What makes them better/different or noticeable? Marketing. Take a look at the web hosting industry. There are literally thousands and thousands of web hosting companies all offering (nearly*) the same thing. They differentiate by reputation and marketing. Ask any small business owner if they have a website, then ask them have they heard of AWS? I bet they won't. They'll be use Joe Host down the street from him or GoDaddy or won't have a clue and they have a "web person" to take care of that.
A product idea only gets you so far. Now you need to master how to get people to find it, tell them they need it and get them to sign up by hopefully providing you their credit card for X service/product. Your journey is just starting.
Answers to your questions:
1) Yes. It happens to everyone. And you want it to happen because being first is very expensive. You have to educate the market place and that takes time and money. Plus if you were the first and started to succeed, do you think that other startups (or larger companies that smell an opportunity) wouldn't pour into that marketplace? That's the market-based system hard at work.
2) Joel Spolsky and a million others have said to ignore your competitors and concentrate on the customers. Nothing your competitors ever do will be as significant as just listening to the people who will ultimately use your product. So carry on. Mate, eventually you will have to deal with competitors so you might as well train your mind and your company to deal with this as early as possible.
3) That's ridiculous. If you are passionate about the idea then fight harder now.
4) Yes, you could create an economy where the first company with a particular idea gets a 17 year monopoly. Seriously, you fight because, eventually, if the idea is good and the market is large enough, the competitors will be flocking in. Learn to handle this now. You buckle down and work twice as hard.
You need to realise that nothing, and I mean nothing, gets done until you have customers. You think you've been working hard now but you haven't. Customers are the only difference between a startup and a successful business.
Overall, I think this will be a good thing for you. It's (bluntly) lit a fire under your ass and will make you re-assess your plans to create a more customer-centric plan. Good luck.
Its natural to feel discouraged or wonder if the window of opportunity passed, but history has proven unequivocally: first-to-market guarantees nothing.
Never abandon an idea because competitors exist. Abandon an idea because it lacks meaningful differentiation, because no one wants it more than the alternatives.
Here are inspiring examples of companies and products that flourished despite entering the market after others:
Facebook > Myspace
Google > Alta Vista
Nike > Converse
iPhone > BlackBerry
Instagram > Hipstamatic
Airbnb > CouchSurfing
WhatsApp > SMSenger
Dropbox > FolderShare
Skype > Net2Phone
Zappos > Shoebuy
Gmail > Hotmail
YouTube > Metacafe
LinkedIn > Ryze
Tumblr > Xanga
Kickstarter > Indiegogo
Do you think they will execute better? What if both of you succeeds? Is the market big enough for multiple players? Do you really need more time to go to market? (6 months is quite long for an mvp)
Besides, why don't you tell us what you're working on? Do you think someone will copy it or something? If that's the case, maybe it's something easily implementable and that can also happen after your release as well. In that case, those guys on Kickstarter won't do any harm, this will be the nature of your market.
Many of the most successful products today were not the first in their market: Google wasn't the first search engine, Facebook wasn't the first social network, the iPhone wasn't the first smart phone, etc. They succeeded because of innovative features and business skills, not because they were first to market.
As others have said, launch now and see what happens. Don't assume that most of the market has seen your competitor simply because it is on Kickstarter and you have seen it. There are billions of people in the world, and probably at least millions of potential customers/users of your product. Most have neither seen the other product nor had a chance to decide that it is better than yours.
The first time I gave up. In retrospect I'm thankful I did, because I later came to realize I wasn't a true believer in the idea. Although it was valid from a business perspective (as evidenced by the other people doing it), it wasn't anything that truly excited me. If you're trying to build something exceptional, being excited matters for both morale and creativity reasons.
Regardless, in retrospect the first idea still could have succeeded. The competition's execution, while initially virtually identical, significantly diverged later on.
The second time featured very similar initial execution, followed by a divergence so large that I don't even consider them competitors anymore. It's even happened a few more times on the same idea, and each time the end result is wild divergence. This is likely a result of the second idea being more complex.
The moral of the story is that you shouldn't worry about competitors, even if it looks like doom and gloom right now.
Divergence in execution is proportional to idea complexity. Unless the idea in question is dead simple with no conceivable variation, press on.
Even so, press on anyways if you're a strong believer and the idea excites you.
If you have considerable time invested but don't believe in a way that excites you: kick it out the door fast, throw it against the wall and see if it sticks.
We all think that we are special snowflakes and that our idea is unique. Unfortunately, there are probably tens or hundreds of other groups of people working on the same idea of yours, at this very moment. These guys launching on KS probably have been working way longer than you on this idea, maybe one or more years. Having competitors is a good sign vs. no competitors at all. Note here, profitable competitors is a good metric, not just KS campaigns!
1) Yes it happens all the time! Don't try to defend your idea with patents, try and build a better product and serve your customers better.
2) Don't get discouraged, instead take some time to reflect why you are doing this, how are you solving your customer's problems. Why is your solution better or how could it be better. Can you execute this project to the end? Have you talked to your users about their problems? Do they get excited when you tell them about your solution? Can you bootstrap your way to a campaign or even better, to some beta units? It's all about execution.
3) Not enough data to advice. Follow your gut feeling..
4) Nothing to do to avoid others doing it. Don't be defensive about it, embrace it and try and build a better product.
PS: Remember to have fun and enjoy your self (ZEN of business).
Hope this helps :)
There is even an argument that you want to be "the last" on the market.
For example, Google is the last "search engine" - it wasn't the first search engine on the market but it did grow to dominate the market when it arrived.
Often the first mover advantage comes with a lot of pride leading to arrogance and them making unforced errors.
Keep your head and focus on execution, margin and survival. Who knows what the future holds.
I'm the lastest entrant in a very mature market and I'm cleaning up.
If you'll excuse the cliche: pioneers take the arrows, settlers take the land.
Finally, six months of hard work and nothing is shipped? This is your answer to #4. Ship early and often. Six months is an incredible investment without feedback from users.
But, as your business evolves, you'll move closer to some competitors and further from others. I think of it like ships sailing in the sea: you might be close to a competitor right now, but have very different trajectories (moving up vs. down on the pricing curve, expanding your product assortment horizontally versus vertically, focusing on different segments of the market, improving on different aspects of the product, etc).
2. One of your jobs is going to be to navigate that competitive landscape. It shouldn't necessarily keep you up at night, you need to focus on the problems in front of you instead of being constantly paranoid about competitors, but you do need to be strategic about where you steer your ship to stay differentiated.
Is the other product exactly the same? Could you differentiate on brand, focus on a different market niche, do it cheaper/better, have better design?
3. It depends on #2. If I could think of a way to differentiate and leap frog the first product, I would try that. If not, I'd probably launch it anyway if I've spent 6 months on it. What do you have to lose?
4. You can't avoid it altogether. There will always be competitors if you're creating something valuable, if not now then later. One of my friends runs a company that builds SaaS for janitorial quality control (a relatively niche market) and even he has competitors. Navigating the competitive landscape is just something you have to continuously do as a founder.
Many of my ideas also existed when I first started to imagine solutions to different problems. But I realized execution really matters.
Take example of google search, macintosh etc. Search and personal computers did exist before those. Similarly PC market is over crowded. Product quality and experience matters a lot.
Keep building. It would be an experience. As long as you have one or more strong features that gives your product strong advantage you are in the good.
To your questions:
1) Yes, but so what? They are probing the market for you and you get to enjoy free market research. If their KS succeeds then you know you're working on something valuable. If they fail, then either there's no demand for the product or they haven't executed well (which would be a chance for you to do better).
2) Sit back and enjoy the show. And keep working on your product. There's likely a lot of opportunity to differentiate down the road.
3) Continue and watch how their KS goes.
4) Of course not. But it's not necessarily a bad thing.
What is common with all these above ? They were one of the first if not THE first to enter the market and they were all destroyed ultimately by facebook and google. If there is one evidence like this, then you can conclude that being first in the market is not everything. Mind you, these companies were no minnows during their time.
Let me say this. If your project fails, it will not be because you were second or last in the market. Most likely, it will be due to bad execution, unfit market, no validation, poor management, founder conflict, shitty product, no marketing and others.
It's a very simple concept, but as others have noted: execution is key. It's not the first product to market that wins, it's the first product that the market wants that wins.
If I were trying to build a thing, and somebody told me: "hey, I've had the same idea as you did, and worked half a year on it", I'd be intrigued to learn from their experience, and maybe even consider some form of collaboration.
Was Facebook the first social network? It ate Myspace for dinner, plus things like Orkut.
Shimano didn't invent derailleurs.
Google and Samsung didn't have the first touch screen smartphone.
Also, first movers don't always win, because second movers can learn without maintaining legacy.
Who would you rather be?MySpace or Facebook?Alta Vista or Google?ICQ or Skype?
Normally, if you are having a hard time with Django its because you're trying to work around it the wrong way. This takes time to learn but Django can be really elegant to work around and with.
The second option is Flask or Tornado which are pretty great too. Both would give you more freedom but also less structure. I find it better to have the structure because unless your an experienced engineer your Flask or Tornado project will turn messy quick. Django projects can turn messy too, but at least there is a more training and protocols for people to follow.
I use Flask/Tornado if I want to use Python and I know my project is a small service and will probably not get big.
