Google+ Integration 'Upgrade'

I was up for the idea of integrating my blog with my G+ account - I wasn't really using it much and only a few of my friends are active on there.

Generally I find social networking useful for two reasons: keeping in touch with friends in other countries and selling business services.

The problem with this integration is that your Google+ profile replaces your blogger profile, which is ok... but  I've got particular settings and appearances on each which don't flow together. Whilst I'd still rather use Google+ than Facebook - I closed my FB account last year and am unlikely even to create a business page - I just feel that the integration between products could use a little more flexibility.

Good idea overall, just a couple of issues stopping me going ahead with it.

Update 15th August 2014

I've gone with it. The benefits of linking the posts to something like Google+ outweigh any foibles and the plus profile is now a lot more flexible. It's a no brainer.

The only think left to do is find something that automatically links new posts by adding a twitter status. The blog itself has gone from a technically focused R&D exercise to a business and architecturally focused observational process, infused with a sprinkling of scenarios from outside of the business world :)

 

Commodity Update

It seems that it's a two-way street - After writing a post this week about tips for handling tricky recruiters, a large section of the recruitment industry itself has outed one particular individual.

http://www.irg-uk.com/viral-email-blows-whistle-on-bad-rec2rec-recruiter/

Information *Is* The Commodity

You're about to set out from the world of permanent employment and embark on contract work. Awesome! You know your tech-stuff and are chomping at the bit to ply your trade as a gun for hire...but are you savvy when it comes to negotiation and recruiters? Sure, you're confident in your technical skills, but do you know how to be a top-class salesperson too?

It struck me recently that there are perhaps less experienced people being taken for a ride by the seedier agents out there. If you've been doing this for some time or have also read the Toe-Rag Recruiter Playbook™ you probably won't be interested in what follows.

All I'd like to do with this post is provide a few tips and explain why some agents might ask some seemingly innocuous questions. After a number of years learning from my own mistakes I've built some very good relationships with particular agents I trust - They've even helped my out by explaining some of these areas, and over the years a few have even become mates.

It should also be pointed out that not all recruiters are used car salesmen, generally it's more likely to be one or two people at a handful of agencies here and there. We each have our own personal preferences about who we like to work with and who gets us the best rate, so I'm not going to insult your intelligence by telling you who to use and who to avoid.

This isn't about naming and shaming either - It turns out the Del Boy stereotypes out there are known to all anyway. A mate of mine (a recruiter) also pointed out that the recruitment industry is there to make peoples lives better - via career and monetary advancement. He's right and he also pointed out that, like anyone, there's bills to pay and sometimes people stoop low to keep the wolves at bay. There's plenty of good websites where people can share their views such as Contractor UK - some particularly good advice across a range of topics and forums.

Before we start though, don't start treating recruiters like cold war-era spies trying to steal the toast off a grannies breakfast plate. Treat recruiters with the same professionalism and respect you'd use for clients or potential new bosses (it doesn't matter whether it's returned, just stay positive and professional). Remember: recruiters are your friends, they're most likely to be the people that'll get you that next job.

Terms and Conditions

Make sure you fully understand the implications of payment terms before you sign a contract. When are time-sheets due? How often are invoices processed and paid? What happens if you miss a time-sheet & invoice deadline by an hour? Are the agency willing to be flexible once or twice?
Ideally look for an agency who accept weekly invoices, pay weekly and don't stipulate daft paperwork requirements like "your time-sheet and invoice have to be in on the Friday lunchtime for the same week".
Once you've signed that contract you can't change it until renewal time looms.
Sometimes you have to compromise to get that rate or a contract to get you commercial experience with something. It all swings in roundabouts.
Another discussion here which may give you some more ideas.

LinkedIn Contacts

Ah, such a good idea.
Ever noticed that pretty much only recruiters write updates on LinkedIn? Sure there's big companies selling stuff, job openings and some great groups but most of the time that recruiter who's just massaged your ego a bit will shortly send you a LinkedIn request.
What you may not realise is that following that they'll probably work their way through your contact list and find your current boss, your previous bosses, colleagues who may be hiring and other potential candidates (i.e. your competition).
It shouldn't have surprised me so much I guess, but when I hid my contacts the next few agencies who sent connection requests called or emailed less than thirty minutes later asking if any of my colleagues were also hiring. Pretty much because they discovered they could't access my contacts or associated profiles.
Hide your contacts list on LinkedIn from everyone and control the flow of information as you see fit. Hide the "Viewers of this profile also viewed..." box in the same way too. It's only used for the same purpose.
This one is up to you, you're potentially offering up information on your own competition.

Job Specifications

This one's a bit trickier as not all vacancies will have a formal job spec. For example, there might just be a company telling a recruiter to find them a Java developer with WebSphere experience. Just be aware that agencies advertising a role that doesn't have a job spec *may* not actually have that role on their books. It's not always the case but they may have used any number of methods to try and get their foot in the door, firing across some prospective candidates to a potential client.
Mind you, there's nothing to stop the agency amalgamating a few existing job specs into one fictitious one so there's plenty of ways around it.
They may also just be trying to fish for candidates to represent for roles that haven't fully materialised yet. Either way ask for a job spec and confirmation of rate / package - If they claim not to have one yet and you've not worked with that particular agent before, be a little cautious.

