Skip navigation
All Places > In the News > Blog
1 2 3 Previous Next

In the News

141 posts

Payments Developer Insights title card

 

 

We all know why developers are important. They write the software that makes the world run.

 

But how much do we know about who developers actually are? The answer, in many cases, is very little. After all, most developers work behind the scenes, hidden away from end-users. Unlike actors in a movie or authors of a book, developers rarely receive credit for their work. You might stand in line at the grocery store behind the person who wrote code for your email app, or who helped program your smart thermostat, but you’d never know it.

 

That’s part of the reason why Worldpay produced a survey of professional coders to figure out what makes developers tick. The survey doesn’t help raise developers from the anonymity in which they work, but it does provide critical insights into what payments developers are like, why they chose to become programmers, and what interests them.

 

Here’s a summary of key findings from the survey report

 

The path to a coding career

One major focus of the survey was understanding what leads people to become developers, and how they gain the skills necessary to program.

 

Perhaps unsurprisingly, the majority of professional developers said they have been coding at least since they were teenagers. Most also reported that they have been working as coders for at least 10 years.

 

Coloring that finding is the fact that, age-wise, it turns out that most developers are young. Millennials account for the largest share of the coder population today. Millennials also make up the largest portion of today’s workforce overall, so that is probably at least part of the reason why they are well-represented among the coding population.

 

How did all of these developers learn to code? The survey found that about half of developers learned to program via formal schooling. However, self-taught programmers accounted for a large portion (38 percent) of respondents. And somewhat surprisingly, a mere 4 percent of respondents said they learned to code through a programming bootcamp, suggesting that the interest that bootcamps have generated in the media in recent years is not proportionate to the number of people who actually become professional programmers through them.

 

Development tools and strategies

All developers write code, but the way they do it varies widely — and “modern” coding strategies are not as prevalent as you might think.

 

According to the survey, Agile stands out as the most popular approach to coding, with more than 57 percent of developers saying they rely on Agile methods. In contrast, DevOps, which receives lots of press these days, was among the least popular development methodologies, with only 4 percent of respondents saying they use it. Conversational development was the second-most popular approach, with 13 percent of developers embracing it.

 

When it comes to programming languages, Python is the most popular by far, with 39 percent of respondents identifying it as their favorite language. C++ was second, at 26 percent. Ruby and Java were both identified as favorites by only 9 percent of programmers, which I found surprisingly low, given how widely used these languages are.

 

Where developers work

Coders might be in their line of work partly because they like it, but most do it for a paycheck, too. When it comes to earning that paycheck, a majority of developers work solely in an office, although 38 percent said that their teams are allowed to work remotely, too. And while most developers work on small teams of two to five people, about a quarter work alone. (The survey didn’t distinguish between freelance developers and those employed by a company, so it’s hard to say whether developers who work alone are self-employed, or just work solo within a company.)

 

As for company size, the types of organizations that employ developers are spread pretty evenly between small companies with fewer than 10 employees, medium-sized ones and large enterprises, although companies with between 11 and 99 employees had the highest representation among developers surveyed.

 

Integrating payments

One of the more interesting questions on the survey was about how hard it is to integrate payments into an app. That may not be a task that developers think about until they sit down and actually do it, but given how many apps have to process payments today, payment integration has become an important part of coding.

 

On this topic, most developers said it was “somewhat easy” to integrate payments, but about 35 percent said it was somewhat difficult or very difficult.

 

Conclusion

Above are just some of the findings from Worldpay’s developer survey report. For full details and specific data points, as well as some interesting results involving developer preferences regarding cats, dogs and more, check out the report.

Businesses invest a lot of resources in getting consumers to click on ads and drawing visitors to websites or mobile apps. They create amazing product displays to make people like and engage with their product catalog. They even offer irresistible discounts to finally get their products added to the shopping cart.

 

But even if these efforts are successful in attracting clicks and visitors, they don’t necessarily lead to results. A common challenge is the issue of “cart abandonment,” which means potential customers abandon a website or app once they are in the middle of the process of selecting items or paying for them. On average, an online store loses 75%-83.6% of sales to cart abandonment.

 

cart abandonment at 75%

 

Why do customers abandon their digital carts? There could be lots of reasons, of course, but poor user interface or user experience are chief among them, which are both issues that developers can help address.

 

Toward that end, here’s a list of five tips for preventing cart abandonment by improving the mobile flow checkout for their apps.

 

1. Let users check out as a guest

Thirty percent of users abandon the cart if they’re asked to register upfront. Niche players face this challenge more than the Amazons of the world. Customers don't like registering unless it is tied to a benefit (say a coupon code). Sometimes, even existing customers don’t prefer signing in. This is especially true when they forget their passwords and have to go through the password reset flow. These are key reasons why cart abandonment rates are lower with sites that allow users to check out as a guest.

 

good mobile workflow checkout as guest

While some users might like to provide information to get personalized suggestions, others might not like spending time filling out registration forms. So, always give them three options: sign up, sign in, and check out as a guest. This should not be a problem with fulfillment, as you can always add email and contact number fields in the delivery information form.

2. Make data entry a breeze

Most people avoid signing up just because they are too lazy to enter their details. Even when you allow users to check out as a guest, they will have to fill out the delivery form. So keep the forms precise and less boring. You can create a great user experience if you can fill out some of the fields in the delivery form by requesting certain permissions. For example, by requesting access to a user’s Google+ profile, you can fill out the fields like first name, last name, email, etc. Getting access to the user’s device location will help you get fields like state, city, locality, etc, automatically filled. This way, you can dramatically reduce the time your users would otherwise have to spend on a frustrating data entry process.

 

good user workflow data entry

Avoid clearing all fields if there is an error in one (or several) fields. Shoppers get frustrated with having to re-enter the whole thing. Save all the valid information and highlight the invalid information along with an error message. Additionally, display error messages clearly and avoid using generic messages like “invalid information.” The form you get while signing up for a Google account is a great example of a good user interface (UI) design. The form tells you exactly what went wrong and how it should be corrected.

 

mobile workflow how to correct fields

 

3. Make customers feel secure about payments

Not having a particular type of card or mobile wallet should not stop customers from checking out. Give them a lot of payment options. In addition, some customers are concerned about the security of their credit cards. Their fears are sometimes justified by the increasing number of cyber attacks. So always display security badges and make users feel secure about their payment. If possible, provide a delivery (COD) option for customers who don't know enough about security badges and aren’t comfortable with the online world.

4.  Keep the user focused on the checkout

One mistake that most online stores make is promoting other products on their checkout pages. This makes room for a lot of distraction. Customers tend to navigate to other pages hunting for better and better deals. They eventually end up confused looking at the myriad of options. Buyer’s dilemma sets in and results in cart abandonment.

 

You should cross-sell your products, but the checkout page is just not the right platform. Amazon recommends other products on the product page itself, but with a checkbox. This way, the user can buy the recommended products without leaving the main product page.

 

good workflow checkout

 

Keep designs simple, remove unnecessary links, and encourage a closed promo code field. Once a customer has added a product to the cart, your only goal should be getting the product checked out.

5. Avoid lengthy checkout processes

Don’t make the checkout page too long. Avoid less necessary conventional steps like asking “Are you sure about the details entered?” Break up the checkout process into multiple steps and deploy one step per page. Have a prominent progress bar to guide users through the checkout process. The load time of your site directly affects user experience. Fifty-seven percent of visitors abandon their carts if the load time exceeds three seconds. The faster your pages load, the more products you will sell.

Conclusion

Forty-nine percent of people operate their phones using one hand. So design the user interface in such a way that the user can complete the checkout process using one thumb. Make sure that the design works for tablet users as well. Enrich your app with all possible luxuries, and make the checkout flow as convenient as possible. Ensure that customer assistance is readily available. Add an iconic CTA button to call customer support. And offer useful links to FAQs so that users will not have to look for solutions across the Web when they have a problem with checkout. A good user experience is created only when you really care about the comfort of your customer.

