Long ago I worked tech support for a company that supported some mainframe equipment.
Eventually after some incidents they introduced “special instructions” for customers who we had to gather extra troubleshooting data for because of some complex issues they had.
Then a few more customers had special instructions… and a few more.
Eventually these involved things like “Send the account manager an email for each call, this customer is very sensitive.”
After just a year EVERY account had special instructions.
Many people oriented instructions were impossible to follow “Page Jim.” Jim didn’t carry a pager anymore and when he did he would never respond so you couldn’t do step 2.
Some involved gathering loads of memory dumps for issues long solved. Others would have you follow program pointers to memory that didn’t exist so you would start over and over until you gave up and decided failing to do your job was preferable to losing your mind at 4am….
Some instructions were multi page word documents expected to be read every time the customer called. After reading it a dozen times a week it almost became impossible to notice if it had a slight change or not.
One clever account manager trying to make sure tech support “noticed” his special instructions tried using a <blink> tag… entirely ignoring the issue that upon noticing the instructions they would be hard to read. Thankfully the tag failed to work.
As you can imagine eventually there were exasperated executive meetings about how nobody follows the special instructions.
This is the world of protecting against corner cases.
Human systems are not computer systems. In computer systems, edge cases are usually worthy of investigation and rethinking. In human systems, edge cases are to be dealt with when they appear
Those disagreeing with your comment might want to consider that it's very close in spirit and meaning to what JKM wrote in TFA:
Computers don’t have emotions; I don’t need to worry insulting the vast majority of S3 objects when I defensively check integrity every time. But humans are different; when we design a human system around uncommon cases, we do need to consider the ramifications on the majority.
> when we design a human system around uncommon cases, we do need to consider the ramifications on the majority
This is how I feel every time some new service asks me which pronouns I prefer. I'm happy that some people get to choose the pronouns they feel represent them (or avoid the pronouns they feel disservice them), but it seems like it is both pushing an agenda and adding additional friction to the process. Just leave the option setCustomerPronoun() available without making it a necessary step.
I've chosen a contentious example, but there are dozens of others. Just for another example, if I was born in 1977 (above age of consent), what does the forum software care my exact date of birth and err when I don't want to provide it?
An issue is that many systems presume pronouns, and for some people, this is decidedly uncomfortable and significant. For others ... not so much.
There's virtually always the option to leave the option blank, or to make up a garbage or meaningless value. The first system on which I recall the option being offered was Google+. My response was "trans-krell", playing of my pseudonym's character.
For age, I usually try to find the earliest possible birth year acceptable to the system. For Google this seems to be about 140 years prior to the present date. Again, I avoid providing this information if possilbe (most of my various little-used Google accounts have either no value provided or a ridiculously early age).
I'm of the view that we don't need to be formulated, sprawling on a pin, within some global surveillance database(s). If I can evade classification and feed garbage to the system, I will, for as long as that is viable, and probably for some time after that point.
The gendering or nongendering agenda concerns me far less than the Total Information Awareness agenda. Services demanding anything from me other than some random username and password (I tend to use password generators to create both values), and possibly a contact email address ... tend not to get used.
As I just commented to a friend a few days ago, I can't remember the last time I did create an account, with the exception of some recent Mastodon and Diaspora* migrations in the past year or two.
For my most recent Android device (the Android aspect of it being among the least attractive characteristics), I bailed out of Google Play Store registration, which requires creating a Google account. (Even if not formally associated with other identities I have, those could all but certainly be trivially linked.) Instead I'm relying on F-Droid, APK-Mirror, and the Aurora Store. I've kept actual app installations to a bare minimum, and most of those through F-Droid. There are I think three apps with actual accounts associated to them, though only one has been so configured.
My use of the Internet dates to the 1980s. I've seen a lot. And am disliking increasing amounts of it. Read Dan Geer if you haven't recently.
> There's virtually always the option to leave the option blank, or to make up a garbage or meaningless value.
Right, but it's an uncommon option that relates to a controversial subject. That's why I mentioned to leave the option setCustomerPronoun() available without making it a necessary step: show it in the UI options but it doesn't have to be front and center in the sign-up form.
> The gendering or nongendering agenda concerns me far less than the Total Information Awareness agenda.
Sure, without a doubt. I may have inadvertently picked a flamebait example!
For me - it becomes an agenda when they’re collecting the information for no other reason than to collect the information - or - they’re using the field to show how progressive they are. Unless gendering language is somehow critical to the operation of the software - why collect it at all? I have the same feeling about birthdays - I’m automatically assuming it’s because you have “sell customer data” on the 5-year business plan.
Some of us are still old enough to remember when "Ms." was a contentious or at least novel title, though few are old enough to have seen its original proposal in 1901.
The New York Times formally adopted use of "Ms." as a title, distinct from "Mrs." (a married woman, often referred to by her husband's full name, e.g., "Mrs. John Q. Smith"), or "Miss" (an unmarried woman or girl, addressed by her given and maiden names, "Miss Jane Q. Jones"). Ms. Magazine was a direct and deliberate challenge to that practice, and was launched in 1971 by Gloria Steinem. Interestingly, all three words, "miss, "missus", and "mizz" originate from "mistress", which was at one time the single title applied to any woman, adult or child, married or not.
(For men, the terms "Master" (unmarried child) and "Mister" were both represented as "Mr.".)
And then as now, "Ms." resulted in much gnashing of teeth, changing of forms, and updating of databases.
It's not really an agenda to leave the option open - people not identifying with male or female (or fluidly between the two) doesn't harm anybody. Surely for it to be an agenda, it has to be putting somebody else out?
I don't get the issue. Making gender-nonconforming people's options the same level in the UI as male and female is a bad thing? Seems like pretty standard egalitarian design to me.
I don't celebrate Christmas, why not ask me my religion in the sign up form? I certainly don't want to see the Christmas themed website or get the "holiday greetings" newsletter. Is making non-Christian people's options the same level in the UI as Christians a bad thing?
Same with the Last Name field. I happen to know someone who doesn't have one. Why isn't he accommodated?
How about colour blindness? Why isn't there a colour-blind accessibility option in the sign up form? Is making colour-blind people's options the same level in the UI as regularly-sighted people a bad thing?
There was a time when asking for religous affiliation was fairly standard, though also often associated with prejudicial practice.
Forms of address --- Mr., Mrs., Miss., Ms., and often professional titles (Dr., in German Ing. (engineer), esquire (lawyers), Reverand, etc.) is at least fairly common if not entirely standard practice.
I suspect, again, some motivation on the part of a requestor. A magazine's circulation department, for example, might want to know the number of lawyers and doctors among its subscribers as a proxy for advertising value.
Many business information request forms provide detailed rosters of who you are, what you do, and your company title. For similar reasons, I suspect.
(I also feed those bogus information as a matter of course.)
Wait, so because other people aren't accommodated, we also shouldn't accommodate gender non-conforming people?
Having a separate first-last name is often brought up as a UX failure for exactly this reason, and UX designers often design websites so that colourblindness doesn't hamper usability (in my experience working with designers at big companies). The Christmas one isn't as much of an issue because AFAIK very few people are meaningfully put out by seeing Christmas decorations on websites from majority-Christian countries. In other countries these things often /are/ turned off depending on cultural sensitivities.
We should be trying to design our processes to fit the world around us, not rejecting the parts of the world we don't like.
To be fair, the equivalent solution for the name field example would be solving it by insisting everyone specify how many names they have before letting them enter their name - there's a reason that isn't the recommended solution, people don't want to deal with minutia that doesn't matter to them, one field works fine for everyone.
The obvious solution is to just not use pronouns - it's a messy part of the language that is currently in flux, so why wade in?
Obviously, some sites are dedicated to these issues, so they can justifiably ask on sign up, but if you don't _need_ to care about people's personal details, better not to ask at all.
Complexity is a much larger issue in human centric systems than it is in computers.
We can hide the complexity in computer systems even engineer the risks of it out, this is not the case in human centric systems. That complexity will endanger everyone involved.
KISS is a good principle generally, but it's the most important principle in humans systems, sometimes even ahead of completeness.
For some reason I'd always been under the impression that the 'F' in 'TFA' was a different word. This makes so many exchanges less hostile in retrospect. Oops.
This, right here, is why I never use acronyms with the sixth letter of the English alphabet anywhere in them. Heck, as you might already have noticed, I don’t use said letter at all, unless it is part of a word.
This is one “human corner case” I have no shame working around. Wouldn’t want to convey hostility where none exists.
The F-word (I'll spare your virgin eyes), or even the letter F, is not capable of conveying hostility on it's own, so there is no sense in omitting it.
The acronym was coined with the non "fine" meaning for that letter. It was much later that internet culture got more polite and people retroactively replaced the meaning on RTFM and RTFA.
I'm almost certain what you're thinking is the original usage. TFA (disparaging, implying the person you are responding hasn't read it) was co-opted as TFA (neutral)
I prefer "TFA" to "OP" as the latter may be ambiguous as to whether it refers to the article or, more typically in my experience, commentary on it. Even here, "OP" might reference either a thread root or the parent of the post immediately being replied to.
"TFA" is a well-known and long-standing usage within the hacker community. It came to prominance at Slashdot, which I'd read back in the day, and is at least some decades old.
It refers specifically to the submitted article, and carries an overtone, sometimes tongue-in-cheek, sometimes subtle, sometimes more blunt, that the person being referred to ought to read the specific submitted work more closely. Perhaps at all. And without crossing HN's guidelines against specific accusations.
That is, the meanings are similar but different. "TFA" is more concise and specific. All of which make it the more fabulous ;-)
It turns out I do use both terms fairly frequently, as my comment history shows. The distinction is largely as I've described above. "The article" usually refers to some additional or other reference rather than the HN submission. "TFA" in the context if "you/I should have read that closely".
I presume they mean that out in the real world, there are lots of edge cases where reversing a transaction is a better outcome than chest-thumping about "Code is Law".
Yeah and the way I described it every "skeptical instructions" was a catch ... that triggered on every call.
Unlike code that triggers (hopefully) only when something weird happens, the cost of the special instructions and the dysfunction that followed was ultra high.
This sounds insane and I genuinely don't understand why anyone would work here or put up with this.
I understand the main point, I think, of 'make sure that people read instructions instead of ignoring them', but this is taken to bizarro levels which I don't understand why anyone would tolerate. The 'account managers' designing these 'special instructions' are either sadists or just assholes, and if management is not willing to protect its own staff from this bullshit, I see no reason for anyone to continue to work there. I don't really understand people staying in abusive job situations like this. There are many other job opportunities out there.
> I don't really understand people staying in abusive job situations like this.
I'm working to get out of a job that turned into this once our (lovely) manager bailed and exposed our team to the incompetence of our current leadership.