References

One particularly annoying ploy for a hiring manager is when you get cold calls / emails from an agent you've never worked with, asking what sort of candidate you're looking for with regards a vacancy either you've just filled or have never advertised. How did they find out?
You always get genuine agents you actually want to work with buried under all sorts of tat and unrelated connection requests.
One tactic is to advertise a fictitious role and asked for references from applicants. Maybe a day or so later that role "magically" gets either withdrawn, filled by another agency or the agent "can't get hold of the client" - usually it didn't exist in the first place. However, in that time, the applicant is sent a job spec for another role...But the agent's now got their foot in the door with a new potential client or contractor directed by your references. Granted, that is a worst-case scenario but it does happen.
They may ask your referee for the reference but will tag on a business enquiry offering their services on the end. They may tell you it's a requirement to validate candidates; honest conversations between agencies and hiring managers usually end up with an agreement that an agency can only screen technical candidates so far, the rest is up to the interviewer to assess (i.e. references often have little to do with it).
Bear in mind that this isn't always the case - Speculative applications are very different to applying for live roles. In this scenario if you already have recommendations or testamonials, supply these to the agency omitting the names and organisations of the referees. Often those agencies working on a more pro-active basis will like to create a sales pitch about you, backed up with real-world opinions. This is a great approach for speculative applications on your behalf and has worked well for me in the past.
There is no company in the UK (possibly Europe too) who requires references with an application from an agency. Even government or security-cleared roles with checking processes have a more direct approach to references which are far more formal.
Usually the person at the client organisation interviewing you will ask for references if they're needed at all - It varies, some hiring processes require it post initial interview, some don't at all.
Professional networking sites often have a recommendations feature which is a reasonable compromise (most people are happy to act as referees if they just don't want to make a public recommendation).

You may get into a situation where the agent tells you that they can't submit you for a role without references as it's "a requirement from the client". This is cow poo. Challenge them: Ask them if they're happy for you to approach the client directly as you understand they cannot represent you in this instance due to their own processes.
You'll be surprised how often "all of a sudden" they find a loophole and your resume is on the clients desk for review. More importantly, if that doesn't happen don't reconsider and don't dwell on it. You're almost certain to have a conversation with that agent straight afterwards about another role which "may also suit". If you don't, there's a hell of a lot of agencies out there who will work with you.
Tell agencies who've asked you for this that you'd be very happy to supply a list of referees *directly* to their client when the time comes.

Who Was....

I hate these questions. It's like they're cringing with embarrassment at the other end of the phone for even asking it, just to see if they can get away with it.
You'll be asked who you worked for (sometimes tied in with requests for references), who you worked with, whether they're hiring at the moment or how the business is doing in general.
Don't mention names - or even job titles - This is just another ploy to generate leads / new business by contacting the people you mention in this scenario. It won't make any difference to your application for a role at all.
When you have an interview arranged via another agency be honest about the fact - Just don't disclose which company it's with or who you're going to be interviewed by. Always let them know how it went and where the land lies going forward though. See point #5 in the summary below.

You Don't Want To Work There...

Often when a recruiter knows you're going for an interview they'll ask who it's with, who you're meeting, what kind of role it is, what the interviewers favourite colour is, how many fingers they have....

However, often that follows with something along the lines of:
[Agent] "Well good luck with the interview, I'm sure they'll hire you after spending any length of time speaking to you. If you don't mind me asking, who's it with?"
[Candidate] "It's an interview with Daves Websites Plc in Exeter"
[Agent] "Oh ok, I've heard of them - who's interviewing you?"
[Candidate] "Erm, I think it's a guy called Horatio Hornblower."
[Agent] "Ah right. That's interesting."
-Oscar winning pause and change of tone-
[Agent] "Just so you're aware, I've heard some interesting things about DW Plc, lots of people have left there recently because of the environment"
[Candidate] "What do you mean? Is it really that bad?"

At that point even if you don't believe them it starts making you think. Score one for Johnny Recruiter. It's an age-old tactic and a lot of agents try this at one time or another. For me I see it as an unprofessional mechanism to steer candidates back to their own vacancies. It's a *real* annoyance when you're trying to hire people.
Even if it is the same thing as politicians running negative campaigns against one another,  they're in business to make money from you, the product, so gloss over it and keep the relationship positive. It's just one of those things that's to be expected and it's no big deal.
Try speaking to contacts and getting first-hand opinions if you're getting concerned. For permanent jobs, carefully phrase some difficult questions about working practises during interiews. Disguise questions about how many people have left / joined with topics on how fast the teams are growing, how often people stay late at work and why the role is open in the first place.

If you're a recruiter reading this who's actually tried the steering tactic: Bad dog. No biscuit for you.

Tips and Summary

So as an overview, eight points to consider - Remember it's not a rule book or a doctrine but just some suggestions:

1. Hide your contacts list from everyone on LinkedIn (or any other professional networking product). Do the same with the "Viewers of this profile also viewed" box too
2. Never give references to agencies, only ever directly to a potential client. It doesn't benefit you in any way to do otherwise no matter what the recruiter might tell you
3. Always get a job spec before you hand across too much information
4. Never disclose who your line manager was, who's job title was what, which directors deal with what, which other managers deal with which area of the business....It's just lead generation. You can always use this info as a bargaining chip if you like as an incentive to get the agent working for you, but that's your choice
5. Don't disclose the organisation or name of the contact for interviews you will be attending. It's none of their business (they get shirty when you disclose their clients to other agents so it shouldn't work the other way round either). Do let them know you have irons in the fire though, that can help move things along
6. Any time an agent tells you to avoid or be wary of a particular company, press them for the source of the references and take with pinch of salt. Also realise you should have followed point #5 and slap yourself in the face for not doing so
7. Never discuss your rate with anyone but the agent and your accountant. Not even your mates or your boss (even though your boss should already know). Bad for business and come negotiation time it'll only hurt you. You never know who your mates' mates are, or who *their* mates know either (the "it's a very small world principal")
8. Most importantly, be honest with recruiters about yourself, your skill set, what sort of roles you're currently capable of and whether you've been submitted before. You'll only make them look bad and less likely to talk to you again if you don't. That trust relationship works both ways.