 

 

Worldpay hosted payment pages provide websites with a simple and secure way to integrate payments into a site without the additional overhead of PCI compliance and the benefit of access to a multitude of payment types.

 

In this article, we’re going to look at this solution and walk through some tips for troubleshooting when test payments fail. We’ll be using the C# example which is available on GitHub and offers users a demo application which they can configure to use with a test account. We’ll cover setting up a test account below (if you haven’t already set up an account).

 

Browser Requirements

 

The hosted payments solution is added to websites using an iframe or lightbox control. In this article, we’ll be referencing the iframe specifically, but the same applies to the lightbox as well. The solution also makes use of JavaScript, so you’ll want to ensure that the user's browser has JavaScript enabled.

 

If you’re using the demo application, and are unable to click on any of the buttons, this is a good indication that JavaScript is disabled for the site. Using the <noscript> tag is an excellent way to indicate to users that they need to enable JavaScript to checkout using your website.

 

<noscript>
    <style type="text/css">
        .pagecontainer {display:none;}
    </style>
    <div class="noscriptmsg">
        This website requires that Javascript is enabled.
    </div>
</noscript>

  Figure 1. HTML to Detect a Browser that Does Not Have JavaScript Enabled.

 

If you can navigate to the checkout page, but are unable to view the Payment iframe, then it is likely that you haven’t configured the account credentials, there is an error in the configuration, or there was a problem setting up the transaction. If you are using the example application, and view the page source, you may observe an error indicating that iframes are disabled. The disabled iframe message is the default message which is displayed if the page is unable to set up the transaction, or retrieve the iframe from the payment processor.

 

We’ll walk through each of these problems in detail and discuss symptoms and how to resolve them.

 

Setting Up a Test Account

 

Requests to the Hosted Payments Service need to have the following information included:

 

  • Account ID
  • Account Token
  • Acceptor ID
  • Application ID
  • Application Name
  • Application Version

 

Application Name and Version are required, but these fields are for you to add information about your application. The remaining values require you to sign up for a Worldpay test account. You can sign up for a test account here.

 

Figure 1. Creating a Worldpay Test Account

 

Validating Your Configuration

 

When you create your test account, you’ll receive an email similar to the one below that has all the required values for your new account. The email also contains test URLs for your test hosted payments and links to documentation for hosted payments and other services which you’ll use with your test account.

 

Figure 2. Email with Account Information for Worldpay Test Account.

 

If you’re using the C# example, the Web.config file in the root folder of the project contains the Account Configuration. Validate that you have configured all six elements in your project and that values match those for your test account. If Worldpay can’t verify your account, then the iframe cannot be displayed.

 

The Anatomy of a Transaction

 

A complete transaction is a series of steps, which begin before the customer is prompted to enter their information. The first call sets up the transaction. The TransactionSetup is a POST request which includes the account credentials, terminal information, style information for the iframe, and the return URL. The call is handled by the server to prevent account information from being exposed to the end user. Once the transaction is set up, the browser can request the iframe.

 

 

<?xml version="1.0"?>
<TransactionSetup xmlns="https://transaction.elementexpress.com">
  <Credentials>
    <AccountID>#####</AccountID>
    <AccountToken>#####</AccountToken>
    <AcceptorID>#####</AcceptorID>
  </Credentials>
  <Application>
    <ApplicationID>#####</ApplicationID>
    <ApplicationVersion>1.0</ApplicationVersion>
    <ApplicationName>HostedPayments.CSharp</ApplicationName>
  </Application>
  <Terminal>
    <TerminalID>01</TerminalID>
    <CardholderPresentCode>2</CardholderPresentCode>
    <CardInputCode>5</CardInputCode>
    <TerminalCapabilityCode>3</TerminalCapabilityCode>
    <TerminalEnvironmentCode>2</TerminalEnvironmentCode>
    <CardPresentCode>2</CardPresentCode>
    <MotoECICode>1</MotoECICode>
    <CVVPresenceCode>1</CVVPresenceCode>
  </Terminal>
  <Transaction>
    <TransactionAmount>6.55</TransactionAmount>
  </Transaction>
  <TransactionSetup>
    <TransactionSetupMethod>1</TransactionSetupMethod>
    <Embedded>1</Embedded>
    <AutoReturn>1</AutoReturn>
    <ReturnURL>http://localhost:51619/Home/Complete</ReturnURL>
    <CustomCss>body{margin-left: 50px; …}</CustomCss>
  </TransactionSetup>
</TransactionSetup>

Figure 3. XML Request to Set Up a Transaction

 

In response to the request above, the processor returns the following, which includes a transaction number. This number is used by the client or browser to request the iframe.

 

<?xml version="1.0"?>
<TransactionSetupResponse xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>0</ExpressResponseCode>
    <ExpressResponseMessage>Success</ExpressResponseMessage>
    <ExpressTransactionDate>20181230</ExpressTransactionDate>
    <ExpressTransactionTime>162113</ExpressTransactionTime>
    <ExpressTransactionTimezone>UTC-06:00:00</ExpressTransactionTimezone>
    <Transaction>
      <TransactionSetupID>
A5EC4889-89870E7CEB97</TransactionSetupID>
    </Transaction>
    <PaymentAccount> 

      <TransactionSetupID>A5EC4889-89870E7CEB97</TransactionSetupID>
    </PaymentAccount>
    <TransactionSetup>
      <TransactionSetupID>
A5EC4889-89870E7CEB97</TransactionSetupID>
      <ValidationCode>068F65440B</ValidationCode>
    </TransactionSetup>
  </Response>
</TransactionSetupResponse>

Figure 4. XML Response with Transaction ID

 

If you enable debugging on your local server and step through the code, you should be able to see the response coming back from the processor. I was able to create a couple of different errors by changing aspects of the request I sent.

 

<?xml version="1.0"?>
<Response xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>103</ExpressResponseCode>
    <ExpressResponseMessage>Invalid Request</ExpressResponseMessage>
  </Response>
</Response>

Figure 5. Example of a Response for an Invalid Request

 

In the case above, this was due to not setting the correct headers on the request. For XML requests to the payment processor, the required headers are:

 

  • Content-Type: text/xml
  • Accepts: text/xml

 

<?xml version="1.0"?>
<Response xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>103</ExpressResponseCode>
    <ExpressResponseMessage>TargetNamespace required</ExpressResponseMessage>
  </Response>
</Response>

Figure 6. Another Example of a Response for an Invalid Request

 

In the case shown in Figure 6, the namespace was incorrectly set. The XML namespace is set on the parent element and should take the following format.

 

<TransactionSetup xmlns="https://transaction.elementexpress.com">

 

Troubleshooting Client Payment Submission Errors

 

The request from the iframe is synchronous and returns the results of the transaction, and redirects the browser on a successful transaction to the URL which you specified when you set up the transaction. The processor parses user information completeness and validity. Below are some of the results which appear in the browser for missing or invalid data.

 

Figure 7. Missing Information on the Payment Information Form

Figure 8. Invalid Card Information on the Payment Information Form

 

Additional Help

 

If you are still experiencing problems with your test payments, you can visit the Vantiv Developer Portal to see if other developers have experienced similar problems and posted their solutions. You can also reach out to a Worldpay representative here

Offering free trial applications is a useful strategy for helping to attract new users. However, in order to retain those users and turn them into paying customers, you need to deliver a flawless experience that helps your app stand out from the seemingly endless number of free apps available on the Web.

 

free-trial-to-paying-customer-tips-2

 

Lots of considerations factor into this, of course. In this post, we’re going to look at one of the big ones: payment processing. The payment implementation inside your app plays a key role in shaping user experience, and ultimately, in determining whether users remain engaged with your app and your company.

