Monthly Archives: March 2009

Fresher Recruitments

As mentioned earlier, Auro Infotech is hiring in full speed this month and we already sent out appointment orders to six of the candidates.

As we are also hiring freshers, I was always going through a strange scenario where with some of the freshers, I found it difficult to ask them any question.

The reason is that they are not familiar with any of the technologies we are working on (eg. PHP, AJAX, MySQL, XML, DIV tags, etc).

Today I came up with an idea to solve this. During the interview, I recommended a fresher candidate to go to Auro Infotech Blogs and study all the topics under it (especially the Policies and Procedures section). I asked the candidate to email me whenever this person is ready for the next round of interview that will be only around Auro Infotech Blogs content.

This helps me with two things:

1. It gives us a good opportunity to educate the potential candidates on what Auro Infotech is all about.

2. It also helps us to educate them on the software development life cycle, qa testing process and various other processes that are key to their career.

I wish I had got this idea a few months back, I would have used this approach with all candidates.

In any case, feeling quite good about it as this should solve the problem I have faced with fresher interviews in the past.

Firefox and NoScript – Most Secure Browsing

At Auro Infotech we pay particular attention to the browser we are using and the nature of data that goes back and forth between the internet and our employee machines.

After detailed research on the best possible security alternatives, we have decided to stick to Firefox browser as a browser of our choice, with NoScript addon, which has proven to be the number one security add on for Firefox.

Firefox has very good security features that helps us focus on our work and not worry about the viruses and worms that are spreading fast on the internet. We always ‘check’ one option in Firefox:

Tools – Options – Advanced – General – Warn me when websites try to redirect or reload the page.

The above option makes sure we are not redirected to any page unknowingly.

NoScript AddOn in Firefox comes in handy with many security related features including protecting against clickjacking and XSS attacks. We always check the ‘Temporarily Allow this page’ to allow javascripts to run, when we know for sure what the site is going to do. Also, it has been ages since I ever saw a popup ad while I am browsing – thanks to Firefox and NoScript.

Though we have Firefox and Internet Explorer, our team members have been advised to use Firefox only for their browsing needs. The QA team does use all the browsers as required by the QA Testing Process at Auro Infotech.

Issues and Scope for Improvement

We try to regularly visit issues that have a pattern of recurrence and try to find solutions to it.

I have listed below three very common issues that are faced at Auro Infotech:

Issue: Employees give a committment, then fail to deliver and not even bother to give an update before the committed deadline. (Sometimes they dont even communicate till they are asked why they missed it.)

Scope for Improvement: Please note that every committment given by any employee is a committment made by Auro Infotech. In order to make sure we do not bring in bad name to the organization, we have to be cautious about meeting the deadlines.
In reality, every task or deadline can get delayed due to many many reasons. In these unavoidable scenarios, it is ok to be late, but it is required to inform the person to whom we committed to a deadline, before the deadline, with a reason and a revised deadline. Typically we will be able to find out much ahead of time that we might not be able to meet a deadline. As soon as we realize it, we have to communicate to the clients that we will be late and provide the reasons for the same. Along with it, we should also tell our clients a revised deadline when they can expect the results.

Issue: Whenever a meeting is called for, some of our employees think it is ok if they are late for meetings, etc. They also do not inform before hand to the meeting organizer that they will be late.

Scope for Improvement: Employees should always try their best to attend the meetings on time. If due to any reason, they cannot attend the meeting on time, they should inform the meeting organizer ahead of time that they will be late.

Issue: Employees decide to work from home whenever they want and decide to inform about it whenever they want.

Scope for Improvement: Employees can work from home whenever they want, but should inform their manager about it, well ahead of time.

How to avoid giving passwords in linux servers while logging in

Say, for example im in 10.10.10.1 machine and i need to login to 11.11.11.1 machine.

In source machine (10.10.10.1)
Login to the machine as root

#ssh-keygen -t dsa

#scp /root/.ssh/id_dsa.pub 11.11.11.1:/tmp

Now, go to destination machine (11.11.11.1).
Login to the machine as root

#mkdir .ssh
#cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
#chmod 700 /root/.ssh/
#chmod 600 /root/.ssh/authorized_keys

Now try logging in ssh from 10.10.10.1 machine to 11.11.11.1 , you will not be prompted for password.
This will be useful in cases where we schedule backups from one machine to the other in cron job. So that files will be copied automatically without asking for the password.

