Alex MacCaw

JavaScript programmer, O'Reilly author.

Page 2

A Startup’s Guide to Hiring

I’ve written a post on Sourcing’s blog on how to find and hire software engineers.

As a founder and CEO, your role will increasingly turn to two major areas: hiring the right people, and ensuring they stay. We’re going to tackle the former area in this article and discuss a good framework for hiring engineers.

Every company’s hiring process is slightly different, and yours will likely evolve as your company grows. However, it’s important to set the right foundations in place since hiring the right people is crucial; it will make or break your company.

View →

A programmer’s legacy

One of my favorite things to do is looking round churches. I’m not a religious man, but whenever I visit a new city invariably the first thing I explore are the local churches or cathedral. To me, they represent timelessness and stability. They also represent a legacy. Somewhere there’s an architect whose life work was poured into that building. And here it is, standing hundreds of years after its designer has long gone, for all to see.

Legacy is something we programmers struggle with. It’s rarely discussed, and when it is it carries a negative connotation. Legacy code is a term that runs shivers down our spines. We rarely think of legacy in terms of making a mark.

I think we all have an urge to mark our stamp on this world, to graffiti ‘I was here–don’t forget me’. Yet, as a programmer, where is my legacy? Practically every program I’ve ever written has either been re-written by...

Continue reading →

For as long as I can remember I’ve wanted to run my own business in San Francisco. A few years after I moved to the city, after a lot of jumping through visa hoops, I finally have the opportunity. After four months of development and iteration, I’m excited to release, a tool to help you find and hire talented software engineers.

The idea stems from a problem that I had at both Twitter and Stripe: finding software engineers is a really hard and time consuming problem. There’s a shortage of good talent and the demand is incredibly high. It’s an incredibly inefficient process that can take months and cost you tens of thousands.

To find engineers, I resorted to the process of manually going through my Twitter followers and reaching out to them one by one. Out of about a hundred people I contacted, we hired three. While I was happy with the conversion rate, I couldn’t help...

Continue reading →

An Engineer’s guide to Stock Options

There’s a lot of fear, uncertainty and doubt when it comes to stock options, and I’d like to try and clear some of that up today. As an engineer, you may be more interested in getting on with your job than compensation. However, if you’re working at a fast growing startup, with a little luck and the right planning you can walk away from a liquidity event with a significant amount of money.

On the other hand I have friends who have literally lost out on millions of dollars because the process of exercising stock options was so complicated, opaque and expensive. Believe me, you’ll be kicking yourself if this happens to you, so why not arm yourself with some knowledge and make informed decisions.

This guide is an attempt to correct some of the imbalance in information between companies and employees, and explain in plain English the whole stock option process.

 Shares 101

I like...

Continue reading →

Animating DOM transitions

Animations and transitions are fairly crucial to the look and feel of modern applications, and can be a good way of indicating to a user what their interactions are doing. Indeed, the best interfaces have been clued up on this for a while now – pretty much every interaction you have with iOS involves an animation.

However animations can get convoluted really fast, especially if you have a lot of different states which require different transitions depending on which states are being entered or left. This is a problem I’ve struggled with in more complex UIs, specifically figuring out the position of elements - (we ended up using position absolute for everything, and having a huge amount of conditional code).

I’ve always wondered if there’s a better way of doing transitions and, rather than hard coding positions, delegate layout to the browser. Inspired by Keynote’s Magic Move effect...

Continue reading →

How (not) to write recruiting emails

Emails from recruiters have a fairly infamous reputation in the technical community, partly because of their often spammy nature, and partly due to a lack of interest in the jobs they’re pitching.

The ideal recruitment email should basically be a pitch, motivating candidates to further explore the opportunity. Engineers are extremely fortunate–we’re not generally in want of a job. To hire the best, you have to entice them away from other work.

Unfortunately many recruitment emails seem canned at best, automated to spam out to the widest audience possible. It’s a wonder these emails work, if indeed they do at all. Looking back through my inbox, here’s some of the mistakes I often see recruiters making:

  • Canned, with only the name changed
  • Asking people to email in their CV or resume
  • Not mentioning the company name, only an unspecified ‘client’
  • Urging you to spam your friends with the...

Continue reading →

End to end encryption in JS Web Apps

The most significant burden to mainstream encryption is the proliferation of web apps, such as email clients, and the lack of a good encryption story inside the browser. The question is: can we use end to end encryption inside JavaScript web apps?

Asymmetric encryption suffers from the same problems as OpenID, it’s a complex subject and if its success is conditional on being understood by your average user then it will never be popular in the mainstream. The only way to deal with crypto is to do what we programmers do best: abstract it and make it work transparently behind the scenes.

The issue is with ‘The Cloud’. A lot of communication applications, perhaps the majority of them, are served and hosted remotely. So how can we add encryption to hosted web apps? We need to solve three problems:

  1. Asymmetric (RSA) encryption/decryption routines in the browser
  2. Public key discovery
  3. Secure...

Continue reading →

Cross Site Request Forgery in JS Web Apps

Ensuring that attackers don’t forge requests in your web applications can be a tricky businesses, one that often requires a hand-rolled solution.

As soon as you have a session, you need to start thinking about cross site request forgery (CSRF). Every request to your site will contain authentication cookies, and HTML forms don’t abide by the same origin policy (SOP).

One method of ensuring that destructive requests (PUTs/POSTs/DELETEs) to your site are made from your domain, is by only allowing requests with a Content-Type header of application/json. The only way to set this header is via Ajax, and Ajax requests are limited to the same domain.

However, there have been active vectors in the past that have allowed header injection (such as some of the Flash exploits), and Egor, who is the expert in these things, assures me it’s not enough.

The classic method of preventing CSRF attacks...

Continue reading →

Preventing tab-close data loss in JS Web Apps

Often, when you’re building a JavaScript web application, you want to warn the user about any pending Ajax requests before they close the window.

Perhaps you’ve updated the UI before sending an Ajax request to the server, or perhaps you’re making long running background request. Either way you want to warn the user that, if they continue, they may lose data.

Browsers don’t offer an API to automatically block closing tabs (which would be open to abuse), but they do have a rather archaic API to specify a tab close prompt, window.onbeforeunload.

window.onbeforeunload = function(){
   return "Don't leave me!";

As you can see, this isn’t a normal event. You can only have one listener, and it should return a string that is ultimately displayed to the client.

jQuery has a undocumented active property, a integer representing the amount of co-current Ajax requests. We can check this to...

Continue reading →

JavaScript ‘wake’ event

For I wanted to ensure that the list of posts is always kept up to date. This is especially a problem when the computer wakes up from a sleep, as the top posts are often way out of date!

It turns out there is no JavaScript wake event. There is an online event, but it doesn’t seem to trigger whenever the computer is sent to sleep and re-awoken.

The only sure fire way I could work out to achieve this, was to run a interval and check that the it was invoked at the expected times. Any delay in an interval invocation indicates that the computer has just slept.

var TIMEOUT = 20000;
var lastTime = (new Date()).getTime();

setInterval(function() {
  var currentTime = (new Date()).getTime();
  if (currentTime > (lastTime + TIMEOUT + 2000)) {
    // Wake!
  lastTime = currentTime;

You can find the full jQuery plugin here. It triggers a custom wake event on documen...

Continue reading →