I'm having to HEAVILY fight my gut instinct by leaving, because I was raised in poverty and grew up as a disabled lesbian back when those things created more issues than they do now. I'm also from a rural area and neither of my parents have college degrees.
I may logically know that I (as someone with credentials and a decent skill set) have every right to leave and it's in my best interest to do so, but it conflicts with literally decades of messaging I've got telling me I'm lucky to be allowed where I am at all and seeing those around me be punished for standing up for themselves.
I was also abused by my parents, and that's another angle: People who are used to abuse don't think it's that bad, and I'd wager there's a fair number of people who have just never had a decent work situation. If you're going to be abused, at least pick an abuser you know and can work around.
Humans are pattern recognition/social machines, and if you only expose humans to dysfunctional patterns, they'll assume the problem is them. If you design a society, it's pretty easy to get yourself a group of people who are open to being exploited.
I can relate to this. Neither of my parents have college degrees and we were poor growing up. For a while they just pushed me to get any job I could. I worked in a call centre (horrible), door to door sales (more horrible), a butcher in supermarket (slightly horrible), working in the NHS (terrible pay, lovely people).
I've had a lot problems myself struggling around guilt about the pay and general lifestyle in tech. But I'm now working in a tech company with lovely people, doing interesting work. For what it's worth from a stranger: I wish you luck in overcoming your inner critic and that you are worthy and deserving to get a job with people you like at a job you enjoy.
> For a while they just pushed me to get any job I could. I worked in a call centre (horrible), door to door sales (more horrible), a butcher in supermarket (slightly horrible), working in the NHS (terrible pay, lovely people).
This is a large part of it, especially as someone whose community is likely to have those sorts of jobs. If everybody around you hates their job and you grow up in a culture where people actively despise their workplaces/management, you assume that's just how jobs are.
EVERYBODY I grew up around hated their jobs, so it's really hard for me to know what to put up with. To people like my stepdad, my displeasure at how I'm treated by leadership is complete stuck up whining: I personally make more than him + my mother and their households ever have, I'm not in physical danger (unlike him doing HVAC work, my mom doing warehouse work, my siblings' SOs who work landscaping, etc), etc. I was taught growing up that basically unless your boss put you in the hospital, you were lucky to not be homeless or starving and work just sucks.
This is a particularly hard mindset to get out of because in white-collar environments, you can't talk about how growing up blue collar or working class makes you anxious because a lot of 'professionalism' boils down to 'don't let the nice people know you're a peasant or you'll be kicked out for not being a culture fit'.
The pandemic has been very helpful, ironically! I'm more than willing to blame myself for all my life problems, but when I see OTHER people being treated like I was, it raises my heckles and pisses me off.
I'm so glad to hear that you found a job you like. I'm hoping to move from a small-shop/journeyman dev to working in a dev team and I'm trying to maintain optimism, so stories like that help!
It's scary how two different people can have such similar backgrounds (minus the lesbian part, that's playing the rural dating game on hard mode for sure). For me I just kept living like a college student and saved most of my paycheck until the adult part of me was able to convince my inner child we were, in fact, safe.
Feeling safe let me leave bad employers in the past. Thankfully my current one is pretty awesome.
Yeah, I was on the track to do what you did, and then I got multiple sclerosis during my last semester of graduate school. Disability is a major player in my own personal negative patterns: My MS came out of nowhere, I can't make good choices to make it go away, and I can't just ignore it. I also was fucked over when I tried to plan for things like student loans: Over half my undergrad debt is from my last year because my dad lost all the money he was using to help me in 08.
My personal experiences, outliers though they are, tell me that change is likely to screw me over. I would love to save my paychecks but when your meds cost 300k+ a year for your entire life, your life is dictated by health insurance and care. I lived like a college student and saved and was STILL fucked by change, so I'm very change and risk averse.
>I genuinely don't understand why anyone would work here or put up with this.
While the special instructions incidents were horrific, particularly to someone like me who wants to do the right thing and their brain seizes up with such insanity, they were eventually resolved.
Finally they instituted a policy where instructions were reviewed by a group of senior account managers every 90 days. Whomever wrote them had to justify them, or they were simply deleted. That actually turned out to be a great process as many out of date instructions were auto deleted without anyone doing anything.
As for the job, it was actually a great job. The support team was amazing, supportive, it paid great, and the company weathered a lot of economic downturns easily. If anything the special instructions incident demonstrated how even a great organization can go bonkers insane.
This (designing processes for rare edge cases) is endemic not only in people processes, but in technology-enabled business processes. I've had numerous clients fall into the trap of trying to over-engineer their process flow with validations for every conceivable parameter and variation.
This sort of implementation inevitably becomes a mountain of technical debt that overfits to the current process and reduces operational agility when the current process changes. At some point with business applications you have to trust your people to do the work and view the technology as something that enables that rather than necessarily constrains every dimension of it.
This reminds me of “The Computer Won’t Let Me” problem with many companies’ customer support lines. You call about some edge case problem, like your modem’s MAC addressed was entered wrong by the installer tech (not a real example but whatever). The support agent would like to help you, but your problem is sufficiently off the normal rails that the agent can’t manually correct it. The field is not editable on his screen, and that’s that. The process won’t allow them to fix it. This happens a lot with billing errors. An exceptional outage happens and the agent wants to help but they can’t because the Holy Computer was programmed to not trust customer support to adjust people’s bills. I’m sorry, Dave, but I’m afraid I cannot do that.
True story. Happened over the last couple of weeks.
Me: Kraken, I'd like to recover my old account I created years ago.
Kraken support: Sure, just login from the same computer and IP.
Me: I can't, I no longer have either of those things.
Kraken: How did our customer service go?
Me: It didn't.
Kraken: We can fix it, just login to zoom from the same computer and IP...
Ad nauseam, ad infinitum.
On the bright side, you no longer have an account with a wildly incompetent company. Same IP? Unless you are on a campus with statically allocated addresses or something...
I hope you're making this up. My spidery sense tells me that a random company cannot verify the IP I access zoom from. (Unless kraken was zoom itself presumably)
Kraken is a cryptocurrency exchange so it's plausible that someone's years-inactive account actually is worth a small fortune (to the customer, and to any hacker).
And that's my concern. I can't remember if there's a fractional bitcoin sitting around in a kraken wallet. Even if it's 1/10th of a bitcoin, that's enough to spend a little time trying to get it back.
I blundered my home address when initially setting up my cable internet installation. The installer called from the other house and I redirected him. He told me just to call customer service to have it corrected.
Multiple attempts, there is no way to change the billing/service address of an open account. Web says to call, customer service agent says to use web..
I've set to paperless billing and figure for any service visit, the tech will call me confused from 2 doors down and I will redirect them. Easy enough. Two year going now, so far so good.
Have you tried telling them you are moving from the incorrect address to the correct address?
I can see someone overlooking the need to support address corrections because that is probably a rare case, but customers moving within the company's service area and wanting to have service at the new address surely is common enough that they cannot have overlooked supporting that.
> I can see someone overlooking the need to support address corrections because that is probably a rare case
In my experience working working in tech support at a company that encouraged us to fix whatever we could do like as, service address and billing address changes occured everyday,multiple times a day.
At the time I was there that ISP had fewer than 200,000 customer, wasn't even one of the big players at the time.
Intenode in Australia, based in Adelaide, circa 2004 through 2010.
Hi, I was an internode customer from 2009-2016. Great company, great service, even though being competent with tech I never really used support (I think like 2 times during the time). Still the times I did use it there was always a very positive attitude from support.
I'm still a customer today, although now my service is delivered via NBN FTTH, I don't really see much differentiation in the market.
When I first started working at Intenode, tech support was still solely on the third floor of 132 Grenfell Street, and you would occasionally bump in to Simon Hackett in the lift.
I was still there when iiNet acquired the company, but left before TPG acquired iiNet.
It's cheaper. If they don't let their customer service agents have any autonomy, then they don't have to hire for things like 'judgement' and can just throw warm bodies in a chair, which makes people easy to replace and cheap to employ. It also prevents your cheapness from causing issues; if you hire decent people and rely on them, then it causes issues if those people leave en masse or start siding with your customers over you. "Sure, Mrs. Johnson, I'll forgive last month's bill; they don't pay enough managers to check and I'm quitting tomorrow what do I care?"
Some of this is a guardrail against social engineering. They can have an armada of minimally-trained level 1 support telling people they need to plug in their modem for it to work. Anything unusual they encounter can be appropriately reviewed by people who will understand the issue and not suffer from the confused deputy problem.
I’ve seen it a lot in well-intentioned post-mortems. Some bad code gets pushed to production and causes an outage. The responsible team does a thorough review, and in a bout of self-flagellation proposes a long list of extra processes that add steps and checks essentially amounting to “don’t trust anyone to commit anything right ever.” If a level-headed manager doesn’t step in, this pile of process gets implemented, output drops, and people hate their jobs.
I’ve seen a similar thing with integration tests, as on a team with decent unit test practices production bugs are often a result of bad assumptions about another team’s API. Eventually a mountain of brittle end-to-end tests cripples a team until they get managerial buy-in to rip them all out and the cycle starts over.
This is the dark side / failure mode of checklist-based processes.
Yes, checklists and process standardisation will avoid numerous types of errors and issues. However one of your checklist processes must be to assess the checklist itself, weeding and refactoring the checklist itself from time to time. This includes recognising that the refactored checklist will itself have further issues and shakedown bugs.
Ultimately process is a compromise between what can be kept in working or near-at-hand memory, and what's both sufficient and required for the particular problem domain.
That … seems like a company that isn’t doing postmortems correctly. You’re not supposed to robotically implement every “what would have prevented this”. It’s just there to explore the space of such things and provide your options. “This is so rare and low impact that we change nothing” is a valid option!
The purpose of keeping a record of past postmortems is that you can potentially go back and say “oh gosh, it isn’t actually rare, and so maybe the more elaborate countermeasures are justified”.
I’ve seen the opposite extreme happen, where a devops guy was adamantly against writing a postmortem at all, because “it wasn’t our fault” and “it probably won’t happen again”. Facepalm.
Oh this is definitely me describing a failure mode of postmortems, not an indictment of the process generally. It usually happens with well intentioned junior teams that lack experience/perspective.
I’m a firm believer in learning from mistakes, and making the right trade offs between reliability and velocity. Postmortems are a fantastic tool for facilitating this. As you point out though, the implementation matters and you need to be conscious of the cost/benefit of the recommendations that come out of the exercise.
> The responsible team does a thorough review, and in a bout of self-flagellation proposes a long list of extra processes that add steps and checks essentially amounting to “don’t trust anyone to commit anything right ever.”
If that list of extra checks is automated, i.e. added to your deployment scripts rather than manually followed by a human, then that's great. Every bit of repetitive decision-making and tribal knowledge that you can eliminate from your team's day-to-day functioning is a win.
