How to Make a Whiteboard Wall for your P90X Workout Calendar

A computer scientist is writing about health, so I know you’re thinking this must be one of those New Year’s Resolutions posts in which I talk about how I need to get myself into shape. Is that what this post is all about?

While we’re discussing it, here are my health-related New Year’s Resolutions for 2011:

– Lose weight to less than 205 lbs by end of February

– Reduce cholesterol by the end of January

– Run a half-marathon by August

– Dunk a basketball in a pickup game

 

Yes. And No.

You see, I’ve already begun to whip myself into shape since the 2nd half of 2010. Specifically, I’ve been using the P90X workout routine and have been pleased with the results. Sure, recompositioning fat into rock-solid muscle may seem like the end goal, but for analytical folk like you and me it is not the only reward. My wife allowed me to dedicate an entire wall in my workout room to track which exercises I completed, how many reps, how much weight I used, and my goals. It’s a real-life data dashboard!

If you share my excitement for tracking progress, doodling, or staring at reflective surfaces, you may want to know how I did it. p90x whiteboard wallHere’s how:

  1. Determine a wall in one of your home’s utility rooms (e.g. office, workout room, basement) which is segregated from normal clutter.
  2. Purchase Dry Erase wall paint. I used Rust-Oleum and I recommend it. The price was right and I have had 0 complaints.
  3. Follow the directions on the label of your paint to apply it to your wall. The highlights of my process were:
    1. Prepare my wall by sanding rough spots and wiping off dirt.
    2. Dry Erase paint comes with 2 separate cans of different paint mixtures. I had to mix them both together before the next step.
    3. Apply a coat of the mixture as you would with any paint. I used a roller and a brush after taping the edges of my wall.
    4. Recoat if necessary. In my case it wasn’t.
    5. Wait a few days before writing on the wall with Dry Erase markers.
  4. Next is the part where the data comes into play… Look over your P90X workout calendar and map it out on the wall. Leave space to fill in the blanks for each workout.
  5. As you go through each video, especially those involving lifting (e.g. Chest & Back, Shoulders & Arms, Legs & Back), Tony will tell you to write down your results. Take action on his advice.
  6. Each week you can look back on what you have accomplished previously as your baseline. Since we’ll be getting better and stronger every week, our baseline changes frequently. A white board is the perfect vector for storing our results!
  7. After a couple weeks of doing the exercises, I recommend setting goals for each exercise. For my whiteboard, I used blue marker to record my most recent accomplishment and red marker to set a goal for myself at the end of the 13 week schedule

    Results and Goals.

 

The only step I left out was purchasing the P90X videos if you have not yet. Otherwise, that’s it!

I’m still learning a lot about working out and eating right. Hit me up in the comments or on twitter if you want to discuss.

Looking for extra motivation? In Tim Ferriss’ 4 Hour Body, he shares a story of Richard Branson, the ridiculously successful head of Virgin Group, and how he remains productive. His short answer: “Work out.”

Many of us have a habit of lounging around when tired, especially after a long, stressful day of work. I know this can be a default activity for me at times. However, we must all acknowledge that the best way to reach our goals, both physically and mentally is to work out if there is still time in the day. I realized this on my own a couple years ago, that if I force myself to get my blood pumping, even by doing something as simple as jumping rope for 5 to 10 minutes, I will feel re-energized and ready to be productive. Keep that wisdom with you when thinking about lying on the couch and turning on the television.

Additional Links for setting up your workout room:
http://www.beachbody.com/product/fitness_gear/p90x_gear/p90x_chin_up_bar.do (But I recommend getting a cheaper option)

Contrasting 2 Job Rejections

Job interviews have 2 purposes: the 1st being the need for a company to evaluate a job candidate and the 2nd being for the candidate to evaluate the company. Far too many interviewers forget the importance of the latter.

In my experience, I have several interesting stories regarding interviews from both sides of the table (candidate versus interviewer), but 2 personal stories stand out from my job search. Both of them involve the same outcome, rejection. However, the 2 companies could not have been less similar in the process that got us to that outcome.

(Photo by bpsusf)

Job Search 1.0

After graduating college years ago, I did not have a job lined up for me. To overcome this, I admittedly began applying to jobs with brute force. My resume got fired off to any ad in the newspaper, whether I was qualified or not. Being inexperienced with the job search process, I was also fairly unorganized. I commonly received follow up phone calls from companies that I didn’t recognize. One such company was headquartered in Westlake, OH. Despite my confusion about how I applied, my lack of knowledge of the company, and general stumbling behavior, I was invited to a job interview for a technical support position.

At the time I was naïve. I had prepared for behavioral interview questions such as, “what was an example of a conflict you have resolved?” but I had not prepared for a technical interview. I did not realize that this type of interview would be a comprehensive test of everything I learned during school. As a result, the interview did not go well.

I failed to answer 70 to 90 percent of the questions delivered to me. I was in way over my head and so were the interviewers. There were 2 men on the other side of the table, firing basic undergraduate level computer science questions at me. With each of my failed attempts, they reacted with impatience. I could see them trying to hold back the disgust and frustration from such a miserable process. Near the end, I asked a canned question: “what are the next steps?” While 1 of the men tried to be professional, starting with “we’ll get back you if…” he was immediately cut off by the more senior employee with the statement “I don’t think so.” I suppose that was his idea of a rejection letter.

Clearly, I did not make a good impression with this company. Had I realized that I could not simply go into a technical interview and wing it or had I done some review of the syntax, definitions, and algorithms from my previous terms I would have passed the test. I just hope I didn’t end up on The Daily WTF. The result was demoralizing, in a good way. Just as clear as my incompatibility with the position was the unprofessionalism of the company. My embarrassment motivated me to get my act together. After I did, I knew better than to send this particular company another job application.

