Author Archives: kevin

About kevin

I write the posts

So, you’re visiting Silicon Valley’s biggest companies next week

Posted on

Two years ago I went on the Silicon Valley ITAB trip. This was the turning point of my college career and more than anything else put me on the career path I'm on right now. However when I went on the trip I lacked a lot of context about the companies we went to go see. We ended up talking to some pretty high powered executives at those companies and it would have been great to actually have material for high powered discussions about those companies.

You might want to also read over my daily blog posts from the trip.

In no particular order:

Atlassian

Atlassian makes tools for programmers to collaborate with each other. Basically, programmers have tools like carpenters have hammers and screwdrivers and other purpose-driven instruments. A good introduction to what tools are used and why these tools are necessary is a blog post called The Joel Test).

Atlassian has a lot of competition in all of its product lines. But they get people to pay for its products and a lot of people swear by them. Which is really, really hard to do, and they deserve a lot of credit for that. Is it sexy? No. But as I noted in my blog post it's a place where "Silicon Valley's bread is buttered," and they are probably going to IPO soon and make a lot of people at the company wealthy.

Atlassian also has a great culture; it's a fun place to work and there's not a lot of bullshit. In terms of internships I've heard mixed reviews; I was fairly lucky in that I got to sort of design my own. Once you get there if you can think of something cool to work on, if you give a good enough pitch they'll probably go for it.

Bloom Energy

I've never heard of it but they have a pretty impressive list of board members. This Quora post looks interesting. Might be worth asking them about their patents and whether they've been sued.

Google

I don't need to tell you much about Google, it's a great company and it's like number one on everyone's list of places they want to work. Believe it or not CMC is actually pretty good at getting people into Google; if my stats are correct they hired 300-400 new grads last year and six of them were CMCers. Here's what those CMCers are doing:

  • Two One answers phones as part of the sales team

  • One processes refunds for Google Offers

  • One works in HR

  • One looked at websites one by one to see if they were spam or not (I quit after 8 weeks)

  • One works on the help documentation for a product

So I would probably qualify "Google is a great place to work" by saying, "Google is a great place to work... if you are a product manager or an engineer" The fact is that Google needs a lot of bodies to walk new users through Adwords or manually approve Google+ photos and they have no shortage of people with Ivy League degrees to fill these jobs. The actual role is obfuscated during the recruiting steps, and once you actually get there, you think something like this to yourself:

  1. I'm an attractive, young bright person

  2. My job is sort of awful

  3. But if I was really bright, I wouldn't have taken it.

  4. Therefore, my job must not be that bad.

Also, there are a lot of people that put up with it for the free massages, free food, steady drip of insider news/product releases and the ability to tell people they work at Google. I resented waking up and going to work, which is when I knew I had to quit.

Electronic Arts

Video games are glamorous. Working on video games, not so much. However, everyone wants to do it.

In grad school, a friend told me he wanted to go into videogame programming, so I described this post to him. His response was immediate and unwavering: "I don't care, I want to do game programming so much that I'll do whatever it takes." I suspect that enough people like this graduate every year that EA can maintain their high employee turnover indefinitely. source

Read this post for more on what it's like. Hard deadlines are a reality in the game industry, and EA used to have a really nasty reputation for forcing everyone to work overtime without any extra pay. This has apparently improved since they settled a class action lawsuit in 2007, but probably still worth asking about.

EA will ask you to apply through their online thing. I don't think anyone from CMC has even gotten a first round interview, for any position.

Zynga

You probably have your own opinion on their games. You should read about the business with trying to take back unvested options from early employees right before the IPO.

Intuit

Scott Cook is the CEO in Silicon Valley whom I most admire. He's a genuinely nice guy and laid all the groundwork for later companies like Google, Amazon and eBay to follow. From all I've heard Intuit is a cool place to work. They also grok stuff like the Lean Startup there and have a bunch of cool initiatives.

They will probably talk about SnapTax and the programs they have to reach out to farmers in India. That said it's also a big company and your milage will probably vary with the department you land in.

Mint is a really cool product. However they also store the large majority of their customers most secret passwords in the clear; that is to say anyone who hacked Mint's database would be able to log in to every customer's bank/credit card/investing site. This is contrary to password best practice, where passwords are stored in the database as gibberish. I would definitely ask them about this as it seems like a huge PR and security risk. I would also ask about whether Intuit needs to buy innovation now and why their company couldn't grow that solution in house.