If you're reading this and strongly disagree, I'd love to hear from you. The topic is an open book based on both my own experiences and [horror] story swapping with peers.

Conversely, if you're reading this and have your own experiences to add it'd be great to hear from you - Please keep it constructive and informative though :)

Preservation, Physics and Psychology

I've had some time to think and reflect since the frenetic pace of my last permanent role and I thought I'd share some of the lessons learnt over the years. These thoughts relate to hiring and expectation management - Numerous other hiring managers adopted the process I developed due to it's success in finding the right people; I've even been recommended because of it. I spent a lot of the beginnings of my career working at consultancies so I got to see a lot of different IT & development departments.

I took those experiences into the latter half of my career and built on them in ISV's and online gambling & gaming firms. After I left my last employer a number of people there approached me about grumbles and for career advice so maybe if you're thinking about getting on your bike, some of these observations from the last 15 years may help you make sure that bike's in good working order before you need it...

So What's Physics Got To Do With It?

Relax, I'm not about to yell "In the NAME of SCIENCE!!", wave a sword in the air and the lead nerd equivalent of the charge of the light brigade. In simple terms, inertia is simply defined as "a body's resistance any change in motion". So if a body is already moving, that body won't change direction unless something forces it to. For example, if there was no gravity or air-resistance on a tennis ball, Nadal's returns would never bounce in but just continuing to  travel on at their fantastic speed.

That's some pretty boring tennis.

In terms of the people that you have working for you right now, at what point does their reluctance to change career direction become inferior to the options, choices or influence to move to the next stage? They will be the forces that eventually inspire them to change course and jobs, their inertia overcome.

For example, we've probably all worked for companies at one point or another that fail to deliver on promises and end up only inspiring dissent. I'm sure we've all see the kind of offices I'm talking about - The last drops of enthusiasm drain away at around 10am on Monday mornings, where senior management just weren't interesting in keeping you happy, would often take credit for yours & your teams achievements as their ideas - often right in front of you. The kind of places where it's very difficult to conceal what's happening from your team. Your superiors are making your job even more difficult then criticising you for not hitting those moving targets. But hey - that's the same in any company to a greater or lesser extent so we just learn to deal with it better!

A simple exercise in shared ownership and expectation setting for team members can mean that what the seniors do above you is irrelevant to your team members. It can also ensure that senior management get the ammunition to laud amongst their peers and their seniors whilst your people further build a sense of achievement and self-worth.

So let's look at inertia, and that seeming reluctance to take that next step. The deciding factor there is levels of personal happiness.

Happiness Is Not An Illusion

Even your own happiness shouldn't be measured by short-term pressures such as "how do I keep my boss from getting angry?" or "how do I make sure I don't get fired?". Both those questions conceal underlying issues about your relationship with your line manager that you need to review. Maybe you need to think about how to set expectations more realistically, or maybe that boss refuses to have his or her expectations set any differently and you need to define delivery plans differently.

No-one is going to fix it for you - you've got to take charge and do it yourself. Your boss will be impressed if you resolve a problem via initiative anyway and relying on other people for your own happiness is a bad idea.

For example, I could define my own happiness at work measured against certain criteria. So if those criteria included whether I can be in a position where I'm learning something new (or how to do something I already knew better) and I'm able to contribute to the organisations mission statement, that satisfies my own happiness criteria. There's nothing complicated there and it's pretty easy to keep that learning mode switched on.

I've been fortunate enough to work for two great organisations in the last six years who have enabled a massive personal leap forward in both technical and business acumen. My reasons for leaving both organisations were to springboard into a specific career channel on my own for the next ten years, and I'm incredibly grateful to both companies for the immense wealth of experience gained. 

For my personal happiness the problem at my most recent employer was that it's a thankless, hard-working environment where politics are constantly at play - There's someone trying to pull the rug from under your feet all the time, listing all of your smallest shortcomings alongside none of your major achievements to the heads of department and above. Most of the senior management originated at the same group of companies and there's little longtitudinal career travel. However, the amount I learned and the various performance and security concepts I got exposure to combined with the great technical people I was fortunate to work with outweighed all those negatives instantly. Overall I'd actually describe the entire experience as extremely positive and constructive but then I'm known for having a very optimistic approach!

On one project we worked from October through to January missing out Christmas and New Year entirely. We got the project live with 30 seconds to spare (failure would have meant the company ceasing trading in certain countries) and I finally celebrated xmas / new year with friends in February. I really enjoyed the vibrancy and energy across the teams but the level of effort isn't sustainable for any length of time. Some of the developers involved were getting serious grief from wives and partners as a result, others just reaching the end of their tether entirely. Around five percent of the department handed their notices in over the following eight months.

Of course, whilst I could have stayed at my present employer for many years there was nothing there to provide any kind of objectives or markers of success. Crucially, the exposure to new things or improving things stopped over the course of a quarter. I'd already learnt how to do push-ups in space and I'd be stuck in the same career situation for the foreseeable future; fantastic experience but no longevity. It's a shame because the business itself is a global success.

If you've ever read Soul of a New Machine by Tracy Kidder you'll get an idea of what the environment could be like in places. Sometimes the development department delivered requests even the CTO thought impossible to implement, other times we'd fix live security issues that few people seem to have ever heard of. All sorts of people wanted to consult with us ranging from a very large software company from Seattle to security departments in national government. The company has it's own patents, creates relationships with specific ISV's in order to get feature requests and help develop those products. Almost all the companies in the same market sector viewed this organisation as the target to aim for and we were used to building software that would come under attack every minute of every day.

