Book Review: Small Giants by Bo Burlingham

519jtUnq-eL._SX324_BO1,204,203,200_I’m glad I read the 10th Anniversary Edition of the book because I think the extra chapters or modifications make for a much different book. Throughout the book, as he was describing what the small giants do to be giants, without disparaging what they do, I was thinking: “that only works if your profit margins are big, very big”. The new chapters follows up on some companies and what happened to them when those margins become smaller. Long story short: it’s not pretty.

The range of covered companies surprised me. I knew this was not about big companies, so, no Apples, Googles, Microsofts or Facebooks. But still, the range of employee size was from 1, yes, 1, a single person company, to a over-1000 employee company. It’s clear that towards the extreme of the scale, many of the ideas and principles don’t work as well and it might be a stretch to call them small giants but it is exactly that that makes them interesting on this book as it shows the boundaries you could expect if you try to create a small giant.

Reading this book made me think that maybe I don’t want my own companies to be small giants. Maybe I want one of my companies to be one but not the others, I’m not sure yet. I personally don’t think there’s anything wrong with or without being a small giant but if you expect your company to behave like one when it’s not, you’ll be thoroughly disappointing; and for me, that’s the big lesson.

★★★☆☆

Buy Small Giants  in USA
Buy Small Giants in the UK
Buy Small Giants in Canada

 

 

Advertisements

Screensaver Ninja might be coming back

Since discontinuing Screensaver Ninja, I have received many messages asking when it is coming back: over Twitter, Facebook, email, and even one person tracking me down on Reddit..

For those of you who don’t know what Screensaver Ninja is, here is the old explainer video:

It has been very painful to read these messages for a couple of reasons. Firstly, I strongly believe in the product. I want to have it; use it; and enable others to use it. I constantly see expensive and badly designed dashboards or wasted screens, which my product will address. Secondly, judging by the requests, other people want this just as much as I do. Not proceeding with Screensaver ninja could be a wasted business opportunity; although it is hard to tell if the demand is enough to support its development right now.

I set up a landing page explaining what happened to Screensaver Ninja and a form for people to register for notifications of its potential comeback. This was a way to save everybody’s time and frustration; for those emailing requests for up to date information when I could only say, with sadness, “it’s over”. To my surprise, this form has been gathering five or so leads a week, which is rather a lot for an abandoned product.

I have started playing with the idea that I might revive Ninja: This time I have designed a bigger system that covers many more use cases and allows me to support both Windows and Mac OS as well as other platforms just as easily.

During this process I identified the technological bottlenecks; the aspects to product creation that can take months to negotiate and solve, such as hacking Apple’s cookie jar or packaging Chromium. In doing so, I have built a selection of prototypes testing my choices – and everything is working beautifully.

So that’s it: I have decided to revive Screensaver Ninja. I have emailed all of you whom have shown interest to tell you the good news, and have received an overwhelmingly positive response from both individuals and corporations; some wanting to run hundreds of instances.

I want to be completely transparent with my supporters; I am building Screensaver Ninja by myself in my spare time between long days and after hours work at two different consultant gigs. Whilst I am looking into the options of partnerships, developers, and marketers, I have decided not to wait for these additions to the team in order to make progress. I’m very excited about this phase both from the technical as well as the business points of view so Screensaver Ninja is moving forward and I will have frequent updates.

Going into the property business 

I’m a tech entrepreneur and that has not changed, but after six or seven years of trying to have at least moderate success, I’m starting to hedge my bets.

On the side, I want to have some passive income and it looks to me like buy and hold properties, that is, buying them and renting them out, also known as buy to let, is the way to move forward. I identified some very profitable areas and they are in the least expected places. For example, in London you can expect a return on investment of around 3% while I’m getting something around 16%.

If you want to listen to my journey, I’m documenting it as I go with Clayton Morris on his podcast about investing in property. He just published the second episode in which I talk about getting the money for my first two deals.  I just pulled the trigger on starting the business. I’m super excited and I can’t wait to share more good news in the next episode. 

Bank says bad debt OK, asset not OK

I want to start buying property with the goal of generating passive income from rent. I’ve read a bunch of books, listen to podcasts, did my research and I stumbled upon a good opportunity that needs more money that I have right now but still a very low amount. So, I need a loan.

