Bozhidar Bozhanov

About Bozhidar Bozhanov

Senior Java developer, one of the top stackoverflow users, fluent with Java and Java technology stacks - Spring, JPA, JavaEE. Founder and creator of Computoser and Welshare. Worked on Ericsson projects, Bulgarian e-government projects and large-scale online recruitment platforms.

Do Web 2.0 Companies Really Have The Best Technical Talent?

There are a lot of cool companies with products on the web that millions of people are using. I’ll wondered whether I should label them “web 2.0?, “silicon valley”, “cool startups”, or something else, but I think it’s clear which ones I’m writing about.

The assumption is that these companies attract the best technical talent. And even despite my criticism of their interview process, I still used to think that indeed the best developers and software engineers go to these popular web companies. But due to a couple of observations, I’m no longer certain. These companies have been making junior-developer mistakes in many areas and I can’t imagine that a “top talent” could allow this to happen.

What raised my concerns is security. And it’s not computer-science heavy-cryptography-algorithm-design type of security. It’s the simple web security that every developer out there should actually know – how to store passwords. I was astonished to learn that Yahoo, LinkedIn, and recently Pandora were revealed not to be hashing and salting the passwords, which lead to password leaks. (Note: the case with Pandora is a bit less trivial as noted in the HN comments). It’s the bare minimum thing you should do, and any sane developer who sees that the company stores passwords in plaintext, or uses MD5 hashes, or doesn’t add salt, should just go and fix that (with management approval, yes). “Legacy” is not an issue here – you can hash&salt plaintext passwords, and you can add salt to a hash the next time a user logs in (by getting his actual password on login in order to generate a new hash). But many companies haven’t done that. I would be ashamed to work in a project that doesn’t follow these practices widely known for years, especially if it has millions of users.

But enough with the security. Let’s talk about API design. API design is hard, but it is manageable by top engineers. And yet, there are many instances of unstable, not well-designed APIs. Facebook, for example. They are improving it now, but it used to be horrible. The Android core APIs look (or used to look in the first versions) as if written by a freshman (just a simple example from my android experience: cursor.getInt(cursor.getColumnIndex(CallLog.Calls.TYPE));. Many methods with more than 5 arguments, etc.) Related to APIs – salesforce XSDs sometimes cannot be parsed, because they are invalid – we have been fixing their XSDs in order to communicate with them.

And these are the things that we see on the surface. I’ve heard “horror” stories like writing web projects in C++, and the other day I took a look at the code of reddit, which (even though I’m not a python developer) struck me with some really odd stuff (won’t go into details). I guess many people have heard or seen a lot of “wtf” moments, that a “best developer” just wouldn’t do.

So is it really the case that these silicon valley/web 2.0 companies have the best developers, or they are just regular companies that have average developers doing stupid things? There are certainly some great developers in these companies that do “magic” and “insane” stuff, but apart from the stars, are the rest of the developers also “the best”? I’m no longer sure this is the case.

Don’t forget to share!

Reference: Do Web 2.0 Companies Really Have The Best Technical Talent? from our JCG partner Bozhidar Bozhanov at the Bozho’s tech blog blog.

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

JPA Mini Book

Learn how to leverage the power of JPA in order to create robust and flexible Java applications. With this Mini Book, you will get introduced to JPA and smoothly transition to more advanced concepts.

JVM Troubleshooting Guide

The Java virtual machine is really the foundation of any Java EE platform. Learn how to master it with this advanced guide!

Given email address is already subscribed, thank you!
Oops. Something went wrong. Please try again later.
Please provide a valid email address.
Thank you, your sign-up request was successful! Please check your e-mail inbox.
Please complete the CAPTCHA.
Please fill in the required fields.

2 Responses to "Do Web 2.0 Companies Really Have The Best Technical Talent?"

  1. ykameshrao says:

    Well…All you observations are correct to certain extent. And, I totally agree that missing a basic thing as hashing and salting passwords cannot be overlooked and forgiven. But, when it comes to APIs and their design, its not an easy task to get it right in the first go. You have to consider that these Web companies are working in the agile mode where not much time is spent speculating the perfect API design. The turnaround time required to meet by these developers is as small as 15 days – 30 days (a general sprint cycle) that includes requirement gathering, design, development, testing and deployment. And the internet companies can never really gauge the success of the API until it is deployed. Traditionally, companies could design better APIs (read Microsoft MFC for example) since they had that kind of dev time available, but the working of a software company in the current internet and mobile era is way different.

  2. Gerson says:

    Most of these company aren’t involved with mission critical application. Verification and validation isn’t require!

Leave a Reply


five × 6 =



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy | Contact
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

Get ready to Rock!
You can download the complementary eBooks using the links below:
Close