17 Nov, 2008

Talent Availability Part 2 - San Francisco, New York, Seattle and other US cities

Posted by Bhavin Turakhia | (1) Comments

I have been spending a ton of my time in researching talent acquisition for Directi. As a follow-up to my previous post on a comparison of Availability of Developers in various cities in India (Mumbai, Bangalore, Delhi etc) - I have spent the last several weeks in performing comparative analysis of various tech hubs in the United States with respect to available talent. I have conducted empirical study on various jobsites, read several reports, and spoken to many individuals who kindly volunteered their time to answer my tirade of questions :)

Miscellaneous conclusions from my conversations

  • Based on conversations with various individuals that I connected with, I can conclude that there is no better place than the Valley for recruiting tech talent
  • New York’s tech talent largely comprises of developers in the financial sector. Most of the Web 2.0 development is taking place in the Bay Area
  • This is a really good time to be thinking of starting up in the US, given the economic crisis talent availability is at an all time high
  • Cost-wise the Bay Area and NYC are similar in terms of salaries. Housing costs in the Bay Area have reduced more than that in NYC in the current environment, which may further drive down compensation costs in the Bay Area
  • New York compensation models are at times different from those in the Bay Area, since the financial sector compensation packages typically comprise of hefty bonuses, while the tech sector doles out equity.
  • Seattle is 20-30% cheaper than the Bay Area in terms of salaries. Seattle is a good bet for recruiting for Microsoft technologies, given their dominant presence there.
  • Median salary figures for developers range between 75-85 for freshers, 90-120 for experienced developers and 120-160 for leads. This is trending downwards to a certain extent in the current environment
  • Chief sources of recruiting talent are Craig’s List, LinkedIn, other job boards, recruiters and networking / referrals
  • Bay Area Tech community is significantly more vibrant in terms of events, activities etc in comparison to any other destination in the US
  • Obviously it goes without saying that the competition for talent in the Bay Area is significantly higher than other cities
  • Other tier-2 cities that happen to be tech hubs are Dallas, Austin, Chicago
  • .. and yea … more people seem to think that New York is more fun than the Bay Area :)

Empirical Data from Jobsites

City (10 mile radius from zip) Java (3m) C# (3m) C++ (3m)
San Francisco (94110) 223 72 176
SFO Bay Area (94041) 795 181 678
Dallas (75205) 240 83 191
Chicago (60612) 368 121 331
Los Angeles (90210) 274 93 209
Austin (78701) 137 42 119
Boston (02114) 353 103 286
New York (10028) (5 miles) 448 154 346
New York (10028) 1000 521 1000

The above data was gathered from US websites using the methodology described in my previous post on a comparison of Availability of Developers in various cities in India. The above data shows the following -

  • SFO Bay Area has 3x the talent availability pool of San Francisco proper
  • In New York I had to modify the search parameters to a 5 mile radius as opposed to a 10 mile radius due to the concentration of businesses in Manhattan
  • By sheer numbers the New York area (using a 10 mile radius from Central Manhattan) has more software developers looking out for a job, than San Francisco
  • The Bay Area has almost twice the talent pool in terms of availability as compared to other cities

Notes:

  • The above data was gathered by searching job boards for number of candidates who were out there looking for a job in the last 3 months
  • This methodology can provide a fair indication of general talent availability, but is not conclusive. For instance, it is possible that job-seekers are simply more active in the Bay Area than in other cities resulting in a larger number despite similar talent availability. While these type of error conditions may average out - the above data should be used in an indicative manner only.

Other Resources

  • AeA publishes very detailed reports on distribution of tech talent in the United States, by state and cities. You can obtain them at the below links. They cost $250 each, and provide some interesting perspectives -
    AeA CyberStates Report 2008
    AeA Cybercities Report 2008
  • For instance an interesting factoid I figured from the above reports was that 1 out of every 4 persons employed in the Bay Area is employed in the tech industry
  • Another helpful website is http://topuniversities.com - which provides a rating and ranking of universities worldwide. As expected United States features on the top of the list. I will be providing a separate analysis on my findings with respect to a comparison of universities worldwide.
Category : 0-cosmos | TechTalk

20 Oct, 2008

Denying a Denial of Service attack

Posted by Bhavin Turakhia | (2) Comments

At our size, not a day goes by without being under some DDOS attack on atleast one of our services. They are now an assumed constant. Most of them do not impact us in any manner. Some of them manage to make a dent. Others can result in unscheduled downtimes. Here are a set of tips in no particular order that we have learnt the hard way to improve your infrastructure resilience :) -

