Recruiters’ missed opportunity

I’ve been looking in to the recruiting industry a little bit recently; specifically, the tech field.  I’m going to suspect that my observations hold true for the wider industry.

Having recently built a job application tracking system (still in early stages, but it’s working for the first level of functionality), I started looking at the emails that I get from recruiters.  Many are obvious form letters, some are a bit more handcrafted.  Many are sent via larger systems – I’m assuming prospect management systems of some sort.  I’m still trying to figure out who the players are, if any, that I can recognize in my emails – maxhire.net is the only one I’ve seen repeatedly.

I was actually more than a little surprised that none of the emails I’ve received have any sort of tracking/analytics code in them.  I’m getting full HTML emails – with extremely bloated HTML to boot, but no tracking whatsoever.  No, I take that back – the ‘opt out’ link is encoded and is tied to me somehow.  So… they know if I opt out of ever getting anything from them again, but they don’t know if I got the mail, did I open it, did I view their website because of it.  All the things you’d think they’d want to know – what subject lines work best, etc.  This seems to be totally missing from the recruiter practices that I’ve seen.  I’m not suggesting it doesn’t happen at all, but I’ve not seen it in the mails I’ve received.  You’d think that having statistics about which types of mails are more likely to be opened would be golden, but maybe not.  Maybe there’s such a ‘fire and forget’ mentality that there’s simply no real incentive?

Why is this?  It’s not that hard to do.  And, honestly, it’s never struck me that the majority of the (tech) recruiting industry is all that concerned about their long term image (I’m speaking as a whole – I know individuals who are great, but the practices of the many often tar the whole industry with a bad brush).

Thoughts?

Looking for feedback on job tracking service – appliedto.com

The title says it all – if you are job hunting, or freelance gig hunting, please checkout appliedto.com, and send me some feedback.  This is something I’d meant to build for myself about 8 years ago, and didn’t, and got the urge recently to do this, integrated with gmail.  I added yahoo mail so it wasn’t a gmail-only service, and I may rant about the convolutions of oauth at a later date for fun.

You will notice that the system asks for broad permissins – essentially, you’ll be giving this app unlimited read/write permissions on your gmail or ymail account.  I can’t say how sorry this makes me – neither service give a limited “send-only” or “send X emails” permission – it’s all or nothing.  That said, the code only sends emails you direct it to, so try to not worry too much.   As an added bonus, you should be asked to re-auth often – we don’t get long-lived auth tokens, from what I recall.

So… if you’ve made it this far, what does appliedto do?  Think of it like a CRM for your job search.  Add info about a job that you’re applying for, keep notes for yourself, and send emails (via appliedto directly through your webmail account, hence the need for permissions).  We’ll track which emails were opened and which links were clicked, and how many times, and report on that for you.  I’ll be adding the ability to upload and manage multiple resume files to send along with your emails, and the ability to track downloads/views on those as well.

Other features you’d like to see?  Let me know.  Now… go check out the first version.

Google’s brain teasers don’t work – or so they say

A recent announcement confirms what some of us suspected a while back: brain teaser questions don’t really size up a job applicant very well.  In fact, “We found brainteaser questions a complete waste of time“.

So… brainteaser questions are a waste of time.  Google’s rep went on to say that GPA and test scores were a waste of time (and only requested now for recent graduates).  So what do they claim is the best indicator of an applicant’s potential?  Asking candidates how they solved a difficult real world problem.  Actually, more to the point,

.. this has the added benefit of showing the interviewer what the candidate considers to be a difficult analytical problem “rather than having each interviewer just make stuff up,” says Bock.

As intuitive as it sounds, especially for those of us who’ve been on the receiving end of stupid brainteasers and interviewers ‘just making stuff up’, is it true?

Call me cynical, but why should we trust Google?  They’re in a massive war for talent, and it may very well be that something else works pretty well for them in hiring – are they going to divulge that secret sauce?  I would not be one bit surprised if this is some strategic disinformation meant to cause dozens/hundreds of second and third tier companies to abandon their hiring practices and chase the latest Google bandwagon.

