Slashdot Mirror
Outsourced Confidential Data On Children Posted
Kataire writes "MSNBC exposes a grievous blunder in which an outsourced programmer posts highly confidential data to a public website, concerning the daily whereabouts of hundreds of children in upstate New York. Yes, this person did this not once, or twice, but three times, with two different data sets. Even worse, the data was out there, publicly 'visible' for months. Just because RentACoder finally discovered and yanked it, after a coder 'stuck with a tricky formatting issue' posted the specific database he was working on to their messageboards, doesn't mean the damage is undone. The ramifications reach beyond the painfully obvious privacy issues, touching on outsourcing and peer ethics."
wait for it....
wait for it...
NOW!
Who do you trust? And who do you get to solve something like this?
Do you say, "Only certain government approved facilities can deal with this sort of information?" Seriously, should I feel that someone "government sponsored" is better off with my information than an outsourced programmer in India? Who gets to play Big Brother? And what will they do with what they know?
You can take this to the extreme, and be wary of anyone to handle private data about you. But then, if there's that sort of outcry, nobody would be able to handle it, would they?
I suppose it's better than having the Smoking Man from the X-Files having a file about you, and a blood sample. I find most programmers to have a certain level of professionalism to what they do.
I personally have access to roughly 10,000 credit card numbers. I'll never abuse the fact that I have access to them. But on the other hand, I'm not stupid enough to post all of them on the net for everybody to see, either.
I hope anybody who ends up doing something that stupid becomes a victim of identity theft. That'll really open their eyes to respecting other people's privacy.
By the way, I hate how everybody gets up in arms over the fact that this is data from children. This is horrible for ANYBODY to have their information posted on the net like this. And it could have been worse. It could have been a list of women tying them to the current Battered Women's Shelter they were staying at.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I'm sure the "it professionals" on alt.pedophiles were more than happy to check out the db issues for him.
When you're looking to cut corners, be careful who you give the scissors to...
Obliteracy: Words with explosions
Why is the government (through sub contractor or not) outsourcing to begin with? Maybe this is the reason Bush came up 249,000 jobs short of his goal of 250,000 new jobs in 2003.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
Talk of identity theft, damaged credit, and so on may not rile up the Soccer Moms of the world, but once something affects the children, watch and admire as their mouths begin to froth!
Myself, I'm always careful about 'stripping' any information when posting code samples or looking for help in Forums. I'm surprised this isn't reported more often...
I wonder if the parent company that hired this 'outsourcer', even knows that their data has been compromised...
This really hits the dot on the head and will not curry favor with anyone considering outsourcing.
I can't seem to find the database in question, could somebody post a mirror? (tab delimited is ok)
outsourced programmer posts highly confidential data to a public website, concerning the daily whereabouts of hundreds of children in upstate New York.
In other news: Michael Jackson to move to NY soon.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
When you outsource, you run the risk that the individuals doing the work do not share your company or even cultural values. If you are not willing to take the time to make sure that your outside contractors are what you expect, this is the kind of thing that will happen. Few companies really understand this.
Floating face-down in a river of regret...and thoughts of you...
serves those corporate fuckheads right!
Its basically putting a sign saying rape meon each one of the kids on that list. I can see putting a list of people whicht they already do which is called a telephone book, but children come on thats just sick. Whats next a guy in a purple suit is going to be knocking on thier door asking them if they want to join NAMBLA.
MonkeysKickAss
This, and the Florida case will be brought up again and again. And I am sad to say that these are just the beginning of a long decline.
I have seen some people spread data via slashdot comments encoded with base64 and encrypted. (anyone have a link to a specific occurance - at least one time someone decypted it and posted it) Could slashdot be used as a way to anonymously leak information like this, and use slashdot's general policy of "just mod to -1, don't delete" towards comments as an advantage? Unlike other forums, posting anonymously leaves nothing but a MD5SUM of your ip to be used in court. Also, if you "post anonymously" while logged in, slashdot caches your username. You can verify if you have mod points by noticing that even when you post anonymously AND change your ip address, you can't mod up/down the comment.