I use Django if I want to use Python and I know the project will grow over time or I need features from the start like a database, migrations, cache, etc.
It scales beautifully (see the likes of Instagram, Disqus, Sentry, etc.), has a great security track record, sane deprecation schedules, and the core team keeps up with the times and new technologies but does so at a sane pace and without rushing things.
Not to mention the documentation - ohmygod, the documentation!
In a nutshell: pick Django, keep learning Python, and try to build something that your users love.
* A lot of _very common_ situations and patterns are already solved for you, and they're solved in the cleanest way possible.
* The documentation is excellent, both with "guides", examples, and API reference. Django (along with OpenBSD), has probably the best documentation I've seen around.
* Clean design (of django itself) means that you can extend it, or avoid using bits that for some reason don't suit you.
* Very transparent development, and the developers are really into open source - everything is done out in the open. This last point might not be really important as a user, but it helps if you ever want to contribute (or understand) anything to django itself.
Even after years of django, I very occasionally still come across a functionality in django that I'd overlooked and saves be a bunch of my own code.
Your app does sound like it is in Django's wheelhouse (CRUD against a DB with users), so it is probably a good fit.
So I'd suggest you just some popular framework and don't worry whether it's the right one. Pick one and run with it!
Its easy, it scales, use any DB and Pyramid framework has good documentation too.
Or go with web2py if you need to start simple and easy and fast prototyping. It has an ORM which supports many Relational DB and MongoDB too if you need it. It has good documentation. Its authentication and authorization system is too easy.
Stick to python3.
Really good python learning resources.
Also, "there's an app for that". The ecosystem is large and healthy.
If you don't want Django cause it's Django, then Flask and Pyramid are other excellent alternatives. There is also a swath of more specialized frameworks (eg. Tornado).
Django is mature, full-stack, flexible, has sound architectural decisions behind it, relatively good security track record. There is a built-in admin and permission systems to help with what you require. Batteries included such as an ORM, templating, routing, forms. The Django third-party apps/module ecosystem is rather large and accessible: from authentication, social media integration, payment gateway integrations, APIs, to whole apps like invoicing, helpdesk, etc.
1) Great documentation. Well organized, well written. Good balance between theory and examples.
2) Superb ecosystem. Coming from PHP land, I got the sense of a "anything-goes" mentality. On SO, people who help are very much interested in doing things the idiomatic way.
3) You get to practice Python!
Note I am not saying "build a new, generic framework because all other frameworks stink". Building libraries with the goal to support other projects is a neverending task.
But only building the support paste as you actually need it is not a lot of work. WSGI is a quite simple interface. I'm doing this myself and the support I currently need is only ~500 lines. The only external library I use is jinja2 templates. As database I use plain sqlite3 from the python standard lib and in some places text files.
If you don't know and don't want to learn HTTP and Web application architecture you will of course end up with a broken design. On the other hand it's very rewarding to learn how to decompose an application into independent components (templates, services, routing, database access, business logic, authorization, session management, config parsing, project directory structure, what have you).
The other big advantage is of course flexibility. If you do a good job the decomposition is better than with a framework. This means flexibility. It's easier to fix problems than with an opinionated framework.
If you want to make something really professional just ignore the words of a n00b.
Create your own framework - writing http headers etc from scratch which will take you forever or Use a lightweight framework like Flask or Web.py.
Either way, you'll end up creating your own ways to query the database and creating patterns to communicate with frontend.As you write more code, you'll abstract your code to reusable methods.
About a month into the project, you'll realize that you're slowly rolling out your own framework which has grown organically.
Soon you'll realize you're better off using a polished framework like Django which has abstracted many of the details so you can focus on delivering value instead of clobbering together your own framework which will become a burden to maintain alongside your app.
I've been using Grails for over 10 years, my clients are super happy with what I have delivered. I've built complex issue tracking systems, e-commerce web sites, administration panels, data management tools and so on. Code I wrote 10 years ago is still working fine today! I highly recommend learning one of these frameworks, you will make new friends and good money!
Lacking details, it seems like your app could be a good candidate for Django.
For me, the main appeal is the Django admin. It gives you a great way of interacting with your data with minimal effort.
- Ruby on Rails
- Node + Express
The major reason I have picked Django is that it is written in Python, which allows me to use an elegant and beautiful language that I can apply in any field, and utilize a huge amount of python apps, scripts, and stackoverflow examples.
Using Django has also enabled me to learn the solid foundations of web development, which I can expand upon and apply anywhere.
For example now I am experimenting with React and Express, and knowing Django helps me enormously, it makes understanding these things way easier.
I have built a bunch of projects with Django, and I am extremely happy about my choice, so I highly recommend it to anyone who is beginning to learn web development.
As others have mentioned, Django is opinionated and I think they get it mostly right.
I use Flask myself, in part because I wish for my data modelling language to be a separate part of my stack, but my use of Flask is heavily influenced by Django's philosophy.
I am the primary developer of Flask-Diamond, which attempts to adapt Django's opinionated choices to Flask. However, I would still recommend that most people start with Django.
But be careful if you intend to create a stable, heavily-used site. I have so many problems with Django in this use case that I've gotten tired of listing them each time it comes up and collected them into a blogpost: https://alexcbecker.net/blog.html#django-is-terrible
In a more a la carte framework, such as Flask, there are packages to help with user auth, but you have to do a lot more work to get them working with whatever ORM you choose.
This means I can spend my time making products instead of wrangling packages together.
If your application fits the use case - a mostly CRUD application based on SQL, HTML-based or REST, no heavy real-time component - don't think twice about it. Of course, none of those factors are a hard limitation, but if you stick to them, Django fits like a glove.
What you're looking for could be Flask or even something simpler like
or its Python3 version
Now, about Django...
I inherited a Django project and after a few months working on it I wouldn't start a project of mine with it. Obviously customers can ask me to do anything :-)
Disclaimer: I might be biased against it because I don't like Python much (it looks like a badly engineered Ruby, and probably the other way around if you like Python, no bad feelings).
First problem: coming from 10 years of Rails, Django is very weakly opinionated, so you can arrange the project as you want, name the db fields as you want, etc. This is not as bad as having no framework or using Flask, but a developer joining a project might have to spend time to get familiar with the general structure of it (and the bill for the customer keeps growing, so the chances he won't be happy).
Second problem: it doesn't import automatically every model and module. It gets tiresome to do that in every file and in the shell (and the bill...) This is not a language thing because Ruby has to import modules too but somewhat Rails works around that. Surprisingly it raised problems for me only a couple of times. The sum of the time lost with Python in the last few months is greater than the one I lost in Rails because of that.
Third: the templating language is not Python but some crippled down language. Somewhat people still manage to write nice code with Web2py which uses full Python in the templates. Rails too. Why not Django? More time lost to learn one more thing.
Web2py is an alternative but it has its share of problems: the first two of Django plus a very risky approach at migrations which are automatically enforced as soon as you run the code. If there is a way to turn that off and you really like Python or have to work with it, look at Web2py.
About the nice points, it's got everything that it has to be taken for granted in a past 2005 web framework: tests, migrations, ORM. It doesn't miss any particular feature, it's got a big community so it's a safe choice and I won't steer customers away from it.
Say Lastpass, KeePass, and 1Password agree to support an open public-key auth protocol, where during signup if a site supports the protocol, your password manager will provide a public key instead of a password, and will then sign a challenge with that key during login.
- Progressive enhancement -- everyone doesn't have to switch at once. Switch if you already use a password manager and want to opt into better security. Start with power users and trickle down as the pattern establishes itself.
- Workflow -- my password manager is already necessary for me to log into most sites, so I'm already solving the problem of syncing the cert store everywhere I need it. My password manager is also already part of my UI flow whenever I'm asked for a new password. If anything this will simplify my life as a user, because server-side support will let my password manager offer better UI. (This would require some manual challenge response for the rare occasions I can't install the PM -- not sure how tricky that part would be.)
- Incentives -- supporting the protocol is a value add for password managers -- it's another way to get higher security by using the product.
I'm sure folks are ahead of me -- just tossing out this angle in case it's helpful.
At small to medium sized companies it isn't uncommon to host a number of self-hosted services, such as GitLab, MatterMost, some wiki, perhaps OwnCloud, the list goes on. Securing all these services takes some non-trivial effort, even if you manage to get all services talking to your local LDAP server (we did!). Only recently GitLab advised users of the self-hosted solution to upgrade ASAP due to a security issue.
To cut ourselves some slack, we placed all these services behind an Nginx proxy. That proxy is secured with client-side TLS certificates. So if you try to access https://chat.example.com without it, you just get a friendly error message (actually, you get a picture of Grumpy Cat saying 'no', but you get the idea). With certificate, you get the service you wanted to access. You still need to log on with the service, but that's usually just a matter of doing it once and ticking the 'remember me' checkbox or something similar. For our users it just works.
Generating new certificates and revoking old ones is fairly simple for the administrators (couple of scripts, ample documentation).
The arguments against public use still stand of course, but for this scenario it is a great solution.
I was enrolled at the distance university of Hagen in Germany for a while and they require the use of client certificates for access to their online portal. There were clear instructions for how to create and use a client certificate but I suspect they have an advantage in that many of their students enrol in technical subjects or already have job experience. Compared to an ordinary website they also have the advantage that students HAVE to use the website and they're the only public distance university in Germany so there's no competition.