“You’re just being cynical! Of course it’s obvious that asking candidates to describe their past work achievements and how they solved difficult problems is the best way to hire!”  Well, yes, of course, but I was saying that 5 and 10 years ago, but that wasn’t the way the world saw things.  Large (and small) companies jumped on the Google/Microsoft fadwagon, and jumped applicants through hoops that even the hiring managers didn’t always quite understand.  So now we’re being told “no, that doesn’t work, this other approach is better!”.  Well.. it might be, for Google.  Or it might not be.  It’s in Google’s interest to hire the best workers for Google, not to tell everyone else how to hire.  It’s actually in their best interest to have weaker candidates working for competitors, and if they follow this advice, that’s what might happen.

Yes, a common rubric to measure all candidates against is probably an optimal balance.  There are likely many companies that aren’t sophisticated enough (or have the resources) to enact this policy, so in some sense, it doesn’t matter too much if they ‘give away the secrets’.  But many of their competitors for talent do have the resources to follow suit.  And they may be hoping that competitors do just that.

Small catch up

So… I didn’t write much since April.  I took a bit of time off and went to Russia (some pics here – more to come later), and have been finishing up some contracts in May/June, and am now looking for the next thing to sink my teeth in to, so to speak (ping me if you’ve got an interesting project you think I might be a fit for).

We’ve got an interesting talk on PHP’s Composer project slated for our next PHP user group in Raleigh with our very own Jason Grimes – definitely looking forward to this one (come on out if you’re anywhere near the area!)  If you don’t follow Jason already, get to it – he’s got a lot of useful stuff on his blog.

The indieconf conference for web freelancers is coming again this year – still nailing down a date – but the call for presenters is open right now – submit your proposal to present if you’re interested in joining us this year!

It’s hard to believe 2013 is almost half over already!!!

Two way RSS reader?

Been a while since I’ve posted – have migrated some of my recent thinking to Google Plus, but am not sure that’s necessarily a good thing.   It’s great to discover and interact with new people/ideas there, but … you tend to lose yourself over there (both your identity, but also in the sense of getting lost in so much ‘stuff’).

I’ve had an idea for a while about a google+ type aggregator, but only something that aggregates blog owners’ info.  Comments posted there would be posted back to the original blog as well (and blog comments would be seen in the aggregator), but the content would still be housed directly on the individual blog engines.  Would this be useful?

Feels to me like it would be – there are still people that foreswear google+, and other people that foreswear any major social network.  By keeping your content on your blog directly, people can engage with it that way if they choose to, but people who want to consume via an aggregator can do so too.

Thinking about it more, it would almost be like a two-way RSS reader – no, just “two way RSS” – my blog subscribes to the activity from the aggregator, and the aggregator subscribes to the activity from my blog.  I remember reading about Ray Ozzie’s “Two Way RSS” (SSE) back in late 2005 and getting excited, but then nothing coming of it.  This is not (consciously?) where I was inspired from – in fact, I never remember seeing an actual implementation, but the phrase has been in my head for a while, and perhaps this idea is the latest manifestation?

 

Solution to Detroit’s current problems

Detroit’s been having a tough time of things over the past couple of decades.  Industry closing, people leaving, rotting infrastructure, etc.  They’ve even been taken over by an emergency manager appointed by the state.  The problems are legion, the proposed solutions are all over the place.  My humble proposal is short, and to the point.

A state tax holiday for people living in Detroit.

The specifics may be a bit up for debate (5 years?  10 years?) but at the core of Detroit’s problems is a lack of people, and specifically a lack of young people earning money.  People don’t move *to* Detroit – they move to the suburbs.  Why?  Lower crime may be one reason, but typically the issue is jobs and lower taxes.  You have to pay a city income tax to live in Detroit, on top of state taxes, and federal taxes.  The state has a big interest in getting Detroit in the right direction – instead of being a resource drain.  So… the state should give a tax holiday to anyone living in Detroit for, say, 5 or 10 years.