This is a great example of the risks of outsourcing your IT infrasturcutre, and it's exactly why offshore outsourcing is doomed to failure. One or two high profile cases of millions of records of data being sold to (insert "terrorist" organization of your choice here) by low paid coders, and CIOs won't be able to move their IT infrastructure back in-house fast enough. It will be the IT Enron. Those of us left in IT will rejoice. :)
oh, wait.
Officials at the New York State Office of Children and Family Services and in Livingston County, where the incident occured, are investigating. Livingston County's social services office is located in Lima, just a few miles south of Rochester, N.Y.
If it's an outsourced programmer, shouldn't it be Lima, Peru?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
...fill-in-your-dogma. And be wrong. Shit happens to everybody. Don't be so quick to justify some religious issue by pointing out isolated incidents.
Couldn't a "non-outsourced" developer make the same mistake? What does this have to do with outsourcing at all? Seems to be a very leading post to me, designed to generate the usual angry, anti-outsourcing replies.
All your favorite sites in one place!
There is, however, a significant threat of emotional stress from knowing that your sensitive data is in strangers' hands, and the very real threat of this data being exploited in some way. I personally think the government should at least reward the families with money enough to relocate if they feel threated. What are y'all's thoughts on this?
As much as I feel the outsourcing trend is not a good move, both for my career path and the US industry in general, this 'news' neither adds nor subtracts from the debate.
It would be better titled:
"Idiot makes mistake, exposes private data to Net. Sound thrashing in progress."
Anything is possible given time and money.
How do you feel about outsourcing the programing done on medical record programs?
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
I wonder if they've checked the wayback machine at archive.org.
One line blog. I hear that they're called Twitters now.
Those in the medical industry such as myself have a deep understanding of these issues. The government of the United States identified the amount of this kind of sensitivy in the information that we keep, and decided to pose some restrictions on how we handle it. For those who are interested, feel free to google for "HIPAA," and be sure to read over the consequences for disclosing "PHI" to unauthorized sources. Perhaps these kinds of sensitive information handling rules should be global, and not industry-based?
Jamon
I can count to 1023 on my hands. Ask me about #132.
That he has even tought of posting his customer's true dataset is inforgivably moronic. Whether it was data on children's whereabouts, credit card information, or even "just" accounting information on some business.
While it is true that not revealing your customer's data is the ethical thing to do, it's also just plain ol' common sense.
Though I should perhaps say vintage common sense. Seems that product has been discontinued for some years now.
-- MG
... or, perhaps, the awesome stupidity of human power.
I've been looking at that site for a while. There's some dubious stuff going on from time to time. One of the things I noticed recently is this bid request:
....5V/12V etc. I know what I will get after that "A dead motherboard". Don't worry I have three extra motherboard and a flash utility to backup/restore bios boot block. (emph. mine)
I want to know flash bios writing example for my educational purpose. I want to to write "abc..xyz" on flash bios boot block. Program should be compatible with various chipset motherboards like Intel 810,815,845,SIS 530/630,VIA,ALI (and so on...) and also
compatible with Award BIOS/Americal Megatrends having different flash chips or capacity like
Intel,SST,WINBOND,Atmel,EON
I wanted to reply: "you aren't accidently writing a virus, are you?"
lucky for all those on the list of the guy sueing the penis enlargement companies that that was not the db released.
Those guys would never find a date if all women knew of their "little problem"!!
I have tried so far to be patient and tolerant. To be patient and tolerant is to be a good person.
= zd nn
But there is a line.
Every person who is reading this article, every person who wrote this article, is wearing an "outsourced" shirt (maybe even made in India! look at your textile tag!), looking at an "outsourced" watch (usually Taiwan), staring at an "outsourced" computer monitor (again, Taiwan), and ready to drive home from their job which is "threatened by outsourcing" in their "outsourced" Japanese car. This is the way of the world! George Bush, the popularly elected president of America, meets at Free Trade summits, and this is Free Trade! Why should anyone whose entirely life is purchased of "outsourced" products complain of "outsourcing"??
