Application Security Testing: An Integral Part of DevOps
I have said it before and I will say it again: I am lucky. I travel all over the place helping smart people build software and I always learn a lot from these smart people. Now, I am getting luckier because as I slowly approach the age when a motorcycle seems like a good idea (can you say mid-life crisis?), I have become more receptive and better at listening. I am beginning to suspect that wisdom means learning to determine what you can change and what you have to tolerate. I still have a ways to go, but I am getting better.
You might ask: Why are you telling me this? Well, because there is still a lot of dumb stuff to deal with and before I become senile and forget that those certain things bug me, I want to write them down. Why do you want to read them? Assuming you're an amateur student of human nature, I suspect that you might find some amusement in my suffering. After all, that's my job: to inform and entertain—and if I run out of ideas, to make you feel better by showing you how much better off you are than I am.
If you are sentimentally inclined, then depart now; but if you occasionally watch Jerry Springer (Who are those people, and where do they live?) and laugh hysterically at the suffering of others, then pour yourself a cool one and read on.
Proper Care and Feeding of Contractors
I founded my company in 1990. My first contract rate was $10 per hour. (Don't laugh.) Basically, we used sonar to track fish that got trapped in hydroelectric wheels. You see, the DNR (Department of Natural Resources) requires that hydroelectric energy producers replace the fish that are chopped up in hydroelectric wheels. My job was to make sure that the PC running Quarterdeck, the DAT tape recorder, oscilloscope, and dot-matrix printer were still running, even late at night.
Ever been to a hydroelectric facility late at night? Rats. Lots and lots of rats. Huge, New York-sized rats. Every dead fish is devoured late at night by rats large enough to haul your child way. Why is this relevant? The answer is that the customer at the rat-dam treated me better than any other customer since.
Don't get me wrong. I don't mean my customers are overtly mean; they are just compelled to follow ridiculous rules for the treatment of contractors.
But When Did a Cubicle Become Such a Prize?
Many companies put contractors in a bullpen, separated from the full-timers, like we have an infectious disease. The disease is that we left-brained contractors think we are right-brained businessmen and that employees are underpaid suckers. Companies down-size, right-size, and outsource at a devastating pace. Why would anyone tie their fortunes to one company when companies do not feel any allegiance to their employees? Well, this is the disease that some companies think contractors will spread.
The result is that contractors are paid $50, $100, $150, or even more dollars per hour, which may be several times the pay rate of the average employee. Hell, $100 an hour may be more than company officers make. How do companies offset this financial disparity? Employees get cubes, and contractors sit in broom closets with no windows. But when did a cubicle become such a prize? And, most cubes are only half cubes, big enough to contain a chair, a computer with a 15-inch monitor, and a couple of pictures. For $50 or $100 an hour more, I will sit in the Path station in Hoboken next to a guy who has urinated in his pants.
Cubes aren't the only reward employees get. While working for the state of Texas when our honorable President was governor, I had to park on the roof of a garage in downtown Austin, Texas. The average temperature had exceeded 100 degrees over a period of 40 days. Employees got to park on lower, covered floors. Do you know how hot black leather gets in 110 degree sunshine? Well, neither do I, but my Jeep's temperature sensor was totally pegged. I am guessing something in the 140 degree range. You know what, though? I will take 140 degrees and a Grand Cherokee over a Saturn and a covered parking level any day.
Do you know how little Texas state employees make? When did covered parking become such a prize?
When I was a military policeman in the army, we got medals as a kind of extra compensation. I made $600 per month, but I almost caught a Soviet spy, guarded Lieutenant General "Sam" Wetzel—the general who had Colin Powell's job as V Corp commander just before he got it—and I got to learn about terrorism up close and personal. I am glad for the experience, but I couldn't live on the $600 bucks a month anymore. Like cubes and covered parking, medals aren't that great of a reward, and I suspect company officers wouldn't accept anything less than handsome compensation packages.
What Nitwit Ordered the 15-Inch Monitors?