Edge cases is where every legislatively mandated process I've ever administered has failed hard. The laws and regulations I was administering worked well for 99% of clients.
But if you were in that 1%, shit sucked, sorry.
Two examples:
1) You're a single parent working part-time as a legal secretary, and in receipt of some form of social welfare payment to ensure you and your children don't end up in hardship.
You are offered full-time hours! Yes! Except because you hit the boundaries/limits/edge cases in the legislation, your net income will only increase by $30 a week, because your income tested supplementary assistances will decrease as your earnings do.
Now, the legislation in play here, ensures social welfare and works okay for 99% of people (when I say "works okay", I mean, gives them money, and doesn't disincentivise work). But that income testing bites you as you approach the edge of the income curve.
2) You want to go hunting in a national park managed by the Dept of Conservation. The usual hunting permit requires that you only use centrefire rifles - rimfires and shotguns are totally banned (to prevent hunting of native birds, especially the tasty fruit fed kererū/kūkupa/wood pigeon[0]). However, you want to hunt red deer and chamois, with a crossbow.
The policies at the time don't account for crossbows (and this was before bow hunting was as common place as it is now). So the department defaults to "No".
In both situations, the broad rules work well for 99% of users. But for the 1% it sucks. The key to the 1% is human discretion and agency.
Good systems, whether legal, business process, or algorithmic, always allow for a human to override. Bad ones don't. "Computer says no" style.
(On the crossbows, a ranger (my Mum, I'll be honest) went into bat for the hunter in question, to determine what was needed for "no" to become "yes", and well, now there's a policy that determines the minimum draw weight for a crossbow to be considered humane - and no barbed or exploding bolts allowed! [1])
One weird edge case administrative process that worked in my (well, my partner's) favour:
The UK introducted legislation stating that people on a specific type of visa would only be eligible for permanent residence if it was issued on or before April 2010. The same legislation said, if this type of visa was issued after April 2011, it oculd only be extended to a maximum of 6 years, and then the visa holder would have to go back to their home country.
Well, there were obviously a bunch of these visas that were issued in the interim period, where the holders wouldn't be eligible for permanent residence, but if the employer company was willing to do so, could keep extending these visas indefinitely.
This seemed so baffling to us that we spoke to multiple immigration solicitors and the Home Office/UK Visas & Immigration support reps (or whatever outsourced org they were then -- Capita? Sopra Steria?) and they confirmed that this was true -- the visa could be indefinitely extended unless the government changed the rules.
The government eventually patched this bug, but IIRC, not before most such visa holders used the extra time to sort their employment situation out. (Opinion, not facts, based only on forum discussion anecdata)
> You are offered full-time hours! Yes! Except because you hit the boundaries/limits/edge cases in the legislation, your net income will only increase by $30 a week, because your income tested supplementary assistances will decrease as your earnings do.
My mother at one point made $25/mo too much for her childcare assistance because she worked some overtime. She lost her assistance for months and ended up several thousand bucks in the hole. Plus joy for me, since when parents can't afford childcare, guess who gets to do it instead? If you guessed usually the oldest kid, here's a prize!
Cheers to your mum for that! One of the trickiest parts of changing the rules in any bureaucracy or medium-to-large organization is if the org are lucky enough to still have people willing to stick their necks out to try to make things better for someone else. I admire the courage it takes to do something like she did.
Half way through your first example I was thinking it sounded a lot like New Zealand. And then, it was! In that case, it's also affected by (from numerous anecdotes on twitter et al) that a lot of case managers either don't bother, or aren't empowered to work the system for their clients.
When I was a case manager for WINZ, you tried your best, but ongoing discretionary assistance (Special Purposes Benefit, now called Temporary Additional Supplement) above a certain time period required a manager's sign-off, and then you hoped that your manager wasn't a dick.
I see this come up more and more in calendar widgets. They don't allow any manual entry so if you are older than 30 and the year of birth picker is some ultra custom SPOS it takes old people like me literally 30 seconds to enter my birth year.
This used to annoy me when I lived in Hoboken NJ. Often “nearest store” searches etc would suggest that Manhattan (or even Brooklyn) were the closest, and as the crow flies that is true. However, as anyone who has tried to get from Hoboken to Brooklyn will attest, even much further distance in the same state is far easier to get to, and was the option I was looking for, since I could not (reasonably) fly to Manhattan.
That said, I’d take Suffern NY over south Jersey, so by state isn’t ideal either.
My guess, though it carries a bunch of other problems that people below listed:
Population density means zip codes are extremely concentrated in NYC, especially in Manhattan. Traveling down the length of Manhattan might have you cover ~25 zip codes in 13 miles. Basically, a zip code isn't a meaningful measure of distance like it might be elsewhere. A radius might also place you into NJ, which could be an issue depending on what you're trying to accomplish: Delivering something from Queens might be significantly easier than from NJ, even though Queens might be further.
That's my guess anyway, though it's odd because nowadays generally looking something up via zip code + radius is actually easier in Manhattan (with a map you can easily see whether it would require coming from Jersey, crossing the park, etc. etc.)
Back in ~2000, zipcode databases cost money, radius search was moderately difficult, and in the US Northeast, you can cross most states their edge-most "relatively major cities" in ~4-5 hours, putting an average distance of anywhere-to-anywhere in the state as ~2 hours. In the extreme Northeast (eg: NY, CT, MA, NH, VT, PA, NJ, DE, etc.) the whole state is ~1-2 hours "big", and likely concentrated in a single (or few) city centers.
Contrast to FL, TX, CA, and we had to immediately support zip-code-ish search (a non-trivial technical and operational burden, as zip-codes are rough-approximates for GEO's, and change pretty frequently) b/c "Couch for Sale in TX" means something completely different from "Couch for Sale in MA".
...you can see that "just tell me what state it's in" hits within ~1hr of a single city center up until you hit TX or FL. So in 2000 it was a reasonable shorthand for "east-coasters" to say: "MA == Boston of course", and "CO == Denver" b/c where else was the internet going to be? ...either relatively close-by, or at your states major population center.
This is totally non-scientific and anecdotal, but I worked for a P2P sales startup out of college, implemented the zip-code search, radius, and update code, and distinctly remember noticing that some competitors (and dating sites!) definitely didn't support zip + radius searching, and they were usually ones that were funded from NY. CA was probably a bit more technically advanced, geo-aware, and wouldn't usually launch w/o zip + radius capabilities... again b/c "Couch in NV/CA", or "Singles in NV/CA" is a completely different scale from "Couch in NY/NJ, or Singles in NY/NJ"
(edit: in the 2000-era!! barely dial-up, and computers in general were decidedly non-rural devices, no cellular networking, and a motorola "two-way" was peak connectivity).
Reminds me of a company where a committee (with just one technical member) decides what JIRA tickets are allowed to be worked on. To minimise $arr_past_fuckups.map(will_happen)
I think this might nicely dovetail with Taleb's anti-fragility. You get anti-fragility not by planning for every edge case (you'll miss some) but by building self-correction mechanisms and controls in that allow to adjust without waiting for the whole behemoth to move. Give people enough room to maneuver to handle exceptions. If you cannot trust people to do that you might to find different people
> designing a human process around pathological cases leads to processes that are themselves pathological.
Very true.
I remember, back when I was still interested in helping companies succeed, one “interview” I had.
I mentioned that I had this ginormous portfolio, packed with dozens of highly relevant, finished, tested, well-documented, well-designed open-source projects, a decade of checkin history, of tens of thousands of lines of code, hundreds of pages of documentation, dozens of articles on various sites, where I walk through my design philosophies and processes, in detail, teaching modules, etc.
The “interviewer” told me that they were not going to look at it, because “I could have faked it.”
My jaw dropped.
If I could fake that, then you should hire me immediately, at three times your offered salary.
I’m pretty sure that the decision had already been made, not to consider me (because eld), and this was their way of chasing me off. They weren’t going to waste the half hour or so, that it would take to do a quick review of my work.
It worked a treat. I couldn’t hang up, fast enough. I won’t go where I’m not wanted.
The other explanation, is that they actually believed what they said, which would mean they were completely insane.
Maybe they didnt hire you since you sound very eccentric (as in euphenism for strange) with those big words.
Hopefully I dont break the site rules for pointing this out, but interviews are a game to weed out people who are difficult to manage. And people who show any unusual flair are considered difficult to manage by lots of managers.
And yes, some eccentric people with whom I worked were awesome, but there were also lots of eccentric people who were not (combination of "exceptionalists" and "insufferable").
> Maybe they didnt hire you since you sound very eccentric (as in euphenism for strange) with those big words.
SRSLY? You are saying "big words," On HackerNews? This venue is the Home of The Big Word. I can't hold a candle to some of the eloquence that regularly appears here. I pretty much write in the vernacular.
BTW: I am "strange." You got it in one. I've become quite happy about that, and so has pretty much everyone I've worked with, over a long career, in many diverse teams.
But you ... might want to browse around my work ... just a bit ... before deciding you know about me. I make it very easy to check my work. Unlike most folks around these parts, I'm extremely open about who I am, and how to find out about me. Helps me to stay away from the Dark Side of The Force. I'm also not particularly interested in working for anyone else, ever again, so I'm not really about trying to be diplomatic. If some chap in a crown is running about, starkers, I'm likely to point it out.
It's kind of amazing that we regularly resort to sending up insults, hereabouts, without taking just a couple of minutes to see if they have a landing pad, first.
> The other explanation, is that they actually believed what they said, which would mean they were completely insane.
It's not that insane? Like, how hard is it to clone some substantial, but lesser known, project and edit the committer to yourself? Edit the name too to something that you buy a domain for. It wouldn't hold in court, but a hiring manager in a rush won't ever be able to figure out if you did that or not.
Did you look at the portfolio? It's linked in my profile. Over 40 repos (single-source), dozens of articles (also single-source), etc.
It would be mighty hard to fake, and even a quick shufti will tell you that. My code and my writing has a very distinctive style.
It was -quite literally- the equivalent of a little kid, sticking their fingers in their ears, singing "lalalalaaaaaa-I-can't-hear-yoooouuu-lalalalaaaaaa."
Sadly, the StackOverflow Story will be going the way of the dodo, soon, so I'll have to rebuild it, manually. Pain in the ass. Since I'm no longer bothering to look for work, it won't be a priority.
I'm quite serious - if someone starts with doubting this kind of claims in general, your portfolio isn't really designed to be obviously authentic. I see blog posts on your company's website that don't attribute you personally. Same for the apps in App Store. Basically until you moved your writing to Medium, just 3 years ago, you seemed more concerned with promoting your venture than yourself.
