Connect with us


How should non technical founders collaborate with software developers? – TechCrunch



Software consultants come in many forms, but if you cannot write your own code, finding a developer who meets your needs can be a stressful process that involves much trial and error.

To narrow down good consultancies, we polled experts across the world about the best software development consultants through our TechCrunch Experts program. One of the most-recommended firms we learned about is WolfPack Digital. We caught up with Georgina ‘Gina’ Lupu Florian, CEO of Wolfpack Digital, to talk about her company, how they operate, and the nuances of running a consultancy.

(This interview has been edited for clarity and length.)

TechCrunch: As a developer for hire, how involved do you get when helping clients validate ideas before they bring their apps to market?

Gina Lupu Florian: Our clients often choose us as their sole product and technical partner for their project, which means that we are highly involved in helping them with idea validation. We are here to help them with product discovery and strategy, market analysis, UX/UI design, smoke testing, usability testing, and everything else that is needed to get it right. After the coding phase is completed for any iteration, we support with rolling out the app to beta-testers, and for learning iteratively from the results in a lean way so that an optimal first version reaches the targeted audience at the official launch of the product.

The degree to which we get involved with the idea validation may vary depending on the goals and needs of the project, the founders and/or stakeholders, and the stage at which the project is when we begin our collaboration. Developer-for-hire is a model that has been less common for us in the past few years given our product-oriented approach, although we have ongoing collaborations fitting that model too. We are open to accommodating any setup that works best for our clients and their mobile apps or web platforms.

Can you describe the intake process for new clients? How do you assess their requirements, and what information do you need before you can share timelines and budgets?

The intake process can vary a lot depending on the particularities of each project and collaboration. We typically assess the information provided by our clients and put together a proposal that we refine afterwards with the client as we discover more about the product along the way.

To get to a robust estimated project timeline and budget, we consider user stories, wireframes, and/or a requirements document as the perfect starting point. We can either collect them directly from our clients (if they have them ready after attending incubators, etc.), or we can help with putting them together and join a discovery phase, which typically takes from a few hours to a few days. From the moment we have enough information to prepare a proposal, it usually takes less than a week to deliver it.

Help TechCrunch find the best software consultants for startups.

Provide a recommendation in this quick survey and we’ll share the results with everybody.

What’s a ballpark quote for the average project, and how frequently do you communicate with clients once the work is underway?

In general, questions about quotes are probably amongst the most difficult and yet most common. This is because quotes for web and/or mobile projects can range all the way from a few thousand  dollars to millions. It all depends on the scope, and the more clarity there is, the more accurate the estimation. However, when we start a project, we want to make sure that we keep it agile and adapt so as to bring the best product to the market. It’s all about balancing being adaptable while keeping an eye on the budget.

Based on the projects we have taken on recently, the average project size has been in the $100,000 to $200,000 range. Since we are an Agile company, we communicate with clients very often, typically weekly. The communication frequency depends a lot on how hands-on the client wishes to be during the development process — we have projects where we sync with them almost daily, while on others our clients prefer fewer interactions so that they can focus on different parts of their business.

What percentage of your clients are non-technical people who have an idea, but no coding experience? How much of a limitation is that for launching an app?

I would say probably around 50% of our clients are in this situation, either as founders of a startup, or as representatives of companies (product owners in scale-ups, or people in corporate innovation departments, for example). We are here to help with every step of the way, so we don’t see it as a limitation at all.

However, it’s true that having previous experience working with agencies/developers may be useful in terms of familiarity with the software development processes. But absolutely anyone, regardless of their background, can get up to speed quickly, and we are here to support them.

As a consultant, is helping clients avoid scope creep part of your role? If so, how do you help manage their expectations?

Definitely! I think it’s part of our responsibility, and the most important ingredient is clarifying what the priorities are. We encourage ideation, of course, but in the end, we need to focus together on what brings the most value to the product. Besides having clarity with priorities, keeping an eye on a project’s budget and considering it in all decision-making contexts is crucial, as it can be quite eye-opening.

Estimating the work needed for any new feature/change so that informed decisions can be made is also part of the process. Our project managers/product owners also offer their support with relevant questions along the way, and we contribute with suggestions from our team to pragmatically reach the client’s goals with the best results given all the factors involved.

What’s your average timeline for delivering a working app after you’ve signed a contract? What do you need to accomplish before you can share wireframes?

If we are to start a web or mobile app from scratch, respectively, from a set of requirements, and discover it, design it, code it, validate it, etc., it usually takes anywhere from three months to over a year to get to the first version. Most often it’s around six to nine months. It has a lot to do with the complexity of the product, not just from a technical standpoint, but also from a functionalities and product experience perspective to make it attractive to users.