Well my large personal escaping out of the way, it is a tragedy and a flaw what has happened in this article. However I believe it has happened many times before with American firms as well.
http://zdnet.com.com/2100-11-526757.html?legacy
No?
So, we are trying not to make these mistakes as well. I can say that at least here the discipline is greater. This person will be beaten for sure.
Who the hell thought to give him REAL information about these children in the first place? A fake datase would've worked just as well for development purposes.
You can't judge a book by the way it wears its hair.
...has been whipped to a bloody pulp with a wet spaghetti noodle for dishonoring his mother country by making a blunder when asking for help at an online forum. Apparantly the deceased had forgotten to remove sensitive information from a post for help on a public forum. There will be no funeral services, nothing is left to be burried.
I can count to 1023 on my hands. Ask me about #132.
OMFG an "outsourced" programmer makes a mistake. Well if case this doesn't protect your holy US of A jobs then nothing will. Pesky foreigners.
a user named Mark Dennis, stuck with a tricky formatting issue, posted his question to RentACoder.
Chist, they're even stealing our anglo saxon names, is there no end to this perfidious threat?
-- Free software on every PC on every desk
Holy shit, I love slashdot racism.
I see several problems:
1) Looks like the IT work was being done on a budget. I mean they are not hiring Anderson to do this stuff right (OK, bad example, I know...)
2) But someone was paying SOME money if it could be subcontracted multiple times and the work was getting done...or was it.
3) It looks like it was contracted DOWN past someone's ability to do the job. It is kind of the opposite of the Peter's principle. Non interesting IT work keeps getting pushed down the chain until it is in the hands of someone that can't do the job. (If I just invented it, please don't call it the chamilto effect as I don't want my handle associated with this behaviour)
4) At the bottom of this there is always some careless sap that didn't know what they were doing wrong should get them slapped upside the head for thinking about it. This person was even worse because the article states that someone pointed out to him his error and then he...DID IT AGAIN!
Incidnet's like this require multiple wrongs and then will require a whole lot of legal work and policies and rules and regulations that will be once again thwarted by the idiots that inhabit this planet.
Magic Eight Ball: Outlook not so good., Hmmm, how about Excel and Word?
Rather than mod you down, I'll just let you (and all the other knee-jerks) know that THIS WAS NOT AN INDIAN PROGRAMMER. This was a guy named Mark Dennis. Not a very Indian sounding name. Also, Mark Dennis actually subcontracted the job involving the database out to someone in New Jersey. Maybe IHBT, but the article summary could make you believe this had to do with offshore outsourcing, so that's a misconception we should clear up early.
It should be illegal to say that freedom of speech should be limited.
Unscrupulous? No, just incompetent. Posting credit card numbers to some hacker site is unscrupulous; this guy's just too stupid to do his job.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
"not yet determined"!?! Those parents should be informed so they can be alert for trouble.
The fact that the data went through multiple levels of subcontractors doesn't bother me, so long as each has signed the appropriate waivers and so long as each have been checked out enough to be trusted with the data. But there's no excuse for leaving proprietary and/or sensitive information out there, unprotected.
Password-protecting an entire directory is trivial. 20 seconds to a seasoned user, or a few minutes in a web interface for a newbie. This info wasn't just accidentally left unprotected; it was intentionally posted to a public-facing site, in an attempt to attract programming assistance. This, on it's own, could easily be called criminally negligent. But after being warned of the potential consequences and posting it again the following day... that's verging on knowing child endangerment. Use dummy data, for crying out loud!
Everyone makes mistakes, myself included. I'll admit to posting members-only data in a public area once or twice. But once you know about it, there's no excuse to not fix it. This guy should probably be prosecuted. And while I hope the families get notified... I seriously doubt most of the affected families will ever find out.
Oh... and write this story down, boys and girls. This is yet one more nail in the coffin for TIA-styled programs. "Oh, we're very careful with our data." Right.
First of all, the article is fanning the flames by saying this is a database of children's whereabouts. Okay, this is a problem, but then again it doesn't matter if its children or anyone, it just gets "oh please save the children!" sympathy clicks.
