• Prefer flossing before brushing.
• Floss from the top of the tooth down and don't re-use the same strip on the next tooth.
• Use toothpaste with ADA seal of approval only. No other feature matters.
• Brush after non-acidic food meals. Wait 30 mins. after eating something acidic or brush before.
• Brush in a circular motion up to the gumline. Be gentle. You're taking things off the surfaces.
• Don't rinse.
• If a flouride rinse, straight after brushing teeth. Otherwise, wait 30 mins.
• Use mouthwash apart from brushing times, too.

On May 9th, 2013 we celebrated our 1 year anniversary as an independent company.

Goodie bags, food trucks, fun and games, and some crazy employees who celebrated by attempting the art of Hadouken and Vadering!

Then, back to work helping local businesses and communities grow.

Sometimes Friday afternoons can be quiet and lonely in our Glendale office.

... we are hiring dancers for our next shake!

On April 10th, 5 members of the YP Ad Delivery team - David Shin, Andy Wong, Kim Tran, Asim Memon, and Nadia Adhami, visited the California Science Museum in downtown. They were eager to see the Space Shuttle Endeavour placed at its permanent home where a new addition, Samuel Oschin Air and Space Center, was built to house the space shuttle.

Endeavour, known as the Orbiter Vehicle-105, completed 25 missions into space, including the first service mission to the Hubble Space Telescope and the first mission as a U.S.-built component to the International Space Station. The YP team also saw the SSME - the most advanced, efficient rocket engine in the world, which helped push the shuttle into orbit.

On the way to the museum, the team ate delicious chicken sandwiches at a local restaurant while Andy reminisced over his college days at USC, the neighboring university. This exhibit also felt close to home for Nadia as she worked for JPL/NASA for 10 years on various missions including Magellan, Galileo , and Mars Observer.

Photos: courtesy of David Shin.

The 4 Villains of Decision Making

Have a big decision coming up? Still deciding what idea to invest your time in Hackathon?

Here is great new resource from Chip Heath and Dan Heath (the Heath Brothers), that may help - Decisive: How to Make Better Choices in Life and Work.

Note: I used Dillinger to generate the markdown for this post. No pun intended given the subtitle.

Introducing the Villains

According to the brothers, there are 4 villains of decision making.

The 4 villains:

1. The Spotlight Effect - forming decisions too early with too little information, or having too narrow a frame of reference.

2. Confirmation Bias - the tendency we have to make decisions based on the limited information in #1, and then look for information that confirms our decision rather than gathering new and possibly contrary information.

3. Getting Caught Up in Short Term Emotion - getting distracted by our gut reactions which are likely based on limited information and understanding and not having done our due diligence failing to look well into a matter.

   Indulge a slight rabbit trail here: I used the phrase "look well" into a matter" to summarize this villain. Its an interesting word. In this context (an adverb) "well" means to look into something "in a good and proper manner", "with skill or aptitude", and "with careful close attention" (source: Webster). Without doing extensive historical linguistic analysis, I suspect there is some correlation to the noun form of "well" meaning essentially a spring or source of water / gas / oil etc. Wells are usually deep.

   So avoiding getting caught up in short term emotion requires a long, hard, deep look into the matter.

   On to the next villain...

4. Overconfidence - based on the faulty assumptions gained from the 3 villains above, we are too confident in the outcome of our decisions and the validity of our predictions of the future.

Defeating the Villains

How do we avoid these villains? Someone once said, "Failing to plan is planning to fail", so in that spirit the brothers also provide a strategy for combatting them:

1. Widen your Options Seek to expand your choices to a set rather than limiting yourself to a narrow yes/no decision.

2. Reality Test your Assumptions Even with a few choices you need to avoid your tendency toward confirmation bias and get out of your own head and objectively look at trustworthy information. (Teaser alert: the book includes 2 key skills to learn in this regard: turning around a contentious meeting in 30secs, and how to spot expert advice you should avoid).

3. Attain Distance Before Deciding Avoid letting short term emotion drive your choice. Many of us can relate to the shiny new car buying experience in the dealership, though thankfully this can be avoided due to the plethora of information out there and the impact of the Internet on car buying. Don't impulse - decide. In the book, learn the simple question that makes agonizing decisions simple.

4. Live with your decision, but Prepare to be Wrong Give your decisions the best chance to succeed in the long run by planning how to react to the aspects you'll find you got wrong. Prepare to be wrong. Prepare for the unexpected.

Hopefully this will provide some fodder for thinking about your Hackathon efforts, and as it was for me, some fine-tuning your own decision making process in work and life.

By the way, for another great resource from the Heath Brothers (perhaps for presenting your hack) check out Made to Stick: Why Some Ideas Survive and Others Die.