From a user perspective the client certificate is incredibly cumbersome. It's a file on your computer, so you have to remember where you put it and move it to new devices if you want to use it there too. It also means you're more likely to misplace or lose it though you're probably less likely to leak it compared to a password.
The instructions also largely boiled down to "use Firefox". In Germany Firefox has a huge market share and is widely deployed as the alternative browser in the public sector (although IE still exists due to contracts with intranet service providers). In other countries things look differently.
In Chrome the experience of using client certificates was even more convoluted and the university officially didn't support Chrome because apparently client certificates flat out didn't work in Chrome until fairly recently (i.e. a few years ago).
In terms of UX, creating and using password is trivial compared to creating and using client certificates. Of course this is mostly because most people do passwords wrong. Creating and using a secure non-guessable password is difficult (though services like 1password or lastpass have made it easier at the cost of adding a single point of failure) but it's still marginally easier than creating and using a client certificate.
The big difference though, is that insecure-by-default is not as big of a cost to a website or software as the bad UX of client certificates. Sadly the UX of client certificates likely won't get better in browsers unless more sites use client certificates -- so it's stuck in a Catch 22.
Not to mention that almost no one uses two-way SSL compared to standard SSL, making it very difficult to find good documentation and support for full two-way authentication. Most people assume SSL means server-only authentication and don't even realize client-authentication is possible. Many tools simply don't support it, or require obscure options to enable it. I found it difficult even to get a properly signed client certificate from a major CA, as the standard certs you get are marked for server authentication only.
BrowserID (Persona) solved some of these issues by issuing short-term certs to devices based on a login, and designing an API for logout, but even the organisation that specced it out (Mozilla) never integrated it into its browser, so it failed on usability grounds.
In many EU countries getting citizen certificates is getting more usual in order to deal with government paperwork (taxes, forms, healthcare, subsidies, etc.) so now that an unified trust structure exists, maybe it can boost adoption also by browsers and websites.
Edit: here's an official FAQ on eIDAS. It explicitly mentions website authentication and browsers. https://ec.europa.eu/digital-single-market/en/news/questions...
There's also a big difference in where the certificate store is and which browsers share it. For example, on Windows the certificate store is managed using Internet Explorer and the same is also used by Google Chrome. Firefox, on the other hand, has its own certificate store (including trusted CAs). So even if you deploy a system to provision client certificates, non-tech users may find that the site does not work on a certain browser depending on which browser they did the initial certificate generation and import from.
Exporting and importing certificates into different browsers is quite easy for techies, but you'd have to provide step-by-step instructions with screenshots for others. And God forbid a browser/system's certificate management interface changes, and you'd have tons of tickets coming to support.
And almost none browser can deal with them correctly (or could not few months ago) - I'm looking at you Chrome, mobile Opera etc...
Apple Keychain can store certs (I believe), as can most password managers so there's that to help.
But, IMHO, the only way it could get widespread use is if the cert is stored on a physical token that you can connect to your different computers. In the style of the DOD CAC where the private cert never leaves the card itself. Back up the certificate before storing it on the card or USB stick, and then plug that into every computer you want to access. Downside: Without multiple tokens you can't use multiple computers at the same time (easily).
Certificates? Most are vague at best about them. Does closing the browser window stop access? Can you share certs? If your laptop is stolen did certs get compromised? How do you deal with compromised certs? Etc, etc. Ask a generic user something like this and enjoy the answers.
This is slowly changing -- as more organizations switch to cert-based authentication more users get to know and trust them which can lead to wide adoption for personal use.
Source: I've done contracting for government and I've worked on a PoC to determine whether we could bring 2FA to a 10M people country at once.
You'd need to be able to maintain/deploy certs to all your devices in a way that's simple enough for non-technical users to understand; never mind the added requirement for safe private cert handling on each device.
Once you're outside of the browser accessing services, take banks for example, now I need a my browser to have the cert and my mobile apps individually to have those certs as well... or I have certs for the the browser and passwords for the apps (more complexity for the user). Sure my devices can have a cert safe or similar, but the apps/browsers would have to respect that sufficiently for it to be useful (hard enough to get my password manager to work with my phone apps well... certs... eek!)
Finally each browser, app, etc. may have it's own way of dealing with things... making for even more complexity.
I could go on.
Point is there's an awful lot of friction to make that work as simply as the less secure, but apparently socially acceptable, passwords we use today. Whether that should be "the way" or not is irrelevant... consumer choices include factoring in immediate ease of use, right or wrong.
I think there are better arguments for 2FA, since there is something approaching reasonable standards (most applications I encounter support Google Authenticator or that standard at least). You still end up with another ease of use issue, but that might a more surmountable one. (I do hate, though, that I have to use my 2FA on the device which I get my 2FA auth codes from... I understand why, but still...)
Of course, Hacker News is a start-upish sort of community... so maybe unified technology security management for consumers is the next big thing to be "disrupted". :-) Have at it!
Signing up at a site is just requesting a client cert at the site's private CA.
It requires a user agent (a browserplugin) on the client side. The agent keeps check of which certificates belong to what sites so it actively blocks MitM attacks.
Granted, if you need to share your certificates, you'd have to copy them over. For that, use the sync-feature of your browser or design something better. But synching is a separate concern, independent of the authentication protocol.
"When you enable SSL decryption for your endusers, SSL-encrypted traffic is decrypted, inspected, and then re-encrypted before it is sent to its destination."
The specific issues are:
1. You have to install a client certificate on every device you want to use. And, you have to keep that certificate up to date. If you use multiple web browsers (for say UI development testing) you have to install and maintain the certificate it each one. MIT currently issues client certificates with a validity period of slightly less than one year. That makes for a lot of lost time every year for students, staff, and faculty, spent re-installing client certs.
2. The certificate can be stolen just like a password. But, there is no easy way for the client to revoke a stolen certificate. Many CRL list implementations are lacking or fully absent. There for, organizations that depend on client certificate authentication typically depend on certificate expiration to re-secure compromised client accounts. (See #1 above)
3. Client certificates are not supported by all web servers. The major players support it pretty well. But, there's been a proliferation of specialized, micro, and nano web servers over the last several years.
4. You have to invest in securing the signing key for the client certificates. This usually means a decent HSM which costs on the over of $x00,000USD. At MIT for example, there is a web site where anyone can go at any time to generate a new client certificate (again, see #1). This site needs to be able to perform signatures constantly which means the signing key needs to be accessible 24/7 online some how.
5. Proxies are a problem. If you try and terminate the TLS connection early, the client certificate related operations are not "proxied back". Some proxies like HAProxy will allow you to pass back environment variables set during the client certificate authentication process. But, that is obviously not the same as having the final destination webserver performing validation. This has become much more of an issue with the invention of ClouldFlare's TLS proxying CDN.
6. If you implement logic to expire certificates at the end of a customer's subscription or enrolment period, it can cause significant headaches with processes where it would be helpful to still be able to authenticate them. For example, if a customer's subscription to your SaaS site expires and you want them to be able to review with out inadvertently sharing details of their account with others. Or, if a student has graduated but they still need to pay some unpaid parking tickets. MIT runs into this issue often due to its use of client side certificates. If you extend their certificate well beyond the end of their system authorization, you have to put a lot of complex authorization code in all of your local apps and websites. While client certificates only provide authentication and not authorization, many implementers use client certificates for both simultaneously. This is especially true when protecting web content and web sites with client certificates.
Also it's because a phisical thing you lose easier than forgot a password (new/crashed/different computer, another browser, etc, etc)
Another problem is how to manage your keys between devices.
If this would be offered as an extra option, just like Gmail has 2FA, that would be great!
But I agree it is a good solution in a 2FA for internal applications.
UX is the other one. Chrome is removing support for <keygen>, and they have excellent arguments for why: https://groups.google.com/a/chromium.org/d/msg/blink-dev/z_q... (Essentially, the ability for a website to inject certs into the system cert store is super weird.)
And without <keygen>, the experience of installing certs is completely awful. Let alone the UX problems with expired certs, etc.
One of the banking sites did as well but dropped it, now my gmail is more secure than my bank account since there is no 2fa on this bank.
The java applet approach must cause endless customer support requests
Windows 10 provides a polished, efficient, well designed interface. You have to get pretty far out on the edge of hardware before stuff doesn't just run [e.g. my eight year old Dell Precision configured as RAID 1 on via proprietary third party BIOS on the mother board interfering with the Windows 10 automatic upgrade until I turned it off and disconnected the disks until the upgrade had completed].
On the other hand, Linux provides a deeply documented operating system with text configuration files. It affords ample opportunities to hone one's RTFM skills, e.g. a 2016 kernel upgrade that borked Synaptics drivers made configuring my new Dell an exercise in understanding X11, systemd, libinput, and mouse configuration. Getting a 4k display well sorted is still underway (thanks for being the exception to deeply documented Unity!).
The downside of Windows for me is that most free software is untrustworthy and Microsoft has not quite come around to a good package manager system for native applications. By which I mean, there's lots of read the news apps in the Store, but not MIT-Scheme or little utilities like nmap. What I would say is that when Linux sucks, it sucks very consistently in a particular way: there's a fix that I am left to find myself and it might involve patching and recompiling the kernel (though it usually does not).
