Author name: S Anand

Recruiting smart people

/ Business realities, How I do things / 11 Comments

Recently, I have ended up giving bits of advice to people recruiting at start-ups, and a few patterns have emerged that are worth sharing.

Before I go ahead, I should warn you that I have no qualifications whatsoever. (All consulting advice should come with this caveat, perhaps!) You might be better off reading Joel Spolsky’s Smart and Get Things Done (read). I haven’t read it myself, but from what little I see of it, the thoughts seem similar.

The key is to realise that smart people are probably 10 times as productive. OK, that may be wrong. It probably originated with Fred Brooks, and has been debated to death. But it seems fairly well accepted that the best people contribute more than they are better paid. (The best guy is probably paid twice the average, but is worth more than twice the average guy.)

This isn’t because they do more work. It’s because they solve harder problems. You can get two people to do two people’s work. You can’t solve a problem twice as hard even with twenty people.

For a startup, the problem is acute. You don’t have the luxury of being able to manage a large number of people.

Since smart people typically work for a lot less than they’re probably worth, it’s a bargain to hire smart people. You pay them twice as much, and they’ll solve problems twenty others couldn’t solve.

The problem boils down to finding smart people and getting them on board.

Finding smart people

You need to go after the smart people. They won’t come to you. Many reasons. You’re not big enough. There aren’t that many of them. They’re not in the market that much (no one lets go of them anyway).

So that just demolishes the traditional recruitment model straight away. You don’t advertise for people and filter their resumes. You find the people you want and go after them.

The good thing is, smart people cluster. They tend to know other smart people, meet up with other smart people, read the same things as other smart people, etc. That gives some useful starting points.

Matt Biddulph talks about Algorithmic recruitment with Github. The premise is that smart programmers are at the centre of the social networks in their respective areas. Just go after them. I advised a friend similarly: to look for the network (or at least the smart people) that hang out on Stack Overflow for a given topic. Last year, when I was looking for a Django developer, I scoured the Infosys internal blogs for similar networks. (Found only a few, but it sure introduced me to a lot of really smart people that I didn’t know existed!)

Conferences are another place to look for them. I tend to periodically check out Upcoming and Meetup to see who’s taking part in what, go over, meet them, and see what they do. I find it a great way of figuring out who’re the experts in a field. (I once met one of the guys who wrote TiddlyWiki, and it was immediately obvious that he was in a different league from the others that day at the Javascript Meetup.)

You can go a step further. Since smart people cluster, they form networks, and control of that network is power. So why not organise those conferences? A lot of these smart people just need a place to hang out and learn from each other. I know the Javascript Meetup was struggling to find a place to meet. Pubs don’t give you the quiet atmosphere needed to learn from each other, and it’s certainly impossible to have a talk there. The folks at Hackspace have done this really well, renting a place and equipment for people to tinker with electronics.

That’s what smart people want, mostly: a nice quiet place, good company, and perhaps pizza. Skills Matter does this beautifully. They organise free workshops every now and then. The list of people that attend these is invaluable.

Getting them on board

Once you’ve spotted a smart person, what do you offer them?

Remember – they’re probably 10 times as productive. Money is quite likely to be worth offering. If that works, great. But if you’re a startup, you probably don’t have the money. You probably could offer a stake in the firm. That might work too.

But, to quote Dan Pink: “One of the most robust findings of social science is that incentives dull the mind and hamper creativity. Yet, businesses ignore it.” Some people aren’t motivated by money. You might get better results if you didn’t pay money than if you did. (Read this story on motivation by Peter Bregman.)

Suppose you said, “I have this problem… I’ve no idea how to solve it. Would you be able to help me?” Most smart people would probably help you. For free. The feel good feeling is worth more than the transaction cost of extracting payment from you.

Or you might be championing a worthy cause – anywhere from world hunger, rural poverty or cure for cancer down to organising a scout camp. The thing about this is they are intrinsically attractive. You probably just need to open up and say “This is what I’m doing, can you help?”

