Personal Benefits to Taking the Bus to Work

July 2, 2010 2 Comments

Take the Bus to WorkNot many people in Cincinnati take the bus to work. There are a couple reasons for this. For one, the city is not that big so even people who have purchased homes in the ‘burbs can drive into town in less than 30 minutes. Secondly, there are not many routes scheduled, especially outside of commuter hours, so if someone’s schedule is anything different from the standard 8 to 5, then taking the bus would be inconvenient.

Why do I do it?

When I got my job downtown I was determined to begin taking the bus. The closest stop is ridiculously convenient for me. It is less than a half mile away and I pass my mailbox and a grocery store on the way. I don’t take it every day, but about 40% of the time. There are some obvious benefits:

  • Extra exercise
  • Good people watching
  • Save money
  • Reduce stress on my car
  • Environmentally conscious
  • Learn another valuable transportation resource

The biggest benefits

I neglected to mention the 2 biggest benefits in the above list because I want to write about them in more detail.

Time

The bus is great when it is not crowded, so recently, I have shifted my work schedule to be earlier so that the bus ride is less likely to be crowded. Instead of paying attention to driving, I can zone out, sleep, read, text, get on twitter, etc. I get back my commute time.

This is important because lost time is an important issue. The concept has been analyzed many times in other sources, but as developers our time is valuable and easily monetizable. Even if we have day jobs our time outside of that could be spent freelancing, earning significant dollars per hour. Therefore, if I can save an extra hour a day by not having to drive myself to work, then I have saved X dollars, by freeing up that time to work on something else, like this blog post. Now, if it were only socially acceptable to attend work in pajamas, I wouldn’t have to spend time ironing. Wouldn’t that be nice?

Speaking of being productive, I could only imagine what more I could do with my time if the buses I took provided wireless Internet. Then I could actually do billable work. I know that other cities’public bussing systems provide this, so why can’t mine?

Flow

Another great benefit I have noticed is that by starting to exercise my mind on the bus, I am ready to work by the time I get to my desk in the morning. I do not need to “wake up” for an hour once I get there. I don’t feel the need to catch up on twitter, blogs, or emails because I have already done that on the bus. It is a way to “prime the pump.” By consuming some slightly work-related info in a relaxed manner, I am able to feel like my day is starting at my pace without wasting the time I could/should be productive at the office. By the time I am at my desk, I am able to buckle down and get into flow much more quickly.

My recommendation

Here’s my advice if you currently have a significant commute to work and have not tried the bus system enough to get comfortable with it. You can probably ease into it to see if you like it.

To get started, you can search for your local bus system online. You can usually find it by Googling “[Your City] Transit Authority.”

Find the nearest Park ‘n’ Ride, that’s what the Midwest cities call parking lots that are specifically designed for leaving your car there all day while you commute on the bus. There are 2 advantages to using the Park ‘n’ Ride rather than walking. First, you can drive to it. This way you don’t have to try and time the bus schedule as precisely because the car can get you there more quickly. Driving also allows you to be lazy and takes less effort. Second, if you miss the bus and decide you don’t want to wait for the next one, your car will be right there for you to drive into work that day. The Park ‘n’ Ride reduces risk.

Take the bus 2 times a week for a month. This should be long enough for you to decide if you like it and to understand how to utilize the system should you need it in the future. It can be nice to have the option to take the bus to work in certain cases, such as when your car is in the shop or when you will be meeting someone for happy hour who can drive you home.

 

As you read more of my blog, you’ll realize I love it when I feel like I am getting the most out of something. I feel that way with my local bus system now and I hope to share the benefits with you.

Attribution: Image by caribb

Filed under Blogging Tagged with , ,

Let’s Raise the Standard of Security Knowledge

May 20, 2010 Leave a comment

What is the best way to raise the standard of developer knowledge in the area of security best practices?