Anyway, Dell Precisions and some XPS laptops, can be ordered with Linux installed (at least in the US). So it's not just System 76. Also, there's generally a good Linux story with Thinkpads.
Also Hyper-V being built in and free means that you can have test VMs with snapshot capabilities built right in the OS which is nice since it allows you to avoid the VMWare/Parallels tax.
You don't need to be passionate about insurance, but you need to be able to show some enthusiasm about building software for insurance, which likely has a lot of exciting challenges (in addition to 90% boring work, as does almost any job). You don't need to be passionate about web agencies, but you need to at least understand what's cool about working at an agency (in addition to what's not). Finance is "boring" to you? There are tons of interesting tech challenges in finance. If you describe every job as boring then the problem might be you.
Nobody is going to hire you just because you can code if you have a negative attitude about what everyone there spends their days doing. Why would they?
I think software development is murky. In my experience, fixing a customer problem with software can take 10 hours if you're excited about it and interested enough to come up with a creative solution or 40 hours if you're bored and just robotically building to a spec.
Likewise, I haven't met a programmer who was very good at something they hated. I'm guessing you actually enjoy some parts of your work -- maybe steer the conversations to that.
On the other hand, companies do legitimately want people who will care about their work. So maybe next time:
1. Spend a bit more time reading about companies' business and then ask more questions at interviews. Even if you're not passionate you do want to make sure they're not going to have redundancies in 6 months, and it will give better impression :)
2. Emphasize your pride in work you do, so even if it's not "HEART EYES INSURANCE I LOVE INSUARNCE" at least it's "I will do good work."
3. Try to get better sense of company culture (e.g. unpaid overtime), so you can better calibrate rejections and so you can get better sense of if you want to work there. Ideally if they say "not enough passion" you should already know whether this is code for unpaid overtime based on what you learned in interview.
4. This is another reason getting jobs through someone you know is better, you can get better sense of company culture in advance.
Some ideas on filtering out companies that suck: https://codewithoutrules.com/2016/10/14/job-you-dont-hate/
Some resources I wrote up on finding jobs with a sane workweek:https://codewithoutrules.com/saneworkweek/
I'm working for an ISP that also sells IPTV, both to end-users (along withsettopboxes) and to other ISPs (as a service they sell to their users).I couldn't care less about the television in general and IP-based one inparticular. I don't watch TV, I don't even have a TV set and the closest thingto one that I have is the screen of my laptop. Yet I take pride in how ourinfrastructure for providing TV channels works, especially when compared tohow it looked like when I got hired.
In other words, it can be perfectly healthy if you don't care about theproduct itself, as long as you care about the quality of the product andcraftsmanship used to build it.
Becuase people usually ask why S3 over Github pages I'll answer it up front. Github pages is too limited in terms of what you can do with custom jekyll plugins and code.
ZERO ADVERTISEMENTS, even for the free plan. Supports only static hosting, is free for 100mb websites with bandwidth of 50GB per month, or five dollars per month for 10,000mb with 2TB and a number of other extra features.
EDIT: As mentioned by detaro, custom domain only supported in the paid plan, see https://neocities.org/supporter
Works really well with creative coding frameworks like p5js or Twine, for fun, fast little sketches you just want to thrown online and share with others:
Also, they really care about resurrecting the ideals of the old internet:
1. Excluding domain costs, which are reasonable (and even cheaper than many others), you can have small static sites for pennies a month, or even pennies a year if you put the free tier of CloudFlare in front of it (with DNS changes). It's really dirt cheap!
2. It's the most honest service I've seen, where you pay close to what you actually use.
3. The owner/admin is a no-nonsense person and is available on the forums to help with things that don't need extensive support involvement.
1. You need to be tech savvy (at least know how to use an FTP client to upload your static files and use the BSD shell if you wish to play around with application setup or other things over ssh). NFSN does not have any fancy control panels (like cPanel) where you can do one click installs of WordPress or other applications.
2. For PHP and MySQL based applications, setup is not difficult at all. But if you want any other application server (like Node or Rails or Django), you would have to do more work to get it set up.
3. If you truly need support, then there's a paid support subscription (it's optional). For most requirements the forums would suffice.
4. If your site grows a lot (in terms of disk space used, network traffic used and resources used), then NFSN could become very expensive compared to the commonly oversold $5 a month or $10 a month services that promise a lot but depend on most users not reaching their promised limits.
checkout webpagetest -> https://www.webpagetest.org/result/161123_0R_8RDY/
and feel free to check my 3 web sites:
- http://www.it-wars.com- http://www.louer-hendaye.com- http://www.nodejs-news.com
Init : 2 RaspberryPi + electric plugs : 2x 30$ + 2 x6$Monthly bill:electricity : about nothingDSL : 30$
If you want to get fancy you can even attach it to your domain root (example.com vs www.example.com) using Route53. Which is impossible with many static hosts. Although that requires a hosted Route53 zone which at $2 might very well be 100x your hosting costs.
I use Jenkins to generate the website itself.
Edit: Only downside is if your traffic spikes you have no control over the cost. There is no upper bounds. With that said, it would take a tremendous amount of traffic to balloon the costs to anything worth worrying about. And at least you can be sure your website will actually stay up.
Deploying over S3 sounds like a bunch of hassle to me. Can you deploy atomically? Can you rollback?
The cost is almost nothing but we don't have a high traffic website. If you started getting billions of hits from expensive Cloudfront regions such as Australia or India, you might consider something else.
We include 10GB storage 2TB BW for free (more of both included soon) for $5/mo, which would cost over $180/mo at AWS with S3. Cloud providers really upcharge on bandwidth big time. Really that 2TB is just a soft cap just to make sure nobody tries to run the New York Times from a $5 hosting plan. Many people go over it and it's not a problem.
The one thing we don't do well is show how good we are for pro hosting as well as people learning HTML and having fun. I need to work on that.
Shell Access, pretty much every common language available, service running, databases, mail, etc..
No bullshit hosting in germany, Pay what you want (1/month minimum).
Absolute best, I'm hosting about 25 projects with them for various bands, etc. and haven't had any problems whatsoever.
(I have no affiliation with Netlify I just think their service is neat.)
why: free, cdn, version-controlled, continuous integration, https, custom domains.
I have Payara (java app server) running my blog down there, and HTTPS courtesy of Let's Encrypt. I looked into running a Open Street Maps server, but it was fairly hard (I might have been close to getting it running), and professional reasons for maybe playing around with it changed.
Fully operational, all the important stuff (text editors, analytics, pictures hosting...), nice themes, well indexed by google, zero maintenance, free, and unlimited traffic.
I run blogs so obviously it is particularly appropriate. But that works as well for small static sites with a couple pages.
I added about 5 gbp two years ago and it's down to about 4 gbp. It's cheap as hell and I only have to dump 5 pounds on there every few years or so.
Perfect for static pages, but a little bit of PHP might be fine.
I like that I can check my changes on my notebook before uploading to the cloud.
Unfortunately, Dreamweaver 8's static SFTP doesn't work any more, due to some Microsoft-forced change in Windows 7.
- Not restricted to jekyll, use any static generator
- Supports https on custom domains
SSH access, shared hosting (so pretty powerful CPU/ram there). Currently i have about 700 daily unique visitors and growing. Used to deploy custom sites, now i use mostly wordpress.Also, i use it for my git remote repos.
Great service. Been using if for years, awesome quality for the money.
Lately had some issues but the support is helpful and they fixed whatever i wanted, enabling SSI, fixing response headers, etc. Never had to wait for a reply longer than 6 hours (usually it's just minutes, really). As a bonus, admin staff is available through odlschool IM app - Gadu-Gadu. And PHP 7 is available and easy to switch to.
The site's in polish, which sucks for you guys, but it's by far the cheapest and best solution i have for low cost hosting. I'm a happy customer.
Both my servers (DO vps and basement) run Ubuntu 16.04, I use PHP-fpm for PHP, domains I purchase at a local registrar (.nl domains are about 10/year), for ssl I use lets encrypt. For simple sites I always use Bootstrap for the css.
FTP is implicit if you count SFTP as FTP (FTP over SSH). Under Linux SFTP is mounted as easily as any network share.
At home I run a Nextcloud instance and share some directories as Nginx roots, that means I can locally (even on my phone) edit a static web page and it is synced immediately to the webserver's root folder. This can be quite convenient.
Not sure how price compares to the competition, though. HN's + /r/Android's front pages resulted in about 13K uniques and it ended up costing me ~$10 (which is insanely cheap, but GitHub + Cloudfront is free...)
Edit: I should mention that the site isn't as light it can be, currently stands at 473kb of code and about 3 megs of images. So that $10 is for ~45 gigs of traffic.
No how-to, but it's all open source here https://github.com/barricadeio/docs
Most awkward part was figuring out the voodoo required to get Hugo and Middleman working (lots of trial and error).
This costs me just over 50 cents a month, almost all of which is the Route53/DNS costs.
- Gitlab stores the source and GitlabCI builds the site. - Lambda triggers the build on a schedule. - GitlabCI pushes the site to S3 (using Gitlab ENV VARS!). - CloudFront as the CDN, also provides free SSL.
An extra $1.45/month gets you PHP and CGI hosting, plus raised quotas.