 

In this post, I’ll cover some important best practices to follow in implementing payments for your free trial web application. These best practices will make it easy to turn trial users into paying happy users.

 

Choose a proven payment processor

Your payment processor is probably the most important element in implementing payments for your trial web application. There are several payment processors out there, but it’s critical to get the basics right. In that vein, you’ll want to choose a payment processor that has a strong track record. Worldpay is a prime example. Worldpay is one of the best payment processors in the world, processing over 40 billion transactions annually across most countries.

 

With a proven payment processor as the backbone of your free trial web application, you can focus on delivering great value to users and allow your payment processor to seamlessly transition trial users into paying users.

 

Pick an integration option that matches your web app requirements

Knowing what kind of integration your trial web application needs is important. Do you want a hosted payment page (widget), or do you need fine-grained control over payment with a payment API?

 

A payment widget is easier to set up. It sometimes requires no programming expertise, and is very secure. But a payment widget will not always deliver the best end-to-end experience for your users, as it has limited customization. Additionally, a payment widget may yield slightly higher charges.

 

A payment API offers better integration flexibility. Thus, it requires some expertise and compliance. Your web app requirements will determine which of these options is better. As an example, Worldpay offers several integration options that match any app requirement: JSON API, XML API, and HTML API.

 

The Web is constantly changing. Web technologies quickly become outdated as newer and more secure technologies emerge. It’s imperative to pick integration options that are based on the latest accepted standards for your trial web application. In the world of payments, security is king, so pick wisely.

 

Go for payment options that cover most, if not all, users

A great web app will compel users to pay to keep using it. But if your users can’t pay because of limited payment options, your users will abandon your app. There are a number of alternatives to practically any web application — Some are completely free and open source, and users will quickly switch. To retain your users, ensure your payment system provides support for a variety of payment methods: credit/debit card, mobile payments, bank transfer, PayPal, and even cash.

 

There is a caveat here: Think about the charges associated with each payment method your web app provides, and devise a strategy that works for your users.

 

When you want a variety of payment options, consider Worldpay. Worldpay provides credit card payments, bank transfer, Apple Pay, Samsung Pay, and more.

 

Check out merchant account options

Last but not least, how you process payments from your web app users is crucial. Setting up a merchant account to start receiving payments shouldn’t be an overly sophisticated process. In picking your payment processor, research the required effort to set up a merchant account, and look at all terms and conditions for money transfer, including charges on merchant accounts.

 

Worldpay provides unmatched merchant account options that cater to several demographics, including individuals, small businesses, and enterprises — and you receive payments instantly.

 

Closing thoughts

Implementing payments for your free trial web application shouldn’t be a cumbersome task. An important step is turning casual, non-paying users into return customers who want to pay for your web app. Worldpay is a payment processor that helps businesses reach their goals by streamlining payment processes and allowing businesses to focus on their core values and deliver quality products and services to their customers. Using Worldpay, you can set up and start receiving payments for your web application within minutes.

 

About the Author:

Bruno is a junior at Ashesi University College studying Computer Science. He is interested in leveraging the power of technology to increase productivity. As a big fan of open source technology, he is currently exploring the possibility of using Bitcoin Blockchain to fight corruption in government. 

The Special Supplemental Food Program for Women, Infants, and Children, or WIC, was established in 1972 to provide supplemental nutritional and medical assistance for mothers and young children in low-income families. With the program currently servicing about half of all infants born in the United States, being able to process WIC payments for grocery items is a necessity for retailers.

 

eWIC cash register processing eWIC payments Source: pixabay.com

 

In this article, we’re going to look at some of the considerations involved in processing WIC payments. We’ll also investigate how you can implement the processing of eWIC payments as part of your POS system. While WIC is a federal program, each state is responsible for administering the program for their state. I’ll address the implementation and guidelines in a general fashion, but you should check with your state’s WIC program for more specific information.

 

What is eWIC and How are Payments Processed?

In the past, WIC purchases were completed using a voucher system. The voucher would specify the type and quantity of goods the bearer could purchase. The retailer was responsible for verifying that the purchase matched the voucher, and for recording the total cost on the voucher.

 

Recently, the modernization of systems has seen many states begin using electronic cards to distribute and process WIC payments. Electronic Benefit Transfer or EBT cards are automatically loaded each month, and participants can use the cards to purchase allowable items. This system is called eWIC. Participants need the card and a valid PIN to participate in the program and complete purchases.

 

Participation in WIC and POS Requirements

Retailers who want to participate in the WIC system need to be authorized, which is a process that must be completed with the state. If you are using an integrated payment system, this system needs to be certified by the USDA Food and Nutrition Service. Worldpay Mobile Market+ Select, and Mobile Market+ Register systems already have certification to process eWIC payments. 

 

An Integrated POS allows consumers to checkout with WIC and non-WIC items in the same transaction. The POS should validate WIC-approved products and compare this with the balance on the customers EBT card. When the final transaction is completed using either the EBT card, another form of payment, or a combination of both, it is the responsibility of the system to flag the EBT-eligible items in every transaction.

 

Additional requirements include:

  • No state or local taxes are to be charged on eligible items.
  • The system should accept both swiped and manually entered EBT cards.
  • The remaining balance should always be printed on the customer's paper receipt.

 

We’ll explore the types of receipts which can be generated by the POS concerning a consumer’s EBT card next.

 

Required EBT or eWIC Receipts

During the completion of an eWIC transaction, four different receipts should be available for the consumer to see.

 

  • Balance inquiry which includes the amounts, sizes, and types of foods that the household has available to purchase. The balance inquiry is not technically part of the POS transaction and should be available to consumers whether they are making a purchase or first arriving at the retailer.
  • eWIC Beginning Balance is generated at the beginning of the transaction after the consumer swipes their card and enters their PIN.
  • Proposed eWIC Redemption can be produced mid-transaction and lists the items which are approved for purchase with the eWIC card.
  • eWIC Ending Balance is generated after the transaction is completed and all forms of payment have been tendered. The receipt shows the remaining balance on the eWIC card.

 

ewic requirements

 

Determining Approved Products

Although WIC is a federal program, it’s the state agencies which administer the WIC program that are responsible for determining the types and brands of foods which are authorized for use with the program. Contact the appropriate state agency for access to the current list of approved products.

 

Implementation For EBT Balance Inquiries and Sales Transactions

The Element Express API can accept both SOAP and XML requests. We’ll be focussing on the XML request, as this is the preferred method. The requests for EBT balance inquiries and sales look almost identical, with a few key differences.

 

  • The parent object
    • Balance inquiries use EBTBalanceInquiry
    • Sales use EBTSale
  • The amount
    • Balance inquiries are completed with a $0.00 transaction amount

 

Let’s look at an example XML request and discuss a few of the critical elements.

 

<EBTBalanceInquiry xmlns="https://transaction.elementexpress.com">
    <Credentials>
        <AccountID>######</AccountID>
        <AccountToken>######</AccountToken>
        <AcceptorID>######</AcceptorID>
    </Credentials>
    <Application>
        <ApplicationID>######</ApplicationID>
        <ApplicationVersion>1.0</ApplicationVersion>
        <ApplicationName>Express.Java</ApplicationName>
    </Application>
    <Terminal>
        <TerminalID>01</TerminalID>
        <CardholderPresentCode>2</CardholderPresentCode>
        <CardInputCode>5</CardInputCode>
        <TerminalCapabilityCode>3</TerminalCapabilityCode>
        <TerminalEnvironmentCode>2</TerminalEnvironmentCode>
        <CardPresentCode>2</CardPresentCode>
        <MotoECICode>1</MotoECICode>
        <CVVPresenceCode>1</CVVPresenceCode>
    </Terminal>
    <Card>
        <CardNumber>5076800001111113</CardNumber>
        <ExpirationMonth>12</ExpirationMonth>
        <ExpirationYear>99</ExpirationYear>
        <PINBlock>1234</PINBlock>
        <KeySerialNumber>AAA</KeySerialNumber>
    </Card>
    <Transaction>
        <TransactionAmount>0</TransactionAmount>
        <MarketCode>7</MarketCode>
    </Transaction>
    <EBT>
        <EBTTypeIndex>1</EBTTypeIndex>
    </EBT>
</EBTBalanceInquiry>

Figure 1. XML Request for an EBT Balance Inquiry

 

The two elements which required modification from a typical credit card transaction were the CARD  and the EBT section. As I mentioned above, the transaction amount in the Transaction section should be set to 0 for balance inquiries.