You want your app to have everything it needs so that it’s useful and gets adopted by users by turning it into a better option than whatever it is they are currently using to solve a problem. For a banking app, for example, delivering an app can take longer, because there are many integrations that need to be created, and the fintech market is quite competitive, so you need to have a strong backbone in terms of functionalities in your app. At the same time, the investment brings greater benefits.

Do you also oversee the QA process? Can Wolfpack Digital help clients navigate the approval process for app stores?

Yes. We have an in-house QA team with a special knack for finding hidden issues, and they work closely with our developers and everyone else on the project. We have done App Store submissions hundreds of times, and we have handled a wide palette of scenarios with grace.

We find that approvals work seamlessly 90% of the time, but it may happen that some blockers are encountered (related to terms and conditions, for example), in which case we are ready to take on the communication on behalf of our clients and find a solution, as well as translate to accessible language what the issue and the steps needed are.

Do you provide any marketing services?

This has been part of our plan for a while as we actively receive requests for such services, but we are currently only marketing our own brand and don’t offer marketing execution services to clients. Based on the in-house knowledge that we have on the topic, though, we help our clients with market and audience analysis for their digital products — not just in the beginning, but also as the app scales, to suggest new features based on available data, for example.

So we cover marketing strategy for our clients as part of our product strategy and consultancy service. As a company, we have won awards in global competitions focusing on app concepts and product strategy, and therefore we are particularly passionate about this topic, which includes some strong marketing elements.

Do you work on both hybrid and native apps? What can you tell us about the benefits and drawbacks of each, and when do you encourage clients to go hybrid?

Yes, we work on both native and hybrid technologies for mobile apps, and the choice depends on each project’s type and particularities. There are a few important scenarios where we believe in the power of native iOS and Android. The first one is when scalability and stability are very important right from the beginning — with fintech apps, for example. It’s very likely they will grow in both complexity and user base, so it’s crucial to have a stable app that people can rely on.

Native apps scale better over time, as they use the native frameworks created by Apple and Google, so you don’t have any limits in terms of what can you do. Furthermore, with each new iOS or Android update, the native tech gets updates first, so you can tackle any OS surprises upfront.

Another scenario would be when the app needs to use the hardware capabilities of the phone: Bluetooth, camera, GPS, gyroscope, etc. On the native side, you have direct access to those SDKs, but with hybrid, you need to write your own plugins (in native code), or rely on existing ones from the open-source community. This can become problematic, especially with certain edge-cases (auto-reconnect, change the camera’s parameters, etc).

Hybrid technologies are a good fit when you are looking for quick validation of an idea, or when you’re dealing with a simple mobile app that relies pretty much on the backend. If 90% of the app is just data that you input (forms or questionnaires, for example, for a healthcare app to collect feedback), or display data from the server-side (numbers, charts, or recommendations), then Flutter can be the best option because there aren’t any functionality-related surprises to expect here. Moreover, Flutter allows you to create identical UIs for iOS and Android, if that’s one of the goals, although it’s mostly better to use native elements for each one.

The development time to market is typically shorter if you go for native, because you can move swiftly on two tracks in parallel, while the overall budget, at least initially, is probably higher for native. In the long run, however, hybrid may raise certain challenges that bring the budget of the project to a similar level or even exceed what native offers, depending on what challenges you find on the way, or what new functionality you need to implement.

The maintainability of hybrid is definitely a strong pro, as you have one single code base to maintain. Nonetheless, you need to have devs working on it who are knowledgeable on the chosen hybrid technology as well as on native, in case any plugins are needed, which may make staffing difficult. Overall, there is no right or wrong answer between native and hybrid, and the best choice depends a lot on the particularities of your app.

Have you ever turned down a client? Are there kinds of apps you won’t work on, like e.g, games or dating?

We have turned down clients, and, although our portfolio is quite diverse, it’s important for us that we work on projects that match our values and ethics. We have worked on dating apps, for example, but we’d turn down requests for websites or apps dealing with weapons, illegal drugs, etc.

Games represent a space we have not entered, as the technologies and design capabilities needed to develop games are quite different from our own (including the programming languages used — for example, we use Ruby on Rails, Vue.js, Swift, Kotlin, and Flutter, while Unity is used for games quite commonly). However, many of the apps we develop have a very strong gamification aspect.

Who owns the source code once the project is complete? How is the source code managed?

Typically the client owns the source code, and all the intellectual property rights belong to them, from day one. This is something that is also specified in our service agreement. When it comes to managing the source code, we cover different scenarios, but we usually have a private version-control (Git) repository on our side for each project. The team that works on the project has access to this repository, pushing code regularly while following the Git-flow guidelines.

Once the project is complete, or even at intermediate steps, we transfer the source code to a repository owned by the client. If needed, we assist them with creating a version-control account, then one or more repositories (depending on how many technologies are needed for that project — iOS, Android, backend, etc.), and finally with giving us access to transfer the source code to them.

