So-long blogger and thanks for all the fish. My content to date will live on here for as long as google keep the bits spinning. Find my new blog at http://blog.timwise.co.uk/2017/01/17/new-year-new-blog-happy-2017/ which will live for as long as I pay ...

Click here to read this mailing online.

Your email updates, powered by FeedBlitz

 
Here is a sample subscription for tim@timwise.co.uk


"Tim Abell's blog" - 5 new articles

  1. New year new blog
  2. javascript dates in firefox and locales
  3. yet another good-commit-messages post
  4. Starting up a startup
  5. Dealing with dodgy recruiter tactics
  6. More Recent Articles

New year new blog

So-long blogger and thanks for all the fish.

My content to date will live on here for as long as google keep the bits spinning.

Find my new blog at http://blog.timwise.co.uk/2017/01/17/new-year-new-blog-happy-2017/ which will live for as long as I pay wordpress.com's bills and don't screw up my DNS config.

See y'all on the other side. Don't forget to subscribe to the new RSS feed.
    

javascript dates in firefox and locales

Today I learnt:

You actually have to reinstall firefox using a different download to get `new Date(dateString)` to use a different date format (i.e. non-US).

https://jqueryvalidation.org/date-method/

This method should not be used, since it relies on the new Date constructor, which behaves very differently across browsers and locales. Use dateISO instead or one of the locale specific methods (in localizations/ and additional-methods.js).

So if you're using chocolatey or boxstarter like I am (my boxstarter script) you need to add the locale flag: https://chocolatey.org/packages/firefox

choco install Firefox -packageParameters "l=en-GB".

Reinstalling the package with --force is sufficient to change it.

It would seem chrome has no way change the format from en-US.

To be clear the correct solution is to do as the documentation says and not use that method, however it's a bit mean having a pitfall like that in the API. And sometimes you just have to work with the code you have...
    

yet another good-commit-messages post

Some guidance for writing better commit messages:
 

    

Starting up a startup

I've been contracting for 3 years now, which fits nicely with my drive to have real customers and build business(es). But I still have an itch. I've now found something to scratch that itch (taking the metaphor too far, sorry about that).

I'm going to write about my latest adventure here, from the perspective of me as a coder who's aspiring to be an entrepreneur, so if you're interested in my personal journey on this then do add my blog to your rss reader etc. of choice. I'll try and tag them all with startup so you can filter if you aren't interested in my other ramblings :-)

This post tells the story how I got involved in this startup, and some of the technical choices made so far and what we have in place already.


So here's how it started for me:

I found out via twitter that the the startup britain bus was coming to Reading, so I went to say hi. They were a friendly crowd, and whilst there I found out that there's actually a new startup group in the area called ConnectTVT associated with the new co-working space called grow@greenpark over in green park just off M4 J11. That beats traipsing into the big smoke for me and is just the kind of melting pot I've been looking for. I know plenty of tech folks given that I'm a professional coder, but it doesn't seem sensible for me to start a business with people with the same skills and the same blindspots as me. None of my "normal" friends seem to have the same entrepreneurial itch that I do; I needed a broader pool. I went straight from the bus to grow to check it out and met some more lovely friendly people. A few weeks later (I think) I went back again for one of their startup grinds to see what was going on. There was a small group of interesting people with diverse interests and talents, from accountants to designers and a few tech folk. One of the people there, Richard, had an elevator pitch for a new take on the property market which made some sense to me and seemed well received by the group. All the people there offered their various advice and help. Richard has had experience in the property market that's led him to this insight and having mulled over the idea for quite some time was interested in how this concept might become something more real. Lacking the tech background to just go and build it himself he was interested in what kind of scale of task this might be and how to find people who could help. I offered to provide advice any time and passed Richard my contact details. I didn't at that point have any plans to get further involved.

I very much enjoyed meeting everyone, and went home with a head full of ideas and inspiration. I found myself still thinking it all through in the small hours that night, regularly grabbing my phone to make yet another note on the trello app detailing some idea about this property thing and how it could work, how you might get over the network-effect bump etc. Clearly this wasn't going away. So I messaged Louize who runs the meetup to get in contact with Richard and said it had been keeping me awake with ideas, and she got us in contact again.

After mulling the whole thing over for a bit longer, it occurred to me that there is no reason I couldn't do more than just provide advice, and maybe I should offer to provide a more concrete involvement. After all, I think the idea is great, and it's not like I'm busy making any of my other ideas I have into businesses yet. Richard would certainly be much better able to build at a much lower financial risk with a technical co-founder. So after a load more discussions around the idea, the odd trip to the pub and some discussions around practical arrangements that is now what we are doing.


How's it going?

