Suspicions regarding Magento licencing [closed] - magento

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have been doing webdesign for a small business in Denmark, which alrady have a deal with a larger company to create the final site.
Among this companys proposal, I see that they charge a rather large fee for installing Magento on my clients server, and an additional fee to integrate the design.
Same company forbids my client from having FTP or similar access to the server, and they are therefornot able to install this themselves.
My question is : is resale of the Magento really allowed by the licence? This company wants to charge a rather steep amout for even installing a blank version of it, no Magento-licencing included.
Ihave looked larger company up, and this company does NOT have a standing licence for Magento. And even if they got one, I have a sneeky feeling that something is legal/licence wrong here.
The reason I share this with you is that I have a guts feeling that I should raise some critical questions and suggest that My client uses another company for their webaite, but I need to be certain that Im on the right side.
The IT company has no partnership with Magento/Varien, and have a somewhat tarnished reputation already...
I have mailed Magento about this, but have not had any response yet.

Your question is not entirely clear. But a company can certainly charge for installing a licensed product on behalf of the licencee, this is just a consulting or service fee (unless the licence specifically prohibits a third party from doing this, which is possible (although unlikely) if a) source code is being exposed, or b) there are other commercial sensitivities such as NDAs. But then that is not your risk, it's the licensee's)
As for Ubuntu, a company can again charge for installing or maintaining an Ubuntu install, again this is consulting/service. In fact you can SELL a copy of Ubuntu too, if someone is willing to pay for it that is their perogative (and they in turn can sell it themselves). You just have to provide the source and the licence, not just a compiled binary in order to comply with the GPL.

I can understand the position of the 'large company' providing the managed hosting for the Magento build. However, I also understand your concerns.
Assuming that you are only working on the design, there is no reason why you cannot implement your design on localhost with the Magento 'demo store' products. You can then take your design along to the 'small company', get your designs signed off, archive the /skin/frontend/default/macguffin and /app/design/frontend/default/macguffin folders, hand them over to the company providing the 'managed hosting' and then collect your pay-cheque.
By not allowing you access via FTP the 'managed hosting' provider are ensuring that their clients have no third-parties able to access any-of-their-stuff. Furthermore, design is not that big a deal in a Magento build, there is also the payment gateway, the shipping setup, analytics and everything else that happens on go-live. They are also taking the responsibility of providing uptime, availability and the aforementioned security.
You and I know that you can do all of that on a virtual-private-server and get it done in a matter of days, with lots of testing but no client liaison meetings, office overheads to pay for, an expensive project manager to explain everything to, excessive time-sheeting to keep up to date and so on.
However, the 'small company' will have reservations on allowing someone other than the 'large company' doing all of that. Given that their web presence is pivotal to the success of their business, given that they may not have management resources, given the fear of the unknown, given a lack of in-house expertise, politically the solution they have arrived at can be considered as making business sense to them.
There is nothing wrong with the business arrangement from a legal/licensing point of view. From your point of view of getting the job done, you can do your design offline, i.e. on localhost, deliver the deliverables and collect your cheque.
If the deal with the 'large company' does not work out then, if your work is good, you will be well placed to take on the project, to charge 'freelancer' rather than 'agency' rates and build a long term relationship with the 'small company'. However, you are not there yet, your best bet is to forge a close working relationship with the 'small company' and the 'large company'. For all you know, the 'large company' may have other clients, and, if you work well with them (i.e. drop the suspicions and animosity-from-the-outset), then you will possibly get other design work from their other clients.

