Why github and LinkedIn are not my CV

I recently read a compelling article, “Why github is not your CV“. I was shouting “yes yes yes” as I went through it.

As you may or may not know, I recently closed my LinkedIn account. I was feeling some of the same things the first article expressed. In short, these platforms don’t let you put together a properly edited and polished perspective. Instead, they put together a one-size-fits-all view and try to couple several features that they think work, like building contact lists.

I prefer to use my own blog site as the place to publish my public persona. I spend time on the sidebars showing key things I want people to know. I order things as I see fit. And I move things up and down based on priority. Try that with github or LinkedIn.

The best developers aren’t always found on github

Another critical nugget in that other article is the issue if your company won’t interview someone with no github profile. If having a github profile was a critical component, I would never have made it to the Spring team. I had worked for years at my prior company, polishing skills, and building rock solid apps…for the government. None of my work was staged on github.

Yet I had maintained a mission critical, 24×7 system. This was a system that evolved constantly and had tons of real world issues I had to solve. With a legacy, EOL’d, no books or public forums language. Your ability to contribute to OSS projects should NEVER be the end all/be all of your skill set. If you want to become a team leader for a particular OSS project, your contributions to that project are certainly of value. But the lack of such contributions shouldn’t be viewed as a negative.

As a meet more and more people, and travel more and more places, it is apparent that the universe of software development is infinite. Whether or not someone has contributed to OSS is simply not enough to slap a pre-determined filter on prospects, which is what recruiters are always looking for.

Book Review: “Vaetra Unveiled” by @DanielRMarvello

VaetraUnveiledCover_tnI just finished Vaetra Unveiled by Daniel Marvello. It was a delightful read! I wanted to write up my reactions to it.

Vaetra Unveiled is a classic swords-and-sorcery novel. There is action, suspense, and charm amongst the characters. Daniel does a great job at world building in the sense that I could imagine everywhere the story took me without getting bogged down in it.

For the record, I have also read The Hobbit and Lord of the Rings, paragons of high fantasy. Sometimes Tolkien’s world building, or rather culture/history/mythology building would overload me, causing me to sometimes skip over songs and other material.

I enjoyed seeing how magic was presented. Daniel’s take on magic is quite interesting. I promise not to give anything away. The main character, Jaylan Forester, in his various pursuits, begins to encounter magic, something he isn’t used to dealing with. He doesn’t understand it, let alone how it works. As he tries to solve the problem at hand, he discovers his own gifts in that arena. I won’t say more than that, but it was fun adventuring along with Jaylan as he tries to figure out the rules of vaetra.

Having read Doctor Strange comic books for years, I rather enjoyed seeing that vaetra isn’t just made up on a whim. Instead, vaetra appears to have a real set of rules that empower and constrain who can do what. No one has infinite power, and the various characters have to work together to free some innocent “mundanes”.

Which leads me to another good point. I enjoyed that there was real plot as well. As George Lucas stated, the point is to tell a story, not show off the set that was built. There were a couple moments along the way where I felt Jaylan was a bit dimwitted and I thought not “getting it” as fast as I thought he would. But it was only a couple. For what turns out to NOT be a 500-page tome of fantasy, it was nice that I could read it with the Kindle app on my iPhone in about five days. It certainly whets my appetite to the read the rest of the series.

The only con I can think of is that sometimes Jaylan feels a bit simplistic. Perhaps a bit too much of the good side. This may be my own bias after having read the first ten Jack Reacher novels, where when Reacher sees something wrong, he dispenses hard core justice. Jaylan is nothing of the kind. Perhaps a little more nitty gritty and some tougher decisions would strengthen Jaylan’s character. But at the end of the day, his character was believable.

About Daniel Marvello

Daniel has been of great assistance to me. I discovered his blog while working on Python Testing Cookbook. My desire to pick up and write the fictional novel i had started 20 years ago was rekindled as I helped my wife polish her trade novel. Googling about structure and tips, I found Daniel’s article on the details of a beat sheet. Suffice it to say, I wooed him to beta read Darklight. As a beta reader, I felt like he provided me top quality feedback in grammar, diction, and POV.

