal releases include fixes for security vulnerabilities, so it is critical to upgrade as soon as possible to protect your Web site. Security announcements can be viewed here, or you can subscribe to the RSS feed or the mailing list to be notified immediately of any announcements.

Friday, February 27, 2009

The Taxman Cometh, Part 2

This past week, I spoke with three CPAs and an EA (Enrolled Agent) in order to find someone who could prepare our LLC's state and federal tax returns, which are due March 16. Despite the apparent simplicity of our first-year returns, the price quotes ranged from $500 to $1,000—which seems a little steep considering how little time it should take an experienced professional to complete. Because he wanted our business, the EA revised his offer to a first-year discounted price of $350. All of these individuals were recommended to me by people I know in the financial and accounting professions, so I didn't push any of them for discounts. For comparison purposes, I contacted a local H&R Block agent. His typical price for a simple corporate return is $350, and he offered me a discounted price of $300.

I had originally considered doing the returns ourselves with tax-preparation software until I searched for corporate tax products and found they started at $500. But before calling my co-founder, I decided to see if Intuit, the maker of TurboTax,* offers a corporate product. And sure enough, they do! TurboTax Business 2008—which is made for LLCs, partnerships, C corporations, and S corporations—retails for $109.95 (federal) and $49.95 (state). How did I miss this great deal during my original search?

I reported my findings to my co-founder, and he was even more displeased with the tax preparers' price quotes than I was. I told him about TurboTax Business, and he definitely wanted to go that route. So I did a little more research and found the federal version for as low as $58.00 here. It appears that the state product is not available for separate sale, but only as a download via the federal product; therefore, we will probably have to pay full price for it. Still, $107.95 is a very good deal, especially compared to the price of an accountant.

Then I remembered that a friend—who recently went to work for Intuit—told me that they have a friends-and-family discount program. He was able to get me the federal product for $26.94, for a total of $76.89, assuming we end up paying full price for the state product. Thanks, dude! I will post about my experiences with TurboTax Business in the coming weeks.

*I have used TurboTax ever since I began working as a sole proprietor in 1993. It has improved vastly over the years, and I highly recommend it to anyone who files anything but the simplest of returns.

Word Clouds, Part 2

I couldn't resist creating another word cloud using Wordle. This one is based on the content of the Truth Rally teaser page (click to enlarge):

Truth Rally Word Cloud

Wordle was created by Jonathan Feinberg, whose obvious artistic flair can be viewed at his blog. You can click this author link to see the word clouds I've submitted at Wordle.

Wednesday, February 25, 2009

Drupal Architecture

Before providing further updates on our Drupal development, I thought a brief overview of Drupal's architecture would provide a good frame of reference for interested readers. I wrote earlier that Drupal's architecture was one of the deciding factors during our CMS selection process. In particular, the architecture is abstract enough to allow us to design Truth Rally as we have envisioned it—without having to make any compromises or accommodations.

Drupal's architecture is divided into five primary layers:


The base layer is the data pool. Each datum (node) represents one piece of user-supplied information, such as a blog post or a comment. This data is filtered through the other four levels, which are configured by the developer to describe precisely its final presentation to the user.

The second layer is made up of modules, which are plug-ins that provide the real functionality in Drupal. The standard set of included modules can be augmented with any of hundreds of available contributed modules or with your own custom modules. Available modules provide support for charts, editors, picture- and video-sharing, polls, email, and much more.

The third layer is composed of blocks and menus, which provide the logical presentation of the data from the underlying modules. The fourth layer is where user permissions are applied in order to control what each user sees and to what functionality they have access—an aspect of the architecture that is especially useful for our site. The final layer is the template, which provides the look and feel.

Currently, my co-founder, Mike, is working on level 5, while I am focusing on levels 2 and 3. I will elaborate further on our experiences as we complete each phase of development.

Sunday, February 22, 2009

Word Clouds

Today I tested an online tool called Wordle, which generates word clouds, often called tag clouds, because they were originally used to give a visual representation of the frequency of tags associated with Web content. All you have to do is supply Wordle with some text, and a Java applet does the rest. After the default cloud is displayed, you can customize it by changing the font, word layout, and color scheme. I gave it this blog's feed, but it appears to have only used the most recent posts (click to enlarge):

Blog Word Cloud
I saved the above word cloud to the site's gallery for a little free advertising. Check it out here, and generate some word clouds of your own.