My only caveats: The free hosting tier only gets you 10MB of space per domain (no bandwidth quotas, though!) Which has been plenty for me for everything except large photo galleries, but YMMV. Also, I've had terrible experience with their domain backordering service--the domain I backordered was quietly released and became publicly available without a peep from R4L.
Their actual domain hosting, website hosting, and technical support has been stellar, though. (Websites are actually hosted on a shared server somewhere at OVH, if Ican trust the reverse DNS info.)
I manage all my sites there. Never had any issues with them, there is SSH access too so I recently set up a Hugo bitbucket pipeline which builds my personal website and rysncs it to dreamhost.
They were very fast to add lets encrypt support, so all that stuff is taken care automagically. Reliability is very good.
super simple, super cheap, never had a real problem.
PROS: It is free, always available, and the deploy is easy once you get the hang of git.
I prefer this method over managing a server any day.
So my domain points at Netlify, which pulls the site from github.
The total cost of this setup is only the yearly cost of the domain, which you can eliminate too if you use a sub-domain on netlify.
Pros: free, convinient (a push ends up as a new post upon a successful build)
Cons: no SSL with custom domain on Github (at least not easily)
It is cheap enough to not bother with the limitations of most low-cost static site hosting.
We also have a distributed team updating and looking after our website, and we use BitBucket as our git repo. Recently implemented their Pipelines feature to auto update the S3 bucket and refresh CloudFront resources with any changes pushed to the repo.
Makes it really easy now - just a 'git push' and Bam!, the website is updated and CloudFront auto invalidates all the old assets and starts serving up the new stuff. Really smooth.
Deployment from git, Hugo build on server, free HTTPS with Lets Encrypt and free for my basic usage.
I wrote my own little script that converts markdown to html with python and push that to the server with git, but of course with a VPS you can run pretty much anything you want.
Pros: Generally works well, speedy enough, free ssl with Cloudfront, cheap for many sites (most hosts charge per site which catches me out for little projects). I've mostly got the process figured out now...
Cons: not easy or quick to set up, lots of steps to get right, AWS is a terrible UI, Cloudfront invalidations are apparently sent by carrier pigeon so asset hashing is a must, even then it can take a while to see your site updates
I've noticed a high mortality rate among static hosting sites, particularly those "just add files to Dropbox and we publish your site" services. Static hosting services are to ops people what todo list apps are to frontend designers
Also, to your point: you can't, by definition, run php on a static site.
Also, Github Pages and Gitlab Pages are great and free. You can't beat free if it's reliable and both of those two are reliable.
Free static hosting with custom domain support
For CS, I'll concur with others on these (for algorithms):
Introduction to Algorithms, Cormen et al. The Art of Computer Programming, Knuth
Introduction to the Theory of Computation, Sipser
Concrete Mathematics, Knuth et al.
My library is at home, I'm trying to run through what all I have and would recommend in particular of that collection.
On the practical, software engineering, side:
Mythical Man Month, Brooks
I am currently wracking my brain to recall the other titles, may edit later.
It is amazing how this book can be interpreted as having predicted the necessity of Agile/DevOps long before the tooling was really available to easily enable that methodology.
AI, a modern approach (Norvig & Russel) - For classic AI stuff, although nowadays it might fade a bit with all the deep learning advances.
While it's not strictly CS, Tufte's Visual Display of Quantitative information should probably be on every programmer's shelf.
"Compilers, Principles, Techniques and Tools", by Aho, Ullman, Sethi, Lam
"Artificial Intelligence: A Modern Approach", by Russell, Norvig
"Computer Architecture: A Quantitative Approach", by Patterson, Hennessy
"Computer Networks", by Tannenbaum
"Operating System Concepts", by Silberschatz
While it deals with classical AI techniques, it is worth working through this book. Especially the AI example chapters where Norvig teaches how to go from specification to implementation and iterate over the design to fix problems etc. Backed by Common Lisp which allows this quick iteration by getting out of your way, this book is one way to fall in love with programing.
Warning: Once you are done with this book, be prepared to handle the less powerful systems and I am not implying here CL is the most powerful programming environment.
The C++ Programming Language, 4th Edition
I don't consider it a bible of CS, but it's one of the most playful, imaginative and, essentially, fun, introductory programming books that I've read.
The analogy of the truthiness of a value as an energy or life force that flows through your program, or Ruby's ranges depicted as accordions, are just some examples of the book's approach to visualising some of the aspects of programming that seem so rote after you've used them for a while.
How useful it is to someone learning to program is questionable, as the book's style might get in the way of teaching fundamentals, but it's certainly fun to read as an experienced programmer (imho, of course).
Henderson's FP book: https://www.amazon.com/Functional-Programming-Application-Im...
Watson's Lisp: https://www.amazon.com/Lisp-3rd-Patrick-Winston/dp/020108319...
You may consider splitting your collection in three parts: those two and software engineering (examples: the mythical man-month, the psychology of computer programming), which itself can be split into a technical and a social part.
Doing that may show gaps in your library/where your interests lie.
Edit: It's more popular to ignore history, but you can find Shannon's information theory, As We May Think, Cybernetics, etc. along with historical context. It might keep you from pretending you have invented the wheel.
The 23 Gang of Four (GoF) patterns
Linux Bible 9th Edition by Christopher Negus
The Elements of Computing Systems, by Noam Nisan and Shimon Schocken
and its accompanying website: http://www.nand2tetris.org/
The C Programming Language K&R
Yes they are (kind of), they are asked questions/problems which are used to gauge their ability to manage and do the job expected of them; in the 'best' way achievable in a interview scenario. Just like coders are asked questions to try to gauge their ability.
I'm not saying either ways are perfect, but it's not like a managerial interview is easy/non-challenging.
[Edit: Ooops saw a similar reply below, done way earlier...will keep mine here for consistency on my part]
I'm not convinced of this. It's not a perfect system but a well-orchestrated coding test is a great indicator of performance. In fact I think that's a huge pain point when hiring for a soft-skill oriented role -- it's very difficult to judge candidates until they've spent ~6 months on the job.
So what do established companies do? They rely very heavily on pedigree and experience. Coding interviews suck but I think they're necessary for meritocratic hiring. Plus, most of the complaints I see here are the result of poorly conducting programming interviews, not necessarily programming interviews as a concept.
1. Take-home programming exercise. More realistic, if it's a good task. Biased against people with less free time, though.
2. Paid take-home real work. DuckDuckGo does this, as does SpiderOak I think. Doesn't work well for people who have current job, but if it ever becomes popular it'll be easier for people to quit during job hunt period.
3. Pair programming during interview. Somewhat more realistic than whiteboard puzzle, biased against people with interview nerves.
4. Debugging code during interview. Somewhat more realistic than whiteboard puzzle, biased against people with interview nerves.
There's no magic bullet, sadly.
This might not work for most company however.
Actually, they are. That is the interview. As a manager, you need to have social skills. And a lot of the questions asked give a good insight into how you approach problems and social situations.
And that is why the better coder interviews are more about talking through a problem with a bit of whiteboard sketching/coding.
Gotta step away from the machine for a few days every week to make sure the rest of your life gets lived. I find it actually makes me more productive when Monday rolls around.
Now that I have a few clients and it's working well, I would love to be able to market and sell it more widely.
Still working on a game project I started in January. It's terrible, and could have been finished in a month if I knew what I was doing, and stopped shaving all these yaks.
Also I've decided I want to go through the noobtuts Unity tutorials and implement them in C++, since they're really basic and I want to learn Unity and actually have some finished games.
This weekend I'll hopefully get a chance to work on my Deck lights LED strip project.
Looking to get through it, have no choice.
On top of that, my webshop ( more languages), some websites ( clients) and other webshops ( clients) + erp integration with ErpNext or OpenErp
I'd recommend it - really fun.
At the moment I'm ranked #23 with a really stupid bot. I'm now doing hammock driven development on a better concept.
OT: any expert in react, webpack, express !! please tweet me at @nicofetter or email email@example.com
I don't want to impose Python because the tools they're using offer scripting capabilities, so I'll just learn their stuff and point them towards scripting.
It's a great sign people are writing automated tests for their side projects because based on my experience there are still many teams that aren't bothering to do so for bigger production projects adequately. It's one of those things everyone knows they should do and talk about it but the resources and priorities are almost never in place. The test results need to be visible by more than just the testers too.
I have a particular interest in test automation due to my involvement at Tesults (https://www.tesults.com). This is a test results dashboard for teams of about 10-20 or more - it's not designed for tiny teams or side projects but if you're interested in trying it out for a small team send an email using the address on the site with the link to this page on HN and we can sort you out - only really worth it if you are doing continuous build/integration too, overkill for one or two person teams.
A "side project" is a project, which by definition, doesn't have my full attention. I need to have confidence that I can tweak it and re-deploy it when I have a moment of inspiration or a bug-report.
The main way to be confident that you haven't broken things? Adding test-cases. I started out writing unit-tests for the APIs I present and consume, then later added more tests which run from "Signup, Use the service, Delete the account".
In all honesty I don't run the full suite very often, but when I do I'm glad I took the time to write it.
Call it post-facto regret I guess.
That being said, good job creating a tool some other people might be able to use!
I heard this was good. Turns learning into a game.