I'm even worse at this - you'd be hard pressed to find anything of value attributed to my name since I left academia. I even don't host most of my code at Github. At least I won't be surprised by somebody not trusting my portfolio ;)
Actually, I’m moving away from Medium. When they started paywalling my writing (of course, without any recompense to me, but I don’t actually care), it was sort of a “pull-up.”
I’m not at all interested in competing with hungry kids. I wanted to keep busy, and make just enough to keep the lights on, and some insurance. I probably would have cost half as much as most folks.
I wasn’t expecting to be fawned over or flattered, but the flat-out, unapologetic disdain, made it clear that the industry is no longer a place I want to be.
I found some folks that wanted to do stuff that interested me, and I’ve been working with them, for free. They seem happy with my work, and I’m quite happy, working with them.
Also, and this is neither here, nor there, all my Git commits are GPG-signed.
> If we start to imagine adding steps to the interview process to protect against an imposter job candidate, the “solutions” we come up with are quite aggressive. We could ask candidates on video (or in person) to see a photo ID and match the ID against the resume. But this would seem very weird. It starts an interview off in a hostile manner, and send the a strong message of distrust.
> Computers don’t have emotions; I don’t need to worry insulting the vast majority of S3 objects when I defensively check integrity every time. But humans are different; when we design a human system around uncommon cases, we do need to consider the ramifications on the majority.
That's very true. It could be called "the tragedy of security": annoying and insulting everyone just to ward off a few bad actors.
For example, in Europe, online payments are becoming annoying to a degree that would have been unthinkable ten years ago. To use a VISA card online includes typing its 16-digits number, expiration date, "security code" (which is printed on the card), then receiving a code in a text message and typing it back, and now typing yet another personal code (or in some cases, the access code to one's online account!!) And after all that, it may still fail. It's insane.
I'm sure there are good reasons from the banks or regulators POV to act like this, but the consequences are incredibly painful for the vast majority of people, and probably economically detrimental as well (I sometimes give up from buying something online when the system doesn't accept a simpler payment method than VISA).
> then receiving a code in a text message and typing it back, and now typing yet another personal code
Really? In my experience aside from typing the card numbers, all I have to do is approve the transaction with 3D secure which is one tap in my bank's app. It has never failed in my experience.
Surely the bank's website offers the same security features, so that accounts may be accessed without a specific phone with a specific app. If not, then that bank should be avoided.
It depends on how the payment is integrated, i guess.
Is some relatively local stores it's along the lines of:
- check out an item in the cart
- you're taken to a payment processor's page (gateway)
- there you pick your payment method, e.g. which of the supported banks you use
- then you enter your bank's user ID and personal identifier
- then a prompt pops up on your phone (though you can also use a "code calculator") with a reference ID
- you enter your PIN code to confirm the prompt on your phone, granting the gateway access to your bank account
- it then lists your payment accounts, from which you pick one that you'd like to pay with
- then you get yet another prompt on your phone, this time you have a separate longer PIN to enter for confirming the payment
- you do so, the payment is processed and you're taken back to the store page, with your order placed
Note: that app (SmartID) that's used for the codes and confirmations isn't actually maintained by the bank, but is a separate entity, so to make a payment you might have to rely on the shop being up, the payment gateway being up, the confirmation solution being up and the bank also being up. Despite all of those vectors for failure, i've actually had a pretty good track record with this solution (i've only seen the bank's service crash once and the occasional store have issues).
Oh, and the app can also be used to confirm authentication for online banking: you enter your bank user ID and personal identifier, which makes a prompt pop up on your phone, so you also get 2FA there out of the box!
Of course, the bank also has its own app where you can make payments to specific people, or request payments, as well as view your account balance and see how your investments are doing, which is pretty nice, though you cannot use it for confirming those purchases.
On global stores (e.g. the likes of Amazon, eBay, AliExpress etc.), however, the process is generally far less involved, you just check out an item that you want, shortly afterwards the money shows up as "reserved" on your account. If you don't recognize that order, you can dispute the charge. Of course, if you don't have card details saved, you would need to enter that information first (card number, name, expiration date, code), but the end result is the same there.
That said, despite the seemingly more cumbersome approach of integrating with the bank directly for payment processing instead of going with just the card approach, i'd say that it has some security advantages for sure! With this approach, even if my bank account is compromised, no one can make payments without having direct access to my phone AND knowing the codes (as long as the system works). Of course, many still choose to pay with their cards instead.
Ah that makes sense. I respect you not wanting to use an app, but most likely >90% of the people who make online purchases also have their bank's app so it makes sense that the flow is optimized for that.
I use Wise too, but they also support 3D secure and it is generally required on European merchants... Works great in the app, but it's probably clunky without it too :/
So there are a couple of issues at play here. First, a merchant can charge your account with only your card number, date and CVV. If you call up and pay someone, say an insurance company, that’s all they need. Now your bank might automatically reject that charge if it seems suspicious, but that’s their call. This is why fraud is/was so rife in the US, because anyone who imprints your card can pay with it. Adding a chip and 3D secure mitigates that somewhat. If someone steals your card, usually it’s just an inconvenience because the bank will freeze your card, issue a new one and refund fraudulent transactions.
Typically the reason you see 3D secure is for chargeback protection. Chargebacks from fraudulent cards are both common and expensive for retailers and they want to minimise it - so they check your address etc. Ever notice that the checks sometimes make no difference? For example sometimes the billing address gets checked and fails if you put in the wrong one, other times it doesn’t seem to matter. I believe this is a merchant decision (some places just use it to generate invoices for tax purposes).
I don’t know of any regulation for using apps, but 2FA may be required? With Wise I can respond either via SMS or the app. I also have another fintech card which gives the option of sending the OTP over email which is useful when the app isn’t available. Also as an expat I have two phones with different sims, so I need solutions that aren’t device locked (at least one bank only allows me to have one mobile device registered).
> So there are a couple of issues at play here. First, a merchant can charge your account with only your card number, date and CVV
But the 2FA authentication of 3D secure with an SMS was fine(-ish) for me. I'd prefer this didn't rely on a phone (having network reception), but fine. It's better and more conforting than no verification at all.
Requiring me to validate two different forms with both an SMS and my bank account password is a bit much. But I'll adapt. I wish they turned those two forms into one directly though.
> I don't have any Android or iOS device on which I can install your app, and I would not do that anyway.
I don't think you can really complain that they aren't using convenient 2FA because you don't have a smartphone. It's a pretty reasonable thing to require these days.
You didn't complain that the online shop itself required the use of a computer.
I don't think forcing people to go to the GAFAM is fine, no.
(And yes, I have a smartphone but that should not be a requirement neither. My computer should suffice).
> You didn't complain that the online shop itself required the use of a computer.
Obviously online shopping requires a computer. It would not make sense to complain about this (though if I had to be a bit pedantic, the computer does not have to be mine. I don't need to own a computer).
At the moment the situation is workable for someone not having a smartphone, so, fine, but I hope it stays this way.
Not for 2fa. There are standards for that and they don't need smartphones. Also: I would trust the security of a computer owned by someone without a phone more than that of the average smartphone at this point.
Security codes is a special case of fraud ruining things for everyone.
I recently gave up on becoming a Hetzner customer (to set up a Minecraft server for friends). After going through all the security checks it declined to provision the server, demanding a photo of me with my ID—even though it successfully made a transaction to validate my payment method, it matches my name and address on file, etc. I blame crypto miners playing chargebacks.
Hum... I think they require it from everybody that isn't from the EU. I don't know if they have any means of validating the identity of EU citizens, or if they do that too.
I imagine Germany has some laws about identifying who you host things for.
Now, now… calling extra security steps for online purchases ‘extremely painful’ and ‘economically detrimental’ seems a bit excessive.
In fact, I think these steps may be there just to make people feel more secure about buying online (this would totally work with my mom, who after many years of visiting me in the USA is still afraid of giving her card to the waiter in a restaurant to pay for dinner).
> this would totally work with my mom, who after many years of visiting me in the USA is still afraid of giving her card to the waiter in a restaurant to pay for dinner
To be fair - her instincts aren't bad. It was always a shitty security model, it led to a lot of fraud, and it was one of the design principles of Chip and Pin to eliminate it.
> in Europe, online payments are becoming annoying to a degree that would have been unthinkable ten years ago.
I'd just like to chime in here to say that this isn't universal across Europe. The dutch iDeal payment system only requires you to scan a QR code with your phone and enter your PIN also on your phone. I believe belgium at least uses a similar system, but I'm sure iDeal is not unique.
Not to discount your experience of course, sounds like a real hassle and an unnecessary one at that.
Three European accounts I sometimes use for online payments, each from a different country, don't make me miserable like that. Apparently one of these banks was founded early in Abraham Lincoln's presidency, so it's not a matter of choosing the new coolness too.
Well, yes and no. There was a time when we could shop online without all this nonsense. It's getting worse every year, instead of better.
And also, going to the store has its own rewards. You get to talk to real people, see and touch the things you want to buy, etc.
Now we're alone behind a screen, jumping through absurd and arbitrary hoops that keep getting harder and harder (tried to solve a captcha lately) and fighting "AI" systems fed with stupid data.
Why not just take a picture? If you're interviewing so many people that there's a genuine risk of forgetting who is who, a picture seems useful. I'm sure I'm not the only person who will forget your name in 3.5 seconds but never forgets a face.
Maybe this is my time at Pivotal speaking, but your first day on any team you get your picture taken with a polaroid. It goes on the pairing board. It's not weird.
"Thank you for interviewing with us! Mind if we take a picture so we can keep our who's who straight when the team is making the decision?"
All that jazz with IDs sounds unfriendly, sure. A snap isn't. Hell, make it a selfie with a team member.
I think in this case it was all remote. But yeah, I don't think it would be that hard to add protection against this fraud in ways the candidate wouldn't even notice.
This is what we do. We literally take a screenshot when interviewing a candidate and ask them to turn on their cameras during meetings (at least the first week or so)
That seems like it would be incredibly hard to perform convincingly and if you could, you've found your true calling in hosting/announcing/commentating live events not sucking at software gigs.
> designing a human process around pathological cases leads to processes that are themselves pathological.
Very interesting insight! However I'm not fully behind some of the points.
Saying that fixing a bad hire is easy is a very USA-centric view of the world. In some European countries it would be very hard to get rid of such people, so the cost is hire.
I think the S3 analogy is not apt either. Sure, the probability of an error for each individual object is negligible, but if you store billions or trillions of objects, it becomes certain.
A better tech analogy is this: imagine a service that creates a bunch of resources every time you create an entry. When you delete the entry, you want to get rid of each resource. Now you have to defensively program around the myriads of errors and possible inconsistencies that can arise from this. And of course everything can just go wrong anyway.
Instead you could do nothing, or an optimistic delete. Then have a cron job that periodically cleans up orphaned resources. This is a much simpler and resilient approach.