The side effect is that I developed a desire to read his own craft. A) I enjoy a good story. B) Could he really write fiction analogous to the critique he provided me? C) For a Kindle book, it only cost $3. D) Since my cheapskate days are behind me, I honestly like to support other people that seem to deserve it. I’m glad I did!

Goodbye LinkedIn, it’s not me it’s you

I finally did it. I’ve been debated for the past four years whether or not to close my LinkedIn account. When I saw an email come out about how you can get ALL your data in a single download, I jumped at the chance. I grabbed all my connections’ contact info, and put it on a private page inside my personal blog. Then I proceeded to dump LinkedIn.

Why?

Starting back in 2009, I wanted to relocate my family to Tennessee. My old company didn’t have offices there, so I started on a hunt to find a new position elsewhere. The first place I turned was all the contacts I had built via LinkedIn. Guess what? Not a single opportunity was raised with my so called network.

Perhaps that’s a bit drastic? Agreed. Which is why I didn’t drop it at the time. I found an interview with one company at the time through a past co-worker. Another interview was yielded through a recruiter I found through other means in the Nashville area. The best opportunity was when I met Keith Donald at the 2008 SpringOne conference. I had to travel to a remote conference to find out his office was five minutes from my own back in Melbourne, Florida.

Any who, a year after handing Keith a resume, he calls me up with a new opening. Suffice it to say, that’s how I found my way into VMware, and now Pivotal.

LinkedIn: 0  Users: 1

Updates to LinkedIn

I can’t remember if this was last year or two years ago. LinkedIn comes out with a new “plugin” to your iPhone. Essentially, it routes ALL your email through their servers just so it can add a bit of metadata about the person emailing you using your connections. The security alarms this threw off in my head were justified by the amount of negative press it generated in the blogger community.

GPG-signed messages would break. The possibility for MITM attacks was there. And pay note: this predated the discover of NSA snooping major companies.

LinkedIn: 0  Users: 2

A few months ago, I saw the ultimate thing. Someone had screen captured a headline from LinkedIn’s own website which read more or less, “You don’t like recruiters? We don’t either.”

Are you KIDDING me? LinkedIn, you make your money on upselling accounts so that recruiters have more access. This told me that LinkedIn would do anything to keep to come to their site. And in the meantime, the only emails I am getting are from recruiters. No friends, no colleagues, nobody. The people that wish to contact me either email me directly, buzz me on twitter, or reach me through another channel NO ONE Is using LinkedIn.

LinkedIn: 0  Users: 3

Anybody using endorsements today? I know. What a joke. This year, I have received several endorsements from past co-workers of my old job for subversion the CM tool. From people that don’t write software. A tool I did NOT use when I worked there. I tool I haven’t used for four years.

I get endorsements on Rational ClearCase. A tool I haven’t seen for just as long. Anytime i go to their website, I’m always seeing, “Will you endorse so-and-so for abc?” No NO NO!!!! Endorsements have no value.

Bottom line

  • Endorsements haven’t earned me a dime of value
  • Reviews from past co-workers and colleagues hasn’t earned me a dime of value
  • Security policies from LinkedIn are absurd

I have better control over my personal brand using this website. I can post links to what I think is important. I move things to the top of the sidebar based on relevance. Right now, Learning Spring Boot is at the top. Two months ago, I had SpringOne 2014 at the top. Two months before that, my updated keys due to heartbleed.

And I am in control of this data. No one is spamming me. Recruiters aren’t hassling me. The place where I can build real relationships is through twitter, my responses to questions on stackoverflow, and meeting people face-to-face at the Nashville JUG. Why do anything else?

If you’re still reading, then feel free to raise me on twitter. You’ll find the link on the sidebar.

LinkedIn, it’s not me it’s you.

According to @PacktPub: “Learning @SpringBoot” slated for release at end of November /cc @JavaMUG

learning-spring-boot-mock-coverGreetings readers!

I have hammering my editor to give me an updated plan for when Learning Spring Boot is expected to come out. They had been hinting that it would be at the end of October. Hearing nothing after turning in the manuscript, I finally got word that it is expected to be ready to ship at the end of November.