  • Monitor your traffic at the network adaptors and switch ports using MRTG and Nagios, and ensure any spikes result in immediate alerts and escalations
  • Ensure that your switches, routers and other devices can provide you with packet capture and other pertinent monitoring information
  • Since DDOS attacks originate from multiple source IP addresses, typical DDOS mitigators use heuristics to determine bad traffic patterns and block those source IP addresses. This can result in blocking genuine traffic patterns / sources. If instead you can identify the traffic pattern of the DDOS you can block that pattern atyour firewall, as opposed to blocking source IPs. For eg, we have had UDP attacks on our DNS Servers where the UDP packets were of a fixed length. We blocked packets matching that configuration and thwarted the attack
  • Last week we got hit by the mother of all DDOSes - a 4.8 GBps sustained attack on one of our deployments. An attack of this size is cannot be thwarted by regular DDOS mitigators or source blocking. The only choice we had was to null-route our destination IP Address. Try and ensure that your service is bound to multiple IP addresses, with a low TTL in your DNS server to allow you to modify your DNS entries rapidly. Many a times DDOSes target a specific set of IPs in which case you can simply give up that IP address and substitute it with another one. Sometimes DDOSes may target a domain name in which case the attack may be visible on all the IP addresses that the domain name resolves to. In this case, if your app-design can allow for a modification of the service URL - it would make it easy to block the DDOS. Otherwise your best bet would be to modify the ip addresses in your DNS for that domain, and hope that the DDOS clients are caching DNS resolution and the attack will not migrate to your new IP addresses. It is also highly recommended that your application have multiple different service access URLs and that you provide different ones to different users. That way a DDOS may not affect all your users.

This is a hurriedly drafted article and there is significantly more knowledge that we have amassed over the years on this subject. If I find some additional time I will likely pen it down in a more structured format on some other day.

Category : Directi | TechTalk

1 Oct, 2008

The Game of Business

Posted by Bhavin Turakhia | (4) Comments

I delivered a presentation titled the Game of Business at the Proto.in conference in 2008 and subsequently at IIT Kanpur’s Megabucks event.

Visit our wiki at http://wiki.directi.com/x/BwCK to view the video of this presentation and download the slides. At Directi, we believe that Business is like a game. This presentation covers principles that embrace this philosophy and that continue to be instrumental to the success of Directi.

I finally managed to obtain a copy of the video of the presentation and hence am posting this entry quite late. I believe this is by far one of the best presentations I have delivered in terms of value and the importance I personally attribute of the concepts I expound in the presentation to the success of our company.

Comments / feedback are solicited and welcome :)

Category : 0-cosmos | Directi | Random Musings

24 Sep, 2008

Time and Resources Analysis of a Recruitment Exercise

Posted by Bhavin Turakhia | (0) Comments

I got around to thinking about the amount of effort that goes behind a recruitment exercise at Directi and I thought to pen down an article which details out a recruitment scenario and the effort / resources involved. The purpose to pen this down was to get an idea of the time, cost and people involvement per candidate. This in turn will enable us to -

  1. Set expectations in terms of targets of the number of interviews one can conduct per week
  2. Determine direct cost of an interview process
  3. Determine the opportunity cost of an interview process
  4. Improvise our recruitment process and make it more efficient

The article turned out to be a 1600+ word count multi-page article which I have posted on our Directi Wiki under the Recruitment University

Anyone involved in recruitment should read it. The article is available at - http://wiki.directi.com/x/TwDK

PS: If you wish to apply for a job at Directi, visit our careers portal at http://careers.directi.com

Category : Directi | Random Musings

11 Sep, 2008

Availability of Developers by City (Mumbai, Bangalore, Delhi etc) and Technology (Java, C++, C#, AIR, WPF etc)

Posted by Bhavin Turakhia | (14) Comments

An alltime favorite question amongst journalists who interview me as a “young entrepreneur” has been - “Tell us about some of the challenges you faced while growing Directi?” and my patent answer has always been that the only challenge we have faced and continue to face is finding good talent. In our bid for finding talent we are now expanding into other cities over the next few months.

In order to determine tech labor availability across the common metro cities in India I compiled a statistical comparison of the count of resumes available on common jobsites for common software development skillsets in the various cities in India, and the findings are very interesting. This blog post compiles these findings. If you are a tech company in India - these findings can help you make technology decisions concerning city selection and platform selection.

