Tech News

June 19, 2012

CodeSherpas is looking for new talent

Just over 5 years ago we started CodeSherpas with a vision - the nature of software development is changing, and we wanted to be on the forefront of that change. Our jobs are many and varied - sometimes training and mentoring, sometimes augmenting existing staff, sometimes the project is ours and ours alone. Sometimes we work at home, sometimes on client-site. We bring the deep experience we have developed to bear on our client's projects, and have a strong reputation doing so.

The time has come for us to broaden ourselves; we are looking for a couple of passionate, self-motivated software engineers who want the opportunity to take their expertise to the next level. Are you interested in working for a company where your skillset is the product, and the company invests in it? Are you interested in working someplace where even the owners write code, and there are no 'pointy-haired bosses'? Are you interested in solving a variety of interesting technical problems? Have you been dabbling in recently emerged technologies and want the opportunity to use them full-time in mission-critical production applications?

We currently spend most of our time in a web-centric development stack. To us that means: Ruby, Java, Javascript, CSS, HTML5, JQuery, NodeJS, Backbone, MySQL, Redis, Linux, OSX, and so on. We also occasionally dabble in Objective C and Clojure, and see those technologies as crucial to the future. When we run a project we prefer 2 week iterations, constant feature delivery, and reflection on the work to improve ourselves. We know and love git. We like to publish, speak at conferences, record screencasts, and promote the local user group communities. If you think you can contribute to a team doing these things, we want to talk to you.

As consultants, our jobs tend to take us around the Northern Virginia and Washington DC area. Sometimes we work at home, sometimes in the Reston area, and sometimes in DC. We know commuting in the DC metro area is tough, we do it ourselves. Despite this, we strive to maintain a healthy work-life balance.

We're not looking for rock stars... we're looking for orchestra members. We're not looking for ninjas... we're looking for Sherpas. We do the technical heavy-lifting.

Does that sound interesting? Lets talk.

Posted by at 08:44 AM in Project Management, Rails, Ruby, Tech News, Web Development | | Comments (0) | TrackBack (0)

| | |

April 04, 2011

RubyNation 2011 is a Wrap

It is a lot of hard work putting on a conference like RubyNation; Three CodeSherpas are on the organization committee, out of a total of 7.  I'd like to thank Gray Herter for being a driving force behind this conference... it's his baby, and without him, there would be a gaping hole in the Ruby Community in the Northern Virginia/DC Metro area.  I'd also like to thank all of our sponsors.  Without them, this conference would still just be a dream.

Every year the conference gets better and better.  With a live event, there are always issues that have to be solved in real-time (like the programs being delivered late), and each year we hold a retrospective after the conference to figure out what we need to improve.  This year it seems like it was only minor things - nothing that couldn't be handled on the spot with our great staff of volunteers.

If you attended, I'd lke to remind you to please rate the talks you attended.  Nothing helps us improve the conference like real feedback.  If you didn't attend, you missed a great event; don't miss it next year!  Make sure to visit the RubyNation website early and often.  We'll have a signup for next year's announcements available soon.

Posted by at 11:44 AM in Events, Rails, Ruby, Tech News | | Comments (0) | TrackBack (0)

| | |

April 30, 2010

Massachusetts Data Security Law and Your Website

Let me preface this blog entry by saying that I'm not a lawyer, but I think if you read the references I'm pointing you to, you won't have to be to reach the same, logical conclusion. I am offering my own informed opinion regarding how a new Massachusetts law might affect the data security standards on websites you might manage. If you happen to be a lawyer with expertise in this area, I welcome your informed legal opinion as a blog comment.

There has been some FUD recently about a new law in Massachusetts: 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH. I think this law is a great example of something that should exist at a Federal level, but I'll save that editorial for another time. I want to correct some misperceptions I see appearing in the technical media.

The first piece of mis-information comes from this 'article' at SQL Server Magazine. That article specifically says "if you store personal information like first and last names of Masachusetts residents", runs through a sample calculation of losing a database of 1,000 names, calculates a nightmare fine of five million dollars, and then shows you a link to where you can find out tons of information about 'upgrading' to Microsoft SQL server. The article's very first point about 'first and last names' is completely false, and I'll prove it to you.