 

EBT cards do not expire, but the API requires a value for these fields . I defaulted mine to arbitrary values, and the system didn’t appear to perform an expiration check.

 

Within the CARD section, the two fields which need to be added are the PINBlock and the KeySerialNumber. The only requirement for a consumer to use an EBT card is possession of the card and a valid PIN. It is illegal to ask for identification from the bearer, or proof that they are the person to whom the card has been assigned. The consumer’s PIN is entered into the PINBlock. The KeySerialNumber is a DUKPT key  which is used for encryption within the EBT system. This key is generated for each transaction and is required by the EBT system.

 

The EBT only has one required field. EBTTypeIndex references an ENUM of EBT types within the Element Express API .

 

Learning More

For more information on the Element Express API, and how you can use it to manage your eWIC or EBT transactions, you can visit the Vantiv Developer Portal. You can also reach out to a Worldpay representative here.

 

About the Author:

Mike Mackrory is a Global citizen who has settled down in the Pacific Northwest - for now.  By day he works as a Lead Engineer on a DevOps team and by night he writes, consults on several web-based projects and runs a marginally successful eBay sticker business.  When he's not tapping on the keys, he can be found hiking, fishing and exploring both the urban and the rural landscape with his kids.  Always happy to help out another developer, he has a definite preference for helping those who bring gifts of gourmet donuts, craft beer and/or Single-malt Scotch.

Is a coding bootcamp worth it?

 

Coding bootcamps have become an increasingly popular way of learning to program. Since the first bootcamp, Code Academy, debuted in 2011, the total number of coding bootcamps has climbed to more than 95 — and that’s only including the full-time options.

 

Most coding bootcamps cost a fair bit of money and require a significant time commitment. That raises the question: Are they worth it? And the answer is: sometimes. Keep reading for tips on determining whether to participate in a coding bootcamp.

 

What is a coding bootcamp?

 

A coding bootcamp is any type of educational program designed to teach aspiring developers how to program in a relatively short period of time.

 

The goal is rarely to teach complete development skills. Instead, they usually focus on communicating the core competencies required to allow someone who has never coded before to gain the basic level of knowledge required to write working code, and to self-teach individuals more advanced programming topics and other programming languages.

 

Coding bootcamps vary considerably in terms of how long they take, how they are organized and which learning strategies they adopt. Some operate totally online, some in brick-and-mortar settings, and some as a combination of the two. Some bootcamps are overseen by traditional higher-education institutions, while others are run by independent companies. Some are not-for-profit, while others are out to make a buck.

 

Should you take a coding bootcamp?

 

Bootcamps are certainly not the only way to learn to code. They’re also not necessarily the fastest, cheapest or most effective way. Whether or not a coding bootcamp is the best fit for you depends on the following factors.

 

How many coding languages do you currently know?

 

As noted above, most coding bootcamps cater to people who have very little or no programming skills. A few, such as Hack Reactor, aim to provide more skills to people already familiar with coding, but they are the exception.

 

Thus, if you’re a CS major who already knows how to write code, or you do basic programming in your job, a bootcamp is probably not going to help you much. On the other hand, if you have no idea how to code and want to learn the fundamentals quickly, you’re a model candidate for a coding bootcamp.

 

Do you have spare time and money?

 

Is a coding bootcamp worth it?

 

The cost of a coding bootcamp (in terms of both money and time) is an obvious factor to consider, but it’s also an essential one. Bootcamps will take up at least several weeks of your life — time that you could spend making money — and the average cost for a full-time bootcamp is more than $11,000, according to Course Report. (That said, some bootcamps, such as General Assembly and C4Q's Access Code, take a cut of your salary after you graduate, which could mean that you end up paying more overall, but you avoid a steep upfront cost.)

 

Only you can decide whether these costs are affordable and acceptable for you. Before making a choice, however, you may wish to keep in mind that post-bootcamp salaries are not as high as you might think; they average only around $65,000. That’s not a bad salary if you’re young and don’t have other educational debt to contend with. But it also means that a coding bootcamp is not the instant on-ramp to a six-figure salary that some folks imagine it to be.

 

Which type of job do you want?

 

Another money-related factor worth bearing in mind is that having a coding bootcamp on your résumé will prove much more beneficial for getting some jobs as opposed to others. If your goal is to work for a large, conservative corporation, the HR gatekeepers you’ll likely need to get past in order to land an interview may not even know what a coding bootcamp is. They may assume that only people with traditional computer-science educations are fit to work in jobs that require programming skills.

 

If, on the other hand, you hope to work for a tech startup, your potential employer is likelier to understand the value of your bootcamp education. Similarly, if you already have a job but want to add programming chops to your résumé in order to seek a promotion, a coding bootcamp can help you to do that effectively, because you’ll be in a position to explain to your bosses what you are doing in the bootcamp and why, if they don’t already have an understanding. (Of course, they’ll have to be comfortable with you attending a bootcamp while employed.)

 

Which programming languages do you want to learn?

 

Most coding bootcamps focus on teaching popular, general-purpose programming languages, like Python, Java or (in some cases) C.

 

That’s great if you want to learn to code in simple, widely used languages. If, on the other hand, you need to learn a less common, special-purpose language (like Fortran, for example) a bootcamp will prove less useful. It might give you the foundation you need to teach yourself obscure programming languages, but it won’t directly lead to the knowledge you are seeking.

 

Do you need to learn more than coding?

 

An important thing to understand about coding bootcamps is that most of them focus on teaching people to code in the narrow sense. (In other words, they teach programming.)

 

What they don’t generally teach is system administration, how to deploy applications, how to test software, and so on. Those are all tasks closely associated with programming. They are important in many IT careers, and because they often involve writing code in one way or another, even if it’s just light scripting, some people might consider them to be forms of coding. But they are not the things you will typically learn at a coding bootcamp.

 

If you seek a broader IT skillset, you may need to pursue more traditional forms of technical education, or at least take a DevOps course.

 

Conclusion

 

Coding bootcamps are a great resource. For many folks, they are a fast and cost-effective way to learn programming and achieve new career goals. But it’s important to keep in mind that they are not the best fit for every person or circumstance. Before enrolling, do a cost-benefit analysis to determine if a coding bootcamp is the best way to achieve your end-goals, whatever they happen to be.

Want to raise my blood pressure? Waste my time. My nervous system reacts negatively to inefficiency in part because I can never get back the time that I’ve lost. If waste gives you the heebie-jeebies, then you’ll love 2 Second Lean – How to Grow People and Build a Lean Culture by business owner Paul Akers. 2 Second Lean was recommended to me by a highly efficient Worldpay software developer, and the book delivered on its promise to offer guidance to leaders of any size organization.

 

Below are what I found to be the most insightful excerpts from the book. For time-saving tips in video format, go to www.fastcap.com, click on the “Video” tab, and then click on “Lean Videos.”