The right answer to this question can probably be semi-formalized by account for the volume of transactions (interviews), errors (cheating candidates), cost of error (bad hire), price of increased complexity (more cumbersome interview experience for all), and how effective it is at preventing errors (are we getting all the cheaters?).
EDIT: On an extra note, this reminds me of those anti-piracy measures that don't stop piracy but are a royal pain in the ass for legit buyers.
> Saying that fixing a bad hire is easy is a very USA-centric view of the world. In some European countries it would be very hard to get rid of such people, so the cost is hire.
Most EU countries have laws around probationary periods at the beginning of an employment that can extend up to six months. Once that period has passed it can be difficult to get rid of an employee but until then it's easy.
tbh its not even that hard in the most employee protecting jurisdiciton, which tend to also have the highest indrect cost for an employee as well.
The laws typically align with the values and sensibilities in the societies, but its a tiny bit easier in practice (if you really want to) to make happen. In the USA people think it is easy, especially at will states - even easier than they think. The UK people think it is moderately difficult; its actually pretty easy. France people think it is impossible, its moderately difficult at best, expsensive (like a couple of months salary) at worst, and within probations and first couple of years, pretty easy.
Culturally however, a) people dont like firing people and b) they want to believe that they are unfirable as well. So rather than pay an employee 3 months severance they linger on for years.
> The UK people think it is moderately difficult; its actually pretty easy
It's not too difficult, but it's not quick (and that's ok). Outside of gross misconduct, you have to go through multiple stages of explaining the issue, coming up with a performance improvement plan and then evidence that they haven't met it.
This is actually less true than you think, unless you fire someone for something egregious (Pregnancy, joining a union), they only have a right to challenge whether it was fair if they've been at the company for 2 years. So up until 2 years of employment, whilst there are rules about fair dismissals, the employee can't actually go to a tribunal and enforce those rules, making them basically optional.
To make matters worse, there is a maximum payout anyway, so short of actually writing something totally stupid on the dismisal letter the employer is not going to have many problems.
The maximum amount that you can be awarded as compensation for constructive dismissal is presently the statutory cap of £89,493 or 52 weeks gross salary- whichever is the lower
In the case of pretending to be someone else, and being found out on the first day, at least both UK and Sweden would have the probationary period exception, whereby you can be let go at a moment's notice (works both ways, either party can annul the contract). The probationary period usually lasts 3 months.
Pretty much the ONLY thing that is not a "go" during the probationary period is due to various things that fall in protected categories. I have a hard time thinking "I let someone else do my interview for me" falls under that, in almost every case.
Here in Brazil, where we tend to copy Europe on those matters, it's very easy to fire someone, but it can become expensive. Anyway, the expense grows the more time the person is working at your place, it starts quite cheap.
The GP was talking about a place where "pay a day of salary and move on" isn't a realistic choice. If there's fraud involved, you need to be able to prove it.
In my early 20s, I thought technology could solve all of our problems.
In my late 20s, I thought people-processes were the real hard problem.
Now, in my early 30s, I think leaders who build both of the above, but have the wisdom and flexibility to know when to make exceptions, are perhaps the most fundamental key to success.
I wonder how my perspective will change as I complete this decade of my life.
At some point after that, you'll realize that "leaders" and people who are seen to have the authority and capability to solve problems have a vested interest in perpetuating problems and making them worse.
Well, cynicism isn't the total opposite of idealism. You can have an ideal that's compatible with cynicism, such as to create a revolutionary new product, which people will adopt because (here's the cynical part) they are interested in elevating their own status or quality of life.
“There are four reasons why the Cynics are so named.
First because of the indifference of their way of life, for they make a cult of indifference and, like dogs, eat and make love in public, go barefoot, and sleep in tubs and at crossroads.
The second reason is that the dog is a shameless animal, and they make a cult of shamelessness, not as being beneath modesty, but as superior to it.
The third reason is that the dog is a good guard, and they guard the tenets of their philosophy.
The fourth reason is that the dog is a discriminating animal which can distinguish between its friends and enemies. So do they recognize as friends those who are suited to philosophy, and receive them kindly, while those unfitted they drive away, like dogs, by barking at them.”
Going through the same journey and hitting 40 this year, I've learned problems are an illusion. It doesn't get systemically better. Nothing ever is really solved, and the industry is constantly seeing an influx of people in their early 20s who think technology can solve all of our problems.
I think that’s too pessimistic. Problems don’t get solved to the extent that they completely go away, but it is possible to make things better. That’s not to say we’re on a constant slope of monotonic improvement, but with effort and patience, progress can and does get made. And we need those new crops of fresh-faced 20-year-olds to carry on the fight.
I used to share this view, but bitter experience has taught me that people do not change in the aggregate. Individuals may change, but that doesn't affect society at large. There is virtue in expanding knowledge and abilities, such as improving the mortality rate or getting us to the moon, but without a corresponding improvement in societal ethics it's like handing a child a knife. The systems and technologies we improve only increase the potential for chaos like chekov's gun waiting to go off. That's been true throughout history and the last several decades are no different.
Slartibartfast:
Perhaps I'm old and tired, but I think that the chances of finding out what's actually going on are so absurdly remote that the only thing to do is to say, "Hang the sense of it," and keep yourself busy. I'd much rather be happy than right any day.
Arthur Dent:
And are you?
Slartibartfast:
Ah, no. Well, that's where it all falls down, of course.
Early 40s: I hate all computers and want to send my phone into Lava.
Oh, sorry, real answer. Early 40s: So, I built and sold a consulting company starting in my early 30s. Business is hard. Computers are easy. Business is leadership and being able to build marketing, sales, etc as needed.
I've found that designing a programming language is a veritable mountain of compromises and exceptions. A language that rigidly follows rules tends to be intractable for users.
Two more decades: technology is not the problem, it's a tool, but a lot of people are using that tool inexpertly and that leads to all kinds of problems, some of which can no longer be solved by the application of technology.
I figured out clear but wobbly rules were the path to success. I also figured out that sometimes a spreadsheet or a piece of paper is the most advanced technology required. It's a matter of speed, complexity of task and performance.
I'm going to take a stab at one more iteration showing you that org building is the real hard problem. But what that eventually gets you to is that politics and community is the true hard problem, which is often where one starts off.
The other logical step in your line of thought is to query what is a problem and what is a success. Finding the right problem to solve to bring success most painlessly is another way to define great leadership.
This exact situation happened to another manager I work with. Interviewed a candidate remotely (with camera), everything was great, super nice guy, very knowledgeable, extremely technical. He got the job.
First day, he refused to turn on his camera during any of the meetings, wouldn't speak up, when he did it was clear the voice wasn't the same, seemed very dodgy. Aside from that, he didn't know how to use Git or setup his dev environment. One of the devs setup a pair-programming session to help get him acclimated. He couldn't write a single line of code. In the interview the candidate was clearly very senior and had significant experience.
Manager called him up and said they needed to speak on camera, he kept making excuses but finally turned it on. Not even close to the same guy, interview candidate was clean-shave. This guy had a six-month beard.
HR took over from there, he never would admit to it and held firm that he was the same person who interviewed and stopped responding once we let him know he was being terminated.
Afterward we did some research and found it's becoming very common these days. You have one guy who basically gets paid to do interviews for others, the person gets hired and basically collects paychecks as long as they can.
This is why we now require photoId as part of interviews and first day. I also now have a habit of taking a screenshot during interviews.
The author of this article mentions the cost was low to the mishire was low. I think that is fundamentally false. We shipped equipment (we got it back but they could have kept it), we turned down other candidates (which we may not get another chance to hire), we removed postings, we had to get multiple HR members involved, legal had to get involved, he had access to our repos, all of that had to be audited.
However, I wonder how the newly introduced DEI-oriented features in the various ATS will contribute to more similar cases or will make companies not use them at all.
We were expanding fast by hiring bunches of contractors, which was already giving pretty polar results. After a while, my team got one too.
They didn't have a computer ready for him yet, so my lead pairs me up with him to babysit basically. We go chill in a conference room and I basically just try to get to know him and explain what we do here. I can tell he's nervous, and since this was my first dev job I remembered that feeling all too well, and wanted to be nice to him.
Immediately, he barely speaks english. Weird, but okay. Then I try to just talk shop with him, and find that I can't get any answers about recent stuff he's built, what he's interested in, frameworks he's used, or even what his favorite language is. They guy clearly knew nothing about software. I laughed to myself in a "not my problem" kind of way.
After a while I finally hand him off and explain the situation to my lead.
Turns out, he had a totally different person do the interview and coding test. And he didn't know anything about software. When confronted with this reality, he simply repeated, "I can do the work, I'll get the work done, I promise." Presumably the plan was to either just try and collect the first paycheck or two, or maybe he even wanted to outsource the work to someone else.
So, maybe don't rework your whole hiring process around this possibility, but at least do a video chat.
This happened at place that I worked as well. Phone interview, went well, guy shows up and can barely speak English. We pretty quickly figured out what happened, escorted him out on day one.
This situation (interviewing for someone else) is not uncommon in the IT/Software contracting field. Even more common is someone sitting across the room from the interviewee and giving answers. Sometimes through headphones hidden under hair. And I am taking about pre covid times where even if the interview was remote the job was more likely than not in office.
What does the manager do when this happens? I have been there. The answer is simple, I did exactly what I would do if the exact candidate I interviewed showed up but fell short of expectations (say used google extensively, or the questions were theoretical and they were good talkers - happens with QA and Project Manager jobs). If they are borderline, give them a task, see if they are able to complete it. A Manager should do it anyway, interviews are hard. Most companies have probation periods for this reason.
Why does it happen/what’s in it for the candidate/contracting firm?
For the candidate a few weeks or months of experience that they can add to their resume. Do it in 3 or 4 places and suddenly you are a mid level developer. Hopefully they also learn a bit of programming in the meantime.
For the contracting firm any money is money.
Sketchy IT contracting forms routinely do this and worse.
If you use sketchy IT contracting firms, you’re vulnerable to this grift.
It’s pretty common. A contractor attends some degree mill back home and is basically a human terminal. They get some training on how to function and send most of their work to a smart guy who does the work of a dozen contractors.
If you allow remote, it’s 10x worse - the folks are almost certainly working multiple contracts.
I've worked alongside some of the sketchiest of IT contracting firms and I've seen this kind of behavior.
One firm just decided to replace the trained contractors working on my BI team with a bunch of junior devs overnight, no explanation, no warning. The fact that BI management kept employing them says more for the suspected "hello money" I think was paid to get them in first.
I completely agree with the do nothing approach. I live in Spain and it feels like they've taken the opposite approach. All the systems are designed to catch the 0.01% of people who abuse the system which makes it impossible for the 99.99% of other people. This means people just don't do things because there's too much paperwork. The result is a non-functioning economy and massive unemployment.
