Monday, September 21, 2009

Billing for your time

Does anybody else hate doing timesheets?  Before I started in the IT field, my life was that of a bookkeeper.  I lasted all of 2 years before the monotony got to me and thought that I had better get into something else before someone had to talk me off of a ledge somewhere.  Keeping records was never something that held my attention for very long.

The trouble is, without some kind of record keeping, nobody will pay you to do what you do.  Somebody, somewhere is going to ask where their investment dollars are being spent, and when they do, you had better have some documentation to back up your story.

I came across this little web application recently and so far, I’m pretty impressed with it.  I had an idea that I would build something, but being busy (catching up on my timesheets for one) I decided to see if there was something available at a reasonable price.  Free is always an eye-catcher for me.

SlimTimer is a little REST application that you can sign up for a free account which allows you to create and share tasks and then use a lightweight client to use as a stopwatch while you work at your desktop.  This is perfect for a developer that does most of their billable time on a computer, not so much for a field engineer who travels around all day long.  That said, I’m already feeling more billable every minute.


Having a web browser open all day long sounds good, but in practice, being a developer, the crashing browser is part of my day.  Not really an issue though for SlimTimer if you use Bubbles which is a free little web platform that allows you to run simple we applications from your system tray in Windows.  Using bubbles allows you to open the client with a single click without running your browser…neat.

Lastly, the reporting capability is very flexible and allows you to query your tasks by date, tag, user (if you are sharing tasks) and task.  You can print timesheet reports or invoices right from the application.

As I mentioned, the basic account is free, however, you can name your price and pay for premium services such as weekly backups and exporting.

If you are a developer, the service has a documented API that will allow you to interact with the service from your own applications.

Sunday, September 6, 2009

Cover your …um… PIN

I was disturbed the other day on my way home from work, to listen to a radio interview on CBC that depicted one lady’s experience with debit card fraud.  The fact that somebody illegally copied this person’s debit card is one thing, but the fact that she didn’t have a clue about how the technology works is frightening.

The annual re-imbursement for debit card fraud is somewhere in the range of $100 million dollars each year, and growing.  The corporate response is to replace the traditional magnetic strip with chip technology.  Chip technology is harder to copy then magnetic strips and provides an embedded encryption technology to allow for secure communication of the card data to your bank.

I did a little Googleing on the technology and found lots of corporate propaganda about how it is ‘virtually impossible’ to copy and ‘more secure’ but was unable to find out any of the specifics on how it works.  Presumably, the chip works like your web browser and does some kind of point to point encryption to send the card data to the card reader.  Then your PIN is entered into the card reader to validate the transaction.

This lady on the radio had it in her mind that the mere presence of the chip on her new card made her transactions more secure.  This may be true to a point, but ‘virtually impossible’ to copy and ‘impossible’ to copy are not the same. 

For starters, the use of the magnetic strip isn’t going away completely.  It won’t be until 2015 that the chip will be fully implemented in Canada.  Even once that happens, if you use a card reader that takes a Magnetic strip, it can be copied at that time…not the chip mind you (yet) but the same information that technology today allows to be copied.  A transaction can still be made from this if your PIN is compromised.  Many countries have no plans to move to chip technology and have access to the interac network.

The only real protection you have is to protect your PIN.  This means that you need to make sure that nobody ever gets access to both your PIN and your card.  Since you can’t guarantee that nobody will get access to your card information, it’s up to you to protect your PIN.  Here are some suggestions:

  1. Don’t use and easy to guess PIN.  Your birthday, your anniversary, kids birthdays, etc. are a mistake and can be easily guessed by bad guys.  Use something random.
  2. Don’t write down your PIN…anywhere.  There are only so many things that a 4 or 5 digit number written on a discarded post-it note can be.
  3. Don’t tell anyone your PIN.  Your wife, your kids, anyone.  You may be able to control how you protect your PIN, but if anyone else knows, you have no control over what they do with it…don’t fool yourself.
  4. Cover the PIN-pad when you enter your PIN.  This may look a little silly at times, but be paranoid about it.  Pin hole cameras and shoulder surfing is the norm for this type of crime.
  5. Change your PIN often.  Go to the bank and they will let you change your PIN.  Do this at least twice a year, then if someone gets your PIN and card info, you cut them off at the knees as soon as you change the information.
  6. Get a new card periodically.  If you get a new card, the old one is no good anymore, if someone has stolen it, they get nothing.
  7. Watch your statements and question every transaction that you don’t recognize.  Use common sense.