The flip side of it is loss of control. Jonty told me about how Hackspace London was run: “it’s as loosely organised as possible without falling apart”. You don’t manage these people like traditional organisations. You manage them like a community of volunteers. Like parents at a school day function. Like family at a wedding. You don’t pay them. You don’t order them around either.

Part of that is the flexibility of being a startup. You can afford that loss of control. Yes, you don’t have the money. No, not everyone’s working for money. (The planet as a whole is fairly well off. Smart people particularly so.) But you might offer something interesting. Just as long as you’re willing to let go of some control in your mind…

Recruiting smart people Read More »

SSH Tunneling via Rackspacecloud

/ How I do things / 5 Comments

I wrote about SSH Tunneling through web filters using Amazon’s EC2 at 8 cents/hr. With Rackspacecloud, you can get that down to 1.5 cents/hr. This turns out to be a lot simpler than EC2 as well!

Ingredients

  1. Rackspacecloud account (sign up for free – you won’t be charged until you use it)
  2. Putty (which may be available on your Intranet, if you’re lucky)

Directions

  1. On the Rackspacecloud console, click on wordpress website hosting– Cloud Servers – Add Server and select Ubuntu 9.10 (Karmic Koala). Actually, you can pick any other instance. I’m going to talk through this using Ubuntu 9.10 as the example.
    ssh-1
  2. Type any server name, pick a 256MB RAM instance, and click on Create Server.
    ssh-2
  3. Once the server has started, you’ll get the screen below. Click on the Console to open a session.
    ssh-3
  4. Your password would have been e-mailed to the account you registered with. Log in as root with that password. Now type the following: 
    sed –i "s/^Port 22/Port 443/" /etc/ssh/sshd_config
/etc/init.d/ssh restart

    ssh-4

  5. Run Putty. Type in root@<server-IP-address> as the host name, and 443 as the port
    putty1_thumb4
  6. Under Connection > Proxy, set HTTP as the proxy type. Type in the Proxy hostname and Port you normally use to access the Internet. Select Yes for Do DNS name lookup at proxy end. Type in your Windows login ID and password.
    putty2_thumb2
  7. Under Connection > SSH, select Enable Compression.
    putty5_thumb3
  8. Under Connection > SSH > Tunnels, type 9090 as the Source port, Dynamic as the Destination, and click Add.
    putty4_thumb2
  9. Now click Open. You should get a terminal into your Rackspacecloud instance. Log in with the same password as before.
  10. Open your Browser, and set the SOCKS server to localhost:9090. For Internet Explorer, go to Tools – Options – Connections – LAN Settings, select Use a proxy …, click on Advanced, and type localhost:9090 as the Socks server. Leave all other fields blank.
    ieconfig_thumb2
  11. For Firefox, go to Tools – Options – Advanced – Network – Settings and select Manual proxy configuration. Set the Socks Host to localhost:9090 and leave all other fields blank.
    ffconfig_thumb2
  12. Also, go to URL about:config, and make sure that network.proxy.socks_remote_dns is set to true.

SSH Tunneling via Rackspacecloud Read More »

Laptop power usage

/ How I do things / 9 Comments

I just got a digital wattmeter. Had no idea about these until Google PowerMeter, but now, they’re all the rage. Mine’s a pretty simple model and all  I plan to do with it is play around with a few household gadgets.

n67hh-small

My first target, obviously, was my Dell Latitude E5400. The statistics are interesting:

Power … when…
0.3W Laptop is switched off. The adapter must be consuming the power
1.3W Laptop is on standby.
12W The lid is closed, and no applications are running.
18.5W The laptop is on, the lid is open, and no applications are running
25W The laptop is writing to the hard disk
34W One CPU is fully utilised
41W Both CPUs are fully utilised

Looks like the display and hard disk each consume about 6.5 watts each, while the CPU consumes a whopping 15 + 7 = 22 watts.

One interesting observation is that the colour of the display doesn’t make much of a difference. From my CRT monitor days, I’d remembered that a black screen consumes less power, and is less likely to wear the screen off. So my desktop background has always been black, and most of my applications use a black theme. But it turns out that on LCDs, it makes absolutely no difference. A full white screen uses the same power as a full black screen. So I’ve really been wasting my time the last 9 years. (There is a good reason to have a black screen, sometimes – it’s much easier on the eyes when reading without lights.)

