Category Archives: Web/Tech

Introducing TokenTrack

Last week I launched a new web application, TokenTrack. This site enables you to create a token economy — a way to provide positive reinforcement to motivate people to complete tasks. Using the site, you can create an economy, which is a container for people, tasks and rewards. You can then assign value to each task using a virtual currency called tokens. The tasks and rewards are up to you. You can invite people to your economy by supplying their email address. Everything is private, so participants in one economy can’t see or utilize resources you’ve created in another economy. At the moment, every economy is invitation-only, so no one can access your economy unless you’ve invited them.

This site is an example of a web developer “scratching your own itch.” My daughter likes to do academic and creative projects over the summer, but needs a little structure and responds really well to positive reinforcement. I participated in a few token economies when I was her age and remember really enjoying having the ability to work as hard as I wanted, and to be able to choose my own rewards for my work. Token economies are used in education all the time; if you’re not familiar with them, the Wikipedia article is pretty good.

The site is in beta. It’s free to use for now (at least while it’s in beta). We may charge a little bit for premium features or something at some point, but we’ll cross that bridge when we come to it. There are no major bugs that we know of, but let me know (in the comments or via @jeffreymcmanus on Twitter) if you see any funnies or have any feature requests.

Colophon for nerds: I did the site in Python using Flask. This is my first official site launch using Flask (although I’ve been working on a bigger project for a while now — a rewrite of with a new learning management system). I’m finding Flask to be a very productive way to build web sites, more so than the PHP/CodeIgniter combo I’ve been using for the past few years.

Email Providers with Pay-As-You-Go Pricing

Without wading into the kerfluffle around SendGrid that’s going on this week, here’s a partial list of commercial email service providers that compete with SendGrid. I am specifically focusing on products that provide pay-as-you-go pricing since that’s what we need.

Amazon Simple Email Service lets you send 2,000 messages for free each day if you send mail from an Amazon EC2 instance. Otherwise, pricing is $0.10 per thousand or $0.0001 per message. This makes Amazon one of the most aggressively-priced commercial email service providers around. I found Amazon SES to be challenging to configure and lacking some of the dedicated providers’ features such as a deliverability dashboard. We stopped using SES last year for this reason, but as our volume increases we will consider going back to them.

Postmark charges $1.50 per thousand emails (so, $0.0015 per message). They have a free trial that lets you send 1,000 emails for free. They also provide discounts if you’re sending 500,000 messages or more each month (we’ll get there someday). It looks like they have you pay up front and draw down your account balance like MailChimp does, but they’re a true pay-as-you-go service. Thanks to @torrez for the recommendation.

Mailgun, owned by Rackspace, is not a purely pay-as-you-go service since they have monthly minimums. Their standard account is $1.00 per thousand (so, $0.001 per message) with a $19/month minimum. So this seems like it would would be a good choice if you were planning to send in the ballpark of 15,000 messages or more each month. (They have higher volume plans that reduce the cost per message.) Thanks to @jetsetter for the recommendation.

Vertical Response says they charge $0.01 per email, but it looks like that pricing is variable depending on how much you use (we do email blasts to about 6,000 users which they say would cost $72.00, or $0.012 per email).

Constant Contact does not appear to provide pay-as-you-go pricing. They charge $50 a month for up to 5,000 emails, or $0.01 per email. (They have more expensive monthly plans that bring down the price per message.) Because they don’t offer pay-as-you-go pricing, you’ll almost certainly wind up paying for more capacity than you need.

MailChimp requires that you purchase credits ahead of time to get pay-as-you-go pricing. A $100 prepayment gets you 5,000 credits (that’s $0.02 per email, which makes them one of the more expensive providers).

Campaign Monitor charges $5 per “campaign” plus $0.01 per recipient, but unlike a lot of providers they don’t place restrictions on transactional versus non-transactional (marketing) mails. A transactional email is one that’s sent as a result of a user action (like registering for your site, or in the case of CodeLesson, enrolling in a course). When you’re choosing a provider it’s best to carefully review their terms of service to ensure that what you need is in alignment with what the provider’s terms.

I’m sure there are more providers that provide pay-as-you-go pricing, and I realize that price-per-message is not the only important metric. If you’re using a provider you like, please recommend them in the comments.