The vi editor is a very powerful tool and has a very extensive built-in manual, which you can activate using the :help command when the program is started (instead of using man or info, which don't contain nearly as much information). We will only discuss the very basics here to get you started.
What makes vi confusing to the beginner is that it can operate in two modes: command mode and insert mode. The editor always starts in command mode. Commands move you through the text, search, replace, mark blocks and perform other editing tasks, and some of them switch the editor to insert mode.
This means that each key has not one, but likely two meanings: it can either represent a command for the editor when in command mode, or a character that you want in a text when in insert mode.
It's pronounced "vee-eye".
Moving through the text
Moving through the text is usually possible with the arrow keys. If not, try:
h to move the cursor to the left
l to move it to the right
k to move up
j to move down
SHIFT-G will put the prompt at the end of the document.
These are some popular vi commands:
n dd will delete n lines starting from the current cursor position.
n dw will delete n words at the right side of the cursor.
x will delete the character on which the cursor is positioned
:n moves to line n of the file.
:w will save (write) the file
:q will exit the editor.
:q! forces the exit when you want to quit a file containing unsaved changes.
:wq will save and exit
:w newfile will save the text to newfile.
:wq! overrides read-only permission (if you have the permission to override permissions, for instance when you are using the root account.
/astring will search the string in the file and position the cursor on the first match below its position.
/ will perform the same search again, moving the cursor to the next match.
:1, $s/word/anotherword/g will replace word with anotherword throughout the file.
yy will copy a block of text.
n p will paste it n times.
:recover will recover a file after an unexpected interruption.
Commands that switch the editor to insert mode
a will append: it moves the cursor one position to the right before switching to insert mode
i will insert
o will insert a blank line under the current cursor position and move the cursor to that line.
Pressing the Esc key switches back to command mode. If you're not sure what mode you're in because you use a really old version of vi that doesn't display an "INSERT" message, type Esc and you'll be sure to return to command mode. It is possible that the system gives a little alert when you are already in command mode when hitting Esc, by beeping or giving a visual bell (a flash on the screen). This is normal behavior.
The easy way
Instead of reading the text, which is quite boring, you can use the vimtutor to learn you first Vim commands. This is a thirty minute tutorial that teaches the most basic Vim functionality in eight easy exercises. While you can't learn everything about vim in just half an hour, the tutor is designed to describe enough of the commands that you will be able to easily use Vim as an all-purpose editor.
In UNIX and MS Windows, if Vim has been properly installed, you can start this program from the shell or command line, entering the vimtutor command. This will make a copy of the tutor file, so that you can edit it without the risk of damaging the original. There are a few translated versions of the tutor. To find out if yours is available, use the two-letter language code. For French this would be vimtutor fr (if installed on the system).
A few years ago:
"Bit too much of a solo developer, which can be great but not what we're looking for."
Which is fair given that the context was they were needing to rapidly build a new core team for their first foray into microservices.
I was perfectly happy with the response, because I'd say it's a fair personal assessment, clearly at odds with how they planned to build the team, and my role at the time was very much a "Me and the Admin" type scenario.
When I've declined a role it has usually been due to a faint whiff of "Desperate eyed non-technical founder with a great idea" which I've usually characterised to them as being "Too accustomed to security of a more traditional company".
Or in once instance I advised the hiring manager that it didn't seem they needed more devs at all, that the two they had seemed by his description to be drowning in BAU and support tasks, that him training or hiring administrators would probably be a better use of his budget and more likely to retain the domain expertise already baked into his existing devs, before more of them left...Which was accurate even if he hadn't just also told me that he'd increased internal adoption of their CRM system by making it a disciplinary matter if usage was low.
The best feedback I got (through a side channel) was that the team was in a deadlock between me and another candidate, so it came down to a coin toss and I lost. I felt reassured, because at least the ordeal was over.
Another time I was declined because they only higher product managers with CS degrees and I do not have one. In that case I felt annoyed because this info was readily apparent on my resume, and I do have tech skills but they never brought up the issue in the interview.
1. He said he and his team were sitting on the fence about whether to take me on or not. The interviews went well, but he couldn't make a decision yet, so we agreed to talk in the morning.
2. He called the next morning and told me I didn't get the position. He gave his reasons (further down) and told me to keep in touch. I asked if I could call him again to ask some questions and he said that was fine.
3. Played phone tag a little, but he eventually called back and took the time to answer my questions about growing as an engineer.
This hiring manager was looking for senior engineers. I had no idea where I stood in my career, having been at the same company for most of my career (8 years), but I decided to give the interview a try. Hiring manager said I was not senior enough (a fair assessment) for the position. I asked him what it would take for me to be considered "senior enough" and he gave me some pointers on how to gain depth and breadth, as well as developing soft skills.
That 3rd phone call was really, really valuable. I started reading books (both technical and non technical) and really pushing myself to code more. But more importantly, I've pushed myself to seek help and guidance from people who are way more experienced. I suppose when you get specific directions, you get just a little bit closer to your destination... even if it's a moving target. :)
It's pretty rare to get this kind of feedback and I can definitely see why recruiters and hiring managers don't give this level of detail. They're really not obligated, and it can get them in trouble.
(edit: line breaks)
Have never even held a cigarette in my life let alone smoked one
Tests included questions like "Johnny had a joint on Friday after work, is he OK to work on Monday?"
"Do you think smokers work to equal levels as their non-smoking employees"
and so on
Pretty sure this was illegal but I was young and had no idea so meh
He was right (and obviously. Like I said, one year of university). I took it to heart, and practiced programming. Nailed my next interviews. :)
I've never had any other constructive feedback from an interview, and at more than one company, I've been given specific instructions not to provide it (by the recruiting team).
Understand that you may not have done anything wrong at all.
Even if the hiring executive is a seasoned pro in evaluating and assessing prospective talent-- the interview process can be very subjective. He's trying to scorecard a number of strong competitors for the role. All of the finalists could likely do the job successfully. It can make the final hiring decision a very tough call.
As a candidate -- an area to probe just before finishing the interview, ask the hiring executive if they have any concerns or reservations about your skills/experience as it relates to their decision criteria. This is your chance to uncover and address any possible objections. Here's a Forbes take on this > http://www.forbes.com/sites/crossingborders/2012/04/25/the-r...
I knew what they were referring to. A problem I solved with a for loop, they then asked me how else I would do it. I couldn't think of another way, but after giving me a few tries they unleashed their genius: "What if you copy paste the loop innards 10 times".
And because I didn't mention that as a solution I guess I was holding back.
Applied 10 years later just to see if they'd improved. They told me that as I applied before and was rejected they could only pay me a graduate salary which was unchanged in 10 years to boot!
Somewhat later, after blabbing too much about math: "We think this job would be too boring for you."
Memo to self: don't blab about math, unless they ask.
In sum virtually any feedback is great, as long as it's honest, and doesn't beat around the bush.
I appreciated their honesty and it's better than the lawyer safe generic email.
Was reassuring insofar as it wasn't "you're not good enough".
2. Interviewed at startup, it goes well, then silence for weeks. I ping them, and eventually they said they're having some internal problems and if I have another offer I should probably take it. They apparently had "internal problems" for years, as in one review from 6 years later where it was still "it's a startup, don't know if I'll have job next week".
The job I did end up taking worked out very well.
However, as with all soft skills all of the feedback posted here is subjective to external circumstances. The often limited interpretation and perception of the interviewer goes along way into the hiring process.
So, from my small experience, there are many things that must come into play in order to get hired. The good thing is that in our industry hiring is going strong compared to other industries which are vanishing.
I think we can agree that valuable feedback comes mostly from people with whom we work daily and managers.
You > recruiters > team
Team > HR > You
The only way to get feedback is to skip the middle layers.
Read http://www.mrmoneymustache.com/2012/01/13/the-shockingly-sim... to see why, then start at http://www.mrmoneymustache.com/2013/02/22/getting-rich-from-...
For a programmer-oriented guide that talks a little about financial independence (and eventually a book with much more info): https://codewithoutrules.com/saneworkweek/
%99 of the people are looking for: security, then comfort, then becoming rich
%1 of the people are looking to becoming rich, then comfort, then security
"Simply" re-order your priorities.
If you're a US citizen, consider finding a well paid hourly remote job, and move somewhere cheap. You can reduce your work hours to literally 1-2 per week, enough to sustain yourself. Europe is quite cheap if you avoid big cities, Switzerland, and Norway. Most of Asia is very cheap except Singapore and Japan. There's also Africa, South America, and a gazillion island nations.
An AI creating websites is definitely possible, but will it actually replace people? I don't see that happening (at least not at a large scale). It's much more likely to be a tool that developers use rather than a tool that replaces developers. Or possibly something similar to Squarespace. It might be able to manage content on its own and build webpages, but what happens when there's a bug? What happens when you want to innovate and create something new? An AI would have trouble accomplishing that, so web developers would still play a role.
Now the more important question in my mind isn't whether or not they will replace jobs, but rather does it matter if they do? And my answer to that is no. There's two scenarios. A scenario where AI completely eradicates all developer jobs, in which case AI has probably eradicated a majority of today's current jobs and we would adapt as a society. Either by instituting some changes like Universal Basic Income or by developing new job markets (probably geared more towards the arts or things we can't yet imagine). The second scenario is that AI is introduced more as a tool or a simple solution to web/app development. In that case, there will still be a need for devs to do the more complex stuff. There will also be other development fields to move into, like Machine Learning Engineer for example.
