Category: Community Blog

People often ask us for input on the best language to use when building a new product. In addition to passing along information about the availability of certain skillsets, we reach to our network for technical input. In this vein, Todd Ellermann, VP of Engineering and IT at Virtualtourist.com (and the founder of the South Bay Java User Group – http://www.sbjug.org/), offered the below insights on why Groovy and Grails is his language and framework of choice.

Fun Fact: The Internet began as a single page at the URL http://info.cern.ch/hypertext/WWW/TheProject.html.

What is Groovy and Grails?

Groovy is a dynamic programming language for the Java Virtual Machine with modern programming features similar to Ruby or Python.  I like to think of it as a modern Java that is more readable, testable and maintainable.  Arising out of the Groovy language is Grails, a web application framework which takes key industry learning’s from frameworks like Rails and brings “Code by Convention” to the JVM, all while leveraging the established ecosystems of Spring and Hibernate.  Also important to note is that Grails compiles into a WAR file and can be deployed on any existing infrastructure running application servers like Tomcat, Websphere, WebLogic, JBoss, or Jetty.

Why would I consider moving my development team/process to use Grails?

Productivity, Productivity, Productivity!  In the four years we have been using Grails at Virtualtourist.com we have seen a doubling in the amount of new product delivery a single developer can produce using grails.  In addition, we see about 30% more refactoring, occurring naturally as part of every project. Prior to introducing Grails, we had zero functional, zero integration and zero unit tests. We now have about 40% test coverage for integration and functional tests.

How much productivity loss will it cost me to change technology platforms?
In our experience, 14 developers and 4 years later, the average software engineer with at least 2 years of Java, Spring and Hibernate experience makes a 100% transition in 2-3 weeks. In fact, engineers demonstrate significant productivity gains within 60 days, with no formal training – using only books, the web and simple intranet applications to get started.

Is Grails “Enterprise ready”?

Grails has built in i18n support.  You can leverage all the libraries of Java to connect to enterprise systems like MQ Series, SAP, AS400, and consume web services of all types (SOAP,REST,XML-RPC).  Over 100 companies worldwide offer Grails development services including SpringSource (a division of VMWare). Grails supports all the major RDBMS systems and any NoSQL solutions that have Java drivers.  There are over 4000 people on the grails mailing list and there are currently 800 open source grails plug-ins available.  Grails has Spring Security (ACEGI) or Apache Shiro as readily available plug-ins, and has a CAS plug-in to talk to ActiveDirectory(LDAP).  There are lots more questions to truly answer the “Enterprise ready” question, but these were the highlights that caught my attention.

Will Grails scale/perform?

My response will have to be anecdotal – because it’s the only kind of data I have, but Virtualtourist.com is now 97% Grails and has over 12 million pages indexed in Google.  We service 100 requests per second with an average time to deliver HTML to the browser of 500 milliseconds.  Our load testing indicates to us with our current infrastructure and configuration that we could handle a spike of up to 3000 requests/second and maintain the current load times. It is my understanding that BigLots is using Grails to service their web site with approximately 4 million monthly visitors (http://www.trafficestimate.com/biglots.com).

Should I use Grails for my startup?

I would choose Grails for any startup I was involved in that did not have an existing team of non-java developers.  Free tools like Spring Tool Suite IDE and the plug-in ecosystem, code by convention features, rapid prototyping tools, availability of competent developers (Java), and long term scalability of the platform make Grails a great choice.  I would also consider using it for any intranet application that needs to be quickly thrown together to improve company productivity or prototype a proof of concept.

Why do you sound like a Grails commercial?

After 15 years of building web applications with Perl, Ruby, PHP, ASP.net, and Java, I find Groovy and Grails to be the same leap forward that, 14 years ago I thought about Java in relation to C++.  Unfortunately, I also hear people confusing Grails with Rails. I believe the founder of Grails (Graeme Rocher) chose the name to convey his use of the lessons learned in Ruby on Rails. Nevertheless, I fear people, not to mention disengaged staffing firms, confuse the two platforms more often than one would expect.

If you want to learn more I highly recommend visiting http://www.springone2gx.com for more information about a conference which is run by the No Fluff Just Stuff guys in conjunction with SpringSource.