I don't think that is a Spain only problem. As an American, that speaks to me of how most government and corporate systems operate. They are actively detrimental to helping people in need and do a terrible job of preventing fraud.
Here they are more likely to result in punishing the already poor or underprivileged and at times seem to be the way we prop our economy up.
I have this reaction every time some mentally ill person murders some people or sets fire to a building or something.
In general, people react with "The laws need to change! We need to ramp up surveillance/social care/police capability etc etc" or even the "What shall we do? Something needs to be done!" type response.
But I think that usually the answer is "Do nothing". It was just one edge-case disturbed individual. This is not a common event, and will not be a common event. We cannot generalize any learnings from this tragic event. We just keep on keeping on, and know that one time in a thousand a bad thing will happen but for the other 999 times everything is fine and will be worse with more rules and restrictions.
What needs to be done in such a case is to improve mental health care. Make sure disturbed people aren't left to their own devices, but have access to people who can help them.
There’s one reaction to this, my initial reaction: “that’s just common sense”.
But I think it’s a valuable post nonetheless: it’s succinct, it’s a punchy reminder of something we should all try to remember, and as a colleague of mine says: “common sense is not always common practice.”
Trying to fortify some system against some failure mode overwhelmingly often makes it more vulnerable to some other one. This is what keeps terrorists in business.
A lot of that is just developer/general employee incentives.
As an employee, it is far more important for me to avoid blame than to be efficient as I will get no credit for marginal improvements/no hit for marginal harms, but will get blamed if there is a very noticeable bad incident.
I am far more likely to have an annoyed boss from the wrong person showing up to work than driving away 100 candidates as the interview seemed hostile.
So the calculation is heavily weighted towards fortification for me as an employee, as I benefit not from the enterprise value but do from the value of my boss not being annoyed with me.
At the risk of asking a naive and perhaps dumb question, wouldn't this assertion invalidate the entire product class of P&C insurance, wherein that specific asymmetry is directly and entirely hedged against?
Transacting financial instruments is for most entities a negative sum game. There are transaction costs in the general case.
But we can get more conceptual clarity by modeling it as a zero-sum game: one actor wins, one loses. In general the actor with the asymmetrical relationship to forecasts about future price action wins. Sometimes the smart guy loses because he's undercapitalized.
Watching PHDs in friggin "steering outcomes under low gravity conditions" running home to Gaussian assumptions, the Central Limit Theorem, Fourier math, and VAR would be amusing if it wasn't going to put actual hunger on people who no one ever sent the link to HN. In light of the outrageous concrete human suffering, I think I can stifle my amusement.
This is not directed at the parent, I know nothing about the parent's situation.
But god damn am I sick of rich kids. I thought I would get some catharsis from kicking them around like a soccer ball on the biggest field in consumer technology, but it didn't really make me feel any better.
One guy stomping the shit out of legacies at Ivies for a few years doesn't change anything. This year, next year, ten years from now: paper-failures like @sama will still know the right people.
"I didn't make anything anyone wanted, and I'm still rich as fuck."
At the risk of over-reading a situation I know nothing about, perhaps you could use a break from the SV. I had a friend who grew up blue collar in Europe and with whom I worked with in NYC. He spent a couple years in SF for his career and just about ended up strangling people. I visited him in SF for a weekend and nearly ended up in the same place. Ultimately, he ended up back in NYC and back to his usual happy go lucky self.
For all the criticisms I could make about rich kids in the Bay Area, it is simply that they are _lame_. I'm nothing but a middle class public school educated child of immigrants myself, but I always keep in mind my mother's somewhat cynical advice -- "always remember you will work twice as hard for half as much in this country" followed by "and it will still give you a better life than where we immigrated from."
If I can give you a piece of advice (maybe advice is too strong a word, as this is really just a coping mechanism for me personally), it is to remember that the karmic gears of time tick slowly but inexorably. To be a paper-failure 10 years from now that didn't make anything anyone wanted and to still be "rich as fuck" is a certain kind of Dantean hell in and of itself. Your entire life is the real life version of the Chinese "heaven's ban" where you are surrounded by sycophants who always lie to you to get access to your resources, and anyone else worth knowing would never want to associate with you because they deem you a clown and a fraud. You never learned the skills during your formative years to stand on your own two feet, and now you are too old to do the work that brings at least its own intellectually stimulating and market validated reward, as well as the respect of people in the world who are most worth associating with -- never mind the respect of salt of the earth people!
Perhaps this is my NYC elitism creeping in, but I wouldn't switch lives with such a paper failure SV talking head if you paid me. They'll never have taste, or be able to truly enjoy the finer things in life, or stand on their own two feet, or live in a truly cosmopolitan manner; they'll never have the edge to be as good of an operator as me or the operators I respect. And they will always know that deep down inside they are inferior no matter how hard they posture -- in a sense, I am more free than they will ever be, and if the pinnacle of life is to "live free or die" then they are effectively the walking dead, while I am breathing my own air free and clear.
Where was I going with this rant? Ah yes. Perhaps you need a break from SV because it's only there where these sorts of folks receive any kind of societal acceptance. I'd recommend either the east coast (I love NYC and it's never been more fun), or southern Europe (Spain and especially Portugal have always been nice to me). If you stay long enough in the SV echo chamber, it will warp your thinking and make life seem a lot less sunny than it could be.
In my opinion (and this is having no idea about your personal situation), I view it as just a bubble where you happen to work to make your living, and you can always exit as you please when you need a break or you've had enough. Hope I haven't been too presumptuous with this post and that I've at least been a little helpful.
I'd like to really thank you for taking the time to thoughtfully comment on a kind of pissy remark I made. Just about everything you said ties out with my own intuition and experience.
For context, I spent ~10 years in SV, then another ~3 in NYC (but for an SV company most of it), and now I'm back in San Diego where I'm from. I think you're right on the money that I'm a more than a little over-rotated on the SV worldview. I'm generally a bit more balanced and...diplomatic about it, but when a rough week brings out some weapons-grade snarkiness? I'm clearly at least somewhat wrapped around the axle about it.
It's not so much that other people worked less hard for way more money that grinds my gears: I've lived comfortably on each of 3-ish orders of magnitude in terms of income, net worth, etc, and if I pulled out all the stops I could probably grind a bunch more cash out of my career than the perfectly reasonable amount that obtains. I work way less hard for way more money than a lot of folks around the world and feel a bit guilty about it in fact. Maybe humbled is a better word than guilty.
I think that I spent way too much time around people who attributed success to intelligence, insight and hard work, when it was actually due to intelligence, insight, hard work, and a lot of luck. I know some absurdly rich people who acknowledge that there were at least a few dice rolls along the way, and those folks don't get under my skin. Coincidentally or not, those folks seem to not have a bunch of opinions about how other people should live and work and a megaphone.
Andreessen is not far off with the "software eating the world" stuff, in some sense caring about the culture of the tech scene is a bigger and bigger part of caring about society in general every year. And I think that ultimately what bums me out is that YC/HN was one of my key/formative inspirations when I was getting serious about math and technology. Things like the T-shirt that says "I made something people want" that you got by selling a startup to people who enjoyed the experience really spoke to me.
For all I know sama and seibel are really smart, really solid people, and I regret calling them out on hearsay. I know at least one person who I trust and respect who knows sama personally and thinks the world of him.
But optics matter, and I'm probably not the only person who stopped believing in Santa Clause right around the time that pg handed the reins to the guy who needed a bailout on Loopt, and got kinda morose around the time that the Loopt-bailout guy handed the reins to the Socialcam-bailout guy.
I think ultimately I'm obviously very touchy/sensitive/negative on the topic because YC/HN was a childhood hero that ended up being the same damned nepotism that it was supposed to replace. At least MIT is available to anyone with a YouTube account and some time. YC is the new MIT and much, much more exclusive on the basis of who you know.
That's enough of the pissy part: I've got it insanely good for a guy whose grandparents worked in coal mines and gratitude around that is probably the right thing to focus on. It was a rough week.
Thank you again for such a compassionate and thoughtful reply, you've given me plenty to think about. Cheers.
Oftentimes things that are common-sense at the macro level are really hard to implement or remember day-to-day, and as you mention stories like this can be good reminders to keep perspective.
I.e. when investing in the stock market it's almost common knowledge that silently putting money in an ETF every month will outperform almost everyone, even professional traders.
Overreactions to day-to-day things like corrections or a 1-in-a-million hiring situation break the obvious macro strategy
The investment analogy is a pretty great one in my opinion, and very timely given what I think we're all sort of agreeing is a set of asset bubbles driven (mostly) by "accommodative" monetary policy.
When an asset class is going up and up and up, FOMO can get even serious professionals to go long at a (relatively) high price, and gloss over the risk management. When things correct a bit, a lot of folks realize they hadn't managed the risk and get short "before it gets any worse".
This is probably the most common way to buy high and sell low, and while retail investors probably do more of this than hedge fund managers, hedge fun managers also do it.
Dollar cost averaging into a diverse set of ETFs is the simplest and cheapest thing that gets you highly competitive returns (at least to date). But I think that this is more to do with how much it takes emotion out of the picture than that SPY is like, ideal. Buffet, and Michael Burry, and others have demonstrated that if you're willing to spend years to decades of 16-hour days reading public filings in a drab office, it's not "hard" to beat the S&P. But those people are a lot more dispassionate about their trades than I am, and I suspect than most people are.
I feel like I've experienced similar situations with post mortem and sprint retrospective processes. Sometimes shit goes wrong in a sort of unique way and people go too far with wanting to have the outcome always be "we will do X to make sure Y never happens again", even though X is more costly than Y in terms of engineering effort and business value. So I think this is also applicable to software design.
It makes me also think of the poorest in our populations. Governments that have support systems for struggling families have put in hurdles to accessing those funds. It has the benefit of preventing abuse of the system but we need to be careful how it may prevent access to those who need it.
Thomas Sowell's theory was that the primary reason most of those systems were put in place is not so much to prevent abuse but to guarantee a level of security/power/income for the bureaucrats.
Every stupid process in social services is driven by the NY Post and similar outlets.
Q: “Why did nobody notice the baby is sick?” A: Babies are weighed in every interaction, which is humiliating to parents.
Q: “Why didn’t you stop Sally from enrolling for benefits in 2 counties?” A: Fingerprint indigent beneficiaries, at their expense.
Q: “Why should people on drugs get welfare?” A: A family loses crucial benefits because mom smoked weed.
Bureaucracy builds walls out of process to remove individual agency. But politicians design programs to meet different goals, and social services law was no different.
Hence most of these systems are so shitty, like that both sides of the aisle benefit. Bus shows up only every 120 minutes? One side says "we told you it wouldn't work", and the other side says "at least we tried".
