Perfect Irony or Doublespeak – You Decide


Are SaaS Companies Embracing EaaS?

For years now, we have heard of everything as a service - SaaS, PaaS, IaaS, TaaS, MaaS, even FFaaS - fast food as a service.  OK, maybe that one’s a stretch.  Here’s some irony - virtually all of the companies that are selling these various Services still subscribe to the old premise-based employee staffing.

Practice what they preach?  Not so much.

Truth be known, if these promoters of everything as a service were true to themselves they would be embracing EaaS – Employees as a Service – anLet’s start the EaaS conversation todayd taking advantage of all the talent that is immediately available.

Most jobs today require some sort of specialized skills.  You don’t expect your HR team to write code in the same way that you don’t expect your marketing team to run your finance system, but when it comes to software engineers, the expectation is that they can write code, manage security reviews, provide customer support, implement products in the field, write user documentation, and do customer training.  And maybe take out the trash too.
 Executives talk about core competency at the corporate level because that provides a strategic focus  People have a core competency too, and when they stray from that, it elevates risk, invites errors, drives costs higher, defocuses from the roadmap, and stifles innovation.

In contrast EaaS would provide specific high end skill sets only when needed, reduce the risk of errors due to inexperience or unfamiliarity, bring more rapid results, eliminate needless infrastructure and overhead, reduce recruiting and training costs, provide protection against business cycle fluctuations, and most importantly to the CFO, dramatically cut payroll.
Let’s start the EaaS conversation today!

About the blogger:  Al Wild is head of sales at Bit Order Technologies, a Salesforce PDO partner – one of only 22 elite companies worldwide that have been granted that status by Salesforce.

Learn more about the Bit Order Bag of Tricks in the Dreamforce Partner Pavilion at #DF15Partners at the Parc Central Hotel, Thursday September 18 at 3:30. 
You can sign up here

Are you still working ON your business instead of working IN it?

You have labored long and hard to develop the perfect business plan, the perfect product roadmap, and now it’s time to stop developing and refining, and to start selling. So many of you just can’t get over that hump; you have to write just one more line of code to make yours the perfect product.

Simply stated, you need to get over it and pass the torch.

Trailhead is a fun, guided, interactive way for admins, developers, and even business users to learn Salesforce. While you learn you will get to encounter lots of and hands-on challenges and earn points and badges.

To discover all that it can deliver, just click here https://developer.Salesforce.com/Trailhead.

Landing on the Trailhead page you will find some beautiful trails which is your guided learning path.  As you drill down on to these trails through their various levels (beginner, intermediate, etc.), you will find the modules that you can attempt, representing the badges that you can achieve.  Within each module, there are a series of units which once completed, will earn you points toward your bages.  Once you finish with all of the units in the modules, you get the badges.

A key feature of Trailhead is that you get to choose your path of learning - your personal adventure - via a module or a project.   Projects are more of "DO" kind, which gives step by step instruction which is ideal for teaching a workshop, whereas Module is more of "learn" which explains the context of how and why via hands-on challenges you have to solve.  Thus, it is the perfect tool for multiple kinds of users and multiple learning styles.

Step 1:  Login process

Go to the Trailhead site, locate a login button on top right corner and click on it.  You can use any Salesforce production edition login credentials or Developer edition login credentials or admin playground credentials (not sandbox). The system will automatically track your progress and update your badges/scores every time that you return.

Step 2: Jump into the trails

For the individual learner, after finish reading the unit content, you will be presented with a challenge; some are objective questions and some are to connect with your developer edition, solve the problem (practicing what you learned from the content of the unit) and get your points.

Step 3: Connect with developer edition

This is a second step of login process, wherein you tell the Trailhead on what developer edition you are doing that challenge in.  Please note:  you cannot do this in a production/sandbox org. It is recommended that you do this on a developer edition/admin playground.  Since it is all about learning and experimenting on your knowledge, it is definitely prohibited doing it on production org.

Step 4: Attempt challenge.

Read the instructions and just like your second grade teacher would tell you (or in this case, your Salesforce personal trainer), it actually tells you if/where you may have gone wrong.

The gamification process allows you to not only track your points, but also to brag to the rest of the world about how well you have done.  Or to help you out if you get stuck, it also helps you with support from tons of people to keep you moving in forums and via its social media channel.