Infosys, eBay, Applied Materials, KKR, Box.net, Microsoft

I don't know that much about these places. No one's ever gotten an internship or an interview at Microsoft. Also they will show this concept video with "the future" and people executing horribly complex UI interactions with just one button press. Just keep in mind that today, it takes three clicks just to open your favorite website in Internet Explorer.

Conclusion

A lot of these companies are cool, have great products/reputations and the trip is really cool. You should definitely work in the tech industry - you can wear whatever you want to work, set your own hours, and they don't block Twitter; in short, it's the only industry I've found where you are treated like an adult. However you should think really carefully about the specific role you're going to take at each place.

You should also take a look at my post on how to get that job in tech you are looking for.

Liked what you read? I am available for hire.

Why I quit Facebook

Posted on

I've fought with Facebook for a long time. But I've quit for good now. Here are some reasons why I'm happy I don't have one:

  • I don't have to worry about embarrassing photos later becoming public. I also don't have to worry about accidentally setting the wrong privacy settings or sharing things with the world that I probably shouldn't.

  • I don't have to worry about Facebook selling my browser history. A short detour for the non-technical audience:

    • When you type in your username and password on a site, the site stores a small file on your computer, known as a cookie. 99% of sites on the Internet do this.
    • Then each time you load a new page on a site, your computer sends the cookie to the website as proof that you are you. This way you don't have to enter in your username and password every time you load a new page.

    Now here's what happens when you are logged in to Facebook, and you visit a page with a Like button:

    • Your computer requests the "Like" button content from Facebook. This means that your computer is sending your Facebook cookie to the Facebook servers.

    • Facebook reads your data from the cookie, and makes an entry in its database with your name, the time and the page you visited. It pulls up a list of your friends that have "Liked" the same page.

    • Over time, they can use this information to establish a comprehensive history of your browsing habits.

    Before, I used to only open Facebook in a single-site browser called Fluid, so it wouldn't be able to tie my browsing history to my account (I do the same for Google as well). As it turns out this isn't good enough; they log your IP address when you request a Like button and use it to build a profile of your activity. It's for this reason that facebook.com and www.facebook.com are blocked in my /etc/hosts file.

  • I have ten extra minutes every day.

  • I won't ever remark out loud about someone's funny status or comment. When you don't have an online social network, these comments sound inane.

  • I can avoid zeroes more effectively. I noticed that my Facebook social graph bore little resemblance to my real life social graph; even though I was Facebook friends with my real life friends, we barely interacted on the site. Instead I got a steady stream of updates from people I cared little about. Furthermore, most of the people who added me as a friend were people that I didn't want to hang out with.

    I tried to mitigate this by imposing a strict 150-friend limit. But people would get pissed off that I wouldn't accept their friend request. Because I wasn't interacting with my friends very much on Facebook to begin with, my social life hasn't suffered in its absence.

  • I don't get jealous any more. The number one reason guys have a Facebook is to look at pictures of girls. But every time I looked at pictures of girls I met I would get reminded of how much time I wasn't spending with them. I'd assume the worst in every scenario and talk myself out of pursuing people that were interested in me. In this case being oblivious is actually a benefit.

    The photos people post on Facebook are unrealistic versions of their real lives. As an example, here are my last four Facebook photo albums:

    • Me in South Africa
    • Me in India
    • Me in Scotland
    • Me in China

    Generally you don't see albums titled "The night I was too anxious about social interaction to get off my couch" or "The night Ted got so blasted he peed in someone's laundry, then cheated on his girlfriend". This means that unless you're really careful you are going to wonder why your life is so messed up when everyone else is doing great.

  • When you want to share a message with someone you could send them a private message. When you post on their Wall, it's no longer a message for that person - it's a signal to everyone else. To me, this is insincere and I always felt posts to my Wall were a little fake. By canceling my account I'm telling people about the signals I'd rather send and receive - private messages from the sender to the recipient.

That said, there is one feature of Facebook I miss - apparently people like using it to organize events. But that's not enough of a reason to keep my account.

Liked what you read? I am available for hire.

Ten tips to help you stop worrying about shit that doesn’t matter

Posted on

There's a pretty short list of things that I like doing: learning new tricks, reading, hanging out with friends, and making beautiful things. On top of that, I've been trying lately to actually follow through on everything I say I am going to do, a sort of five nines for my personal life, that's extraordinarily difficult to stay on top of. I work pretty hard to keep everything else out of the way. Here are a few of the tricks I use to avoid things that I don't want to do.