I went to a couple of banks to ask for a loan and the answer was essentially: no, we cannot lend you the money to buy this asset that will pay for itself, but if you want to blow it up on a holiday and buy some useless toys, sure, here it is!

Mind you, I can easily pay the loan from my salary. I actually save more money every month than the monthly payment of the loans and I have in the bank a third of the money. My salary has been steadily going up and I’m in an industry in which I’m in a lot of demand. Where my plan is a safe bet, betting on me is even safer.

I’m not one to believe in conspiracy theories but it almost seems like their rules are designed for people to be stupid, instead of smart, with their money; to get in bad debt instead of growing their wealth.

Now, for the nitty gritty details: I asked for a personal loan, some banks disqualify me because you are not allowed to use it for business, some banks disqualify because I’m planning on buying property. They say: “we cannot give you a personal loan for property because you may also get a mortgage”

“Ok, can you give a mortgage then?” “No, because your property is in another country”

“Can you do anything?” “No”

Let’s say I take this supposed mortgage they are so afraid of and the plan fails. Whoever has the mortgage will repossess the property and I’ll pay the bank out of my salary the same way I would if I wanted to spend the money on a caribbean cruise or home improvement.

This feels utterly ridiculous.

Using Non-Violent Communication for business

I’m just getting started reading the Non-Violent Communication book. I was in the middle of chapter 2 when I put it to work, with amazing results, in a business setting. Needless to say I’m sold on the idea and I’ll continue reading the book, perfecting it and recommending it to other people. This is what happened.

I was doing market-fit research for a new product called Glycast, which is like AdSense for Podcasts. Some years ago I built the core tech for it, but the timing was wrong and it sat on the shelf until now. Now I want to put this tech to good use, so I recorded some videos explaining how it works for podcasters and advertisers and started reaching out to talk to them, get their feedback, refine the product, validate the idea.

Shortly after setting up the landing page I got a message from Dave Jackson of School of Podcasting. In his email he asked a few questions about the service and linked to a YouTube video. I clicked the link to find a video recorded by him, with the title “Clueless Podcasts Advertisers”.  I though maybe this was about things to avoid, to watch out for. Nope, that video is about me. He never mentions me by name but he describes my operation and quotes me verbatim.

My blood started to boil. I’m not trying to harm anybody. I’m just searching for feedback to build a product podcasters and advertisers are happy with and the first message I get is attacking it. In my 6 years or so of running startups I been constantly attacked, so this wasn’t new to me. I don’t understand the mentality of people that when they don’t have a use for your product, they attack you, insult you, spread false information, etc. I normally just move on.

My first reply to the Clueless Podcast Advertisers video was, well, clueless. It went something like this:

I really don’t appreciate you posting a video, calling us clueless. We are not trying to harm anyone blah blah blah and you are attacking us. You are saying this and that and your are wrong, WRONG, WRONG.

Thankfully, I decided to stop and apply the principles of Non-Violent Communication I just learned. The first thing we have to do is observe without evaluation. We often mix the two. The books gives a few examples, such as:

You are too generous.

which is a mixing of observation and evaluation. On the other hand

When I see you give all your lunch money to others, I think you are being too generous.

is separating the two. Me, feeling attacked, was an evaluation of the situation. It was time to ignore that painful evaluation and observe. I re-read his email, I re-watched the video, observing, like an impartial third party and what I found surprised me.

David is helping people get into podcasting. These people are in a vulnerable position because they don’t yet understand the industry they are getting into so they can be subject to scams and abuse by unscrupulous third parties. I bet David is constantly exposed to people that signed up for the wrong service, bought the wrong microphone and now they are coming to him for help. And all he can do is break the bad news: you wasted money, you wasted time, you lost your audience, you are re-starting from scratch. I constantly see entrepreneurs making similar mistakes and I have to break the news and every time I wish I was there earlier, to warn them.

