Douglas Tarr

Coding in Seattle

undo.io is now on github

I've open sourced undo.io.      Here's the github repo.

A place for my text files
Undo was just going to be a place on the web for my todo.txt files.  It still is that, but I added a bunch of features, some good, and some, well, less good.  I wanted something that let me mostly work in text.  I am a decent typer, I really like playing with new text editors (hello Sublime Text and Notational Velocity!)  I also felt that text was future-proof, so there'd be less concern about what happens to your data if the service goes offline.  
People often ask me why i called it undo.  I wanted to find a way "undo" my todo lists, rethink them, and make them simpler.

A way to learn Rails
I've been working on undo.io for about 4 months and it was my first Rails app.  I learned a lot (Rails, Linux, Vim, Heroku, etc) and i think I'm a better developer for that.

A hobby is not a business
I learned was that undo is not a business - it is a hobby and part of my workflow.    I still think productivity is an interesting space and notes in particular are so embryonic, there's always some interest.   That's the challenge - I didn't really publicize the tool other than a link or two here and there, and still, people come.  I think if you write a note taking app, a core group of passionate people will try it out, and some may even use it long term, just because that's how this product space is.  Productivity is a very personal thing - everyone has a different idea on what is right and it's fun to learn about.  I still think there's some value to the product and some interesting ideas.    I still need a note taking app and this will probably be part of my workflow for some time.    I'm putting it up on github since I think it could use some daylight.   I also feel like github is my new resume so I'd like my work product to be up there.  This isn't my cleanest code but when working as a lean startup, that's probably a good thing.

Existing users
Note to existing users: I'm not currently planning on taking it down for the time being.  I'd suggest you sync your notes to Dropbox though.  That way, you'll always have a copy of your data.

Moving!
BTW - I am going to be moving my family back to the bay area in July.   I'll be really interested in meeting with people to talk about new opportunities and interests.  Stuff I'm interested in working on / learning about: big data, hadoop, bayesian networks, statistic programming, NodeJS and js projects in general, mobile development, HTML5 / CSS3, NoSQL.  

If any of this sounds relevant or you want to get in touch, please ping me

 

Local First

Local First
With the advent of HTML5, localStorage, mature javascript client libraries, ubiquitous REST APIs and mobile apps, we don't need to rely as heavily on cloud providers to develop our applications  It's time to change how we are writing our apps.

What is local first?
Similar to mobile-first (where you build your app to work well first on mobile, and then expand out to other devices), Local First is the idea that you can build a web app that works first as a disconnected app.  You can synchronize to cloud providers if you want, but your app should work locally.  

What are the concepts behind local first?

Cloud-optional
- Your app should still work without cloud storage.  

Data-permissions
- User data should not be sent to a cloud provider without permission.

Network-optional
- Once installed, apps should run without need for an internet connection.

Cloud-choice
- Users should be able to choose appropriate cloud providers for data storage.

Cloud-provenance
- Cloud providers should clearly document where your data is stored in understandable language

Why Local First?
There are many reasons to build your apps local first.  Performance and Stability, User Adoption, and Privacy

Performance and Stability
Local apps will have less dependency on network calls.    This will (usually) make them perform better.  If your network goes down, or is slow, firewalled, or otherwise encumbered, your app still works.   Less headaches for you as a developer.

Adoption
Users are increasingly concerned with their privacy.  Your application is probably losing users since they are uncomfortable with how you are using their data.  Many corporate networks simply will not allow your data to be stored on cloud providers (other than their own networks).   

Government privacy concerns
Government snooping continues to increase.  It's a losing battle (PIPA, CISPA) to fight governments who are intent on monitoring our internet usage and data.  As more governments gain control of the internet (with different points of view on the importance of free speech and privacy), your data will be in more hands.    By all means, let's continue to slow them down. But more importantly, let's make sure our data is not centralized.  

What's next?
The idea here is that this is not a centralized approach, so the conversation shouldn't be centralized as well.   As a developer, the next thing is to try and build an app this way.  Don't start with a SQL database and server application.  Start with a client application that works without the cloud.   If you've already been doing this, share how you do it.  Post your code.    Use #localfirst in your tweets, or somewhere in your posts, so we can track local first activity.    

What I'm going to do next
I've built my latest app undo.io in rails as a web-first app.  I'm going to spend a few weeks flipping it to local first.  I'll share how that works on my blog 

We tweet in code

Are you a developer or tech type?  You probably have a twitter account (here's mine).  You might even have a LinkedIn account.   

Do you have a github account?  

Ever since I've started to work on undo.io, I've started attending lots of events and taking a fresh look at the job market.  I noticed the trend a few months ago after attending some Seattle Rails and NodeJS events.  As I'm relatively new to the openstack community (coming from windows/.NET) I've been asking for quite a bit of help (people have been really awesome by the way when you ask).  The most helpful things I've found are where someone points me to a relevant repo on github.  

0image

Github has infected many conversations I have with developers now.  Developers don't say "follow me on twitter" or "check out my linkedin account".  Instead, they'd point you to their github account, so you could see their latest nodejs project,  .vimrc or DCPU-16 hack.