Disclaimer: I don't know the Heath Brothers and will not profit in any way if you buy their books.

In light of the senseless and tragic events in Boston this week, we want to express our sadness and empathy for the victims and their families. Our thoughts and prayers are with those impacted. We are all "runners" and we are all "Bostonians".

The One Fund
American Red Cross

2nd YP.com 10conf - March 11, 2013 2pm
1 hour, 5 presenters, 10 minute of random talks

Start    Oren - Becoming a Pig
10:27  Jeff - Why your haircut matters especially on Fridays
20:58   Alessandra - What Bruce Springstein can teach you about usability
28:36   Jesse - Improv
34:00   Seth - Bitcoins and the future of money

Please excuse the quality of the video. It was our first time using Google Hangout to stream it live.
Also, the opinions expressed in this video are solely of the individuals and are not the views of YP.

Web application security is a serious problem, and it's not going away. Almost every day we see articles on WSJ regarding breaches, including WSJ itself.

There are several high-level problems facing the business world:

1) Higher quality (more secure) products are more expensive

2) Lack of application security engineers

3) Accepting there is a problem that requires resources to be addressed

On a tactical level, common organizational issues with application security include:

• It's ad-hoc, performed on some web apps, some of the time

• Expertise varies, widely between engineers that perform assessments

• No common workflow, security issues not integrated with developer systems and processes

• Seeing is believing, vulnerabilities discovered need to have a proof-of-concept; developers need to see the exploit and impact

To address these business and tactical issues we partnered with WhiteHat Security. WhiteHat is a SaaS security offering. They have a team of expert application security engineers that hammer on our applications every day, just like BlackHats, with the exception that these security problems are discovered, verified, and sent to us. As G.I. Joe says, 'Now you know, and knowing is half the battle.' The other half is getting these issues to developers on a fix roadmap.

Jira Integration with WhiteHat Sentinel

Changes and fixes needed from developers are described in JIRA issues or 'tickets'. Since our development groups already have a mature workflow for prioritizing, delegating, and tracking issues in JIRA, WhiteHat's vulnerabilities need to be translated in to this format.

Manually interpreting WhiteHat vulnerabilities and creating correlating new tickets into JIRA tickets is untenable. WhiteHat's vulnerability data is extensive and having someone on staff do a daily manual copy-and-paste from one ticketing system to another is tedious, inaccurate, and slow. Fortunately there's a solution to automate the whole lifecycle.

WhiteHat's service includes access to their JIRA plugin. This plugin is incorporated in to YP's JIRA, and connects it to WhiteHat Sentinel according to rules that have been custom-tailored for YP's development teams. Every hour, the Jira plugin:

1. Makes an encrypted and authenticated connection to WhiteHat's API

2. Polls WhiteHat for 'open issues'

3. Creates Jira tickets describing the issues and assigns them to the developers responsible for that project

4. Reopens Jira tickets accidentally closed before WhiteHat confirmed they were fixed

5. Polls for issues that WhiteHat has confirmed are fixed.

6. Closes those tickets in Jira.

The result is a seamless reflection of problems found by WhiteHat into developers' to-do lists in JIRA. Issues are fully tracked and synchronized throughout the full lifecycle of discovery, testing and proof of concept, prioritization, correction, and verification. Within moments of a new vulnerability creeping up, it's already detected, prioritized to be fixed, and tracked to completion.

-YP Information Security

It's important to get an idea of the maintainability and complexity of your codebase. I am using a great tool called plato that doing exatly that. You run it against your js files and it generate a beautiful website that gives you a visual insight about the health of your project.

First, install it

npm install plato -g

Now run it and give it your project's Javascript files:

plato -d report-folder *.js

Here is a snapshot of a project I worked on:

The first thing we can see is the maintainability score: 75.27. The maintainability scale is a number between 0 - 100 where the higher, the better. It is measured based on a few parameters - number of distinct paths in a code, number of operators and operands and logical lines of code. For the exact definition check out JsComplexity.org.

The orange lines represent each file in my project. The shortest the line the easy it is to maintain it. The shortest line in my project is the router.js file (hover on a line will show you it's name and rank). This file has less than 50 points of maintainability. The generated webpage let's you click on any file where you can see the code base with each function graded by it's complexity and other metrics.

Here is my router.js file:

The router function got a complexity score of 11. Complexity is measured by the number of paths your code can take. if-else statement for example will add 1 point. If your function is above 10, it's a good idea to refactor it.