Related

Does using Heroku impose GDPR requirements on my app? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I am working on a small web-app as a hobby, and I would like to avoid any functionality that would trigger GDPR requirements. As such, the web-app neither collects nor processes personal data, does not set cookies (or otherwise track individual users), and also does not integrate any services that do these things.
My question is, if I deploy this app on Heroku, does Heroku do anything behind the scenes (e.g., collecting IP addresses) that would then impose GDPR requirements on my web-app?
Another way to put this would be, is it possible to use Heroku and have GDPR not apply to your website? (without preventing traffic from EU countries)
The first thing to check is hosting location. When you create an app, Heroku allows you to select whether it's hosted in the US or Europe (though no more specifically than that – you just have to hope it doesn't include the UK!).
Next, because Heroku is a managed app service, it means that they get more access than a typical VM would have. You then need to read their privacy policy, which presents a problem: Heroku is owned by Salesforce.com, who have taken a belligerent Facebook-style head-in-sand denial approach to recent court verdicts in this doc. They say in there that the ECJ did not invalidate standards contractual clauses (SCCs), which is true, but not the end of the story. The ECJ said that while SCCs are valid as legal instruments, they can only be used to manage transfer between jurisdictions that uphold EU data protection and privacy standards (which, as far as the US is concerned, has been shot down with the collapse of Privacy Shield), and this is deemed to be the responsibility of the service in question to substantiate. So, what you then want to know is where is the detailed analysis of the US legal position and the audit of the US security services that Salesforce is required to conduct if the SCCs they are using are to be considered valid?
This is of course a rhetorical question: Salesforce has conducted no such audit, nor could they do so in sufficient detail, which then means of course that SCCs are not a valid mechanism for transfers between the EU and US for any service that Salesforce runs.
That said, their privacy policy is pretty large, and I recommend you read it, though they still make reference to the now-defunct Privacy Shield, and make some assertions that would concern me. I'd suggest finding out exactly what they do with data held in EU data centres, what they do with logging, and look harder at their third-party sharing, as that's often the biggest problem area.
This isn't really the place to go further into this, so I'd recommend you read their policies, and also read the GDPR (that's not the official source, but I find it's much more usable), or find a lawyer if you want a more precise analysis. The primary focus of GDPR is on the broad principles, not implementation details, so if something seems dodgy, creepy, or overreaching, it probably is.
I apologise if this has raised more questions than it's answered!

How to write User Stories for technical implementation details? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I'm trying to work in a more organised way and started adopting user stories.
I think I have misunderstanding of how should I use user stories for technical stuff.
Let's say I'm coding an app that gives me the ranking of my site for a certain Keyword in Google.
The user story goes like that:
As an Internet Marketer
I want to find out where my website ranks for a keyword
So I'll know whether my SEO efforts work
Now this is pretty straight forward and user centric... However, what happens if I need to introduce Proxies into the loop.
On one hand, Proxies are technical implementation detail on the other hand, proxies is part of the Internet Marketer's domain.
How should I craft such story?
As an Internet Marketer
I want to use Proxies when searching in Google
So we'll be able to check a lot of keywords without Google blocking us
The above scenario doesn't sound right for me... Maybe I can rewrite it to be something like:
As an Internet Marketer
I want to be able to check a lot of Keywords at a time
So it'll save me time
This sounds more right, however what acceptance criteria can I give it? try scraping google 100 times in a min? Isn't it waste of time?
Here's another scenario. How should I craft a user story when the feature I want to implement is that a proxy can be used once in 30 seconds? I don't have any idea of how to approach this problem from a user centric perspective...
Another thing I thought of doing is to present another Role. Instead of being centered around Internet Marketer, I can say we have a role called Google Scraper. I can say that Internet Marketer is in relation with Google Scraper.
Now I can write a user story like:
As Google Scraper
I want to change proxies every Search
So Google won't ban me
What would you say about approaching technical implementation details like above? It can also help breaking the system down into modules...
You don't write technical stories. User stories should meet the INVEST criteria.
Proxies do sound like an implementation detail and should be avoided. You should not be mentioning proxy servers in your story. Even if they are part of the domain, there are potentially other ways to achieve the same effect.
Instead of writing "I want to use a Proxy, so that I don't get blocked", you should write, "I want to disguise my identity, so that I don't get blocked". If I was your customer, I wouldn't know why you wanted a proxy? Is it a forward, open or reverse proxy? There are loads of uses for a proxy server. You should pick the feature that you want to exploit.
However, you shouldn't get too hung up on perfect stories. The agile manifesto says, "Individuals and interactions over processes and tools".
When writing a user story, you should also consider the 3 C's: Card, Conversation, Confirmation. Do both the customer and you understand the meaning of the story?
Does the card meet INVEST criteria? If you answered yes to both those questions then the story is fine.
User Stories should not include technical details. During Sprint Planing technical details should be added as Delivery Team tasks nested below the User Story. These tasks should be created through discussion by the delivery team. You should not attempt to document every implementation detail under the sun as you will reach a point of diminishing return. Aim for 60-75 percent coverage on implementation details (tasks) for each user story as the details may change as coding begins. Any additional details developer discover during coding can be shared and documented briefly during the daily stand-up. should The User Story can be simple and non-technical while the Delivery / Development Team will flesh out story details as nested Tasks.
These Task should be visible to Developers through their Integrated Development Environment (IDE). As Developers complete tasks they can associate their checked in code with the task in your work item tracking tool (Jira, Team Foundation Server, On-Time)