So let’s go jump in what are you waiting for.. Happy Trails!

Leran more about Trailhead at Dreamforce 15 or contact Bit Order http://bitordertech.com/dreamforce2015


How well protected are your web services? Many #Salesforce ISVs miss this critical step in the security approval process and as a result have to go back to the drawing board before getting their app on the #AppExchange.

ZAP (Zed Attack Proxy) is one such open source tool used for integrated testing done by developers.  An easy to use and simple tool, it offers automated scanners and a set of tools which allow you to find security vulnerabilities manually.

The installation set-up steps are provided in the Salesforce security website:https://security.secure.force.com/security/tools/webapp/zapbrowsersetup

Below are the important features:

Quick start:

It offers you an easy way to quickly test a REST API URL.  Simply enter the URL of your target application and click the ‘Attack’ button.  Example, here I have used SDL Language cloud REST API URL (https://lc-api.sdl.com/languages), which is used to fetch all the langauge pairs used for language translation.

Sites Tab:

It shows all of the URLs visited in the Quick Start/browser.  In this case it shows the SDL language cloud URL which we have used in the Quick Start section.

Break Tab:

If we want to dynamically change the request data values then, the breakpoint allows you to change a request or response when it has been caught by ZAP via a breakpoint.

In this case we have added extra header “Authorization: LC apiKey=xyz123” to authenticate with SDL language cloud.

Request Tab:

It shows the request data sent by you to the requested API URL. In this case we can see the request data sent to the SDL Language cloud.

Response Tab:

It shows the data sent to us by the requested API URL. In this case we can see the response data sent to us by the SDL language cloud.

Alert tab:

It shows the Alerts that have been raised in the testing. For the each Alert node there is Risk parameter which conveys RISK level:  High/Medium/Low.

We can double click an alert to change RISK/Confidence parameters value.

Below are the alerts of details our testing with SDL API URL (https://lc-api.sdl.com/languages).

History Tab:

It shows a list of all requests in the order which they were made. For every request, you can see:

The HTML method, e.g. GET or POST

The URL requested

The HTTP response code

A short summary of what the HTTP response code means

The length of time the whole request took.

Any Alerts on the request.

Any Notes you have added to request

Any Tags on the request

Spider tab:

It shows you a set of URIs found by the Spider during the scans.The toolbar provides a set of buttons which allow you to start, stop, pause and resume the scan. A progress bar shows how far the scan of the selected site has progressed.

For each request you can see:

Processed – It shows if the URI was processed by the Spider or was skipped from fetching because of a rule.

Method – The HTTP method, e.g. GET or POST

URI – the resource found

Flags – any information about the URI (e.g. if it’s a seed or why was it not processed)


After testing of URLs we can generate the report by clicking report menu option and select the format (XML/HTML) of the report we need.

In this case, I have selected HTML report and saved the file locally. This report needs to be submitted at the time of security review process.


Before submitting your dream app for security review, it is necessary to test your integration with ZAP tool and fix the inevitable vulnerabilities found in it.  A clear ZAP report has higher percentage of passing security review in the first attempt.

And, if you just don’t have the resources or your internal audit procedures demand that a third party perform your security review, let us know.

About the author:  Giri Bhushan is a technical lead at Bit Order Technologies and is responsible in part for our 100% success rate of ISV security approvals on the AppExchange.  

Learn more about the Bit Order Bag of Tricks in the Partner Zone at #DF15Partners at the Parc Central Hotel, 2nd Floor, Thursday September 18 at 3:30.

Offshore Product Development – No way! said he, as he missed deadline after deadline.

…and eventually missing his paycheck for non-performance.

Unhappy customers = unhappy management = withering pressure on top of already unreasonable release dates.

Whoever said perfect is the enemy of good sure didn’t have to worry about fixing too many bugs from too early a release. A nice homily when the buck doesn’t stop on your desk.

But it does stop on your desk! And no matter how much profit the company is now making, none of that seems to be trickling down into your budget. Sound familiar?

Produce more with fewer resources. Work smarter. More homilies, but certainly no solution to the talent shortage. The bottom line is that it just takes more people to write more code. But you can’t hire as many people as you need with the budget that you have.