Archive for July, 2008

Follow The Leader

In order to succeed as a team, in any sort of team, you have to follow this basic principle, which has been applied and maybe is accepted universally.
The principle is simple. 
  1. Appoint a Leader
  2. Leader makes council with the team
  3. Leader makes a decision
  4. Team supports leader in his or her decision
Its that simple. In this way, an organization, a team, a family, or a company can move forward. Every decision that you need to make, is done in this manner. The team will work together for the best solution, but in the end the leader needs to make a decision. Once that leader makes a decision, the team needs to move forward WITH the leader. 

This means, the leader doesn’t necessarily dictate, but he or she has gathered input from the team and made a decision. Then they will have to choose a solution and go with it. If the team continues to argue and fight over the decision, progress will be slow. I believe this applies in families too. There has to be a decision maker in the family, for example that is appointed for financial decisions, and then having a discussion or gathering input from the family is great, but in the end one person has to make the decision, and the family needs to be supportive, even if they don’t all agree with it. However, this applies in normal circumstances and there are caveats.   There might be some cases where it would be unethical for team members to support a plan if its morally wrong or it goes against everything inside them and they feel it’s a plan headed for disaster.
It pains me that time and time again I see this happen – the leader makes a decision and the team continues to question him at every step of the way – “Why are we doing this”, “Why are we doing this”, and “why are we doing this” instead of understanding that they were appointed for this role (they might be your boss for example) and they are ultimately responsible for the decision, you need to do your job and support them.  I have seen some cases where I questioned my manager because I didn’t see the wisdom in the decision he made, but in the end it turned out he was right and it was just my foresight wasn’t as far as his…  So I learned my lesson, be patient, and be a team player. 

As a team member, sometimes I have to swallow my feelings and say, “okay I don’t think this is the smartest decision and my idea is actually better, but I will go with you on this”.
From a developers perspective, you can think of this as requirements. Your boss gives you the requirements, you implement it. How you implement is up to you, but you won’t be able to proceed if you start arguing about the requirements. Requirements are requirements, once they are agreed upon, please continue.

So in normal circumstances, if you want to succeed, get a leader, and help him with his decisions, but in the end.. Respect the decision he makes and go with it. (He or she, that is).
The best team isn’t necessarily the one with the best players, it’s the one that plays together the best. 

How to Waste Millions Of Dollars With Outsourcing (or Make Millions)

To management, the idea of outsourcing sounds very sexy…. The idea of producing the same content (code, or what not) at 1/2 or 1/3rd the cost is almost a wet dream for management, if I may be so bold. Even though it sounds great in theory, it’s actually a very tricky function to master. Here are some things I have learned with my outsourcing experience.

Keep in mind I am not discussing the outsourcing style of passing requirements and getting the end product complete. I am discussing the style of hiring outsiders and working with them on a daily basis.

You have to start by looking at what is the purpose of outsourcing. Is it to save money? Or is it to improve quality? Or is it so that your team can focus on other things? Get this straight first before going any further. My points below are in the context that you are a software company (or at least do some software development) and you are considering outsourcing to save money and cut costs.

From friends, I know that some very popular companies outsource, such as E-Trade Canada, Accenture, and recently the new online T.V. web site Hulu which outsourced its development to China.