Job Search 2.0

Much more recently, I applied to Fog Creek Software with an excellent cover letter and resume. In case you have not heard of Fog Creek, it is an exclusive company in New York, known for hiring elite programmers. The CEO is Joel Spolsky, about whom I have referred multiple times on this blog. Perhaps I should not have been surprised, but I received a cleverly written response in the form of an email inviting me to have a technical phone interview with a Fog Creek developer. I became extremely excited and began to prepare for the interview immediately. Because Joel is so open about his interviewing techniques, I knew that I had to re-learn the C programming language, so I spent the few days I had reading as much as I could and writing some sample programs.

Despite my preparation, I struggled mightily during the interview. I fielded difficult questions designed to eliminate a high percentage of applicants that were qualified based on their resumes. The questions were not completely foreign to me, but I wasn’t able to internalize C programming to the degree I needed to in order to answer these abstract questions quickly. Consequently, I received a pleasant rejection letter about a week later.

In contrast to the 1st story, the interview with Fog Creek was a much more enjoyable experience. Throughout my struggles answering questions, the interviewer remained patient and calm. He seemed to grasp the importance of being a professional vector for the company to the outside world. When I struggled, he rephrased the question. I am pretty sure he even ended the interview early, but I have no problem with that. Why should he continue to waste either of our time? Despite ending the technical part of the interview early, he thoroughly answered all my questions about the company and sent me off with a cheerful blessing. As a result, I still speak highly of Fog Creek Software and would recommend other software developers to apply there.

Lessons Learned – Job Interview Tips

When performing job interviews, I urge you to place importance on making a good impression for your company to all job candidates. Being professional and courteous leads to positive word of mouth, which in turn leads to a better array of candidates. To remind my readers and myself of this goal, here are some tips to remaining professional during a candidate’s train wreck:

  • Be patient with failing interviewees. Let them answer questions at their own pace. At a certain point, try rephrasing the question before moving on.
  • Smile and be friendly. Think of the interview as an opportunity to have an intellectual conversation. There will likely be something you can learn from it.
  • Finish short if necessary, but do not do it abruptly. Find a good breaking point after a fair minimum amount of time (for me this is usually 15 to 20 minutes). Politely mention that your questions are finished but that you are open to fielding questions from the candidate. Field those questions as you would to any candidate.
  • Send a rejection letter to rejected candidates. Do not just remove them from candidacy without informing them.

Analyzing my Choice of Attending Ohio State

It’s that time of year

We are into the heart of college football season which means I have a date with the television every Saturday around noon to watch my Buckeyes. Can I blame the inconsistency in my blog-posting schedule on football season? I suppose so, but I made a 2010 football season resolution to not make stupid excuses.

In spending so much time thinking about the Buckeyes football team, visiting campus, and discussing school among friends I have recently begun to reflect upon The Ohio State University and whether or not it was the best choice of college for me. While in school, I generally knew that those would be the best days of my life. Ohio State meant a lot to me and I had even gone as far as referring to it as “the Greatest University in the World.” Looking back, it was definitely an excellent choice, but could I have done it better?

To properly analyze the decision means to review the benefits and drawbacks to my personal career and education situation.

The Great

Let’s start out with the obvious. Ohio State has an elite athletics department. At the time of this writing, it is one of the few universities to win a Division I championship in each Baseball, Basketball, and Football and is the reigning 5 time Big Ten Conference football champion. Although it may not seem important in supporting my career, the prestige of the program has made it convenient to connect or keep in contact with fellow alumni. I have yet to meet a fellow Ohio State graduate who did not care about the direction of the football program, providing for a useful icebreaker.

Speaking of alumni, did I mention the sheer size of Ohio State’s Undergraduate class? It is routinely ranked in the top 5 in the nation, sometimes as high as 50,000 students enrolled. Such a high number of students yields a high number of alumni, many of whom have taken jobs at leading companies or have established networks in remote locations. Fellow alumni are more likely to network and pull favors than some other successful stranger.

(OSU alumni have a tradition of taking pictures of this O-H-I-O formation in exotic locations)

(The Columbus Skyline – by voteprime)

With Ohio State being as huge as it is it must accommodate a wide range of needs. The University offers diverse majors, libraries, science & computer labs, and recreational facilities. Essentially, if you can think of a resource that should be available for students, you will be able to find it somewhere on campus. The problem is that many students do not realize what is available until it is too late. Perhaps a more specialized school would not run into this issue.

When I attended OSU, it was ranked respectably in its Computer and Information Science (CIS) department. The program provided a fundamental knowledge of theoretical computer science concepts. According to this site, Ohio State’s Engineering & IT ranking is 157 in the world.

A subtle benefit to Ohio State is the location. Although Columbus, OH does not boast many geographical advantages (it is flat with limited bodies of water), its development has been well-planned and it is of considerable size. Contrasting Ohio State with other schools, like Ohio University, which is clearly the primary attraction of its city, residing in Columbus enables students to find quality careers, co-ops, and interests without traveling a great distance.

The Disappointing

I am proud to be a Buckeye and I still live in Ohio. However, I would like to think that I am objective about the school’s educational program. In my time on campus and afterward, I have met some truly elite individuals. Unfortunately, the curriculum is not as challenging as it is at prestigious academic institutions. Therefore, the average undergraduate student is not very motivated. To draw on a previous point, students at Ohio State have incredible opportunity for success due to vast resources, but in order to take advantage of opportunities requires serious self-discipline.

