Write like you talk

Links, On Startups

Nathan Kontny:

A handful of years ago I was volunteering for an organization here in Chicago where we helped high school kids prepare for their college applications. These kids were the first in their families, often underprivileged, to be applying to college.

One Saturday I met a student who wanted help editing his application essay. We went over to the computer lab and he pulled up a draft he’s been struggling with.

The essay was fine. It read grammatically well.

But it was terrible. It was dry and uninteresting. Artificial intelligence could have probably auto-generated it from a history of other applications.

I doubt any recruiter would remember him. How were we going to fix this?

Most of us trying to write to gain an audience, inspire people, market ourselves, etc. are all doing it wrong.

We stick with the education and rules we learned in high school and college: “Don’t end sentences with prepositions.” “Don’t start sentences with conjugations.” “Sentences have subjects and predicates.” We focus on the perfect paragraph and essay structure.

And if I asked most people to write an essay about their day. It’s likely going to come out a lot like my mentee’s. Stiff, formulaic, unoriginal.

But if we had an intimate conversation over coffee, the story about your day would be remarkably different. You wouldn’t worry about the word you used to start a sentence, or which of your sentences made up paragraphs. Instead, your struggles, achievements, and thoughts would hit my ears before you had a chance to think about: “Can I end a sentence with ‘at’?”

And because you weren’t worried about a hundred rules of grammar while you were talking to me, I’m that much closer to your internal voice.

The voice that makes you unique and interesting.

I wanted to share this post, as this is something I try to stick to when writing tutorials, I find it makes things sound better and smoother.


Naming a new product? Start with the job.

Links, start

A name can help people create a mental model for your product, which helps them to remember and associate your product with a particular job.

Other factors come into play, including how a name sounds, and how distinctive, appropriate, likable, extendable, and protectable it is. But most important is that the name is remembered and understood.

So to choose a memorable name for a product, you can start with the jobs you want people to remember it for.

A good lesson on product naming from the Intercom crew as they described naming their new bot service, operator bot.


Scan your projects for crossenv and other malicious npm packages

Links, code

Dominik Kundel, writing for the Twilio Blog:

On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called crossenv that scans for environment variables and POSTs them to a server.

This is particularly dangerous considering that you might have secret credentials for different services stored in your environment variables.

Apparently it’s also not limited to just crossenv, but a series of packages — all of them are names of popular modules with small typos such as missing hyphens.

Check your project for malicious packages

These packages have been taken down by npm, but since credential theft happens upon installation, you should check if you have installed one of them. Ivan Akulov was so kind to compose and publish a list of (at least some of) these malicious packages on his blog. He also wrote a small one-liner that you can execute to check if these packages are installed in your current project:

npm ls | grep -E "babelcli|crossenv|cross-env.js|d3.js|fabric-js|ffmepg|gruntcli|http-proxy.js|jquery.js|mariadb|mongose|mssql.js|mssql-node|mysqljs|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv.js|openssl.js|proxy.js|shadowsock|smb|sqlite.js|sqliter|sqlserver|tkinter"

Search for infected projects on Mac/Linux

If you are like me a person who regularly develops Node.js applications you might have a series of projects and not just one project to check for. I extended Ivan’s command for that reason using find and xargs to actually scan all subdirectories of the folder that contains my projects and execute Ivan’s command there. You can run it by simply copy pasting this command into your command-line:

find . -type d -maxdepth 4 -name node_modules -print0 | xargs -0 -L1 sh -c 'cd "$0/.." && pwd && npm ls 2>/dev/null | grep -E "babelcli|crossenv|cross-env.js|d3.js|fabric-js|ffmepg|gruntcli|http-proxy.js|jquery.js|mariadb|mongose|mssql.js|mssql-node|mysqljs|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv.js|openssl.js|proxy.js|shadowsock|smb|sqlite.js|sqliter|sqlserver|tkinter"'

Search for infected projects on Windows

That command works when you are on Mac or Linux.. Corey Weathers wrote a small PowerShell script for that will do the same thing on Windows:

Get-ChildItem $directory -Directory -Recurse -Include "node_modules" | foreach { cd $_.FullName; cd ..; npm ls | Select-String -Pattern "babelcli|crossenv|cross-env\.js|d3\.js|fabric-js|ffmepg|gruntcli|http-proxy\.js|jquery\.js|mariadb|mongose|mssql\.js|mssql-node|mysqljs|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer\.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv\.js|openssl\.js|proxy\.js|shadowsock|smb|sqlite\.js|sqliter|sqlserver|tkinter"} -ErrorAction Ignore

What if a malicious package was detected?

You should immediately rotate all secrets that you have stored in the environment variables. If it’s a project that is shared with other folks don’t forget to alert them to do the same. Don’t forget that Continuous Integration systems and cloud hosts like to use environment variables as well. So if you shipped one of these projects into production or used a system that uses environment variables don’t forget to rotate them there as well.

Read the rest of the original post for more information, I wanted to share this here so you can check your code for any packages that shouldn't be there.



FreshBooks’ Mike McDerment says “building your own competitor” is effective way to solve business problems

Links, On Startups

Amira Zubairi, writing for BetaKit:

At the latest FinTechTO, Mike McDerment, CEO and co-founder of FreshBooks, discussed the challenges teams face when re-platforming within a software company. He also offered tips on how entrepreneurs can successfully execute a redesign.

McDerment kicked off his presentation by giving an overview of how he co-founded FreshBooks, a cloud-based accounting platform that allows users to send invoices, track time, manage receipts, expenses, and accept credit cards.

McDerment said after raising a $30 million funding round back in July 2014, he began to think about how the company would keep up with technological changes over next decade.

“What we actually decided instead was that we needed to re-platform the company, like the whole product, go build a whole new thing.”

“In the back of my mind, I was like, are we really set up for the next 10 years?” said McDerment. “Since we started the company, all the technology had changed…it’s a very different world than, say, 2013, from a technology standpoint.”

At this point, McDerment said he was thinking of ways to transform or improve FreshBooks so that it’d be “set up to win in five or 10 years.” While he could have gone the route of “keep doing what you’re doing,” McDerment decided to take a different path.

“What we actually decided instead was that we needed to re-platform the company, like the whole product, go build a whole new thing,” said McDerment, adding that this was “a stupid move” for a couple of reasons.

“Reasons why you don’t want to re-platform include competition…may catch up while you’re doing it,” said McDerment. “I promise you, it’s going to take longer than you think…you could go through all the trouble and you don’t necessarily end up with a better product in the end.”

Along with these reasons, McDerment stressed that re-platforming means that companies often run the risk of undermining their customers’ trust, which in turn, makes it harder for engineering teams to take the risk of entirely re-building a product.

Speaking about his own experience, McDerment said when FreshBooks’ team decided to redesign, he had to find a way to do this and “not lose out competitively, [and] get the team to a place where they could take some of these really big risks.”

In the end, FreshBooks created a new company with a new name, URL, and product, and have it compete with FreshBooks’ existing products. McDerment said competing with themselves via a separate company allowed FreshBooks to not only keep their customers’ trust, but also test out a new platform, collect data, and determine whether they had created something better or not.

For entrepreneurs who may be struggling to build their companies, McDerment ended his presentation with a few words of advice.

“Building your own competitor is a novel way to solve a hard business problem,” said McDerment. “I’d just encourage you to believe that there is a way you can do this. It may not be obvious, it may not be logical, but there is a path.”

I've always respected Mike and what they are doing at freshbooks, we've used them for all our book keeping here for years.

You can watch the full presentation below:


Page 1 of 49 Next