Excellent point. Some people/media/politicians are so terrified that someone might get money they're not entitled to, that they design paranoid systems that are likely to deny people money that they are entitled to.
Netherland recently had the long-running scandal of the "toeslagenaffaire", where the tax service had a tendency to assume people from foreign ethnicity or double nationality might be committing fraud, and gave them additional checks and hoops to jump through, leading to a lot of people to be treated as criminals and have to pay back money that they did have every right to. Was incredibly poorly handled, government fell over the scandal, but the new government consists of exactly the same parties, with the same PM, and I have no faith at all that this won't happen again.
Very much so, these systems are often needlessly and unfairly adversarial. And I assume quite often the system is not even saving money overall by doing so.
> designing a human process around pathological cases leads to processes that are themselves pathological.
A-fricking-men.
Is their a variant of this that I could use on product managers who make knee jerk demands for feature/changes based on bizarro interactions with high profile customers?
Following this too rigidly will also get you in trouble. As we've seen recently with tech enabling things like stalking and harassment which while pathological are harmful and widespread so do need to be accounted for by process. It's a good consideration but you're still stuck back where you started with your own judgement.
I kinda agree, I think. We’d have to get down to use cases for me to see if we’re on the same page.
For me, a certain aspect of the pathological process here is one that ties to correct the pathalogical symptom. I don’t think any process that plays whack-a-mole at symptoms will ever have much success.
The quote that springs to mind is Henry David Thoreau
“There are a thousand hacking at the branches of evil to one who is striking at the root.”
So I’m ok with the assertion that well founded process can/should guide behavior, but if we just throw exceptional process corrections at exceptional behavior as mentioned in the article, we get gridlock and the classic story of “why we can’t have nice things.”
> a certain aspect of the pathological process here is one that ties to correct the pathalogical symptom
That's not how I had been thinking about it but rings true for me. I have approached it more from "the mitigation should be proportional to the potential harm" angle. But I like your model, it gives a little more guidance on what sort of changes will be successful.
Are you asking how to create your own pathological processes to use on PMs? That would be CYA emails tracking their decision making process and the costs associated.
No. I was curious if there was a way to somehow kindly express to demanding product managers "you're requesting a feature that is a knee jerk reaction to a meeting you had with someone, but the ramifications of what you're chasing are far reaching and will degrade the product generally". Or something like that.
The idea of turning the tables and being counter-pathological hadn't occurred to me... until now. :D
> designing a human process around pathological cases leads to processes that are themselves pathological.
The Leetcode interview is surely one of these? Designed to catch out that guy who can't reverse a linked list, the kind of thing that pretty much never comes up as a real job requirement?
Most processes are designed around shifting blame. It doesn't really matter if the person is good at the job or not, what matters is that no one can blame you specificallly when it happens.
If you want your process to be effective, you need to account for this e.g. the famous 'stop the production line button' that people can't be blamed for pressing.
Not sure what you are referring to, but when interviewing at e.g. Apple the whiteboard is not meant to suss out impostors, it’s to get a better understanding of the person’s thought processes, to separate the smart from the brilliant.
In this particular case, the fraudster was detected because the person handling the interview was also involved with the person on their actual work day. But how many large corporations have an impersonal interview process handled by HR, while during their regular work they become a cog in a machine that nobody notices?
The best defense against this sort of fraud is clearly to have a human, humanised work environment where people are seen and appreciated, where candidates are interviewed by their team mates, etc.
I've been in an interview process where we played a game with my future team mates: everybody tells 2 truths and 1 lie about themselves, and the others have to guess which is which. It's fun, you get to know each other, it's memorable, and any fraudster like this will be immediately spotted on their first day.
While I agree with the author in principle about human processes, as someone who has done a lot of virtual interviewing lately, I think it's worth rethinking the virtual interview and hiring process from first principles. Much of the virtual interview experience is built on the traditional interview (so much so it's always being referred to as a "virtual on-site"). You think asking for an ID is hostile? I'd argue virtual interviews are already hostile in many ways.
I believe the "Ask for ID" is a strawman that wouldn't be helpful, but there are likely non-invasive steps we can take if we spend more time thinking about it. If nothing else, it may result in a less hostile experience for all involved.
I remember learning that the reason school busses don’t have seat belts is that as a transportation method, busses have such ridiculously low mortality rate that you don’t want to change anything. Almost anything you might do could only make things worse.
It’s sad the author even had to write this article, but a lot of devs do act and think like this. It’s also one of the reasons bullshit bureaucracy seems to be ever growing.
A lot of that is just developer/general employee incentives.
As an employee, it is far more important for me to avoid blame than to be efficient as I will get no credit for marginal improvements/no hit for marginal harms, but will get blamed if there is a very noticeable bad incident.
I am far more likely to have an annoyed boss from the wrong person showing up to work than driving away 100 candidates as the interview seemed hostile.
When I was younger, I worked for my cousin, a labour job, and he hired some of the local natives. One guy didn't show up after a few days, but his brother did. He was put to work. Then a few days later, a cousin. Now oddly, they each could have had a job, but nope.
So I asked my cousin how he handled it, and he said he hired the one guy, and the cheque would be made out to the first guy, income taxes filed in his name, and he could square up with his relatives, or not.
I guess for a lot of jobs it's not actually that relevant who does it, as long as someone does.
In fact, as a freelance contractor, I have the legal right to send a replacement software developer if I'm not available. Of course I won't, because I know very well that in software development this is never going to work, but technically I'm a company with a contract to send someone to do the job, which means my responsibility is to send someone capable of doing it, not to do it myself. In practice of course it's always me, but contracts often specify explicitly that I could send a replacement, in order to make very clear to the tax service that I'm not an employee but a contractor.
What's very interesting to me is that the Byzantine, multi-day, "we can't afford to make a mistake" hiring practises are so normal in the US, most of which allows easy firing without cause. It's a truly bizarre combination.
I work at Google, and I understand it here. Yes, Google can technically fire people very easily, but culturally Google doesn't want to do this. Google doesn't want to be quick to fire full-time employees, generally speaking.
So in practice, policies are in place such that firing people is actually somewhat difficult or lengthy, even though yeah, legally Google could fire almost anyone instantly. So if they hire someone who sucks, getting rid of them would be somewhat challenging just because of those self-imposed policies.
While I sort of agree, the potential impact of someone smuggling in a bomb in their shoe onto a plane is obviously overwhelmingly larger than the impact of hiring a fake cheater guy for your corporation.
Part of why the answer for hiring fakes is 'do nothing' is because the downside there just isn't that bad, it's several orders of magnitude less destructive than "plane with dozens of people on board explodes".
So why stop at airplanes? Why not subway trains, elevators, Starbucks?
Is it because someone tried in an airplane once? Tried and failed? Would you change your mind about Starbucks if someone tried and succeeded?
The whole point of that article is that you can’t design around extreme edge cases. If we used shoe bomb security theater logic around all aspects of flying, there would be no airline industry.
Sadly, for some people out there, any part of the process not swaddled in shoe bomb security theater is an opportunity to kill dozens of innocent people just waiting to be taken.
This reminds me of the "how do we stop people watching pron on the internet?" thing back in the 90's when we first starting giving people internet-connected computers.
The answer, of course, was: "the same way you stop them reading a pron magazine at their desk".
But because it was all new, and there was technology involved, there were lots of people who felt there should be some technological answer to this.
So, yeah, I agree with the article: Adding process to solve a management problem from a pathological minority case is never the right answer.
How would you solve this situation if the interview process wasn't remote? Being remote changes almost nothing about the situation, after all.
> We could ask candidates on video (or in person) to see a photo ID and match the ID against the resume. But this would seem very weird. It starts an interview off in a hostile manner, and send the a strong message of distrust. Honest candidates – which are, remember, the vast majority – will wonder why the heck this company is acting so weird, and will rightly see this as a red flag about the company culture. There will be negative consequences for your hiring practices.
This sort of verification is already being used for some KYC processes by financial institutions (i.e., take a live video of yourself holding your ID that’s uploaded for verification). It’s probably a matter of time until this is so normalized with virtual KYC that people wouldn’t care much when asked to do the same by a potential employer. The process already excludes certain people (like the transphobic process mentioned in the article).
There is always a cost to the company for an incorrect hire, regardless of the underlying reason. So I would expect company HR teams to read that (widely shared) post and formulate strict identity checking and recording mechanisms so that they can absolve themselves from what may seem like an oversight or error. It also fits well with the typical HR style that’s more about controlling employees than about enabling/helping them (apologies to any good HR folks who are out there who struggle against the weight of the systems).
It’s probably a matter of time until this is so normalized with virtual KYC that people wouldn’t care much when asked to do the same by a potential employer.
Though as it becomes more common, it's probably also a matter of time before software is available that lets someone hold up a green card and it's replaced with the document of their choice on the video feed.
Of course it's an arms race, but they already have countermeasures in place: asking you to partially obscure the ID with your hand, asking you to show how the holograms change as you tilt the ID, etc.
I'd think that's all relatively easy to compensate for, just film (or create in CGI) the card held in different directions, then merge into the green screen card.
Seems like it'd be better if chip card readers became ubiquitous on home computers and mobile devices, then we can scan our drivers license or other government ID to prove that we have possession of the physical card (and when making online purchases we can scan a credit card instead of typing in a number that can be stolen).
Person B didn't sign anything, person A is guilty of fraud, so I don't think there's anything to design around here, "you didn't sign the contract, you don't work here, good day."
Thanks for posting. I wonder if the author's conclusion would differ depending on the subject's relation to this type of incident? For example:
- You provide a service in this domain and are aware from the news that this is getting more common
- You provide a service in this domain and your customers tell you this is annoying them, and the story has amplified that issue, making things uncomfortable for you
- You perceive that you can provide specific value in this kind of situation, as someone who can change the dynamics of the issue with an intervention- or diagnostic-type product or service
- You see this news as a way to highlight the additional value of your offering, for example your industry group or union provides additional leverage by vetting or screening
Just some thoughts & questions as to interest, scope, and leverage outside that particular office.
you're talking about how it might be different from a recruiter's point of view, thats what you mean by "a service in this domain", "your offering", etc? I'm guessing, not entirely sure what you mean, why not just say so?
See how quickly you tried to narrow it down? This is tricky because the scenario seems so easy to contain in a given example, the straw-example-man so to speak. But the point is not the job or intersection of job titles, it's the conversion of scenario into broader principle. The author has started this pathway for us in their post.
Abstraction allows one to theorize and stay big-picture more effectively, so if a different but still relevant individual or position comes into play later, the rules aren't instantly outdated.
I wouldn't limit a message or rule to a position like "recruiter" if I wasn't sure that's exactly who I wanted to speak to, because that just leaks leverage all over the place.
