Posted By: Thomas Shaw, 2:30pm Tuesday 17 August 2010
Have you ever wanted to add a video, slideshare presentation, a chat room or some other 3rd party media objects into your job ads? Nearly all job board software restricts the advertiser from placing HTML embedded code into job ads. So, wouldn't it be cool if you can just paste a URL and it automatically creates the embedded object without having the user copy and paste the code?
Have a look at an example I created. A standard job ad with links to 3rd party content, and a solution embedding the 3rd party content into the job ad.
Try this... Copy and paste a YouTube video URL into your LinkedIn status box. Wait a few seconds and it will automatically fetch the content.
It was late 2007 when SEEK added the ability for advertisers to add YouTube videos into job ads. Shortly after a number of other job boards added the YouTube functionality into their system.
Fast forward to 2010, and still job boards continue to restrict the creativity for advertisers to add dynamic content into their job ads.
You are restricted to only having 1 video
You are restricted to only using a YouTube video
You are restricted as to where you place the video in your job ad
You may have viewed web pages that have movies or animations that display within a portion of a Web page rather than in a separate application. Animation, audio, video, or other media that is displayed within a webpage is known as embedded objects.
Embedded objects allows the delivery of an integrated multimedia experience that appears seamless to the user. It is as easy as cutting and pasting blocks of code. Except, nearly all recruiters and advertisers I speak with have no idea about this. Actually, neither do most job boards!
oEmbed is a format for allowing an embedded representation of a URL on third party sites. The simple API allows a website to display embedded content (such as photos or videos) when a user posts a link to that resource, without having to parse the resource directly.
oohEmbed is an oEmbed compatible provider of HTML embed codes for various web sites.
If you have used Facebook or tried the LinkedIn example... chances are you have used the oembed script.
Technically, the LinkedIn and Facebook example use some sort of oEmbed functionality to process the embed request.
The user pastes in a URL at which content is hosted.
The system checks that URL to find the address of its oEmbed API via a LINK element in the document's HEAD. This step could be cached as the API location is unlikely to change often.
The system does a GET to the oEmbed API, essentially asking "what is the content for this URL"?
The system gets a JSON or XML response containing structured metadata for the item.
The system formats the data however it deems appropriate.
oEmbed and oohEmbed scripts have been around for a while. But there are so many different websites offering embed scripts it's just too hard to keep up your own library.
Here is the solution. There is a new site called Embed.ly which has integrated with over 100+ different 3rd party content sites. With the number of sites Embed.ly supports and the speed in which we add them it becomes difficult for code libraries to keep up a regular expression of all the URLs Embed.ly supports.
The Embed.ly script allows you to limit the different types of media objects. In this example, I have only allowed YouTube, UStream, Blip.tv, Hulu, Vimeo, Slideshare & Scribe URLs to be automatically embedded.
All the advertiser needs to do is paste the URL anywhere in the job ad and the script will do the rest for you.
SCRIPT CODE
<script type="text/javascript" src="http://scripts.embed.ly/embedly.js"></script>
<script type="text/javascript">
var embedly_maxWidth = 400;
var embedly_maxHeight = 400;
var embedly_urlRe = /http:\/\/(.*youtube\.com\/watch.*|.*\.youtube\.com\/v\/.*|youtu\.be\
/.*|.*\.youtube\.com\/user\/.*#.*|.*\.youtube\.com\/.*#.*\/.*|www\.ustream\.tv\
/recorded\/.*|www\.ustream\.tv\/channel\/.*|blip\.tv\/file\/.*|.*\.blip\.tv\
/file\/.*|www\.hulu\.com\/watch.*|www\.hulu\.com\/w\/.*|hulu\.com\
/watch.*|hulu\.com\/w\/.*|www\.vimeo\.com\/groups\/.*\/videos\/.*|www\.vimeo\.com\
/.*|vimeo\.com\/groups\/.*\/videos\/.*|vimeo\.com\/.*|www\.slideshare\.net\/.*\
/.*|.*\.scribd\.com\/doc\/.*)/i
var embedly_method = 'replace';
var embedly_wrapElement = 'div';
var embedly_className = 'embed';
var embedly_addImageStyles = true;
var embedly_cssSelector = 'a';
var embedly_not_cssSelector = 'a.noembed';
</script>
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Posted By: Thomas Shaw, 4:33pm Monday 09 August 2010
Dave Berzack, a freelance web developer, created this music video about web development. He raps along to the paper planes track about his skills to pay the bills. Certainly stands out amongst a pile of CV’s. There’s not much else I can add to this... Just watch the video!