I found two minor bugs and reported them to the program's creator. Did you spot them? The first problem occurs only when the text source is HTML, as is the case for the feed I provided: The last word of a paragraph is merged with the first word of the next paragraph because there is no intervening white space—only HTML tags. For example, "... last.

First ..." produces "last.First" as a single word. The other problem is that terms properly ending in a period like "i.e." are reproduced without the final period.

Update: Take a look at this improved word cloud.

Tuesday, February 17, 2009

Reputation Management

I signed up recently for a new service called SM2,* which is offered by Techrigy. SM2 is a product that monitors and analyzes social media for selected keywords; it allows companies to track mentions of their brands and high-profile employees, as well as their competition. It serves the same general purpose as Google Alerts, but is combined with the depth of data analysis provided by Google Analytics. Active reputation management is extremely important in the libel-ridden world of social media, and products such as SM2 can play an important role in that task.

They have built their own index of social media, which they claim recently surpassed 1 billion pieces of content—from sources such as blogs (including media blogs and microblogs), wikis, forums, video- and photo-sharing sites, and social networks. Thus far, it has located more mentions of my selected keywords than Google Alerts has. Moreover, they provide real-time alerts, whereas Google provides only daily reports.

Their analysis tools provide extensive functionality including charts for daily volume, the aforementioned social media types, specific domains, popularity of sites that feature mentions, demographics of authors, tags used by authors, map overlays, and more. They also have tools that measure sentiment of brand references (i.e., positive vs. negative) and tone of content (i.e., very positive, somewhat positive, neutral, somewhat negative, very negative) for all search results. A cursory review shows their automated sentiment and tone determinations to be mostly accurate.

We are currently using the free version of the service, which provides up to five search phrases and 1,000 saved results. This is adequate for a small startup like Truth Rally, but larger companies can purchase one of their priced plans, which start at $500 per month. I am impressed with this service, and will follow up in the coming months once I've had more experience with it.

*I couldn't find an explanation of the name SM2, but my guess is that it is akin to Amazon's EC2, which stands for Elastic Compute Cloud. Similarly, I assume that SM2 stands for Social Media Monitor(ing). If this is correct, the "2" actually represents the second power, but for convenience is not written as a superscript.

Wednesday, February 11, 2009

It's a Small World

It has been three months since I began testing Google Analytics on this blog, so it seems like an appropriate time to offer a brief review. As I wrote earlier, Google does not report IP addresses or any other uniquely identifiable information about visitors; the finest level of detail is a visitor's city.

The information reported by Google Analytics is broken down into four main categories: Visitors, Traffic Sources, Content, and Goals. The Visitors section gives you technical details, such as browser type, operating system, and network type; trending information, such as visits, unique visitors, pageviews, and time spent on the site; and loyalty information, including new versus returning visitors, frequency of visits, and recency of visits. The Traffic Sources section reports how visitors find your site, including search terms they use to reach it. The Content section gives you various information on which pages visitors view most frequently. I haven't used the Goals section yet, but it can be used with ad campaigns to determine their effectiveness. These descriptions just scratch the surface, and new features are being developed and added on a regular basis.

One of the cool features is the geographical representation of visitors (see maps below). Thus far, this blog has been visited from 17 countries on four of the world's continents. Where are you, Africa and Australia? (I got a tip that a group of penguins was viewing my blog from Antarctica, but Google doesn't include that continent.) The color of each country gives a rough indication of the number of visitors, as shown by the legend in the lower left.

This blog has been visited by users from 25 states in the US, including the seven most populous states (which comprise 44.7% of the US population) and 16 of the top 20 most populous states.

Not surprisingly, most of the visitors are from California.* Each of the 44 dots in the following map represents the number of visits from the represented city, with the size of the dot proportional to the number of visits. As with the above maps, the color is representative of total visits as well. As shown, hovering the cursor over a city launches a small popup that indicates the number of visits.

I am using an IP-address filter to exclude my visits, so none of the above data includes yours truly. You can click on any of the above images for a better view.

Update: A visitor from Brisbane yesterday (Thursday, February 19, 2009) has added the continent of Australia to the ranks of this blog's readers.