The first thing has been to really understand Richard's vision, this has mostly involved talking lots. I set up a trello board for the startup, and that's been great for doing a brain dump of all the ideas and todos, and getting them into some sort of organisation, then moving them into "do later" or "needed for launch" kind of groupings. I've also pointed Richard at balsamiq mockups, which these days has a slick web based editor and presentation mode. I've used it in the past to great effect when helping stakeholders in other projects understand what they're really likely to get before all the expense of building the wrong thing. In this startup it's already been really useful for hashing out ideas of how the site might work and even for getting reactions and insight by way of putting it in front of people and seeing if they understand the concept and how you would use it if it were a real thing already. Inspiration for this process is taken from the excellent book Don't Make Me Think.

Hosting choices...

In terms of building something real, Richard bought a domain, so we have somewhere to put it. I spent forever over technical choices because basically you could use just about any technology stack, any programming language, cloud PaaS, IaaS or private servers etc. and in fact they would all work. There's actually nothing to completely rule out anything. Some great things have been built on top of apparently terrible technical choices (wordpress is lovely but php that it's built with is known for being buggy and hacky). There's much stock put in "cloud" these days, and it does have benefits such as infinite scalability (of your wallet), but it comes with an overhead of complexity and potentially vendor lockin (though that like everything can be mitigated). So call me a luddite but I've gone for an old fashioned linux VPS (virtual private server) where I can easily put a ceiling on costs till we have an income. Unlike so many modern startups that rely on farming people with free shiny stuff until they have enough they can magically make money off the back of them, burning VC cash all the while in the name of profitless growth, we're going to provide users with value, and charge them appropriately for that value, which naturally puts the brakes on the kind of explosive growth of free users that can overwhelm an ambitious startup's site. So I've made a decision at last, hunted around for a provider I could trust and bought some hosting. There's a lot to choose from so I needed a way to narrow down the field, especially given there's a lot of not very good and not very well supported VPS offerings out there. I thought there might be an advert in Linux Voice magazine, which is where I found my uber-geeky ISP A&A (check out the boss's blog if you want to know how far that rabbit hole goes), but there weren't any. So I hopped on #linuxvoice on freenode irc and asked in there, and sure enough the good folks at the mag said they'd been using bytemark and had been happy with their support. Sold.

So I bought bytemark's basic VPS offering, and now have a server on the internet that I can point everything at and run everything we need on no matter how quirky the needs. While we have a manageable number of users this should suffice, we're not planning any multi-million pound TV adverts any time soon. I expect if we're successful we'll have growing pains no matter what platform we're using, it's non-trivial to scale even if you're on a so-called scalable platform in the first place. There's lots of gotchas, unexpected interactions and bottlenecks in any system as it grows.

If it sounds like I'm trying to rationalise my decision that's because I am, I'm aware that whatever technical (and even non-technical) decisions are made at this earliest of early stages have rippling effects that are hard to reverse once you build more on top of them. However equally no matter which choices you make, none of them are truly irreversible, and there are myriad ways of tackling any of the problems that come your way in time. I've had the privilege of seeing teams that are running decent scale operations in both .net and ruby on rails, which are two very different platforms with different cultures and different sets of problems, but interestingly the difference in the overall scale of the challenge and how easy it is to get things done in the long haul was not noticeably different as far as I could tell.

Mailing lists and landing pages:

The first goal is to have a way to let interested people know when we've got things to show them, tell them the story, and when we need their help. That means a mailing list. Bulk email isn't for the feint hearted these days in the modern world of aggressive spam filters, SPF (no not sunblock), domain keys and increasingly rigid legal constraints as we try to fight outright spam on the wild west of the internet so I don't fancy doing it all myself. My go-to service for this is mailchimp, and I haven't been disappointed. But for this to work we need an email address, and that means MX records and pointing it at some mailserver somewhere. I did look into gmail as a possible shared mailbox but it doesn't seem to do what we're after, so now I have a server running anyway I can just use that. No artificial limits, no snooping, no unwanted advertising.

It turns out that bytemark provide a very nice customised build of debian called symbiosis, which has a bunch of useful services already installed, and a watchdog service that'll restart anything that's fallen over. Nice! It didn't take me much fiddling to get the basic web hosting to behave and get an email account on it set up. I then used the domain control panel to point the A & MX records at our shiny new server (by way of a bit of chaining of CNAMES which will be slightly slower for the first lookup but will be easier to maintain). I then had to redo the web and mail hosting because I hadn't realised that bytemark had made the server do multiple domain hosting using a neat folder based system, but that didn't take too long and it's all good learning time without customers breathing down one's neck!

