Italian labor laws are (righteously) under attack right now. Basically, a company can hire people with three main types of job contracts:

• Project-based contract: it defines a project that the employee (which is not really an employee but rather more of a contractor) will have to work on, with defined objectives and milestones. The compensation and the way it's paid can also be defined arbitrarily.
• Permanent contract: the employee is hired permanently and given a monthly compensation.
  
• Fixed-term contract: the employee is hired for a defined period of time and given a monthly compensation (this is almost the same as permanent contract).

There are a number of other weird contracts, but they apply to specific sectors and are not interesting right now. The key topic here is that all job contracts in Italy, unless you're a freelancer with a EU VAT ID, are strictly regulated by labor laws. This kind of approach comes from decades of social unrest and fights by workers and unions.

Project-based contracts have been introduced only ten years or so ago, and have completely disrupted the job market. Such contracts are much easier and cheaper for employers and in turn give less guarantees to workers. Permanent contracts are precisely designed to protect workers, which in general is a good idea, but in reality it turned into a mess in Italy. I'll spare you the details, suffice it to say that project-based contracts are at one end of the scale, while permanent and fixed-term contracts are at the other, causing all sort of trouble and even more social unrest. The vast majority of new workers, typically graduates, are hired with project-based contracts that can be terminated at any moment and give them less benefits. Another aspect that is being widely discussed right now is that if the employer has more than 15 permanent contract employees, then they cannot be terminated without a good reason (the law defining what a good reason is - not doing a good job is not a good reason). This causes problems when companies plan to lay off many workers, even if they can no longer afford to pay them. That in turn is causing more and more project-based contracts to be used (many of them stretching labor law beyond its limits) because they give employers more flexibility - or rather more freedom to fire workers (everything gets down to that). But I'm getting off-track.

So what should a startup do? How should new employees be hired?

The problem with project-based contracts is they must define a project and its objectives. In a startup, pretty much all employees do a variety of things, from programming to... emptying trash cans. If you hire someone with a project-based contract, she is prevented from doing anything but what's in the contract. In reality no one really cares, but still it's something that breaks the law to some extent and could cause problems. As you can see, this is totally unflexible and unagile.

On the other hand, permanent contracts, while allowing almost complete flexibility for the actual work the employee will perform, due to social insurance and taxes are much more expensive (roughly 1.5x compared to project-based contracts), thus would seem unaffordable for a cash-constrained startup - or any small business in general.

Is that even true?

The points to considers are multiple. Firstly, a bad hire is disastrous for a startup, no matter the type of contract. Secondly, startups surely need flexibility, but also need to make employees feel at home and to retain them. A project-based contract goes against both those principles. The answer is that - probably - a permanent contract is much better, even if it costs a bit more.

In an ideal Italy, project-based contacts would not exist, and permanent and fixed-term contracts would cost less while providing the same level of protection for the workers. The key point currently under discussion is the 15-employees thing, which is insane, because the outcome is that growing businesses either hire with project-based contracts or via body-rental companies, precisely because they don't want to cross the 15 employees threshold. A rule that was meant to protect workers is actually causing them harm, preventing growth and causing social unrest. In a small startup that doesn't really matter, but now the project-based contract thing is so rooted in the job market that it seems the only way to hire people in small businesses.

Well, it's not, and it causes more harm than good if you depend on your employees, their loyalty, happiness and thus productivity, which are vital for a tech startup.

Does an email like this even deserve to be replied to?

I am personally more than willing to answer emails regarding what we do, and ScrewTurn Wiki in particular. It's my job after all.

I always try to ignore grammar mistakes, typos, casing issues and misspelled names, but in this case the email is beyond my tolerance threshold.

Who the hell is your friend? Do I know him/her? Obviously, there's no way for me to know that, because you haven't mentioned his/her name.
What college? From his name, I can only assume the writer is from some middle-eastern Country or from India or Pakistan, I'm not even sure, but that's it. He could be from Mars for all I know.
It is also blatantly clear that the guy didn't even spend 30 seconds on our website, because it contains all the information he needs (assuming he knows what he's talking about, which I seriously doubt).