Security Skill Improvements

Photo by CarbonNYC

I ask because this is a particular pain point of mine. Personally, I must admit I am not where I should be with programming securely. However, I am definitely experienced enough to be able to spot obvious security issues in a software application. Not a month goes by, not a month, in which I do not stumble upon some basic security vulnerability in code I am maintaining or have to instruct a colleague why a particular implementation could be catastrophic. Do others feel this way about code I have produced? I hope not.

I practice some of the basics:

  • No SQL Injection Vulnerabilities
  • No Cross-Site Scripting Vulnerabilities
  • No storage of passwords in configuration files
  • No delivery of sensitive information in plain text

How can we make sure that any developer who puts new code into production knows these standards at a minimum?

I don’t want to have to teach someone again that in-line SQL is bad or that user input can’t be trusted. I don’t want to be able to look into a database and see actual user passwords strewn about. It’s not that I don’t enjoy teaching others about these things; I do very much enjoy teaching. It’s that I shouldn’t have to. There should be a minimum security skill set that any developer should have before getting paid to program.

My frustrations with this problem have been present for years, yet they have not led me to any solutions. How do we teach young developers about security? Assuming every company hiring entry-level developers had an orientation at which best practices were taught, it would still not be long before the next generation of hacks evolved and new security knowledge would be necessary. Which begs the next question, how do we all stay abreast of the most relevant security best practices?

As noted, I am not a security expert. However, I think I am often able to think about how someone could manipulate a system as I am writing code for it. Unfortunately, I tend to only notice these vulnerabilities because I am intimate with the code. My philosophy is always that if there is a vulnerability, even one that can only be known by fully understanding the code, it is just a matter of time before a motivated hacker would be able to find the exploit.

I know that I need to improve my skills. I need to be able to design software solutions to defend against security vulnerabilities. I need to innately understand secure coding tactics. I strive to be a competent developer in these areas. Where do I go to learn best practices without devoting my entire career to this expertise?

My preference would be to get regular (annual or semi-annual) training on the topics I need to improve or that most concern my industry. It would be great to be sent by my company for an uninterrupted session with security experts. Perhaps even better would be if I was able to work closely with a senior developer who was deeply experienced with security considerations. As I have said before, it is important to work in a job at which there are more experienced colleagues to learn from.

In my past experience, it seems that companies do not prioritize security enough. Sure, the boss may say that any new applications or modules must be “secure.”

The real problem, though, is that a lot of this was beyond developers’ abilities. Any reasonably sized company is going to have many developers who are good enough at writing code, but just do not have the security mindset.

From user “Dan Ellis” on StackOverflow.com

As developers, we must be pragmatic, finding the perfect balance between practicality and principles. In other words, if the boss says that an application must be secure, he or she is inherently making a tradeoff. The developer, with security as a requirement, must spend time researching what makes an application secure, how to make it secure, and then implementing the security. All this for features which are not obvious in the final application. Security features in a product usually go unnoticed (if done right) and tend to instead get deprioritized due to the pressures in the corporate world to write software on time and on budget. Additionally, developers are more likely to focus on things that they already know. Don’t you think the typical developer would be more likely to write “working software” on time with the thought that security could be added in later?

Of course this is a misguided approach, but who is going to be the catalyst for change? In my opinion, it is the responsibility of everyone involved in writing software to make sure it is secure. It is the responsibility of the company to ensure that secure practices are a part of the culture, that developers know security is a priority, and that developers are educated about best practices. It is the responsibility of the developer to ask appropriate questions about security and to raise concerns. The developer should also spend personal time learning about security vulnerabilities and how to defend against them.

I would have thought all the horror stories (e.g. here, here, or here) about software applications being hacked and security vulnerabilities causing chaos would be enough for companies to place a higher priority on security. It hasn’t worked, so I need help. What are the points of discussion to convince software development managers that this is a higher concern? Should I just tell them, “Hey, we need to pay attention to this if we don’t want to get sued?!?!”