The findings

Below are findings from the comparison of the count of resumes of software developers with 0-4 yrs of experience from various cities in India as compiled from a jobsite -

1. Findings by City

  • Bangalore has 2.5 times the number of Java resumes of Mumbai
  • In terms of total resumes from each city the ranking is in the following order - Bangalore, Hyderabad, NCR, Chennai, Delhi, Pune, and lastly Mumbai
  • As an example, here is the citywise count of Resumes that contained the keyword Java
    • Bangalore - 123,205
    • Hyderabad- 114,561
    • NCR - 85,347
    • Chennai - 82459
    • Pune - 54,086
    • Delhi - 53,256
    • Mumbai - 43,672
  • Every city in India has more available developers than Mumbai with the South taking the lead
  • NCR has almost twice the number of developers as Delhi

2. Findings by Technology

  • The total count of Resumes of developers with 0-4 yrs experience that contain the below keywords across all 7 cities was -
    • C++ - 635,575
    • Java - 556,586
    • C# - 190,872
    • Javascript - 162,343
    • Ajax - 41,219
    • Flex - 8,668
    • Python - 3,429
    • Ruby - 2,099
    • WPF - 779
    • Silverlight - 255
  • As you can see Java and C++ are the predominant keywords in Software Developer Resumes
  • Flex beats Python and Ruby :)
  • Ajax and Javascript beat Flex/WPF/Silverlight by several magnitudes as keywords appearing in resumes

The results above remain similar in terms of ratio, for Resumes with 4+ yrs of experience.

Click here to download the raw excel sheets for all cities and technologies >>

The methodology

I had my team conduct independent searches for each permutation and combination of the following -

  • Keywords - Java, C#, C++, Javascript, Flex, Silverlight, WPF, Ajax, Actionscript, Ruby, Python
  • Cities - Mumbai, Pune, Bangalore, Delhi, NCR (Noida/Gurgaon), Chennai, Hyderabad
  • Experience - 0 to 4 yrs , 4+ yrs
  • Function - Software Development (or equivalent)
  • Jobsites - Naukri, Timejobs, Monster
  • Date - 3rd June 2008

The above totals upto a whopping 462 searches :). I then tabulated the count of Resumes for each search and put it in multiple excel spreadsheets. You can download the spreadsheets to crunch the numbers yourself.

Based on the above data, Directi and .pw clearly need a presence in the south. The data also demonstrates the lack of penetration of RIA, especially Flex/Silverlight/AIR/WPF, amongst Indian developers.

Hopefully this data can help others make similar decisions. Meanwhile lookout Bangalore/NCR - we are in the process of making an appearance shortly :)

PS: Interested in joining Directi? - check our openings at http://careers.directi.com

Category : 0-cosmos | Random Musings

4 Sep, 2008

Ethics in journalism and the Metcalfe law

Posted by Bhavin Turakhia | (2) Comments

Update: Directi, Knujon and HostExploit have posted a joint statement with an accurate representation of facts, clearing any previous misconceptions. Click here to read it >>

I, alongwith my team, have spent the last two full days in fire-fighting, false and inaccurate, libelous and defamatory claims against Directi by a certain Garth Bruen at Knujon and Jart Armin and James Mcquad at Hostexploit, compounded multifold thanks to the Network effect of the Internet.

For the full story check out our post on the Directi blog - Our official response to inaccurate reports which falsely implicate the Directi Group

In short, Knujon and HostExploit published two independent online reports incorrectly linking Directi to certain miscreants responsible for fraudulent activities on the Internet. Their research was entirely flawed and their reports filled with factual inaccuracies.

Within record time, these posts were picked up by over 15 other news sites and reported as if accurate with additional conclusions left to the imagination of the respective journalists. What shocked me personally is neither the original posters (Garth / Jart / James) nor any of the journalists responsible for the follow-up aftermath extended a basic common courtesy of contacting us for comments, let alone for validating any of the claims. The whole episode has caused considerable irreversible damage to our reputation, ended up wasting significant resources within our organization, and left several misconceptions in the minds of thousands of readers worldwide concerning abuse on the Internet.

Journalism has existed way before the Internet, and a common ethical code of responsible reporting is assumed in this profession. With the Internet however the responsibility is significantly compounded, given the fact that any published story is now re-published multiple times, blogged about, indexed, archived, forwarded, shared, favorited,  bookmarked, dugg, twitterred within moments of publication, repeatedly, by netizens worldwide, and all this information continues to exist in the cyberspace, google cache, browser cache, proxies, web archives, offline stores and many other sources - ad infinitum.

Anyone making any public claims / statements on the Internet now has significant power, and, in the words of Peter Parker - “With great power comes great responsibility”. I can only hope that the various reporters / news agencies who we have been in touch with, learn from this experience, and do not, in their haste to churn out the next sensational news story, ignore the fundamental tenets of responsible and ethical reporting.

Category : 0-cosmos | Directi

31 Aug, 2008

A modified Nonce implementation

Posted by Bhavin Turakhia | (7) Comments

Nonce refers to random single-use (hence the name) tokens used to hash information before sending it from a client to a server to avoid having to send sensitive data in cleartext. It is typically used to send authentication information such as passwords over HTTP. In this post I describe a slightly modified implementation of using nonce.

Our goal is to make an authenticated call from the client to the server. This requires the call to contain username and password information. We wish to avoid the overhead associated with HTTPS and at the same time, ensure that the password is not sent in cleartext.