So the inertia here - the reluctance to move on - was big but the force enacting a change in career direction was much bigger. It took quite a lot to make me think about moving on despite an extremely tough working environment with a very high turnover of staff but after going through two or three relationships and having all your friends make some very unsubtle comments your perspective is adjusted. Forest. Trees.

It's a personal thing and defining your own happiness is very much up to you. 

Moving on from recent examples, some places do have an entrenched management structure that all used to work together at whichever organisation(s) they all came from - usually only creating glass ceilings for everyone else, or bring in people who won't question them. It's very difficult to make your way through that structure although it is possible with the right strategy. There's an element of that in most organisations to a greater or lesser extend though, more so in family-run businesses.

A good friend of mine whom I've known for many years went from working in a call centre to working in banks, then on to being an accountant. In his case, happiness is defined as caring about the people you do business with (as well as being able to use his brain!). He couldn't do that in a call centre, and banks generally have too much internal politique for good people like him. It took years but he's happy - it's still hard work but it's the sense of achievement and associated rewards that provide him the next objective.

That inertia was overcome by a desire to improve himself and his quality of life combined with the determination to succeed - An admirable level of tenacity.

Should I Stay Or Should I Go?

Perhaps it's more about the Psychology of Staying - At what point do you assess your own happiness and realise that your current situation falls far short of your expectations? How many times will you grumble about leaving then never get round to it because "the time isn't right"? How many holiday requests will get refused before you (and your partner) start having serious issues?

I think we've all had difficult situations motivating staff where they've seen the grass on the other side (especially when you have contractors as well as permies) and are struggling to justify their current life choices as a result. Your aim should be to take care of their best interests and create more feathers for their cap. Give them something "for free", like a new programming technique or methodology, and you'll see an increase in enthusiasm. They're going to get that "new thing" one way or another, so you may as well get the perceived credit.

An occasional pat on the head, perhaps a bonus or a payrise a little over the rate of inflation may keep someone quiet for a while but eventually it'll be the same situation and same grumbles again. Remember that no pa-yrise is the same as a pay-cut and there's no such thing as a "job for life" in information technology so don't assume long-term loyalty. As an employer, the people that come to you threatening resignations unless they get a pay-rise will only do the same to you again in a year. Making your people feel valued is worth far more than any pay-rise or bonus in the long term (although they can help), assuming your paying fairly for the market to start with. 

Beating people with a stick then criticising them for not being stick-proof is not a good approach. I remember on a particularly large and difficult project being told that I wouldn't be given any project management or architectural resources. I spent some time with my boss explaining that growing the perm team by another 50% in six months, taking care of the BAU tasks and covering live issue support was plenty (along with my actual day job). Doing all the project planning and architectural support within the team wasn't possible at that stage, and wouldn't be until we could hire or promote some senior developers. A massive redevelopment project, in a proprietary development environment on bespoke frameworks was going to be tough enough on everyone..Never mind doing it on our own.

Both myself and members of the team had to work 60-80 hour weeks for over a year to make sure we got the job done. I was denied requests to promote within the team or find senior developers on the market so nominated technical leads to perform the senior dev functions. Kudos to the guys I put in those roles, they achieved an incredible amount and it's a huge credit to them that the products and frameworks were delivered.

Following what became a tricky product delivery I was ironically pulled up for planning and architectural criticism. Don't take that as shifting blame though, it was my responsibility to ensure delivery and mine alone. By the way, that taught me that "I told you so" comments need to be very carefully phrased :)

Back in the world of physics, impulse is defined as force multiplied by time. Essentially, a large force for even a short time creates the same amount of change as a smaller force for a much longer time.

In people-terms, impulse is far more dangerous. One person leaves and starts telling their former colleagues about the benefits (the "grass is always greener" effect). They start making impulsive decisions about their futures that you have no control over and cannot convince otherwise. All it took was a little extra nudge to focus those existing thoughts and ideas. 

It's a visible indicator of your working practises when your people start leaving in numbers, especially in the current market where perm developers can almost name their price.

Sound-Bite Summary

In order to get closer to that state of equilibrium, start at the beginning; the recruitment cycle for your growth or replacement phase. Usually it's better to wait to find the right people - the people that have a particular vocation or love of a job - to fill a vacancy than shoe-horning in a bad fit. Long term it'll save you (and them) a lot of pain. No-one checks all the boxes but if you can find someone with an attitude that fits your working environment and is hungry for it, the situation will be more constructive for both sides. In fact, far more constructive than a star player [prima donna] who needs to be the centre of attention all the time (and whom the rest of your team will probably hate).

Contractors don’t matter - they're just there to see you through until you've built your teams the way you'd envisioned it. That's not being mean or heartless, I'm a contractor myself coming from a  development management and development background and I know where I stand.

Whilst the axiom of "A happy workforce is a productive workforce" rings true, what you're really doing is preparing and training people for their next job. The only choice you have to make is whether or not that next job is going to be within your organisation or your competitors.

Which would you prefer?

Coming Together

Spent most of the weekend re-writing the website in MVC4 / Razor and have been battling media queries all afternoon.

After the last few years in a performance- and security-orientated environment that isn't looking to adopt ASP.NET MVC at this stage, I haven't been as impressed with Microsofts products since they first introduced C# (both from an architectural and development / maintenance perspective).

