It's fairly easy to price against perceived worth of labor, but it isn't really helpful neither in competitive, nor in emerging markets to base pricing decisions solely on it.
Concepts behind all pricing models are fairly simple and don't require overly sophisticated math. Instead, they require sober look into 4 variables:
- Replacement cost: what would it cost to replace your service/product with something else?
- Market price: what others are charing, charge around their price.
- Cashflow/Net present value: if something you're producing has long-term economic impact, you may price not only based on actual value of your offering, but on long-term profit your offering will generate. And, in some cases in enterprise industries, this is the only way to reasonably justify your prices.
- Value-based pricing: this is fine adjustment mechanism for everything you've figured during previous three stages. Think who's target audience for your product, and if there's something which makes your product more valuable for them than the rest of the market - price it accordingly. Simple example - luxury DSLRs (whose sensors, firmware and lenses are just as good as professional ones, yet luxury casing and a good brand name makes them significantly more expensive).
(I'm not a salesman, I'm an engineer, yet I had to sit through decisionmaking sessions about pricing services in 2 different companies over last decade, and found them very amusing - if you get to the core, the ideas are very simple, they're just surrounded by plenty of bullshit bingo and lingo).
I wonder how many times it's coming back before people will actually start to put some thought (or learning) into design of things that involves a lot of un-obvious considerations?
Anyone already posted "2 unit tests, 0 integration tests"? [1]. It's funny, because 4WS actually had security proofs, which considered all the pieces in isolation, but never in symbiosis.
Serving in the army (and actually going to war, which is a nightmare, for a brief period):
1. It helps you get discipline right, and care less about "productivity" and "motivation" - you just do stuff.
2. It teaches you that your reserves and powers are limited, and priorities are an hourly grind of making the right choices.
3. It teaches you to stay sharp all the time, no matter what your body tells you to feel.
Not that I've mastered any of these, but even small hints I've picked up really changed my life before/after spending 6 months in pre-field training and a year in field (I was officer-in-reserve before, but it teaches you knowledge, not skill).
The two friends I know who went to war had to shove dead kids into trucks. One is a functioning alcoholic and the other is a recluse whose nickname has "drugz" in it. Good luck with that as a self-motivating strategy.
Even though I adore the concept (remember the original posts by J.Spilman in 2012 and kept rolling it in my head for a while), this introduces new remote SPOF for authentication process, doesn't it?
Very flattering that you remember :-) It's still me.
One nice thing about the design is that since the data pool isn't actually storing hashes, it doesn't change over time (except when you want to grow it) it's easy to have multiple data centers that operate completely independently.
Different copies of the data pool, different networks, different DNS, etc. The client library will retry/fail-over between data centers. So while yes, you do have to make a successful API call, it's not a SPOF.
It's very easy to replicate / add redundancy when there's no active sync required between sites. The only inter-site communication we have currently is when new accounts are created, to distribute the AppID, and to aggregate usage stats, which is batched and when it fails will just pickup where it left off once the network is back up.
Smaller userbase means less damage for data holder (the company), not the actual damaged party (person, whose password is leaked). It's not the type of attack implemented on the threat vector that matters - you remove one, you introduce another, it's inevitable cycle of change. The problem is that this is a threat vector and it needs to be solved for no matter how large the sensitive dataset it.
So, yeah, the problem is political in a way that everyone is coming with their own agenda into it, which has little grounding in reality, yet affects decisions of many people substantially.
TOASSA is indeed a book every responsible software engineer has to read these days. Apart from finding bugs, this book is extremely helpful in understanding how bugs come to be, and hints on ways to avoid them.
Concepts behind all pricing models are fairly simple and don't require overly sophisticated math. Instead, they require sober look into 4 variables:
- Replacement cost: what would it cost to replace your service/product with something else?
- Market price: what others are charing, charge around their price.
- Cashflow/Net present value: if something you're producing has long-term economic impact, you may price not only based on actual value of your offering, but on long-term profit your offering will generate. And, in some cases in enterprise industries, this is the only way to reasonably justify your prices.
- Value-based pricing: this is fine adjustment mechanism for everything you've figured during previous three stages. Think who's target audience for your product, and if there's something which makes your product more valuable for them than the rest of the market - price it accordingly. Simple example - luxury DSLRs (whose sensors, firmware and lenses are just as good as professional ones, yet luxury casing and a good brand name makes them significantly more expensive).
(I'm not a salesman, I'm an engineer, yet I had to sit through decisionmaking sessions about pricing services in 2 different companies over last decade, and found them very amusing - if you get to the core, the ideas are very simple, they're just surrounded by plenty of bullshit bingo and lingo).