Second, the venerable nerd news site Slashdot has a story with a link to that very same article, along with a few hundred comments from industry leaders through pimply-faced 14-year-olds, and everyone in between, with conclusions ranging from 'don't worry about it' through 'possession of a phone book is now illegal'. Slashdot might be a great place to read about linux hacking, but is not a great place for legal advice.

I wanted to understand for real what this law might mean to my clients. After all, virtually every site we maintain with user accounts has data that could be construed as "personally identifiable information"... especially by the slashdot crowd. I wanted to make sure we comply. So I tried to read the text of the law directly from the Massachusetts Government Website.

I found something interesting: the text of this law doesn't read like some obscure tax code - it actually reads more like something I'm familiar with - requirements for implementing software. This law, at least the technical burden it would place on us, was very understandable.

The majority of my questions were answered right on page 2, under definitions:

Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Read that carefully - its not just the first and last name - it is the first and last name in combination with one or more of (a) Social Security Number, (b) one of several state-issued IDs, (c) one of several pieces of financial information. The combination is what leads to a violation, and that makes perfect sense.

Notice also there is an exemption for "information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public".

Clearly, this law isn't talking about "first and last names of Massachusetts residents" as the SQLServer article would have you believe. Surprise, surprise, an article in a magazine named after a commercial software product is more interested in selling you said commercial product than offering you legal advice. Clearly, phone books are not illegal in the state of Massachusetts. Again, I'm not a lawyer, but I don't think I need to be to reach that conclusion.

But how might it affect the design of a website for a client?

If you are a tech firm designing websites that financial information of the type covered by this law, than you should already be aware of the Payment Card Industry Data Security Standard. If you are, then the contents of this law shouldn't surprise you. If you aren't, then I hope a million dollar fine puts you out of business, because that would make our whole industry more secure.

Both this law and the PCI-DSS specify some pretty sane policies on everything from the encryption of data in the database through the physical security of the machines that store that data, and includes sane definitions on what constitutes a breach, and how this sensitive data should be stored, used, transmitted, and transferred. This new Massachusetts law specifies who has this duty under the law, and extends these sane policies for sites that store social security numbers and other state-issued IDs. That is a great thing, and is pretty easy for a good tech firm to do for you. An even better tech firm will ask you "are you sure you want to be collecting that stuff in the first place?"...

Other Salient Sections of the Law

There are two sections of this law that pertain to technologists rather than lawyers: 17.03: Duty to Protect and Standards for Protecting Personal Information outlines the policies and procedures you and your company should have in place to safeguard data, and 17.04: Computer System Security Requirements outlines the security mechanisms and acess restrictions that should be on your servers, such as the usage of user IDs and passwords, restricted access for administration, firewalls, virus scanning, and so on. These sections are written well enough to be an auditing template for your technical staff to follow. I'll take this opportunity to give our company a plug - if you'd like an independent opinion on how your compliance fares, give us a call.

Should this be a Model for the Nation?

Why do I think this could be a good starting point for a Federal law? First, because if I'm doing this properly for Massachusetts, it would actually be more work to not do it for every other state out there. Second, the law doesn't say anything about things like your passport ID number, a federal Tax ID number, or the like, probably because the State doesn't have jurisdiction over the Federal space. Third, I think I have proven above the exemptions for publically available data and the 'in combination with' clause make this a pretty rational law. And finally, with a Federal law, there won't be a million variants to support... and I'm sure several companies would come out with compliance and auditing services (like Sarbanes-Oxley), and I'll be able to prove our worth to a client by having the systems we design and implement sail through those with flying colors.

Posted by at 10:59 AM in Project Management, Tech News | | Comments (0) | TrackBack (0)

| | |

September 15, 2009

Dump IE6?

There's a debate raging on the Internet over the fate of Microsoft's eight-year-old browser, Internet Explorer 6. The essence of that fight is this: IE6 is a terrible, outdated browser; but many corporate and government IT departments still refuse to upgrade. Web developers are fighting to get IE6 dropped from the "supported browsers" list for their applications, and have launched a campaign here to try to convince IT managers of their cause.

The purpose of this post is not to choose a side, but to examine the question: "What should you do?" If you're creating a web application, should you include support for IE6? Or just consign it to the dustbin of history?