Three Thoughts on the New PayPal Developer Site

1. The relaunch of is long overdue and a terrific improvement. PayPal has never had a developer web site worthy of its promise until today. Part of this has to do with how PayPal and its parent company eBay were organized: a dog’s breakfast of products and ancillary initiatives that suffered from a lack of coordination and were often in direct conflict with each other.

It’s clear that a lot of thought went into not only how the site is organized and presented, but how PayPal talks about its products. No longer must you know whether Website Payments Pro or PayPal Website Payments Standard happens to be the correct choice for you before you proceed; the choices are very clear and are arranged in a manner that reflects the user’s goals, not the platform provider’s branding strategy:



Starting from a business goal (“Try Our Shiny New Blortz 2.0!”) rather than a user goal (“Make Money By Accepting Payments!”) is one of the most common errors I see in any kind of product web site; it’s particularly common to see with developer portals, which often seem to be developed by retooled consumer marketers who are operating out of their depth when addressing a developer audience.

2. This site was not developed in isolation. The new site reflects holistic coordination between the product/marketing side of the business and the people who are in charge of engaging with developers (which, at many platform companies, are frequently two distinct sets of people who don’t always coordinate with each other very well).

Presenting information about developer products in this way will certainly sand down the rough edges with regard to getting new developers on board for PayPal, so I’d expect them to see a benefit from the new site fairly quickly.

The new site has a terrific information architecture and a clean look. There’s even a bit of Twitter DNA in there (they’re using the tremendous Twitter Bootstrap UI library).

3. Federated authentication is an interesting and useful addition. PayPal has adopted federated authentication for its developer site, which means you have a button on that logs you in using the same credentials you use on the main site. This has a minor immediate benefit for developers, since you no longer have to maintain two PayPal identities — one account where your money lives and another account to access your developer sandbox. But potentially more importantly, it means that PayPal could transform into an authentication provider of its own at some point. This would give any consumer with a PayPal account the ability to log into a web application using PayPal in the same way that we log in using Twitter, Facebook, or LinkedIn today:


The difference, of course, is that the security regime provided by PayPal would be much greater than other federated authentication providers. As a payment provider, PayPal must adhere to international laws regarding data privacy and security, which would seem to support a higher level of trust for the federated authentication scenario. I’d feel much better sharing my personal information with PayPal than, say, Facebook.

Jeffrey McManus has led developer initiatives for eBay and Yahoo! and has consulted on developer platforms for a number of startups, including Twitter and Twilio. He currently leads Platform Associates, a consultancy that helps online businesses develop and manage platform products, and CodeLesson, which provides instructor-led online training for software developers.

Thoughts on “R.I.P. Good Times, Part 2”

I don’t pretend to know much of anything about tech venture investing but there are several aspects to Paul Graham’s warning to his portfolio companies that are not passing the “smell test” for me. To whit:

  • A venture investor warning startups to “expect lower valuations” is like a truck driver warning a gas station to “expect lower gas prices”. Of course they want entrepreneurs to “expect lower valuations”; this is never not the case.
  • It’s an article of faith that Facebook’s declining stock price will depress startup investing, but I’m not clear on why. The Facebook IPO will actually unlock a large amount of free cash for Facebook employees which they will need to park somewhere. I’d read that more than 1,000 Facebook employees and ex-employees became millionaires on IPO day, and it’s safe to say that most of those folks will still be millionaires even if FB trades at 23. If only 10% of them start doing angel investing (which seems conservative), that means there will be 100 more angel investors in the valley than there were six months ago. You really think this is going to depress startup valuations?
  • The market bats last. No single investor or group of investors gets to determine what the correct market value for something should be. Investors barely get a vote, much less a veto. Anything else is guesswork.
  • The genesis for the original “R.I.P. Good Times” talk was a near-collapse of the U.S. banking system which led to the biggest recession in a century. But the sky didn’t actually fall back then; in the years following there has actually been a significant uptick in angel and venture investing and an increase in IPO activity. The genesis for PG’s warning, on the other hand, was a conversation between a couple of wealthy investors following a two-week decline in a widely-followed (and, arguably, overhyped and overpriced) IPO.
  • The VC model is horribly broken. Still. Investments in Silicon Valley today are mostly done through personal connections, political/business alliances, and one-hour pitch meetings that mostly favor entrepreneurial stereotypes (in essence, males in their 20s) over experience or business viability. If any other kind of Silicon Valley company did business on these principles, they’d be laughed off the playground.
  • The November election has a chance to have a significant affect on the economy; if the Democrats take back Congress and keep the White House (which I think is likely), it’s possible we’ll see the current Republican economic austerity strategy eased somewhat (or entirely abandoned) which could have positive macroeconomic effects that could kick in by Q2 2013. The end of the recession will have a strong positive effect on technology companies, both new and established, and it will cause new investors to emerge.
  • There is a decent chance that the playing board for seed round startups will be rearranged in January 2013, when the SEC rules pertaining to crowdfunding are in place and companies can start soliciting from non-qualified investors. I can’t help but wondering if this isn’t responsible at least a bit of the investor angst we’re seeing today.