They will of course also be able to see the commit history and each step along the way. In case any updates are needed, we can either continue to work on our own repositories and transfer the code updates again or push the code updates directly to their repositories. We also have collaborations where we work with the client’s in-house dev team, and therefore the entire team is active on the same repository at all times.

Source link


Snowflake 101: 5 ways to build a secure data cloud 



Today, Snowflake is the favorite for all things data. The company started as a simple data warehouse platform a decade ago but has since evolved into an all-encompassing data cloud supporting a wide range of workloads, including that of a data lake

More than 6,000 enterprises currently trust Snowflake to handle their data workloads and produce insights and applications for business growth. They jointly have more than 250 petabytes of data on the data cloud, with more than 515 million data workloads running each day.

Now, when the scale is this big, cybersecurity concerns are bound to come across. Snowflake recognizes this and offers scalable security and access control features that ensure the highest levels of security for not only accounts and users but also the data they store. However, organizations can miss out on certain basics, leaving data clouds partially secure. 

Here are some quick tips to fill these gaps and build a secure enterprise data cloud.


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

1. Make your connection secure

First of all, all organizations using Snowflake, regardless of size, should focus on using secured networks and SSL/TLS protocols to prevent network-level threats. According to Matt Vogt, VP for global solution architecture at Immuta, a good way to start would be connecting to Snowflake over a private IP address using cloud service providers’ private connectivity such as AWS PrivateLink or Azure Private Link. This will create private VPC endpoints that allow direct, secure connectivity between your AWS/Azure VPCs and the Snowflake VPC without traversing the public Internet. In addition to this, network access controls, such as IP filtering, can also be used for third-party integrations, further strengthening security.

2. Protect source data

While Snowflake offers multiple layers of protection – like time travel and fail-safe – for data that has already been ingested, these tools cannot help if the source data itself is missing, corrupted or compromised (like malicious encrypted for ransom) in any way. This kind of issue, as Clumio’s VP of product Chadd Kenney suggests, can only be addressed by adopting measures to protect the data when it is resident in an object storage repository such as Amazon S3 – before ingest. Further, to protect against logical deletes, it is advisable to maintain continuous, immutable, and preferably air-gapped backups that are instantly recoverable into Snowpipe.

3. Consider SCIM with multi-factor authentication

Enterprises should use SCIM (system for cross-domain identity management) to help facilitate automated provisioning and management of user identities and groups (i.e. roles used for authorizing access to objects like tables, views, and functions) in Snowflake. This makes user data more secure and simplifies the user experience by reducing the role of local system accounts. Plus, by using SCIM where possible, enterprises will also get the option to configure SCIM providers to synchronize users and roles with active directory users and groups.

On top of this, enterprises also should use multi-factor authentication to set up an additional layer of security. Depending on the interface used, such as client applications using drivers, Snowflake UI, or Snowpipe, the platform can support multiple authentication methods, including username/password, OAuth, keypair, external browser, federated authentication using SAML and Okta native authentication. If there’s support for multiple methods, the company recommends giving top preference to OAuth (either snowflake OAuth or external OAuth) followed by external browser authentication and Okta native authentication and key pair authentication.

4. Column-level access control

Organizations should use Snowflake’s dynamic data masking and external tokenization capabilities to restrict certain users’ access to sensitive information in certain columns. For instance, dynamic data masking, which can dynamically obfuscate column data based on who’s querying it, can be used to restrict the visibility of columns based on the user’s country, like a U.S. employee can only view the U.S. order data, while French employees can only view order data from France.

Both features are pretty effective, but they use masking policies to work. To make the most of it, organizations should first determine whether they want to centralize masking policy management or decentralize it to individual database-owning teams, depending on their needs. Plus, they would also have to use invoker_role() in policy conditions to enable unauthorized users to view aggregate data on protected columns while keeping individual data hidden.

5. Implement a unified audit model

Finally, organizations should not forget to implement a unified audit model to ensure transparency of the policies being implemented. This will help them actively monitor policy changes, like who created what policy that granted user X or group Y access to certain data, and is as critical as monitoring query and data access patterns. 

To view account usage patterns, use system-defined, read-only shared database named SNOWFLAKE. It has a schema named ACCOUNT_USAGE containing views that provide access to one year of audit logs.

Source link

Continue Reading


WhatsApp rolls out new ‘Message Yourself’ feature globally • TechCrunch



To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here.

We’re joining the Cyber Monday fun with 25% off annual subscriptions to TechCrunch+ content and analysis starting today until Wednesday, November 30. Plus, today only, get 50% off tickets to discover the vast unknown and attend TechCrunch Sessions: Space in Los Angeles!