Another lesson was that turning off the wireless had no effect whatsoever. (It worked quite well for my Blackberry, though. Increased the battery life quite a bit. I thought the same might apply for laptops, but looks like it doesn’t.)

I’ll do an audit of some of my home appliances and post it out here. Wonder if there’s a repository of power usage for appliances…

Laptop power usage Read More »

Command line alarm

/ Coding, How I do things / 11 Comments

When I’m in front of my laptop, I usually forget the world around. Sadly, the world around has important things that need to get done on time. Like eating medicines, turning off the washing machine or the hob, etc.

The one thing I’ve been lacking on my machine was a simple alarm system. I’d like to set an alarm to remind me to do something in 5 minutes, for example. And it should be dead simple to set up.

After hunting around a fair for freeware to do this, I’ve finally settled on writing this tiny piece of Visual Basic code.

Set WshShell = CreateObject("WScript.Shell")
If WScript.Arguments.length &lt; 2 Then
  WScript.Echo "Usage: alarm <time-in-minutes> <message>"
Else
  WScript.Sleep WScript.Arguments.Item(0) * 60 * 1000
  msg = ""
  For i = 1 to WScript.Arguments.Count - 1
      msg = msg + WScript.Arguments.Item(i) + " "
  Next
  WshShell.Popup msg, -1, "Alarm", 64
End If

I’ve saved this as “alarm.vbs” somewhere in my path. When I need to set an alarm, I just type

alarm 5 Turn off the hob

This pops up a window in 5 minutes with the alarm:

An informational popup window saying Turn off the hob

This turned out to be a life-saver yesterday. I had to catch a flight at the Bangalore airport, and traffic is notoriously bad. To be on the safe side, I set up the following:

alarm 25 Catch the flight
alarm 30 You really need to go now
alarm 35 You've missed the flight

Turned out to be a wise thing. I ignored the first alarm. On the second, I said “OK, OK, just 1 minute…” and it really took the third alarm to get me going. Just barely made it to the flight.

Command line alarm Read More »

Portable Apps

/ Top 10 lists / 2 Comments

I’m totally hooked to portable apps now. You don’t need admin rights to install them. You can run them off a USB stick. They won’t make your machine slower. All the reasons not to install an application vanish.

PortableApps.com is a good starting point. For what it’s worth, here are my portable apps by category (most used on top).

Platforms

  • Firefox. If you’re using IE6, please die. Lack of admin access is no longer an excuse.
  • Cygwin brings you UNIX commands to Windows.
  • Portable Ubuntu run Ubuntu as a window in Windows.

Tiny utilities

  • GDI++ replaces the Windows font engine with a Mac-line rendering. Looks cool.
  • Clip is a command line tool that copies to clipboard. “dir | clip” copies the file listing to the clipboard. Outrageously useful.
  • PicPick takes screenshots of the screen, windows, regions, whatever. And you can edit them too.
  • uTorrent downloads torrents.
  • WinDiff compares two files and tells you the difference.
  • AlwaysOnTopMaker makes any window stay on top of other windows.
  • DiskTT tells you your hard disk (or USB stick) speed.
  • WinHTTrack downloads websites.
  • AllChars lets you type special characters like ½ by type Alt-1-2 or “ by Alt-`-`. It’s shockingly intuitive.
  • Restoration lets you undelete permanently deleted files.
  • Windirstat tells you what’s taking up space on your disk.
  • Sysinternals is a bunch of system monitoring utilities.
  • Virtual CD-ROM mounts .ISO files. You can use .ISO files without burning them.
  • Autostitch stitches together photos to create panoramas.

Media

  • VLC plays any audio or video file.
  • TightVNC lets you log into other machines like a remote desktop./li>
  • Audacity lets you record and edit audio.
  • CamStudio lets you record video (screen capture).
  • VirtualDub lets you edit video.
  • MediaCoder converts audio and video from any format to another.
  • GIMP is like Photoshop. You can edit pictures.
  • Inkscape lets you edit vector graphics.