I've now done a rudimentary holding page for the domain, with a sign-up form for the mailing list, which was goal number one. You can see it here: http://www.xchain.co.uk/. If you're interested in the concept or progress then please do sign up to the mailing list. It's easy to unsubscribe if you get bored of it ;-)

I've added google analytics to the site, which is very useful albeit slightly evil, so at least we'll have some idea if it's getting any traction as we start to spread the word (taking all stats on the internet as extremely approximate of course). I might switch to one of the more libre solutions at some point but that would require a bit more time and this is after-all a commercial venture and not an open source project. Much as I like working on open source for the greater good, I haven't yet managed to make it pay the bills. I think it's important to have metrics for a startup so you can tell if what you're doing to spread the word is actually having any effect, and what might be putting off potential customers.

We've sent out a mailing or two to the few people we've got signed up at this early stage (hello mum!) as much for practice as anything, and I'm impressed with mailchimp's collaborative capabilities and previewing system.

Tech stack

You may have noticed I still haven't entirely picked a stack, nothing I have so far has locked me in to a decision. I don't want to be paying for or locked in to Microsoft's world (and the associated treadmill of change), so although I do their stuff for a living I don't want to tie my own startup to them, so that's out. I'd prefer an open source stack as I think it matters whether you enjoy working on the platform you've chosen, and open source is just so much nicer to work with as a coder / dev-ops. Currently I'm thinking a golang based server, backed with postgresql (the industry's finest database) serving up a JSON/REST API to an AngularJS + Foundation frontend. This gives us scope to rework the different parts as needed, and to bolt on dedicated mobile apps later.

Web design

There's no design in the current holding page as I am no designer (frustratingly, but that's a whole other career path), and we're still working out how to pull design talent into the whole shebang in a sustainable way. Richard has put me onto webflow, which maybe will get us started.

My first learning of trying to find a freelance designer was that I need a "web designer" not just a "designer", being from the web world I hadn't appreciated the importance of the prefix and attracted all the wrong people.

Further reading...

Having this startup has encouraged me to broaden my reading and listening habits further. Here's some of things I've been catching up with:
 --

Please do drop me a line if you found this interesting in any way. tim@timwise.co.uk works best for me.


    

Dealing with dodgy recruiter tactics

So I'm back on the contractor market again, and while many recruiters try and be reasonable, there are enough out there using underhand tactics to make life difficult and potentially jeopardise a good contract.

The one I plan to tackle this time round is "multiple submission", this is where you end up with your cv landing on a client's desk from two different recruiters. I gather this can be the nail in the coffin of a contract even if the client was keen - who wants to be stuck in the middle of two recruiters fighting over the commission?!

Principles


The first step is simple, which is don't agree verbally or otherwise to be put forward without first finding out who the client is, and make sure you keep track of who sent your CV where. I find Trello is a good tool for keeping on top of the fast moving and often fragmented information you get when hunting for contracts.

Recruiters are often hesitant to pass on the client's name, and this is understandable as if you were to go round them then they'd lose their commission which is how they earn a living. Worse, if you let the name slip to another less scrupulous recruiter then they may try and get your CV in first themselves without asking and in doing so sour the deal for everyone. (They often fish for names with phrases like "I need to know who else you've been submitted to in order to avoid duplication" - this is a lie, you can manage this fine yourself.)

To tackle this I recommend the following:
  • Never share their client's name with anyone else, especially other recruiters; make it clear this is a point of principle.
  • Prove your integrity by politely refusing to tell recruiters who ask, they might have liked the name, but they will be more likely to trust you in the future for respecting the wishes of other recruiters.
So that's the easy bit which I've been doing for some time...

Picture of an otter's head poking up in the sea.

Technical measures


There are unfortunately a bunch of particularly unscrupulous recruiters out there like sharks in the water who will without your permission, or possibly without ever contacting you, send your CV to their "client" (or just some poor manager they've found to spam with CVs). You can't tell them not to if they've never asked you, and it can still ruin a deal. So what to do about that?

If you're looking for contract work, you really need good exposure, so having your CV all over the place like leaves in the wind is not a bad way of getting the word out there (bear in mind I'm looking for work for my contracting company, which is a different ball-game to finding that perfect permanent role). It's actually pretty hard to control at all if you're dealing with recruiters because as soon as you include your CV in a response to posting on JobServe it'll be dropped straight into that recruiter's pool of CVs, and some recruiters even pool CVs between them using services like iProfileUK.

My plan of action is this: having just brushed up my CV, it will contain the following text (as does my LinkedIn profile):
Recruiters: this CV is not authorised for distribution to your clients. Please contact me for permission to represent me and for a separate copy containing an authorisation code & gpg signature. Thanks. To prospective clients, if you receive my CV without these then I haven't given permission to be represented.
Okay, so far so good, but any unscrupulous recruiter could just strip that out and send it anyway, and how would I be able to make a client comfortable that they can tell this scumbag to jog on?