That wasn’t the answer I was looking for! I was hoping for something more like “a couple weeks from now”. Sadly, that’s not the case.

I have also inquired as to when it will be listed on their website. They indicate that within two weeks of release is when they usually post new books. I immediately responded, asking if there was anyway to accelerate that. I expressed the fact that LOTS of people tracking my blog as well as my twitter feed have expressed interest in pre-ordering. and would probably fill up their order queues today if it was possible.

Are you ready to order a copy? Get on twitter and shout out to @PacktPub that you want to go ahead and place your order for “Learning @SpringBoot”! Who knows? Perhaps that will push them to make an exception. :)

In the meantime, I promise to keep you all informed as things pan out.

Cheers!

What keybase is and is NOT and why I’m interested in it

keybase_mariaI recently got my mitts on a kaybase invitation and signed up. I took the time to review what keybase did and did NOT do. In the end, I found it quite intriguing!

What is keybase?

Keybase is run by a couple of guys that apparently got going perhaps six months ago (maybe longer). With the site, you can register multiple pieces of information, one of them being a GPG public key. But it doesn’t start there. After all, there are already dozens of key servers around the world. Instead, what keybase does is provide some convenient tools to use your local GPG keychain and create some other documents that can all be linked via your keybase profile.

Have a twitter account? You can write a digitally signed tweet and link to that tweet to your keybase profile.

Have github? create a gist containing some digitally signed information and details and then link that gist to your keybase profile.

Have a website? Perhaps three? Create a digitally signed page and stage it on the website’s server. No server access? Create a DNS TXT entry with the same effect.

This lets you link various social identities that you own (and that other people you know believe to be you) into a single profile under keybase. Then, someone, at any time, can “verify” your keybase identity. At that point, keybase will fetch all these documents that YOU created, that YOU signed, and that are staged on YOUR social media locations. It will check the signatures against YOUR key, and verify they are all intact. If so, the person doing the lookup can decide if they really trust it’s YOU.

What keybase is NOT

I’ve seen critical articles that heavily emphasize the advice about “never invent cryptopgraphy on your own”. Guess what, neither is keybase. To use keybase, you need to have gpg on your system. Keybase just provides a convenient way to look up a new type of “directory”. The ironic thing is, you aren’t signing all these different proofs of your identify on keybase’s servers. You are instead signing them on spaces that YOU own.

The question also comes up, “how can you build a secure system off stuff that is hackable?” The fundamental concept is that you are building a profile across MANY systems. If this was only using twitter to carry the proof, then that would be weak. But to crack my keybase profile, someone has to hack my twitter account, my github account, and all of my websites while ALSO staging a new public key in order to sign new versions of these proofs. The more nodes you can distribute to, the better you can plant your flag of identity.

Keybase also doesn’t replace the value of putting your public key on standard key servers. I already had a public key. Keybase made it easy to re-use it and not roll another one just for them.

Keybase vs. face-to-face key signing parties

Ever done a key signing party? It’s where you meet someone face-to-face, and then do something like show each other your driver licenses. Everyone brings a copy of digital fingerprints of their public key, and upon confirming everyone has the fingerprint for YOUR public key, you then go home and sign their public key.

This is the cornerstone of the web of trust, and it has major issues. The reach enough people to make this practical is a logistical nightmare. I have only attended two key signing parties EVER. And that was years ago. In fact, due to the somewhat recent Heartbleed leak, I threw out those keys and generated a new set. I tried to find a couple of the people I knew from back then, but failed at that.

If you work for a company that uses GPG for all mail traffic (which I’ve interacted with before), you suddenly hit a taxing burden of meeting everyone face-to-face. So they create trustees that sign keys. Essentially, you meet this person face-to-face and you sign keys. Then you TRUST THEM such that anything they sign you trust as well. So in exchange for convenience, you have to elevate some people to higher level of trust. Does this sound risky in the world of paranoia? Ten years ago, no. In light of Snowden and the NSA? Perhaps.

When I met several people for a key signing party, it was the first time. I didn’t KNOW these people. I was trusting a driver’s license for which I had no ability to validate. And yet. critics of Keybase tell me this is the proper way to go.