Nice clean markup with no layout requirements outside of the stylesheets, all defined per device-capability.... I've just got to work out how to do the same with my JavaScript and jQuery and it's done. Although tbh developers should be separating concerns during the de facto lifecycle without the IDE / platform having to do it for them.

I'm still not happy about the inline server-side code from a performance perspective but that's probably just because of the issues it causes in ASP.NET WebForms. Will poke around another time.

Two Weeks To Go

The view from the home office is far better than the one from the portakabins at the day job

Definitely at the tail end of the countdown now. Really excited at the prospects both in the UK/EU and overseas and it's definitely looking like I'm doing this at the right time.


Decided to have a full-on geeko™ and architectural review weekend and just sorted out a WCF service to simulate an endpoint for clients to consume. Seems like ditching XMLSOAP and creating TCP endpoints for SOA would be a good way forward, using MVC to generate the JSON for any client-side / async calls. Should separate concerns more fully and seems far, far easier than good old WebForms.

After looking at the performance model, I'm not impressed with Entity Framework, but.... the aim here isn't the kind of performance needed back at my last job. This application will never have to deal with 10k-25k transactions per second. Pushing prototypes out on a relatively small time-box is, so RAD is the acronym of the day. I covered a small performance topic area in an earlier post which I'm sure I'll extend over coming months.

LINQ to entities is quite nice, although suspicious at first it seems to hang together well - VS 2010 Ultimate is amazing, the debug & trace tools are immensely useful - moving between stack frames whilst trying to debug multiple threads is such a time saver.

Also taking a look at AMD for some of the more complex web-focused implementation. It goes way further than anything we have available to us in the framework as-is and potentially cuts the payload right down. We'll see.

Although the day has been focused on newer technologies I found an old one. With online movie rentals, Sky Movies and music services I didn't realise that I've not bought any Blu Rays in ages - never mind DVD's or CD's...Until I accidentally hit the open button on the hi-fi this morning. Obviously hasn't been used in over a year....

Outstanding Performance

I was stood outside a branch of [well-known high-street bank] this morning, waiting for my appointment with their business advisor.

As I walked up the steps five minutes before official opening time I noticed a guy in a high-vis [insert name of telecomms firm here] jacket tapping on the glass doors. He looked pretty annoyed and I didn't know what to expect but he simply shrugs at me and says, "I'm just here to fix the alarm line."

Er. Ok. So. What?

I wasn't sure whether he meant what I thought he meant so asked him. Apparently he was actually there to fix the comms line for the branch alarm. No kidding. The staff in the branch just looked up for a moment when he tapped on the glass door, then got on with their work.

They called him to fix an urgent problem but left him on the doorstep for 30 mins.

He was the alarm guy. This isn't Gotham City or anything, this is a backwater town in the West Midlands.

I'd phoned one of this banks competitors two weeks ago (Natwest), and even dropped into one of their branches when they hadn't got back to me. I still haven't heard from them.

All the fun & games you've read about in the news that financiers and brokes were / are [allegedly] having here in the UK and you literally can't give your money away. And even if you could they couldn't store it securely.

I look nothing like this

I picked the wrong month to quit smoking.

Progress

Things are beginning to come together a bit more now.

Working with a flying buddy to define and develop an avionics tool for Windows Phone 7, although it's moving the right direction I think it'll probably take 3-4 months to create v1. Flight planning and avionics integration for light aircraft such as hang-gliders isn't your average topic so I'm glad I've got Nick to help me understand it.

Toying with WCF RESTful services and some JSON clients this afternoon - Although I've got 2008 R2 running in some VirtualBox clients it's really just a simulation for cloud storage and SaaS. If I can work out whether there's actually any point to doing it; I don't think the weather and flight planning features should be restricted by device storage / capacity.

My knowledge experts fleshing out some more ideas from the prototype I sent him. We currently have techo-joy: Using my Nokia WP to edit Office docs on the fly, SkyDrive hosting the storage so that we're sharing the same OneNote notebooks for the brainstorming and storyboards. I've got him to install MS Expression Blend 4 so he can get involved with the prototyping a little.

Looking at my Microsoft subscription, I still can't believe they're offering you the choice of either Amazon S3 or Microsoft Azure. I keep getting more and more impressed with their products and direction; .NET 4.5 and Visual Studio 2012 look like great productivity tools for developers and architects alike. After looking at the Windows 8 preview I can't wait for the WP 8 SDK and associated tools to come out.

It's just such a shame there hasn't been the market take up of this third ecosystem in the mobile market - For business purposes nothing else I've seen comes close. If Surface and W8 support the same app framework as WP 8 it's going to be very easy to port software between device platforms. Just look at WP7 apps, Windows 8's likely technical direction and existing PC applications like Zune. All appear to run from the same platform which could mean that we're about to see realistic convergence of development environments and even underlying platforms.

It's amazing how quickly you can get distracted working at home though. For example, whilst writing this blog post I had a sudden urge to see what amazing beards are out there on the internet.

News beard

Hunter beard

Tolkien beard

N.B. I have nothing against beards or 'taches, it was just a distraction from problems with the WP emulator load sequence.

See What You Can Do

Joined o2 as a business customer yesterday around 1pm.


o2 started having major network issues yesterday around 1pm.

I ended up missing calls from agents, prospective clients and Audi. As well as the customer forums and support pages timing out the customer service line was busy all night....Then they seemed to clock off at 9pm. I think we're all expecting a kick-ass apology.

Let's see what they can do.

Update 13th July

Phoned o2 business support (which seems to be the same as their regular support number) only to be told that the complaints department cannot be connected to directly. They don't have a phone number. It says a lot about a company if you can't directly speak to the complaints teams.