At the end of the day, investors don’t express their displeasure with excessive corporate valuations by posting them on the internet. They do this by curtailing their investments.  So until you hear that Graham’s incubator is no longer accepting new companies, I’d say there’s not a lot to see here.

Comment Systems Ask For Too Many Permissions

I’ve been paying close attention to the proliferation of blog commenting systems that enable authentication through third-party sites (mostly Twitter and Facebook, but there are others).

There are two competing tensions at work here: user convenience versus identity verification.

First, the site provider wants to make it as easy as possible for users to identify themselves. Third-party authentication enables users to authenticate through another site (like Twitter or Facebook) without having to fill out yet another form and establish a password at every site in the universe. If the site owner can make this process more convenient for me, it’s more likely that I’ll post comments.

But at the same time, site owners want to attach the comment to some real (or, at least virtual) identity. This is done to facilitate conversation, but it’s primarily an anti-spam and anti-troll tactic. And that’s totally reasonable.

The balance between user convenience and identity verification is struck by enabling the user to authenticate themselves through one or more third-party web sites that already store identity information for that user. But those third-party sites aren’t just identity-verification machines. They also are functional applications which store information on users’ social connection. When I authenticate on someone’s blog using Twitter or Facebook, I also have the option (but, importantly, not the requirement) to give that blog permissions to access my Twitter or Facebook account.

And therein lies the problem. Many blog comment systems are exposing users to security and privacy vulnerabilities because they are asking for too many permissions. Here’s a common example:

I nearly always attempt to log in via Twitter if I can, since I don’t trust Facebook (or its app developers) anymore. With a Twitter-enabled application, a developer has a few options in terms of what permissions you can request from the user: read tweets from the user’s timeline, see who you follow, follow new people, update your profile, and post tweets on your behalf.

None of these permissions are necessary to validate your identity to a blog comment system. There is no reason why Disqus should be allowed to edit my Twitter profile. The commenting system has no need to tweet on my behalf. And so on.

Since I worked on federated authentication initiatives at both eBay and Yahoo (and I was a consultant to Twitter on their developer portal rollout), I pay a lot of attention to this stuff. And I understand the technical implications of it pretty well. But I’m sure that most blog commenters do not. And judging by the number of VCs I follow on Twitter whose accounts have been turned into spambots, I am sure that even “sophisticated” users aren’t thinking this through.

That means it’s up to site providers and developers of commenting systems to protect their users. If you have a blog with a comment system that uses authentication through another site, you should check that system by logging in via Twitter and Facebook as a commenter to see what permissions your comment system requests. If it’s asking for any kind of write access to a user’s account, then it’s asking for too many permissions. This means that if a security vulnerability is discovered in your site in the future (and it will be!), you will be complicit in turning all of your users into social network spambots.

If your blog comment system doesn’t let you control the permissions it requests, you should dump that system and get one that does.

Federated authentication providers enable application developers to request granular permissions for a reason. Application developers must take advantage of that.

Both California Senators Support SOPA/PIPA

I was pretty much done with Dianne Feinstein after she sat on the sidelines during the 2010 healthcare debate, but I was pretty alarmed to hear that both she and our other senator, Barbara Boxer, are co-sponsors of PIPA (the senate version of SOPA that would give big businesses the right to shut down web sites if they linked to content they don’t like — which is to say, nearly all web sites, including those of many legislators).

People are planning a big day of action on Wednesday, January 18. Some content sites including Wikipedia will shut down for the day in protest of the proposed legislation.

If you’re a Californian you should call both of your senators to let them know that giving Rupert Murdoch a kill switch for the entire Web is not okay. From the Hackers and Founders Meetup, here are their contact numbers:

Senator Barbara Boxer‘s contact information:

DC: 202-224-3553
District: (510) 286-8537

or email her via Contact Congress.