Update: A visitor from Cairo yesterday (Wednesday, April 8, 2009) has added the continent of Africa to the ranks of this blog's readers. All continents tracked by Google Analytics are now represented.

*This is not surprising given that this blog is about a California LLC, most of my business network is in California, and California is by far the most populous state in the Union: 52.9% larger than the second most populous state, Texas, and 12.1% of the total US population.

Tuesday, February 10, 2009

RCApp.exe - Application Error

If you're one of the many Norton users who is being plagued by this dreaded RCApp error message and has been unable to repair it, I have the fix for you. I spent a lot of time explaining the problem to two clueless Symantec technical-support representatives, both of whom instructed me to reinstall the program and guaranteed that would fix it. The second one even had me download and execute a custom removal tool to ensure the entire program was removed before reinstallation. As I've since learned, this tool doesn't really remove everything. On my third try, I finally reached someone who knew how to fix it.

The problem occurs when you upgrade to one of the latest Norton products, and the uninstall process fails to remove LiveUpdate, the update program used by earlier versions. You are then left with a rogue process that continues trying to update a program that has since been removed, thus resulting in the aforementioned error. The latest products apparently do not use a separate program to perform updates.

To correct the problem, access the Control Panel and click on Add or Remove Programs. Locate the program LiveUpdate, and click the remove button. Voilà! It worked for me; if it doesn't work for you, let me know and I will research the issue further.

Wednesday, February 4, 2009

Technorati Blurbs

Technorati announced a new service that allows members to post articles and blurbs regarding particular tags, each of which is featured on its own page. The tag page for truth features relevant posts, photos, and videos. I posted the first blurb on the page:

There was no tag article either, so I began writing one. But then I noticed that before posting a tag article, one must first become a Blogcritics writer. I reviewed their site, and it looks very interesting. However, it would probably require a bigger time commitment than my work schedule can currently accommodate. Further, writing opinion pieces for Blogcritics would likely create a conflict of interest with my position at Truth Rally.

Tuesday, February 3, 2009

Getting Your Fair Share

I signed up for a new service today called FairShare, which tracks online content. Given a web feed, it reports when any web site copies the content appearing in that feed. If the content is licensed, it will also report any violations of the license terms, such as failure to link to the original content. Online plagiarism is widespread; it is particularly common among those whose purpose is to divert traffic to their sites in order to collect ad revenue, effectively syphoning it from the targeted authors. There are entire sites that are built via automated theft of original content, so it is important to protect your work if you intend to earn revenue from it.

I learned about this service from TechCrunch, and used their invite code to reserve a beta invitation. As I mentioned earlier, we will have a web feed for the latest results from Truth Rally, so this could turn out to be a great service to find sites that reprint our copyrighted material without permission or attribution. For now, I am testing it on this blog's content. I will post an update if it actually finds anything.

Here is a screen capture of FairShare's license options (click to enlarge):

Wednesday, January 28, 2009

They Don't Get It

We received a letter this week from California's Franchise Tax Board that illustrates what I have long known: Our state government doesn't understand how business—or much else in the real world—works. Their ignorance and arrogance is embodied by the following statement from that letter, regarding the $800 annual tax on LLCs:
"The annual tax is paid for the privilege of doing business in California..."
On the contrary, they are privileged to have us and other LLCs doing business in California. Businesses create economic activity, jobs, and—when profitable—tax revenue for the government. By their own principle (i.e., privilege carries a price tag), they should be paying companies to do business here. This is, in fact, what several states indirectly do through their favorable corporate law, tax codes, regulations, and legal systems. If California was more business-friendly, they might not be contemplating sending out IOUs in lieu of tax-refund checks right now.

Tuesday, January 27, 2009

ShareThis Update 3

After getting no response to my last email, I pinged ShareThis again regarding the two remaining problems I experienced with their widget. After another email conversation, I am fairly certain that there are currently no solutions to the problems I reported.

Both of these problems stem from their use of an image paired with a text label, as opposed to the image-only approach employed by AddThis. I'm not sure why ShareThis chose their particular approach, but I would recommend that they reconsider it given the number of issues it creates for some publishers—especially those who are using a template over which they have little control, as is common on blogging platforms.