I.e. I remember that few years ago, large part of web-dev was getting a page design in image files and you sliced and diced them and created proper html, maybe with few placeholders, with css optimized both for desktop and mobile.
Then I have seen a thesis on my uni, that automated all of that with genetic algorithms. You just threw an image at it and few hours in it spews out optimized web-page. I wouldn't be suprised if current photoshop has a button for it :)
The best ones IMO are the ones by Steve Blank and Alex Osterwalder:
- Business Model Generation, by Alexander Osterwalder & Yves Pigneur
- The Startup Owners Manual, by Steve Blank and Bob Dorf (haven't read it yet)
- "The Four Steps to the Epiphany", by Steve Blank
These slides are pretty good too:
Above all, execute. I have what I believe is a very good project and it's floundering because of lack of execution (cash would help, but I should be able to make it work anyways). I've seen crappy ideas pivot into success by sheer tenacity (coupled with flexibility).
Edit: more resources
Getting Real by the Basecamp guys
If Apple had to implement a package manager, I think they would ask application developers to accept Apple's own license and policies for distribution etc. which may not be acceptable with them.
Also, wouldn't it make Appstore redundant ?
Speaking of security: You have no bloody idea how easy it is for anyone with some crypto/security background to break into an IoT appliance or its vendor's cloud services. In the era where an average web development Joe knows a lot about SSL certs, CSRF, XSS and all that stuff, the average embedded developer's idea of encryption is AES in ECB mode (but not too many bits - "our MCU won't handle that!").
The reality is the market is not mature so whatever you choose will likely change and you are likely responsible for implementing proper security controls at the Router to prevent stupid mistakes from being internet accessible.
This will resolve itself and as a tech home automation will become secure, but right now it is still relatively early in the cycle, so be prepared to make it secure on your own. Also be aware that likely there will be many things you have to integrate at some level, as there doesn't seem to be a real standard yet.
...And, yes they were insecure. I remember the Chinese would take over 1 particular media distribution system regularly, at a local community college. They'd plaster anti-western political messages on every TV in every classroom. Took a week or so tinkering with hyperterminal to fix it. Lol
Lights: Lutron Caseta, uses normal wall switches + Lutron Smartbridge Pro for HomeKit
Thermostat: ecobee3 for HomeKit + remote sensors
Door lock: Schlage Sense for HomeKit
Security cam: upcoming Canary https://blog.canary.is/homekit/
A/V: Logitech Harmony
Bridge to non HomeKit devices like the Harmony: homebridge
Apple first party Home app
Optional: Third party Home app for detailed HomeKit DB edits
Siri and Echo can both control all the above, simultaneously
1. Homebridge: https://github.com/nfarina/homebridge + https://github.com/KraigM/homebridge-harmonyhub
2. HomeKit accessories: http://selfcoded.com/home/buying-guide/, http://www.apple.com/shop/accessories/all-accessories/homeki...
3. Third party HomeKit DB app: http://selfcoded.com/home/
In the US, it might still be worth sending an email to FTC.
It will save you energy and stress is you just stop doing that. Not just here but everywhere. Try to enact change where it matters with receptive audiences. Anything else is usually a waste. Your impact on the world will go up.
Note: Those of us downvoting or flagging spam will continue to do our part here of course.
You need to lighten up.
I used Keyboard Maestro to create shortcuts for volume up/down, brightness up/down, play/pause, previous/next, and Mission Control.
I already had Caps Lock mapped to Escape with Karabiner-Elements.
Probably be more useful once more apps take advantage of it. So far only a few non-Apple apps I use take advantage of it. I do hope Slack takes advantage soon.
I'm very dubious of resumes. Typical resume is an alphabet-soup of "hot" technologies alongside a 4.0 GPA they got by remembering, regurgitating, then forgetting.
Two things that seal the deal for me are: A) well-executed personal projects that they can B) discuss their methodology fluently, casually, and competently so that I know it is truly their own work. If they can do A and B, I don't even care if they graduated high school.
That, and the definition of "data scientist" is somewhat up-in-the-air. A lot of jobs listed as "data scientist" are really more like map-reduce DBAs than anything remotely resembling science.
And honestly? Aside from the obvious "experience" (at least a year of contiguous experience doing something similar to what we want), there really isn't anything that would make me give a checkmark to a fresh faced person without a remotely relevant degree. Because online courses are useful but don't really show me that they know how to work on a project as a team. Same with most github projects where there is one contributor.
Universities may not be great, but it is pretty hard to graduate without ever having worked on a group project. Moreso for advanced degrees. And that is what I want.
Obviously there are exceptions on both sides. But when we have a hundred CVs to sift through, we are going to narrow it down. Because none of us want to do 100 interviews. It isn't fair to us and it sure as hell isn't fair to anyone past number 10 where we genuinely won't care anymore.
I'm doing the Data Science Specialization from Johns Hopkins University / Coursera, with verified certificates that I hope will help me create a portfolio to showcase as I look at this type of work.
I feel like having a portfolio to point to, as well as code on a site like GitHub, should be a good basis for a conversation with a potential employer.
The how is intentionally left open. As a scientist,you need to be capable of owning the entire process. You need the hustle to acquire your dataset and the mathematical ability to derive an advantage from it.
Can't be learned at school. You have it or you don't.
It's OK if you aren't able to "realize" the making Money part due to real world constraints. (For example a demonstrable investment opportunity that you can't personally invest in because you don't have funds to play with)
I think the obvious answer is that not everyone with lots of followers have or makes a lot of money. It will strangle the social justice movement (not that i will be too sad, but still that is not the right way of defeating an ideology)
I am sure if you read the T&C's of each of those sites there will be a statement along the lines of, you are not allowed to setup names/pages for sale. If there, that statement is to prevent "name squatting" not stop a legal transfer of control over an entity. I think it would be nearly impossible for them to prevent the legal sale of an entity and therefore the assets that entity has, nor IMO would they really want to get involved.
thats perfectly fine. imagine big company X gets sold. Clearly the new owner wants to retain the social accounts and theres nothing wrong with that.
My advice to you: only focus on it if you really love it. The pay is (most of the time) not as good as what you'd get writing CRUD apps in the enterprise space.
The other concern is, WebGL is a really niche topic inside an already niche field. As someone that does a significant amount of games and simulations work, WebGL is still far too low-level to be of any real business use. Even with the expectation that things will improve in the next few years, you'll still mostly likely get the most bang for your buck using a game engine like Unity and letting it manage the "compilation" to WebGL.
If you're really passionate about games, learn a game engine and start building games. The "game" space is a really weird subset of CS disciplines and it'll help to get familiar with the entire production pipeline (coding, art, animation, behaviors, etc).
If you were really ridiculously passionate about low-level 3d programming, you'd either A) not be asking us for advice, or B) too busy playing with it to ask for advice. :)
With all that said, I'd love to talk to you about this industry and point you in the right direction if you're curious. My email address is in my profile if you want to know more.
2. "Formal degree in CS" doesn't mean someone will be better than you. It might, it might not, depends on the job. Often it has no relation to actual job requirements.
A job skill that will serve you well no matter what you do: learning new things quickly. So instead of deep diving into one thing, maybe spend some time building a few small things with a bunch of interesting technologies. (Other comment about knowing basics is correct: knowing core technology is important prerequisite, do that first if you're not there yet).
Then you can tell employers "yes, I'm inexperienced, but look, I can learn fast, here's proof." You're pretty much never going to know the whole tech stack at a new job, so that matters a lot.
Another thing to focus on: learning how to build robust code (i.e. testing, both manual and automated). It's not exciting or flashy, but being able to say "and I can make sure my code actually works, and here's how" is worth a lot to smarter employers (though not all employers).
However, what I have seen is that knowing the low level GL stuff is really important when you get stuck and have to debug your way out. Write your own shaders etc. Most recently I figured my way out of a tricky skeletal animation problem only because I knew the low level details as well.
My recommendation: Work through this book: 
I even wrote a scene graph in CL while working through this book and after learning SceneKit(iOS, macOS 3d framework). So I am backing up what I am suggesting:
If you want to be in the graphics field in the long run, better know the low level stuff. This is just my 2$ thought. YMMV. And as @blister suggests, he is right that you need to pick the graphics domain as it is niche as compared to Web programming and the pay will be on the lesser side comparatively, especially if you are starting off.
My email is in my profile, feel free to reach out if you need any help from me in learning GL.
 https://capnramses.github.io/opengl/ https://gitlab.com/cl-3d-graphics/cl-scene
The best investment of your time is in the fundamentals; the things that don't change or change very slowly:
Stats: Useful in both data science and machine learning Algorithms: Duh Differential Geometry: must-have if you're a graphics/games guy Discrete Math: Good stuff for dealing with machines that process things in bits. Linear Algebra: Comes in handy in so many different problem domains. Ethernet + TCP/IP: It's not going anywhere. Hardware/Architecture: Still running a von Neumann architecture last I checked. Things go much more smoothly when you know what the physical limitations and bottlenecks are before you start coding.
This first wave was to gauge interest and build hype. It came out early November and made people want them in the lead-up to xmas. If Nintendo weren't still living in the 80s they would have a very large burst of stock this week, but so be it.
