Random emails from recruiters we don’t know – we’ve all gotten them at one point or another, but does anyone ever respond to these?
I just got this email. Names removed to protect… why am I protecting them? Nah – names aren’t that important.
Dear Consultant,
This is an excellent opportunity to join a winning team. Take your career to the next level and turn your interest into action. Apply Now! The only way to learn more is by taking the next step.Job Title : PHP/ MYSQL Developer
Location : Washington DC
Duration : 6+ Months
Rate : $45/Hr on C2CProcess: Goal is a phone screen followed by a 16 hour guarantee
You had me at “dear consultant”. I have a feeling that $45/hr in DC isn’t really all that hot of a rate. They don’t seem to do any filtering at all – this certainly isn’t taking my career to any level I haven’t already been at.
Role: The new CTO inherited a Content Management System that is one of the products they sell. He has his team focused on enhancement and new architecture, but he needs someone to come in and fix/ troubleshoot the bugs of the old system.
So… they’ve got a mess on their hands, and the “CTO” needs a digital janitor. For $45/hour. Even though the existing team probably actually understands the current product/system/business much more than a green outsider would… somehow there’s enough of a need to fix bugs, and spending money on someone to ramp up from ground zero to learn the business and fix bugs is a better use of time than having the current people (who, let’s face it, probably *wrote* the damn bugs in the first place) fix the code.
Skills needed:
- PHP/MySQL
- Heavy troubleshooting/ de-bugging
- Shell Scripting
- Expression Engine v 1
http://expressionengine.com/
He really wants this because it is what it is built on
Sounds as good a reason as any, right?
This person needs to be able to work independently. Clearly this is not the most exciting work, but they have the ability to join a really cool team and do cool stuff if they do well.
So… they know it’s crap work, and if I agree to do a bunch of crap work, I may be able to join a really cool team (apparently too cool to maintain their own crap code). And if you do crap stuff well, apparently you’re good enough to do ‘cool’ stuff in the future (and then pass off your own crap code to another newbie 6 months from now).
Really – does ANYONE ever respond to these random recruiter emails?
UPDATE – I just got the same email from someone at a different company, except they didn’t have the editorial about “we know it’s not exciting work”. As corny as that was, it was actually a small spark of real humanity coming through.
I also know the job market is really hot for IT, and remember the dark days of 7-8 years ago when things were tougher. These same emails probably worked far more effectively than they do today, but they must still work *some* otherwise they wouldn’t be sent out like this, right?
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
indieconf – conference for web freelancers – november 19
indieconf – the conference for independent web professionals – is fast approaching. This year indieconf is on Saturday, November 19, in Raleigh, NC, and it will be a full day of learning from and networking with other freelance and independent web people. Designers, developers and everyone in between are welcome to join us!
This year sees some new speakers joining us – Michael Marshall, Laura Creekmore, Pepper Oldziey just to name a few, and some of our friends from year one are back for year two, including Patrick O’Keefe, Doug Foster, Neil Tortorella and many more.
We’ve got a couple more surprises to the schedule which aren’t announced yet, but don’t let that stop you from registering now. 
So… what is indieconf? Some of you readers from last year may remember, but for those of you who don’t, here’s the quick backstory.
I’ve been a freelance web guy for the past 4 years, and I love tech conferences. However, I got discouraged after going to some great conferences, but realizing that most of the info there didn’t really help me all that much. Learning about new tech was great fun, but what I really needed was to understand how to write up better contracts, land better clients, deal with collections, and so on. Now, there’s a lot of business networking groups that help deal with many of these issues, but most of those people there aren’t web people – they don’t know javascript from java – and I just never felt like I was making the most of those events.
From that frustration, indieconf was born as a conference that brings together web freelancers (programmers, designer, writers, etc.) who primarily work on the web ( you know who you are!) together with experts in legal, financial, accounting, marketing and business who *also* understood the web and worked with freelancers. The combination last year was pretty good, and this year we’re looking to make it even better, based on learning from your feedback.
What are you waiting for? Register today or learn more at indieconf.com.
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
virus scanning as a service – looking for feedback
I’m looking for feedback on a project idea. This grew out of a project I did last year that involved a lot of user file uploads that are then downloadable by others. Virus scanning needed to be part of the process, but I couldn’t find a good service out that that offered this. I did find one, but they explicitly forbid commercial use of the service, which somewhat took it of the table.
So.. feedback please. Have you ever needed a service like this? Did you just roll your own, or perhaps just went without?
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
mind blowing security practice
Yeah, you read that right.
Kids, don’t try this sort of security in your own web apps. This is reserved for high-end financial institutions only.