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Jason (11:16am Wednesday 18 August 2010)
This is a serious case - just because you can doesn't make it right.
I have seen some great use of video on both sides of the fence (recruiter/companies profiling their brand & candidates succinctly and effectively promting their "personal" brand).
Posted By: Dmitry Kulshitsky, 8:30am Monday 09 August 2010
OWASP has recently updated their list of the top 10 most prevalent security vulnerabilities. Since this list covers all major aspects of computer security it is interesting to check what are the issues that are relevant to a typical recruitment website or job board and (exercising the 80/20 rule) what are the key questions we should ask ourselves (or our IT/security staff) to be sure that we don't miss anything critical.
The recommendations below are just for your reference and are not meant to replace a proper security audit process, but they are a good place to start the conversation about the state of security of your website.
The first thing that comes to mind here is SQL injection, which we have covered before. But make no mistake – this class of vulnerabilities includes all types of injections not just SQL (e.g. LDAP, shell command, XPath etc). A typical developer will probably be aware of SQL injections but not about other ones.
OWASP puts injections at the top of the list. Recruitment websites and job boards contain sensitive data (e.g. usernames, passwords, resumes, addresses, phone numbers etc), so it should come as no surprise that the relevance is set to high.
Questions to ask:
Do we test our web site for injection flaws as part of the QA process?
Have we performed any automated/manual scans recently to identify these flaws?
Do we validate data both on client and server sides? Do we check for parameter lengths? Failure to do this will most likely to lead to injection flaws.
Do we use dynamic SQL queries? Strongly consider banning them. Use parameterised queries/stored procedures instead.
As a bare minimum - how does our site handle input that consists of: - a single apostrophe (covering at least the most commonly used enterable fields – e.g. keywords)? Do I get any error messages? - a closing bracket: )
If your web site uses numeric Job IDs, Resumes IDs, User IDs etc – what happens if you append an apostrophe to one of these IDs: http://yourrecruitmentwebsite/showjob.php?jobid=123’
As a bare minimum - how does our site handle this input: - a single backslash: \ - this string: “><script>alert(123);</script> - this string: ‘;alert(123);//
A typical recruitment website or job board has a login function for job seekers and advertisers. If authentication and/or session management mechanisms are broken, this could result in attackers getting access to your clients’ accounts.
Questions to ask:
Have we implemented our own authentication or session management mechanisms? If you have – you have probably done it wrong.
Do we store passwords in clear text? Passwords should be stored in hashed or encrypted format to prevent unauthorised access to password information
Do we have a “password reminder” feature? How is it implemented?
When a user clicks logout – what happens to the session? Session information should be deleted or rendered not reusable.
How does our session ID look like? Do not use consecutive integer values – they are very easy to guess/predict.
Have we implemented a session timeout feature? The session should timeout after a certain period of inactivity.
How do we send usernames/passwords and authentication cookies? Ideally you should be transferring them via HTTPS (secure communication)
Do we use “secure” and “HttpOnly“ flags for session cookies? While not compulsory this is a recommended practice.
Do we verify that the user is authenticated and has proper permissions in every step of a multistep process? Failure to do so may allow an attacker to bypass the authorisation mechanisms and access information that belongs to other users or restricted areas of the web site.
Guest blog post by Dmitry Kulshitsky, Security Architect at SEEK.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Since OWASP Top 10 coverage is so broad, the focus of the current blog post was mainly on what each of the vulnerability classes means *specifically* to a typical recruitment web site and what are the quick questions someone can ask to get an assessment of the "security health" of the web site they own/manage/support (80/20 rule).