During my early years at Ohio State (99-01), it was disappointing to realize that the school was more well-known for “riots” than for any of its brilliant research. It seemed as though any off-campus party involving multiple houses quickly turned into an angry mob throwing beer bottles at COPs. Going to class the next week I could hear the frustration in my professors’ voices that their hard-work had translated into negative national headlines.

My biggest regret about choosing Ohio State involves the aforementioned limited geography. Ohio State is located in Columbus, Ohio, right in the middle of the Midwest. The following big cities are within a 3 hour drive: Detroit, Indianapolis, Cincinnati, Cleveland, and Pittsburgh. While convenient for those wanting to visit 5 NFL teams within a short drive, it is not exactly close to any technology hotspots such as San Francisco, Seattle, Boston, nor even Chicago. Additionally, the region lacks exciting recreational activities. There are no beaches, mountains, nor warm days in November. If I could search for colleges again, my new strategy would be to at least research gorgeous campuses in exotic locales. I have heard Pepperdine University is one example of such a beauty as opposed to the “concrete campus” that was my destiny.

 

Having graduated and entered the workforce, I look back on my decision to attend Ohio State with satisfaction. Although there were some drawbacks, its size helped me stretch my capabilities socially and introduced me to a vast network of professional connections. I wouldn’t be the same person if I were not a Buckeye.

5 Career Lessons Learned Planning My Wedding

My wife and I were married in July two years ago (2008). We had a fairly large wedding, by our standards, which involved many nights spent planning, collaborating, and organizing. The list of tasks that needed to be completed seemed never-ending. To manage them, we used a website that listed them out month-by-month, letting us know when our progress had slipped (e.g. having not yet chosen our center-pieces 8 months prior). Little did I know that we did not have to do every little thing that the website specified…

Looking back on that wonderful night, I realized that I learned a great deal from planning such an important event. Much of what I learned will help me in my career. Below are the highlights.

1. Prioritize

Often times in America, planning of a wedding begins moments after the excitement of the engagement quells. Coming from a male perspective, this is amazing. We spend our time planning to “pop the question”, and then as soon as we do, it is as if the floodgates of wedding expectations and desires open right up. From that point forward, the giant list of preparative tasks stays at the fore-front of our minds. Ever-growing. Never shrinking.

As overwhelming as the list may be, it can be managed through prioritization, by sitting down with your fiancee and discussing those items that are the most important. This exercise leads to a plan that can save you money and time, by realizing which items can be purchased for less money, which items can be delegated, or which items can be left uncompleted.

In addition to the list of known tasks, there will be issues. For example, the color of my vest that I wore on my wedding day was incorrect. It was white when it should have been ivory. I, of course, didn’t notice until it was too late. It was not a big deal. Things like this will happen in weddings and in your career. As long as it does not affect your top priorities, do not let it stress you out. There will be a time and place to resolve such issues. That time is not during your wedding day.

Think of this scenario in the business world. You and a team are working toward a Big Hairy Audacious Goal and it feels as though processes are becoming disorganized. You feel like you have to do everything or you will be a failure. This is simply not true.

Take a step back and evaluate the most significant goals and tasks with your core group. Focus. Make sure to proceed with only those items that will bring progress to your primary goals. If you can achieve them, you will be successful even though things may not be perfect.

2. Outsource

Most people, when planning for a wedding, still have a life to live. They have a full-time job, a social life, family obligations, school… Time management becomes crucial. When wedding planning, you must realize that your time is important, because only you (and your fiancee) can make many of the important decisions. Instead of performing all the work yourself, you MUST delegate/outsource. In my case, I thought I wanted to have complete control over the DJ’s playlist. However, I soon realized that I just wasn’t going to be able to create a complete playlist and also accomplish my bigger goals. “Leave it to the DJ,” I said. “He is a professional, afterall.”

Hopefully you will find that family and friends offer to help with wedding preparations. Perhaps your initial instinct is that you do not need it. I advise you to find a way for them to help. Practice your delegation skills. Remember, your time is critical. If you can relinquish a little bit of control to allow someone else to help, you will have more time to work on the truly important aspects of your wedding. Besides, if you try to do everything yourself, it’s not going to turn out perfectly anyway, because you will run out of time. At the end of it all, make sure to let your helpers know how appreciative you are that they were able to contribute.

At the workplace, how many times have you found yourself working on a rote task because it was easier to perform yourself than to teach someone else how to do it? Please discontinue this dangerous habit! If you are working toward a tight deadline, you must have enough time to do those things that only you can do. Delegate. Outsource. Allow someone else to concentrate on those tasks that you work on just to get them out of your way. He/She may even be able to do them better than you can.

3. Overcommunicate

An important aspect of outsourcing is communication. Most likely, the biggest reason we avoid delegation of tasks is because we fear that the task will not be completed satisfactorily. This is a valid fear. Vendors, colleagues, and friendly helpers all have their own ideas and biases. Without appropriate direction, they will run with them until told to make changes (which will be too late).

Therefore, when planning a wedding or directing a project in our careers, we must overcommunicate. We cannot assume our helpers know what we want. You may not even know what you want right away either. Just make sure to follow-up with them. Express your concerns clearly and with objectivity. Explain how your tastes have changed. Remember, in most cases, you are dealing with professionals. They are skilled in taking an idea and creating something tangible. However, they cannot read your mind.

4. Disrupt Your Comfort Zone

This one is the most important.

