Post
Html5 article, section, let’s make a deal…
Here is what I have decided, html5 <article> and html5 <section>:
If I could syndicate/reshare a block of text/images/etc, it’ll go in an article.
If it’s not something I would reshare, but it merits a header and it’s a block of content that ties together, I’ll put it in a section.
Style only, or doesn’t fit the above, it’ll go in a div.
That’s the simple flow of how I’m going to approach your not that clear specifications.
Post
Outsourcing overseas isn’t a cakewalk.
Lately I’ve been looking into outsourcing some data entry work globally, and it hasn’t turned out to be especially easy.
I’m not surprised, finding good personnel is always key, if you don’t have good people… …well, you’re just setting yourself up for someone to drop a project without notice, or just create something that can’t be maintained effectively long-term. I see that all the time whenever I have to work on pre-existing php projects that were all done by a single developer without any oversight or quality assurance. It’s not pretty.
I’m trying to use odesk, and it has turned out to be weirdly frustrating. I quickly received a large number of applicants (good), from a variety of backgrounds and with varying bids. So many in the first two hours that I stopped accepting new bids (good). Then I went through an interview process, gave people a preliminary question as a basic test, and finally got our choices whittled down to three people. But when it came time to do interviews with them, I wanted to do audio interviews, and they plead off as not having audio headsets (bad). That happened with 3 out of 4 of the applicants that I interviewed (the fourth simply didn’t respond back).
Now, possibly this is was a dodge to hide the fact that they weren’t very good at spoken english, and were better at just written english? Perhaps they really don’t have and aren’t looking to obtain a piece of equipment that costs $10-$20, though that seems strange. I wasn’t really looking for perfect spoken english, just enough to be able to communicate the initial instructions more easily. However, one of the applicants did suggest setting up a script and a screencast to explain the process, which I would like to do, it would make things easier to have a reference like that. But that will only happen if I can get the time.
Overall, the lessons learned are:
- There is no such thing as too strict requirements & specifications, at least at first.
- Be very clear about the communication technology requirements.
- Write a script/guide for the process involved with a project in advance, because you’re probably going to need it.
Source: odesk.com
Post
Web pitfalls, SEO & Competition
The web is a wild and wooly place. The moment you move from a brick & mortar storefront to web e-commerce, you move from competing with people within a mile radius of you to competing with everyone everywhere. That includes spammers, hackers, and crackers working out of uzbekistan for whom 20 bucks is a nice day’s worth of pay, and a few hundred is a good haul for a month. It also includes corporations and country governments who can consider $185000 an acceptable price to get their own Top Level Domain e.g. apple.apple, google.google, .whatever. Only 185k to reserve the english word of your choice!
So when it comes to publicizing your business, it’s complicated to say the least.
Post
The Do what the fuck you want license.
I like the pragmatic-ness of this license:
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSEVersion 2, December 2004Copyright (C) 2011 YOUR_NAME_HERE <YOUR_URL_HERE>Everyone is permitted to copy and distribute verbatim or modifiedcopies of this license document, and changing it is allowed as longas the name is changed.DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSETERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION0. You just DO WHAT THE FUCK YOU WANT TO.
Post
Investigating VOIP
Today, due to another cell phone bill overage on my primary cell phone, I’m spending some time investigating VOIP solutions for business calls. It makes sense because I’m so often at my computer for these work calls anyway. (When do I ever get to leave my computer, really?)
I actually already have a google voice account, which is apparently a key component of a simple roll-your-own home system. Since that ties with the google voice app on my android smart phone, and I’m already using skype on my box, I may be able to get away with just those things for free or really cheap calling from my computer, and the option to pick up on my cell as well.
I may be missing a bit of the picture, it’ll take some experimentation to see, but if it’s anywhere as easy as it has been so far, I’m just kicking myself that I haven’t switched to voip before now.
Photo
A simplified infographic of Search Engine Optimization tactics, and ? anti-patterns ?. It’s always useful to have a visual summary near at hand.
Source: seomoz.org
Post
Data entry and paying subcontractors
My latest problem to tackle is one of people management. My father has employed people for years, so I have come to know second a lot of the difficulties you have when trying to pay people and get good work out of them. Now I’m seeing it firsthand, which is certainly quite different.
In my case, right now, I’m dealing with data entry for the website (shermanbrothers.com), and it’s a major balancing act. Paying an acceptable rate vs. being efficient vs. time spent managing.
The biggest revelation so far is just how impossible it is to both manage people and still have the same amount of time to do work yourself. I’ve always theoretically known that you lose a lot of time just getting others up to speed on the work they need to do, but this is the first time in a while that I’ve felt the crunch myself.
On the other hand, it’s great to not be doing it all alone, and knowing that I can outsource the (semi-) easy stuff that just takes too long. Which is the whole point, I guess. It’d be great to be able to do everything yourself, but you’d miss out on the little things, like that space of time from night to morning when you’re asleep. :D
Post
Slashes in databases as a result of php.
Part of my work today has been dealing with slashes in a database in php, the result of a server with magic quotes turned on. In other words, an insecure application.
In this case I am only doing a spot project, so I plan to only note and advise about the problems that result from using magic quotes, and the insecurity that it implies (using magic quotes is symptomatic of not using binding, which is a symptom of underlying insecurities with sql injection. Essentially it’s a cascade that ends at loss of financial data or modification of database values.)
Now, that’s really something that you see alot with php, and I have to wonder whether it’s in part a problem with the language itself. Binding of sql is crucial to php, but it is a excessively complicate process. (See php’s PDO sql abstraction) It’s unfortunate that such a crucial issue hasn’t been handled more cleanly and in a newbie-friendly way, since it would benefit so many people writing with php.
Admittedly, complicated interfaces for sql binding may be common to other languages as well, it is a relatively complicated task. But that doesn’t excuse the need for simplicity that isn’t being met in php.
Post
Challenge questions for an additional layer of security.
I’m shortly going to have to be implementing a challenge question system as a to allow device-by-device access to a web login system, and came across this useful whitepaper on how to deal with the content of those questions:
http://securityps.infosecmedia.com/whitepapers/TipsforAvoidingBadQuestions.pdf
Source: securityps.infosecmedia.com
Post
The core problem of php websites: unaudited security
Security has been on my mind again lately due to work, and I’ve come to realize that the reason that I’ve been working with security hardending & security audits so much lately is because security is so invisible to clients.
Given a site, with no knowledge of the source code, anyone can easily judge it’s UI, the systems that are needed administratively, it’s design merit.
But the security of the site, or more importantly the insecurity of a site, can lie invisibly in wait, unauditable by a layman.
The only things that I can think of to combat this issue are: third-party involvement in security, or never having a site developed initially by only a single coder. Even if that means there’s an amateur programmer involved just for the capacity of code review or making sure that the code is understandable & clean.
I suppose even that isn’t going to prevent insecurity. Even smart experts fail at security sometimes. That may at least make the code more maintainable and potentially give it more chance for an easier security review, though.
In the end, without a third-party security audit, a complex site infastructure is simply unproven.
Page 1 of 2