Servers

  • XAMPP installs Apache, MySQL, PHP and Perl at one shot.
  • App Engine is Google’s freemium platform for app hosting.
  • Persevere is a RESTful JSON app server that runs on Java.
  • Tomcat is a JSP server.
  • nginx is a fast web server
  • CouchDB is a RESTful JSON app server that runs on Erlang.

Development tools

Let me repeat:

  1. You don’t need admin rights to install these.
  2. You can run them off a USB stick.
  3. They won’t make your machine slower.

There’s really no reason whatsoever not to have them on a USB stick at least. They’re cheap.

Portable Apps Read More »

SSH Tunneling through web filters

/ Coding, How I do things / 32 Comments

You can defeat most web filters by spending around 8 cents/hr 0 cents/hr on Amazon EC2. (It’s usually worth the money. It’s a fraction of the cost a phone call or a sandwich. And I usually end up wasting that money anyway on calling someone or eating my way out of the misery of corporate proxies.)

Most web filters and proxies block all ports except the HTTP port (80) and the HTTPS port (443). But it’s used to carry encrypted traffic, and, as Mark explains:

since all the traffic that passed through the tunnel is supposed to be SSL encrypted (so as to form an unhindered SSL session between the browser and the HTTPS server), there are little or no access controls possible on such a tunnel

That means web filters can’t really block HTTPS traffic. So we can redirect web traffic to a local HTTPS server, and set up a server outside the firewall that redirects them back to the regular servers.

Putty will be our local HTTPS server. Amazon EC2 gives us a server outside the firewall.

So here’s a 16-step recipe to bypass your web filter. (This is the simplest I could make it.)

In Steps 1-7, we’ll launch a server on Amazon EC2 with 2 tweaks. Step 1 enables Port 443, and step 6 re-configures SSH to run on Port 443 instead of on Port 22. (Remember: most proxies block all ports other than 80 and 443). Alestic’s article on how to Automate EC2 Instance Setup with user-data Scripts and this thread on running SSH on port 443 are invaluable.

In Steps 8-13, we’ll set up Putty as our local HTTPS server. Read how to set up Putty as a SOCKS server and how to use Putty with a HTTP proxy. All I did was to combine the two.

In steps 14-16, we’ll configure the browser to use the Putty as the SOCKS server.

Ingredients

  1. Amazon AWS account (sign up for free – you won’t be charged until you use it)
  2. Putty (which may be available on your Intranet, if you’re lucky)

Directions

  1. On the AWS EC2 Console, click on Security Groups and select the default security group. At the bottom, select HTTPS as the connection method, and save it.
  2. Click on Key Pairs, select Create Key Pair and type in some name. Click on the Create button and you’ll be asked to download a key file. Save it somewhere safe.
  3. Run PuttyGen (it comes with Putty), click Load and select the key file you just saved. Now click on Save private key and save it as privatekey.ppk.
  4. Back on the AWS EC2 Console, click on Launch Instance.
  5. Select Community AMIs and find ami-ccf615a5. It’s a Ubunty Jaunty 9.04 instance that’s been customised to run scripts passed as user-data. You may pick any other alestic instance. (The screenshot below picks a different instance. Ignore that.)
  6. Continue until you get to Advanced Instance Options. Here, copy and paste the following under User Data. Do not make a mistake here! 
    #!/bin/bash
mv /etc/ssh/sshd_config /etc/ssh/x
sed "s/^#\?Port.*/Port 443/" /etc/ssh/x > /etc/ssh/sshd_config
/etc/init.d/ssh restart