  • Depositing checks: I mail my checks directly to Ally Bank. Total time: about two minutes, plus the cost of a stamp. This is way cheaper than driving to a bank and waiting in line.

  • Finding my bank's ATM: I can go to any ATM and Ally Bank will reimburse me for the fees at the end of the month. This is especially handy in Vegas :).

  • Waiting on hold with customer service: The ideal solution is to use products that don't require customer service, but for those that do I use LucyPhone. Then I can hang up the call, and they'll dial me when someone's on the line. I use GetHuman to try and get to a human being as fast as possible.

  • Finding answers to my random questions: The StackExchange series of sites are wonderful. Most of the time my question already has an answer, but when it doesn't I can usually get one, as long as I take time to ask the question in a coherent way. Failing that, I use Quora, but my results there have been mixed.

  • Keeping my devices charged: I keep chargers everywhere - in the car, at work, at home, in my laptop bag. I never have to think about remembering to bring my charger, because I always have one. Same goes with monitor adapters and toiletries.

  • Finding new music: I have two really good friends that find good music and mooch off of them. I mostly download remixes from Youtube; they aren't listed in Spotify or iTunes or anywhere. If there was a good easy solution to buy I would consider it. When I'm out I use Shazam to get song names.

  • Focusing on the people around me, when I'm on the town: I have a $10 phone I got from Ebay, and another one in my drawer in case it breaks. You may recognize it - a lot of people tell me it was the first cell phone they ever had. I like it because I know how to use it, and it doesn't come loaded with a whole bunch of Verizon junk. I buy minutes from Page Plus; I get 1,000 minutes for $50 and this lasts me about three months.

    I also have an iPod Touch that I use as a smartphone when I'm on a wireless network, which practically speaking is every place that's not a bar or a club.

  • Figuring out what I'm going to do on the weekend: My friends are great planners, so I usually go out with them. I'm lucky too that I have different groups of friends from middle school, high school, college and work, so I can choose what I'm going to do on a given night.

  • Commuting: My commute is 25 minutes door-to-door, which is about as short as it's going to get on public transit in SF. Driving in the city is extraordinarily stressful, so I don't do it. The public transit is generally great.

  • Finding information when I'm out, making restaurant reservations, other assorted tasks: I call Visa Concierge for things that are synchronous, like finding nearby restaurants, movie times or bus routes. I use Timesvr to automate some of the tedious things that have to get done.

  • Doing laundry: I don't really have a good solution for this yet, but I'd gladly pay to avoid having to drag clothes to a laundromat. I keep about a month's worth of underwear, undershirts and socks.

  • Buying clothes: As a rule of thumb, I don't.

  • Window management, and other repetitive computer tasks: I gladly pay for software and hardware that saves me time. Examples: Divvy, Witch, Skitch, TextExpander, 1Password, external monitors, and Peepcode tutorials.

A lot of this stuff is somewhat expensive; I'm lucky I have a job where I can afford to offload a lot of this stuff.

I would pay even more if good solutions existed for other problems in my life. I need to find a new dentist, and someone to get my eyes checked, but don't want to spend time finding someone good. I'd also like someone to manage some finance, healthcare, and server administration things - submit expense reports, transfer money between bank accounts according to certain rules, move all my domains to the same host and domain registrar, but it's hard finding someone I trust to do that at a reasonable price.

Liked what you read? I am available for hire.

Why code review beats testing: evidence from decades of programming research

Posted on

tl;dr If you want to ship high quality code, you should invest in more than one of formal code review, design inspection, testing, and quality assurance. Testing catches fewer bugs per hour than human inspection of code, but it might be catching different types of bugs.

Everyone wants to find bugs in their programs. But which methods are the most effective for finding bugs? I found this remarkable chart in chapter 20 of Steve McConnell’s Code Complete. Summarized here, the chart shows the typical percentage of bugs found using each bug detection technique. The range shows the high and low percentage across software organizations, with the center dot representing the average percentage of bugs found using that technique.

As McConnell notes, “The most interesting facts … are that the modal rates don’t rise above 75% for any one technique, and that the techniques average about 40 percent.” Especially noteworthy is the poor performance of testing compared to formal design review (human inspection). There are three pages of fascinating discussion that follow; I’ll try to summarize.

What does this mean for me?