Let me know, if anyone have any doubts on this.

Installing MRTG graphs on centos (linux) servers

1. Install snmp service and MRTG graph

Code:

yum -y net-snmp mrtg

yum -y install net-snmp mrtg

2. Open /etc/snmp/snmpd.conf

Please note that the file should be looked as below. (Comment (#) the lines as shown below in “Access Control Part”)

Quote:

# First, map the community name “public” into a “security name”

# sec.name source community
#com2sec notConfigUser default public

####
# Second, map the security name into a group name:

# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1
#view systemview included .1.3.6.1.2.1.25.1.1

####
# Finally, grant the group read-only access to the systemview view.

# group context sec.model sec.level prefix read write notif
#access notConfigGroup “” any noauth exact systemview
#none none

# —————————————————————————–

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE “COMMUNITY” TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

## sec.name source community
com2sec local localhost dingloo
#com2sec mynetwork NETWORK/24 COMMUNITY

## group.name sec.model sec.name
group MyRWGroup v1 local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#…

## incl/excl subtree mask
view all included .1 80

## -or just the mib2 tree-

#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

## context sec.model sec.level prefix read write notif
#access MyROGroup “” any noauth 0 all none none
access MyRWGroup “” any noauth exact all all all

Add or edit the bolded lines in /etc/snmp/snmpd.conf

3. Service snmpd restart

After restarting please look in /var/log/messages for any error message

4. Now change your directory to Apache DocumentRoot #cd /var/www/html or #/usr/local/apache/htdocs
5. Make a directory called graph #mkdir graph
6. #cd graph
7. Run the following command

Code:

#cfgmaker dingloo@127.0.0.1 > mrtg.cfg

8. This will generate mrtg.cfg file

9. Once the above is created Open the file and change “Workdir” to DocumentRoot (i.e., where file path for the file mrtg.cfg)

10. Now Run the following command

Code:

#env LANG=C /usr/bin/mrtg /var/www/html/graph/mrtg.cfg

You
will notice few warnings, Repeat the same command thrice or more, the
warnings will be stopped automatically. Now we can see some html and
files genertaed in graph folder.

11. Set this in cronjob, so that the graph will be generated automatically

Code:

*/5 * * * * env LANG=C /usr/bin/mrtg /var/www/html/graph/mrtg.cfg > /dev/null 2>&1

The above will be running for every five minutes.

Hope This article is useful..

Let me know, if anyone has doubts..

Instant Messenger Usage at Auro Infotech

Instant Messengers are a part of the core communication tools used at Auro Infotech. Our clients are located all around the world and due to this geographic distribution around the world, they use different IMs, popular in different locations: Yahoo Messenger, AOL, MSN Messenger, Skype, GTalk, ICQ, etc.

We also provide 24 by 7 secondary support using IM for all our clients, the primary mechanism being email. ie. We recommend clients to open a support ticket by emailing our support team at support@auroinfotech.com and then follow up on the ticket on IM or phone as the secondary communication tools.

After using multiple IM clients, we started using Meebo two years ago and have not turned back after that. We survived the tricky IM worms that spread around on Yahoo IM client, uncontrolled even today. We have a strict policy for the past year at Auro Infotech to use IM only using Meebo web site.

If you use any other IM solution, besides Meebo, please let us know as we will be glad to evaluate alteratives. (I am particularly focused on solving single point of failures anywhere at Auro Infotech and will be glad to find an alternative to Meebo.)

Div Tags and Tables

Ever since the introduction of Web 2.0 based websites, a few techniques have been establised as generally accepted standards or best practices in Web 2.0 websites.

One of them is the usage of DIV tags as opposed to using tables. DIV tags help the sites be aligned better. This along with the logical separation of front end interface with the programming logic achieved in combination with the usage of classes in CSS files, became a very powerful tool for creating both user friendly web pages as well as Search Engine Optimized webpages.

At Auro Infotech, we adopted both the css file standards as well as the usage of DIV tags very early, in line with our attempt to stay on par or ahead of the curve on the latest technologies.