There were many, MANY things that I had to do for my wedding that I simply did not want to do. In other words, if I could have avoided uncomfortable obligations, such as giving a speech at the Rehearsal Dinner or having to entertain during the Garter Toss, I would have. However, I would not have realized at the time how much I was missing. Looking back, the uncomfortable times created the memories and stories worth re-telling. Additionally, the uncomfortable efforts gave me experience doing things I was not used to, ultimately giving me more confidence no matter the endeavor going forward.

Ever since that night I have made a concerted effort to try and push myself outside my comfort zone. The book The Think Big Manifesto refers to this as “Getting Comfortable with Discomfort.” I admit, I have not made as many strides as I would have liked in this area. Why? Because doing things outside your comfort zone is HARD! By definition, it means doing things that are uncomfortable. Then, once you have mastered those so they are comfortable, finding new awkward things to do. Without a catalyst or a deep-rooted goal, most people will slip into a rut of comfort.

In the case of a wedding, finding that goal can be simpler. It might be to “have the best time possible,” to “show our family how much we love them,” or to “actually look half-decent while dancing.” In our career and our life, it is much more difficult to find motivation. I encourage you to do some “soul-searching”. Determine what it is you truly want from life and begin moving forward by living outside your comfort zone. If you cannot settle on a worthy goal, I recommend making a list of things that you feel like you should be able to do but have never done.

Here are a couple things on my list:

  • Sell Something
  • Talk to a Stranger in a bar (Sober)
  • Babysit
  • Medium-Sized Home Improvement Project

Perform one a week. Perhaps it will open your mind to new possibilities. I will post my progress on this blog as well.

5. Connect

There is no better time to let someone know how special they are than right now. Ok, so this isn’t necessarily career advice, but it does come into play. If you appreciate someone, let them know. Right now. In person. You will be glad you did. You will feel better about spending many hours at work knowing the people you love know you love them.

Some people find this difficult, including myself. If you are one of these people, or for some other reason you would like to say “Congrats” or “I’m Sorry” or “I Love You,” but you can’t or don’t know how, browse to my website, Viternus, which is exactly for situations like this. Create a message that can be delivered at a later date. Perhaps that will take off some of the pressure.

Conclusion

By the end of it all, we had made mistakes and left things unfinished. But guess what! I still consider the event a success. As long as our core group (i.e. my wife and I) are focused and aligned with what we want, it is possible to have success even though everything is not perfect. I will strive for this type of success throughout my life and career.

Why are there no programming books at the bookstore?

This post was written over a year ago based on frustrations of not finding good .NET materials at the bookstore. It is being published as a bonus post now after finally completing it.

A little about me:

– I live in the Midwest
– I like to program at bookstores
– My favorite band is Huey Lewis & the News

I like programming at bookstores. Armed with a laptop and earplugs, I find myself at my most creative and in flow when I am around interesting resources. Browsing a few technical or business books, my mind quickly reaches hyper-active problem solving mode. To play off the ancient proverb, when I find my hammer through reading, I immediately notice all the nails I have to pound.

In the Cincinnati area, Barnes & Noble and Borders are the most predominant bookstores with Joseph Beth coming in a distant 3rd. Bookstores are nice because they are open relatively late (compared to libraries), have coffee bars with Internet, and have seemingly infinite resources on a variety of topics (as compared to Starbucks). At least, they “had” a variety of resources. It seems over the last couple years these large scale bookstores have been phasing out the acquisition of new tech books. It used to be that I could go to the bookstore and utilize the books to do legitimate technical research. Now, it seems that only the heavily mainstream books are on the shelves.

In late 2008, when I should have been seeing books about the Entity Framework or Sync Framework soon after they came out, I did not find anything except on Amazon. The lack of books on new .NET frameworks continued when ASP.NET MVC came out and no physical copies could be found. My strategy used to be to check Amazon to see when new books were about to be released and then to travel to Borders on that day to perform the research I needed. Or sometimes I would browse the books at the store to determine if any were worthy of buying. For those that were, I then bought them on Amazon because they were much cheaper.

Unfortunately, the trend has continued. I am hard pressed to find any interesting books (or those that I have not read already) in the “Computers – Programming” category. And this used to be the key differentiator to me from the coffee shops on every street corner.

I realize that I may not be the ideal customer in the eyes of the bookstore. I have learned not to buy any books from them and commonly use the free Internet provided. However, I at least make a conscious effort to purchase an overpriced beverage every time I abuse the store’s resources.

With the above changes comes my growing disappointment. I miss having a central place to do research, skim random books, surf the Internet, energize myself with caffeine, and watch people. I don’t believe I can get that just from the Internet at home or a coffee shop. Additionally, I prefer to learn through reading books versus through the Internet, mainly because they tend to cover a wider spectrum of knowledge. Usually, a book goes through the basics to the intermediate and then the advanced. Books tend to contain straight-forward walkthroughs, executive summaries, and theoretical concepts. In contrast, the Internet tends to have very specific blog entries that solve a particular problem. When researching this way, I am forced to “jump right in” instead of following a complete tutorial targeting varying experience levels. It can be difficult to find high-level descriptions about a technology and why it is useful.

Is it useful to complain about a problem for which I am not offering a solution? I don’t know. I assume the bookstores are not making very much money by filling their inventory with programming books. Or perhaps authors are no longer producing content in the form of physical page turners. I just hope they know that the technology and programming books were a small part of the overall experience which caused me to buy their coffee. I guess attracting my “type” wasn’t worth it for them.

Perhaps when I win the lottery, I’ll unleash my solution to the dying bookstore industry. More on this in a later post…

Let’s Raise the Standard of Security Knowledge

What is the best way to raise the standard of developer knowledge in the area of security best practices?