From David’s point of view, I was an potentially unscrupulous third party that was trying to pull off a vendor lock in. Podcasters needed to be warned about me! At this point, I felt I was on David’s side. How weird! It was a fast onset of high level empathy. I re-wrote my answer to be:

About the video. I’m not here to harm anyone. I’m here to make a product to help podcasters and advertisers connect, be more efficient. I’m building whatever podcasters will need to be happy. I understand your worry and your desire to warn your audience that might not understand RSS distribution and make a bad decision now that will cost them a chunk of their audience later on. That’s not something I want to do and I wouldn’t be happy with any company holding an audience hostage like that. I do want to work with you, and other podcasters, to make sure I meet your needs of an excellent platform that will help monetize your podcast, whatever your size is, whatever your topic is, and focus on your craft, on what you love, on podcasting.

I sent the email and I felt immediately better about it. Much better than if I sent the previous version. I consider it a success for Non-Violent Communication and I moved on. Shortly after he asked me for permission to publish this email and I said yes. What I wasn’t expected is that he was going to record a podcast episode reading the whole email and commenting about it: http://schoolofpodcasting.com/7141-2/

Among other things he says, referring to us:

I’m completely blown away by their response

About our solution, he says:

interesting, creative and I like it

He particularly refers to the paragraph I re-wrote as “the coolest part on the email”.

What a phenomenal result! I’m completely sold already on the principles of Non-Violent Communication and I can’t wait to finish reading the book and possibly reading other books too, to learn how to apply them.

The book that changed my life will horrify some of my friends

Atlas Shrugged by Ayn Rand changed my life. Whether that was for the better or worse, it’s up for each person to decide. For me, I’m very happy with the change and I’m glad it happened. I didn’t turn into an objectivist though.

Literarily, I don’t think the book is great. I think Ayn Rand needed an editor, a very strong one. Those 15 page-long single-paragraph monologues do not make the book better. The book should probably be reduced to 500 or 600 pages from its staggering 1192.

The book divides the world into good and bad people, like many stories do, and it’s a bit simplistic. There might be a few surprises but at the end, everyone is clearly good or clearly bad. At least from Ayn Rand’s perspective. So far, nothing surprising. What was surprising for me is how the world is divider.

Good people are producers, they are the people that come with ideas, that start companies, that push progress, that fund science. Bad people are consumers, the ones that take more than they give, the ones living on welfare, but also the ones creating welfare. Bad people are the one telling the good ones that they cannot reap the benefit of their work, that it should be share.

Atlas ShruggedIn Atlas Shrugged, the good people are the Steve Jobs, the Thomas Edisons, the Steve Wozniaks, the Elon Musks, but also the Nikolai Teslas. The badies meanwhile are the Karl Marxs, the Vladimir Lenins, etc.

That’s what the book says, what objectivism is about, and not what I necessary believe. My personal belief is that if you stop the Jobs, Edisons, Musks, then you are a badie, you are stopping progress. But as a society we should take care of the people that fall into misfortune, of the ill, of the downtrodden, of the disabled, of the needy. That’s where I disagree with Ayn Rand.

One issue with the book is that she equates CEOs to the good people and that frustrates people because a lot of CEOs are more takers than creators. And most creators, like Tesla, never carried the title of CEO. Indeed, the biggest creator of all in the book is not a CEO, it’s a lowly engineer.

I don’t believe being a taker makes you a bad person but I do believe that being a taker when you can be a creator makes you bad person and this is why the book change my life. When I read it I was a taker. I was an entitled engineer working at Google most likely not producing as much as I could take when I knew my ability to product was much higher. I was waiting for someone to open the door for me to a position of productivity and that wasn’t going to happen, you have to open the door yourself.

My life changed, I decided to become a producer. So far, I reached the point of co-founding a startup that reached 4 employees (not counting me) that created various products that hopefully are making people more effective and productive. And I’m just getting started. I want to do more, I want to get bigger and provide a great working environment for more people and produce more and better products. I want to produce and give as well as take my share for my work.

Since reading Atlas Shrugged I’m a much better member of society and I wish other people would also make this transformation but I doubt Atlas Shrugged would be the catalyst for many people. It has too many issues.

Picture by Anoop Menon

Hell yeah or no

In Tim Ferris’ interview of Derek Sivers, in which he says that if your answer to a question is not “Hell yeah”, it should be “no”. This got the “Hell yeah” from many listeners and some custom artwork created. But I’m not sure I agree.