I was seriously tempted to reply something along these lines:

Hello,
thank you very much for contacting us, we really appreciate it.

Regarding your request, customizing screw turn wiki is about taking the engine of your car very near to its built-in RPM limit. Basically, you have to turn the screw usually marked with "RPM adjustment" rightwards, with the engine on, until you can hear it almost blowing up. Your results may vary, and you may end up damaging the engine, but it surely is worth for your final year project. Keep a fire extinguisher at hand, and just to be on the safe side don't forget to wear protective clothing.

Instead I replied with this message:

Hi,
thank you for your email. From what you've written, however, it is totally clear that you don't even know what you're talking about, and haven't spent a minute reading our website, as it contains all the information you need. In other words, I'm not going to give you the least bit of information because it's obvious that you either don't care about your final year project, or aren't able to communicate with other people (or both). When you ask for help, don't expect an answer if you can't even write an email explaining what you're looking for, adding all relevant context information, and most importantly showing that you've done your homework. Failing to do so, especially when you're in school or university, will simply demonstrate that you are lazy and no one will help you.

Am I attracting bad karma? Probably. Am I being an asshole? Likely. Have I wasted more time writing that email than what I'd have wasted simply giving him the information he wanted? Surely.

But people have to learn. We have to crush such behaviors, otherwise they'll spread like a disease and we'll waste our lives babysitting these idiots. As if we don't have enough things to do already.

</rant>

The Lazy Tax on 37signal's SVN blog is right to the point. Digitally-delivered goods are often as expensive, or more expensive, than their physical counterpart. Being able to download your purchases off the web, from home, is very convenient. I've personally verified the digital-costs-more-than-physical phenomenon for:

• Kindle books (not all of them, let's say 50%, it mostly depends on the novelty of the book, the author and the publisher)
• Videogames
• Music.
  

This is the perfect example of a market whose prices are tied to the demand and are not decided as cost+margin. Surely, bandwidth-intensive digital goods such as videogames, music and movies do have relatively high costs, because letting you download several gigabytes worth of content does not come for free. The cost is probably around 2¢/GB. If you consider that you could download the same item many times, the bandwidth cost becomes significant, and probably not too far from posting a DVD across the world. But yet there is no CD/DVD to manufacture and package, no paper to produce, print, bind and shrink-wrap. Most importantly, digital goods don't have the risk of lying there unsold on the shelf. In the end, producers are making good money, the environment is spared several tons of plastic/paper to produce (and dispose of, at some point), and we're happy because we don't have to rip new CDs just to put the music on our smartphone or digital player. I wouldn't call it a tax.

I am currently subscribed to 103 (mostly technical) blogs and websites via Google Reader. If you think that's insane, then you're right.

Truth is, I only read a tiny amount of articles, let's say 5%. Most of the time I just scan for interesting titles, read a few sentences here and there, and then mark everything as read. This is not true for a small subset of blogs, that I actually enjoy reading, but the vast majority of the content is just wasted on me, even when it's about topics I care.

The problem is that blogs, websites and other online news outlets amplify the attention span deficit that lives - and grows - inside everyone of us. There are always things flashing around, links to click, pictures to look at... it's like a luna park with lots of attractions that you cannot miss because they're so shiny!

At some point, I even find myself interested in an article, but end up not reading it because it's too long and I couldn't make it past the first link. You know, TL;DR.

This doesn't happen to me with books (I mean novels and such). And I only read books on my Kindle.

I think the key point is that reading on a e-book reader is almost the same as reading a paper book. It doesn't have anything flashing around, there are no links to follow, and pictures are very limited. In other words, a book, either digital or analog, allows you to focus precisely on what you're reading, without distractions. It's just you and the book.