Due to the crunch on technology talent (particularly with developers and engineers), companies have had to get creative to find great candidates. Even more so, it has become equally challenging to breed company loyalty in the new world of software engineers jumping from job-to-job every year or two. Zynx Health, an evidence based health care related SAAS company in Westwood, looked to solve this problem by developing a rigorous internship program. Below are insights from Alex Tatiyants, Director of Software Development, about how Zynx developed a successful internship program amidst a crowded market.

Fun Fact:  Server side PHP is used as a programming language for 78% of websites – 95% of which use PHP5.* 

I work for Zynx Health, a small company based in Westwood. Like many other small companies, we’ve struggled to attract top technology students for internships. For some time, we have wanted to improve our program and actually compete for the best and brightest against the Googles and the Facebooks of the world. To achieve this goal, we had to first understand what the best intern candidates look for. While average students aren’t especially particular about what they want from an internship, the top students are. By and large, they want two things: real-world experience and meaningful work.

Armed with this insight, we designed our Summer Internship program, dividing it into three defined phases: Prep, Boot Camp, and the Intern Project. During Prep, interns split their time between working alongside engineers (contributing in any way they can) and preparing for Boot Camp – a week-long training course on all of our technologies and practices. All interns are assigned a topic and a mentor who provides general guidance and advice. Interns are responsible for preparing all training materials (some lecture, mostly labs), which they use to teach each other. Right after Boot Camp, the Intern Project phase begins. Due to our urge to give interns meaningful work, their goal is to implement a new feature which we can actually release. The interns are fully responsible for every facet of the project, from story writing to deployments. They set up a CI pipeline, TDD (test driven develop) their code, program in pairs, write functional tests, etc.

As it happens, our internship program succeeded beyond all expectations. We were able to find some great people (we’ve hired two fulltime and will likely hire more). Intern Projects have all resulted in functional products with well-written and well-tested code. Most importantly, our interns had a great time getting tons of real-world experience while doing meaningful work.

*Source: W3Techs

Professional comedian/sketch comic Geoff Plitt is also known as a highly-talented engineer (Google alum) and entrepreneur. We interviewed him to get his insights on the technology and start-up scene in LA.

Fun Fact:  The Internet is the fastest-growing communications tool ever. It took radio broadcasters 38 years to reach an audience of 50 million, television 13 years, and the Internet just 4 years.  reliableplanet.com

There’s been a recent surge of incubators in Los Angeles. Why?

Incubators (aka “accelerators”) offer early-stage startups vital resources (usually including office space, business classes, advisor/investor introductions, strategy, and of course cash) in exchange for a portion of equity. They’re usually pretty selective, and the startups that get in are grouped together in a “class” that becomes remarkably tight-knit through the experience. Startups are by nature small and isolated, so starting out with a strong network of people going through the same thing is huge. Laffster was born out of the excellent incubator MuckerLabs, and I can’t imagine starting a business today without one, I highly recommend it.

You transitioned from engineer to startup CTO; why the move, and how has your experience changed?

I cut my teeth as an engineer at Google and then joined a few startups before starting one of my own. I’m glad I did, because working for other startups prepared me for the exhausting pace and rollercoaster of emotions, and working for Google taught me how to scale websites with cloud computing. I’ve always been a natural teacher and team-builder, so I knew I was looking for something more than just engineering, and Laffster has given me the opportunity to do all of the above.

Why focus on a single vertical (comedy) when creating a product, rather than casting a wide net?

Well, I’m a standup comic with improv/sketch training from Second City, so I’ve always been way into humor. And when I met my business partners, it was clear that we all shared a passion for comedy. But then as we started meeting with comedians’ managers and agents, and building relationships with psychology researchers who specialize in humor, our instincts were validated by experience – there’s a huge discovery problem in comedy (most people can name 100 bands, but fewer than 10 comedians), and it reveals a major opportunity in making it easy for users to find and share comedic content.

What are the newest web technologies you’re excited about, and why?

I think CoffeeScript is awesome because it brings syntax sanity and functional features to Javascript. I love Knockout.js for model/view databinding, it’s a simple framework with incredible power under the surface. Slim/Sass are really cool alternatives to HTML/CSS with syntax inspired by Python and Ruby. And I love MixPanel and DataDog for application metrics.