Like I said in the intro - this is a very quick test and it should not replace a proper security analysis/penetration testing process. Instead, if you see errors/unexpected behaviour using one of the examples provided or if you ask your IT staff a question and the answer is "We don't know" then I believe this is a good place to start a conversation about the application development processes, security practices etc in this organisation.
Hopefully the readers of this blog will find this information useful. Please share your success stories (without going too much into details) if you can.
Posted By: Thomas Shaw, 8:30am Friday 06 August 2010
At a recent presentation by Jay Kreps of LinkedIn at the Hadoop Sumit 2010. Jay describes how LinkedIn crunches 120 billion relationships per day and blends large scale data computation with high volume, low latency site serving.
The Search, Network, and Analytics (SNA) team at LinkedIn works on LinkedIn's information retrieval systems, the social graph system, data driven features, and supporting data infrastructure. The system uses a number of open source software products such as
Apache Hadoop - framework for running applications on large clusters of commodity hardware.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Posted By: Thomas Shaw, 1:46pm Monday 02 August 2010
The latest Sign-Up.to 2010 UK Email Marketing Benchmark Report (Q1 & 2) analysed over 200 million email marketing messages sent through their online marketing platform in the 6 months from 1st January - 30th June 2010. The breakdown of statistics by sector did not paint a very flattering picture for the HR/Recruitment industry.
HR/Recruitment on first glance has taken a hammering, seeing click-to-open rate drop from 21.70% to 3.51%. Such a massive decline deserved some investigation - what we found was exactly what we mentioned above - the majority of these campaigns have switched to detailing all of the required information in the body of the email and soliciting responses by email rather than through a website.
Overall
Open rate: 17.98%
Click-through rate: 3.56%
Unsubscription rate: 0.20%
HR/Recruitment Sector
Open rate: 18.55%
Click-through rate: 0.65%
Unsubscription rate: 0.22%
The chart below gives us a good indication of the level of engagement that the email campaigns themselves generate, by looking at the proportion of people who click on a campaign after opening it. Where the aim of a campaign isn’t to generate a click to a landing page (in the case of informational emails or those designed to elicit a response by email) this isn’t a good measure but for most industries it’s a very good way to compare engagement.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Posted By: Thomas Shaw, 6:37pm Wednesday 28 July 2010
It's every business owner’s worst nightmare - What would happen if we lost all our data? Goodbye thousands of candidate records. Goodbye client lists and financial information. Instead of pointing the finger and blaming someone else, do you have plans in place to backup your data in the first place?
Don't count on anyone else to back your data up for you. It's YOUR data!
Make backing up a part of your normal daily and weekly activities
Look for ways to export your data to an open format, such as XML or a comma-separated text file (CSV), so YOU have a choice of other platforms to turn to if the worst happens.
With persistent rumors about a recruitment software vendors "going concern". I thought it would be a good time to list a few questions you should ask your vendor
Where is my data stored?
How often is the system backed up?
Can the system provide me the ability to export data?
Have you tested your backup retrieval files?
How fast can you roll back a previous backup?
If you don't have a backup plan already, here are some old tips from Microsoft. It takes time to create and implement a backup and recovery plan. You'll need to figure out what data needs to be backed up, how often the data should be backed up, and more. To help you create a plan, consider the following:
How important is the data on your systems? The importance of data can go a long way in helping you determine if you need to back it up—as well as when and how it should be backed up. For critical data, such as a database, you'll want to have redundant backup sets that extend back for several backup periods. For less important data, such as daily user files, you won't need such an elaborate backup plan, but you'll need to back up the data regularly and ensure that the data can be recovered easily.
What type of information does the data contain? Data that doesn't seem important to you may be very important to someone else. Thus, the type of information the data contains can help you determine if you need to back up the data—as well as when and how the data should be backed up.
How often does the data change? The frequency of change can affect your decision on how often the data should be backed up. For example, data that changes daily should be backed up daily.
How quickly do you need to recover the data? Time is an important factor in creating a backup plan. For critical systems, you may need to get back online swiftly. To do this, you may need to alter your backup plan.
