Eric Wise

August 2005 - Posts

• How To :: Keep Your Best Talent

  I've spoken previously about interviewing developers from an employer perspective, interviewing from a potential employee perspective, and signs that developers are worth their salt.  Now I figure it's time to talk about the developers in your organization that you actually want to keep.  I've seen some companies do some pretty boneheaded things that offend and otherwise drive their best talent away and then they're mystified at why this has happened. Sometimes Nothing is Better Than Something The only thing more offensive than getting no bonus or salary increase is getting one that is so insignificant compared to your accomplishments that it feels more like a "slap in the face" rather than the reward it was intended to be. For example, a worker I know who works in the utilities industry came up with a new way of performing routine maintanence on some equipment that when down for maintenance costed tens of thousands of dollars a day.  The maintenance being performed is highly complex and usually lasts 45+ days.  This new procedure ended up cutting 15 days off the average maintenance, a savings of $150,000 every time this maintenance had to be performed.  Surely, the boss was pleased and wanted to reward this innovation from an employee.  Upon coming into work the next week the employee was presented with a $20 gift certificate... to subway... Now being that this worker has family of 5, that probably won't even cover a family meal at Subway.  The point is though, when a worker knows they've saved or made a company big bucks, a reward like the one in this story is pretty much a slap in the face. Keep Your Eye on the Market This is more applicable to your junior and midlevel developers.  (A good midlevel developer seems to be worth their weight in gold these days, but that's another story for another day) There is a magic % inside most employees.  The % represents the amount of salary increase it would take to make them change jobs even if they were otherwise satisfied with their position.  Case in point, an employer I know got started in the IT business soon after the dot com crash when salaries were the lowest they've been in a long time.  They have a fairly talented IT staff and they've been pretty good to them as far as most companies go except in one regard: they embraced the standard 3-5% annual salary increase. The market in the area has recovered and started to boom.  With something of a worker shortage in the area, salaries and benefits being offered by competitors are increasing much faster than the standard 3-5% salary increase.  Instead of reacting to the market quickly, the company has stuck with their salary structure and now the end result is most of the mid and senior level people are underpaid by 20%+.  The first symptom is that new hiring has become difficult for the company.  Frequently, they've made offers to workers who have rejected them having received better offers elsewhere.  Consider this to be warning sign #1.  The second warning sign was when a few employees resigned citing better offers from other companies.  At this point, a wise executive who wants to keep their workers needs to take a serious look at the market rate and the compensation being paid to developers.  Instead of moving quickly in this direction, the company continued to sit on their hands and now suddenly there seems to be a mass exodus from their staff.  They've lost over two thirds of their mid level talent now, which has a huge productivity and opportunity cost for the time and effort it will take to replace them.  In the worst case, they'll panic and just "import bodies" and bring in unqualified workers which will cause even more damage in the long term. It's Not All About Money You Know Yes, those of you on a tight budget are thinking "How can I afford to keep up with these large companies like Google buying everyone up!?".  Fact of the matter is, you can't.  Nearly everyone has a price.  But what your goal should be is to keep your workers satisfied.  A happy worker is going to require a much higher benefit in leaving than one who is disatisfied.  This is just common sense. There are many intangible benefits you can implement to increase employee satisfaction without costing you a dime. Praise your workers- It's amazing how many management types forget to say "good job".  Compliments are cheap, take no time at all, and make a world of difference to a lot of people.  Being grateful and appreciative to your staff (but sincere) is a fast way to build loyalty. Institute worker friendly policies- FlexTime is a great one.  Casual dress when it's appropriate.  CompTime if your employees go above and beyond the call of duty and work excessive hours for a period of time. Small ways to say thank you- There are lots of inexpensive ways to say thank you.  Take your staff out to a nice lunch!  For a team of 10 this will cost less than $200, and the benefits to morale and loyalty far outweigh the cost. Pimp out the workspace- Equipment is a business expense.  Business expenses are tax deductable.  Push for that extra money in the budget to furnish dual monitors.  Give employees a semi-private work area free of noise and distractions.  This is especially effective with geeks, give them geek toys to play with.  I know a company that furnished iPods to all its IT workers so they could listen to music while they worked.  An iPod costs less than $200 and wow what a morale boost! Posted Aug 26 2005, 12:43 AM by Eric Wise with 12 comment(s)

