In the last two weeks, there’s been two frontpage stories coming out of the “sharing economy” space. First up, news broke that Seattle passed new regulation to limit the number of drivers that Uber or Lyft can have on the road at any time, effectively hamstringing both services. Then, over the weekend a story started circulating about an Airbnb stay gone awry involving an orgy, Twitter, and of course the cops. While the stories are wildly different, they both sit at the intersection of the new “sharing economy” and the role of government regulation. Because of this, both stories sparked an intense debate everywhere from The Wall Street Journal to Hacker News. The attitudes and viewpoints of the discourse were interesting and revealing about people’s attitudes towards regulation in the taxi and hospitality space.
The opinion towards the new regulations in Seattle were overwhelmingly negative, ranging from claims of stifling innovation to accusations of outright corruption. Empirically, it seems that most people, even outside of early adopters, have generally positive feelings about Uber and Lyft. It might be because of the horrible experiences people have had in normal cabs or because of the perception of hackney companies as entrenched monopolies but I think it’s primarily due to people’s perception of risk surrounding Uber or Lyft. As a non-user, the perception of how “risky” it is to have Uber drivers operating in your city is probably near zero. Given how small a percentage of total drivers they’ll make up and that “licensed cab drivers” typically already operate in the area, I don’t think many people feel threatened by having additional drivers potentially ferrying people around their city. Because of this, it’s been easier for people to take hold of the “sharing economy” narrative where Lyft or Uber who were empowered to make a living are suddenly shut out by corrupt, entrenched interests.
Contrast this with the reactions from the same people to the Airbnb story, which ranged from disgust that someone would rent out their condo to strangers through feelings that Airbnb should be held liable for the actions of an independent third party. There’s no argument that the Airbnb story is significantly more disturbing, but it isn’t the first time something like this has happened and it certainly won’t be the last. So why such a different, visceral reaction? It’s perceived risk. As a non-user, the perceived risk to having Airbnb operate in your area is undeniably significant. Take a typical condo apartment building where every occupant is either a member of a condo association or a vetted rental tenant. Introducing the possibility of short term, “random occupants” certainly sounds risky and unnerving to anyone living in the building. Anyone considering the situation immediately evaluates worst case scenarios, “what if they’re criminals?” or “drug dealers?” and so on. Compared to driving, where interactions with strangers is a given, introducing “random interactions” into a scenario where it’s unexpected seems to push people towards favoring legislation.
As a whole, the emergence of the new “sharing economy” is probably a net positive. Despite that, companies are certainly thumbing their nose at government regulation and entrenched players which is going to cause ruffled feathers along the way. To win the hearts and minds, companies will definitely need to manage the perception of how risky their services are both to users and non-users alike.
Posted In: General
Recently I was doing a fairly common task on Symfony2, logging in a user programatically. Often applications do this on registration, via auto login links, complex login forms, etc. This time I was using an auto login link that expires that users get via email. I came across the issue that it seemed the first time the page loaded I was logged in properly but then as soon as I redirect or navigated anywhere I was logged out.
Here is the basic workflow we were using:
The issue was somewhere between step 3 and 4 something was amiss, if I eliminated step 3 the profiler toolbar showed I was properly logged in as expect, as soon as I redirect it showed me as unauthenticated. Here is the code for the most part:
Fairly simple, used a ParamConverter to convert the incoming request to an entity. After a while of troubleshooting, I noticed that the ‘$user’ in this case wasn’t an actual Entity, it was a ProxyClass that Doctrine2 had generated. I had read that Doctrine2 ProxyClasses when serialized don’t properly bring over some of their attributes, namely the ID. This caused an issue with FOSUserBundle as the UserProvider looks up the user by their ID. Since the ID was blank this kept causing it to not find my user on the next page load.
There are a number of ways you can fix this, two that come to mind is to override the ‘refreshUser’ method of the UserProvider to look up by username as that is properly serialized from Proxy objects. Instead, as this was only for this one action and I wanted to be more efficient I switched the query to do a join to the user from the get go. This means when you do getUser Doctrine will return the actual Entity and not a Proxy class. Here is my update annotation:
For more on how to use joins and entity repository specific consult the current manual.
