The Curious Programmer

Software, Gadgets, Books, and All Things Geek

How and Why Companies are Hacked — October 30, 2015

How and Why Companies are Hacked

Anthem, Sony, Home Depot, Dairy Queen, Kmart…What do all of these companies have in common?

They were hacked and lost millions!

It seems like not a day goes by anymore where you don’t hear about another company that has had its private data compromised by an individual — a hacker, as some people refer to them as.

Every year these “hackers” steal more and more private and sensitive information. And whose fault is that? Honestly, most of the time the fault comes down to bad programming.

Why, even with all of the reports in the news, are we still not doing our customers right by protecting their data instead of neglecting security and focusing only on profits?

I believe this comes down to many people (usually higher up management), being down right ignorant and not understanding what or who to look for when hiring developers and/or designing an application that will contain sensitive information.

The money is always there to hire a developer to get the startup started, or to develop a new flagship product, but what many people don’t understand is that it is easy to build a great product that makes a ton of money that is completely insecure. This would be like building the most luxurious house and showing off all of your money, but deciding not to pay for locks on your doors!

You are just asking for someone to steal something from you. And they will. They probably already have. A lot of the time when people are hacked they don’t even know about it. It’s not like a red light goes off and says

“All your data is currently being stolen. Please look into this.”

No, usually it’s only after its much too late and you’ve already lost everything, and now you are about to get sued on top of not having a dime to your name anymore.

So what should you take from this? Hire good security developers! Hire good penetrations testers (hackers)! They will save you so much more money than they will cost you.

It would be nice if the same person that developed the application was also an expert in security. I think most managers assume that when they hire an “application developer” that they must also be an expert in security.

I’m sorry but that is just not the case. Take it from me, someone who has worked with many application developers and a few great security developers. Sure, many application developers are familiar with security principles, and situations they know they have to look out for. However, this by no means makes them an expert, and they should not be the ones you are entrusting with your multi-million dollar business. A security expert is also not an application expert. If you hire them to develop your application you may be using a unsorted array as your data structure when you really need a self-balancing binary search tree to do your searching. Customers aren’t going to be happy when searching for something takes hours.

To give you an analogy, say you needed emergency brain surgery because a blood vessel busted in your occipital lobe. The neurosurgeon will likely have to perform an endovascular embolization. This process involves packing the aneurysm with a substance (for example, soft coil or mesh) that fills the stretched and bulging section of the blood vessel. This helps seal off the aneurysm and reduces the risk of the aneurysm leaking blood or rupturing. The doctor uses X-rays to identify the aneurysm and to put the substance in the aneurysm.

The success of this procedural is directly proportional to the skill of the neurosurgeon. My point is that even for a skilled specialist, this is very hard to perform perfectly.  You wouldn’t want your heart surgeon attempting it just because they are also a surgeon.

We all need to have to same mindset when developing system/web applications. Believe it or not, system/web security is just as complex and requires just as skilled of a specialist to perform correctly. Don’t skimp on your security! This is a complex and crucial part of your business and it involves individuals lively hood (all of their money), just like surgery.

Hiring great security professionals is not always the most glamorous thing to do. They won’t improve your web traffic by 1000%. They won’t make your application run smoothly. They won’t make your application do anything really. But they will save you from losing everything, prevent you from going to jail and life from ending, just like the brain surgeon did when you decided to go with him instead of the heart doctor.

Thanks for reading and if you enjoyed this post please share it or like it! I have more post like this at jasonroell.com. Subscribe and never miss a post.

How to Keep Your Skills Current as a Developer — October 27, 2015

How to Keep Your Skills Current as a Developer

Being a developer is a lot of fun. When people ask me why I love doing it so much, I usually don’t have just one answer for them. However, one answer I give often draws a few funny looks from the questioner.

I love it because everyday I learn something that I didn’t know the day before.

Usually this is met with a question about why I would enjoy not fully knowing about everything in my domain, and the usual –

Isn’t it frustrating having to learn all the new technologies that are released every month?”

To which I respond to with a resounding “NO! That’s the fun part!”.