Contrast that with people I have watched commit code to github for four years. I have chatted with them through various online channels and seen them talk about their commits in blog entries, tweets, HipChat discussions, and emails. I have also watched certain people tweet for several years. All of this chatter weaves together a narrative for people I have seen face-to-face once, or perhaps twice EVER. When one of those people publishes a tweet and a github gist that is cryptographically signed by the SAME KEY, I know it’s them.

Why are public social media good for bulding keybase?

For all you crypto-fanatics, you have ever read “Applied Cryptography”? For those that are not familiar, the first 30 pages or so is algorithm after algorithm about how to execute various protocols in a secure fashion. I admit I’m no expert here, but it’s very compelling to read.

Several of these protocols discuss the value of having monotonic counters that are published publicly. Signing these counter values strengthens the message for certain protocols because someone cannot simply forge a counter that the public has already seen (or not seen). It’s the cryptographic equivalent of taking a picture while holding a public newspaper. Everyone can see the newspaper, buy the same copy, and verify the date of the picture.

Well, people that chatter over twitter and commit over github, while also blogging on their site, are, in essence, generating a public newspaper of their own. If someone were to hack my twitter account in order to subvert my keybase identify, I could A) spot malicious tweets that weren’t my own and B) tip me off to immediately delete my keybase gist and my DNS proofs. At that point, anyone that uses keybase would suddenly see the essence of a revoked identify.

What you should NEVER do with Keybase

Keybase provides a handy webpage to lookup people you “track”, craft a message, and encrypt/sign it. (And please sign & encrypt, not just encrypt!) Then you can email that message my pasting it into your email tool.

But they also offer a feature to decrypt on their website. This requires that you stage you private key on their site.

NEVER NEVER NEVER NEVER give your private key to ANYONE, no matter how convenient. Laws are very loose on data that lives on other people’s machines and what companies can be forced to turn over with a court order.

Keybase may say they will keep your key triple-encrypted or whatever. But essentially, you have sort of jettisoned the point of having a public/private key pair if you let someone else hold the private key.

I’m not here to defend all aspects of keybase because A) I’m not a cryptographic expert, B) just getting started with keybase, and C) have a real job to work on. But I’m hoping that people won’t throw keybase to the curb because it’s “not gpg” or “reinventing security on your own”. Things are more detailed than that. So let’s see how this develops.

In language, there is no substitute for vocabulary

anki-logoIn war there is no substitute for victory –General Douglas MacArthur

This famous quote from Douglas MacArthur shows that in certain situations, there are certain intrinsic requirements that cannot be ignored. At one time in my career, I was a group leader. That meant I was responsible for soliciting and delivering annual peer reviews for fellow software developers. One of my people had gathered a lot of nice, secondary things on his record. But he wasn’t at the top in writing actual code. I laid it in plain truth that our first duty is to write software. These other, secondary things like volunteer groups, etc. are used when we are trying to pick between two top performers.

As I said in the title, when it comes to learning a new language, there is no substitute to learning new words. After all, that is a core piece of a new language. Four months ago, I downloaded Anki and got set up with a review deck. About two months ago, I bought the iPhone app ($25 app!) That’s when I got serious.

Everyday, I review about 100 cards. Takes me 10-20 minutes every day. I do it in the morning, afternoon, or at night. And at first it was HARD. It’s also a bit demotivating considering that the cards you see the most are the ones you know the least. When you knock out a card right away, it gets pushed out to a later time. Some words that I already knew when I started (months of the year and colors), I won’t see for months. That’s because there is no use in reviewing stuff you know on a daily basis.

So, the stuff I see everyday are the ones I DON’T know so well. But my intrinsic desire to learn German has grown by leaps and bounds, especially after last month’s SpringOne conference. Chatting with Christoph, Ollie, Michael, and Sam was exciting. So I pushed through, and actually only slacked off towards the end of that week’s conference.