Algorithm

  • Client requests the server for a nonce token and the current time of the server
  • Server generates a random nonce token (servertoken) - numerical or alphanumerical and returns the same to the client with its currenttime (servercurrenttime)
  • Client creates a hash of servertoken + password + servercurrenttime
  • Client sends servertoken, servercurrenttime, hash to the server
  • Server checks if its system time is within a 10 second range of the servercurrenttime it received. Server may need to take into account timezone differences between the client and server locations
  • Server then runs the same hash algorithm using the password it has in its store, and the servertoken and servercurrenttime received from the client
  • If the hash matches the hash received from the client, then the call is permitted

The above process ensures the following -

  • The password is not sent in cleartext
  • Anyone intercepting the communication can get the following - clienttoken, servertoken, hash. However they cannot obtain the password. Nor can they use the hash to repeat the same call after the expiry of the 10 second window. The window maybe suitably adjusted.

In another implementation the random token can be generated by the client instead of the server. The server only provides the servercurrenttime.

In another implementation the server can store the servertoken in a cache with a 10 second expiry. When the client sends the hash, the server checks if the servertoken exists. This would eliminate the need for using servercurrenttime. The servertokens could be stored in a simple memcache server.

Care should be taken that the hashing algorithm generates significantly distinct hash values for minor modifications in the token / password / currenttime.

It maybe argued that the random token is not required and that the currenttime is sufficient by itself to generate a hash. However a random salt appended with currenttime is likely more secure since it adds an element of randomness.

Category : 0-cosmos | TechTalk

4 Aug, 2008

I recommend reading…

Posted by Bhavin Turakhia | (17) Comments

I have been planning to begin blogging about the books I read, atleast the good ones. I have always been an avid reader and used to devour 2-3 books every month in the days before Directi. Nowadays I do not have the luxury of time, but manage to read one book a month (thanks to my ever-increasing travel schedule and the fact that I am never going to be able to sleep on planes until the A380s with the wider fully flatbeds begin flying to NYC and SFO - which may not be too faraway considering that Emirates has ordered 50 of them :) ).

Back to the topic at hand - I strongly recommend the below two books which I read in the last few weeks -

Smart and Gets Things Done: Joel Spolsky’s Concise Guide to Finding the Best Technical Talent (Hardcover) - Short and informative guide to recruiting tech talent. I read it cover to cover and enjoyed it thoroughly. While the book focuses on recruiting tech talent, most of the principles apply to any recruitment exercise. I would strongly recommend this to anyone involved in recruiting from functional heads to hiring managers

The Go-Giver: A Little Story About a Powerful Business Idea (Hardcover) - An amazing business parable with a simple, yet profound lesson on how building a successful business is about focusing on giving and not getting - an obviously simple fact, that all of us forget while living in what we have been trained to [wrongly] believe is a dog-eats-dog world. (Directians: We are buying 200 copies of this one so you can get yours from the library pretty soon)

Category : Random Musings

16 Jul, 2008

MySQL vs Postgres

Posted by Bhavin Turakhia | (2) Comments

In my perpetual comparison between MySQL and Postgres I am beginning to lean towards MySQL offlate. There are many reasons, but a short list that is currently relevant to us is here -

  • MySQL supports multiple backend storage engines providing more flexibility of choice. For instance one can choose MyISAM for tables where transactions and ACID compliance does not matter, and gain a performance advantage. Or one can use a Memory storage engine for temporary in-memory tables
  • InnoDB supports optional MVCC, thus providing best of both worlds
  • MySQL supports native replication and shared nothing clusters
  • MySQL has better integration with memcached
  • MySQL uses multi-threading as opposed to process-forking, making it less heavy
  • More people are using MySQL than Postgres - eg Facebook, Youtube etc
  • MySQL is now owned by Sun, and despite their recent lay-offs they are a company I respect

There are many other reasons, but currently these are the ones that are relevant to the products we are working on.

Category : TechTalk

15 Jul, 2008

Just Do It

Posted by Bhavin Turakhia | (4) Comments

No. This is not some Nike Propaganda

Last night I saw a show - “The New Inventor” on the Australia Network channel, a channel that in the past I have only flipped through en route from “Star World” to “AXN”. One of the inventors being profiled on the show made a statement, one that I have heard in the past, but one so profound that it deserves its own blog post.

I paraphrase his statement below -

When you have an idea or a vision, it can have three possible outcomes -

  • You give it all you’ve got and you suceed :)
  • or, You give it all you’ve got and fail :(
  • or, You ignore it and spend a lifetime wondering “What If?” !!!

The first outcome is the happy path. The second outcome involves a temporary downside accompanied by lessons that will serve you for a lifetime. The last outcome involves a lifetime of doubt.

Category : 0-cosmos
Next Page