 

  1. Two foundational principles of Lean thinking: eliminating waste and continuous improvement.
  2. Lean thinking presumes that everything can be improved continuously, without end.
  3. Finding the waste component is not a burden, it’s a game — a giant scavenger hunt.
  4. It’s not just about making everything faster, but about improving the quality of everything you do.
  5. Lean is the art of subtraction, not addition.
  6. Lean is about fixing what bugs you.
  7. Toyota was obsessed with building a culture through teaching and training its people.
  8. My goal was to create a culture of the best problem-solvers in the world. So we incorporated into our morning meeting a bit of reading out loud from great books. We are introducing our employees to world-class ideas and innovative leaders in the business world.
  9. The number one way people learn is by making mistakes. If you rob your culture of this experience, you will rob yourself of the boundless innovations that could await you.
  10. Chase waste like your dog chases a cat.
  11. Money suffocates creativity. When money is no object, we abdicate our most powerful resource: our ideas. It just gets too easy to throw money at problems.
  12. Lean is about planning, doing, checking, reevaluating, and improving everything endlessly.
  13. Lean is not an austerity program. Lean is eliminating non-value-added activity.
  14. Pointing fingers at someone else is not a kind thing to do and is definitely not as productive as solving your own problems.
  15. We are very deliberate in the way we hire people. We look for two characteristics – people who are humble and curious.
  16. Lean is hard work that makes everything easy.
  17. We do millions of dollars more in business with a similar size crew and we never work overtime. That is the difference between making continuous improvement a priority and doing it when it is convenient. Improving first not only gives you the improvement, it lightens the load and allows you to keep up with accelerating demand.
  18. Any time you train an individual intensely, you dramatically enhance their ability to perform a job consistently — significantly more so than those people who are only moderately or occasionally trained.
  19. You should not just focus on removing a small amount of waste from a particular step, because that step, in and of itself, might be waste.
  20. Our goal is for everything to be struggle-free – or to have zero struggle in every activity.
  21. The sign of a mature culture is being comfortable asking the questions, “What is it that I need to improve? Where is my waste? What do you see?”

 

 

For more On the Edge content, please visit the Worldpay Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancer and On The Edge with Jim Roddy.

 

One thing that you learn (the hard way, sometimes) as a developer is that the amount of time and effort you invest in writing an application does not necessarily correlate closely with the amount of functionality you actually build. That’s because there are often tools and resources available that can substantially shorten the time it takes you to achieve a desired programming goal.

 

One prime example of such tools is a Software Development Kit, or SDK. If SDKs don’t feature prominently in your programmer’s toolset, you may be missing out on important opportunities to get more programming done in less time.

 

Let’s take a look at what SDKs do and how they can benefit developers.

 

What Is an SDK?

 

In a nutshell, an SDK is any type of toolset designed to simplify development for a particular platform, or sometimes even a specific application.

 

In other words, SDKs provide resources that make it faster and easier to implement functionality that you’d otherwise have to build from scratch.

 

SDKs can take many forms. It’s common for them to include APIs (in fact, it’s so common that some people use the terms SDK and API interchangeably, though this is somewhat misleading), but SDKs can include more than APIs. They might consist simply of software libraries that make programming faster. They could also include analytics or debugging tools designed to help you build and manage an application within a specific type of environment. They may even include integrations that make it possible to communicate directly with hardware from within an application, without having to build the requisite calls yourself.

 

 

If you like analogies, think of an SDK this way: SDKs are like IKEA furniture packages. They come with many preconfigured components, as well as documentation, that make it possible to build something (a piece of furniture, or a software application) quickly. Sure, you could always go cut down a tree, hew the wood and then use it to build a bedframe by hand. But almost no one does that, because there are much easier and faster solutions available.

 

Why Use an SDK?

 

The most obvious benefit of SDKs is that they save developers time. Instead of reinventing the wheel by creating functionality that someone else has already built into an SDK, programmers can take advantage of pre-built libraries, APIs and other tools that come packaged within SDKs.

 

However, faster and easier development is not the only reason to use an SDK. Consider these other advantages:

 

  • The functionality that you get inside an SDK is often thoroughly vetted — in many cases, by the experts who manage the platform for which you’re building your app. Thus, SDK code is more reliable, generally speaking, than code you’d build yourself.
  • For similar reasons, an SDK can help you to keep your application more secure and more up-to-date, since the functionality that you implement via an SDK often comes from a trusted central source. (Keep in mind that using an SDK does not give you license to ignore potential security vulnerabilities — ultimately, you still need to own security in any app you build — but an SDK can help to reduce some security risks.)
  • SDKs often make it easier to take advantage of optimizations, such as libraries that have been optimized for a specific type of environment or hardware device. In this way, SDKs can lead to better overall app performance.

 

SDK Example: IPC SDK

To place SDKs into a real-world context, let’s take a quick look at one SDK, the Worldpay Total IPC SDK. The IPC SDK is designed to make it easy to build Windows or iOS mobile apps that use card readers and connect to Worldpay’s Integrated Payments Hub for payments processing.

 

Depending on which platform you are developing for (Windows or iOS) you would use the IPC SDK somewhat differently. (In that sense, it’s a good example of how SDKs are not a single specific thing; they’re a broad category of developer toolsets, which can be implemented in many ways.) On Windows, the SDK provides a service that in turn manages the card reader on your device. In contrast, on iOS, the SDK is available as a software library.

 

No matter how you access the IPC SDK or which operating system you’re developing for, however, you get the same core functionality. The SDK manages application access to your users’ devices’ card readers, without you having to worry about drivers or the other technical tedium that you typically have to deal with when you’re building an application that interacts with a specialized hardware device. Plus, the IPC SDK avoids passing data from payment cards through your application, which makes it possible to avoid EMV certification testing.

 

You can get started with the IPC SDK for Windows and iOS by simply downloading the requisite code from GitHub.

Conclusion

 

If you’re a developer, you could live life the hard way and write everything from scratch yourself. But there is rarely a reward for doing things the hard way in the world of programming (at least when you’re building software that people are actually going to use). On the contrary, the developers who achieve the greatest rewards are those who take advantage of tools like SDKs for building applications more quickly, and with fewer performance or security headaches.

These days, payments can be done multiple ways: EMV, credit, mobile wallets (Apple Pay, Android Pay, etc.), to name just a few.

 

This flexibility of payment options is great in most respects, but it creates challenges for developers. How can they write a single app that integrates all payment options? And how can they keep transactions secure, no matter which type of payment method their applications use?

 

The triPOS Cloud API is a tool that can help answer these questions. It provides access to a turnkey payment processing solution that supports all major payment methods, including EMV, credit, PIN debit and mobile wallets (Apple Pay, Android Pay, etc.). The triPOS Cloud interfaces with custom business management software via a REST API.

 

This tutorial provides an overview of integrating with triPOS Cloud payment processing and Express, a server-side web service. You will learn how to quickly process a payment transaction using a specific REST API.

 

The Payment Processing Environment

The triPOS Cloud payment processing environment contains the following elements, as illustrated in Figure 1:

 

  • triPOS Cloud - the API
  • Merchant environment - POS, router and PIN Pad
  • Express Gateway - API gateway

 

By using the API during certification, a physical PIN pad is not necessary. A null simulator can replace the PIN Pad. However, you still need an Express test account to interact with the Express Gateway.

 

Figure 1

 

We will now discuss how you can process a sample sale request within minutes.

 

Step 1: Apply for an Express account

First, apply for an Express test account at http://www.elementps.com/Create-a-Test-Account. This will give you the account information to add to the headers of your API request.

 

After your application is accepted, you will receive the following account information to add to the headers of your API request:

 

  • AccountID
  • AccountToken
  • ApplicationID
  • AcceptorID

 

You will also receive the Express test URLs and other important documentation for working with the triPOS Cloud and Express gateway.

 

Step 2: Build your API request with a REST client

 To build the API request, we will use a third-party REST client: the Advanced REST client (ARC).

 

The triPOS Cloud accepts JSON-formatted request messages and returns responses in the same format as the request.

 

Each request is identified by a transaction type and is accompanied by data elements belonging to the request. Keep in mind that a typical triPOS Cloud request is simpler than an Express request because card information is not included. Card information is obtained downstream via direct interactions between triPOS Cloud and the PIN pad.