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
indieconf 2011 call for presenters
Our indieconf 2011 call for presenters is open.
indieconf is the conference for independent web professionals – whether you’re a developer, designer or someone in between, if you’re an independent freelancer or small agency, indieconf is for you.
What are we looking for? Topics of direct or indirect interest to web freelancers – mobile development, server side tech, client side tech, workflow issues, client management topics, financial issues, legal issues, marketing, SEO and more!
indieconf will be held in Raleigh, NC on November 19, and we’ve got an early bird special of $99/ticket going on right now – get your ticket today!
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
When Google controls the internet…
I’m not a google fanboy (although I do use a lot of gmail and picasa some) – I’m also more than a bit wary about the amount of info they control and manage about me and others. That said, I was reading up on SPDY this morning, and a curious thought struck me.
For those of you old enough to remember the late 90s and the ‘browser wars’, IE was becoming the dominant browser. I remember hearing a rumor that IE was given preferential treatment with IIS servers – meaning that if you used IE against an IIS server, you’d have a faster experience, and that connections from Netscape and others were intentionally throttled down. Again, just a rumor, and not one I could ever confirm. Even if it was *true*, in hindsight, my guess is that it probably wouldn’t have been intentional. Or, to whatever extent it was intentional, it would be from lack of testing (or caring about testing) against non IE browsers. That may be wishful rose-colored thinking on my part, but it’s all in the past now.
Google’s Chrome has been on an upswing the past year or so. It became my default browser for about a year, although I’m using Firefox 4 more often these days. Google’s been experimenting with SPDY – a new protocol intended to augment HTTP. That’s the benign pronouncement – it wouldn’t surprise me if they really would like it to supplant HTTP altogether, but I suspect that won’t ever happen 100%. The SPDY spec has a number of interesting improvements -
- X-header ‘hints’ to tell the client other related resources (to avoid having to parse the entire document first)
- HTTP Header compression – I think I tweeted this some time ago, but this thought hit me last year. Many HTTP header calls are moderately big, and many pages have dozens or hundreds of these. SPDY reduces HTTP headers by ~80%, which can make for a marked improvement on many larger pages.
- Request prioritization – allows the client to indicate which resources should be loaded first
and many more. (See the link above for more info).
The interesting thing to me was the difference between when MS owned the client and server experience (for sites that mattered to me) and now that Google does (for sites that matter to me). MS seemed to go for more lock-in – pushing ActiveX as a browser technology, pushing IIS as the server of choice, etc. Google, on the other hand, investigates, tests, and promotes new technology to reduce load times and HTTP overhead for the whole internet.
Granted, right now, the only company using SPDY is Google, but they’ve published their protocol and research, and I wouldn’t be surprised to see some mainstream webservers support SPDY in the next year or so. If Firefox and/or Safari also support SPDY, we’ll see some radical speed changes which will benefit the entire internet in the form of faster sites. In MS’ favor, I will point out that the beginnings of what became AJAX originated in IE5, and AJAX has been a game changer for the web industry certainly. It’s just a bit sad that it seemed to happen in spite of MS rather than them proactively promoting an IE tech as a cross-platform solution.
One wonders if MS would even be able to pull off something like SPDY today. 10 years ago they *could* have, but didn’t seem to have the foresight or inclination to do so.
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
JavaScript library Open Source Awards announced
I had the pleasure of participating in the Packt Publishing Open Source Awards for JavaScript Libraries recently, and they just announced the winner: jQuery. I don’t normally republish entire press releases, but here’s the bulk of their release today.
Packt Publishing is pleased to announce that jQuery has won the inaugural Open Source JavaScript Libraries Award category in the 2010 Open Source Awards. The Award is a new category introduced to the Open Source Awards this year, featuring libraries of pre-written JavaScript controls which allow for easier development of RIAs (Rich Internet Applications), visually enhanced applications or smoother server-side JavaScript functionalities.“On behalf of the entire jQuery Team, let me first say thanks to Packt Publishing for this award. I’d also like to give a huge thanks to the community of designers and developers that use jQuery daily and felt the urge to vote for jQuery as their favorite JavaScript library. We’ll use this prize to further the development of the jQuery Project.” Said Ralph Whitbeck, jQuery core team member.“While jQuery hasn’t undergone any radical change in the past year, the project has continued to evolve at the same frenetic pace and the 1.4 release included a wide range of small but important improvements.” Added Michael Mahemoff, Google developer advocate, HTML5/JavaScript specialist and one of the judges for the 2010 Open Source JavaScript Libraries category. “jQuery covers all bases as its performance is high priority, it is easy to use, has a huge community, great documentation, and an excellent plugin ecosystem.”While jQuery occupied the top spot in the 2010 Open Source JavaScript Libraries category, the other two extremely popular finalists Raphaël and Mootools tied and both projects will be awarded the first runner up position.