Code is how developers communicate, and feel most comfortable.  Compared to how much we code, we don't really email, tweet, post status updates, or blog posts.  README files and comments in code are where we make our jokes, and we define ourselves in terms of languages we know, operating systems, or text editors.  (Don't believe me? ask a dev about any one of those topics, see if you can get them to shut up)

1image

There are an increasing number of forms that have asked for my github account as a supplement to a traditional resume or linkedin profile.  It's a really great way to find out who you are as a developer, and what you are interested in.  Even if you aren't committing to a major project, looking at what you are watching, in which areas, is incredibly valuable. 

As a hiring manager, it lessens the need for code samples or programming interviews.  After all, there's your code, right up there on github.   

Image
Having an active github account doesn't mean you'll get the next job, contract or round of funding.

But if you don't have one?  You might get disqualified altogether without even knowing it.

Boardroom in my brain

Well now I have to see if I have the nerve to stick a knife in my own idea.  Again.

I hit these moments.  I already killed a few ideas.  Most of those never made it past Balsamiq.    But this one is already up on staging in Azure, costing 12 cents an hour + a small SQL instance.  I've got 6 different csproj files and even some unit tests.  

I'm in the middle of some coding sprint and some roadblock makes me look up from VS2010 and question the whole thing.   Someone built the same thing I was thinking about.  But they did it 4 years ago.   I am more behind the curve than I thought.  38 years old in a few days - what are the 21 year olds working on?  Would I even understand?    Can I pivot from 2008 to 2012?  

I envision a room full of the smartest people I know.   There is a powerpoint projecting on a wall, maybe a plate of cookies in the center of the room.  I recreate the whole boardroom in my brain, because right now, I am my own board.  Someone has to call me out on my BS.  Someone who hasn't spent nights and weekends coding away and fixing a million bugs and learning SOLR or Entity Framework just to get this thing off the ground.

They will ask me things like - How is your product differentiated in the market?  Have you looked at [X]?  Seems just like yours!    How are you going to acquire customers?    How long is it going to take you to get to market?   Or worse yet, they sit there, tapping away on their iPads, totally and completely bored.  

I used to leave these most of these questions to someone else.

Oh yeah, that's me now, isn't it?

Thank You, PayScale

I have no idea how I made it through today.  It was one of the hardest days of my professional career. 

I announced that I will be transitioning out of my position as VP of Consumer Products and Chief Architect at PayScale.   

Back in 2000, Joe Giordano gave me the opportunity to help him build create an innovative product that changed how people and businesses have thought about pay. Back then, I was not married, lived in San Francisco, and most of my hair was brown.

Eleven years later, I am married, have two beautiful children, live in Issaquah, Washington, and have a head of full of grey hair.   I have had the opportunity to work with amazing people at PayScale, and I have learned so much.   We’ve built a great thing and changed how people get paid.

To all of you involved with PayScale, past, present, future - thank you. The list is long and I’m going to screw it up if I try to name you all in here.  But you know who you are and I owe each of you a beer.

All I can say about what’s next is that I am going to be launching something new, soon. Those of you who know me shouldn’t be surprised at the direction I’m heading in.  You may hear more from me publicly than you are used to. Thanks for your support and stay tuned.  

The suffix strategy for password generation is not secure

One of the most common password strategies is to take some random, relatively secure, long base password, and then re-use it over and over by appending an easily recallable suffix to that string (usually related to the name of the domain of the password)

Ie.., let's say you chose jkfd$k#d251mf as your base password.  You dutifully memorize this password.  Then when you go to various websites, you append an easily recognizable suffix to that password:

jkfd$k#d251mffacebook
jkfd$k#d251mfgoogle
jkfd$k#d251mftwitter

The problem with this is that let's say you visit badguy.com who is a criminal looking to harvest passwords.

So you enter your password:
jkfd$k#d251mfbadguy

Now, badguy.com knows this is pretty common, so he can just run a regex like so: (.*)badguy and find out your base password.  At that point, he's got access to any well-known website where you've used that base password.

So, next, you say, well, I have two base passwords, one for websites I really trust (say, google, your bank, etc) and another for random sites I've never heard of and don't care if they get cracked.

The problem now is that on the supposedly secure sites, you are relying on any one of them to secure all of them.  So a bad guy just picks the least secure of your most secure sites, and then he's got access to all of your really secure information.

The idea of simplifying your life with fewer passwords is a fallacy - once you have to recall more than four different passwords, you might as well have a strategy that allows you to call hundreds. 

Fix for Google Voice Android not receiving push notifications

On my Nexus One, Google Voice has push notifications of messages, but the default for this was set to not synchronize.  This meant that I wouldn't receive Google Voice voicemails for hours, days or weeks.

I just assumed this was an egregious bug.   I have had this phone for over a year, and never noticed these settings.  I'm also surprised that they defaulted to not synchronize.  Not sure if this is still the case for the defaults.

If you are not receiving your Google Voice voicemails on your Android phone immediately,  check to see that the settings are correct.

Go to Google Voice->Settings->Synchronize Inbox and check the box.  Also make sure that Background Data is set to Enabled, and Inbox Notifications are checked.