From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SYZE1-0004Dt-7z for garchives@archives.gentoo.org; Sun, 27 May 2012 08:53:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CC744E0841; Sun, 27 May 2012 08:53:02 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id 07581E07D0 for ; Sun, 27 May 2012 08:51:20 +0000 (UTC) Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id A66A220C08 for ; Sun, 27 May 2012 04:51:20 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute1.internal (MEProxy); Sun, 27 May 2012 04:51:20 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=Thjd1XP1vzeWfTtZBW8txChg QOA=; b=Mh/CTC7vsmBvnCOr6mz9z6EeGYE+C0Rvv7wElnsh/LmlVA+sAib7KYGs txlx1lsBtRqezFgqOKOsM/j7Laco7T4nU8QJlt5uIgHWEN0hqfOWpjKX8d/YSsm/ tP2SGO6RjmcTehFC9ivcq4ink9FgPCxhszo4tAay5FYE1ZCpis0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=Thjd 1XP1vzeWfTtZBW8txChgQOA=; b=TIaL5EbzsR1iCak6L2MKooZ+qdSU8l58joaQ PxgsU5TsipTs2nMluIlVuyGa7MXFxdwCPvWxOPNs5V/OWe86JvvaKoPG7d9kLL+J WktKl4G4gNYltyq2nZkKHcOMSUYZSrDXBxgPCVI1/Jx3/qiM17KF+1W8Zct9ub0e bIuGD6Q= X-Sasl-enc: arfACoGgGOBe0d2kc3x0XryTeDwiIaD523ufir0yhQ96 1338108679 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 477874825BC for ; Sun, 27 May 2012 04:51:18 -0400 (EDT) Message-ID: <4FC1EAFD.6010504@binarywings.net> Date: Sun, 27 May 2012 10:51:09 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120505 Thunderbird/10.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} hire a programmer or company? References: <4FC0C217.6050302@binarywings.net> In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig252CFBD8606BDEF3BF7FB662" X-Archives-Salt: 89b2485b-c14c-4900-9171-ca1c3737565b X-Archives-Hash: 821a9fbd850e5360c8fb5eecdb7168b2 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig252CFBD8606BDEF3BF7FB662 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 27.05.2012 08:22, schrieb Grant: >>> I'm debating whether I should hire an expert programmer for $X/hour, >>> or a company of expert programmers for $2X/hour. It makes sense from= >>> a financial perspective to hire programmers directly, but I wonder if= >>> there are benefits to hiring a really good company. >>> [...] >> >> For starters, you could give us a bit more insight into the kind of >> project we are talking about. What's the expected development effort, >> what are the services you pay for (binaries, source code, testing, >> maintenance, ...)? >=20 > The project is made up of various and ongoing scripting tasks for a > relatively complex website. >=20 >> Regarding programmer vs. company, I'd say it depends on what you expec= t >> and pay for. If you just want it coded, then the lone programmer is >> probably as good as the company (since programming itself doesn't real= ly >> scale well with the number of devs). >=20 > That's a really good point. >=20 [...] > >> But in the end, these issues a minor. It really boils down to whom you= >> trust more. Ask for references, look at their previous work, talk to >> them, etc. >=20 > Can you tell me what sort of positive and negative things to watch out = for? >=20 I probably don't have enough experience to give you an exhaustive list. However, since this is a web development, the two biggest points I'd be looking at are: 1. How do they plan to separate the production environment from testing and development? You don't want to crash your site just because the dev is too lazy to test his changes beforehand. 2. Do they have a basic understanding about web security? What precautions do they take with regard to XSS, CSRF and the classic injections (HTTP header, SQL, Shell, etc.)? Do these words even ring a bell to them? Methodology is also a good indicator: Are they happy hackers with no real software engineering background, then they'll probably be good for smaller projects but will break down on large ones where you need the additional management. On the other hand, if they throw only buzzwords at you, I'd get suspicious. >> All things being equal, paying 1*x instead of 2*x gives you the chance= >> to pay another 1*x to a second developer if things don't work out with= >> the first one. ;-) >=20 > Once I need more than one developer (which could come sooner rather > than later due to the availability of these guys) am I likely to > struggle managing them? I've read a bit about "Agile" software > development and I plan to read a lot more. Is that the way to go? >=20 Two independent programmers working on the same project? I wouldn't do that unless they know each other and have experience working together. If you need to scale beyond the capabilities of your contractor, you should definitely start with a larger contractor (i.e. the company). I cannot give you any insight on agile development. First and foremost because I've never worked agile (well, unless you count rapid prototyping) but also because that's one of those buzzwords that can mean many different things to different people. > Would hiring a company make management a non-issue from my perspective?= >=20 Not completely but it's definitely better than managing two developers. You should still try to be in close contact with them. See if they understand your requirements, watch their progress, look at their intermediate results, plan the final acceptance testing with them and so = on. Regards, Florian Philipp --------------enig252CFBD8606BDEF3BF7FB662 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/B6wMACgkQqs4uOUlOuU/3CgCdE13/4Za8ytaRJcAZp/ff8X0z IoUAn0+O52wvfioEo96AAdgq0xr7dxob =GNJt -----END PGP SIGNATURE----- --------------enig252CFBD8606BDEF3BF7FB662--