Sunday, January 13, 2008

Hiring based off years of experience, an analogy with art and the NBA

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/hiring_based_off_years_of_experience_an_analogy_with_art_an.htm]

I'm always intrigued how HR recruiting is often obsessed with how many years of experience a candidate has. This is absolutely not the same thing as "does the candidate have the required skills". The thinking seems to be that developers start at the same place (maybe as college kids in computer science class), and learn at the same pace, therefore the real determiner of skill is the years of experience. Therefore, a dev with 10 years should most likely be better than a dev with only 3 years. I think this is dangerous and misleading thinking. Sure, all else equal, years of experience would be a good indicator of skill, but all else is not equal.

  1. People start learning to program at different ages - not everyone starts at college, some start when they're 10 years old

  2. People learn at different rates - some people just naturally learn things faster than others

Think of it like art - some people just can't draw (like me). Maybe if you give them years of classes, and they practice and practice, they may be able to squeak out a simple painting - but they're always going to struggle with it. Other people just have a natural talent for it, and even as a 10 year old, can draw a good looking picture. The best question to determine who is the better artist is to ask for their portfolio (samples of what they've drawn), not ask how many years of experience they've had. Like asking for an artists' portfolio, interviews can ask a developer to show them an open-source project, or actually write code on a whiteboard. That's a much quicker way to verify their skill set.

 

Or, look at the NBA. While of course veterans and experience are good, there are plenty of young rookies who add far more value than a 10-year veteran. Simply hiring based on who has the most years of experience would naively miss out on good talent.

 

I see it much like the graph below of skill vs. time. Someone could start learning as young as 12 years, or wait until college, or even do a career switch after college. You can't really count playing around with programming as a child as "years" or experience on your resume, but it sure does increase your skill level. So, a recruiter could categorize all three cases as "just four years of experience". But the skill difference is too wide for that naive approach to be practical. There are 18 year old interns that just "get it", whereas some 40 year old contractors that do not.

 

That's why it's always best to look at the skill, as opposed to blindly check for years of experience.

 

Next: But what if I'm a non-technical person doing technical recruiting?

Thursday, January 10, 2008

Missing EventValidation because modal dialogue blocked rendering

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/missing_eventvalidation_because_modal_dialogue_blocked_rende.htm]



I saw an application giving this error:
System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
As is often the case, it "worked on my machine", but failed in production. It looked like one of those ghost bug things.
In this case, the problem was that the "EventValidation" field was missing entirely, so ASP.Net thought the page was corrupted:
  1. In production and QA, the page had a modal dialogue pop up. This was because both those environments ran in HTTPS, and that particular page had a JavaApplet on it, such that a modal dialogue popped up asking the user to confirm the security permissions.
  2. If the user clicked no, then that interfered with the final rendering at the bottom of  the page, which practically meant that just the "__EVENTVALIDATION" was never generated. The rest of the page looked the same.
  3. EventValidation was required to validate ViewState, so the server thought someone was hacking the page, and the Exception got thrown.
At first glance, a developer might just set Page EnableEventValidation="false", but that is a bad idea because it opens up a security hole (anyone could change your EventValidation value and exploit the app).
You can get an idea with this html code snippet, where I've substituted the JavaApplet call with an alert message (although the alert is truly modal, so you can't click a button until it's closed).
<body>
    <form id="form1" runat="server">
    <div>
   
  Text 1: this is the initial alert
   
  <script language="javascript" type="text/javascript">
    alert('yo!');
  </script>
 
  Text 2: this appears after the alert
 
    </div>
    </form>
</body
>
If you attach a debugger to the JS, you'll see that the second chunk of HTML text (Text 2) only gets rendered once the user closes the modal alert box. However, we can fix this by running the JavaScript code that called the applet in an asynch process via setTimeout, something like so:

<head runat="server">
    <title>Untitled Page</title>
    <script type="text/javascript" language="javascript">

    function DoStuff()
    {
      setTimeout("MyMethod()",500);
    }
    function MyMethod() {
       alert('yo!');
    }

    </script>   
</head>
<body>
    <form id="form1" runat="server" >
    <div>
    ASYNCH Hello world
   
    this is the initial code
   
  <script language="javascript" type="text/javascript">
    DoStuff()
  </script>
 
  this appears after the code
 
    </div>
    </form>
</body>
</html
>

Monday, January 7, 2008

Http Pocket Reference

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/http_pocket_reference.htm]

I finished reading the O'Reilly HTTP Pocket Reference. I just wanted a good refresher on HTTP. It was a very good book. I liked that it was only 80+ pages, maybe a 1-2 hour read, and just covered the important stuff. When time is short, there's a definite benefit to just reading a summary as opposed to an exhaustive reference. I notice that many devs don't take enough time to read a full book, so they settle for just skimming blogs. However, that usually gives just a gap-filled understanding because they never get that end-to-end thoroughness. The pocket books offer a good compromise - more thorough than just a blog entry, but still short enough to read when time is tight.