Security Skill Improvements

Photo by CarbonNYC

I ask because this is a particular pain point of mine. Personally, I must admit I am not where I should be with programming securely. However, I am definitely experienced enough to be able to spot obvious security issues in a software application. Not a month goes by, not a month, in which I do not stumble upon some basic security vulnerability in code I am maintaining or have to instruct a colleague why a particular implementation could be catastrophic. Do others feel this way about code I have produced? I hope not.

I practice some of the basics:

  • No SQL Injection Vulnerabilities
  • No Cross-Site Scripting Vulnerabilities
  • No storage of passwords in configuration files
  • No delivery of sensitive information in plain text

How can we make sure that any developer who puts new code into production knows these standards at a minimum?

I don’t want to have to teach someone again that in-line SQL is bad or that user input can’t be trusted. I don’t want to be able to look into a database and see actual user passwords strewn about. It’s not that I don’t enjoy teaching others about these things; I do very much enjoy teaching. It’s that I shouldn’t have to. There should be a minimum security skill set that any developer should have before getting paid to program.

My frustrations with this problem have been present for years, yet they have not led me to any solutions. How do we teach young developers about security? Assuming every company hiring entry-level developers had an orientation at which best practices were taught, it would still not be long before the next generation of hacks evolved and new security knowledge would be necessary. Which begs the next question, how do we all stay abreast of the most relevant security best practices?

As noted, I am not a security expert. However, I think I am often able to think about how someone could manipulate a system as I am writing code for it. Unfortunately, I tend to only notice these vulnerabilities because I am intimate with the code. My philosophy is always that if there is a vulnerability, even one that can only be known by fully understanding the code, it is just a matter of time before a motivated hacker would be able to find the exploit.

I know that I need to improve my skills. I need to be able to design software solutions to defend against security vulnerabilities. I need to innately understand secure coding tactics. I strive to be a competent developer in these areas. Where do I go to learn best practices without devoting my entire career to this expertise?

My preference would be to get regular (annual or semi-annual) training on the topics I need to improve or that most concern my industry. It would be great to be sent by my company for an uninterrupted session with security experts. Perhaps even better would be if I was able to work closely with a senior developer who was deeply experienced with security considerations. As I have said before, it is important to work in a job at which there are more experienced colleagues to learn from.

In my past experience, it seems that companies do not prioritize security enough. Sure, the boss may say that any new applications or modules must be “secure.”

The real problem, though, is that a lot of this was beyond developers’ abilities. Any reasonably sized company is going to have many developers who are good enough at writing code, but just do not have the security mindset.

From user “Dan Ellis” on StackOverflow.com

As developers, we must be pragmatic, finding the perfect balance between practicality and principles. In other words, if the boss says that an application must be secure, he or she is inherently making a tradeoff. The developer, with security as a requirement, must spend time researching what makes an application secure, how to make it secure, and then implementing the security. All this for features which are not obvious in the final application. Security features in a product usually go unnoticed (if done right) and tend to instead get deprioritized due to the pressures in the corporate world to write software on time and on budget. Additionally, developers are more likely to focus on things that they already know. Don’t you think the typical developer would be more likely to write “working software” on time with the thought that security could be added in later?

Of course this is a misguided approach, but who is going to be the catalyst for change? In my opinion, it is the responsibility of everyone involved in writing software to make sure it is secure. It is the responsibility of the company to ensure that secure practices are a part of the culture, that developers know security is a priority, and that developers are educated about best practices. It is the responsibility of the developer to ask appropriate questions about security and to raise concerns. The developer should also spend personal time learning about security vulnerabilities and how to defend against them.

I would have thought all the horror stories (e.g. here, here, or here) about software applications being hacked and security vulnerabilities causing chaos would be enough for companies to place a higher priority on security. It hasn’t worked, so I need help. What are the points of discussion to convince software development managers that this is a higher concern? Should I just tell them, “Hey, we need to pay attention to this if we don’t want to get sued?!?!”

Links:

Food for Thought:
One thing was pointed out to me from the DiscountASP.Net Knowledge Base that often times it is not a website’s security bug but instead that a developer’s machine was compromised and sites/names/passwords were scavenged allowing a hacker access to the hosted web application.

Herding Code Podcast #75: Barry Dorrans on Developer Security

The HaaHa Show: Microsoft ASP.NET MVC Security with Haack and Hanselman

Web Security Horror Stories (slideshow)

¡No Firmen!

Who remembers that famous scene at the end of The Goonies in which Rosalita finds Mikey’s marble bag full of jewels and instructs Mr. Walsh not to sign the contract? “¡No Firmen!” she commanded, which Mouth translated to “No Sign!”

My duty today is similar to that of Rosalita’s. Today I warn you about signing employment agreements and other contracts when starting a new job without using the leverage that you have. No Firmen. No sign…

10 years ago, Joel Spolsky posted “NDAs and Contracts That You Should Never Sign.” His basic advice was to never sign Non-Disclosure Agreements (NDAs) that had a non-compete or non-recruitment clause. Much of his advice is still valid.

Think about how you feel on your first day at a new job. Most people get stuck in “sponge mode.” They are absorbing every piece of information and perform every task they are told. At some point in the day, you meet with the Human Resources contact to fill out and sign a collection of paperwork. Among these is the Employment Agreement (also called other names such as Employee Contract or Company Handbook), which may contain the aforementioned clauses. You are in the habit today of following orders, so you read through the paperwork and sign it, despite your conscience telling you not to.

 

¡No Firmen!

Often times the contract you signed is harmless. You don’t plan to scavenge through your new company and recruit all the best employees for another company. You have never in your history divulged company secrets to competitors for sport. So you think you have nothing to worry about. You figure that you can just sign the document and everyone will be happy.