Firest, let's look at the code:

// The server's main routes function
//
// Supports the following end-points:
// POST /push
// POST /register
// POST /register.php
// GET /health
// GET /health.txt

function router(config, req, res) {
  if (req.url == '/push') {
    if(req.method.toLowerCase() == 'post') {
      pusher(config, req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  } else if (req.url == '/register') {
    if(req.method.toLowerCase() == 'post') {
      register(config, req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  } else if (req.url == '/register.php') {
    if(req.method.toLowerCase() == 'post') {
      registerLegacy(config, req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  } else if (req.url == '/health') {
    if(req.method.toLowerCase() == 'get') {
      info = health(req.connections);
      res.end(JSON.stringify(info));
    } else {
      res.statusCode = 405;
      res.end();
    }
  } else if (req.url == '/health.txt') {
    if(req.method.toLowerCase() == 'get') {
      checkHealth(req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  } else {
    res.statusCode = 404;
    res.end();
  };
};

This function have many if-else statements that each can be extracted into it's own function. Let's extract 5 small functions to make it smaller and readable:

function router(config, req, res) {
  if (req.url == '/push') { 
    pushRoute();
  } else if (req.url == '/register') { 
    registerRoute();
  } else if (req.url == '/register.php') { 
    registerPhpRoute();
  } else if (req.url == '/health') { 
    healthRoute();
  } else if (req.url == '/health.txt') { 
    healthTxtRoute();
  } else {
    res.statusCode = 404;
    res.end();
  }

  function pushRoute() {
    if(req.method.toLowerCase() == 'post') {
      pusher(config,  req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  }

  function registerRoute() {
    if(req.method.toLowerCase() == 'post') {
      register(config, req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  }

  function registerPhpRoute() {
    if(req.method.toLowerCase() == 'post') {
      registerLegacy(config, req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  }

  function healthRoute() {
    if(req.method.toLowerCase() == 'get') {
      info = health(req.connections);
      res.end(JSON.stringify(info));
    } else {
      res.statusCode = 405;
      res.end();
    }
  }

  function healthTxtRoute() {
    if(req.method.toLowerCase() == 'get') {
      checkHealth(req, res);
    } else {
      res.statusCode = 405;
      res.end();
    }
  }
}

Note: I am nesting the small functions instead of locating them outside of the router function so I can avoid passing the arguments to each one. Don't you agree that Javascript clojures are awesome?!

Let's generate the report again:

plato -d report-folder *.js

Nice! our project maintainabily score is higher now and the router.js file is ranked above 50.
Let's drill down to the file-level report:

After this refactor the complexity of the router function was reduced from 11 to 6, and each of the small function have a complexity of 2 (hover on the blue circle will show that).

In addition to complexity report, this tool also use JSHint which helps in ensuring you use good practices of the Javascript language.

Now you can automate it by adding it to your make file and running it with make report

    report: 
      plato -d report-folder *.js

The last step can be to add it to your Continuous Integration server.

Most of the engineering teams are located in Glendale, CA. Glendale (Eastern end of the San Fernando Valley) is the 3rd largest city in Los Angeles with 191,719 people. Also a home for the largest Armenian population. (1 in 4 are Armenian!) With a large city comes big demands for great places to "get your grub on".

Here are my picks for the best eateries in town:

Porto's Bakery

315 N Brand Blvd, Glendale, CA 91203 Price Range: $

This place is no itty bitty bakery! 20,000 square feet of mouth watering desserts, sandwiches, soups, coffee! You can find Cuban, French, Danish, and Italian delicacies here at Porto's Bakery. A family run business since the 1990's, this gem brings in thousands of people from all over Southern California and has now grown into 2 other cities. You are missing out if you haven't given this place a try. Go support a local family business.

Raffi's Place Restaurant

211 E Broadway, Glendale, CA 91205 Price Range: $$

Raffi's place is a unique place the best Persian food in the valley. Kabob Bargh (fillet Mignon), Kabob Koobideh (ground meat), Mast o moosir(yogurt and shallots), Basmati rice, Baklava, Soltani kabob(fillet Mignon and ground beef), hummus..... need I say more??? This place is packed every night but it is worth the wait!

Sushi Nishiya

1712 Victory Blvd Glendale, CA 91201 Price Range: $$$$

I have always been a fan of Japanese food and I must say that this is one of the best. So who cares if this place is ridiculously expensive right? If you want FRESH fish this is the place to go in the valley. This place does not match the price tag to the rent they pay as it is located in a run down strip mall but we all know that sometimes these kind of places are better than the fancy schmancy restaurants. Omakase in Japanese is a phrase they use to say "I'll leave it to you". This restaurant is unique in that everything is "omakase" and the sushi chef will only serve you the freshest fish of the day. Some people compare Sushi Nishiya to authentic sushi restaurants in Japan. Listen to me and try it out, you will not regret it.

Happy eating everyone!