I am not sure that a full-fledged tablet like the Kindle Fire allows to read a book with the same level of focus and the same lack of distractions. There is a browser just a couple taps away. There is email. There are movies, and YouTube. There are Facebook and Twitter. Even ignoring the fact that reading on a LCD screen causes much more fatigue to the eyes than reading on a e-ink device, I strongly believe that if you like reading, then you don't want a tablet with the entire Internet tempting you to lurk around, letting your brain lose - and waste - the concentration level that is so hard to achieve and that only a book can give you.

The 7th edition of the UGIALT.NET Conference will take place in January. It's a free, independent conference born after the ALT.NET movement, held twice a year usually in Milano and Bologna. It's a very nice thing to have, also because attendees get to vote for the talks they want to attend. This year more than 50 proposals were submitted, for a total of 19 slots available, so that's a huge result by itself.

I submitted my talk proposal on Windows Azure, and more specifically on how to build a simple Google Reader clone on Azure. The project would have allowed to discover all the major features of the platform, so I thought it would have been a nice fit.

To some surprise, my talk was not among the top 19. "OK," I though, "perhaps it was too boring". The problem is that none of the proposals on Azure were selected. Of course, they might have been uninteresting, boring, or simply less interesting than the others.

But then you have this:

How can it be? Is it just that Italian developers don't care about Azure? Or are they already experts? Or, perhaps, is Azure not "ALT" enough? More generally, how can a talk on Node.js* be more interesting, let alone useful, than one (not necessarily mine) on Azure? Have conferences become a way to hide ourselves from technical reality and learn things that are not that useful, but are funnier?

Perhaps it's just this one conference that is weird, and it is to some extent because the voting system makes the agenda absolutely incoherent and spotty. I'll keep my eyes open to see if the same Azure-is-boring phenomenon happens at other events in Italy.

*) Remember, it's fucking JavaScript!

This idea keeps coming back in my head lately. It seems obvious now, but it took me a while to put everything in the right perspective.

When you build a SaaS, it all starts with code in a number of programming languages. Over time, the system starts accumulating and crunching data. Before you even notice it, the data becomes part of the application, and it's at least as important as the code itself.

This reasoning actually works on multiple levels.

The first is rather obvious: all new versions of the application must be able to read, use and alter all existing data. If you do things properly, this is not really a problem, but actually a result of your development methodologies.

The second level is about how existing data subtly forces you to do A instead of B. To slightly adjust your route (both technical and commercial). To do something not quite in the way you'd like. Existing data is a living, growing entity that you, as a developer, must carry on your shoulders. Again, if you do things properly the weight, while still not being nil, is surely tolerable.

The third level is simple but vital, and gets more important over time: without the data, your application is worth nothing. Everyone focuses on technology, on innovation, on UX, and on marketing. The problem is that once your SaaS has started getting traction, and you're seeing a considerable number of people using it, the value starts shifting from the code to the data the code handles. Should you lose all the data, you'd be dead in no time, however innovative your application is.

This is particularly important for SaaS startups. The typical process that gets advertised so often is this:

1. Build a minimum viable product (MVP)
2. Get market validation, possibly adjust your route
3. Get funding precisely because your service/application/whatever is innovative in some way
   
4. Scale

The point is, once you start scaling, the value shifts gradually from the code to the data. Sure, the data is nothing without the code, and the code works perfectly without the data (typically on your local machine), but from a business perspective the code becomes worthless without data.

It's as simple as running another instance of Skype.exe with the /secondary command line, like this:

C:\Program Files\Skype\Phone\Skype.exe /secondary

The only problem is that there is no way to distinguish between the two instances without opening them.

Also, the secondary instance does not seem to start automatically with Windows. I guess you could manually add it to the registry at HKCU\Software\Microsoft\Windows\CurrentVersion\Run (copying the existing one and adding /secondary), but even creating a shortcut on the desktop is a viable solution if you only want the second instance to be run on demand.

A recent thread on Code Project about Silverlight being dead caused somewhat of a heated debate on how and when web applications can replace desktop (or Silverlight in this case) applications.