Should an established business use cheap hosting? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I re-designed a few sites for a marketing & events company, and they are asking me to spear-head a host change because they don't like their current host, so they pay very little.
They have:
Five static sites (total of about 3GBs of disk space)
All five sites probably get 20,000+ visitors a month.
They currently pay $10 a month for shared hosting.
They have about 15 active e-mail addresses.
Their servers always go down, and their email always goes down.
They want to switch hosting and are looking into www.hostgator.com . They want to effectively pay the same yet get better results. I have recommended better hosting locally in Toronto that would cost about $50 a month, but with a very reputable company.
As I mainly deal with front-end design, I'm not sure how to best explain to them their best option. Should an established company use cheap ($10/month) hosting? Or is this asking for trouble? Should I politely explain that a company with 15 employees needs to invest more than $100 a year in their web presence?
That is a very low amount of visitors so any host should handle it, and space should not be a concern either. I agree they should invest more but it depends on how critical the sites are to their business, or whether they ARE the business.
It sounds like the current host is unreliable but you can find another host that has more reliability. 1and1, godaddy, ipower are 3 that come to mind and all typically under $100/year but I believe that is per-domain so they might still have to pay about the $50/month you are recommending for the 5 sites.
SEE: lf=Static&linkOrigin=&linkId=hd.subnav.linuxhosting">http://www.1and1.com/linux-web-hosting?_lf=Static&linkOrigin=&linkId=hd.subnav.linuxhosting
SEE: http://www.ipower.com/ipower/web-hosting/unix-compare-plans.bml
SEE: http://www.godaddy.com/products/websites-hosting.aspx?ci=72738
Your question about established company using cheap hosting: sure they can and if the host is not reliable they can find a better one and still stay cheap.
Your question about explaining they need to invest more: that depends on how critical the sites are to their business and their needs. If just brochureware about their company, and not their actual product, it might be acceptable to them. If their product is a web application and they are expected to be reliable for their customers, definitely have the talk. They can get a dedicated server with control panel to manage all their domains, email, etc. for less than $150/month, or leverage the 24/7 support of the vendors I mentioned above.
20000 visitors a month is only about 27 visitors an hour, or 1 every 2 minutes or so. That's a pretty light load, unless you're doing some real heavy-duty server-side processing.
As far as the user load goes, I think the basic shared hosting setup is probably sufficient. As an example, Go Daddy's setup is like $7.00 a month (US) and is pretty reliable. I've got a few clients hosting their sites there and we've had very few problems. I've also heard pretty good things about HostGator and their prices are similar.
If you want to go to a VPS (Virtual Private Server) setup, you don't need to spend $100/month. They start off at about $20.00 or so a month for a relatively basic setup, and go up from there depending on things like RAM and disk space.
The biggest advantage to a VPS might be the flexibility to install whatever additional software you want, something you can't do with most shared hosting setups.
The answer depends on the type of site they're running, or more precisely, how much money they gain by having a web presence.
If they're running a basic site that says who they are, what they do, and how to contact them, then they probably don't need decent hosting. 20k visits per month isn't much, so it's certainly not worth spending a lot of money on. In fact, you're probably better off spending the money on getting a nice professional redesign every 2-3 years or so, to keep the company image up to date.
If they're running an e-commerce site, where some of their orders come directly from their site, they should definitely invest more in their hosting. Keep in mind that for every hit that occurs during hosting downtime, you lose a potential customer. Paying $50 per month for hosting is good value for money if you're making $100 per month or more from online orders, which I hope would be the case for a successful business.
If they're looking to gain a bigger online audience, perhaps you should convince them to spend some money on an SEO campaign, and set aside money for the extra hits when your current hosting plan can't cope with the load.