I have made this mistake before, and to be honest, I still survived. It has caused me some inconveniences over the years though, and I do not like the sneaky, yet fairly standard, methods that companies use to get new employees to sign.

When you are sitting there on your first day hovering over a contract, you probably do not know what you should do if there is language that you would prefer not to commit to. First of all, you should be able to take the document and consult a lawyer if you would like. A company that does not allow this is purely shady. But what if your lawyer instructs you not to sign it? Do you force your brand new company to change it or you will quit? Almost no one I know would feel strongly enough about signing a contract to threaten to quit her job. Most people fear that even making that threat would indicate to their new employer that they are planning to breach the contract, true or not. “How embarrassing would that be?” they think to themselves.

Your employee rights generally entitle you to negotiate employment contracts and agreements. An attorney will help you, if you don’t feel comfortable negotiating on your own. However, some employers might not be willing to negotiate one or more of their standard employment contracts or agreements.

Subsequently, be aware that, although it’s your right, attempting to negotiate an employer’s employment contract or agreement is effectively the same as declining the employer’s initial offer through a counteroffer. If the employer rejects your counteroffer, then the employer might not be legally obliged to again make the original offer.

from “About Employment Contracts and Agreements

As described above, if you attempt to negotiate the contract, it may void the employer’s initial offer. This is scary territory, territory that I would like all my readers to avoid where possible.

Instead, new employees must use the leverage they have before they lose it. In other words, if you wait until the day you start your new job to review any contracts you might sign, you have waited too long. Your leverage is greatest before you have accepted any offer from your prospective employer, especially if you are currently employed.

 

“If we don’t do something now, there’s going to be a golf course right where you’re standing.”

After you receive a job offer, a couple of thoughts should go through your mind. Leading the pack might be:

  • “Is this the salary I want?”
  • “How much notice should I give my current employer?”
  • “What does the benefits package include?”

Next in your mind should be “What rights do I have to sign away when starting the new job?”

When discussing your offer is a great time to ask about this. Be up-front with your contact at the new employer and ask if you can see the agreements or contracts you will have to sign when you start. You can then review the contracts and negotiate if necessary. At this point, you have not given notice to your current company, so you have little to lose (even in the worst case) if you choose not to sign the contract. Sure, the new employer could rescind its offer, but at least you can continue working your current job until you find another one. None of your current colleagues or bosses will be the wiser. It sure beats the feeling of helplessness on your first day, doesn’t it?

 

“No Pen. No Write. No Sign!”

By asking to see employment agreements up-front, you can reduce your risk of being trapped in a clause that concerns you. I see no downside to asking a company for this information. However, I do not necessarily recommend disputing any contract you might disagree with. You must weigh the benefits versus the risks of renegotiating any contract.

With that in mind, please help to spread this knowledge to friends and colleagues, especially those that have technical careers. Employees get “tricked” into signing unfavorable agreements often, yet it only takes a little preparedness and forethought to avoid them. And since you’ve already committed to reading this blog post, I need you to go ahead and sign my petition below. Don’t worry about the consequences. It’s harmless.

 

Sign Here to Remove

image by Kapungo

Update: For more information regarding employment contracts, see this great article
What Every Employee Should Know About Non-Compete Non-Solicitation Contracts.

Stealing Away For Product Development on Vacay

This week I am on vacation at an all-inclusive resort in Mexico. With me is my family: mother, step-father, wife, and sister. I look forward to rest and relaxation in the sun.


Photo by Gerriet

The Big Idea

Here’s the weird thing, being away from a computer for a week is not relaxing given my current perspective of the world. The best vacation I can have right now obviously includes spending quality time with loved ones. However, I spend so much of my life trying to carve out time to work on side projects that a part of me feels like this week should be no different. Given that the resort has free Wi-Fi and my wife is taking her laptop, I have several types of tasks in mind that should make it easier to be as productive as possible without neglecting the opportunity to experience Mexico.

  • Work on the soft tasks
    • I am writing this blog post on a piece of paper on the plane
    • Think about/write down marketing message
    • Think about what kind of influencers I need to contact about my product
    • Refine my elevator pitch
  • Brainstorm
    • Interact with and observe people
    • Print out blogs that I have been meaning to read (often times, reading something short provokes creative ideas)
  • Get Feedback
    • I’m spending a week with my family, so guess what, they’re going to have to hear about my ideas at least once
    • Listen to their feedback
  • Work on the product (if possible)

Many of these tasks do not require anything more than conversation and time for reflection. Others only require a pen and paper. But when can I work on product development and/or communication with the outside world via email and the Internet? How can I make sure that I appropriately limit when and how I perform this work?

General Strategy 1: Limit Alcohol Intake

Maybe I sound like a party pooper but I plan to heavily restrict my alcohol intake this week. It is time to make the decision that I would rather feel all the time than to feel great while enjoying a buzz but tired/worthless the next day. The ultimate goal of this decision will be to harness as much energy as possible and to be awake when other family members are taking naps, etc.

General Strategy 2: Take Advantage of the Inequity of Preparation Times

Let’s face it. In most circumstances, men are able to spend less time getting ready for a night out than women. It is certainly true in this group’s case. My plan will be to get ready quickly and then get some work done while I wait.

General Strategy 3: Leverage the Cell Phone

Our resort ostensibly has Wi-Fi throughout its campus. I will therefore use my cell phone to access my e-mail and perform simple Internet queries through Wi-Fi access. This will limit any exorbitant roaming charges and will allow me to look less like a Dufus while surfing the Net by the pool-side.