My answer, in short, was yes, they can, as it always is when this topic comes up (quite often, in case you're wondering). There are a number of counter-arguments you can think of, but the truth is that you can really build complex applications with HTML, CSS and JavaScript. And it's even very simple and streamlined. HTML and CSS enable a level of flexibility that no desktop-like UI framework has ever seen in the history of GUIs. If you add JavaScript and a framework of your choice to the mix, you really have an unprecedented freedom on what you can achieve.

To a big surprise, a reader then sent me an email. To cut a long story short, he asked if there are books that teach you how to build web applications.

Like any good developer, I learned most of what I know by doing things and, most importantly, by following experienced fellows via blogs and websites like Code Project. The reader took the time to explain his history, that is mostly in desktop and embedded programming, based on a variety of languages and frameworks. Jeez, he started programming when I was 3. How can't he find his way through web development? I immediately thought there must be something that's blocking his view.

I thought about it over the weekend and I figured it's all about the approach.

The main point in building web applications is to start thinking the right way. You know, ASP.NET WebForms have actually done more harm than good in this respect. The model they promote is completely, deeply and hopelessly wrong. You can't program a web application as if it was a fucking desktop application. You're building a skyscraper with shaky foundation, while also hiding your head in the sand and pretending everything's fine.

I used to love WebForms. I've started doing web development with ASP.NET 1.1. It was amazingly similar to WinForms. And amazingly wrong, as I've learned later in my life.

We developers are lazy, most of the time. That's why shiny frameworks that promise to automate boring stuff get great levels of attention. ASP.NET was nothing different. It was an amazing framework that promised to make web development easy even for developers who never did it before. And you know what? It actually worked very well. It delivered on that promise. So instead of finding the right tool for the job (web development), we actually bent ourselves to fit into ASP.NET. And before you start arguing, all of you Microsoft haters, this happens all the time to everyone. 99.9% of developers fit into the tools they have at hand and which are often imposed by upper management levels. The remaining 0.1% find themselves in the position to create a new framework because they actually figured out that existing ones are crap. Example: Ruby on Rails. But creating a new web framework is not like flipping a hamburger. It's not for everyone. Unless you're 37signals, you'll have a hard time coming up with something decent, and even if you're 37signals you'll get lots of things wrong.

So it was late 2009 and I've been using ASP.NET for like 3 years. I had built a large web automotive web application, plus ScrewTurn Wiki, so I could call myself a web developer (or so I thought at least). For reasons that are not important for this writing, I had to bang out some code (which later became Amanuens) in the shortest time possible. For reasons I don't remember (probably I wanted to experiment with something new), I decided to use ASP.NET MVC.

BOOM! All hell broke loose.

After a few hours of complete disorientation, I started to understand why WebForms was completely wrong. And before everyone of you starts saying I told you so, let me explain.

Imagine that it's 2006 and you're good with C#. You have to build a web application. Microsoft has ASP.NET. What would you do? Without even thinking once, you open Visual Studio and start writing code in ASP.NET. It was natural, and actually made sense from a business perspective. It was a good solution for the problem at hand, and let you feel at home when writing event handlers for button clicks. Event handlers! Can you imagine that? It was like free beer!

But of course it all came at a price. Firstly, you had this huge __VIEWSTATE thing. You had tons of auto-generated HTML that would make web designers tear their eyes off and run away screaming. And you still didn't have 100% browser compatibility. All in all, it was a limited success from a technical point of view. But you were happy, because it was easy.

Over the months and years, your brain started to bend, to distort reality, and in the end you actually believed that there was nothing wrong with ASP.NET. It was perfect.

Then suddenly brave souls like Phil Haack, Scott Hanselman and their entourage started advocating this new MVC thing. Well, it was huge. It was a completely new world. It was finally The Right Way to do web development on the Microsoft stack. It took me no more than one hour to wake up from the WebForms dream - or was it a nightmare? - and fully embrace MVC.

Why?