Magento Recurring Billing Solutions [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Magento is a great product but out-of-the-box it really lacks recurring billing support. I've come to a crossroads with my current project and need some direction.
We have exhausted every Google search and module that is under the sun for Magento to support recurring billing the way we need it to. So far, all we have come across is one module that costs $300 by aHeadWorks in the UK. We've tried the module and are extremely disappointed so far, mainly just due to total lack of support and documentation; Nobody seems to have the knowledge to answer our questions, or even attempt to.
Our goals are simple and we cannot figure out why there aren't more solutions out there to do this, so the question becomes, what is everyone else doing?
All we need to do is the following:
Provide subscriptions for items such as web hosting, text message marketing, etc.
Tie into our merchant account and authorize.net
Keep the customer on our site at all times
Skrill Moneybookers & their module isn't compatible with what we need to do (at least in the US). PayPal sucks and wants to hold our money back and also wants to redirect customers to their site to setup a billing agreement. iTransact services are fantastic but there is one module that is 2 years+ old and has no support.
The answer is recurring billing is quite a taboo in the e-commerce industry. This is mostly because the big boys, i.e. Mastercard and Visa have very strict rules governing recurring billing transactions.
Recurring billing means storing a customer's credit/debit card data, long number, expiry, and cvv2, for future processing. However, this opens up a huge can of worms in terms of security. This is why Visa/Mastercard impose rules on merchants in becoming PCIDSS compliant. Practically this means your server/website have to be certified to be secure, using a service like McAfee PCIDSS, which basically scans your server/website remotely and attempts to break it. It looks for open ports, badly configured firewall (or lack of), xss scripting flaws, mysql injection breaches, operating system security breaches, and many more. One of the most important elements with PCIDSS is having all card data encrypted.
It is a laborious process, since once you are given a report, you are also expected to repair all flagged critical issues and pass the scan. There are other steps to complete, but I shan't enumerate them all here. See the pci dss website for reference. You are also expected to keep the certification up-to-date on a quarterly basis.
Basically what this means is that Visa/Mastercard don't particularly like the smaller merchants to have this feature, as they can be of major risk to clients. If their system is breached, hackers could use the card data for criminal enterprises.
This in turn means Visa/Mastercard favor the big players in the industry to handle recurring billing, such as PayPal, Worldpay, authorize.net, etc. One port of call, one entity to fine and recover losses if there's a problem.
And now we return to Magento. Whilst it is relatively easy to create a normal payment method in Magento, since most PSPs work in the same manner [mostly], recurring billing is handled differently from provider to provider. Furthermore, some are more restrictive than others.
I can't and won't recommend PayPal as I have had extremely bad experiences with them, I can definitely recommend Worldpay + Futurepay + Invisible XML method. You would need to hire a Magento developer to write a custom module for you, but it's doable. I am currently writing a module for a client in Norway using a norwegian payment method and recurring billing.
If you still need help, get in touch, I can write a module for your store.
Hope this helps.
Cheers,
Michael.
Paradox Labs has an Authorize.NET CIM extension that supports Magento Recurring Profiles and Braintree recently released an extension that also supports them. I have made lots of improvements to Magento's recurring profiles. You can definitely tell they are in beta form, but that should stop you from getting your hands dirty and finishing things that the Magento team hasn't got to yet.
Here are a few things I improved:
https://github.com/tegansnyder/Magento-Recurring-Beta-Grid-Improvements
https://github.com/tegansnyder/Magento-Programmatically-Create-Recurring-Profiles-Authorize.net-CIM
https://gist.github.com/tegansnyder
I'm had to make modifications to the cart controller to allow discount codes to display on the frontend when used on nominal items. By default they wouldn't display that they were applied.
I also had to make some modifications to the daily billing job that runs to remove the discounts the second time the profile is billed. Magento was applying them each time it reached the end of cycle.
Lots of little things here and there, but it's getting there.
You should look at the service OrderGroove.com. They specialize in recurring orders in e-commerce systems like Magento.
There are different strategies to implement recurring billing / product subscriptions with Magento:
Magento Recurring Profiles
Magento's built in recurring profiles feature can be used with compatible Magento payment extensions and gateways. These include PayPal, Authorize.Net CIM (Customer Information Manager). A payment extension which supports the recurring profiles feature is required for this approach, for example Paradox Labs CIM Extension.
Customize Magento to Support Recurring Billing
This can be done with a third party extension, like the (AheadWorks SARP extension) or developed from scratch.
Integrate External Subscription Management Software
Platforms which specialize in eCommerce product subscriptions include:
Subscribe Pro
Order Groove
Some subscription management software for digital goods includes:
Recurly
Zuora