And it is finally beginning to show. I actually wrote a German blog article, German tweets, and find myself trying to chit chat with myself while driving errands in German. Instead of speak practice sentences, I imagine something I’m currently doing, and try to express it in German. I feel like I can do a LOT more than I could four months ago.

owl_mv_12da7b721e1d96fbe5092d33a6c9f584Contrast that with how I started on DuoLingo.com a year ago, and the results are surprising. I learned much including grammar and sentence structure with that iPhone app. But I haven’t felt as strong as the past few months. Building up a working vocabulary using SRS is a fundamental building block. Since then, I have gone back to do more duolingo lessons, and suddenly I can knock them out of the park. I closed out one box, which had five separate lessons, in one sitting.

As some will point out, nothing replaces actually speaking with live people. I totally agree. But having a beginning vocabulary is a necessary foundation upon which to build.

Beneath every great forest lies something even greater. See #SpringBoot book cover from @PacktPub

learning-spring-boot-mock-coverI recently got confirmation of the cover image of “Learning Spring Boot”. I don’t have the official cover, but I created a mock up based on the stock image.

I’m really excited about this. About a month ago, Packt sent me a collection of stock images to pick from, and this one was PERFECT. To top it off, I just read Dave Syer’s drafted foreword, and it only solidifies my feelings. (I don’t want to steal the thunder. You’ll have to get the book to read his epic opening words.)

You see, this image shows a great forest. Tall trees. Beautiful beams of light shining through. And just the right amount of mystic charm to please the eye. And yet, a forest’s greatest strength lies beneath it. No forest can stand strong unless it has a strong set of roots that have grown and solidified over the years. A deep undergrowth of roots that supplies the nutrients.

That’s what Spring Boot is. It is a strong growth of patterns, discoveries, who knows how many hours of real world experience, and more. This can be seen by those that begin to use it. But it wouldn’t exist today if it wasn’t for the strong foundation of the Spring Framework. Ten years ago, Spring Boot was impossible. Spring didn’t exist yet.

But today, after ten years of development, the Spring Framework is the de facto standard for application development on the JVM. I remember when the 10,000th issue was opened against the Spring Framework. It was a landmark event. Tens of thousands of contributions to the project. Thousands of committers. Hundreds of pages of polished, detailed documentation. All for a project that has been open source from day one. It truly represents a community effort to create something greater.

Many conferences are conducted every year around the world to discuss Spring. Millions of copies have been downloaded and permeated the Java development space. People chat back and forth in hallways, on chat channels, and at JUG meetings about “the Spring way”.

And as I remember from the first presentation I saw from Graeme Rocher on Grails, his bottom line comment was “Grails IS Spring”. Grails didn’t sit on top of Spring. Grails didn’t use Spring. Grails WAS Spring.

Well Spring Boot can say the same. Just visit http://spring.io/guides, and you’ll find 60+ guides showing “the Spring way” of solving common problems. Guess what; almost all of them use Spring Boot. Not because it’s “the product to sell”. Nope. The people that wrote those guides (including me) LOOOOOOVED using Spring Boot to solve these problems and so many more. And that is what got me so fired up that I had to write another book after having been burned out over three years ago.

Stay tuned!

“Learning #SpringBoot” enters finishing stage with @PacktPub

packt-logoGreetings readers,

Having just sent off the last rewrites, my book has entered the finishing stage. This is the point where my publisher begins to turn the crank on converting my LibreOffice manuscript into a printable tome. They also sell e-copies and even have a subscription library model. You can pay a flat rate and essentially access any book they have, including mine when it becomes available. My goal is to post a link the moment I see at available for ordering.

So what’s in this book?

For those that haven’t kept up, here is a quick listing of the chapter titles:

  • Chapter 1, Quick Start with Groovy
  • Chapter 2, Quick Start with Java
  • Chapter 3, Debugging and Managing Your App
  • Chapter 4, Accessing Data with Spring Boot
  • Chapter 5, Securing Your App with Spring Boot

First of all, this book is in NO WAY comprehensive. To cover everything Spring Boot does would require multiple titles. People that construe Spring Boot as being the solution to über JARs or just embedded servlet containers are missing the point. Spring Boot is an entirely new approach to app development that polishes up rough edges of Java that have been around for years. In the paraphrased words of Andrew Glover at this year’s SpringOne keynote, “Spring Boot has made Java fun again!”

This book attacks several of these key areas from the context of helping everyday developers do their job. When you sit down to build an app, you want to start writing functional code on Day One, not get buried in architectural layers and UML diagrams, right?

