I've been quietly watching this list for a while, just to get a sense
for SL as I'm planning to use it for a number of companies (I'm not an
accountant, just the guy who's been lumbered with finding 'something' :-).
In general terms, a couple of observations on the list. All IMHO, of
course:
(1) Personal observations (the 'idiot' series) do not have a place,
otherwise the list should be turned into moderated status and messages
subjected to edit. The volume is low enough, and you could flag only
specific members for edit (yes, it's a form of censorship). Been there,
seen it and even done it. But there are two sides to this: cause and
effect.
(2) If you have knowledge, it may be a good idea to display it by
educating rather than state that "it's simple". The difference is in
documenting your efforts. Stating that you can do something and then
speak disparaging of others who ask you for details (i.e. prove it) is
actually a social engineering method used by fraudsters. I don't think
that's the case here <g>, but by just saying "it's easy" without any
documentary evidence creates IMHO exactly the kind of frustration that
lead to the name calling. A question is asked because a solution is
desired. If you have something positive to contribute, speaketh. If
not, "don't waste my bandwidth" was an advice that existed in days
before the Net (BBS). It's still valid.
So, that's the personal stuff dealt with (proverbial asbestos underwear
donned :-).
Next: the newbie view.
(1) Printed output. I'm amazed to see someone mention output doesn't
identify the company. That should be a default header/footer macro.
I'm also slightly apprehensive seeing the use of LaTEX for output
formatting - never used it so that's something else I'm going to have to
pick up (although I probably mastered worse things :-). Was that choice
because HTML doesn't have decent page control? I know there will
probably be a 'print' button somewhere but I know from experience that
most users will just do a Ctrl-P in their web browser and expect it to
work (I noticed a neat trick at JoomlaShack where a printout will
actually -automatically- use a different layout which is more optimised
for prints - interesting idea).
(2) Test perspective. I have existing Charts of Accounts that I'd like
to use to test the system. I have, however, no way of assessing if the
system will work for what I have in mind as the magic secret of getting
those charts in is contained in a 'to-buy' manual. I have no problem
with spending money on the manual (I always sponsor a project that gives
me benefits for moral reasons) as such but I would have preferred a
donation route instead of being forced into manual labour :-).
(3) Time Cards. From personal experience I know the day format will
give the most accurate result - it's also the most hated one. A
"Weekly" would be better, and I can see that being of use to
recruiters/consultancies as well (I vaguely recall I had a query for
that at some stage). However, from a security background I'd be
hesitant to let outsiders near my core accounting system so I think I
may have a word with some people to see if we can't cook up some
interfaces to a webpage. I'm thinking about a system where someone logs
in, enters their a/c (have SL look up if it's valid) then progress to a
week chart with some codes that associate with the relevant a/c, and
sense/range check the inputs before it gets fed to SL or to some system
that allows a multi-stage approval cycle. It would go a long way to
automated billing and remove manual entry and the inaccuracies that can
result from that. It's an idea, but probably not in scope for SL.
(4) For the rest, well, I'm not an accountant but I may have to be one
for a while. I thus found it interesting to find some good help on the
'contributors' page - this should be more prominent IMHO. And thanks to
whoever put up this link
<http://www.dwmbeancounter.com/tutorial/Tutorial.html> because it's good
stuff :-).
(5) Overall security. For those who don't do this for a living, if you
install SL for corporate use I would strongly suggest not to expose the
interface to the outside world until you have secured the system. Under
Unix/Linux this means removing services you don't use, latest patches
(as always), tight firewall and if you can possibly manage use a VPN or
at least SSL (together is harder :-). Even Hamachi (hamachi.cc) is
better than raw on the Net. Where possible use SE Linux to contain
processes, and run a daily crack on the passwords (after agreeing this
with users and management) to pick up people that have made their life
too easy - it's still the easiest route into a system (I'm veering
strongly towards two-factor logons for the accounts myself).
Under Windows, well, I may cause a storm here but I personally think
you're starting with the wrong fundamentals, and I'm saying that as
someone who's been using it since Worries for Workgroups. Best stick it
behind a non-Windows based firewall (cheap & cheerful: IPcop.org) and
ensure you manually apply patches with a decent rollback mechanism.
It's perfectly possible to build a secure Windows environment, it's just
too much work and expense to my liking :-). For the best help there, go
to the NSA.org pages and download the advice, then gradually switch on
until you have a system that just does the job and nothing more. Be
warned: the NSA advice will initially give you a system that practically
doesn't work until you throttle back a bit so document what you're doing.
That's me. I'll shut up now :-).
--
Regards, /// Peter ///
Peter Houppermans MBCS CITP etc etc
E: pe...@ho...
E: pet...@me...
"A positive attitude will not solve all your problems, but
it will annoy enough people to make it worth the effort."
-- Herm Albright
Authorised Thawte Web of Trust Notary
|