Let me elaborate a bit on the concept. Derek Sivers’ argument is that if you say yes to too many things you are going to be oversubscribed and when something truly awesome comes your way, you won’t be able to say yes because you’ll be too busy, too tired or won’t even notice. He said that if it wasn’t for him constantly saying “no” to everything, he wouldn’t have started the Nownownow project.

What’s missing from this equation is the opposite. If you are too picky, if you often have better things to do, if you are not constantly bombarded by projects and opportunities, like Sivers is now, then you might become isolated. You might miss the great opportunities because you weren’t there to see them.

I think a better approach should be something along the line of “You should be taking N new opportunities per year” where N is of course, hard or impossible to define. It’s up to you but the frequency of saying yes and no should vary to have a constant N. If you are bombarded for opportunities, then yes, you need a strong filter, such as “Hell yeah or no” but if you are not, then you need to go out and find them and that means saying yes to things that are not “Hell yeah”.

For example, for the past 4 years I been hyper-focus on my company, Carousel Apps, and my productivity has been high. But also, I missed the enjoyment of helping others with startup and the opportunities of collaboration, making connections, etc. That’s why in 2016 I want to have one evening a week sitting down and having a long conversation with someone about whatever it is they are doing and trying to help them in any way I can.

 

Weeks are better than months

If I say to you “let’s meet in a month” you probably won’t know exactly when we are meeting again. It’s an approximation at best. Do I mean 30 days? do I mean the exact same day number but on the next month? What if that month doesn’t have that day, like February 30th? What if we are in a business setting and 30-days-later or same-number-of-the-month falls on a Saturday? As you see, months, as a measure of time, can be pretty useless. Specially when talking about small numbers, like 1 or 2.

There’s a better unit. The week. How long is the week? 7 days. All weeks are 7 days, no exceptions. If I say “‘let’s meet in a week” you know what I mean. Add seven days to today and that’s when we are meeting. If it’s a Monday, in a week, it’s also a Monday. Also, weeks are smaller, more granular, which is useful for little projects. If I ask “When is X is going to be done?” I’d rather hear it expressed in weeks rather than months.

We normally use months because they allow us to set up a time in the year. We can say “July” and know when it’s that. Weeks can do that too actually.

Did you know that the weeks of the year are numbered? It is call “ISO week date” where ISO stands for International Organization for Standardization. Since a year doesn’t start on the same day of the week every year and also has variable numbers of days, years may have 52 or 53 weeks. This allows to say week 5 or week 30 and refer to a specific week of the year. There’s even a format: 2015-W5-1. That referees to Monday of week 5 of 2015.

If you are using Google calendar, you can add the week numbers to it following this procedure:

  1. Click on “Other calendars”
  2. Click on “Browse Interesting Calendars”
    Using Week Numbers in Google Calendar - Browse Interesting Calendars
  3. Click on “More”
    Using Week Numbers in Google Calendar - More
  4. Next to “Week Numbers” click on “Subscribe”

From now on, in your week view, you’ll see a small rectangle with the week number, in this case, week 6:

Using Week Numbers in Google Calendar - Week 6

It also appears on your list of other calendars, so you can change the color and enable or disable it:

Using Week Numbers in Google Calendar - Other calendars

The most organized businesses I came in contact with, made extensive use of calendar numbers and I intend on doing the same and recommend it to other people. I think the first obstacle to overcome is making the number ubiquitous so that when you use it, saying “week 6” for example, people know intuitively what you are talking about.

Let’s do it.

Picture by Yandle.

 

 

Happy New Year

Happy New Year! Up to now, Marty McFly has showed us what to expect, but from now on, we are in uncharted territory. It’s time to start making our own future, our own decisions. We can now focus on things more important than hoverboards. Just kidding, hoverboards are cool.

More than four years ago I co-founded Carousel Apps and since then I’ve been the CTO and now I am the CEO. I, like many geeks and entrepreneurs, can super focus on one thing and ignore all others. This can be very productive, but it can isolate you.

