Last month, we were discussing about all the fun and enjoyment we had in our college days. We became nostalgic while reliving our wonderful memories. I was thinking, those were the days when you get to know the real world, you start developing yourself and becoming professional, thinking about all your career aspirations and future. Your college plays a vital role in building your technological foundation.

But when I went thinking deep about all this, I realised there were lot things which I was not at all aware of. When I joined ThoughtWorks as a fresher, all things were new and I felt scary. I was not aware of all the guidelines that we should follow while doing development. There are different kinds of design patterns which make your code more cleaner and more extendable. The version control system can help you to do more organized development be it in your own pet project or in your team’s project. And then it hit me how different our work environment is from what is taught ( or not taught ;-) ) to us in college.

Rahul, Shridhar and I came up with the solution of organising a bootcamp in our college which would help the students overcome the gap between college and professional life. We started brainstorming about what we should cover and how the whole process should go. The topics were decided to keep in mind the attention span of students and with an aim to make it hands-on and interactive. After all the efforts and preparation, we were ready to hold an object oriented bootcamp in our college.

Response and enthusiasm from students was amazing. We had an intense two days bootcamp which went over 10 hours each day. Though the sessions were long and had quite heavy content, all the students were totally pumped up and did not show any signs of tiredness throughout the bootcamp. Below I have tried to summarize all the learnings I had in the process of making this event a success and keeping the students engaged.

• Course content -

This is the most important part of the bootcamp. The content should be engaging enough for audience, and which will give them feeling of some learning and fulfillment. Of course, you don’t want to have topics which are so trivial to them, making them feel bored, or too advanced that they don’t understand anything or feel overwhelmed. To decide on the content, ideally you should study your intended audience for their background, their learning style, etc. In our case we looked, which syllabus they have in their course and which all technologies and practises they follow for their project work.

• Having the right attendees -

I have been part of so many workshops in my college which I never wanted to attend, and I felt like I wasted my time just attending. We did not want our bootcamp to be one of those. After some discussion on how to find right people who would be really interested in this kind of bootcamp, we came up with a simple code test. The test was not to completely test their coding skills, but to check their interest. We thought it a fair assumption to make that, if a student is ready to spend a couple of hours for the code, it should be enough to prove their interest in programming. And we think this tactic was proven useful in our case based on how much interest attendees showed during the bootcamp.

• Students per trainer ratio -

To be able to attend to each student, we did not try to address a huge number crowd at once. We planned to make batches in them and take bootcamps for each batch separately. Addressing each student is more important than addressing huge crowd with just glimpses of everything. In our session, we took 5 pairs of student per trainer. It helped us to give and take feedback to each individual and answer everyone’s doubts and queries.

• Connect with the audience -

To deliver or convey concepts properly, the most important thing you need to have along with good content is the connection with the audience. We tried to be one of them. We delivered our sessions as a friend not as some specialist or a teacher. We also included our memories from college days in between sessions. To make them comfortable, we gave them examples like how we went through the same state as they are and explained to them how we took steps to learn new technologies or new languages so that we can improve ourselves.

• Real life examples -

At first we were explaining the concepts with the help of simple and small problems e.g. modelling different shapes, like rectangle, triangle and circle etc. We found out that they were getting the concepts but not really able to appreciate the need of those concepts. Then we started giving more and more examples like modeling of timesheet management for factory, Sales management system for shopping mall. Real life examples actually helped them to visualize how these concepts will make their solution code more easy, readable and maintainable.

• Fail first and fast approach -

We followed the fail first approach. Every time we used to ask students to develop one problem statement. After they were done, we used to suggest them many refactorings to transform their attempt into well written code. By this, rather than just listening to us they now started appreciating the need for a good design.

• Pairing -

In first session we observed that all the students were sticking to their own thinking box. So from the next session we made them to pair with each other. It helped them a lot. Every pair was brainstorming and getting counter questions and new perspective. We also switched the pair in every session. I feel pairing is a must, not only in office work but also in most of the other situations as well.

• Trim all the fancy words -

Design patterns, SOLID principle, these are fancy words for students who haven’t heard before. Following fail first approach, we always introduced concepts after they have implemented it by themselves. This helped them to understand concepts very clearly as it was by code not by some fancy words.

• Minutes of sessions -

After every session we asked students to give one take away they think is important from last session. We also used to ask them to explain the same concepts again with another example. It actually helped them to clear their understanding and we all came with various real life implementation of learned concepts.

• Feedback -

At the end of the day, we asked them to share their feedback around what went well and what we should improve. This really helped us to improve ourselves and to deliver what they actually want. After collecting the feedback, we also got the action items to follow which will make our next attempt to take bootcamp more effective.

After the two day heavy packed bootcamp, we realized how difficult it is and how much preparation and effort it takes to teach someone. I really want to thank everyone who took those efforts and helped me to improve myself. This workshop really helped us to learn and clear our understanding again about all those object oriented concepts. I recommend you to take steps forward to share your learning with others. It will help you and many more to learn and improve.