Links:

Food for Thought:
One thing was pointed out to me from the DiscountASP.Net Knowledge Base that often times it is not a website’s security bug but instead that a developer’s machine was compromised and sites/names/passwords were scavenged allowing a hacker access to the hosted web application.

Herding Code Podcast #75: Barry Dorrans on Developer Security

The HaaHa Show: Microsoft ASP.NET MVC Security with Haack and Hanselman

Web Security Horror Stories (slideshow)

Filed under Careers Tagged with , ,

Which Platform is the Best for My Mobile App?

April 28, 2010 2 Comments

I am currently sitting at the Cincinnati Microsoft office attending the CINNUG Mobile Development FireStarter. This free training session covers how to create mobile applications for Android, iPhone, and Windows Mobile phones. I do not have any immediate plans to create a mobile application soon, so what am I hoping to get out of this session?

3 Highlights I Want to Learn Today about Mobile App Platforms:

  • Pros & Cons of different platforms
  • Enough knowledge to be able to manage an outsourced app developer
  • Insight as to which platform is emerging as the leader

Throughout my career, I have been heavily focused on Microsoft development technologies. Often times recently, I have wondered if I should branch out to other languages and platforms. I have not yet done this, but if I were to move into mobile development (something I have limited experience with so far), it would be an ideal time to jump on the best platform as opposed to using Microsoft without questioning the decision. Therefore, I am happy to take advantage of this training session and glad that the format will discuss 3 different platforms.

What Did I Learn?

The training is over and I have formed some conclusions while generating even more questions. Below are summaries of what I learned.

Pros & Cons of Different Platforms

If I want to sell a mobile application then I need to make a good decision for which platform to build it. Each platform has its own benefits so it is possible that each platform could be best for certain types of applications. Below are the high-level Pros and Cons for each platform:

Android

Android Nexus One

Photo by Spieri_SF
    Pro

    Quickly gaining popularity

    Open source    

    Con

    Uses Java

    Somewhat limited for game development

iPhone

iPhone Image

Photo by William Hook
    Pro

    Most Popular

    Same OS for iPhone, iPod Touch & iPad

    Con

    Development requires a Mac

    Uses Objective C

    Only distributable through the app store

Windows Mobile/Windows Phone

iPhone Image

Photo by Brooks Elliott
    Pro

    Familiar tools and language

    Mature – platform has existed for a while

    Con

    No physical devices for new platform version (7)

    Adoption is a downward trend

 

Enough Knowledge to Be Able to Manage an Outsourced App Developer

Realistically, I am not going to drop all my plans or projects to dive in and write an iPhone application. I have enough wisdom to know that would probably be a waste of time unless I really want to learn iPhone development or if I had a great idea for an app for which I knew there was a market. Therefore, I don’t need to know at this time how to develop a mobile application. I just need to understand the highlights.

I am trying to prepare for the moment when I have that great idea for a mobile application. When that happens, I don’t want to be clueless about the next steps involved. I want to have a good idea for limitations of current platforms, which technologies are emerging, and how to move forward getting the thing developed.

Ideally, I will someday “own” a mobile application. When the time comes, my plan is to hire someone to build it, but I do not want to be ignorant to what is involved. By seeing these demos, I have been introduced to developing mobile applications. If I want to learn the details, I know where to start. If I want to hire someone else to develop a mobile app, I can now intelligently discuss the project and properly vet the person’s credentials.

 

Insight as to Which Platform is Emerging as the Leader

Perhaps the most important aspect to deciding which platform to develop for is how popular it is. Simply put, the bigger the market that my application can reach, the more sales leads that can be generated. So which platform will the most users be running when my application is finished and ready to be sold?

At the time of this writing, the iPhone is the most popular of these 3 devices. 2nd is Windows Mobile, with Android placing 3rd.

Most importantly, iPhone users consume the most network bandwidth out of all smart phone users. I believe this is a testament to the high user engagement with iPhones and consider this a forecast of its future growth. Some industry experts have opined that Google’s Android platform will emerge as the leader given its “open” paradigm is more beneficial to developers. Still Microsoft’s upcoming release of Windows 7 Phones may tip the market share into their favor.