Do you have the equipment to perform backups? You must have backup hardware to perform backups. To perform timely backups, you may need several backup devices and several sets of backup media. Backup hardware includes tape drives, optical drives, and removable disk drives. Generally, tape drives are less expensive but slower than other types of drives.
Who will be responsible for the backup and recovery plan? Ideally, someone should be a primary contact for the organization's backup and recovery plan. This person may also be responsible for performing the actual backup and recovery of data.
What is the best time to schedule backups? Scheduling backups when system use is as low as possible will speed the backup process. However, you can't always schedule backups for off-peak hours. So you'll need to carefully plan when key system data is backed up.
Do you need to store backups off-site? Storing copies of backup tapes off-site is essential to recovering your systems in the case of a natural disaster. In your off-site storage location, you should also include copies of the software you may need to install to reestablish operational systems.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
I would also suggest that users ask for their option settings as well as their data.
And also check the backup of their portable devices such as an iPhone.
If you choose to back up to a tape device you should ensure that you have access to *another* tape unit in case your existing tape device dies. The option of escrow should also be explored with any vendor.
As a SaaS provider this is top of our list and something we spend over 60% of our budget on, something that may never happen. My advice would be to ensure you partner with a decent hosting provider. Depending on your service level, they can take care of everything, including disaster planning.
Posted By: Thomas Shaw, 7:30am Monday 19 July 2010
We have released "Log in with LinkedIn" functionality across a number of our client job boards and recruitment agency websites. This is a first for the Australian & New Zealand recruitment industry that allows users to use their existing LinkedIn details to Register/Login with another site.
LinkedIn users already represent themselves with their real names and real identities. With the Log in with LinkedIn functionality, users can bring their real identity information with them to whatever site they visit on the web.
The process behind the LinkedIn authentication is quite similar to those who are familiar with Facebook Connect. By adding the Log in with LinkedIn functionality, we aim to
Increase user signups
Create trusted user authentication
Provides existing identity details
Speeds up the Registration or Login process
Allow users to refer content back to existing LinkedIn networks
Users can connect their LinkedIn account with any website that uses the LinkedIn API authentication methods. This could be at the website login, application form or anywhere else the developer would like to add social context, the user can authenticate and connect their account in this trusted environment.
The user will always have total control of the permissions granted and can revoke this permission through their LinkedIn account.
Contact us today to find out how you can integrate Log in with LinkedIn functionality into your website.
For example, a user wishes to register for an account on a job board. If the user has already registered, they can proceed to the Login panel, else proceed to the registration form and click on the "Log in with LinkedIn" button.
Once the user clicks on the "Log in with LinkedIn" button, a secure LinkedIn authorisation form opens in a new window. If the user is logged into LinkedIn already it will ask the user to grant access to the specific application. Otherwise, it will ask the user to login to their LinkedIn account.
After the user grants access to the application, the LinkedIn window will close and grant access for the job board to connect to LinkedIn and access the following details - First Name, Last Name, Position Title, Organisation, Location. These details will be used to auto populate the job boards user registration form.
After the user has granted access for the job board to access their LinkedIn profile. You can proceed to the Login form.
Users can either manually login with their username and password OR click on the "Log in with LinkedIn" button to automatically connect!
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
The only issue I see for the future is around the speculation that LinkedIn is on the path of floating and turning their site into a Job Board.
They are making strong progress toward an IPO.
I have been given the heads up recently, and as with all 3rd party plug-ins, the access to the platform is purely dictated by the owners of the platform.
I have several sources now telling me very strongly, that LinkedIn is in the throws of changing their whole platform, and will either disable 3 party plug-ins to other Job websites or, they will charge heavily for the privileged.
Regardless...I think what you have done is fantastic and certainly a leap in the right direction.
I also feel it will take more than just allowing users to log in using these facilities to capture attention and drive traffic.
You will see in the next 6-7 weeks our answer to this dilemma.
Best Regards
Andrew Turnbull - CEO
www.SearchtoEmploy.com
Insider (1:20pm Thursday 22 July 2010)
Not correct. I think Andrew needs to get his facts straight and ammend your comments.