The next big wave is going to be mid-December when parents (and loved ones) are buying gifts and want "the big thing".
Then we'll get a large wave in early January for all the people who get cash for xmas.
And then we'll just get a continuous stream so that every sane person can buy one in February or march
As for why Nintendo does it this way: it lets them tell their board that they "won the holidays" because they had the must-have product. And next year they'll have the snes classic (or nes classic 2 if they can find more games). They make less this way, but they can pretty much guarantee they turn a profit and have good stories for shareholders.
As for direct shipping: Part of that is Nintendo not really having invested in the infrastructure for that scale of direct orders. But I suspect a big chunk of this is Nintendo trying to earn some good will with retailers who have dismissed them due to bloated stocks of wii Us, 3dses, and amiibos. Because Nintendo need to push the shyft and while they may think they can win with a Vita they aren't dumb enough to forget that retailers killed the psp go.
The target demographic with money today matches exactly with people that played those games as a kid. A lot of people would "pass" on the legacy looking console at a store but would tap away $5-10 on a phone without thinking about it.
I really hope they step out of their closed garden and port more games to iOS/Android. Mobile games can be the gateway to more people buying their systems, old or new.
As for why they don't raise the price and sell directly, you can ask this about every company that doesn't sell their products directly. Why don't they do it?
I would guess with this particular product for Nintendo is not really about the money. A company never wants to depend on profits from selling nostalgia alone, they want to look forward and grow and make new things for excited, engaged customers.
As for selling directly, they don't won't to burn bridges with retailers that still have a large role in pushing their products.
It's just so damn slow. I can read and absorb information about 5x faster than I can watch a video. That leads me to feel a lot like the video's just wasting my time.
On occasion I've even considered sending tutorial videos to a transcription service.
So - personally, I much prefer a textual alternative. But I know some people like video.
Given you are doing video-like things, please make sure they're as tightly edited as possible. Really tightly-edited audiovisual content is a lot more tolerable. There's very little more annoying than a two-hour-long, rambling tutorial that could have gotten to the point in 12 minutes.
Some people learn better from video. I've never heard a programmer claim that they were one of those people, but it's surely possible. But consider all the text you deal with on a daily basis and why you use it.
Can you imagine a man-page-as-video: "You can type dash capital A to list all entries except for the current and parent directories. This is always true for root anyway."? That'd be hellish. Did they already get to the part about how to display inodes or do I have to wait for it? Wait, what was that bit about the recursion? In short, you can't search through video or instantly go back a sentence with a flick of your eyeballs.
Well, that's exactly how I feel about videos trying to teach me how to install something. I can't trivially skip past the part where they discuss the differences between RedHat and Debian. I can't go back. If my ears are tired, I can't adjust the "contrast" to make it easier to listen to (although I suppose some video players have audio compressors/expanders). I can't copy and paste it into an editor to see how it works locally.
Your idea goes a long way toward addressing those problems. I could see it being great for people who prefer listening, but still want to, you know, interact with the thing they're learning. I'd vastly prefer this approach to Yet Another Youtube Video.
Never took the extra time to polish it up after the hackathon, but if someone is interested I'd be happy to work together on improvements.
Fast forward to today, I think a great blog post with links to code and break outs of sample pieces of the code explained in the blog post do a much better job.
I make things like this for product trainings with my company using a graphical tool (Articulate Storyline), and I think your idea and execution are both quite good.
Check out the book "ELearning and the Science of Instruction" for research-based tips on fine-tuning things you're doing.
At first glance, the visual indicators (code or box highlights) are really important and a little understated. I would make them more prominent visually.
Secondly, I would think about feedback on incorrect answers as well as hints. E.g., on section 1.1, the user may feel stuck without a clear memory of how to write Hello class. Allowing for something like "show me the next line" to get started would help learners who need more support.
I personally prefer "type on the browser following written instructions" than videos. Pace on video is very hard to set right.
I only checked the first and second lessons, but I did like your tool! As I can type while the voice is still talking, I can move faster if i want. And listen to instructions while highlighting the part of the code on the screen felt natural.
So I think you are on to something and you can have the best of both worlds, clear instructions that stick on your brain and flexibility to follow anyone's pace.
The features I would ask:
i) allow me to click at the bar of the bottom and go back (or forward) to the part of the audio that I want to read.
ii) mark at the bar the exact moment where you objectively explain the key concepts of the class (and make sure at each lesson you have one sentence that explains each concept very directly, like "render function is..").
good luck!! Sounds very promising! :)
Video can also be useful for learning how to setup a development environment, to show how to use developer tools in FF/Webkit, setup an Xcode project, etc. Instances where a student needs to navigate a complex UI to begin the work of actually coding.
For coding there's many problems with video. One issue is bandwidth: text can be scanned and consumed very quickly. Text can be given a hierarchical structure that a student can jump between, which makes it easier to understand complex relationships between concepts. Video is linear. Code is not. Code has a relational and web-like structure that is more accurately represented by hypertext.
One thing about the speed control. You should consider making it a [-|spped|+] button rather than offer 1 1.25 and 1.5 as predefined options. I can usually handle audio at 2x normal speed or sometimes even more. This Chrome extension is my best friend.
In most cases, I believe they are. Let me explain why.
I checked out your React example and noticed 2 things.
1) You jumped straight into coding, whereas your audience might be at different levels / experience in their coding history.
#2 is where videos shine. If you take a look at PluralSight videos, or even Udemy coding videos, the Instructor is able to SHOW the IDE, the things you've build by going to various browser, folder locations, as well as menu options, settings etc in the IDE. How will you do such things in Audio only format? It will take a lot of words, and if the student doesn't find it then they panic. Whereas in Video they can see EXACTLY what you are doing.
Your idea sounds like it might be quite good, just try and keep interactivity fairly often, perhaps.
I hate videos for non-visual things - like code.
It may be worthwhile getting the legal equivalent of a 2nd opinion. Consulting another lawyer could be a smart play. They may confirm your attorney's advice or suggest some alternate suggestions. Also, mediated divorce settlements may be an option to explore. Here's a list in Massachusetts > http://www.mediate.com/Massachusetts/
I would look at doing a 50% profit sharing of your current and future earnings from your company with her and 50% of profits from any sale in the future, she might make more in the long run but you aren't paying 50% of the current value over 8 years.
Talk to more lawyers to make sure you get the best setup possible.
Either you buy your wife out of her share of the business based on current valuations or you can transfer half of your share holding in the business to her, if the latter is even possible. Or something in between. No easy answers unfortunately.
Do you think you can grow the business? How recent is the "recent valuation"?
or maybe your partner is interested in owning more of the business?
At the end of the day your buying out a partner over 8 years. At which time the company will probably be growing and become worth more.
It taught me that it's important to have a prenup. There are things that should be communal assets, a company is not one of those things.
Any way to just close the company down and then re-found it with your partners? Or structure it so that they "fire you" or buy you out for a fraction of the value and then give you equity bonus on rehire? I don't know if any of these things are legal, but after seeing how miserable my uncle was, I would go to extreme lengths to avoid being in a situation where I had to buy my own company back from my ex-wife.
But if you are negotiating with an idiot who does not understand that bleeding you is a bad negotiating tactic, you need to get better at a) negotiating tactics and b) communicating to them why this is not in THEIR best interest. Don't talk about what you need/want/feel. Talk about how this is likely to impact her, and not in a positive way.
Make absolutely sure you are not making threats. You need to make it clear this will cost her and you need to do so in a way that cannot be construed by the court system as bad faith or threatening behavior and that cannot be construed by her as hot air or empty talk that you won't really follow through on. This is not a scare tactic. The point is to educate this fool.
For example, it might help to get figures on what a nasty, long drawn out divorce litigation costs in both time and money. (I knew we were saving like $40k or more -- money we absolutely did not have -- to divorce without lawyers. That left lots more on the table for us to split, so I didn't quibble about small things.)
Let me also recommend that you pick up "Getting to Yes" and "The Mind and Heart of the Negotiator". They are both research based and were both required texts for my college class on negotiating and conflict management. The first is a quick read. You should be able to get it through in a weekend. The second is much meatier, but I strongly suggest you do your best to find/make time for it as it contains lots of good info.
If you just cannot come up with the money, you may need to do all in your power to insist she accept stocks to cover the part of the business she is "owed."
If you can get a copy of the movie Our Househttps://en.wikipedia.org/wiki/Our_House_(2006_film) and also Kingdom of Heaven, both contain good lessons in effective hardball negotiating.
Please get your feelings out of the way. You need to be goal-oriented here. This is not about the fact that she is breaking your heart or doesn't love you anymore or a thousand other personal pains involved in the end of most marriages. Keep a journal or do therapy or something, but find a way to get your feelings out of your way when negotiating this settlement.
This is business, not personal. There is enormous money on the table. You must treat it like business -- and never mind that she probably won't. You need to do all you can to avoid getting dragged into her emotional crap or provoking her. Be diplomatic and sensitive to her hurt feelings, but do so in a way that sidesteps the issue as much as possible. Don't pick at old wounds. Don't throw things in her face. Stuff like that will cost you money.
This is advice rooted in having been through a divorce and managing to not screw over either party in the process.
Best of luck.