It also doesn't address what I think the biggest problem is. It's obvious to me someone assumed this bozo of a programmer had some not-so-common-sense about posting information to a website. I deal with customer data all the time, and my company has taken some steps to make it a little harder for people who should not need the data to not get the data, and our data exchange policy clearly states "Do not give this data to anyone outside of this company or you will be beheaded!"
I get to this day accountants in our company saying "why can't I peek at this customer's data" to which I reply "Do you have a signficant need? If so, tell your manager to talk to my manager, and I'll be happy to give it to you." I get nothing after that. The customer data we have is for support and development use, not an accountant who has no use for inventory and sales information (at least not in this company). It is also freely accessible amongst those people, who typically only share it within others in their department.
One day a manager might get an idea that looking at a customer's data might give them an idea of their open bills, but that might be unethical or illegal so until a manager says to give access, I won't.
My point is, it could be that the policy was not pounded into this dolt's head, or that a proper data exchange policy even existed. If so, he's still a dumbass, but companies frequently hire dumbasses, which is why you sometimes need a policy to help prevent dumbass behavior. The article puts full blame on the programmer and doesn't really give any blame to the company who hired him.
"All great wisdom is contained in .signature files"
You would not believe the sensitive information we receive. People don't even think about the ramifications when they send us, for example, somebody's high school transcript, or mortgage closing documents, or people's credit reports. We have secret inventory lists for competing companies, each of which would probably kill to get their hands on that information. We have "insider" information on the international banking industry. We have medical records. Prison records. It goes on and on.
Because of this, we have an extremely tight document policy. Data exists on paper only long enough for testing purposes, then it is destroyed. The bug tracking database is purged of old test cases on a regular basis. Customer files never leave this office, in paper form or otherwise.
In fact, as I write this message, I can think of several ways that we should probably be even more paranoid. Fortunately, the officers of the company take our responsibilities very seriously, and there has never been any serious breach of customer confidentiality. I hope there never is.
The programmer who posted identifiable information to a public web site, because he was too incompetent to solve his own problems, is an idiot who should be fired and beaten with a wicker cane.
RTFA....it says
"County attorney David Morris said that programming work for the day-care center had been outsourced to the locally-based Genesee Community College. The manager of the college's program refused to speak to a reporter, but Morris said Dennis was a third party consultant hired by Genesee. Dennis, in turn, used RentACoder to once again subcontract the database work, which ultimately fell to a New Jersey-based programmer."
Can no other race learn from their mistakes? Do you think this will not send shockwaves through the companies, that we will not learn?
We are not as stupid as you think!
would there be gaping holes in it?
I hope that the police in upstate New York correlate the kids whose information was posted and missing children reports.
Also for everyone who says: "This could happen with an American programmer just as easily." Yes that is true but you could punnish that programmer but you will have a hard time punishing programmers in other countries.
"It's not likely all those visitors unzipped the attached database, but there's no way to know how many did, according to RentACoder CEO Dan Ippolito."
This company is so damn stupid they don't know how to check their logs to see how many times that file was downloaded,
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
what does the fact that the info was about children? although they may be more at risk to pedophiles, it is ALWAYS a bad thing when confidentially is broken.
Outsourced moderators, of course.
What happened here is certainly appalling, but I'm not so sure that outsourcing is the main problem. Outsourcing arguably increases the risk of problems of this sort because an in-house programmer is more likely to know the rules of the game, but this seems to me to be a fine point. On the one hand, in-house IT staff are not necessarily going to be well-informed about privacy issues and the nature of the data they are working with. On the other hand, it is perfectly possible to make such constraints clear to contractors and to make them part of the contract.
It seems to me that there are several other issues here as well. For instance, why would any programmer be working with the whole, real database? I can see that if the job is convert an irregularly formatted text file into a usable database, but that is about the only situation in which the programmer needs the real data. Otherwise he or she just needs to know what the data looks like. If sample data is needed, it can be a small subset, and critical information can be camouflaged. Of course, the same applies to the programmer asking for help on RentACoder. There's no need for him to post his whole database.