So before I agree to be represented by a particular recruiter to a particular client (which I have no particular objection to if they've found work I otherwise couldn't have found), I will be needing the client's name. I will add this to a list of who has authorization to send my CV where; I will then generate a customised CV (via mail merge) with explicit permission to represent me to this specific client included in it, and a note that any CVs received without this are unauthorized by me.

To prevent a recruiter cottoning on and just generating this themselves I will then be gpg signing the result, which can then be checked against my public key, proving that it did indeed come from me (assuming my pc hasn't been hacked of course but I haven't heard of any recruiters going that far, if they could they'd probably be security consultants instead of recruiters!). 

My public key


My current public key for tim@timwise.co.uk is available on the public keyservers, or you can download it: my public key on dropbox. Primary key fingerprint: 74D4 2A4C 9055 07C5 4A7E  3C9C 26C6 E087 28CD F8EA.

Technical details

Using libreoffice calc, codes are generated with the following:

A cell containing allowable characters in the codes as text: 0123ABCDEF etc for this example this is in cell "F1".

A row for each authorized representation containing this formula to generate a unique authorisation code: =CONCATENATE(MID($F$1,RANDBETWEEN(1,LEN($F$1)),1), [repeat the "mid" clause once for each digit of the code to be generated] )

There's then another concatenation cell to generate the message to add to the CV. This is then copy-pasted into a file, and signed with gnupg on the command-line of my linux box. Here you can see the signing happening, followed by verification that the file is signed properly (as the client might do if they suspect a recruiter is reusing my CV for without my permission).

$ ./sign.sh
#!/bin/sh -v
gpg --clearsign authorization.txt

You need a passphrase to unlock the secret key for
user: "Tim Abell <tim@timwise.co.uk>"
4096-bit RSA key, ID 28CDF8EA, created 2015-01-20
$ ./verify.sh
#!/bin/sh -v
gpg --verify authorization.txt.asc
gpg: Signature made Thu 29 Oct 2015 01:02:52 GMT using RSA key ID 28CDF8EA
gpg: Good signature from "Tim Abell <tim@timwise.co.uk>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 74D4 2A4C 9055 07C5 4A7E  3C9C 26C6 E087 28CD F8EA
the contents of the signed file is then copy-pasted onto the end of a CV and sent off to the recruiter to relay to their client.

Examples

I've uploaded a couple of files for you to try out verifying, one with the original message, and one with a forged message where the client's name has been changed. See if you can figure out which is which:
Here's an example signed authorization with a valid signature for the end of my CV (mail merge fields in bold):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim Abell has given permission for Test Recruiter Ltd to pass on this CV to Some Client on 28 Oct 2015; auth code 662QP93XP4. Any copies of my CV received without a valid signature have not been authorized for distribution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWMXA8AAoJECbG4IcozfjqtKYP/0DGQBU64kRsAqmnkpRkJEIo
5gu1RVvozLE1AjE+/l7cq3LHo9jr3FUeigFD+DRcxVnfUT4pmyWHJYaqiYkm6MFf
dx/3DAwj9g1sUOr4Ef0CN3MuSiP0HqrNanRCao0qxvCw9GJlKO+vTJlo8ZZMt+V0
ImNxAIwjwKKLTvaLc7nxAlyjS8ZVuykBO5BTu5NnP4oDD359g1MEa6wI61et6bmj
jvQiSQpqJnHxs+EN1QvrkVuDLZUT2OOQxwnKJV3WfI87YBuaMH/Eguor5NIQvnXT
Z0vm5WbVgbadvpL5MP722EiNx+Ab4VCPJmEkrarH24em8f+JbZsvU753rZ4zgbOO
TtO71Bn2DtjvgT6cVEytDbpJcl0pAhCjbSYkFCXOQYeP9lcBopbdTJ6nRcFcFEFK
wlMcf+Cw/9WnYwyPMaWJi2zggJjLoWX2vRV5yUVa7y92pi9Fi2ow6Cru8WgXz/WW
FMqOTDdRcYbDWCcDT7vc3oW0yfIkaCxnSm1jcg+/VUr1X/9zuNxcV+qRPUJ15fYR
ii+cw/hIEqxn0tr+6eUsDmKdmS87PGGpo0wlGf3z7peytITIPf9y8bs2+N8ok6kA
8IXtZXqzYO3qnaIw2JUQidm/0zQ8xz4UNsSrqN2ZsxDtqGeDgHAn7+yFH7dvfTTV
ndYHkrMcYt1Yn5AmIsgZ
=tFS7
-----END PGP SIGNATURE-----

    

More Recent Articles


You Might Like

Click here to safely unsubscribe from "Tim Abell's blog."
Click here to view mailing archives, here to change your preferences, or here to subscribePrivacy