• A Public Spanking For Nextel

  Dear Nextel, Thank you very much for your online account system being non-functional for the last 3 weeks so I couldn't pay my final bill. Also thank you for having a phone bill pay system that seemingly does not recognize my account number. In addition, I would like to thank you for a machine calling my house several times a day, waking my baby, and leaving an automated message about my account status that asked me to call a number with a pin that was not found. Finally, I would like to thank you for a customer service line that kept me on hold for over 15 minutes without speaking to a human being. I am mailing my payment via snail mail, the only payment besides my rent I make manually. Needless to say I will never again use a nextel service. Sincerely, Eric Wise Posted Aug 24 2005, 10:39 PM by Eric Wise with 2 comment(s)

• Easy Assets .NET 1.0.1

  You can download the latest here. I have updated the images file names to be more read_friendly. I have also addressed the job description page problem (it wasn't really a code problem, the deploy folder was an older build... my bad). In general, if you just replace the WebModules, Graphics, and Bin folders you should be good to go. Posted Aug 15 2005, 08:00 PM by Eric Wise with 16 comment(s)

• ASP .NET :: Know Your Roles - Level 200

  Setting up role based security for a website is a Very Good Thing (tm) if you require flexibility in security.  Many organizations I've come across in my career struggle with security because they use a system based on user type instead of groups and roles.  The obvious flaw with user type is that over time you end up with a new user that is a "hybrid" and then you either have to add a new type, or adjust all the pages that reference the types which grants other users priviliges they've never had. The worst of all sins I've seen in this scenario is actually HARD CODING the user's userid into the page logic.  Messy!  So I'm going to show you a fairly simple way to handle role based security in a Forms Authenticated application. Step 1: Roles, Groups, and Users First things first, we'll need a structure that allows us to define application roles, define groups, assign roles to groups, and assign users to groups.  For the purposes of this exercise we'll set up the database structure like so: CREATE TABLE [dbo].[ApplicationRoles] (     [applicationRoleID] [int] IDENTITY (1, 1) NOT NULL ,     [roleName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,     [roleDescr] [varchar] (200) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , ) ON [PRIMARY] GO CREATE TABLE [dbo].[SecurityGroupRoles] (     [assocID] [int] IDENTITY (1, 1) NOT NULL ,     [applicationRoleID] [int] NOT NULL ,     [securityGroupID] [int] NOT NULL ) ON [PRIMARY] GO CREATE TABLE [dbo].[SecurityGroupUsers] (     [assocID] [int] IDENTITY (1, 1) NOT NULL ,     [securityGroupID] [int] NOT NULL ,     [userID] [varchar] (25) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ) ON [PRIMARY] GO CREATE TABLE [dbo].[SecurityGroups] (     [securityGroupID] [int] IDENTITY (1, 1) NOT NULL ,     [securityGroupName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,     [securityGroupDescr] [varchar] (200) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , ) ON [PRIMARY] GO Step 2: Setting up Forms Authentication In the Web.Config You've seen it before, and here it is again.  Simply edit your web.config as follows:     <authentication mode="Forms">         <forms name="BrilliantAuth" loginUrl="LogIn.aspx" protection="Encryption" timeout="30" path="/"/>     </authentication>     <authorization>         <deny users="?"/>         <allow users="*"/>     </authorization> Step 3: Edit the global.asax Now we have to set up the application to accept a list of roles and assign them to the current user.  We do this in the authenticate_request method like so:     Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)         Dim CookieName As String = FormsAuthentication.FormsCookieName         Dim authCookie As HttpCookie = Context.Request.Cookies(CookieName)         'Check for cookie         If IsNothing(authCookie) Then Return         Dim authTicket As FormsAuthenticationTicket         Try             authTicket = FormsAuthentication.Decrypt(authCookie.Value)         Catch             Return         End Try         If IsNothing(authTicket) Then             'Cookie failed to decrypt             Return         End If         Dim roles() As String = authTicket.UserData.Split("|")         Dim id As New FormsIdentity(authTicket)         Dim principal As New System.Security.Principal.GenericPrincipal(id, roles)         Context.User = principal     End Sub Do notice that I split authentication ticket's UserData property.  Sadly this is a string property so we can submit a collection of role objects so in your code somewhere you'll have to combine all your roles into a delimited string. Step 4: Login page ticket creation The last step is to create the forms authentication ticket for a successful login.  You do this like so:             Dim authTicket As New FormsAuthenticationTicket(1, loginUser.UserID, DateTime.Now, DateTime.Now.AddMinutes(30), False, loginUser.GetRoles())             Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)             Dim authCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)             Response.Cookies.Add(authCookie) This does require Imports System.Web.Security.  Don't fret over loginUser, it's just a class that I had created.  All you have to do is swap that out with your userID and the GetRoles() should be your delimited role string.  The SQL I use to GetRoles() is as simple as this: SELECT roleName from ApplicationRoles WHERE ApplicationRoleID IN     (SELECT DISTINCT ApplicationRoleID FROM SecurityGroupUsers       INNER JOIN SecurityGroups ON SecurityGroupUsers.SecurityGroupID = SecurityGroups.SecurityGroupID       INNER JOIN SecurityGroupRoles ON SecurityGroups.SecurityGroupID = SecurityGroupRoles.SecurityGroupID       WHERE SecurityGroupUsers.UserID = @UserID) Cheers Posted Aug 05 2005, 01:52 PM by Eric Wise with no comments