I am by no means an expert, but my bet would be that the iPhone will be the dominant smart phone platform for the next few years. The barrier to entry for users is low and it already has a head start influencing the industry. Everyone that has an iPhone loves it and everyone who doesn’t have one wants one. I don’t know a single person who is excited for any Windows Phone news and only a few who are aware of Android’s developments.

If Apple ever allows the iPhone to be used with wireless networks in addition to AT&T, such as Verizon, look out! They will have removed the biggest barrier left to everyone wanting one.

Which mobile platform do you see emerging? Which platform would you recommend? Your opinion is probably more informed than mine.

Filed under Technology Tagged with , , ,

Red Flags of Potential Employers

November 22, 2009 Leave a comment

Have you ever interviewed with a company that acted somewhat strangely?

Perhaps the company:

  • Acts reluctant to allow you to give two week’s notice to your (soon-to-be) former employer
  • Is more concerned with filling X position by Y date versus finding a great candidate
  • Has high turnover
  • Scores low on the Joel Test (“2010 Version”)

These are the highlights of my Red Flags of Potential Employers.

Let’s assume the current economic climate is causing abnormal strain on your company. Emotions are running high. Situations are tense. You say to yourself, “this must be how it is everywhere.” I have been in this situation and lived to write about it. In fact, I have specifically worked for companies that have guilted employees into working increased hours & being loyal to the company. To the employees, the poor economy offered zero options to flee. Therefore, the company was able to take advantage of the staff under the guise of encouraging them to aid the company in climbing out of struggling financial times, even though the company was stable.

Fortunately, there are some organizations that have their acts together. In the situation above, a forward-thinking company would have taken advantage of the wealth of talent available, while at the same time solidifying internal morale to retain a high-level of talent.

If you have decided to move on and are looking for said “forward-thinking” company, here are a couple tips to identify them:

Accelerated Projected Learning Rate

When evaluating an employer, it is very important to determine how easy it will be to learn there. This is true for senior-level developers as well as junior and entry-level. Hopefully, you will be able to gather some information about how easy it will be to learn while you are interviewing. An ideal sign would be that you are interviewed by a “lead” developer or you will get to meet the entire team. You want to find a senior-level developer that can clearly communicate. If you cannot find at least one person with a great mix of technical skill and the ability to communicate in-depth concepts clearly, Run!

Disclaimer: This may not apply if you are the one being hired to be that senior-level superstar. In which case, please comment below. I want to read your blog!

Think about how much easier it will be to learn and/or to produce quickly if there is a knowledgeable, experienced technician who is able to communicate solutions to problems. This is the type of person you want to have in your network, but working with him or her every day would be even better.

Existing Development Environment & Architecture

Often times, given varying external forces, developers are faced with situations where a solution seems like it creates more problems than it fixes. This happens at every company, causing the Development Environment & Product Architecture to concede trade-offs.

With this as a given, you want to determine the perspective of the employer toward the existing environment. You would like to see any issues acknowledged via a good communicator who can explain the historical decisions that led to the current environment as well as some of the drawbacks or advantages. It is not unreasonable to ask “what are some of the limitations of the development environment?” Nor to follow up with “what has caused those issues to linger?” You want to hear a clear, objective response that acknowledges the validity of the question as opposed to getting defensive.

The idea is to make sure that the employer recognizes that its system/process/environment is not perfect. It needs to be tended and maintained, just like anything else. If leadership already recognizes that, then it is one less thing that will fall on you to fix later. Also, you may learn that the development environment is rather impressive. If so, you probably want to work there, because you will be able to get more work done and look like a superstar!

Conclusion

All this advice is moot if employers do not want to hire you. Work hard. Stay abreast of new technologies. Work on your communication skills. You will be wanted by a great company, because they are out there!

Filed under Careers Tagged with , , ,

Newer posts

Follow

Get every new post delivered to your Inbox.