  1. Before you start outsourcing, have your process solid – i.e. have regular scrum, know how much code you are generating each week, and so on. It’s very important that you have some idea of costs for developing software for your local team. If you have no idea, you won’t be able to see if you are really saving money or wasting it.
  2. Know velocities of individual team members so you can measure cost effectiveness of your outsourced work.
  3. Build your estimation skills. Read Joel’s article on estimation and his second article on estimation (which is really a promo for his bug tracking software but still worth reading) and Steve McConnell’s book on Software Estimation (highly recommended, very easy to understand).
  4. Get smart/able/competent guys. This can make or break your outsourcing project. If you are going to get developers that need baby sitting, then hire a baby sitter on their end to clean up their code, otherwise you are going to waste your valuable resources fixing and re-fixing and re-fixing their code. In this case you might not be actually saving money.
  5. Review their code. Someone on your side is going to have to review their code to make sure that they aren’t purposely obfuscating it in order to secure their jobs in the future. I have seen a Flash application that was built in this manner, the team overseas purposely messed up the code in such a way that it would be difficult for others to continue where they left off.
  6. Learn from those who have done it before. If not, you are going to mess up big time, in many ways. Might be worth getting a consultant who has been successful with such projects. Another idea is to find someone who has connections "back home", and go there to see how some of the shops work.
  7. Turnover is really high in India/Bangladesh/ and so on. This is because jobs start at really low salaries (like $200 a month) and go upwards to like $3000 a month (comparable to working in Canada or USA). You will need to find a way to solve this problem. Somehow you will need to get them to commit that guys will not drop like flies. This is so important because there is always an upfront cost to learn an application, and it becomes more as the complexity and lines of code increase.
  8. Consider a cross-cultural learning program, you send some people there for a while, they come over here for a while. A lot of big companies do this. It’s almost a must.
  9. For the team overseas, its important to spend your valuable time together in the beginning to ask lots of questions and understand the requirements as much as possible, in case there is a task that you run into questions, then leave it and work on something else.

Hamid, Axosoft CEO claims that Outsourcing is for Dummies. I think this isn’t true in all cases, as I have been able to apply outsourcing successfully on some small projects. However, it all depends on the case, and for building complicated software with a (geographically) fragmented team, you may just end up proving his point.

Server security and PHP Safe mode

Last weekend was a bit of a disaster.  One of the servers I was maintaining was hacked, big time.  How did the (not so nice word) guys do it?  Well, first of all, I learned hackers think they are doing good deeds.  They did me a favor by hacking my server and by not "deleting all the files".  They only defaced some 30 something sites and caused me lots of misery and site cleanup.  Why do I say this?  Based on the hacker’s signatory message – "Owned by nEtDeViL .. Just testing your Security .. Peace ! .. net_devil@…….com"

So Mr. hacker dude, if you really want to just "test" my security, why don’t you send me a kind email stating that you found some security holes and how to fix them?  That would be a real gem of a good deed 🙂

Anyway, there is always light at the end of the tunnel, good always comes from bad, if you are patient and learn from your mistakes.

Here is what I learned – TURN ON PHP SAFE MODE!  The hacker exploited some old postNuke script in the albums folder uploaded some old Russian hack script called r57shell.php .  This script allowed him to install some rootkits which basically log everything you do on the server and all sorts of crap.  Which caused me to have to get a new server, yada yada.. 🙁

Now the first reason they managed to achieve this, is I didn’t have php safe mode on.  I didn’t want to inconvenience my buddies on the server (ya right, dumb move.)  So even if they managed to upload it, they can’t do much with PHP safe mode on.  But with PHP safe mode off, well sorry buddy, even your own pals on the server can use this script to take over the server if you didn’t give your friends full rights to run stuff on it and they get mad at you (you know what they say…. keep your friends close and your enemies ….)

Second thing, I went all out and installed Suhosin (grown out of what was known as PHP Hardening Patch).  I don’t know how much this will help me, but at the least it didn’t break anything on the server, so I’m leaving it there for good measure.

There is also Mod_Security for Apache but that’s a bit difficult cuz it will slow down your server by checking every single request plus it will break a bunch of scripts so you will have to keep tweaking the regular expressions to get it to work nicely especially if you have tons of apps on the server.

Related reading – Forum Post: Tightening your PHP Security (just a few easy tips on how to tighten your security)

PS.. this server is running Microsoft Windows so don’t even bother trying to hack it 😉 — okay don’t laugh

Optimization WordPress Plugins & Solutions by W3 EDGE