No one approach to bug detection is adequate. Capers Jones – the researcher behind two of the papers McConnell cites – divides bug detection into four categories: formal design inspection, formal code inspection, formal quality assurance, and formal testing. The best bug detection rate, if you are only using one of the above four categories, is 68%. The average detection rate if you are using all four is 99%.

But a less-effective method may be worth it, if it’s cheap enough

It’s well known that bugs found early on in program development are cheaper to fix; costs increase as you have to push changes to more users, someone else has to dig through code that they didn’t write to find the bug, etc. So while a high-volume beta test is highly effective at finding bugs, it may be more expensive to implement this (and you may develop a reputation for releasing highly buggy software).

Shull et al (2002) estimate that non-severe defects take approximately 14 hours of debugging effort after release, but only 7.4 hours before release, meaning that non-critical bugs are twice as expensive to fix after release, on average. However, the multiplier becomes much, much larger for severe bugs: according to several estimates severe bugs are 100 times more expensive to fix after shipping than they are to fix before shipping.

More generally, inspections are a cheaper method of finding bugs than testing; according to Basili and Selby (1987), code reading detected 80 percent more faults per hour than testing, even when testing programmers on code that contained zero comments. This went against the intuition of the professional programmers, which was that structural testing would be the most efficient method.

How did the researchers measure efficiency?

In each case the efficiency was calculated by taking the number of bug reports found through a specific bug detection technique, and then dividing by the total number of reported bugs.

The researchers conducted a number of different experiments to try and measure numbers accurately. Here are some examples:

  • Giving programmers a program with 15 known bugs, telling them to use a variety of techniques to find bugs, and observing how many they find (no one found more than 9, and the average was 5)
  • Giving programmers a specification, measuring how long it took them to write the code, and how many bugs existed in the code base
  • Formal inspections of processes at companies that produce millions of lines of code, like NASA.
In our company we have low bug rates, thanks to our adherence to software philosophy X.

Your favorite software philosophy probably advocates using several different methods listed above to help detect bugs. Pivotal Labs is known for pair programming, which some people rave about, and some people hate. Pair programming means that with little effort they’re getting informal code review, informal design review and personal desk-checking of code. Combine that with any kind of testing and they are going to catch a lot of bugs.

Before any code at Google gets checked in, one owner of the code base must review and approve the change (formal code review and design inspection). Google also enforces unit tests, as well as a suite of automated tests, fuzz tests, and end to end tests. In addition, everything gets dogfooded internally before a release to the public (high-volume beta test).

It’s likely that any company with a reputation for shipping high-quality code will have systems in place to test at least three of the categories mentioned above for software quality.

Conclusions

If you want to ship high quality code, you should invest in more than one of formal code review, design inspection, testing, and quality assurance. Testing catches fewer bugs per hour than human inspection of code, but it might be catching different types of bugs. You should definitely try to measure where you are finding bugs in your code and the percentage of bugs you are catching before release – 85% is poor, and 99% is exceptional.

Appendix

The chart was created using the jQuery plotting library flot. Here’s the raw Javascript, and the CoffeeScript that generated the graph.

References

Liked what you read? I am available for hire.

links for 2011-09-19

Posted on

Liked what you read? I am available for hire.

Chrome extension to drop jQuery into any site

Posted on

Chrome extensions are sandboxed. This means that, while they can access the page, they can’t interact with other Javascript variables that are live on the page or live in other Chrome extensions. All in all this is probably a good thing, because the global namespace gets polluted easily and there are probably security reasons why you want to have this feature as well.

However, this makes debugging Chrome extensions a pain in the neck, because none of the variables that are live in your extension are live in the page itself. This means that you can’t really debug them in the console. Lots of times all I want to do is inspect some objects on the page with jQuery and test that I’m selecting the right object on the page. I have jQuery in my extension, but I can’t run jQuery on the page, because the page doesn’t load it.

So I wrote a Chrome extension that’ll drop jQuery into any page you are testing, so you can inspect things from the console. It’s pretty simple again but will save me from writing console.log statements into my Chrome content script, tabbing over to chrome://extensions clicking “Reload”, refreshing the page, and then clicking around to trigger my behavior. You want to enable it while you are debugging your app, and then disable it when it’s complete, otherwise you’ll have a performance hit from the extra external request. It’s about three lines of Javascript, but they are a good three lines.

You can grab the extension here.

Liked what you read? I am available for hire.