Because - and this is the most important thing in web development - MVC does not try to hide HTTP, HTML, CSS and JavaScript under several layers of abstractions and pretend they don't exists. MVC embraces the models that make web applications possible, treating them like first-class citizens. Sure, ASP.NET MVC still has lots of abstractions, but they're all good lightweight abstractions. A MVC applications screams The web is not the desktop! with every controller, action and view you write.

So, to answer the reader's question, surely there are books about developing web applications, but first you really have to understand how the web works and most importantly that it's stateless, start from there, and absolutely avoid trying to fit the web in a desktop development model. Then probably any ASP.NET MVC or Ruby on Rails book is more than enough.

I must be getting older, as things like this would never have happened to me a few years ago. I lost my laptop at the Heathrow airport. It was not even stolen, I forgot it at the security check. I got distracted by the security officer asking to see my liquid items, and taking a lot of time to check them, that I simply left the laptop in one of the trays. How dumb of me. Anyway, the number of measures I took to prevent someone to hack into it and steal data, in hindsight, have proven at least partly effective.

Pick A Strong Password. This should be obvious, but oftentimes passwords are just plain obvious.

Encrypt vital data with TrueCrypt and use a strong pass phrase. A volume encrypted with TrueCrypt, provided you use a very strong pass phrase, is virtually immune to any kind of attack that does not make use of quantum computers (just to make it clear: quantum computers do not exist at the time of this writing).

Encrypt other important data with NTFS EFS. NTFS's Encrypting File System is a decent way to prevent Average Joe to dismount your hard drive and peek at your files. Unluckily EFS is not immune to more sophisticated attacks like brute forcing your Windows password, or fiddling with Windows' users database, but it surely prevents the average thief (or lucky finder) to see your data. Of course I assume the NSA is not after you: in such case EFS is no good.

So far so good. What did I miss?

Encrypt EVERYTHING else with NTFS EFS, especially your user profile folder. I failed to do this out of laziness I admit. Failing to do allows to easily peek at, for example, your browser open session. I'm not sure how effective that is, because applications are able to copy files from other locations, causing them to be unencrypted. YMMV.

Be aware that Dropbox does not have a remote wipe function. Besides using NTFS EFS on the Dropbox folder as well as its cache folder (which I did), there is no reliable workaround for this problem. You could leverage Selective Sync and create an "evacuation" folder, not synchronized on the laptop, where you put all of your files in case of emergency, causing them to be deleted from the laptop the first time it connects to the Internet.

Now a couple of bonus items.

Use a Mac with Bootcamp. The funny thing about Macs running Windows via Bootcamp is that you can't start a Windows setup CD/thumb drive without first configuring Bootcamp from OSX, nor you can easily access the BIOS (or actually EFI). This is another layer of security, although I'm not sure how robust it is. Again, your target is Average Joe.

Use TrueCrypt's full disk encryption. It seems like a very complex process, but it might be worth it. I will surely have a look at it next time.

Luckily, the airport Lost Property office collected the notebook and I was able to arrange for a relative to pick it up for me. This time I've been very lucky, but it's now clear to me that Dropbox poses serious security risks. As I mentioned, I discovered when it was too late that no remote wipe exists, so I contacted Dropbox's support to ask if it was possible to move my Premium subscription to another account and delete everything from my current one (so the data would get deleted on the laptop too in case it was booted and connected to the Internet). It took them roughly 48 hours to respond to my request, without actually answering my question and simply suggesting to change password and unlink the lost PC from Dropbox. Luckily they don't run the Heathrow airport...

Bottom line: be quite paranoid.

Ben Yoskovitz writes (emphasis his): "Most customers tolerate bugs. Most customers tolerate products with missing features [...] Most customers tolerate the quirks and hiccups that come with new technology and software. This is true of early adopters, but it’s even true to some degree, of late adopters. Customers can be quite forgiving. But what they won’t tolerate is being ignored. Even the feeling or inkling of being ignored can set customers into a rage; and worse, have them looking for alternative solutions to yours."

My thoughts exactly.