With so much demand for engineering talent in Los Angeles, what attributes do you look for when you interview a candidate?

I look for a strong computer science background, including knowledge of data structures and algorithms, complexity analysis, and discrete math. I also have candidates submit a code sample or do a coding challenge, and I’m always impressed by solutions with the fewest lines of code – it usually shows an efficient, trained mind. I also like generalists who can do a little design, a little frontend, a little backend, have used every major language. On top of all of that, I look for people with a passion for comedy. Gotta have that culture fit!

In the news, there is a seemingly endless flow of security breaches (Yahoo and LinkedIn being the most recent examples).  Despite being well publicized, major companies are not the only ones at risk. We asked our friend – and infosec expert – Ricardo Bruno, to share some tips and information on how business of all sizes can be more secure.

Fun Fact:  In 1988, Robert Morris infected computers nationwide by releasing the very first internet worm – using 99 lines of code.  http://bit.ly/b67PpV

Over the past year we have noticed a spike in news reports about information security incidents, and data breaches, what do you think is the main reason for this increase in malicious activity?

Most of the affected companies have been vulnerable to these cyber-attacks for many years. They may or may not have known about their risks, based on the effectiveness of their security efforts, or lack thereof. What really changed was that years ago, just a limited number of individuals and organizations could perform such attacks, today, with a multitude of security attack information being widely available, any tech-savvy person can perform such attacks with a small budget. Additionally, all the years of [information security] neglect are starting to catch up to businesses that don’t have a good understanding of why/how they must protect information systems.

What advice would you give to individuals and companies trying to make their systems and networks more secure?

Even organizations investing heavily in information security have been victims of successful cyber attacks. While we should all target to build and maintain secure systems, I have been saying to my clients that “Defensible” is the new “Secure”. Business should plan their security strategy around the fact that attacks will happen and vulnerable systems will be taken advantage of, it’s only a matter of time. With good understanding of this reality, companies can implement strategies to detect and contain successful attacks before they negatively affect the business.  Security teams cannot win the security battle alone, they need a voice representing security at the boardroom, so that security can be a building block for success.

Thank you for your time. Can you please leave us with some tactical tips that would help our companies stay on the safe side?

Thank you for having me! Below are some relevant tips for your audience.

CXO: Think of information security as a business enabler, something that exists to help the business succeed and protect its goals. Giving security a seat at the table will help the business better understand, manage risks, and protect its interests.

Product Folks: Make security a component of your projects from the get-go (i.e. make security a part of your SDLC process). Building security after the fact is painful and more costly.

Developers: Visit and get involved at the local OWASP [https://www.owasp.org/] community. They have a lot of resources to learn from and help you make a positive security impact through your work.

System Admin: The major software vendors, NIST, and NSA, frequently publish great guidelines on how to better secure their operating systems and platform software, check them out.

Desktop Support: Make sure your desktop systems have not only the latest operating system patches, but also make patching 3^rd party applications, especially browser plugins a priority, that’s where most of the attacks and infections are happening today.

Security Ninjas: Be nice, be patient, and stay classy.  Everything is going to be alright! We need to get more out there to foster relationships, and create allies within and outside our organization to help build a more secure community.

The tech meetup scene in LA has blown up, resulting in a thriving community of passionate users. Thanks to the tireless efforts of committed organizers, more specialized user groups continue to increase thought leadership of even the most obscure technologies. We’re bringing the exclusive insights from one such meetup giant, Joe Devon –  organizer/co-organizer of LAWebSpeed, LAMySQL, LASemWeb, LAMongoDB, LAPHP, SaMoTech.

Fun Fact: Domain names are being registered at a rate of more than one million/month.

Since you guys run a few different meetups, which group is the most popular and why?

LAPHP is the most popular. One third of the internet is powered by PHP. LAMongoDB is the up and comer. It’s pretty new and people need to learn it. It’s easier to get MySQL DBAs to a Mongo meetup because they feel they know all there is to know about MySQL, but not about Mongo.

What do you think members are most interested in? What type of topics drive higher attendance?