Spring Boot is designed from the ground up to write solid apps using Spring that you can carry all the way to the server room. And it comes packed with production-grade services you’ll need to maintain it over the life of the project.

platform-spring-bootWhy can’t I just read the reference docs?

A good question that authors must always be ready to answer when pitching their idea or trying to sell copies later on is this: “Why would I buy your book?”

I won’t lie to you. Spring Boot’s reference doc is quite stunning. I have seen many ref docs, and have always found Spring docs to historically have some of the most in depth material I can find. MANY open source projects come in light on this front. However, it’s become tricky to have lots of depth without getting lost. Spring Boot’s ref docs actually do a fantastic job of diving in, and yet still giving you paths to other areas you might need.

Even then, when its time to sit down and start producing apps, you want examples and demos and a handful “this is the best way to get started.” I have extracted material from the reference docs, but tried to link together a chain of useful concepts that can get you in motion the first week you start a new project. These concepts aren’t always arranged in the reference docs in the same order you might be using them to crank out your e-commerce site. (If they were, it would be a tutorial, right?)

This book is also filled with tips. Small sections all over the place that try to answer the question, “Why did you do that right there?” No decision is ever 100% right. Things depend on the context, so I fee it’s important to supply a context for why you may choose one path or another.

Ideally, you should be able to read this book cover-to-cover, and then when you visit the reference docs, use them with even greater effectiveness.

Are there other books out there?

Right now, no. Nothing. Nada. Zip. You can’t find another book on Spring Boot. My publisher and I worked hard to get this one to market as fast as possible. Why? Because Spring Boot is hot! The session at least year’s SpringOne conference was packed to the hilt. At this year’s SpringOne (a week ago) almost every talk wove in detail about Spring Boot even including Grails plan to rewrite itself on top of Boot with their 3.0 release.

People are hungry for this, so we hammered out an outline that would cover the arguably most popular topics people are clamoring to read about.

I have other colleagues and friends in the software industry that have been talking about book deals. One reached out to me to write a proposal, but I had to politely decline because they asked me the week after I had signed my contract.

Are other books coming? For sure. I’m sure many publishers are working up deals, consulting existing authors, or ears open for new proposals on the topic. But no one is going to have anything available next month.

Big shout out to @altfatterz @geowarin @furikuri @royclarkson @phillip_webb and @rob_winch as I wrap up “Learning #SpringBoot”

polishing-learning-spring-bootI just shipped out my last rewrite for Learning Spring Boot. I am TIRED. The past five nights, I have stayed up later than midnight to get in last edits and incorporate feedback from my reviewers.

These guys are really talented. I couldn’t ask for a more solid team to pick over my material and offer substantial feedback. It can be humbling at times. But the reward is tremendous. I really hope this book meets a lot of people’s needs.

I have overheard those not quite familiar with Spring Boot try to capture it in a single statement. “This is Dropwizard.” “This is a web app in 100 lines or less.”

Sorry, but Spring Boot is WAY more than that. My book tries to cover quite a bit of ground, but as I concluded in my closing sentence, “This is only the beginning.” Spring Boot tackles LOTS of things, and makes them easier. And it’s just getting started. Frankly, I’m not sure what it will look like a few short years from now. But for the time being, I’m very satisfied at getting this written and edited. I hope you enjoy it.

Day Two: Sprechen Deutsch mit meinen freunden @springone2gx #s2gx #german

springone2gx2014_banner_speaking_200x200So weit, ich habe mit Ollie Gierke, Christoph Stroble, und Michael Hunger in Deutsch gesprecht. Super! Das is sehr Spaß!

In Amerika, wir mussen zwei Jahre im Hochschule lernen. Das ist schlecht! Niemand nur zewei Jahren lernen kann etwas. Ich habe drei Jahre im Hochschule gelernt, und das war vor 25 Jahren. Aber mit duolingo.com, anki, und dazpod.de, I kann Deutsch wirklich genießen!  Täglich, ich gehe mit meine Tochter zu Kingergarten, and dann ich gehe nach mein Haus wo ich studiere mein Deck.

Zeit für Frühstück!