Recently we were getting ready to deploy a new project which functions only over SSL. The project is deployed on AWS using the Elastic Load Balancers (ELB). We have the ELB doing the SSL termination to reduce the load on the server and to help simply management of the SSL certs. Anyways the the point of this short post. One of the developers noticed that on some of the internal links she kept getting a link something like “https://dev.app.com:80/….”, it was properly generating the link to HTTPS but then specify port 80. Of course your browser really does not like that as its conflicting calls of port 80 and 443. After a quick look into the project we found that we had yet to enable the proxy headers and specify the proxy(s), it was we had to turn on `trust_proxy_headers`. However, doing this did not fix the issue. You must in addition to enable the headers specify which ones you trust. This can be easily done via the following:
Here is a very simple example of how you could specify them. You just let it know the IP’s of the proxy(s) and it will then properly generate your links.
You can read up on this more in the Symfony documentation on trusting proxies.
Anyways just wanted to put throw this out there incase you see this and realize you forgot to configure the proxy in your app!
Recently I was working on a project in which it admins were able to impersonate other users. It’s a fairly easy task to add to Symfony2, merely adding a switch_user reference to your firewall can make it possible, consult the Symfony docs for more on that. One thing I noticed was that every now and then when testing I would get weird errors after switching between multiple users, however it didn’t always happen. After some digging around, it turns out when you switch user it does not clear that sessions attributes, ie if you set attribute ‘hello’ to value ‘world’ it would persist after you’ve impersonated another user. This caused a few issues as on this application we used the session to store a few things like which set of database connections you currently use.
After looking at the SecurityBundle configuration setup it was clear that there wasn’t any options to have it clear all session attributes on switch user. At this point it was clear I needed to use an event listener as the firewall dispatched the SwitchUserEvent when a user successfully switched user. Below is an excerpt from my services.yml
This makes it so that it will call the following code on a successful impersonation of a user:
It’s as simple as that, you can get the actual user by calling $event->getTargetUser(). Long story short, the session can have some tainted values when using switch user as all attributes are not cleared.
Yesterday, Daum and I hung out at HackHarvard and gave a presentation about how we started Setfive, the challenges we faced, and some of the lessons we would tell our younger selves. The feedback and resulting discussion was pretty interesting so it seemed like it makes sense to share. Some of these things are probably mistakes you have to make for yourself and 90% of advice is crap.
Looking back, a lot of the early “negotiations” I did with clients was really them pushing me around and me accepting whatever terms they ultimately demanded. People were using veiled threats of yanking the deal, asserting that “I didn’t know how business was done”, and being overly demanding with changes and calls to manipulate the direction of the deal. In addition to professionally, I also remember several instances of real estate brokers and landlords trying to strongarm me personally. Anyway, so the takeaway has been in life or work there’s a difference between negotiating and bullying.
During highschool and college, I’d always been conditioned that when someone asks a question, especially an “adult”, I should obviously know the answer. Professor singles you out to answer a question? Better know the answer. Unfortunately, this feeling stuck with me into the “real world” and I had a tough time admitting that I didn’t know the answer to a question on the spot. This usually resulted in overpromising, having to backpedal later, or being stuck bullshitting through some half baked explanation. After being around the block, it became clear that saying “I don’t know, let me get back to you” was acceptable and the better move. Turns out, in the real world everyone isn’t a walking manpage.
Coming out of college, the largest check I had written was for $5000 and the largest check I’d probably cashed was for around the same. Because of this, I had a hard time taking myself seriously while asking for “big” dollar numbers. After a while, I started to realize everyone has a different concept of what a “big” number is. $5,000 might be a mountain of cash to me but to someone else its just their monthly Salesforce.com subscription. Once I understood this, it became much easier to walk into a meeting and confidently talk about money.
Throughout highschool and college, I hadn’t experienced many instances where someone was trying to seriously cover up the fact that they were clueless. Over in the real world though, this seemed to start happening frequently. Initially, I had a hard time wrapping my head around the fact that the “Senior Developer” explaining his “master/master” setup was just entirely wrong. The issue with having these blinders was that it made it difficult to effectively communicate with stakeholders when there was someone bollixed in between. Once I realized that cluelessness was really cluelessness, it became much easier to marginalize the people that were lost and get shit done.
Something that took awhile to realize was that not everyone is like me. I had a hard time figuring out why everyone didn’t “get” how to use certain websites or why everyone didn’t immediately jump on new tech products. Turns out, everyone isn’t a heavy drinking software engineer that reads Hacker News. After realizing that, it became easier to emphasize with different types of users and also better connect with stakeholders.
Anyway, these are my notes to send back to 2009. Would love any thoughts or feedback in the comments.
Posted In: Tips n' Tricks