In the beginning, we created all new designs using DIV tags only and avoided the usage of tables in our HTML pages. Over a period of time, we understood that tables are there for a reason and have to be used in those places where they are relevant. So we refined our web design standards to accept the presence of tables wherever necessary. Some of the examples are displaying a list of records, where tables play a much better role than div.

This topic has been debated in various forums and blogs online, at the end of the day, when clients look forward to us to come up with guidelines to help them have cleaner looking websites, we recommend the usage of DIV tags primarily, while using tables wherever necessary.

Weekly Status Reports at Auro Infotech

Every week, the Team Leaders at Auro Infotech are expected to report a Weekly Status Report (WSR) on each project their teams work on. This report is sent at the end of the week to the clients. This report has to be produced on every project where there was any work done during the week.

A sample WSR is given below:

——-Auro Infotech Weekly Status Report Begins—————–
Sample Status report: Weekly Status Report on Music Plugin for Week Ending 27-January-2006

Project Name: Music Plugin Enhancements v3.0
Project Started on: 26-January-2006
Project Planned End Date: 13-February-2006

Status Report for Week Ending: 27-January-2006
Current Phase: Coding

Previous Accomplishments:
Nil

Accomplishments during the week: (23-January-2006 to 27-January-2006)

1. Coding: Changes to Home page

Plans for next Week:( 30-January-2006 ) to (03-February-2006 )

1. Coding: Create Static Page on the fly

Future Tasks:

1. Week of 6th Feb: Coding and Testing
2. Week of 13th Feb: Release
Project Status (Development Team view): On target

——-Auro Infotech Weekly Status Report Ends—————–

5. Weekly Status Reports should be sent to the clients at the end of every week by the team leaders

6. The following are the statuses:
1. Completed – Client Signed Off
2. Pending Client Sign Off – This is if the client has checked it and said everything looks ok, but has not sent an official sign off.
3. Pending UAT – If the client is still testing something.
4. Pending QA Sign Off – If coding is completed and is with the QA team.
5. Coding – If coding is going on.
6. On Hold – If client has put this on hold.
7. No Response – Sent more than one mail to the client with no response from client.

Difference between Effort and Duration

Many times our clients ask us “How much time do you need to complete this task”.

Typically the development teams respond by saying “It will take 12 hours to complete it” or “It will be completed in 12 hours”.
The above two sentences have two completely different meanings.
“It will take 12 hours to complete it” refers to an effort of 12 hours required to complete the work.
“It will be completed in 12 hours” refers to the duration within which the task will be completed.

Having said that, lets understand the difference between the terms “Effort” and “Duration”.

Effort refers to the number of person days or person hours required to complete a task. Eg. 12 hours of effort: This means if one person worked on this task non stop, they can complete the task in 12 hours.

Duration refers to the time period required to complete the task. Eg. 12 hours duration: This means the task will be completed in 12 hours time. ie. This statement does not say how many people will be working on it. It could be 3 people working for 8 hours of effort each and getting it ready within 12 hours duration. It could also be that one person will be working on it for 3 hours of effort, but will have time to complete it only in 12 hours time.

In order to get out of this confusion, we have set certain guidelines to be used by our teams whenever interacting with clients on topics of effort and duration.

While giving a proposal/estimate, we always give two numbers:
Estimated Effort
Estimated Duration

Also when replying to any client queries on when a task will be ready, we give them two data points: one about effort and the other about duration.

We will be interested in knowing if any other teams use a variation of this for their terminologies.

Flexible Website Maintenance Plan from Auro Infotech

At Auro Infotech, we have come up with a unique website maintenance plan called ‘Flexible Website Maintenance Plan’.

The idea behind this plan is to allow our clients to use our website maintenance support services without having to spend any more than the number of hours we spend supporting them.

As per this plan, the clients can study their website support pattern and arrive at the number of hours they feel would be required for the same. (Eg. 10 hours a month). We then enter into a contract with the client for three months (ie. 30 hours of support) and the client pays this amount in advance every quarter.

Some clients also request us to get their approval before doing the support task with an estimate for each task. We do this also, so that the clients have full control over where their support costs are going to be spent and when.

At the end of the quarter, whatever hours is left over is rolled over into the next quarter and hence the clients do not have to lose any of their hours.

This website maintenance model has been successfully implemented in a few websites now.

Feel free to comment on your thoughts on this model.