Alex MacCaw

by Alex MacCaw

JavaScript programmer, O'Reilly author.

Read this first

An Engineer’s Guide to US Visas

I’ve written a post on US visas on Sourcing.io’s blog.

Gather a group of foreigners together in San Francisco, and the topic of conversation invariably turns to visas and immigration. For many of us just getting to America is a feat in itself. Overcoming the regulation, hurdles and bureaucracy that encompasses the US visa system is a shared and painful experience we can all relate to.

Five years ago, when I was working back in England, I wanted nothing more than to emigrate and join a tech startup in San Francisco. The trouble was I had no qualifications, no degrees and no connections. It’s only through a great degree of persistence, determination, and the support of some wonderful people that I’m living out in SF.

Read more…

Continue reading →


Structuring Sinatra Applications

I’ve written a post on Sourcing’s blog about structuring Sinatra apps.

I love Sinatra. I use it for practically everything. For me, Sinatra has the perfect blend of simplicity and abstraction. I can understand the full stack, dip into the source when I need to, and extend the framework how I see fit.

However the bare-bones nature of Sinatra can come at a cost. Sinatra leaves much more of the decision making around your application’s structure, layout and libraries up to you. This can be a bit daunting if you’re just getting into Ruby web app development, which I think is one of the reasons why Sinatra is mainly the realm of more experienced developers looking for a bloat-free alternative to Rails.

Read more…

Continue reading →


A Startup’s Guide to Hiring

I’ve written a post on Sourcing’s blog on how to find and hire software engineers.

As a founder and CEO, your role will increasingly turn to two major areas: hiring the right people, and ensuring they stay. We’re going to tackle the former area in this article and discuss a good framework for hiring engineers.

Every company’s hiring process is slightly different, and yours will likely evolve as your company grows. However, it’s important to set the right foundations in place since hiring the right people is crucial; it will make or break your company.

Continue reading →


A programmer’s legacy

One of my favorite things to do is looking round churches. I’m not a religious man, but whenever I visit a new city invariably the first thing I explore are the local churches or cathedral. To me, they represent timelessness and stability. They also represent a legacy. Somewhere there’s an architect whose life work was poured into that building. And here it is, standing hundreds of years after its designer has long gone, for all to see.

Legacy is something we programmers struggle with. It’s rarely discussed, and when it is it carries a negative connotation. Legacy code is a term that runs shivers down our spines. We rarely think of legacy in terms of making a mark.

I think we all have an urge to mark our stamp on this world, to graffiti ‘I was here–don’t forget me’. Yet, as a programmer, where is my legacy? Practically every program...

Continue reading →


Sourcing.io

For as long as I can remember I’ve wanted to run my own business in San Francisco. A few years after I moved to the city, after a lot of jumping through visa hoops, I finally have the opportunity. After four months of development and iteration, I’m excited to release Sourcing.io, a tool to help you find and hire talented software engineers.

The idea stems from a problem that I had at both Twitter and Stripe: finding software engineers is a really hard and time consuming problem. There’s a shortage of good talent and the demand is incredibly high. It’s an incredibly inefficient process that can take months and cost you tens of thousands.

To find engineers, I resorted to the process of manually going through my Twitter followers and reaching out to them one by one. Out of about a hundred people I contacted, we hired three. While I was happy with the conversion...

Continue reading →


An Engineer’s guide to Stock Options

There’s a lot of fear, uncertainty and doubt when it comes to stock options, and I’d like to try and clear some of that up today. As an engineer, you may be more interested in getting on with your job than compensation. However, if you’re working at a fast growing startup, with a little luck and the right planning you can walk away from a liquidity event with a significant amount of money.

On the other hand I have friends who have literally lost out on millions of dollars because the process of exercising stock options was so complicated, opaque and expensive. Believe me, you’ll be kicking yourself if this happens to you, so why not arm yourself with some knowledge and make informed decisions.

This guide is an attempt to correct some of the imbalance in information between companies and employees, and explain in plain English the whole stock option process.

...

Continue reading →


Animating DOM transitions

Animations and transitions are fairly crucial to the look and feel of modern applications, and can be a good way of indicating to a user what their interactions are doing. Indeed, the best interfaces have been clued up on this for a while now – pretty much every interaction you have with iOS involves an animation.

However animations can get convoluted really fast, especially if you have a lot of different states which require different transitions depending on which states are being entered or left. This is a problem I’ve struggled with in more complex UIs, specifically figuring out the position of elements - (we ended up using position absolute for everything, and having a huge amount of conditional code).

I’ve always wondered if there’s a better way of doing transitions and, rather than hard coding positions, delegate layout to the browser. Inspired by...

Continue reading →


How (not) to write recruiting emails

Emails from recruiters have a fairly infamous reputation in the technical community, partly because of their often spammy nature, and partly due to a lack of interest in the jobs they’re pitching.

The ideal recruitment email should basically be a pitch, motivating candidates to further explore the opportunity. Engineers are extremely fortunate–we’re not generally in want of a job. To hire the best, you have to entice them away from other work.

Unfortunately many recruitment emails seem canned at best, automated to spam out to the widest audience possible. It’s a wonder these emails work, if indeed they do at all. Looking back through my inbox, here’s some of the mistakes I often see recruiters making:

  • Canned, with only the name changed
  • Asking people to email in their CV or resume
  • Not mentioning the company name, only an unspecified ‘client’
  • ...

Continue reading →


End to end encryption in JS Web Apps

The most significant burden to mainstream encryption is the proliferation of web apps, such as email clients, and the lack of a good encryption story inside the browser. The question is: can we use end to end encryption inside JavaScript web apps?

Asymmetric encryption suffers from the same problems as OpenID, it’s a complex subject and if its success is conditional on being understood by your average user then it will never be popular in the mainstream. The only way to deal with crypto is to do what we programmers do best: abstract it and make it work transparently behind the scenes.

The issue is with ‘The Cloud’. A lot of communication applications, perhaps the majority of them, are served and hosted remotely. So how can we add encryption to hosted web apps? We need to solve three problems:

  1. Asymmetric (RSA) encryption/decryption routines in the browser
  2. Public...

Continue reading →


Cross Site Request Forgery in JS Web Apps

Ensuring that attackers don’t forge requests in your web applications can be a tricky businesses, one that often requires a hand-rolled solution.

As soon as you have a session, you need to start thinking about cross site request forgery (CSRF). Every request to your site will contain authentication cookies, and HTML forms don’t abide by the same origin policy (SOP).

One method of ensuring that destructive requests (PUTs/POSTs/DELETEs) to your site are made from your domain, is by only allowing requests with a Content-Type header of application/json. The only way to set this header is via Ajax, and Ajax requests are limited to the same domain.

However, there have been active vectors in the past that have allowed header injection (such as some of the Flash exploits), and Egor, who is the expert in these things, assures me it’s not enough.

The classic method of...

Continue reading →