The last suggestion I received from ShareThis was to use the custom-button approach. I tried that earlier, but getting the image and text to line up properly on different browsers was an exercise in futility. This time I took a cue from AddThis, and simply created a new image that includes the text. It's not perfect (see below left), but it looks better than before.

Update: After re-reading this post today (Wednesday, January 28, 2009), I decided to delete the final paragraph because of its cavalierly negative tone, which was not intentional. Whereas I was frustrated with the problems I encountered with the ShareThis widget, I was always satisfied with their responsive customer support—and that wasn't accurately reflected.

Sunday, January 25, 2009

Truth Tunes Update 3

TechCrunch reports that a lot of people are very angry about the recent rift between Warner and YouTube. You can find a collection of their responses at YouTube—check them out before they are pulled. I wouldn't say that I am angry about the situation, but instead disappointed that the two sides were not able to reach mutually agreeable terms.

Who am I kidding? I am annoyed at both sides for letting it get to this point and also for the frequent inconvenience: The latest Truth Tunes casualties were both of the featured Depeche Mode videos, which were removed due to copyright claims by Warner Music Group. Thanks, guys. So, again, I replaced them with other versions that are still available. The remix of "Policy of Truth" is cool, so have a listen before it's gone, too.

Thursday, January 22, 2009

Sprout Fallout

The folks at Sprout have changed their tune—a little. As I wrote a week ago, they decided to start charging for their basic service, which we were led to believe would remain free. To add insult to injury, they gave account holders only two weeks' notice to start paying or stop using their sprouts. Without acknowledging this misstep, they have, nevertheless, announced that they will give users—in essence—a longer grace period:

If you are an existing user who is not sure whether you want to subscribe for service, you can sign up for a free 30-day trial and continue to manage your Sprout projects for 30 days after we implement our paid service. If you decide to cancel your account, you will no longer be able to access your account to edit your projects, but we will not deactivate your existing sprouts without providing at least 60 days notice.

In other words, we have been granted at least an additional 90 days to use our sprout if we sign up for the free trial next month. A longer grace period is one of the remedies I called for in my previous post on this subject, so I am satisfied with their new offer. I don't know what caused their change of heart, but I have a feeling we weren't the only customers displeased with last week's announcement.

Tuesday, January 20, 2009

ShareThis Update 2

I followed up on the bug reports I submitted to ShareThis last week, and was contacted by one of their employees. Over the course of two days and several emails, we were able to get the problems fixed. It seems that Blogger wasn't playing nice with the ShareThis widget code. In one case, the remedy was to change a pair of single quotes to double quotes. In the other case, counterintuitively replacing the Blogger-specific code with generic code fixed the problem. I would like to thank ShareThis for their assistance, and offer a free plug to the guy who helped me. If you like electronica, check it out!

There are two minor problems remaining: The widget icon is about five pixels too high, and the widget label has inherited my blog's template style, thus appearing tangerine instead of forest green. I don't expect these to be resolved, and won't be dissatisfied if they aren't. But I mentioned them to ShareThis anyway, just in case there is an easy fix. I will post an update if there is.

Saturday, January 17, 2009

Diving into Drupal

My co-founder, Mike, and I finished the initial configuration and theme installation for our Drupal-powered development site today. After we finished, I mentioned to Mike that the only administration link I hadn't clicked on (visited links change color) was the help link. That speaks volumes about how intuitive the Drupal software is.

We selected the Zen theme and created a sub-theme so that we can easily customize the look and feel of the site. Last summer, Mike referred me to the CSS Zen Garden, a site that demonstrates how to properly design eye-catching sites using Cascading Style Sheets (CSS). When I was looking through Drupal templates recently, I noticed the Zen theme, whose name is an homage to the CSS Zen Garden and which follows their design principles.

We completed the block layout, which designates the display location of each piece of information. Next, Mike will be working on theme customization, and I will begin creating our content types.

Thursday, January 15, 2009

Two Strikes and You're Sprout!

The folks behind Sprouts, the cool Flash widgets I wrote about last month, did something very uncool. Not only are they beginning to charge for their Pro accounts (which is fine), but they are also charging for their "free" Basic accounts. I specifically signed up for a Basic account because the Pro account, which was free until now, carried a disclaimer that they would start charging for it in the future. Because no such disclaimer was issued on the Basic account, I was left to infer that it would remain free. Their explanation is, "In order to maintain [Sprout Builder's] value, we have discontinued the free version." Huh?