 

Each request requires a header with specific fields:

  • If the request is a POST/PUT request, it needs parameters to be sent in the request body.
  • For GET and DELETE, any parameters will be sent up in the URL’s query string.
  • For any type of request, some values such as PaymentType may be sent in the URL. For more info, see the API documentation.

 

In Step 1, you received the values for building the API request header. Build the header as shown in Figure 2 under the ARC Headers tab.

 

 Figure 2

 

To build the API body, you have to switch to the ARC Body tab as shown in Figure 3.

 

Figure 3

 

Construct the request as shown in Figure 3.

Step 3: Run your API request with the REST client

 Run your API request by simply clicking the Send button in the upper right corner.

 

Step 4: Analyze the response

If everything is successful, an HTTP-200 response is returned, as shown in Figure 4.

 

 

Figure 4

 

Now run the request a second time.

 

You will get an HTTP-400 response as shown in Figure 5, because your request-id should be unique with every request you make.

 Figure 5

 

But how can we make a valid request-id/UUID?

With the Online UUID Generator Tool (use version 1) we can retrieve a valid UUID. When adding this in the request it will give a successful response.

 

Let’s change the request URL to the production URL (https://tripos.vantiv.com/api/v1/sale) and run the request again.

 

The response will be an HTTP-401 as seen in Figure 6.

 

Figure 6

 

This is expected because you have a test account, not a production account, and you are therefore not authorized to use the API in production.

 

Conclusion

We successfully processed a sample sale request and also discussed the main error messages you can expect when the sample sale request is not correct. This quick review showed you just a small bit of the triPOS Cloud API. The triPOS cloud API is further described in this Swagger specification.

 

About the Author:

Cordny Nederkoorn is a software testing and marketing consultant with over 10 years of experience in finance, e-commerce and web development. He is also the founder of TestingSaaS, a testing and marketing agency for companies related to Software as a Service (SaaS).

 Adopting a P2PE solution is a great start to securing your retail payments, but it isn’t the end of your security responsibilities as a merchant organization. You still need to enforce best practices for developing in-house applications that interact with the P2PE system, and control the in-store retail experience to ensure security at every level.

 

Here is a checklist that can help merchant organizations and their developers ensure the key parameters are in place when building apps that involve P2PE payment processing: 

 

1. Be familiar with the PIM

The P2PE implementation manual (PIM) is an important document that is provided by a P2PE solution provider to their customers. Across the P2PE lifecycle, the PIM is the key responsibility of the customer. The P2PE provider is responsible for every other step of the payment cycle. Being familiar with the PIM will come in handy not just to troubleshoot minor day-to-day issues that arise, but to also respond quickly in an emergency. Knowing your way around the system is key to responding appropriately to an attack, and the PIM makes this possible.

 

2. Compliance needs real-time monitoring

There are many regulations to adhere to when handling payments. It takes a dedicated compliance process to ensure these regulations are enforced at every point of interaction in the app.

 

This is a challenge in today’s distributed cloud-native apps. There are numerous API-based integrations, and each of them should be reviewed to ensure they are secure. The system is dynamic, with integrations being added and removed on a daily basis. As the system changes, these events should be monitored for compliance. This requires real-time monitoring that takes into account new components as they’re added. Every event and activity that occurs in the app should be reviewed to enforce compliance and stored in an archive for auditing at a later point.

 

3. Update to the latest versions

Security patches are the main reason to keep your application components and PCI-P2PE version updated. With new threats arising frequently, the best thing you can do to enforce security is to keep your system updated. This includes software updates and replacing outdated hardware like PEDs.

 

4. Never store customer information in plain-text format

 

Never ever (ever) store customer data in plain text format

 

The whole point of P2PE is that it enforces strong defaults for encryption and decryption of card data and customer data starting from the PED (PIN Entry Device) and every step thereafter. If by any chance customer data or card data enters your system at any point of the payment cycle, or in any part of the application, it’s important to not store this data in plain-text format. This makes the data open for misuse. Instead, set up a way to monitor these events in real-time, and either encrypt the data or erase it automatically. Remember that these events should also be recorded for auditing purposes.  

 

5. Get certified by an external QSA

Though P2PE systems put the onus of security on the P2PE vendor, you still need to do due diligence to examine your system regularly. An external QSA (Qualified Security Assessor) doesn’t just help to catch potential vulnerabilities, but can also advise on optimizing system performance to quicken transactions, simplify workflows, and reduce the scope of PCI DSS audits.

 

6. Exercise caution with new payment types

With the advancement of mobile technologies, new payment methods like NFC are emerging. They are opportunities to enrich the customer experience, but they also need to be monitored for new types of security threats. Emerging technologies are prime targets for hacking, as there may be loopholes that are yet undiscovered. Appropriate defense requires monitoring with the help of machine learning.

 

7. Leverage machine learning

 

How machine learning algorithms help detect fraud

 

Combating payment industry fraud is all about the use of data. To come out on top, merchant organizations and vendors need to be able to use data better than the criminals. The only way to counter today’s complex attacks is to use machine learning.

 

Machine learning lets merchants and vendors identify attacks from patterns and anti-patterns that emerge from data — which could be a new transaction from a strange location, suspicious IPs, a sudden rise in the number of transactions on a card, and numerous other parameters.

 

ML algorithms can help spot threats and identify the sources as well. When considering a payments vendor, assess their machine learning capabilities and consider using a third-party security solution if required.

 

8. Separate retail and online payments

P2PE is specifically designed for managing retail payments. It is not meant for eCommerce transactions. It’s important that you enforce clear separation of concerns here. If the same product is available in-store and online, you’ll need to maintain inventory status in real-time and system-to-system communication to avoid conflicts between the two channels. Additionally, a data breach in the eCommerce portal may just affect retail, and vice versa. Hence, security measures should be compartmentalized when needed, and comprehensive at other times.

 

In conclusion, P2PE greatly assures security for retail payments, but simply opting for a P2PE vendor doesn’t automatically guarantee security. It takes a shared responsibility between you as a merchant organization and your P2PE vendor. By following this checklist, you can ensure your P2PE lifecycle is compliant and secure end-to-end. 

 

Related: 

Browser frames — also known as iframes — have been around since Netscape introduced them in 1996. Back then, iframes were sometimes used in ways that appear wacky by modern standards, such as for the structuring of content on a web page.

 browser iframes have been around since 1996

 

As a result of practices like these, iframes have gained a negative reputation in some quarters. Some developers dismiss iframes as “the web programming equivalent of the goto statement” — a hack that you use when you have to, but not an elegant solution or a best practice to follow.

 

some developers dismiss iframes 

But such criticisms of iframes are not really fair. It’s true that, like any technology, they can be abused and misused. That does not mean, however, that iframes do not have legitimate uses — some of which make them the best solution to a given web programming challenge.

 

One ideal use case for iframes is the integration of a hosted payments page into a website. Let’s take a look at why iframes are a good solution in this scenario.

 

What is a hosted payment page?

A hosted payment page is any type of web page that allows a user to make a payment online.

 

Hosted payment pages typically have to do three main things:

 

  • Accept payment information from a debit card, credit card or other payment method
  • Pass the payment information securely to a server that processes it
  • Receive and display information about the transaction to the end-user

 

Benefits of using an iframe for hosted payments

What do hosted payments have to do with iframes? The basic answer is that iframes provide an easy way to integrate a payment page into a website with minimal fuss and security risk on the part of the developers who are implementing the website.