Who are these retards that think a 15-inch monitor and 256 megabytes of RAM are equally suitable for secretaries, developers, and janitors, but CEOs need 42-inch plasma screens? Have you ever tried to do UML modeling on a 15-inch monitor? Go to dell.com and look at Michael Dell's computer.
Michael Dell is great. I love the story. I love the computers. (I am writing this on a Dell Inspiron 600m.) But what does Michael Dell need with a multi-processor, 12 gigabyte, 8 gigahertz PC with a 7 trillion byte SCSI hard-drive and a 62-inch plasma monitor? He isn't doing UML modeling, and he spends most of his time on his Globstar flying around the world. What twit gave Michael Dell a $72,000 workstation when a Bluetooth etch-a-sketch would do? I know Mike is trying to get other CEOs to buy more computer than they need by having a mine-is-bigger-than-yours fest on the Web site, but it's killing us poor architects with 15-inch monitors.
Companies really don't seem to understand that if we programmers are to build them multi-million dollar software solutions that maybe providing us with more than $79 monitors is a good idea. You think I am kidding. I got DFS (Dell Financial Services) credit just to replace the lousy hardware companies provide me. There are a lot of quietly updated computers left in my wake.
Office Party Stupidity
Have you ever been uninvited to an office party? I have. I know what you might be thinking, and it's not because I am boring. All of us clever computer nerds are party killers, right? No, the reason I was uninvited is because I am a contractor.
Uninviting temporary employees to office functions is almost as dumb as 15-inch monitors. The only difference between a contractor and employee is that contractors generally are paid more in terms of direct compensation, but everyone is on the same team. Duh!
When Jimi T from Groves Motor Sports in Mason, Michigan (www.grovesmotorsports.com) delivered my Kawasaki KDX 220R, I invited him in and asked him if he wanted a beer. He was acting as a temporary consultant, but I treated him like a guest. Even though in my excitement—remember mid-life crisis—I might have paid a bit more than I had to, Jimi T was doing me a favor, and I was appreciative. Cost was not a consideration that drove how I treated my guest.
Guests are guests, whether they are multi-billionaires like Bill Gates, lowly architect-developers like me, or Visa holders from India, and they should be treated accordingly. Why a company would un-invite contractors to company parties, team building events, or decent parking is beyond me, and it is petty. Contractors are as committed as employees. Many contractors stay on projects for months and years, often long after key employees leave, and they are just as dedicated. Remember, also, that many contractors need to be away from family and friends to help their clients put one in the win column. Being inhospitable to them is boorish and stupid.
Experts and Homers
I never tell anyone that I am an expert. I am pretty sure that Anders Hejlsberg has at least 15 IQ points on me and is in another world when it comes to architecting compilers, languages, and frameworks. Anders is better than I am, but Anders probably will never be available to you. (He gave us C#; isn't that enough?)
Note: Did you know that Anders was originally a Borland employee but now he is so important that his last name is in MS Word's spell-checking dictionary? That is what is referred to as having juice.
What I do know is that I have been writing books since 1992 and have published about a dozen works on object-oriented languages. I have been writing articles and software for 20 years. As a result, companies hire me (and I am grateful). What is goofy is that they hire me and then systematically ignore my advice.
A few years ago I began to get a complex. I began to worry that maybe all of the good ideas I stole from Grady Booch, Bjarne Stroustrop, Kent Beck, John Vlissides, William Opdike, Scott Meyer, Alan Cooper, Martin Fowler, Ivar Jacobson, Sigmund Freud, Kid Rock, Sergio Zyman, Stephen Pinker, and Clayton Christiansen were crap. Then I realized that most managers were homers. They were going to choose their ideas over mine and that was it.
You see, we all want to feel smart, and there is no better way to accomplish that than hiring a so called expert and then following your ideas anyway. I know you are thinking: Paul, you just picked the wrong geniuses to steal ideas from. For a while I would have agreed with you, but then I began to notice that Microsoft and IBM consultants were being ignored too (and my shrink said I was paranoid). He said that managers are homers and stupid, and they routinely have too much money and need to unload some. Like hiring a Vegas hooker for the weekend, these managers use their few extra bucks to hire contractors for a short-term ego boost but ultimately go home to their wives.