First, what makes IE6 so bad? Not all old things are intrinsically bad, after all. However IE6 is truly pretty awful, especially for web developers. It's non-compliant and breaks many standard pages. Here's a short video that explains it from the web developer's and project manager's perspective. The fact is, developing for IE6 DOES take a lot of extra work, since it sticks out like a sore thumb with its display problems (that even later versions of IE don't have). Multiply that extra work a few times: not just for development time, but setting up special development environments (remember, you can't really have more than one version of IE installed at a time without using virtual machines), test environments, and extra testing time.

Of course, maybe your app should run in IE6...maybe. A recent survey found that 70% of users of IE6 are still using it because their corporate IT department won't let them upgrade. So if that's your desired audience, then sure you need to support IE6.

Let's take a look at some numbers. W3schools.com publishes a good set of browser statistics by month, which you can see here. We can see that usage of IE6 reached an all-time high in November of 2003 (71.2%). Wow, that was a long time ago! Since then, the stats have wavered, but numbers for IE6 have generally continued to fall since then. In particular, let's look at the most recent numbers, for August, 2009:

IE6: 13.6%
IE7: 15.1%
IE8: 10.6%
Firefox: 47.4%
Chrome: 7.0%
Safari: 3.3%
Opera: 2.1%

Wow. First of all, the big winner in this list is obviously Firefox. At 47.4%, Firefox has more browser share than all versions of IE combined (39.3%). But even looking at the IE numbers on their own, IE7 has surpassed IE6; and IE8, which was only recently released, is already gaining on both of them. IE7 and IE8 combined account for approximately twice as many site visits as IE6. 

So, we can see that IE6, in general, has a very small market share of browsers in use on the modern web. One could probably safely discard support for IE6 without locking out very many potential users. And if you examine the audience for your application, this may make even more sense. For example, if you're creating a dating site, you probably don't have to worry too much about IE6 - a lot of IE6 users are on large corporate networks where they won't be allowed to access dating sites anyway! Instead, those users will wait until they get home, where they probably have Firefox or IE7 installed. As people upgrade hardware and their operating systems, too, IE6 will become even more marginalized. While it was the default browser installed with Windows XP, anyone running Windows Update regularly will have been automatically upgraded to IE7 by now, if not IE8; Vista did not include IE6, and Windows 7 most certainly will not.

It may be time to "dump IE6" after all.

Posted by at 09:25 AM in Tech News | | Comments (0) | TrackBack (0)

| | |

August 21, 2009

More Social Networking Ideas

When you have a small company, getting your name out there is important to your success and even survival. We've already talked about blogging, but here are some more social media/networking ideas to get your business onto people's monitors and minds:

Facebook: Once a closed social network primarily for college alumni, Facebook is now the leading social media site on the Internet. You can not only join as an individual (which you DEFINITELY should do), you can set up a page for your company, and then invite people to become fans. Facebook makes it simple to publish stories, photos, and links; and invite supporters to upcoming events.

Twitter: Probably one of the most misunderstood social networking tools available, and yet one of the fastest-growing. Sign your company up for an account, do a search on technology you're involved with, and follow a few interesting people. Then assign someone to update your company's Twitter status often - but not with "ads." Link to interesting articles or posts on your company's blog, sponsor contests, or search for and respond to complaints. Twitter lets people read and post from multiple platforms, web and mobile, and can be invaluable for raising your company's profile.

Flickr: Think this photo-sharing site is just for posting pictures of the baby for Grandma to coo over? Think again. Flickr has a robust and diverse community of users, who come together via pools, groups, and contacts. Set up your company's Flickr account and then post pictures from your last happy hour, company-sponsored training event, or conference. Is your company doing something really exciting? Take a picture and post it on Flickr!

YouTube: Yes, this is where you can find the dramatic hamster. But this video sharing site, like Flickr, also boasts a robust community of users who connect in multiple ways. Set up a channel for your company. If you give a dynamite talk or presentation, tape it and post it on YouTube. You can mark other videos you like as favorites, and share them via your channel.

The best thing about all of these social networks is the way that you can link them together. Facebook, Twitter, Flickr, YouTube, and your company's blog can all be interconnected and function together to help you connect with your target audience, and raise your online profile.

Bonus: a list of a few of the up-and-comers in social networking:

Vimeo - video sharing
Buzzfeed - viral web sharing
DeviantArt - artistic community
Last.fm - Internet radio and music community
LibraryThing - Social cataloging for book lovers
Yelp - User reviews and local searches 
 

Posted by at 06:15 PM in Tech News | | Comments (1) | TrackBack (0)

| | |

August 16, 2009

Does YOUR Company Need a Blog?