 

More specifically, using iframes for hosted payments provides several distinct benefits for developers and end-users alike:

 

  • It’s easy for developers to implement. Typically, they only need to include a small amount of code within their website to insert the payment page within an iframe. They simply set up the iframe; the payment provider handles the rest.
  • End-users never leave the main website. Although they technically pay via a different website (the one running inside the iframe), from their perspective, they remain on the same page and site. This helps to keep users confident about the security of the payment they are issuing, since navigating to a different site could leave them concerned about whether they can trust the payment site. It also simplifies the overall payment experience.
  • Iframes mitigate the risk of users navigating away from a page before payment is complete. If you move users to a new website to submit a payment, they may become confused and press the back button or otherwise navigate away from the new site. Doing so can interrupt the payment process — and it poses an especially greater challenge if the payment is already in progress. By keeping the payment within an iframe on your site, you avoid unintended navigation issues.
  • You can update your website without worrying much about how the changes will impact the hosted payment page. As long as you leave the iframe in place, changes to the rest of the site are unlikely to impact payments processing.
  • Iframes are flexible and easy to configure. A few lines of CSS or element property definitions suffice for defining the size, layout and other features of an iframe. You can therefore easily customize how a hosted payment page appears within your website.
  • You can have the payment page time out without disrupting the overall site. This is useful in cases where a customer starts a payment but does not complete it in time. You don’t want to leave the payment page open indefinitely, because that would be a security risk. But you also don’t want your entire website to time out and shut down automatically, because that would reduce the likelihood that the customer will come back later and complete the payment. By placing the payment page inside an iframe, you can easily have just that element time out, but keep the rest of the site running and ready for the customer to use.
  • Iframes make it easy to support different screen sizes and layouts, without having to worry about the specifics of the payment page content. If your iframe is not large enough to display the entire payment page at once, or your end-user’s screen is too small, the browser will automatically create scroll bars to make content visible. In this way, iframes make it easy to integrate hosted payment pages that work well with a variety of different devices and screen types.

 

The bottom line: Iframes provide an easy, flexible and secure way to make hosted payment pages available with minimal effort on the part of your developers — and they simplify transactions for your customers.

 

About the Author:  

Chris Tozzi has worked as a journalist and Linux systems administrator. He has particular interests in open source, agile infrastructure and networking. He is Senior Editor of content and a DevOps Analyst at Fixate IO. His latest book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published in 2017.

Why You Should Share Code on GitHub

GitHub is a massively popular tool among developers these days — and with good reason. It offers all of the functionality of Git, and much more to boot. Indeed, GitHub has become so important to modern software production that if you’re not using it, you’re likely making a mistake.

 

Let me explain. In this article, I’ll discuss all of the benefits of sharing code via GitHub. This will illuminate why many open source projects (plus some non-open source projects) are hosted on GitHub and why the platform has become the default code-sharing solution for software projects.

 

The Sheer Number of Developers and Projects

 

GitHub has over 31 million developers around the globe

 

Let’s face it — Most programmers are already familiar with GitHub. It is, therefore, imperative to share code on a platform most contributors are familiar with. Currently, GitHub has over 31 million developers around the globe (more in 2018 alone than GitHub’s first six years combined), 2.1 million organizations, and 100 million repositories. The stats are only getting better each year.

 

The benefits that come with this is that a project is open to contributions from developers all over the world. Some projects on GitHub start with only a few contributors, but rapidly grow to having hundreds, if not thousands, of developers working on them. This way, bugs get fixed quicker, updates are released frequently, and project continuity is ensured.

 

Available Integration Options and Apps

One thing that makes GitHub very powerful and attractive to developers is the integration options it provides with apps and other services via the GitHub Marketplace. Integrations allow developers to supplement the functionalities provided by GitHub. You can possibly connect GitHub to your existing tooling and work without having to exit first. But it doesn’t stop there — GitHub also allows developers to create custom apps for their own needs using GitHub’s API.

 

Code hosted on GitHub can easily be linked and used on other platforms. With the click of a button, you can effortlessly turn a GitHub repository into a fully functional application on platforms like Heroku, Azure, or AWS. GitHub provides far better integration support than many other similar hosting platforms.

 

Catch Vulnerabilities with Security Alerts

Many projects have dependencies. Dependencies sometimes introduce vulnerabilities. And vulnerabilities, if not patched early enough, expose us to serious security risks. GitHub helps developers catch vulnerabilities in dependencies by notifying them of known vulnerabilities. Admins receive vulnerability notifications and can add others to the list. Additionally, fixes to some vulnerabilities are proposed, and sometimes safer versions are selected automatically using machine learning.

 

The GitHub security alert feature is very useful, and ensures that developers build quality applications that are safe. As a programmer, you can enjoy the benefits of being notified of vulnerabilities and possible solutions.

 

Resolve Issues and Improve Code Quality

Another feature that makes GitHub very appealing to developers is Issues. Issues is GitHub’s own bug tracker. It helps note ideas, bugs, tasks, and enhancements for a project. Once code is shared on GitHub, that’s not the end, as software is rarely ever written once. Code evolves, and Issues enables its evolution by allowing contributors to suggest ideas to projects and report bugs.

 

GitHub Issues takes collaboration to a different level. Because ideas and bugs can be suggested with Issues, contributions to projects are not limited to only the code-savvy. With millions of developers on the platform, project ideas can quickly be turned into features, and bugs can be completely eradicated.

 

The list could go on and on. GitHub is truly a boon (for open source projects especially). With Microsoft now owning the platform, we can expect even more from GitHub.

 

Closing Thoughts

For the record, GitHub may not be the perfect fit for every developer or every situation. For example, if you’re developing code that is not open source and that has high security or privacy needs, you probably don’t have anything to gain by putting it on GitHub, even in a private repository.

 

By and large, however, it’s hard to think of situations where GitHub is not advantageous. It’s easy to see why there has been a surge in the number of companies embracing the open source approach. The integration choices, the number of developers on the platform, security features, and issue reporting system (to mention just a few main items), make GitHub the first-choice platform for sharing code. 

Sick of hearing about New Year’s resolutions you know you won’t keep because they’re too darn hard? Here’s an easy one for you: make your bed.

 

Make Your Bed: Little Things That Can Change Your Life ... and Maybe the World

 

If you want to know why I make that recommendation, read my notes from Make Your Bed by Admiral William H. McRaven. The book is an expansion of the commencement speech Adm. McRaven gave at the University of Texas in 2014. (You might have seen it on YouTube; it has over 7 million views.)

 

Below are insightful excerpts from Make Your Bed: Little Things That Can Change Your Life … and Maybe the World that I hope will steer you and your team towards a more productive and rewarding future.

 

The 10 lessons I learned from Navy SEAL training

 

  1. Start your day with a task completed. Making my bed correctly was not going to be an opportunity for praise. It was expected of me. It was my first task of the day and doing it right was important. It demonstrated my discipline. It showed my attention to detail.
  2. You can’t go it alone. It takes a team of good people to get you to your destination in life. You cannot paddle the boat alone.
  3. Only the size of your heart matters. SEAL training was always about proving something. Proving that size doesn’t matter. Proving that the color of your skin wasn’t important. Proving that money didn’t make you better. Proving that determination and grit were always more important than talent.
  4. Life’s not fair — drive on! Life isn’t fair and the sooner you learn that the better off you will be.
  5. Failure can make you stronger. In life you’ll face a lot of failures. But, if you persevere, if you let those failures teach you and strengthen you, then you will be prepared to handle life’s toughest moments.
  6. You must dare greatly. The British Special Air Service’s motto was “Who Dares Wins.” To me the motto was more than about how the special forces operated as a unit; it was about how each of us should approach our lives.
  7. Stand up to the bullies. Courage is a remarkable quality. Without it, others will define your path forward. Without it, you are at the mercy of life’s temptations.
  8. Rise to the occasion. “No matter how dark it gets, you must complete the mission. This is what separates you from everyone else.” Somehow those words stayed with me for the next 30 years.
  9. Give people hope. If that one person could sing while neck deep in mud, then so could we. If that one person could endure the freezing cold, then so could we. If that one person could hold on, then so could we.
  10. Never, ever quit! If you quit, you will regret it for the rest of your life. Quitting never makes anything easier.