Posted By: Thomas Shaw, 9:00am Sunday 18 July 2010
SEEK has released an updated search box that allows users to specify salary ranges. Although this "search by salary range" function is not new to the online recruitment industry. We wanted to have a look at a number of different ways your job board or recruitment agency can offer this function.
I don't recommended job boards adopt salary ranges in their search functions unless
You have more than 500 jobs
Every job contains salary information
Your search function can interrupt Annual/Daily/Hourly rates including super/comm etc.
Your search function is easy to use
If we look at the SEEK search box more closely, you will notice they allow the user to specify a [MIN] to [MAX] range for an annual salary or hourly pay rates.
MyCareer allows the user to search [MIN] and [MAX] range. JobsJobsJobs restricts the users to select a predefined salary range.
By having predefined ranges, the user is restricted to an initial search within those brackets.
But on the other side of the globe, Jobsite's [MIN] to [MAX] range is even more restrictive.
Another popular option is to display a sliding scale. Again, SEEK has been able to display one that can switch between an Annual salary and Hourly pay rate.
Jobs.co.nz main search function contains a sliding salary range. JobsJobsJobs used to have a sliding scale before the sites software was changed last year.
You could even allow the user to enter a value. Have a look at the search function on JobStreet which allows the user to specify a minimum monthly salary. Although allowing the user to enter a [MIX] and/or [MAX] range has its downfalls.
If we look at the job search form on APS Jobs, you can see it allows the user to specify a [MIN] and [MAX] range.
The system can interrupt both 80000 and 100,000 (fails on 80k - 100k) but it is not able to search based on a daily/hourly pay rates.
Try inputting 50 - 70 or 500 - 700 and you will see my point.
There are many ways to search jobs by salary. Whatever way you choose to implement, you need to make the process easy to use.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Posted By: Thomas Shaw, 1:53pm Tuesday 13 July 2010
Does your Job Board or Recruitment Agency website need a native iPhone, Android or BlackBerry application? More than likely the answer will be no. Save your money. You don't need to spend upwards of $5k+ for a single native application. But what you do need is a mobile enabled website.
While I am more than happy to create iPhone Job Search Applications for clients, you first need to understand your target audience. Do they use an iPhone? What about the Android? Do we really want users to apply via their mobile? How much is this all going to cost? Have a read of our previous articles on the subject of mobile recruitment.
What every website needs is a mobile optimised website that can detect, optimise and then render your website on a mobile device. We added mobile functionality to all our client sites that will automatically detect the type of device they are using, and give the user the option to view the mobile site OR the full desktop version if they wish.
See our recent work on Recruiter Daily Jobs on your mobile device, or click on the "view mobile version" link at the bottom of the page.
Keep it simple. Don't redirect the user to multiple screens. Present the user with a search form, clean and unobtrusive search results, add ability to subscribe to email alerts, shortlist jobs via email/sms or refer a job to a friend by email/sms.
What are you doing? Give us a call if you need advice.
Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.
Try this... Copy and paste a YouTube video URL into your LinkedIn status box. Wait a few seconds and it will automatically fetch the content. 
oEmbed is a format for allowing an embedded representation of a URL on third party sites. The simple API allows a website to display embedded content (such as photos or videos) when a user posts a link to that resource, without having to parse the resource directly. 
View Comments (0)
he process behind the LinkedIn authentication is quite similar to those who are familiar with Facebook Connect. By adding the Log in with LinkedIn functionality, we aim to 
MyCareer allows the user to search [MIN] and [MAX] range. JobsJobsJobs restricts the users to select a predefined salary range. 
By having predefined ranges, the user is restricted to an initial search within those brackets. 
If we look at the job search form on APS Jobs, you can see it allows the user to specify a [MIN] and [MAX] range.
While I am more than happy to create iPhone Job Search Applications for clients, you first need to understand your target audience. Do they use an iPhone? What about the Android? Do we really want users to apply via their mobile? How much is this all going to cost? Have a read of our previous articles on the subject of mobile recruitment. 
I have seen some great use of video on both sides of the fence (recruiter/companies profiling their brand & candidates succinctly and effectively promting their "personal" brand).
However this guy comes off as a complete douche.