Also uncool: They are beginning to charge in early February, which gives me only two weeks' warning to find and implement a replacement technology. Our company is bootstrapped, which means we have no investors, and thus all our business expenses are coming right out of our pockets. There is currently no room in our advertising budget for even their limited-time, special offer of $139.50 per year. But even this account level will only be available this year, with the next cheapest plan at $599.50 per year.

If I had known that they would be making these moves, I would have chosen a different company's widget in the first place. The time I invested in their product cannot be recovered, and I will have to divert time from site development to rectify this. It's cliché, but time is money, and they have wasted ours.

To be clear, I don't begrudge Sprout, Inc. for charging for their products. I think it is great that they have developed a cool product that people are willing to pay for. My only quarrel is with the aforementioned uncoolness. I think that if they wanted to eliminate the free account offering, they should have grandfathered current users' accounts, or simply given a longer grace period. Two weeks' notice doesn't cut it.

I want future Truth Rally users to know that we will not treat our customers this way: We will offer free membership that will stay free. We will also offer a premium membership option, which will offer additional features, but will be completely voluntary. Presumably, the Sprout gang anticipated that they would receive some bad reactions to their decision, and felt the trade-off was worth it.

Sadly, the Sprout featured on Truth Rally will be coming down by the end of the month, at which time we will have to close our Sprout Builder account.

Wednesday, January 14, 2009

Installing Drupal

It's simple to install Drupal. I should know—I've done it five times so far. The first time, I used the automatic installation provided with Go Daddy's shared hosting service. It automates everything, including database creation and cron configuration—two steps the uninitiated might find problematic. This convenience is offset, however, by a lack of security updates as the Drupal version they install is a few revisions behind.

Unsatisfied with this trade-off, I enabled the secure shell (SSH) option on our hosting account so that I could directly access our web server and install the latest version manually. Unfortunately, adding SSH meant waiting a day while our account was moved to a new server.

The next three installations went smoothly, with only minor problems caused by my experimentation with hosting multiple web sites in our account. Our hosting service's multi-site capability was almost certainly an afterthought: I had to contend with several annoyances stemming from its inexplicably asymmetrical domain requirements. Ugh. And just when I thought I was done, a new Drupal revision was released. That installation made five.

The reason we are installing Drupal on our web server now—as opposed to installing it on our local machines—is that we would like to do our development in the exact environment on which we will launch the live site. This avoids any differences in software versions, which will obviate migration debugging. Our hosting account has unlimited data transfers, so why not?

The next step was adding password protection to the Drupal site. This provides an extra layer of security and prevents web robots from crawling and caching our development area.

Sunday, January 11, 2009

ShareThis Update

The day after I posted about ShareThis, one of their executives sent me an email requesting more details about the problem I'd encountered. Now that's customer service: I had planned on reporting the issue the following Monday after giving it another try, but they came to me beforehand. I sent him a description of the problem, and he submitted a bug report. The problem was fixed by that Tuesday. Good job.

I returned to their site, but found that I couldn't sign up for a publisher account using the same email address I had used to sign up for my user account. I ended up deactiving the user account, and signing back in from the publisher sign-up page. This enabled the publisher tools, such as the analytics reporting. Cool.

Since then I have encoutered two problems with the ShareThis button, which I reported via their feedback page earlier today. As I mentioned previously, I manually installed the button so that I could place it above the byline, instead of below it. This worked fine, except for one problem: Sometimes the button mysteriously appears in the default position instead of the specified position, and other times two buttons appear—one in each position. This behavior seems to be browser-dependent, as I have observed it with Internet Explorer, but not with Firefox. The second problem concerns custom buttons. I followed the instructions, but no button at all appears. I played around with the code awhile, but to no avail. I will post an update once these issues have been addressed.

I appreciate how difficult it can be for a web startup to bring a product to market, especially if they have to contend with browser quirks and blogging-platform differences. Their best customers are the ones who give them feedback to help them overcome these obstacles, and are patient and understanding enough to stick with them through any rough patches. That is exactly the type of customers that Truth Rally is looking for in our upcoming beta test. Nice segué, eh? Sign up today by clicking on the sign-up button near the top of the right-hand column, or by clicking here.