 

If you do these things, then you can change your life for the better … and maybe the world!

 

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.

The New Year is just around the corner – hooray! Before we douse ourselves in optimism and egg nog, allow me to share with you insights from a book that’s bound to make you temporarily less cheery. Acclaimed business author Jim Collins wrote How The Mighty Fall “to offer a research-grounded perspective of how decline can happen, even to those that appear invincible, so that leaders might have a better chance of avoiding their tragic fate.” He continued, “It’s a bit like studying train wrecks — interesting, in a morbid sort of way, but not inspiring.”

 

Clearly this isn’t the subject you’d raise at a New Year’s Eve party, but it’s something every ISV management team should contemplate, even if 2018 was your best year ever. Wait – let me rephrase. You should contemplate these lessons especially if 2018 was your best year ever. Collins writes, “There is no law of nature that the most powerful will inevitably remain at the top. Anyone can fall and most eventually do.”

 

Here are 20 additional insightful excerpts from How The Mighty Fall that I hope motivate you to appropriately adapt your business for next year and beyond:

 

Never give in, except to convictions of honor and good sense.

 

  1. I’ve come to see institutional decline like a staged disease: harder to detect but easier to cure in the early stages, easier to detect but harder to cure in the later stages.
  2. Stage 1: Hubris born of success. Stage 1 kicks in when people become arrogant, regarding success virtually as an entitlement, and they lose sight of the true underlying factors that created success in the first place.
  3. Stage 2: Undisciplined pursuit of more. When an organization grows beyond its ability to fill its key seats with the right people, it has set itself up for a fall.
  4. Stage 3: Denial of risk and peril. Internal warning signs begin to mount, yet external results remain strong enough to explain away disturbing data.
  5. Stage 4: Grasping for salvation. How does its leadership respond? By lurching for a quick salvation or by getting back to the disciplines that brought about greatness in the first place?
  6. Stage 5: Capitulation to irrelevance or death.
  7. Organizational decline is largely self-inflicted, and recovery largely within our own control.
  8. Circuit City left itself exposed by not revitalizing its electronic superstores with as much passion and intensity as when it first began building that business two decades earlier.
  9. Great companies foster a productive tension between continuity and change.
  10. There’s nothing inherently wrong with adhering to specific practices and strategies but only if you comprehend the underlying why behind those practices, and thereby see when to keep them and when to change them.
  11. The best corporate leaders have an incurable compulsion to vacuum the brains of people they meet.
  12. From 1994 to 1998, Rubbermaid raced through the stages of decline so rapidly that it should terrify anyone who has enjoyed a burst of success.
  13. Packard’s Law states that no company can consistently grow revenues faster than its ability to get enough of the right people to implement that growth and still become a great company.
  14. Any exceptional enterprise depends first and foremost upon having self-managed and self-motivated people — the number one ingredient for a culture of discipline.
  15. Whether a company sustains exceptional performance depends first and foremost on whether you continue to have the right people in power.
  16. Reorganizations and restructurings can create a false sense that you’re actually doing something productive.
  17. The very moment when we need to take calm, deliberate action, we run the risk of doing the exact opposite and bringing about the very outcomes we most fear.
  18. If you want to reverse decline, be rigorous about what not to do.
  19. Not all companies deserve to last.
  20. Never give in, never give in, never, never, never, never — in nothing, great or small, large or petty — never give in except to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy. Be willing to change tactics, but never give up your core purpose.

 

Be willing to change tactics, but never give up your core purpose.

  

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.

I usually let book titles stand on their own, but I had to include the subtitle “Resolving the Heart of Conflict” along with The Anatomy of Peace or you might have just scrolled right past this article. I mean you’re an executive/software developer, not an army general, so what does “peace” have to do with you, right? But resolving conflict involving employees, customers, and vendors – well, that’s something you encounter most every day.

 

If you are the mess, you can clean it. Improvement doesn't depend on others.

 

The Anatomy of Peace doesn’t outline communication tactics for resolving conflicts as you might expect. Instead, the book digs below the surface and addresses our attitudes and misconceptions which cause disharmony in the first place, hence the “Heart of Conflict” subtitle. If you’re still thinking this book isn’t for you because your company culture is hunky dory because nobody yells or throws staplers, this passage from the book might change your mind: “Most wars between individuals are of the ‘cold’ rather than the ‘hot’ variety – lingering resentment, for example, grudges long-held, resources clutched to rather than shared, help not offered. These are the acts of war that most threaten our homes and workplaces.”

 

heart of peace vs heart of war

 

Here are 26 excerpts from The Anatomy of Peace that I hope bring harmony to you and everyone you engage with:

 

  1. Parties in conflict all wait on the same solution: they wait for the other party to change. Should we be surprised, then, when conflicts linger and problems remain?
  2. When they spoke, it was a kind of a verbal wrestling match, each of them trying to anticipate the other’s moves, searching for weaknesses they could exploit to force the other into submission. With no actual mat into which to press the other’s flesh, these verbal matches always ended in a draw: each of them claimed hollow victory while living with ongoing defeat.
  3. In the way we regard our children, our spouses, neighbors, colleagues, and strangers, we choose to see others either as people like ourselves or as objects.
  4. Lumping everyone of a particular race or culture or faith into a single stereotype is a way of failing to see them as people.
  5. Heart at Peace – Others are People: Hopes, needs, cares, and fears as real to me as my own.
  6. Heart at War – Others are Objects: Obstacles, vehicles, irrelevancies.
  7. Seeing an equal person as an inferior object is an act of violence. It hurts as much as a punch to the face.
  8. No conflict can be solved so long as all parties are convinced they are right. Solution is possible only when at least one party begins to consider how he might be wrong.
  9. If we are going to find lasting solutions to difficult conflicts we first need to find our way out of the internal wars that are poisoning our thoughts, feelings, and attitudes toward others. If we can't put an end to the violence within us, there is no hope for putting an end to the violence without.
  10. As painful as it is to receive contempt from another, it is more debilitating by far to be filled with contempt for another.
  11. When I see others as objects, I dwell on the injustices I have suffered in order to justify myself, keeping my mistreatments and suffering alive within me.
  12. If I think I am superior, I can excuse a lot of sins.
  13. I may not be responsible for the things he's done. But I am responsible for what I've done.
  14. Whenever I dehumanize another, I necessarily dehumanize all that is human – including myself.
  15. The question for you as the leader is whether you are going to create an environment that is as enjoyable for your people as it is for you – a place that they are as excited about and devoted to as you are.
  16. If you are the mess, you can clean it. Improvement doesn't depend on others.
  17. Five questions that will help you to ponder your situation anew:
    1. What are this person's or people’s challenges, trials, burdens, and pains?
    2. How am I, or some group of which I am a part, adding to these challenges, trials, burdens, and pains?
    3. In what other ways have I or my group neglected or mistreated this person or group?
    4. In what ways are my better-than, I-deserved, worse-than, and need-to-be-seen-as boxes obscuring the truth about others and myself and interfering with potential solutions?
    5. What am I feeling I should do for this person or group? What can I do to help?
  18. When we have recovered those sensibilities towards others, we must then act on them. We need to honor the senses we have rather than betray them.
  19. What would be a problem is to insist that others need to change while being unwilling to consider how we ourselves might need to change too.
  20. Correction alone rarely gets others to change.
  21. Correction is by nature provocational.
  22. When our correction isn't working, we normally bear down harder and correct more.
  23. Teach and communicate: It is no good trying to teach if I myself am not listening and learning.
  24. Learning keeps reminding us that we might be mistaken in our views and opinions.
  25. Peace is invited only when an intelligent outward strategy is married to a peaceful inward one. If we don't get our hearts right, our strategies won't much matter.
  26. May you have the honesty and courage to do what our homes, our workplaces, and our communities most need: to see all as people — even, and perhaps especially, when others are giving you a reason not to.

  

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.