• Dude... WTF? (Or why I open sourced Easy Assets)

  Something of a mini-uproar in my email box and instant messager.  Why'd you do it?  Why are you giving away the software you work so diligently on? It's actually not as complicated as one would think... I'm busy, very very busy.  I'm working full time and then some on various projects and jobs, I'm building a new house, I'm also finishing up my MBA, and most importantly I have my wife and newborn son to think about.  The cold hard fact of the matter is that for me to pursue Easy Assets the way it deserves, I would have to take time out of the above, which at this point I'm not willing to do. In the meantime, there are tons of companies out there that have little or no asset management going on that are flushing money down the toilet.  So yeah, I feel a sense of fiscal responsibility to help out with this.  So there is some genuine good karma to this move. The second is my duty to the coding and ISV community.  I'm pretty active on my blog talking about my experiences with my business and also fairly active on the Joel On Software forum.  One thing I've noticed as a recurring theme question is "How viable is open source software?".  Can you really make any money releasing your source code into the wild?  Are there really users and businesses out there that are willing to donate a fair dollar to a free open source project?  How successful can you be selling customizations, hosting, and support contracts for a free product?  People go round and round about this with no clear answers.  Many products like OS's and browsers like Firefox do quite nicely, but what about the applications that run on them?  Not only this, but how about applications not in the FOSS world, but in the Microsoft for-profit world? Well, I hope to provide you all with an answer to these questions.  I'm willing to give up my stake in a possibly profitable venture to experiment with the FOSS model and see if I really can generate any worthwhile revenue or whether my instincts are right and the FOSS community is a bunch of hippies blowing hot air up our collective butts.  I'll be reporting a status update on Easy Assets from time to time to report donations received, contracts/hosting/customizations sold, and community code submissions received.  If a ton of people download the software and no one gives me a dime, you'll be the first to know.  If I'm wildly successful you'll also be the first to know.  In my small way, I hope to help put this debate to rest.  I've thrown the glove down, it's time for the community to put up or shut up! Posted Aug 01 2005, 06:10 PM by Eric Wise with 7 comment(s)

• Easy Assets :: Free Open Source?!

  Call it temporary insanity.  Call it an experiment to see if the "community" can really support a useful software program that isn't a browser or operating system.  Call it what you will, but I have decided to release Easy Assets .NET as free open source software.  You can download it here.   As per the license restrictions in the package, please note the following highlights: You can't resell, charge for hosting, or otherwise make a profit off this application.  It's for your internal use only. You're more than welcome to submit tweaks, additional features, etc to me but you are not allowed to distribute the software without my permission. You're more than welcome to publish any code samples you want from the application, just be a good person and cite the source.   Oh, and please note that I do pay for hosting the domain, the downloads, etc not including all the time that was spent on this software.  If your company uses it don't be stingy, toss me a donation!  It'd cost you more than $500 to get software like this from a traditional vendor. Custom work and support contracts are also available (paid).  Contact sales@easywebapps.com if your company is interested in that. Posted Aug 01 2005, 12:21 PM by Eric Wise with 18 comment(s)