Sunday, January 6, 2008

Random producing same values

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/random_producing_same_values.htm]

In programming languages, Random numbers aren't truly random, but rather appear random based on a seed value. For example, a trivial "random" number generator may just take the current milliseconds from the timestamp.

The following two snippets illustrate this. Each snippet runs through a loop to generate a list of "random" numbers. However, the first snippet produces all the same values because the Random generator is re-called in the loop each time, therefore the same seed appears to get used. This is bad. The second snippet is the way to do it - put the Random generator outside of the loop, and then re-call it each time to get the next random value.

While this example is obvious, it may be a little harder to see if a developer puts the Random() call in a method, and then calls the method within the loop. In that case, it would act like the first snippet, and always generate the same values.

 

    [TestMethod]
    public void Random_Bad()
    {
      List<int> li= new List<int>();
      for (int i = 0; i < 3; i++)
      {
        Random r = new Random();
        li.Add(r.Next(0, 1000000));
      }

      Assert.AreNotEqual(li[0], li[1]);  //Fail
      Assert.AreNotEqual(li[1], li[2]);  //Fail
    }

    [TestMethod]
    public void Random_Good()
    {
      List<int> li = new List<int>();
      Random r = new Random();
      for (int i = 0; i < 3; i++)
      {
        li.Add(r.Next(0, 1000000));
      }

      Assert.AreNotEqual(li[0], li[1]);
      Assert.AreNotEqual(li[1], li[2]);
    }

 

Thursday, December 27, 2007

Making Process Results Public

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/making_process_results_public.htm]

Enterprise applications require a lot of supporting processes - continuous builds, feature tracking, monitoring production, etc... One sign of a mature department is that the non-secure output from those processes is publicly available to the entire team, as opposed to "hidden" in a personal file on some manager's computer. This keeps everyone on the same page, encourages team feedback, and reduces bureaucracy.

 

For example, anyone on your team should be able to tell you the release dates, their current expected feature list, the amount of open issues they have, and if their code patch broke any unit tests on the server. Those should not be "special" things that only a manager has access to view.

 

There are several processes that any development department should have, and these processes should all have publicly accessible results (such as via a web dashboard or shared network drive).

  • Issue Tracking System (we use a web-based solution)

  • Continuous build with unit test results (we prefer CruiseControl)

  • Wiki (we started with FlexWiki to just get started, but now use SharePoint)

  • Production performance results (you should be able to go to a web dashboard, not pester your IT department for the raw IIS log files)

  • Available project plan (even an Excel sheet on a shared network drive)

There's no doubt more to this list, but it's a good start.

Wednesday, December 26, 2007

Book: Getting Started in Consulting

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/book_getting_started_in_consulting.htm]

I just finished a very good book - Getting Started in Consulting. As its title suggests, it explains how to start up your own consulting practice. While I am personally entrenched in industry at Paylocity and not heading towards consulting, the book is still very applicable. (I used to work in consulting at Deloitte and CSC). Essentially, the developers who really stand out do a lot of the same things that successful consultants do - they take initiative to add value in a way that supports the client.

 

As someone now in industry, my "client" is usually my boss, or the customers who purchase our product. My "fees" are usually how I get to spend my time - i.e. I need to justify to my boss that project X is worth the time investment, and they should therefore allot schedule resources for it. The chapters on sales and marketing are good for any developer to know because they remind you that ultimately the project needs to generate revenue. It's easy to think that money grows on trees for these corporate giants, but for many of us, good projects often come down to a series of small "sales". Alan does a great job of showing how to incrementally add value and handle scope creep.

 

He also has very applicable chapters on "Moving to the Next Level" and "What do you do with Success?" For developers, if you've been in the field for 10 years, are you just doing more same old features, or are you still professionally growing and contributing back to the community via mentoring, publications, user groups, or other extra curricular activities?

 

It's an easy read, a well done book, and stimulates your mind to think about how to add value for your current project in industry.

Monday, December 24, 2007

Merry Christmas

[This was originally posted at http://timstall.dotnetdevelopersjournal.com/merry_christmas_1.htm]

Merry Christmas for 2007, and a happy new year coming up in 2008!