Maybe being a developer isn’t for everyone. To me, when a new technology is released, I am exited. What problem will this new technology solve?! I usually quickly download it, read a some of the documentations on it, and decide if this could help me or the project I am working on in any way.

If you are someone that likes to keep the status quo, then being a developer probably isn’t in the cards for you. Technology changes faster than celebrity breakups in Hollywood. One day you will be building a native Windows application and your boss will come in and say

“We are scraping the Windows application. AngularJS and The Web are the new rave!”.

To many people, this can be very frustrating. I’ve been on teams when developers have gotten really pissed off because they feel like they did a ton of work on the previous application for nothing. It’s being thrown in the trash and now they have to learn all the new fancy web technologies. It can be very hard for some people that have gotten attached, or built a career from a certain technology. The people that don’t want to move on will usually have to start finding work as a developer supporting legacy systems (nothing wrong with that! We need these developers!).

However, for me and other developers like me, we like this change of pace. I don’t ever look at my past work as a waste of time when we move on to a new project or a new technology. It was fun to build it and it served its purpose until the business needed something else. Usually by the time we are going to implement a new technology, I am excited and willing to move on and learn the newest techniques that are spreading through the development domain. I say “Let’s do it!”. I would be bored staying with one technology my entire career.

I think one of the main reasons some developers don’t like switching to a new technology is because they know they will have a lot to learn to effectively develop an efficient solution using the new platform. A lot of people aren’t sure how to get ramped up or even stay up to date with the newest developments in software development. They say

Jason, how do you stay current with all the new tech???!!

And I will tell them I can’t, at least not all of it anyway. I’m not sure if anyone really can. However, there are a lot of ways you can stay very current even if you are not familiar with the latest library that gets released each week.

I have developed a learning strategy that has helped me stay up to date with the latest technologies. I will admit that it is not always easy but is usually always exciting.

The web really is a funny thing. Back in the day, reading a few websites was all you needed to do to stay current and up to date with the latest ‘dev’ news. Then times started changing and blogs and podcasts came in and were all the rage. Soon enough, we were following people on Twitter, or looking at their photographs on Instagram (ok, maybe that last one isn’t the most educational resource).

The point is that the web offers up all kinds of resources for learning. If you prefer reading, the web has that covered. Looking for audio content? Then that is also easy to find. For those you in need of a visual medium, well, there is a plethora of choices for video content across the web, many of which are housed  on YouTube. Check out some of the free resources listed below:

Google Developer Products

http://www.youtube.com/user/GoogleDevelopers

Channel’s Pitch: “Talks, screencasts, interviews, and more relevant to Google’s developer products.”

General Technology and Web Videos

http://www.youtube.com/user/OreillyMedia

Channel’s Pitch: “O’Reilly Media spreads the knowledge of technology innovators through its books, online services, magazines, and conferences.”

Web Development Advice and Tutorials

http://www.youtube.com/mlwebco

Channel’s Pitch: “My name is Michael Locke, instructor, designer, brand developer and creative leader specializing in all areas of the web. I have over 15 years of web design experience with high proficiency in front-end web development (XHTML/CSS), UI/UX design, brand development, internet marketing, social media marketing, video marketing, photography, SEO concepts and traditional print design among other things.”

Photoshop, Illustrator, CSS, and HTML Tutorials

http://www.youtube.com/pfltuts

Channel’s Pitch: “We started PixelForLife.com in late 2008 in hopes of reaching those who want to learn Photoshop, web design and other media related softwares.”

Podcasts

Podcasts are a great way to stay up to date as well. You can listen to them on your commute to work and stay updated on the latest trends. Some that I like are: .NetRocks, HanselMinutes, and Software Engineering Radio.

Learn by Doing Platforms

Many times the best way to learn is by doing. If you just want to jump into the code and get your hands dirty, some of these sites will let you do just that (some of the lessons are more beginner focused, but sometimes that is best when you are learning a completely new technology). They are: https://www.codecademy.com, code.orgwww.codeschool.com

One Last Thing

The last thing that has helped me to learn these new technologies fast is by building a strong foundation on Computer Science, Software Development, and Coding principles. For me these are best taught by an in-depth book on the subject. Taking some time to build a strong foundation on the fundamentals will save time in the end because you will be able to relate a new technology to which core fundamentals they are trying to address. For a list of all the books I think every software developer should read, visit this article.