It seems to me that the real problems here are:
This work was outsourced, not offshored. This article has obviously been posted to show how outsourcing threatens the future of our children. This work wasn't offshored. It was done by an American programmer. If outsourcing is bad, why did the navy outsource a 5billion $ chunk of IT work to EDS?
The real issue is the basic problem of free will. Any individual working in a position that requires it, outsourced or inhouse, would have the ability to handle privilidged data. Security can never be gauranteed when working with a system that is controlled or in this case programmed or coded by beings (human or otherwise) that have control over there own free will. Outsorcing may elevate the security risk since there isn't a good way to take good precautionary measures that might be possible when maintaining developement inhouse, but ultimately there is still a risk. How much do you trust your average programmer?
This is one of the things that really concerns me about offshoring. As US corporations keep outsourcing software development to another countries, the confidential data will inevitably move there too.
How long before private information like credit histories, medical records etc. is leaked out from some company in Bangalore?
Imagine being blackmailed by someone in a third world country. Given the state of law enforcement over there, you would have no legal recourse.
[/paranoia]Guess my sig goes double now...
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
It's great to see how different news orgs handle headlines. MSNBC makes pains to name the Government as the offender in it's headline, "Government agency exposes day-care data". Slashdot is a little less breathy and indicates the true source of the leak, the out-sourced coder.
Both could be called correct, but more interesting is how the positioning of the story indicates the inclination of the news source. MSNBC is part of the mainstream news establishment that has been telling us for years that the government hasn't done a good thing since kicking the British out of Yorktown.
Slashdot speaks to a lot of developers who don't ever want to work for a place called "RentaCoder", and don't have a lot of respect for anyone who would.
Personally, I much prefer the Slashdot take on the story.
I'm much funnier now that I'm a subscriber.
Quick google check (mark dennis lima) finds name, address, phone no. spouse, and three pets. http://www.limademocrats.com/bios/mark.asp
is this little bit at the end of the article
County officials have not yet determined if they will tell the families involved about the incident.
If that isn't sick I don't know what is. I thought it might be more like 'haven't decided how to tell....' not IF they would tell
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
This raises serious questions about employing southpaws in software projects!!!
All your favorite sites in one place!
If you're an independent consultant, your insurance agent has probably mentioned "Software errors and omissions" insurance to you. Software E&O coverage is written to protect your ass(ets) in the event that you colossally screw up and do something that gets your client's client answering awkward questions from major news organizations. (A colleague once observed that, "if, when you walk in the door in the morning, your secretary says that a CBS producer is on the phone trying to schedule you for an interview with Mike Wallace, it's probably a bad day.")
Suffice it to say that if Mark Dennis doesn't have Software E&O coverage, he's going to wish he did. Because he's going to get so sued. Along with the community college, the government agency, and everybody else involved.
Getting sued, however, is the least of this bozo's worries
If he has insurance, it might cover his liability exposure. However, his real problem is the civil fines he is going to have to pay--and no insurance policy in the world will protect you from a criminal court sentence. He'll get a whopping fine--but I doubt he'll do jail time. Unless, that is, somebody can demonstrate that a child molester used the database to identify a victim and attacked him.
There's an important point here
The software community should make it ABUNDANTLY CLEAR that this dumb cluck should have the book thrown at him. We have absolutely zero sympathy--and when his attorney (with nothing else to argue) says "it was all a tragic mistake..." somebody needs to stand up and yell, "LIES! LIES! DAMNABLE LIES!" This was willful, deliberate, with knowledge aforethought stupidity. And this jerk deserves to get run up the (proverbial) yardarm for it.
:%s/[A-Za-z]/X/g :%s/[0-8]/9/g
Simple. Just obfuscate it, and you can pass it around for people to help with formatting issues all you want. I've done that with payroll data plenty of times.
Just two lines or vi commands could have saved this guy so much trouble....
I wonder if Google got it cached somewhere in its basement of servers and servers?
Officials at the New York State Office of Children and Family Services and in Livingston County, where the incident occured, are investigating. Livingston County's social services office is located in Lima, just a few miles south of Rochester, N.Y.
Lima, where the men are men and the sheep are nervous
County officials have not yet determined if they will tell the families involved about the incident.