Big names tend to attract people, but I can never totally predict. However, we’ve never done this with the goal of getting higher attendance. It’s more about providing smart people a venue to share their knowledge, and of course the socializing and networking that happens.

How do you pick your topics and find speakers?

Sometimes a speaker approaches us. But usually the way I find them is by reading a blog post that interests me. Or I’ll stumble upon a really cool company, for example Dwolla. I’ll go right to the contact page and invite them to speak.

What does the average attendee get out of a meetup?

I don’t like to speak for others, but from the feedback I’ve heard it sharpens their knowledge, helps them get a job, or rather create a pipeline for the next job. Improves their industry outlook.

How can the local tech community help you further grow your meet up groups?

Offer to speak at meetups. Offer to sponsor them. It’s easy to get a sponsor for food, but if we had a travel budget, we’d even kick it up a notch in terms of quality of speakers.

Do you have any advice for aspiring technologists who are new to the tech industry in LA?

Come to the local meetups!

If someone is interested in creating a meet up, any suggestions?

If the topic is covered, offer to help out as a co or assistant organizer. Otherwise, just start a group. Nothing is stopping you!

How has the LA Tech community changed in the last three years, what are your hopes and expectations for the next three?

It’s grown far beyond our expectations. There’s also a bit of a startup bubble in my opinion. My hope is that when the bubble bursts, people realize that Los Angeles is a great city for tech. Silicon Valley gets the glory, but from what I hear there’s a lot of groupthink there. Whereas in Los Angeles you better have a good business plan or you won’t last long.

We often mention our efforts to help build the technology community in LA. In fact, at a recent networking event organized by Q, we were excited to present a panel discussion on Semantic Web and Big Data. Considering the insights of the expert panelists, we thought we might share a bit of the knowledge with the community at-large. In that vein, Q is proud (and frankly very lucky) to present the expert thoughts of Semantic Web guru Chris Testa. Chris is formerly the VP of Technology at Adly (and has worked as an engineer at Google and YouTube) and is currently working on a new start-up that is focused on Semantic Manufacturing.

Fun Fact: The annual cost of dirty (or bad) data to US businesses is approximately $600 billion.

Semantic Technologies – they’ve been harped on for a dozen years by the World Wide Web’s creator, but they’re rarely used in real commercial systems.  Semantics on the Web have traditionally implied abstract concepts that make your brain hurt.  I know because I did research on the topic while at the University of Maryland, and by the end I vowed to never use the archaic stuff again.  But all that changed when I joined a company where I needed a dataset to bootstrap a Big Data problem, with limited engineering resources.  I looked again, and found a dataset that was comprehensive enough for real problems, and easy enough to manage for a Junior Engineer.  Freebase is the name of that dataset, and it satiated my Semantic Web skepticism.  We successfully used Semantic data to drive business intelligence, create a richer user experience, and significantly increase REVENUE.  The Semantic web is in fact ready for prime time use.  Learn more about how with my 5 step process to easily linking Semantic data at: http://slidesha.re/m6bQco

Hackathons have become quite common in the technology industry. They are an opportunity for both aspiring and seasoned technologists to flex their development and entrepreneurial muscles. Recently, we have seen companies adapt the hackathon model in order to attract more talent or develop team skills. In this vein, Kevin Diamond, CTO of Hautelook.com, designed a hackathon to help increase the amount of iOS knowledge and ability within his organization. In fact, he was so pleased by the outcome and the skills/apps that his team built, he jumped at the opportunity to share his experiences and findings with the community at-large.

 

Fun Fact: 85% of mobile consumers use their phone while shopping in-store.

Being in the retail industry at Hautelook, the holiday season is one of the most important times of the year for our business. In fact, much of the work we do in the Fall leads us into this period. After Thanksgiving, we go into lockdown mode with an annual code freeze, customarily using the time to focus on things like framework enhancements and testing new concepts. This year, however, we decided to do something different and have a weeklong hackathon. Instead of being a typical hackathon, I had the team focus only on mobile development, with particular emphasis on iOS.

I took my entire group of engineers, regardless of whether they normally specialize in JavaScript or PHP etc., and threw them into a room to learn Objective-C. After one week of excellent instruction from our expert iOS engineering team, I had a dozen engineers ready to attack new programs. The real fun began in the subsequent week, with each team member picking something to build for an internal contest. For five days straight, the engineers coded away, all the while sharing ideas, tips, and tricks with each other. Although the more senior members of the team helped out their junior teammates, everyone designed and developed their own stand-alone apps.