Results (1 Week Later)

I must be honest. After a week of trying the above strategies, the report is that I did not have much success. I was hoping to be able to use my wife’s computer for some development work but technical difficulties quickly thwarted that goal. This left the soft tasks to be accomplished, which did not occur either. Believe it or not1, when I was lounging around the pool-side in the sun, with extremely easy access to fun, alcohol, and jovial conversation, I was not exactly writing down any golden blog posts nor stellar website copy. In summary, peer pressure worked this week.

There were some accomplishments. I focused my plans going forward and broadened my perspective. I also was able to read The 4-Hour Workweek by Timothy Ferriss. Somehow, reading a book by the pool was much more acceptable than sitting in the room on the computer. It gave me some great ideas on how to push forward as well as the confidence to do it.

Surprisingly, my cell phone received a good 3G signal, allowing me to send multiple productive emails and to stay up-to-date on twitter. This was nice given that the Wi-Fi was choppy anywhere that was not my hotel room and that I was then able to perform these tasks in taxi cabs, etc. [Update March 17: I should not have been tempted to use my data plan Internationally even though my phone gave me no indication that I was roaming. It cost a considerable amount of money which is what I was trying to avoid. Lesson learned.]

Looking back, I tried to attack the week with an intense level of energy that would allow me to enjoy vacation but to also be productive with “spare time.” The other vacationers in my family had no intention of exhibiting such energy level and were somewhat hurt by my attempts to get away. I have not learned much about how to be self-motivated and productive while also being engaged in the vacation with my family. Do you have any ideas about how I could have done this better?

 

1 Note the sarcastic tone beginning now.

King for a Day – My Visit to Zappos (Part 2)

In my last post, I discussed a very stimulating tour of the Zappos headquarters.

In this post, I discuss some of the perks of the Zappos work environment.

During the tour, I found myself checking off items in my head from my imaginary list of things needed in a dream workplace1 :

They provide the essentials for sure. You will definitely see me write about many of these key components of a great work environment throughout my blog entries.

Allow me to start with my favorite perk of working as a developer at Zappos, Adjustable Desks. I hope you can make out the picture that I took from my phone. In it, you can see a worker that is standing while working. I did not see anyone adjust his or her desk, but I understand that this can be done easily.

I can only imagine how much more comfortable this must be while working. One of the biggest drawbacks to being a developer is the health issues that can arise from sitting at a desk in front of a computer for long hours. Carpel Tunnel Syndrome, limited physical activity, and bad posture can be at least partially alleviated by Adjustable desks. Perhaps I am especially sensitive to the adjustable desks because I am fairly tall (6 feet 4 inches) and am often defaulted into using disproportionate desk furniture. Corporations do not want to purchase custom chairs and desks for each individual worker so a one-size-fits-all strategy is taken, which is no help in creating comfort. I can understand the need for saving money in this way. Alternatively, Zappos has made the definitive statement that they care about employees’ comfort by allowing the flexibility to work on a desk of any height. If I had this opportunity, I would sit comfortably before lunch and stand while working after lunch, helping me to both keep good posture and to stay awake. I appreciate a company that felt this was important even knowing that employees will occasionally be tempted to dance while typing.

My commonly observed theme was a high level of interaction between employees. Although there are numerous obvious benefits to this, my original notion was that it would be extremely difficult to get much work done on an individual level, as I alluded in Part 1 of this blog post. After all, to accomplish great work, knowledge workers need time without distractions:

We all know that knowledge workers work best by getting into “flow”, also known as being “in the zone”, where they are fully concentrated on their work and fully tuned out of their environment. They lose track of time and produce great stuff through absolute concentration…trouble is that it’s so easy to get knocked out of the zone. Noise, phone calls, going out for lunch, having to drive 5 minutes to Starbucks for coffee, and interruptions by coworkers — especially interruptions by coworkers — all knock you out of the zone. If you take a 1 minute interruption by a coworker asking you a question, and this knocks out your concentration enough that it takes you half an hour to get productive again, your overall productivity is in serious trouble.

—Joel Spolsky, Fog Creek Software
(from Where do These People Get Their (Unoriginal) Ideas?)

What I had not realized is that I had this thought before seeing the development department, which was in a second building detached but right outside the main building. In my opinion, this separation was a crucial element to Zappos’ success.

Many departments work differently. Some require heavy collaboration and outright noise. Others are responsible for cheering whenever a tour walks by. A development department cannot survive if such distractions are omnipresent. It will never be as productive as it should be.

I cannot say I got the full experience of what the development department was like just by walking through it. However, in general, the second building was much quieter than the main. Employees working in the second building receive the best perks from both buildings because it is still easy to hop over and get a fix of the different energy of the main building when necessary. Whether it be the need for a game of ping-pong or reflecting with Dr. Vic, it must be nice to know that these options are available but do not get in the way of day-to-day work habits.

Beyond gaining productivity from existing employees, Zappos’ excellent and interesting culture affords them a giant benefit: Top-Notch Recruits. How many potential employees take the tour or hear about Zappos’ unique culture and soon after take a look at Zappos job postings? I would imagine this occurs frequently, as I know at least one other blogger that I talked to on Twitter did this. By garnering extreme interest in the company, Zappos has a huge pool of candidates to choose from when deciding to hire, which inevitably gives them a pick of some of the most talented workers around. Not to mention, Zappos is headquartered in Las Vegas, NV, a vacation hot-spot and genuinely exciting city. Many talented individuals would consider relocating to Las Vegas for a great job opportunity, at least for a few years.