For example, I forgot how much I enjoy sitting down with someone and being the bounce board for their ideas or providing my technical expertise on how to execute those ideas. I ended up doing just this recently, which was a reminder, and now I want to do it more often. During 2016, I want to do it once a week.

I’ve been coding for 25 years, I used around 17 different language in many different operating systems and countless frameworks. I worked for Google. I co-founded two startups (or more, depending how you count). I had production systems in both Linux and Windows. I use a Mac and I used Linux as my desktop. I’m the CEO of a distributed company. If any of these things or the many others I’ve done make it sounds like it would be useful for us to sit down for an evening and talk about your startup, let’s do it!

During 2016 I want to spend one evening a week helping a different entrepreneur each time, specially non technical ones, with their issues, specially the technical ones. I want to do this for free, just because it’s fun. I’m located in London and I want to divide my time roughly equally between face to face meetings in London and remote ones with people from all over the world. By the end of 2016, I hoped to have helped 26 London based entrepreneurs and 26 from other places.

If this is something that you want, fire an email to pupeno@pupeno.com and tell me a bit about yourself and what do you want to talk about.

Happy New Year!

How to legally submit an app to Apple’s App Store when it uses encryption (or how to obtain an ERN)

Disclaimer: I am not a lawyer, this is not legal advice. 


Shameless plug: I am available for hire doing Ruby, Clojure, Python or many of my other skills including managing developers.


There’s a lot of conflicting information out there about whether you need an ERN or not to publish an app in the App Store. I spoke to Apple representatives as well as various employees of a couple of US agencies. As painful as it is, if your app is capable of the simplest, most standard, of encryptions such as SSL/HTTPS then you need to answer your export compliance questions like this:

Mac App Store questions and answers about encryption

The conclusion from selecting the above answers:

To make your app available on the App Store, you must submit a copy of your U.S. Encryption Registration (ERN) approval from the U.S. Bureau of Industry (BIS).

In some places, you’ll see CCATS instead of ERN. I’m not 100% sure, but it seems CCATS was a previous more bureaucratic version of the ERN. Right now, what you need is an ERN and this is our journey to get it. We are publishing as much detail as possible so that you can replicate it for your own application. There are some other blog posts that explain how to do it, but we found that over the years, some of the steps changed and we had to find a new path. Since this is going to happen again, we are adding as much information as possible so that should your path be slightly different, you won’t have much trouble finding your way through it.

Starting at the beginning

After being utterly confused by both Apple’s as well as BIS’ FAQ and how to pages, I decided to go the homepage for the Bureau of Industry and Security and see where it took me:

Homepage for the Bureau of Industry and Security

At this point I new SNAP-R was relevant to my needs. I was almost under the impression of needing one, even though I didn’t know what it was. Going through that page I found this:

BIS Would you like to

Yes! I’d like to submit an application (SNAP-R) – fourth item in the list. That takes you to this page: http://www.bis.doc.gov/index.php/licensing/simplified-network-application-process-redesign-snap-r, which defines what a SNAP-R is. It stands for Simplified Network Application Process – Redesign. I think a SNAP-R is sort of an account with the BIS. There’s no mention of ERN in that page, but it says:

You must have a Company Identification Number (CIN) and an active user account to access SNAP-R. The procedures and requirements for obtaining a CIN and user account are set forth below.

You need to obtain a CIN before you can proceed. If you scroll all the way to the bottom of the page, you’ll see:

BIS Obtaining a CIN for a SNAP-R for an ERN

And that link, ladies and gentlemen, is the most promising I’ve seen so far. It takes you to https://snapr.bis.doc.gov/registration/Register.do which looks like this:

BIS SNAP-R Company Registration for an ERN

The SNAP-R Company Registration process

After completing and submitting that form you’ll get an email to confirm your email address. I recommend limiting yourself to ASCII characters here, as the é and á in my name got mangled. That email took only a few minutes to arrive but the confirmation page claims the next step might take up to five days:

BIS SNAP-R Email confirmation

Some people claim to have been finished in 30 minutes or even less. I suppose it depends where you or your company is located. In my case, the five days elapsed so I sent them an email and two days later I got a reply telling me to call their support number: +1-202-482-2227 (later on I learned that another phone number that might help is +1-202-482-0707). When I talked to a representative, he said that I should have received the activation email already and just re-triggered it. Maybe calling them after a couple of days would have been a good approach to speed things up. Shortly after my call I got this email:

BIS SNAP-R Account Invitation email - for ERN

That link takes you to a page to set up your log in and password:

BIS SNAP-R Login ID and Password Setup

After entering those details, voila! you have an account:

BIS SNAP-R Login ID and Password Setup - account created

You may now log in:

BIS SNAP-R login in - for ERN

After logging in, you are now in your SNAP-R Home page:

Creating a new work item within your SNAP-R account

The next step is to create a new work item, which you can do from the sidebar. That takes you to a page that looks like this:

BIS SNAP-R Create Work Item

The type of work item that you want, to be able to distribute apps with encryption, is an Encryption Registration:

BIS SNAP-R Create Work Item Type Encryption Registration

Now, about the Reference Number, the question mark next to it sends you to https://snapr.bis.doc.gov/snapr/docs/fieldHelp.html#NewWrkItem1 where it says:

Enter a valid reference number for the Work Item. Reference numbers must be in the format “AAA1111”.

which didn’t really answer what a reference number is. I decided to call them again and when I asked the question they put me on hold for 25 minutes. I hung up, called them again and I was speaking with someone else in less than 3 minutes and she answered. The reference number is just something you make up, for yourself. It’s not something you obtain and it seems as long as you follow their convention, it’s fine:

BIS SNAP-R - Create Work Item - Encryption Registration and reference number

After creating the work item, you are invited to edit it. It starts partially populated and it’s straight forward:

BIS SNAP-R Edit Work Item Encryption Registration

Well, it’s straightforward until the last part: Documents. You need to attach the Encryption Registration Supplement No. 5 to Part 742.

Creating the Encryption Registration Supplement

Creating the supplement, thankfully, is easier than it looks; that is, when you know what you have to do. There’s a document number 742 that you can download from https://www.bis.doc.gov/index.php/forms-documents/doc_download/1208-742 and  on page 60 it has the Supplement No. 5: Encryption Registration. These are the contents of that page:

SUPPLEMENT NO. 5 TO PART 742 – ENCRYPTION REGISTRATION

Certain classification requests and self-classification reports for encryption items must be supported by an encryption registration, i.e., the information as described in this Supplement, submitted as a support documentation attachment to an application in accordance with the procedures described in §§ 740.17(b), 740.17(d), 742.15(b), 748.1, 748.3 and Supplement No. 2 to part 748 of the EAR.

(1) Point of Contact Information

(a) Contact Person

(b) Telephone Number

(c) Fax Number

(d) E-mail address

(e) Mailing Address

(2) Company Overview (approximately 100 words).

(3) Identify which of the following categories apply to your companys technology/families of products:

(a) Wireless

(i) 3G cellular

(ii) 4G cellular/WiMax/LTE

(iii) Short-range wireless / WLAN

(iv) Satellite

(v) Radios

(vi) Mobile communications, n.e.s.

(b) Mobile applications

(c) Computing platforms

(d) Multimedia over IP

(e) Trusted computing

(f) Network infrastructure

(g) Link layer encryption

(h) Smartcards or other identity management

(i) Computer or network forensics

(j) Software

(i) Operating systems

(ii) Applications

(k) Toolkits / ASICs / components

(l) Information security including secure storage

(m) Gaming

(n) Cryptanalytic tools

(o) “Open cryptographic interface” (or other support for user-supplied or non-standard cryptography)

(p) Other (identify any not listed above)

(q) Not Applicable (Not a producer of encryption or information technology items)

(4) Describe whether the products incorporate or use proprietary, unpublished or non-standard cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body. (If unsure, please explain)

(5) Will your company be exporting “encryption source code”?

(6) Do the products incorporate encryption components produced or furnished by non-U.S. sources or vendors? (If unsure, please explain)

(7) With respect to your companys encryption products, are any of them manufactured outside the United States? If yes, provide manufacturing locations. (Insert “not applicable”, if you are not the principal producer of encryption products)

All you have to do is create a PDF file answering these questions for your application and upload it. I couldn’t find this information anywhere so I called them once again and that’s how I learned that all matters related to encryption were handled by the department… never mind the name, the phone number is +1-202-482-0707. Next time I’m calling them directly – there was no wait, no menu, just a person picking up the phone.