What service do you use to distribute software? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I work for a medium sized software company and have been put to the task of finding a new way of electronically distributing our software. We don't have a super fast connection to distribute it ourselves so it would need to be a solution that we can upload to and send out links to customers. The customers won't be purchasing our software from our website as we already do most of our sales from direct sales and partner sales. Since I joined the company we have grown from CD distribution sized downloads to DVD sized distribution downloads. We released a new version and find the YouSendIT Service to be clunky and 99% of our customers receive a link to download the software. We only send out a printed media if requested. Is there a service besides yousendit that allows for unlimited file size uploads/downloads. I have heard of drop.io and it seemed to be similar to yousendit. If you could please point me in the direction of Electronic software distribution system that is 3rd party hosted would be appreciated.
Thanks
Mike
You should look into Content Delivery Networks, such as Amazon CloudFront.
You might want to reconsider the way you are going about this.
If you software is open source, you should be using sourceforge. Otherwise you should just get a cheap hosting plan with lots of transfer bandwidth.
For example, godaddy has an unlimited account (unlimited transfer, unlimited space) for about $14.95 per month.
You point a sub domain i.e. download.rivageek.com to that server. This gives your users confidence when they download your application.
If they have to go to some ad laden 3rd party site they might think twice about giving you money. If you lose only 1 customer to that, it pays for itself (assuming you charge more than 14.95 for your product).
The fine print on many of those 3rd party sites mean they own whatever you upload as well.
If you'd like something that allows (simplisticly) secure one-time downloads, I've used filehosting.org in the past. They give you a hashed link to the software when you upload it, which you can then email to anybody you want to be able to download the file. If you want, you can set it to delete the file after one download.
In response to using your own domain for the downloads, it's possible to configure both Amazon S3 and CloudFront to use a custom domain name. Here are the instructions for S3 -- very straight forward:
http://docs.amazonwebservices.com/AmazonS3/latest/index.html?VirtualHosting.html
If emailing out a direct link to your distribution file (zip, etc.) is sufficient, I'd say go with one of these services -- they're very cost effective, reliable, and easy to set up.
You could use a filehosting service or get a regular web host with unlimited bandwidth just avoid Godaddy as its shared hosting is overcrowded and overbooked. (personal experience)

Resources