There are people who would move in to the Detroit city limits immediately to save a thousands of dollars in state income tax.  Detroit would get income tax from those people to help fund the city improvements that are needed for those areas.  The state would lose revenue from those people, but would, over the long haul, be required to spend less to sort out Detroit’s problems and prop them up when necessary – the residents themselves would be doing so.

More people moving to Detroit in the short term would probably mean more commuting – people may drive to Royal Oak or Ferndale for their jobs, but live in Detroit for the tax savings.  But over time, more people living in the Detroit city limits would mean more demand for businesses and jobs to locate in those borders as well.

Why should *businesses* get tax abatements and deals to move in to Detroit (or any city) but not residents?  Detroit needs more residents than it does businesses.  The more residents that it has, the more businesses will follow to serve those residents.  An extra 50,000 people living in an area of Detroit should be enough to get some Kroger stores to open up to serve those residents, right?

Yes, this is overly simplistic, but it’s also something that shouldn’t require a lot of planning.  People fell over backwards trying to take advantage of the ‘new home buyer credit’ a few years back, which essentially just saved them a few thousand dollars one time, while generally saddling them with huge mortgages.  People move to states at least in part because of income tax codes (obviously not always, but for many people it’s a factor).  Detroit needs active, productive people to live there.  Give them an incentive to do so and I believe they will.

Convert docx to pdf on OSX

A client needed a way to batch convert DOCX files to PDFs on a Mac, and I poked around for a few minutes and came up with this:

/Applications/LibreOffice.app/Contents/MacOS/soffice.bin –headless –convert-to pdf:writer_pdf_Export –outdir ~/Documents/ ~/Documents/*docx

This was largely inspired by this post, but LibreOffice is still referred to as ‘soffice.bin’ on OSX (at least, my versions) so this will be easier to copy/paste for me, my client, and others who are searching for this in the future.

Why do no almost no web frameworks come with any authentication/authorization functionality?

This is likely a controversial stance to take, and I’ll very likely get bashed as “no idea what I’m talking about” by people much cleverer than me.  With that said…

Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases.  The standard response I’ve gotten for years was/is “well, everyone’s needs for authentication are different”.

No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.

Yet somehow, everyone’s essentially forced in to writing their own user login and management from scratch. This leads to potentially loads of security holes from people writing insecure code.

So many frameworks promote their routing and database layers, configuration management, etc.; those are all things that one could argue people might need to function “differently” – in many cases, the default code is configurable enough to handle many edge cases. In rare cases when the stock code can’t handle things, you can override it with custom code.

But with authentication/authorization, everyone is left to fend for themselves.  Every.  Single.  Time.  And they *often* get it wrong (sensitive info in a cookie, unencrypted passwords, etc).

Put another way, when left to fend for themselves, developers need to learn a lot of concepts.  Every decision point is a point that can be made wrong (or poorly).  Making a poor decision about your CSS colors or URL structure or JavaScript helper library might be painful or annoying, but will likely not have any major repercussions.  Making a poor decision about authentication can be devastating.   Yet, somehow, this is one of the prime areas in the web framework world where users are not given anything out of the box (in most cases, at least) and are left to ‘educate themselves’ (with quite a lot of bad, wrong or outdated information floating around).

If you’re not going to ship some basic authentication/authorization functionality with the rationale that not everyone’s needs are 100% the same, perhaps you should stop shipping routing, forms management, database libraries and more – after all, someone might want to do it their own way.  Not everyone’s queries are the same, don’t you know.

I titled this post “almost”, because I’ve got a hunch there may be a few that I don’t know about.  With that said, what web frameworks do you know of which ship with authorization/authentication out of the box?  My own experiences indicate:

In the PHP world, it looks like Symfony2 ships with an ACL component, and the recommended ‘default bundle’ distributions ships with Authorization and Authentication components out of the box.   Zend Framework ships with an ACL component as well, but in both cases (ZF and Symfony) there is no default way of allowing users to register/login/reset passwords, etc.  FWIW, the Symfony approach of distributing recommended bundles of packages which (from what I can tell) could be updated independently if and when need be might be the best middle ground I’ve seen so far.  “Decoupled but packaged”.