With all the obvious benefits that Zappos has created with its corporate culture, why doesn’t every company strive to be like them? The only answer I can come up with is a fear of employees taking advantage of the company’s policies. At “normal” companies, we submit equipment request forms for bigger monitors and ergonomic keyboards, we are required to be at the office between the hours of 8 am and 5 pm, and we are our responsible for directing our own personal growth. At Zappos, these things and more are offered as part of the employment package, allowing them to recruit the best of the best. As always with the best of the best, superficial concerns about work habits can be relieved by knowing that great work will get done, period. Also, with such a unique experience, employees that value it know that it cannot be recreated anywhere else, helping with employee retention.

If every company tried to create an extremely unique and happy culture, it would not work. Zappos falls into the perfect fit of culture with aptitude with industry. Encouraging collaboration and outgoing personalities helps them “deliver WOW through service” which makes them a successful retailer. As more and more companies attempt this, it will require “culture innovation” to stay unique and to continue to attract talent. Kudos for being at the leading edge of this trend, Zappos, I can only hope our paths will meet again.

1: A supremely neat novelty that Zappos had in the office was an industrial-strength blender. When we were walking through the tour, we watched them emulsify random office items like a foam ball and a pencil. I don’t know what the purpose is other than to relieve stress and to give outsiders something to talk about.

King for a Day – My Visit to Zappos (Part 1)

Late last summer a group of friends were planning a trip to Las Vegas and invited me to come along. I struggled to rationalize the trip until finally settling on the excuse. While in Las Vegas, I promised myself that I would perform research by visiting the headquarters of Zappos, the successful online retailer known for its incredible corporate culture. The goal was to witness first-hand a company that has mastered the art of creating a fun yet productive culture while also serving to motivate me in my own career. I apologize if I spoil the surprise, but it worked!

Planning

I am a bit of a veteran when it comes to Vegas trips. I know what I like and therefore I optimize for those things. However, I was a bit nervous about setting up the tour with Zappos because being productive and talking business does not normally fit into the schedule of planned events when I am on the strip. Fortunately, during planning my nervousness soon turned into excitement.

I reached out to Zappos customer service by finding an e-mail address on their website. Shortly thereafter, I received an informative and encouraging e-mail from someone at Zappos.

Hello,

In an effort to share our culture with visitors we open our doors and offer an experience of the Zappos Environment first hand through a tour. I would love to help facilitate a visit to our office, to include a tour.

Tours are offered Monday through Thursday; and the tour duration is 75 minutes. Tours typically start at 9:00am and the last tour starts at 3:00pm.

Please provide a date and an arrival time, and I’ll coordinate a schedule. One of our wonderful tour guides will WOW you with our history of service.

Zappos.com extends a complimentary shuttle service to all of our guests. If you are interested in the shuttle, please provide the pickup and drop off location(s) as well as a cell phone number.

I look forward to hearing from you.

Best Regards.

It may seem like a simple e-mail but I was downright surprised. Maybe I shouldn’t have been, given Zappos’ reputation. The e-mail simultaneously answered nearly every question I had and reinforced my impression that the visit would be worthwhile. I immediately began looking forward to the tour. Looking back, throughout all my interactions with Zappos employees on the visit, I was received with similar tones of courtesy and relevant information.

The Tour

The tour of the Zappos campus was quite fun. Our tour guide, although fairly new to the company, was well trained and a good conversationalist. He delivered enormous amounts of functional knowledge about the company and each department in a very short time. I found the professionalism of every employee to be quite impressive but clearly information is not what made the tour fun.

Although I came to the tour alone, I was included in a group with 13 other people who all worked together at a Zappos supplier. This made things a bit awkward at first, but the tour included multiple tactics to get us out of our comfort zone. Some visitors walked around with Zappos flags, others were asked to ring a bell and yell something that nobody would know about them, and still others got to engage in a hula hoop competition with a random employee (who happened to be walking by at the wrong time). Because doing these things felt completely acceptable, nay expected, it did a great job of loosening up our moods. Additionally, only volunteers did these things. No one was forced to be embarrassed by the zany antics.

Zappos’ culture was very welcoming toward visitors. Almost every department we passed did something to acknowledge us and to make us “feel like Kings.” Many of them shook noisemakers, jingled bells, or played funky music on their computers. Some had funny stories or poems prepared for us. From a visitor’s perspective, I felt special to be welcomed in this way as opposed to feeling like a nuisance to people in the building. From an employee’s perspective, I could not imagine being happy about the distraction of a sizable group of people strolling through my office regularly, and me being expected to make noise and interact with them, but there will be more about that opinion in part 2 of this blog post.

The folks at Zappos wanted to make absolutely sure I left the building with a positive impression. In addition to all the free information, popcorn, and smiles I received, they gave me SWAG! I could barely carry it all (a backpack, Zappos Monopoly, culture books, and more). They let me and the other visitors choose a hard back book from their 2 large book cases in the lobby. I took home The 4 Hour Work Week by Timothy Ferriss. Given that I was on a mid-week Vegas trip I had traveled to Nevada with just a carry-on. There was no way that I could pack all my new stuff and take it home. While I was leaving the Zappos headquarters, I briefly had the thought to ask them if they would ship my stuff home for me. I honestly got the feeling that I would have, but I did not ask.

Conclusion

Visiting Zappos and taking the tour accomplished everything I had hoped. It taught me a great deal about how a unique culture can have brilliant effects, it was fun, and it inspired me to better myself so that I may be more desirable to future employers that have a similar environment. I absolutely recommend that you take a tour yourself. As long as you are interested in business, web development, shoes, or fun, it will be worth your while.

Stay tuned for Part 2 of this blog post, in which I analyze the productivity benefits and drawbacks of Zappos’ environment.