:-)
The county has lost sight of it's moral obligations. How could they *not* tell the people involved? Some may have double-damn-good personal safety reasons for knowing that their privacy has been compromised.
Really, why give a contractor real data? You can copy the schema into a toy database and make up dummy records for all the interesting programming cases. *That* is the only thing that should go out of the house. Anything else is just stupid.
And *not* telling people that you have compromized their privacy and perhaps the personal safety of their children is simply immoral. It should be illegal, and it most certainly is grounds for a big-time law suit against the county.
Of course, the county attorney knows that and will fix it when he gets involved... let's hope he reads SlashDot
Unless you are bound by the privacy legislation or agreements, they shouldn't send you this information.
The second issue is that even if you are not bound by legislation, there could be an assumed level of confidentiality, however that isn't of the same strength.
Just in case all you unemployed geeks consider rentacoder for some work, here is a sample email from Ippolito that I have received a while back:
"... When you try to issue a charge back, here is what I will be doing:
1) I will be reporting you to the VISA (or Mastercard) Internet Fraud
Division with your tracked email address and IP Address (both of which
have been re-confirmed again by the headers in this email you just sent
me!). Every time we've done this, people have lost their credit card
accounts, and I look forward to making you lose yours.
2) I will be reporting "...." to the Better Busisiness Bureau in
Aliso Viejo, California as the deadbeat business that it is. I look
forward to having everyone in your local community know exactly what
kind of business you are.
3) Site rules will force me to inform the coder that you are trying to
stiff him, so we will notify him of this. It's probably one of the
stupidest things in the world to try to stiff a coder as you usually end
up email firebombed or worse. Exhedra does not condone such
activity...but I've been around a long time to know how people react."
It's your call. Either act responsibly for your actions, or suffer
the consequences.
Sincerely,
Ian Ippolito
But it is about outsourcing in general. Any company with a good amount of highly sensitive data should maintain a chain of trust across their IT personel. Everyone working on the data should have at least some idea of how sensitive it is and what has to be done to protect it. You don't get that from shoving the work off on the lowest bidder. There's a reason they ARE the lowest bidder...
And Rent-a-coder? Come on... it's looking for trouble when there are thousands of out of work programmers of varying quality and you're asking for the cheapest? Crikey! Programmers working on crap data are getting slammed with soul-stealing NDAs and these wankers are forking off kid's names to some shmuck on a glorified web-board? Again I say outsource the management, keep the programmers.
LilMikey.com... I'll stop doing it when you sto
I looked too... I'm not sure which is worse though - the fact that the prices on the projects are beneath a living wage for me to consider bothering with them (I'd make more as a barista or a dishwasher), or that half of them seem to be helping some dishonest schmuck in a CS class cheat on his assignment so there will be more clueless dorks that can't program their way out of a paper bag holding CS degrees out there applying for jobs.
I'm cool with competing with Indians - for the most part the Indian coders I've met worked their asses off and knew their stuff, even if they might be willing to do it for half the price I'm used to commanding. If I was in their shoes, I suspect I'd do the same. Feeding your family is a good thing....
It's all the people that fill their resumes with keywords for technologies they don't understand and couldn't use if their lives depended on it that clutter up the application inboxes that annoy me. HR departments encourage that behaviour, as do hiring managers that can't tell the difference, but it still pisses me off - both when I end up having to interview such cluebags and show them to the door, and when I'm competing with them for a job.
I write code.
Point of correlation: outsourcing hurts kids!
Condemnant quod non intellegunt.
Before you get cursing India, China and the money hungry CXOs, this was not offshore outsourcing. RTFA. Some NJ programmer posted this on rentacoder. Amazing how people would get into this looking at the word outsourcing.
And when you want to pay shit money, you get shit. You can't expect paying Nissan Micra money for a Lexus...
Rome, NY
OK the coder screwed up.
The primal problem is that the government agency gave the data to their outsourcing provider. That data should have never left the secure area of the government. Once it is out, it is out. It doesn't matter whether it has gone to Gennessee CC or RentaCoder. Posting it on the web is just a matter of degree.