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
New indieconf speaker – Doug Foster
We’re pleased to announce Doug Foster joining our lineup of presenters at this year’s indieconf.
Doug Foster
As an Idea Mechanic, Doug Foster helps people sell. He is an imaginative strategist, conversational storyteller, demonstration engineer, experience architect, and customer advocate. “Convince Me!” – his unique approach to selling and customer education – helps individuals or companies sell their products, services, and points-of-view.
In his 30 year career, Doug has been successful as an engineer, manager, vice president, board director, international liaison, and entrepreneur. He has worked in sales, marketing, manufacturing, information technology, telecommunications, engineering, systems quality, and IP management. Doug is also an expert in the area of Internet voice, video, and data convergence. With John Deere, he helped transform a worldwide SNA network into a multi-protocol Intranet. At Cisco Systems, he served as one of the company’s original Video and Voice Over IP consulting engineers. Doug holds a BSME from Iowa State University with postgraduate work in numerical calculations at the University of Iowa.
Doug’s session is titled “Convince Me! Why should I buy what you’re selling”
“Everyone sells, even you. Learn a simple, easy way to sell by thinking like a buyer, not a seller. Every sales cycle has four phases, but learn why the second one – educating your buyer – can make or break the deal. I’ll teach you the 5 step CM!™ process, set you up with a toolbox full of ideas, and get you started on how to become a convincing expert.”
Register for indieconf today at http://indieconf.com/register
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
Authorization by social graph
I’ve been kicking around an idea for a while now, discussed with some friends, but don’t have time to implement this just yet. I may use this at the core of a project early next year, but I wanted to get the main idea out there now. Perhaps others are already doing this, but I haven’t seen it anywhere (yet?).
Currently, many apps tie in with twitter/facebook/etc for authentication – a third party openid server indicates to the original app that you are who you say you are. In some cases, there’s even a degree of sharing of data or allowing of control of a remote app (posting tweets via oauth, updating facebook wall, etc). What I’ve not seen yet is something which allows for collaboration, with degrees of permissions defined by relations in your personal social graph.
For example, consider google docs. Rather than inviting and granting permission on specific docs to specific people, allowing anyone who is following me on Google Buzz or FriendFeed to have read access to my document would be useful. Take that a step further – anyone who I’m following back – a two-way relationship – would automatically have read *and* write permissions on that document.
This is a somewhat simplified example, but the notion of permissions being automatically granted/revoked based on position and status in my social graph seems relatively unique (if also a probably rather obvious evolution in the coming near term).
Are there examples of this behaviour out there already I’m not seeing?
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
asp.net oracle padding flaw – question?
By now many of you have heard of the ASP.NET Oracle Padding Flaw. There’s a number of posted workarounds, and MS will be issuing a patch soon to fix things.
From threatpost.com:
The problem lies in the way that ASP.NET, Microsoft’s popular Web framework, implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions. A common mistake is to assume that encryption protects the cookies from tampering so that if any data in the cookie is modified, the cookie will not decrypt correctly. However, there are a lot of ways to make mistakes in crypto implementations, and when crypto breaks, it usually breaks badly.
The issue here seems to be that there’s *anything* of value stored in the cookie beyond a generic token. This really does seem to be the case though. Watching the DNN exploit, it looks like the fact that someone is a superuser is encoded in the cookie value itself. This would seem to be an architectural flaw in DNN, but I get the feeling that most ASP.NET apps were/are trusting of the encyrption mechanism to hide whatever data they’re sending down in cookies. This seems to be a more fundamental flaw in design than any AES algorithm MS may have had an issue with.
I’m reminded of a company I worked for years ago which kept track of sessions by incrementing a counter in a DB, grabbing that counter, encrypting it, then using that value as the value in the cookie. This was thought of as ‘secure’ because encryption was being used. I tried to argue for random values as the cookie token, but was told that ‘random isn’t really random’. I pointed out that dozens of people (who no longer worked there) had access to the encryption key, and once I knew how to decrypt one token – which would give me a value, of, say 4554678, changing the value to 4554672 then reencrypting would be trivial and allow me to impersonate other users on the system. My concerns were dismissed because I wasn’t a ‘senior’ engineer, apparently I didn’t understand Java or cryptography enough to understand their level of sophistication. After all, ‘random isn’t really random’.
This approach of putting sensitive data in a cookie, then encrypting it, seems to be alive and well, and that scares me. But I have no real good way of opting out of such sites.
So my question (yes I had one) is… is my understanding of what ASP.NET apps are doing that make this flaw so dangerous an accurate understanding? Or have I missed something?
I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!
- Get better clients!
- Make more money!
- Avoid costly mistakes!