Now is time to give it back :)

It was just another day. All work was done for the day. Everything was OK until I opened my blog. BOOM !!! Google alerted big red screen into my face with message “The site ahead contains malware”. My blog got hacked, I became a victim of cyber attack.

It was kind of scary. The thing which was working perfectly fine few minutes before, suddenly became malfunctioned. I was totally blank and clueless about what was happening. I went into panic mode without actually solving the issue. Then I took a pause and thought, lets first read and learn about it and then take an effective action rather than to keep trying here and there which will go in vain. Following are my findings, lessons and experiences which I got throughout the process of bringing my blog back to normal from position of being hacked.

• The first tool you will come across :

While crawling, When google finds any suspicious behaviour from your site, it lists your site as malfunctioned. For security reasons google prevents all users coming directly to site and also marks it under blacklist for search results. On the warning page itself google gives an overview of what kind malwares are present on the site so that user should not know them all before landing on the page.

For further and more detailed report you as owner need to register your site in Google Web Master. Generated security report contains detailed information about which attacks are their along with their url location and potential solution. It also provides reading material for each of attack which helps you to tackle them effectively and quickly. Below is the report generated by the tool.

• What kind of attacks are possible :
  
  So what does it means when someone says I got hacked. Hacking of content basically means any type of content put on your site without owner’s permission and which can potentially harm user and user’s data, in short it is result of security break on your site. As google keeps its user away from malicious sites, it will blacklist your site resulting low priority in search results. So it is always recommended to keep your site secure but this not the ideal world thats why the more important thing is that to clean up all the malware from your site as soon as possible. It will keep your sites search score as it is for google. following is the brief info about what kind of attacks are possible to your site

  • Redirects -
    In this attack hacker puts malicious code into your sites pages which will redirect user to target url. In this case target url could be anything which will affect your site’s brand value. In my case, hacker was redirecting user to his domain on which malware is hosted.

  • Injected content -
    In this attack hacker injects any malicious code into your pages. This could be very dangerous as it can potentially harm client by copying or manipulating clients data. I had come across multiple of these attacks on my site. The hacker had injected multiple eval() in theme template which was adding iframes with hacker’s malicious code. In other places hackers had injected iframes into my content not found page, which was causing redirect to other sites.

  • Added content -
    In this attack hacker adds extra content into your site like pages, posts etc. In this case it will not harm your existing content but the newly added spammy content can cause issues in your site’s search result.

  • Hidden content -
    In this attack hacker tries to manipulate your existing content but this is not that straight forward. Hackers put this content such that it is seen differently by search bots and normal user, also known as cloaking. This is very dangerous as user will get false results for correctly searched query. This is because search engines thinks it is serving genuine content but hacker is playing in between to display false result to user. This can also be avoided by keeping it in mind while coding to not do anything special for search bots.

• what you should do if your site got affected :
  
  Now comes the most important part of the discussion that what you should do if get hacked and your site gets affected. Following are the things I came across with and followed to bring my site to normal

  • Take your site down immediately -
    This is important for two reasons. First is that you should not keep hampering your users with malicious content until you fix it. Second is that you should try to be out from blacklist of different search engines. Try not to give chance to search bots to crawl your site when it is being attacked and is malfunctioned

  • Contact your hosting provider -
    Most of the time if your are using shared hosting site it could be the case that the server itself is hampered with hacker attacks. That’s why you should first raise ticket into your hosting provider’s support forum. This was that exact case with me :’(

  • Change all your security passwords -
    It could be the case where hacker has theft your security passwords. So you should try to change each and every password related to your site. You can you password generators like 1Password or KeePass to generate more complex password which will be difficult to hack and could prevent further malicious attacks

  • Take backup of your content -
    This thing you should do frequently, to backup your site content, all your site comments, like history and site database. It would be useful to you in worst case where you are unable to deal with this attack and you have to restore all from scratch.

  • Follow the community and forums -
    Most of us use CMS like Wordpress, Joomla, Magneto etc. So these CMS communities and hosting sites have fairly strong support for such kind of issues. If you are hosting your site on shared hosting then it is likely to happen that more other users are facing such hacking or malfunctioning issues.

  • Updates and Installations -
    We often don’t look security aspects of the CMS platform or plugins, we just look for user end experience of it. So it is likely that these are easy to get infected. Most of those systems keep improving their security related issues in next releases. So make sure you update and install keeping security in mind.

  • Find and remove hacks -
    There are many ways to find out which are hacks present on your site. Google webmaster’s security report is one of the options. Other could be security plugins which try to find flaws and hacks present on your site currently and also provide version controlling for your configurations or setting files. There are lot of wordpress malware scanner plugins available in plugin market. After using these options you will get an idea where are potential hacks are present on the system. Just go and revert all the content to previous date of attack or you can manually go check for code and see whether you can find out any malicious code is there.