The Rails community seems to (nearly) universally rely on Devise, but it’s not shipped by default, and many people end up ‘rolling their own’ (probably very often with bad and possibly even hard to spot flaws).

Grails users often rely on the Spring Security plugin, but again, not a default plugin.  To its credit, there is a basic user/role management screen with searching, account disabling, and other maintenance functionality, and the basic system allows for user login and ‘lost password’ pretty much out of the box (self register is a bit more work).    But again, not shipped with the base, and people may be tempted to roll their own (although a default ORM means people are far less likely to be susceptible to SQL injection vs building SQL by hand).

ASP.NET ships with a membership system (though it’s been a long time – my memory may be out of date), with web controls for user login, registration, lost password, etc.  Whether it’s necessarily the ‘best’ security approach is not really the point here – it’s a standard that is provided, and more than likely has prevented people from (re)writing code in an insecure manner.

What am I missing?

UPDATE: One thought is that no one wants to be even remotely possible for providing out of the box security because they’re afraid they’ll be a target for a lawsuit.  I suspect that’s not really a factor, but perhaps it is in some cases?

Tech partisanship doesn’t help much

I shared a small rant at a local web meetup the other day, and thought I’d recap it here.  It was triggered by sitting in on an interview with a local developer for an idea-stage startup I’m counseling.

The startup in question has had some false starts on an MVP before, once in ASP.NET, and once in PHP (or maybe twice).  What’s come out of this was an understanding that the particular tech chosen is less important than finding sharp people who can see the project through to the first phase being functional.  I helped write a Craigslist ad to that effect, it was posted, and we’ve sifted through some of the applicants and did a couple interviews.

What’s been interesting to me is that many of the people applying are .net developers.  I’ve nothing against .net, but typically, you don’t find too many looking to jump in to the entrepreneurial space; it’s very much a corporate-enterprisey sort of thing.  I know .net-startups exist, but they’re a small fraction compared to the number of web startups based on dynamic languages (php, python, ruby, etc).

So we met with someone, and he asked what the site was written in.  My friend explained there’s no current site, but an early draft had been done in PHP.  The .net-dev grimaced.  “PHP is just not capable, it just won’t work for some things, it’s not efficient, there’s things it can’t do, C# is much better technology,” and so on.  This was not a 5 minute diatribe, I’ll grant you, but it was long enough, and … ill-informed enough to make me question his judgement skills on other things.

I can expect this sort of tribalism from someone just starting out in development.  I don’t expect it from someone with 15 years of experience.  I would expect that you’d mature to the point where you understood that almost all tech out there is suitable for a wide-range of applications, and that the language itself is rarely a bottleneck (compared with database servers, network latency, etc.)  And yes… I expect this because I’ve seen these attitudes diplayed out over many colleagues, but also definitely in myself.

I’m ashamed of some of the partisan writings I posted back 10 years ago; I was wasting huge amounts of time arguing pointless stuff that had no real impact.  Perhaps that’s half the purpose of internet forums in general, but it took me a while to realize the emptiness in those pissing matches, and regret much of what I contributed all those years ago.  But it does help give me a sense of perspective, as does my shifting tech skills:  I’ve gone from MS/VB/Access to Notes to Perl to PHP to ASP to PHP to Java with a bit of C# thrown in over the years.   After you’ve done this long enough, you realize that there’s enough change in tech that few of the skills from 10 years ago really matter, which is another way of saying that little of what you’re learning now will have much utility in 10 years.

I’ve got another rant on reusing software coming up soon; stay tuned (or come back, or subscribe to the RSS) to have a read.

freelancer? join my community

I’ve recently set up a site intended to be a broader mix of content and community at http://freelancepath.com.  This is an extension and outgrowth of an earlier email group I ran based on audience members from my web development podcast.

If you’re a freelancer, I’d like to invite you to join my community for web freelancers.  Interested in contributing a guest post to our blog?  Register there, friend my profile, and send me a message with your idea.  I’d love to have you guest blog about your freelancing experiences, tools, service reviews and more!