Okay, we haven’t done a newsletter since Wednesday, and while the U.S. team was chillin’ like villains, the rest of the team was hard at work, so here’s some of the highlights from the last half-week of TechCrunchy goodness! — Christine and Haje

The TechCrunch Top 3

  • Talking to yourself just went digital: Instead of having that internal monologue stay in your head, now you can play out all of your thoughts to yourself in WhatsApp, Jagmeet writes. The messaging platform began rolling out an easier way to talk to yourself today after completing beta testing.
  • Great Wall of porn: That’s how Rita and Catherine describe the bot surge in China that is making it difficult to get any legitimate Twitter search results when trying to find out something about Chinese cities. Why, you ask? Rita writes that “the surge in such bot content coincides with an unprecedented wave of (COVID) protests that have swept across major Chinese cities and universities over the weekend.”
  • Your calendar, only more productive: Get ready for your calendar to be more than just a place to record things you have to do that day. Romain writes about Amie, a startup that grabbed $7 million to link your unscheduled to-do list with your calendar. The app also enables users to be social with coworkers.

Startups and VC

Dubai-based mass transit and shared mobility services provider SWVL has carried out its second round of layoffs, affecting 50% of its remaining headcount, Tage reports. The news is coming six months after SWVL laid off 32% (over 400 employees) of its workforce in a “portfolio optimization program” effort geared toward achieving positive cash flow next year.

There’s a couple of new funds in town, too! Harri reports that Early Light Ventures plots a second, $15 million fund for software ‘underdogs,’ while Mike writes that BackingMinds raises a new €50 million fund to fund normally overlooked entrepreneurs. He also writes about Pact, an all-women led VC for mission-driven startups, backed by Anne Hathaway.

And we have five more for you:

Lessons for raising $10M without giving up a board seat

Blackboard showing soccer strategy

Image Credits: Ihor Reshetniak (opens in a new window) / Getty Images

Over the last two years, intelligent calendar platform raised $10 million “using a more incremental approach,” writes co-founder Henry Shapiro.

“We’ve done all this without giving up a single board seat, and Reclaim employees continue to own over two-thirds of the company’s equity,” rejecting conventional wisdom that founders should “raise as much as you can as fast as you can.”

In a TC+ post, Shapiro reviews the process they used to identify follow-on investors, shares the email template used to pitch the SAFE, and explains why “a larger cap table means more founder control.”

Three more from the TC+ team:

TechCrunch+ is our membership program that helps founders and startup teams get ahead of the pack. You can sign up here. Use code “DC” for a 15% discount on an annual subscription!

Big Tech Inc.

Amazon’s recent cost-cutting measures seem to be affecting more than just its delivery business. Manish writes that the company is shutting down its wholesale distribution business, called Amazon Distribution, in India. Amazon had started this unit to help neighborhood stores secure inventory. The company didn’t say why it was closing this particular business down, but Manish notes that this is the third such Amazon unit to be shuttered in India.

Meanwhile, Natasha L reports that Meta has gotten itself into trouble again with the European Union’s General Data Protection Regulation (aka, the agency that regulates data protection). Facebook’s parent company is being hit with $275 million in penalties for what the agency said was breaches in data protection that resulted in some 530 million users’ personal information being leaked.

Now enjoy six more:

Source link

Continue Reading


French Court Says Man Was Wrongfully Fired For Not Being ‘Fun’



You can’t be fired because a company doesn’t think you’re “fun” enough.

Frédéric Soltan I Getty Images

The Court of Cassation in Paris.

At least, that’s according to France’s highest court, The Court of Cassation, which ruled earlier this month that a man who was fired for not wanting to participate in certain company activities billed as part of their “fun” culture was wrongfully terminated, according to The Washington Post.

The man’s legal team said their client wasn’t seen as “fun” because he refused to engage in corporate events with large amounts of drinking. The man also claimed a work culture where people did activities such as miming sexual acts, sharing beds with other employees at work events, and giving people uncouth nicknames, per the outlet.

A Google translation of the court documents characterized these acts as “practices advocated by the associates linking promiscuity, bullying, and incitement to various excesses.”

The decision says the man was fired in March 2015 for not embracing the company’s “fun” culture (calling it “professional incompetence,”) as well as being more rigid of personality, the documents claim.

The company in question is Cubik Partners, a management consulting firm. It did not respond immediately to a request for comment.

France is known for its pro-employee labor laws and well-known jokes about how it’s impossible to get fired there. That is also generally true for other countries in Europe, including Ireland, where Elon Musk’s Twitter has already faced a temporary injunction for firing an executive based there.

In this case, the court ruled that firing an employee for not doing the activities in question constituted a violation of “his freedom of expression,” and that it is a “fundamental freedom” to not engage in some sort of social activity.

The fired employee had asked for over $400,000 USD, which the Paris Court of Appeals rejected last year. This ruling turned over that court’s rejection in part, ordered the company to give the former employee $3,000 euros, and said it would look at his demand for damages at some point in the future, per Insider.

Continue Reading