I created a document for my case saying:

Screensaver Ninja Encryption Registration Supplement No. 5 to Part 742

(1) Point of Contact Information

(a) José Pablo Fernández Silva

(b) +44XXXXXXXX

(c)

(d) pupeno@carouselapps.com

(e) 20-22 Wenlock Road, London, N1 7GU, United Kingdom

(2) Carousel Apps is a small London based company producing software apps such as Screensaver Ninja. Our main use of encryption (and so far all of it) is the standard SSL (https), OpenSSH, etc. You can learn more about us at https://CarouselApps.com

(3) We produce

(j) Software

(ii) Applications

(4) Our products use standard off the shelf encryption libraries and tools, such as https (SSL). We don’t develop or intend to develop any proprietary encryption mechanisms

(5) We don’t plan on exporting “encryption source code”.

(6) Screensaver Ninja uses Apple’s Safari component that allows https encrypted communication. This is provided by Apple. I understand that Apple uses OpenSSL which is an open source project and thus may have contributions from all around the world.

(7) We produce software, so, no manufacturing process are involved. All our software is produced outside the United States. The reason for this application is to distributed an app through Apple’s App store.

I cannot vouch for this content, I’m not sure this is the appropriate file to submit, this is only what I did. The next step is to click on “View and Manage Supporting Documents” which will take you to a page that looks like this:

BIS SNAP-R Document Management Encryption Registration Supplement No. 5 to Part 742

There, click “Upload Supporting Document” and you’ll be greeted by this form:

BIS SNAP-R Upload document for Encryption Registration Supplement No. 5 to Part 742

I just came up with a title and keywords, entered the current date and my name as author. I think the only really important field is the document type:

BIS SNAP-R Upload document for Encryption Registration Supplement No. 5 to Part 742 f

Submitting the ERN

With that document in place and attached, we seem to have passed some sort of automatic verification procedure.

BIS SNAP-R Encryption Registration All party addresses have passed verification

I clicked on “Preview Work Item to Submit” and I was given a last chance to look at the application and verify its correctness:

BIS SNAP-R ERN Application with document

The submission process, triggered by the “Submit” button of course, asks you for your name, in a special format, one more time:

BIS SNAP-R Encryption Registration Submit Work Item

And we you click “Submit Work Item” you are done:

BIS SNAP-R Encryption Registration Submitted - Thank you

Uploading Encryption Registration to Apple

I almost immediately got a message in the SNAP-R website:

Screen Shot 2015-11-19 at 10.36.00

And the message was the acceptance of the application including the ERN code (blacked out):

BIS SNAP-R Encryption Registration Accepted

That is the document you need to upload to Apple. Take a screenshot of that page and save it for your records. Back at Apple’s iTunes connect, when you answer the questions stating that you use encryption, you get an upload box for the document:

iTunes Connect Encryption upload ERN

If the upload button doesn’t appear, this is what an Apple representative suggested: “If you do not see the prompt, there could be a glitch in the website. One possible workaround is to change the answer to question 4 to “Yes”. By doing this the upload field should appear.”

Once you upload it, the “Submit” button will become enabled and you are ready to rock. Click it and your app will be on its way to fame and fortune. Well… that is… after they review your export compliance. For now, your app will be “Waiting for Export Compliance”:

iTunes Connect - Waiting for Export Compliance

From Apple’s version statuses, that means: “Your app is reviewed and ready for sale, but your CCATS file is in review with Export Compliance.” CCATS seems to be an older or bigger version of the ERN and in some places we can still find CCATS instead of ERN. Don’t worry, an ERN is all you need if your situation is similar to mine. When the status reaches to “Waiting for Review”:

mac app waiting for review

Congratulations! Your ERN was accepted.  You are done with this bit of bureaucracy.

If this blog post was useful or you find differences in the process, please, let us know in the comment section.

Picture by Yuri Samoilov