In the past few years, blogging has really become the almost-mainstream form of new media. Many people get their news from blogs and only blogs; blogs can foster a dynamic dialog between authors and readers; and blogs can move more quickly and agilely in presenting news and information than many traditional outlets. This is a very important distinction in an age when a news story can get started on Twitter or Facebook and be "all over" the internet before CNN has even prepared a package - remember that weekend of the disputed Iranian elections, and subsequent protests?

But let's be honest. Most small businesses don't need a blog in order to break earth-shattering stories and organize protest marches. But those businesses can use blogging to relate to their customers and prospective customers in an effective way. A blog can serve a purpose similar to the old press release, but with less overhead and less formality. A blog can also seem more genuine than a PR memo full of boilerplate language, and it should be more genuine.

On Brazen Careerist, LaTosha Johnson listed the three top reasons why, in her opinion, every business needs a blog:

1. People want to know the REAL you.
2. Share and exchange ideas.
3. Sense of community.

In reality, that's more like two reasons, because when you do share and exchange ideas, including an open commenting policy, it can only foster a sense of community among the readers of a blog, the authors, and the company that sponsors it.

SiteProNews has a great list of reasons why your company should be blogging - 10 reasons, in fact. Even though this particular article is two years old now, it's full of great ideas that are still very relevant. You can use your company blog to do so many things, for such a small investment of time, money, and technology: you can educate your customers, keep them updated on your progress, use it as a marketing tool, show off your employees' expertise, even offer coupons and discounts.

Blogging is a great idea for companies of all sizes, and a perfect way to connect with customers on many levels. Start small, just to try it, and you may be surprised at how valuable it can be for your business's image and web presence. 


Posted by at 10:58 AM in Tech News | | Comments (0) | TrackBack (0)

| | |

August 02, 2009

Microsoft/Yahoo vs. Google: Who Wins?

The tech world was abuzz this week with the news that the merger between Microsoft's and Yahoo's search operations is a go. How will this affect the search engine landscape? Who will benefit, and who will end up losing?

There's no question that Google is currently the search powerhouse in all the world. Estimates of Google's market share in the US range from 60 to 70%; they're estimated to enjoy a 90% share in the UK and other markets outside the US. There are two ways to look at the leftovers: either Microsoft (10%) and Yahoo (20%) will benefit by joining forces; or Google will get even stronger with effectively one less competitor to worry about. Noted tech blogger John Dvorak believes the latter and points out that the market agrees with him (Google's stock is up, while Microsoft's and Yahoo's are both down).

As far as Microsoft's new Bing search engine, opinions vary. Britain's Channel 4 calls it "critically acclaimed," while Dvorak is less flattering, saying:

"Let's get one thing straight: For a search engine to be successful against Google, it has to show noteworthy superiority. Bing actually shows no superiority whatsoever."

He also points out that "Microsoft seems to think that by making the results prettier, people will want to use the system more." Google's success would certainly seem to belie that strategy - it's the number one search engine in the world, and the results aren't "pretty" by any stretch of the imagination.

And what does Yahoo bring to the deal? They've fumbled in recent years by not taking advantage of opportunities and mishandling previous business deals and potential mergers. Yahoo could certainly use some help, but Bing may not be the help it needs. Writing on Forbes.com, Mike Masnick calls Yahoo's deal with Microsoft "misguided." He says that Yahoo decided to switch their strategy from portals to search around 2002, and started buying up competitors then. In essence, they've been churning for seven years, focusing on the wrong things (market share instead of relevance) and turning over their search backend to Microsoft isn't going to help them now. As Masnick notes, "for most people, Google is good enough. The battle is over in search."

In summary, it appears that while the merger between Microsoft and Yahoo might not hurt either of them, it's not going to hurt Google anytime soon either. Unless the new Bing-powered Yahoo search comes up with something new that users just have to have (or a marketing plan that convinces them they do), Google will continue to be the powerhouse in search, giving them time and money to continue expanding the Google empire into all sorts of online, computing-in-the-cloud services.

Posted by at 01:06 AM in Tech News | | Comments (0) | TrackBack (0)

| | |