The woman taking my call told me she couldn't do anything to help me even after I asked what sort of compensation I could expect for the loss of phone and data connectivity for 24 hours. She also mentioned that the complaints team would be evaluating the level of compensation across all the complaints they're receiving.

She simply said that there was nothing she could do - I pointed out the level of support I used to get on Vodafone and the rough potential loss of earnings figure from just one day.... She then offered me a free months line rental. £17.50. I can understand her position and it's not her fault - there really is nothing she can do directly, and she'll have had many difficult conversations in the last 48 hours.

I just asked who I'd have to speak to in order to get my PAC code - I haven't put a nicotine patch on yet this morning but after I do that, I'm going to have a think about going back to the reliability and network coverage of Vodafone.

It's not just the problems with the network, it's the way that they've apparently dealt with their customers at o2 that really annoys me.

Update 19th July

Nicotine patch helped. This whole o2 situation is a one-off, I should know better as someone who works in a high-availability, high-pressure and low latency environment how difficult the job is start with.

The response from the complaints team was fairly defensive but neutral, which is to be expected - although hiding behind reasonable service clauses in the T's and C's is likely to annoy many customers.

Wings

A mate invited me to RIAT last weekend, I saw an old friend I hadn't seen in about 15 years.

It was the first aircraft I ever did aerobatics in and the first time I flew a light aircraft. It went out of  service the following year to be replaced by bulldog (also a lot of fun to fly). Prince Philip learnt to fly in one back in 1952 so it did pretty well for itself. I'll always remember AEF days in the chippy.

Couldn't see any of the stealth aircraft. They must be pretty clever.

Crackers

I've got this problem to solve from a crypto / maths problem solving website where they give you a simple black GIF image and tell you there's a message within it, concealed using steganography.

Spent a few hours writing a quick app to re-process the least significant bits of each pixel and run some tests in what I thought was the right direction.

Just realised it's a GIF, not a bitmap, so this is route is completely ineffective. 

That's all. Carry on.

Science-Fact

Picture the scene: We've all had a few and are sitting in a pub garden in Cheltenham, talking about everything from Formula 1 and business to fish tanks. We've all done it.

Just bear in mind the Guinness-science Influence Scale™ ... After about 2 pints, having a wild stab at some scientific solution or how some new technology works is a must. After four pints, you've got your honourary doctorate in your pocket amongst the subway loyalty cards, odd five dollar bills and Irish Punts. You're just not wearing your labcoat today.

After eight pints you're practically giving lectures to lesser minds at CERN and need not be bothered with actual sober facts.

So eventually conversation turns to the Higgs-Boson 'god' particle, detours off into socio-political discussion about the theocracy of the southern United States, eventually meandering back to this new particle discovery.

Now the explanations start; we're all firing wildly - [please imagine a vodka induced slur on top of commentary] "It's like, it's like, when you're building a house, and the fire department turn up. No. Wait. Mortar. Yeh. That's it."

One of our group points out that her dad is a retired particle physicist and may possibly know better than us mere mortals.

Asking an actual expert is a long shot, granted, but worth a punt. So to the question "Can you explain what  this higgs-boson god particle is in only one text message?"

He replies:

"As I haven't kept up with particle physics I can only give you a few basic principals and guess about the Higgs boson. All matter is made up of fermions and bosons. You can only have one fermion in any one energy state but you can have multiple bosons, so fermions (e.g. a proton) provide the structure and bosons provide the forces of nature (eg photons are the agent of electromagnetic force which is responsible for most of what we perceive in the world...chemistry, light, electronics, etc). Most particles have a mass which can be converted to energy (E=mc squared) and their conglomerate mass makes them subject to gravity, a very weak force but obviously effective on cosmological scales. The big question is where does mass come from and the Higgs boson was postulated as being responsible for giving particles their mass. Hope that helps.
Love Dad xx
Can I get back to cooking my risotto now?"

Every single person in the conversation then exclaims that they were right all along.

That avenue of conversation securely closed, we resolved grand unified theory and the definitive history of life itself over chasers.

Thanks to Sezzle and Das Fletchenberger for the great night out (and lack of hangover this time).

Jinxed It

...So I write a blog post about security awareness and the following week LinkedIn publish details of a hack.

I've not found official confirmation yet but it sounds like they were hashing data items such as passwords with SHA-1. Which could be classified as a weakened encryption algorithm on it's own, but LinkedIn may not have been salting passwords.

I've also found another potential vulnerability across devices / platforms after changing my own password on LinkedIn. Will let them know and hope they add that to the list. Doesn't look like a big problem but could create an attack vector in < 1% of scenarios.

If you're affected by this situation I'd recommend the following for browser-based applications:

1. Don't use "password", "123abc", "123456" or your own name as your password. Don't use the same password across different applications / accounts
2. Change your LinkedIn password (if you haven't already done so)
3. Change it again in a week and then the following week. If the people at LinkedIn haven't shored up the breach in defences there could be following penetrations
4. Change your account password on any related email address accounts that are held on your LinkedIn account. Double defensibility probably isn't necessary but is a good idea
5. Always hit the "Log Out" or "Sign Out" button / link when you're done instead of just closing the browser window
6. Don't have Facebook, Gmail / G+ / etc, Hotmail or Twitter open at the same time as LinkedIn in the same browser, just in case there's a potential XSS or XSRF vulnerability across any of the applications

"He's just paranoid!", I hear you say. Guess what - Sony got hacked again this week so what's to say we won't see repeats here either?