And that’s it! That’s how I stay up to date. How about you? do you have any strategies for learning new technologies or any sites that you used to learn? If so please list them in the comments!!

If you liked this post, please subscribe to my blog at JasonRoell.com or share it with your friends…Have a great day!

What Makes a Good Tech Lead? — October 13, 2015

What Makes a Good Tech Lead?

Every team needs a great leader. That is especially true for software teams. Between fighting back bugs, developing awesome new features, and rushing to meet deadlines, team members need someone to turn to that they can count on. But who? What skills and what responsibilities fall under the technical team lead position?

Over the course of my career I have had some really great team leaders. I’ve also had some that weren’t as great. The inspiration for this article came to me when I was trying to determine what made the “greats” so amazing to work for? What skills and responsibilities did these developers have that set them apart from other really good developers that just weren’t great technical team leads?

I’ve developed a list of skills and responsibilities that I believe to be essential for a tech lead to have if they are going to be successful. They should posses almost all of these skills and be comfortable, willing, and able to handle the listed responsibilities.

A Map of Technical Team Leader’s Core Responsibilities

The fact is a technical team lead (which I will now refer to as TTL to avoid the extra half second of typing) balances several key responsibilities, outlined in the following mind map:

Team Support

Of course the first and most important responsibility is team support. A TTL can motivate the team, has the ability and art of facilitating team activities, and can organize team work into a process oriented manner. People should want to work with this person. This is the guy/gal that makes your (the rest of the team) life easier. Everyone occasionally needs to be recognized when they do something right, but the team also needs to be helped to stay motivated on something that may have become very difficult, political, or has just been going on too long. Thanks tech lead!

Technical Excellence

Second, a TTL is responsible for nurturing/enforcing and monitoring the product technical excellence and high quality. More specifically, a TTL is responsible for ensuring this is realized by the whole team. In other words, if the TTL developed an excellent product by himself while the team is doing nothing, then he is still failing in this regard.

Innovation

Third, a TTL should sponsor innovation in the team work. This is different from technical excellence. It is related to the team spirit and desire to experiment and try new things and unconventional solutions. This is also different for problem solving, because you can solve a problem in a dumb way!

List of Technical Team Leader’s Core Skill set

  • The ability to mentor staff members at all level of seniority, from someone who has been out of uni for 3 months to a person who has been programming for 30 years
  • How to deal with people problems with your team members
  • A good knowledge of your development domain. This includes: languages, frameworks, utilities, development environments
  • A solid understanding of issue management systems, project management skills and version control
  • Be the go-to bug killer
  • Know how to conduct timely code reviews, what to look for and how to minimize the amount of time they take to hold and for the changes to be made
  • How to write unit tests and mocks, and to get your developers to write them too
  • Knowledge of what design patterns are and when to use them
  • Knowledge of what code smells are and how to mitigate them
  • Continuous integration
  • The ability to plan projects and releases
  • The ability to componentize your projects and break it into functional parts
  • A thorough understanding of security, including the correct way of handling passwords, separating systems, securing data, etc.
  • Managing business directives/goals and converting relevant ones to information for your developers
  • The ability to estimate the time for programmers of varying skills
  • The ability to allocate tasks to the correct developers based on their skills and abilities

Finally, you need to realize that your teammates are not your developers. I’ve often heard technical leads say things like “yeah, my developers…” or “my guys … “. No. They are your teammates, no matter what your role in the team is. Having a leadership role does not mean you are the boss of your teammates or that you can boss them around. If anything, it destroys morale and the results of your team will suffer tremendously from it.

And that’s my list… did i miss anything? Tell me in the comments!!

If you liked this post, I have many more at JasonRoell.com. Subscribe and never miss a post! Thanks for reading!