  7. Keep pressing Continue and Launch the instance. Once launched, click on “Instances” on the left, and keep refreshing the page until the status turns green (running). Now, copy the Public DNS of the instance.
  8. Run Putty. Type in root@<the-public-DNS-you-just-copied> as the host name, and 443 as the port
  9. Under Connection > Proxy, set HTTP as the proxy type. Type in the Proxy hostname and Port you normally use to access the Internet. Select Yes for Do DNS name lookup at proxy end. Type in your Windows login ID and password.
  10. Under Connection > SSH, select Enable Compression.
  11. Under Connection > SSH > Auth, click Browse and select the privatekey.ppk file you’d saved earlier.
  12. Under Connection > SSH > Tunnels, type 9090 as the Source port, Dynamic as the Destination, and click Add.
  13. Now click Open. You should get a terminal into your Amazon EC2 instance.
  14. Open your Browser, and set the SOCKS server to localhost:9090. For Internet Explorer, go to Tools – Options – Connections – LAN Settings, select Use a proxy …, click on Advanced, and type localhost:9090 as the Socks server. Leave all other fields blank.
  15. For Firefox, go to Tools – Options – Advanced – Network – Settings and select Manual proxy configuration. Set the Socks Host to localhost:9090 and leave all other fields blank.
  16. Also, go to URL about:config, and make sure that network.proxy.socks_remote_dns is set to true.

That’s it. You should now be able to check most blocked sites like Facebook and YouTube.

Those who favour the command line may want to automate Steps 1-7 by downloading Amazon’s EC2 API tools. EC2 API tools work from behind a proxy too. The commands you’ll need to use to setup are:

set EC2_HOME=your-ec2-home-directory
set EC2_CERT=your-ec2-certificate
set EC2_PRIVATE_KEY=your-ec2-private-key
ec2-add-keypair mykeypair
ec2-authorize default -p 443
set EC2_JVM_ARGS=-DproxySet=true -DproxyHost=yourproxy \
-DproxyPort=yourport -Dhttps.proxySet=true \
-Dhttps.proxyHost=yourproxy -Dhttps.proxyPort=yourport \
-Dhttp.proxyUser=yourusername -Dhttps.proxyUser=yourusername \
-Dhttp.proxyPass=yourpassword -Dhttps.proxyPass=yourpassword
ec2-run-instances ami-ccf615a5 --key mykeypair --user-data-file your-startup-file-containing-lines-in-step-6

You can go further and use any software (such as Skype) if you install FreeCap. More details are in this article on Secure Firefox and IM with Putty.

Linux users may want to check out ProxyTunnel and this article on Tunneling SSH over HTTP(S).

Update: Follow-ups on hacker news comments, twitter, delicious and digg.

SSH Tunneling through web filters Read More »

Open source in corporates

/ Business realities, Coding / 11 Comments

Last month, my first application went live.

I’ve been writing code for 20 years. Not one line of my code has been officially deployed in a corporate. (Loser…)

It’s a happy feeling. Someone defined happiness as the intersection of pleasure and meaning. Writing code is pleasurable. Others using it is meaningful.

But this post isn’t quite about that. It’s about the hoops I’ve had to jump through to make this happen.

I’ve been living in a nightmare since March 2009. That was when I decided that I’d try and get corporates to use open source.

March 2009
It began with a pitch to a VC firm. They were looking to build a content management system (CMS). Normally we’d pull together slides that say we’ll deliver the moon. This time, we put together demo based on WordPress’ CMS plugins.

The meeting went fabulously well. We said, “Here’s a demo we’ve built for you. Do you like it?” The business lead (Stuart) was drooling and declared that that’s exactly what they wanted. The IT lead (another Stuart) was happy too, but warned the business users: “Just remember: this isn’t how we do development, so don’t get your hopes up that we can deliver stuff like this :-)”

Time to make my point. I asked, “What’s your policy on open source software?”

The business lead went quiet. “I don’t know,” he finally said. Fair enough.

I turned to the IT lead. “Well, we don’t use it as a matter of policy… there are security concerns…” he said.

“Which web server do you use?”

”Oh, OK. I see what you mean. We use Apache. So on a case to case basis, we have exceptions. But generally we have security concerns.“

”Why? Do you believe open source software is more insecure than commercial software?“

He thought about it for a while. “Well… maybe. I don’t know.” We debated this a bit. Then we found the real issue: “It’s just that we don’t have control over the process. We don’t know enough about it to decide.”

A couple of weeks later, I tried pitching to a newspaper company. This time, it was our sales team that raised the same question. “But… isn’t open source insecure?”