Update - 5th July

It took LinkedIn four days to get back to my initial report / request for contact, guess they must have been pretty busy at the time *cough*. Essentially the response was "There's nothing to see here, move along" and when I retested about a week later I couldn't reproduce the problem.

Bottom line, problem fixed. From everything I've been reading in the press about the company it's been a policy of denial in an attempt to save face.

Sign of the Times

There's more and more incidents in the public domain where a security issue has seriously tarnished an organisations brand identity. Worst still is the simple fact that it could have been avoided in most cases.

Some of the most notable in the last 12 months that I remember were when the MySQL website was taken down using a SQL Injection attack vector, and the more recent PHP exploit on militarysingles.com (link takes you to the Imperva report PDF).

"Why are these such a big deal?", you may ask. Well from a distant perspective the former details an organisation (now owned by Oracle) who specialise in database systems. Even though the worst effect for customers was to have their details taken and published, it wasn't actually a vulnerability in their product. It was down to the website team not approaching the project with defensive coding in mind.

It was a political coup over brand identity.

The latter example (militarysingles.com) is both an exploit of a vulnerability as well as a lack of defensive coding for the particular scenario in question. The problem there is that gaining access to customer data in this instance means potentially sensitive information on military personal across the globe.

It's almost as if there's a lack of general awareness about key issues, and I can only draw from first-hand experience of contact with developers. For instance, I've done over 200 telephone and face-to-face interviews in the last few years for what is effectively around 30 or 40 actual roles. It's hard for me turning down applications from good developers when we find them but we're after a very specific skill set and way of thinking - especially with regards to security issues or vulnerabilities.

Hypothetical interview question: Array processing and sorting, with the ideal being some sort of pseudo-code or algorithm that details specific mechanisms or sorting. The answers to this vary but most people seem to respond with LINQ extension methods that do it all for you, without any real explanation. As an interviewer it's best to give as much chance as possible so you take the toys away and ask the question again (this time, only using .NET 2.0, or just C if it's familiar).

It's not really about the answer so much as how you come up with a solution but it's also surprising how few people think at this level. It's like all the available frameworks have dumbed-down general technical knowledge. Yes, they're useful in given situations and, yes, they make developers lives easier...But easier doesn't mean better*.

We used to ask a set of questions almost made up on the spot, but that's evolved to a question list - Some candidates recently made comments about some of them being straight from the interweb so I've added a few more different ones over time.

Some questions relate to defensive coding practises and are quite revealing in terms of the level of awareness of these attack vectors. Very few developers seem to know any more than how to prevent SQL Injection in .NET, and throw in a few answers about SSH, firewalls and DDoS mitigation. The last three are good to be aware of but only the third could be dealt with in any way by some development work - It's usually better to get something like RioRey or BlackLotus on the case.

Even the basics will only get you so far - The classic is hashing stored data. Great, but the other guys have read the same book and can break it. MD5 stopped being effective nearly a decade ago, even SHA-2 will have a shelf life defined only by "the other guys" intelligence. Maybe processing power too. CrackStation has a pretty good article actually explaining not only how but why.

At my current employer we have to take the topic very seriously - We're a global organisation who is a big target for black hats, hacktivists, competitors, money launderers and other such activity; so if there's a security problem it's got to be dealt with there and then. The sources of the majority of attacks are unsurprising, as are the sources of screen-scraping attempts. I supposed psychologically if it's not a physical attack, it's more difficult to easily quantify - which can make it more difficult to justify the additional expense for shoring up the defences to the board of directors in some places.

However, RSA were actually physically broken into and later some of their clients had their systems compromised as an indirect result. [RSA Labs has a pretty good collection of docs + discussions here]

There's always something out there that you don't know about - No system is impregnable when faced with a sufficiently well motivated and financed group of people - but you can do a lot to ward off and discourage the majority of infiltrators.

You / me / an individual can't know everything, that's why having a good team is important but here's a good place to start... OWASP (have a read of the reference area)

*(Comments about knowledge levels are generalisation only, there's a huge number of really good developers and specialists if you're lucky enough to find and hire them)

Altitude

Very relaxing weekend for me last weekend, how was yours?

Signed up at a gliding club nearby and they got me airborne on the day. I'd forgotten how much fun winch launches are :) The instructor was pretty nice about it - "Yeh, you can definitely fly a plane, you're just a bit rusty". I'll happily take that!

Pretty impressed with the new phone, too. Seems to cope with pretty much anything although I'm not sure I remember the pre-flight briefing from the stewardess mentioning turning off my phone so...

Please note: I was P2 in the aircraft and not in control at the time this photo was taken. Do not try and juggle text messaging with aviation.

Got a couple more ideas for phone apps and some sunburn out of the day. Sometimes you need to get up and away from the grind to really relax.

Good bunch at the gliding club and a far better way to spend a sunday than sitting in front of the TV.

Time Machine

It's been an interesting week - Got a replacement phone and decided that Nokia Lumia 800 is the way forward. I had to downgrade my HTC Desire to a Blackberry due to work, so going back up to a smart phone has been a real joy.

What I didn't know was that the Desire and Lumia share the same processor; surprised me as the WP is slick and has a great UX. The Desire ended up grinding a bit and was always running out of storage so we'll see how this goes. I've already lined up an idea for WP app, so as soon as Expression arrives I can get stuck in with some dev time.

Also feels like I've been set free just knowing there's 12 weeks left to go before starting work for myself. Paperwork's largely sorted so time for a beer in the garden I think.

Cheers!

Great scott, Marty!

I handed my notice in yesterday in what will be the biggest career change I've experienced in my short career.

