It started like a normal Tuesday morning. First thing I did after waking up, was to check my Twitter. After seeing a lot of tweets about OpenSSL, I had to dig deeper. At first glance, it seemed like the worst thing to hit the web for many years. And it was.
OpenSSL was leaking its memory contents. The programmer had missed one size check when writing the heartbeat implementation. But it was bad. All traffic , usernames and passwords and even server private keys are in that particular memory.
Once I got to the office, we started replacing our customer systems' OpenSSL libraries immediately. We started with our Exove Response team, but also notified all the current project tech leads to update all servers their projects are running on currently.
We started with our support customers' servers. At the same time, our Support Services Manager Harri communicated to our customers, current and former, about the issue. We also asked our non-support customers whether they'd like us to update their servers.
Updating servers was pretty straightforward for the majority of cases. All recent Linux distributions released the fixed version of OpenSSL quickly after the bug was made public.
Some servers, especially the ones that were not on any kind of support agreement, were running some older distribution with OpenSSL updated from a third-party repository. For these cases we quickly got the source codes for the same OpenSSL version, added all the security patches including Heartbleed fix and compiled a compatible binary package for the server, then updating the OpenSSL to a safe version.
This work continued from Tuesday to Thursday, pretty much all hours we had people awake. We don't regularly do long hours here at Exove, but this time our customers needed it.
During Wednesday it was already confirmed that the certificate private keys can leak via the bug and we continued into re-keying all our customer certificates and revoking the current certificated to prevent any future man-in-the-middle attacks.
Customer systems we had direct access to were safe within the first couple of days. The certificate replacement took a bit longer, due to re-keying delays at CAs, as well as customer who had certificates through their own contacts.
We had a very good Drupal Café yesterday. Joonas Iivonen, a senior developer at Exove, gave an excellent presentation about the Symfony components in Drupal 8. The focus was on what a Drupal developer needs to learn from Symfony to be productive with Drupal 8.
The slides can be found at our Slideshare channel and also below.
We have a lot of other goodies at our Slideshare channel, do check them out.
Due to my other responsibilities and full trust in our organization, I rarely participate in recruitment interviews. Regarding this year's Trainees we made an exception, and I've participated in the interviews of our future Project Management Trainees. There is a reason why, and I thought I'd share it with you.
As a general rule, we believe in skill testing. Of course previous background in the field and interviews play a very significant role in recruitment decision-making, but we also want to know more about the way the person works, how they solve problems etc.
With PM trainee position we were facing a new kind of challenge, as the coding test that we use for Developers couldn't be applied to these candidates. Can we actually test skills of a Project Manager? We can't check prior references or projects they've worked in, as we don't require them to have any experience. We can always interview, but compared to our normal process, it felt inadequate.
We decided to create a new kind of test together with our Project Director and the future mentor. We based it on the position skill requirements, and it consists of an interactive part and a written test. All situations / topics in the test could be from an actual working day of any Project Manager.
The idea of the test is not to "score" answers or rank candidates, but to learn more of the candidate's natural style of dealing with different topics - the things you could never cover within a normal interview. Based on the results so far we can already see major differences between candidates' styles in prioritizing, communication, problem solving and motivating.
As this test has never been used before, we can't yet fully trust it to predict the success in the Project Management position. Therefore, we added more reliability to the process by increasing the amount of experienced interviewers like myself. We are using the test results only as a supportive method that can further strengthen the evaluation done by interviewers.
I am also eager to hear what the candidates themselves think about the test. Interview alone can be quite an exciting thing, and combined with 2-hour test it can be quite stressful. Despite of the stress, I do hope that candidates also see this as an opportunity to take a sneak peek on Project Manager's actual work. If they like the tasks, they are definitely aiming for the right direction.
The next Drupal Café on Tuesday April 8th will be interesting one. Joonas Iivonen, one of our senior developers, will discuss about which parts of Symfony2 one needs to master in order to be productive with Drupal 8.
The topic is more and more relevant as the launch of Drupal 8 is coming nearer, and the inside of our loved CMS has changed a lot.
More information and enrollment >
We had three excellent sessions at DrupalCamp Stockholm on March 14th. The slides have been published to our Slideshare.net channel, and now also made available here on our blog.
Janne Kalliola presented Growing and Managing Drupal Organisations.
Kalle Varisvirta's session was about Installing Drupal Globally.
Finally, Laurent Chollat from Wauwaa and Janne Kalliola jointly presented Wauwaa case description.
Trainee Program ads went live a couple of weeks ago, and we’ve received tons of applications and queries about the program. What has pleased me the most is that even the new positions in Project Management and Design have aroused such an interest. I decided that at this point I could share some of the highlights of the past weeks.
Despite of the heavy traffic on the applications side, I've already managed to process some of the applications and we have already started with the interviews as well. Luckily our Competence Managers are assisting me in the actual interviews - otherwise this would turn into a very long process indeed! But please do bear with us: the holiday season is still on, and some interviews will get postponed a bit.
Processing the applications may take me a while still, but I am truly enjoying myself. I can see that many of the candidates have read the instructions on the website and provided all the information we could need: not only applications, but also links to reference code, study transcripts, portfolios etc. After all, the more we have information about your skills and expectations, the faster we can make the decisions.
For those of you who are still pondering with your application: move fast! As said, interviews have already started, and we are ready to make decisions on hires as we go. We will continue with the recruitment process until we have filled all the positions, but so far it looks like it can be rather sooner than later. Nevertheless, we still do accept applications as no decisions have yet been made. Any of the positions could still be yours!
But that’s it for now, folks. Stay tuned!
Spring is the time for job searching, at least for students applying for their internships and summer jobs. We are excited to be able to arrange the Exove Trainee Program for the second time and provide a chance for a couple of talented students to start their career.
What’s special about our Trainee Program? We hire trainees to actually work with our interesting projects. Since we require no previous work experience, a mentor will be assigned for each trainee. With the support of the mentor and trainings each trainee will learn fast to become a professional.
Some changes to the program have been applied according to the feedback we got from our previous year’s trainees. Even if last year was already a success, we are confident that this year our Trainee Program is going to be even better, bigger and more successful.
The Trainee Program 2014 is right behind the corner and we can hardly wait to get started!
Read also about 2013 trainee program experiences from a trainee perspective.
We have been organising Drupal and WordPress Cafés about half a year now, and we have received good feedback about them from the participants and speakers.
We believe in openness and the power of communication, and the cafés are a perfect way to empower local open source communities with openness and communication. We provide space and drinks, handle invitations, and secure speakers - the community handles the rest by coming to the event, discussing, and networking.
As the events are for the community, we have invited our partners and also competitors to speak. And we are truly glad that they have accepted our invitations. We all are stronger in the community, when we interact more with each other.
The original idea of the café is from Michel van Velde from OneShoe, Netherlands, and we would love to see companies in other countries to pick up the idea, too.
The next Drupal Café is on next Tuesday, February 11th. Check out the program and enroll.