Instructions on what to say to register your opposition.

Senator Diane Feinstein‘s contact information:

DC: 202-224-3841
District: 415-393-0707

or email her via Contact Congress.

Instructions on what to say to register your opposition.

TV Rebroadcaster Shut Down by Injunction

I didn’t see any tech blogger coverage of this, then I remembered I had a dusty old blog of my own, so I’ll do a quick summary here. is a terrific television rebroadcasting product that enables you to watch local stations from various US markets on your computer using a downloadable client application that works on both Mac and PC. They charge a very reasonable monthly subscription fee (a fraction of what we paid for DirecTV before we got rid of it last year), but it was a bargain for the few times a month we want to watch live TV (basically, baseball playoffs and entertainment awards shows).

As you might guess, whenever big media is perturbed by technological innovation, a lawsuit must necessarily follow, and this time is no exception. This TechCrunch piece from last October, written by a presumably non-insane lawyer, talks about the legal status of The writer points out that there’s an exemption to copyright law called the “passive carrier exemption” that theoretically enables companies to do what does as long as they don’t alter the programming (there were a few failed attempts at this where companies tried to superimpose their own advertisements, which is obviously evil). But doesn’t do that — they just charge subscribers a monthly fee, like any other cable operator. And importantly, kicks back a portion of subscriber fees to broadcasters, just like cable operators do.

Today the company announced that they were shut down by a court injunction brought by the standard evil media conglomerates (Comcast, Disney, CBS, Fox, Major League Baseball, etc.).

The net effect is that our consumption of live broadcast TV will be going from “very little” to “zero”. Well played, entertainment industry. If the Giants make the playoffs again this year, which they will, I guess I’ll watch every game from a barstool somewhere instead of the comfort of my laptop. Maybe I can teach my daughter to fetch peanuts for me or something. The net result is that the local pub will make more money from me than the TV nets ever will. That can’t possibly have been the intention here. And honestly, it can’t be long now before the black hats (also known as Our Triumphant Liberators of Content) will set up some kind of peer-to-peer rebroadcasting network. Have fun bringing a lawsuit against that, jerks.

Update: Over on GigaOM, Ryan Lawler has excerpts from the injunction, which seems to assert that because they send TV over the internet (instead of wires or via satellite), they can’t be classified as a cable operator. This seems like a pretty dippy interpretation of the law (it’s not is broadcasting content willy-nilly — they’re only sending it to paid users of their custom client app).

Tokbox: A Platform for Adding Live Video Chat to Your Web Site

This evening TokBox launched a new platform that enables Web developers to embed live video conferencing into their Web sites. This is an incredibly exciting product and I’m sure it’s something that a lot of sites are going to take advantage of.

TokBox provides all the challenging bits to make this happen; all a web developer has to do is write a little JavaScript and you’ve got live audio/video chat in the browser with up to 20 simultaneous live participants (more people than you’d probably want to be video-chatting with at once, really) and up to thousands of audience members.

The important thing is that this is a platform, not just a canned widget, so web developers have control over how the in-browser video conference looks and behaves. This essentially enables you to integrate video conferencing anywhere Flash works.

For CodeLesson, the benefits to live chat in the browser are obvious — we’ve been working on using the new TokBox platform to embed live video chat into our online courses as an option to enable instructors to have live office hours with students online. Our hope is to have a video office hours incorporated into CodeLesson early in the new year.

To learn more you can check out their main site or their developer blog, or if you’re a coder and you’re ready to play, get started here.

My consultancy, Platform Associates, has been advising Tokbox on their transition from a consumer site to a platform for the past few months.

CodeLesson ♥ Etsy

Today we announced A Gentle Introduction to the Etsy API. This course is an important milestone for CodeLesson for two reasons:

  • It’s the first CodeLesson course produced by someone other than us. The curriculum and instructor will be provided by Etsy; we’re handling the details of getting students registered, hosting the learning software, setting up shell accounts for students, and so forth.
  • It’s our first free course. We’re able to make this course free to students thanks to the generous assistance of Chad, Justin, and the Etsy team. Thanks guys!

Today marks the transformation of CodeLesson from a somewhat functional online learning site into a mighty platform where anyone can learn and teach anything. We hope to announce more courses like this in the near future, so if you’ve got something you want to learn or teach, please let us know.