And also, I'm thinking of many different positions, possibly hundreds, not just the poor recruiter... They do get a lot of flak :D
I'm just trying to figure out what you're talking about ("leaks leverage" what? what even is a "services" in the "domain" of... interviewing?), but ok.
You used the word "just" in both replies. It's a word that often comes up when a new way of thinking or a new angle may be discussed. But "just" is almost always that word which demands that past understanding be brought forward. It will block new insight. (It is a great word for communicating, "if it's not simple to understand, and if it's even this inscrutable, then how can it be true" which is a kind of fantasy-fallacy.)
If you have a question about new information, and if it's out of legit interest, it's better to stay away from "just" unless you are firmly on the side of life being mansplainably simple in any given case.
At this point it's too weird to go into the rest though, as if to convince you that I have great ideas. I'm not exactly some kind of employment wizard and I'm not writing for an audience. "Leaking leverage" ought to be metaphorically simple enough to puzzle out with some interest in the problem...
> You don't seem to be writing to be understood, which is of course your right
Okay, that's quite a projection. I think it's better to admit that this is your assumption, maybe even informationally based on someone saying they aren't writing for an audience. This layer of interpretation carrying some emotive personal confirmation is getting in your own way. You feel pain, emotional suffering, look I'm doing my best but this whole topic was derailed by trying to take the original comment off into a single, assumptive concrete example way too fast.
IMO you are also writing for yourself here whether you know it or not. Read it over. Better to embrace that aspect. It may be a new and frustrating type of discussion for you, I get that. If you stay with the abstractions, build up from there without assumptions, I don't think this would be an issue.
I've interviewed at places where the hiring manager would give your name to the front desk, and the front desk would ask for ID when you showed up and signed in. This never struck me as weird, maybe because the front desk checking your ID was standard practice in NYC by that point.
That's likely a building security practice, and the hiring manager never sees your id. That's a bit different from the hiring manager themselves asking for it before even being willing to talk to you. And building security is likely to let you through with a convincing story if you know what name they're looking for, after noting the name on your id for reference in case there's a problem.
At any rate, the article is right, this probably causes problems for some candidates (especially, but not exclusively, trans people). But if it's common practice in NYC it's likely most local candidates are used to navigating it. That's less likely elsewhere.
It's part of standard building security in numerous large cities.
There were a number of incidents in which attackers gained access to office towers with deadly effect. One that comes to mind is the 101 California shooting in San Francisco in 1993.
> But this behavior – having someone else pretend to be you during a job interview – is so far outside anything that normal people would consider that it’s simply not measurable on the same axis as anything job-related.
I am not so sure that it is rare enough that you don’t need to think about it.
We do know that it also happened with the SAT and ACT college admission tests
Except that something was done to prevent it happening again - the person was almost immediately fired.
The author is arguing that prevention in the interview process would do more harm than good, particularly because there are already processes in place to deal with this issue.
I think the SAT/ACT example is different. With a new hire in a technical field, it would just be so obvious if someone interviewed with a fake.
I don't see how that is comparable. With SAT/ACT once the test taker steps out of the hall there is literally no way to face any consequences. In this case you have to actually show up to work and prove that you are fit for the job you interviewed for or you will quickly be fired.
At a minimum, many companies will check ID before letting you enter the building. This seems like a security risk not to do this, and NDAs are hard to enforce if the person that signed them is not the person they claimed to be, so the approach in the article of "do nothing" may not really be a good one. Checking ID at a minimum seems fine.
That being said, Facebook was (as expected) particularly creepy since you need to use your real FB account for a lot of their tooling. Just by entering their (busy) lobby and without ever telling anyone who I was, they already knew my name and what I was doing.
As long as results happen, things move forward, are we not all happy?
What if the remote role was ostensibly being done by one person, but in fact they delegated to a team of people? A team of people that themselves come and go but all get managed into the same bodyshop? Does that matter as long as the work's getting done? What if, to mitigate potential loss of IP, a third-party information security policy needed to be agreed? Is it then turtles all the way down?
Trust matters in relationships. Finding out that a working relationship started off with a lie is going to poison that relationship. I’d forever be wondering what other as shortcuts and risks they are taking. Are they taking shortcuts like incorporating code we don’t have rights to into the product? Will they some insecure shortcut and leave me vulnerable? More importantly, what would my customers think of they knew that the company they entrust their valuable data with was willing to continue to employ a person with such ethics?
The advice here seems to correspond fairly strongly with those of statistical process control, the method championed by Walter Shewart and W. Edwards Demming.
Processes are modeled as having "normal" and "special" causes of variance. In managing processes, there are risks involved in overmanagement of either, though the Wikipedia article linked below doesn't seem to mention these.
For special causes, building too many special-case checks can create an ossified process. For normal causes, a problem may arise that in attempting to manage what is essentially normal random variation, additional variance is added to the system, or management processes themselves inject further variation or failure modes.
For an example I only just ran across, the Fermi 1 nuclear reactor meltdown incident near Detroit in 1966, and event which gave rise to a book We Almost Lost Detroit, and a Gil Scott-Heron song of the same title. The cause of the meltdown was determined to be "zirconium metal plate that was installed in the reactor as a safety measure", according to a Detroit Free Press article on the incident. Not the first or last time safety equipment has contributed to an accident --- think of the 737 Max and its MCAS system failures, or the thermal insulation cladding of the Grenfall Tower which precipitated a disasterous fire.
I may be mis-recalling or mis-understanding Demming's points on process control, and if anyone could help nudge this the right way I'd appreciate it. I'm pretty certain there is a connection however.
I'm not sure someone who did this could be fired in sweden, not without rock solid proof that someone else impersonated them for the interview, and even then it would be a long long process.
If someone tells you that annulling a contract because of obvious fraud would be a long process, then they are probably a lawyer.
You just cancel the contract and be done with it. The fraudster is probably not going to sue, because it would just put them at risk of being found out.
If the fraudster does sue, it could turn into a lengthy process, but with multiple witnesses who can confirm there was someone else on the interview I doubt it would go very far.
Oh I expect the fraudster would quit if they are challenged about it, but people are insanely afraid of conflict around here.
Hiring someone is pretty much a choice the section heads can make. Firing someone, pretty much no matter why, is a choice the top level boss, 4 layers up, has to make, and they(government) are required to inform the unions a month in advance.
In Germany, during probation (the first 6 months) contracts can be terminated by either party without giving a reason with two weeks of notice. In that case I assume the employer would simply fire the employee on day 3 (assuming it takes a while to figure it out and come to the decision), pay two weeks of salary and move on.
The article makes some good points, but it also shows that the author doesn't have a lot of hiring experience on the closing end (after the candidate has passed interviews).
"For example, anyone who goes by a name that doesn’t match their government ID could be forced into an uncomfortable explanation"
I've seen this happen more than a few times, and the explanations are seldom anything you'd have sympathy for when discovered during a background check. People with good reasons will tell you up front.
In the UK all of my final stage interviews had me bring in an ID and National Insurance Number for a photocopy for their records. Has been for over a decade.
Seems a simple enough solution, it’s expected and it’s something the company needs in order to pay me. It’s not a start of interview hostile question, it’s usually something we sort out in the formalities, along with what equipment I’ll need or be using, sorting out ID photos.
The ID system is a lot more fraught in the US - most folks don't have a national ID, and the national insurance (social security) number is just printed on a bit of cardboard. The processes to obtain photo ID vary from state to state within the US, and may be extremely difficult in some cases (lost birth records, born to undocumented immigrant parents, etc).
It's also a hot-button political issue in any number of directions (i.e. requiring photo IDs to vote, or allowing trans folks to change their name/gender on government-issued IDs).
This is something I find fascinating about the US, there's people functioning in society without photo ID. Official documentation, or things you can use as proof of something, are often trivial to fake. A social security card is a 1950s looking piece of cardboard. More recently, the CDC covid vaccination card is a simple piece of paper that not only lacks vertification features but doesn't even have a routinely used unique identifier for the patient. Before learning this, I used to associate lack of robust ID systems with developing countries.
I know there's a segment of society in the US that associates robust IDs with government overreach and dictatorship, but I see it as fallacious. Yes, communist dictatorships did have a "papers please" system, and you can still easily encounter an ID check in Russia for instance. As somebody who lives in a free and well-functioning country though, I consider a robust ID system to be both a boost to my freedoms and a great convenience.
It's essentially an authentication and signing system. It allows me to positively authenticate myself in any interaction with the government, and thus protects me from impersonation by others. It allows me to sign documents in a way that establishes a chain of trust between the document and my ID, which protects me from fraud. And since interactions with the government are relatively rare, the best part of the system is that it acts as a trust authority between me and third parties. If I want to enter into a contract with some other private entity, the government ID system provides us both with authentication mechanisms that we trust.
You're talking about Right to Work checks, which are a legal requirement. Companies can do these earlier in the process, but they wouldn't want to due to having to consider the GDPR and Data Protection Act when holding that data.
When I read the original article, my first thought was – there are so many companies that don't mandate the hiring team interview their own candidates. Applicants are interviewed by random engineers from anywhere in the company, get accepted, and are then matched with a team. How do they even detect this case? And I'm talking the likes of Facebook and Google, not random small companies.
Asking for a photo ID during or after an interview to ensure the interviewee was who they said they are doesn't seem pathological to me. I've had multiple interviews do so in the past with no issue.
And with sensitive or valuable data, a week is a long time to let an unqualified or unidentified person have access to your system.
This is a bit of a "tree falls in a forest" situation honestly. If an employee does this and then succeeds at the job, is there actually a problem? If they turn out to suck and need to be let go because they're unqualified, or because they lied and are unqualified, what's the practical difference?
Like, certainly there's a gut level "but that's wrong!" reaction but is there actual, meaningful, unique harm caused that is not addressed the same way as all new-hire harm is: via a probationary period.
What does that actually get you, beyond cursory verification of your TIN and the customary background check? I look nothing like my valid photo ID, which was taken just over nine years ago. I now have a nose ring and a shaved head, I've lost my facial hair,and I carry forty pounds more muscle than I did in 2013. Lots of folks with nothing to hide don't identify as their gender in their photo ID. How can you tell over Zoom that the ID is real and undoctored?
Other than added effort, it's also highly sensitive data. My barrier to showing an ID is far higher than jumping on a zoom call - even more so since it's so rare, the question would immediately raise suspicions.
I mean the tl;dr is "it was an uncommon outlier", which is fair enough - no changes needed. But if this becomes a fad, ID verification will become a thing - and I don't think it's too much to ask given you're engaging someone in a contract worth hundreds of thousands over the years.
The new hire who showed up is not the same person we interviewed - https://news.ycombinator.com/item?id=30150343 - Jan 2022 (600 comments)