When you take an objective view of any situation you're involved in and realise that nothing about that situation benefits any of your own goals or objectives, sometimes you come to the conclusion that it's just not worth doing.

The time I've had at this company has been a huge benefit - I've learnt so much about so many subjects and had the chance to work with the most highly skilled group of people I've ever met, but from this point I'm not going to learn anything new and there's virtually no opportunity to progress career or add to my achievements.

It's not as if there's any animosity or resentment either, if I can I aim to ensure my departure is a blip rather than a bump and that there's adequate continuity.

It boils down to time - I can't get to my long term goals without time spent with the latest technologies on my resume, and potential employers aren't interested in talking to someone with the length of notice clause I have in my contract. I need to apply my core experience to more specific areas in commonplace use. Some of the clauses in the contract prohibit particular blog topics too so it'll be akin to being set free in some respects (I won't miss being permanently on call either :) ).

When I was in Alberta earlier this year, the guy organising the NHL trip to Saddledome spoke about his motivations and experiences in setting up his own business. Struck me that it's (whatever "it" may be for each of us) a lot easier than we think or fear.

The Axiom Of Larry: "Make it happen".

I've also quit smoking with the help of the local quit clinic. So really, it's all about time and travel.

1.21 Gigawatts

Bogus Chroot

I saw the posts about the Google Chromium OS earlier this year and thought I'd take a look. An OS orientated around the old thin client principals perhaps?

From a personal interest level I thought I'd have a crack at compiling the source code myself and seeing what's involved so got the latest Ubuntu running on a VirtualBox VM and started having a play.

That was four weeks ago, and I've been distracted with tinkering on Mono and Java since. Linux has come a long way since I last used it back in around 2005 and I'm pretty rusty! Managed to follow the build instructions all the way to the point of actual build but then get a message that I have no idea about.

"Warning: Possible bogus chroot detected"

Maybe I should have just downloaded the redist and been content with that but for now, converting some of my own-time projects in .NET 4 to Java and Mono will keep me out of mischief. I quite like the Ubuntu environment: if you're a Microsoft-er with a familiarity with C# & PowerShell and have never used linux before you'll pick it up pretty quickly.

It's interesting to have a look over the technology fence and see how the Jones' have been doing lately, but I don't think I'd want to move (they're more than welcome to come over for dinner though).

Tales of the IUnexpected<Int32>

Being curious of the comparison of LINQ and classic actual-code (henceforth referred to as CAC) techniques, I wanted to know how big the gap was. You can tell how exciting my bank holiday Monday has been so far.

Wonder what would happen with strings? Reference types and immutable - good string operations can make average hardware work far better.

Generally I thought the major factor would be an ordinal comparison - or lack of in the LINQ mechanism, for example, the difference between:

There's about a 20% performance [speed] improvement on the optimised route so tried the LINQ version with and without this optimisation but it only seemed to have a very small benefit - probably around 3% tops.

The lhs / rhs values make a difference too - if the comparison finds a difference in earlier characters of the string it won't bother comparing the rest of the string [Assumption: you're doing a case-sensitive comparison]  and if the string length isn't equal it won't bother running the comparison at all, so tried a few combinations of differently cased characters in different positions in the two strings each with the same letters.

Hit the test five times each on debug versions of the exe outside of VS2010 to reduce complications and get an average to make it fairer.

So generation of the source for comparison done on a quasi-random character basis, but so that both method calls would use the same array:

Then use the result for the following comparison:

On the string comparison routines you can only really see the improvement with a string[] of around 1M elements but all the way from 100 elements up to the million the CAC version is faster (by about 100ms at the lM element range) for the same source string. That source may or may not contain the character it's checking for.

I would have expected a bigger difference with the predicate too (commented out in the above example) and both value and reference types to experience the same performance footprint. But would you expect numerical operations to have the same behaviour?

So if we play with performance for a very specific scenario where an array of integers is iterated through, and any element which is even is selected into a result set. So the CAC method is pretty much just a straight for loop (not a foreach):

I purposely created a variable scoped within the loop to hold the value from the particular slot rather than access the array element twice.

And the LINQ operation is a simple from object query:

The IL for the different mechanisms was pretty varied too. Will come back to that.

When I changed the size of the source array which both methods search on I found that below 450000 elements the CAC method was quicker than the LINQ version. Around 500000 elements they averaged about the same but when expanding the test source to over 600000 array elements the CAC version was actually marginally slower.

Mind you, we're talking of the result set examples as 1ms and 3ms for the smaller source arrays, 13ms and 14ms for that middle-size, around 20ms and 15ms for the large array measured across CAC and LINQ versions respectively.

Some LINQ mechanisms outperform CAC equivalents with much larger arrays? I suppose it's like the difference between Hashtable and Dictionary in that Dictionary performs better for smaller collections, but Hashtable far better with large collections. HybridDictionary is ok but there's a bit of a hit if the collection size moves over the threshold too often.

The IL seemed to show that the extensions and LINQ mechanisms use a specialised call set whereas the CAC was mostly flat stack instructions. More of it, just faster execution in the case of the Strings and smaller numerical arrays.

So, in summary, nothing really conclusive but something I didn't expect with the integer operations. The gap between the two is there but only if the software product you're working on has performance constraints.

Mind you, all software has performance constraints to one extent or another :)

Welcome

Hi there.

I'm going to use this as a platform for review and analysis of the various techniques and technologies I encounter....Basically this is just a new kind of notepad.

I'm starting with a fairly broad range from a background steeped in Microsoft technologies, but touching on areas such as Linux, CAD, web technologies, social media [e-sociology] and performance issues.

Catch you later.