At the end of the week, we had 10 entries ranging from a game-show like app centered around guessing the right price of something; to a magic eight ball which chooses upcoming purchases on behalf of a customer; to a photo-studio iPad application that can create on-the-fly photo albums from recently viewed products, all while taking pictures of new products. We judged the applications – and gave out prizes – based on criteria which evaluated creativity, complexity, and the essential qualities we look for in all HauteLook products. All of the entries were incredible, especially for being built in just one week by engineers who had little experience developing mobile applications. Best of all, now my entire engineering department can code full applications in iOS, in addition to their usual programming language.

Over the last several years, website login security has been one of the fiercest frontline battlegrounds between hackers and InfoSec professionals. Wayne Lee, who is at the forefront of Web Application Security, has years of experience defending large companies from hackers, ensuring a safe browsing experience for users. He brings his thoughts and expertise about the current state of authentication as well as a look into what will be coming in the near future.

Fun Fact: A six letter password (with no numbers) takes an average hacker less than 10 minutes to compromise.

Every time we log into our workstations, they perform several logical security checks around our authentication attempts, which is quite often comprised of one attempt per authenticated session (we’re good at remembering our work passwords). Several times per week (if not more) we gain access to applications and data critical to our work. We might even have to pass by guarded front desks and swipe our badges through elevators and secured access doors to get to our workstations. Physical security is obviously more than about limiting access to workstations, but it does provide another level of access restriction. In contrast, there are virtually no hurdles between users and a web application hosting their sensitive data. All you need is access to a browser sending data over HTTP. Except in the cases where multi-factor authentication is utilized, the only thing a user needs to do is enter their credentials into the web application. The security posture of the application can often be realized in the care an application takes in ensuring that the user’s credentials are safe guarded. That is, does the web application require a similar level of effort in the authentication checks used by the Windows workstation used by the developer to log him/her in? Does it require more?

As it happens, I ran into a popular web site a few weeks ago that allowed me to enter an incorrect password more than30 times. The application was vulnerable to a brute force attack to compromise users’ credentials. A popular mitigation strategy is to deploy CAPTCHAs to throttle down these attempts. CAPTCHAs also have their own security concerns that developers need to be aware of in that they can be broken through Optical Character Resolution (OCR) attacks. Using Account Lockout strategies or Multi-Factor Authentication can further mitigate these security concerns. Without such security controls to protect users’ credentials, an attacker can compromise an account in a matter of seconds.

In the last few years, popular sites have taken greater leaps in protecting user account data and credentials, particularly as authentication has become geo-location sensitive. Applications track the locations where the user is authenticated and reasonable deviations from authentication allow additional logic checks to verify the user. The strategy not only reduces account take-over from brute force attempts, but to some extent also mitigates Phishing activities. As the threat landscape continues to grow and evolve, popular web sites will continue to employ practices to mitigate risks with the net effect of changing what users expect as “normal” authentication processes. At a bare minimum, CAPTCHAs and timed Account Lockout strategies can greatly increase the barrier of attack on accounts. Gathering metrics on the number of user accounts compromised (hacked or phished) can also lead to having creative discussions on reducing the acceptable risks to a site’s users. For more information, Wayne can be reached at [email protected] or on LinkedIn.

Regardless of the product that you are building, data collection and analysis is likely an increasingly important component. Rand Fitzpatrick, currently the Chief Product Officer at OkCupid Labs (which is the R&D offshoot of the company), has deep experience as a product innovator with a strong background and understanding of technology. Below are his insights into how to challenge yourself to more effectively shaping and framing your data needs.

Fun Fact: Data collection volume increased by 400% in 2012.

This is a valuable question to ask repeatedly during the course of product development, from concept validation to feature iteration. It might seem like a somewhat simple and abstract question, but the process of answering it often yields a number of valuable insights. At the heart of all tech products exists some collection of data, with varying degrees of centrality to the business needs. Consider the following brief examples:

A CRM product might have hierarchical and graphically connected documents (contacts’ profiles and messages) as its core data models, where the size of each document can be relatively big, but the overall collection of documents won’t likely be overly large.