I didn’t even bother pitching any open source stuff to them. But I’d learnt my lessons:

1. Demo the application. Don’t talk about it.
2. Show it to the business first, and then tackle IT.

Aside: June 2009

In June, I got another chance. I was building the website for a large retailer. The very first thing I did was ask to see the Javascript. Total mess, and filled with browser-incompatible DOM requests. So I went over to their web development team.

“Look, why don’t you guys use a Javascript library? It’ll get you cross browser compatibility and compact maintainable code at the same time.”

And, to their credit, they said, “Sure. Which library?”

I showed them this comparison of jQuery (blue), dojo, scriptaculous and mootools…

… and we agreed on jQuery. So, if nothing else, I’ve managed to get one open source library into a corporate.

July 2009

I was also looking at payments, and retailer was looking to replace their chargeback application. Since I had a week off, I built a working PCI compliant prototype on Django. This time, I applied the lessons I’d learned, and demo-ed it to the business, who were thrilled. Time to tackle IT.

I started with the architecture team. Matt on the architecture team was the most approachable. So I went over, demo-ed it, and said, “Matt, this took a week to put together. It’s based on some new technologies. Are you game to try these out?”

He was. And quite enthused about it too. So we put together a proposal for the architecture review board, proposing a new technology stack: Django / Python and MySQL. As before, I showed the demo before I talked technology. I had prepared answers to all security related questions upfront (and practically memorised section 3 of the PCI guidelines.) The clincher, though, was the business case. To build it on Java, it would cost ~1,000 person days. On Django, I’d mostly done it in 5. There was no way of justifying 1,000 person days for an application that could save, at best £100,000 a year.

So they said “Go ahead, we’re fine if operations and infrastructure are fine.”

It was time to find a Django developer in Infosys. I hunted for a couple of weeks but none was available. (Only 2 people knew Django in the first place.) So that effort got canned, and we were back to the 1,000 person day solution. (Which got canned too, later.)

But in the process, I’d learned my third lesson.

3. If you’re trying new technologies, plan on delivering it yourself.

October 2009

Another application popped up that looked like a prime candidate for introducing open source. They were using an Excel application to fraud screen orders, and wanted to make a web app out of it.

I followed the same route as before. Demo it. Show it to business first, then IT. Built it myself. I skipped Architecture, since they’d already approved the technology stack, and took it straight to Infrastructure.

“This application uses Apache as the web server, MySQL as the database, and uses PHP and Javascript for the application logic. Could we get a Linux server to host it?”

Our entire conversation lasted 30 seconds. He said, “No. We use Windows servers” (I was fine)

“… and you’ll need to chance Apache to IIS” (fine again)

“… and we don’t support PHP, so it’ll have to be Java or .NET” (I don’t know .NET or Java… but fine)

“… and we don’t support MySQL, it’ll have to be SQL Server” (fine, I guess)

“… and we don’t have DBAs available until January, so you’ll have to wait.” (definitely not good.)

So back to the drawing board on the technology stack. I needed something in Java (I know very little Java, but nothing at all in .NET) and to avoid the DBA headache, it would have to bundle in a database. I first explored key-value stores like CouchDB, Redis, etc. None of them worked on Java. The only one I found that did was Persevere, and it was a JSON data store, which fit perfectly with my plans.

By this time, I’d also learn my my fourth and most important lesson.

4. Don’t try to promote open source. Just deliver the application

I said, “This is a custom-built application that runs on Java. Could we get a Windows server to host it?”

The answer was “Yes”, and we had it the next day.

PS: December 2009

The application’s deployed and running. It has about 10,000 orders fraud screened by now.

And the lessons are well learnt. So when some came over asking if there was any image resizing solution I knew off, I said: “Sure, who’s your business sponsor?” Then I went over and said, “Let me show you this open source application called ImageMagick. It handles aspect ratios correctly, and can crop too. Doesn’t this look professional?” Then I went over to IT and said, “It’s open source, so you can change it. It has Java bindings, so you can integrate it into your environment. It can handle 8 3000×2400 images a second on my puny laptop. It’s used by your competitors. And I can build it for you if you like.”

I might just have my second open source entry into a corporate this year.

Open source in corporates Read More »