  • Restore your backup -
    This the last option you should have. If nothing works for you then you can start from scratch and restore all your backup.

  • Ask google to review your site again -
    This is the last and most important thing you should do after cleaning all of your hacked content from your site. When you google show up the security report to you, there is an option below it to ask google to review your site again. This is basically like flag raising for google to inform that I have resolved and cleaned all the malicious content from my site so please verify it and remove my blog from your blacklist.

  • Keep taking precaution to avoid further hacking -
    So after google has removed you from its blacklist don’t be happy forever and leave as it is. It could surely be the next day when you can get hacked again if you don’t follow security guidelines onwards. So stay alert and keep an eye on your site to protect it.

This time I learnt the lesson in a hard way. This incident really helped me in way to open my eyes towards the security world. Next time keep in mind that anything which you are using, don’t use it in a blind way. Analyse all the aspects of your plugins, your CMS or your entire hosting platform before proceeding with it. I will suggest you to learn more about these kind of issues or hacks and be prepared before being the next victim.

Stay alert , Stay safe !

The word “technical support” has a somewhat negative connotation in developer community. Most think of it as an arduous drag involving looking through piles of logs and stack traces, and taking random guesses. And that’s the exact thing I thought before actually experiencing it myself in our project. It gave me a lot of learnings and changed my perspective towards software development and collaboration with other teams.

For past couple of years, we (ThoughtWorks) have been developing a global web platform (CMS, localization, and other content creation tools) in collaboration with a dozen other vendors. For production support, instead of having special dedicated roles, various team members rotate amongst themselves, and take up the support role. In November 2014, I traveled to Istanbul for the same. On a sidenote, Istanbul is an incredibly scenic city, and if you haven’t visited it already, I highly recommend you add it to your bucket list.

Since it is multi vendor team, we have to work with representatives from each team to provide support production issues.

As I was a newbie to support work, I was a bit nervous about the various scenarios and difficulties I was (presumably) going to face. However, throughout the support, I learned loads of things, and found the whole experience interesting and educational. There were handful of stressful situations too, but overall the stint was pretty smooth.

Here are the key learnings from the experience:

• Empathy and trust -

The most important learning probably was that everything is not as straight forward for everyone as we seem to think. We need to accept first that everybody is giving their 100% and have their own problems to solve, and co-operate in the best way possible.

• Communication -

You should keep calm and and not rush for any conclusion around the cause of issue. First make sure your own understanding about the issue and solution is clear, before communicating it to the clients. False communication will lead to more confusion and it will take more time for the issue to be resolved. Clear and proper communication brings everyone at same level with clear understanding about the issue and root cause of it. It helps everyone to take exact required steps reducing multiple back and forth.

• Debuggability -

I agree that in support work you don’t get a chance to develop any new feature but the best thing it gives is a chance to go through and debug your existing written code. Every time you do so, you think of different ways to improve your code. It’s not always enough to write correct logic in code because that data will work correctly only provided the correct data input to it. Projects like ours where your app is driven by highly interconnected data models coming from different parties, you can easily make silly mistakes at different levels and it’s not always possible to write data validations at every level of data entry. So it is likely to happen that your production issue will be a data issue, and not a code issue.

The second lesson I learned was that your code should properly log various cases, along with sufficient temporal context. I think your code quality is not only defined by how well written your code is or how you follow programming standards or which all language and framework features you have used, but it also by how quickly you can debug your code. In production you have only application logs to look into. Logs are surely important but that doesn’t mean you go and add logs every where with entire data. You should put logs with the useful exacted data and only at the specific events. We use structure logging in our project, and I have found it to be very beneficial when dealing with huge application log files, especially in conjunction with tools like Splunk.

• Improvization + Innovation = Profit!

Did I say that in support you don’t get an opportunity to develop? Well, I lied. ;-) When on support, I built a couple of applications that helped me in debugging and also provided me an opportunity to try out some new technologies. The lesson was that, although it is important to debug the issues properly and quickly, it is also important to try and improve the debugging process itself, so that it will not remain redundant. Before doing same thing twice or before debugging same type of issue again, you should wait and think why can’t I write something and/or create an app which will do this repetitive and manual process for me. This is the time to let your creative juices flow. You can try new languages or new frameworks to solve your problems. It does not have to be a big application. Even small browser extensions may do the trick. There are many places where you can build these apps like for fetching data from some REST API, for comparison between input data, for posting data or tracking data in your application, and many more.

The learnings I gained on this little adventure have been invaluable, and I believe, also helped me become a better developer.

So, boys and girls, the next time your project manager asks you to go for production support, give him/her an enthusiastic nod and prepare to innovate!

Thanks to Rahul Phulore for his awesome support and help. And also Thanks to Sunit Parekh and Mikhail Advani for all his guidance and valuable inputs throughout the support period :)