An analytical tracking system might center on time-series data, often in the form of key value pairs, and will have to deal with high volumes and velocities of data.

A market-like system could have records of inventory, with attributes of the inventory made explicitly available in the data to facilitate search, counting on it to also facilitate accurate representation of availability.

A dating product would need to model the attributes of people, and make sure that the data was structured in a way to enable quick and flexible parametric matching, clustering, and filtering.

It should be clear that these hypothetical examples mention only a core type of data that is dealt with in the product, as there will be myriad others involved. Additionally, these examples have only spoken about the data in terms of very high levels of abstraction, and not touched upon the lower level details. With a few examples at hand, and a notion that there are multiple levels at which we can think about the question, we can redefine the question “what shape is your data” in the following ways:

At a high level, what are the types of information that your product or business focuses on for the creation or delivery of value?

At a more discrete level, with the various types of data separated from one another, what are the models that best represent your particular data?

Finally, at a detailed level, what is the most natural implementation form for your data, given the models and uses you’ve conceived?

Answering these questions forces you to be more clear and focused about the core flows in your product, and then encourages you to decompose those flows into mechanisms you can understand and model your data around. Once you have that more clearly articulated picture, you can think about the detailed shape of the data, and implement the systems that will manipulate and process it. Is your data always going to be a stream of constantly-sized and typed data structures? Building around the concept of processing streams of tuples might be sensible and efficient. Is your data highly variable, with each record possessing its own structural properties? Document-oriented or property-graph databases might be good abstractions for your product. Are queries against document setsa core data interaction? Inverted indexes or trie structures might make for sensible representations of some of your data.

Walking through this exercise – going up and down the ladder of abstraction – allows product developers to check their understanding of the flow of data in their market to get clearly focused models in place. They can use those models to choose the best implementations and tools to support the value of the system as a whole.

So…what shape is your data?

For more information about Rand and OkCupid Labs work please visit www.okcupidlabs.com.

SOLVE THIS RIDDLE:

• It has multiple paths and is critical to both small and large organizations.
• It is embraced by nearly all employees, yet frequently ignored by businesses.
• Its absence can block a company’s ability to grow, yet requires little investment to build and maintain.

Fun Fact: In 2012 there was a 12% drop in employee attrition in the technology sector.

Answer: “Employee Development”

Companies that consistently perform well tend to have engaged, productive, and highly satisfied employees. A common thread amongst these companies is the continued focus on developing their human capital, aka “employees”. Often, businesses spend a tremendous amount of time recruiting, onboarding, and ramping-up their employees, with disproportionately less time in supporting their ongoing growth and development.

Any effective leader in today’s market should have employee development as one of their top priorities. Moreover, it should be individualized so the employee can clearly identify the connection between their development goals and the company’s growth. If the connection is clear, the employee naturally becomes highly engaged, and committed to the ongoing success of their team and organization.

One of the areas often overlooked in developing employees is in accounting for the generational divide. In today’s company makeup, a Software Engineering team may include a “GenXer,” and “Millennial” not only working side by side on the same project in a similar role, but sitting down together and pair programing! Now add a “Baby Boomer” to the mix, and you’re looking at well over a half of century of diversity. While these employees may perform similar roles, they communicate differently, and possess a different set of motivations and goals. Recognizing and adapting to the generational differences will further assist in aligning an employee’s development towards the business’s success.

If your business is motivated to support employee development “primarily” as a defensive tactic to reduce employee attrition, it’s the wrong priority. Employee retention is critical to the success of every business; however, it’s a means to an end. An effective employee development strategy should focus on cohesion with personal and company goals. The result is a force multiplier where each team member is aware and highly engaged in their individual growth, while in support of moving the business forward. Improved employee retention becomes a logical byproduct.

Regardless of how you implement your employee development strategy, it should be a targeted effort to feed your employees potential, while continually adapting to shifting priorities of both the employee and the business.

Erik Kellener is a technology and operations consultant to leading U.S. consumer brands in Media & Entertainment, Travel, and eCommerce. His work increases revenues, reduces operating and capital costs, and improves efficiency company-wide.