Everybody is ready to hop all over this clueless coder and blame everybody's favorite boogie man of outsourcing. There is a manager back in the government that originally disclosed the data.
Don't tell me about NDCs. The first rule of confidential data is NEED TO KNOW. It would have taken someone 15 minutes to put in some dummy data for the programmer to work with, but they couldn't be bothered. Now that person wants to crucify the programmer.
The programmer who screwed up is only the last (and most visible) in the chain of screw ups.
my girlfriend and i graduated from SUNY Geneseo and are now both teachers. She has worked extensively in that area in several different day care facilities. We are horrified about the situation and concerned for those kids. what has happened to the programmer and can he be held liable for any crimes against the children and/or parents whose info he leaked?
When you outsource, you run the risk that the individuals doing the work do not share your company or even cultural values. If you are not willing to take the time to make sure that your outside contractors are what you expect, this is the kind of thing that will happen. Few companies really understand this.
When you outsource, you run the risk that the individuals doing the work do not give a flying f--k about the security and/or confidentiality of your data, they may even deliberately and maliciously seek to cause you harm. Few management types really care about this, as long as they're saving a buck.
The CEO of RentACoder is Ian, not Dan, Ippolito. He's the same guy who brought us PlanetSourceCode.
A few years back a leak of a confidential customer database destroyed the Northwind company.
The difference is that a government employee is easier to discipline. Both can be fired, but the regular employee can be prosecuted more easily than an off-site subcontractor who may be out of state (or country).
It is also easier to train and mentor such an employee versus an off-site contractor, and thus easier to enforce data security.
Finding God in a Dog
... will probably arrest the individual and then give him the Kevin Mitnick treatment.
The fact is this person revealed details against their contract code and more importantly, if they are in this position they should have the moral/ethical decency not to do this.
Whether they were outsourced or not outsoured does not matter (IMHO) - they still have a personal moral/ethical judgement... FT government contractors are not great saviours, rather this individual is one with poor/sick ethical judgement (it is in no way 'freedom of speech' to disclose confidential/sensitive information about young kids).
I do not believe outsourcing creates a more or less trustworthy/moral/ethical situations/employees (well, they just have less benefits rights and more legal liability if somethinggoes wrong), it is the individual who makes a better individual and avoids being a piece of scum.
I personally have access to roughly 10,000 credit card numbers
Since you've found it necessary to share that information with the world, your access has been removed and you can now proudly proclaim...
I personally had access to roughly 10,000 credit card numbers
And so is goat.cx
Why didn't the company involved strip or mutilate all the sensitive data their contractors were given to work with? There's absolutely no excuse to give contractors sensitive data for this type of work.
Hell, even replacing every letter with a random letter and every number with a random number in sensitive fields would probably be enough; rather than "Mrs Joan Smith", they could've been working with "Grc Meas Fesze" without any impact. Change all names, addresses and "comments" and that would just about do it.
Doing this would completely remove the possibility of this problem happening.
If I was "Mrs Joan Smith", I'd be suing the retainer of my personal data on this basis. No wonder they're still considering whether to tell the victims what has happened...
Procedure, Procedure, Procedure
Developers! Developers! Developers!
Along with the sweaty underarms and rant-dance?
(A "scruple" is a unit of weight, don't you know.)
Publicly posting government records of children's whereabouts is not a morally neutral act; it is a reprehensible one. The programmer in question was not, it is claimed, ignorant of the nature of the data he had in hand; he simply did not correctly value that data. He failed to make a necessary value judgment: that to post masses of information on children's whereabouts is, in our world, a wrong thing to do.
It is not simply a stupid or ignorant thing to do. It is not simply incompetent, like writing C code with gets() in it, or turning in code to one's boss which won't compile. Rather, it is a form of carelessness that shows that one places no value upon that with which one has been entrusted.
If you're the sysadmin of a mail system, reading other people's mail for fun is an unethical act. However, leaving the mail-system password lying around, so that random hooligans can read other people's mail, is also an unethical act. Not just stupid. Wrong. It shows that you don't value your users' privacy -- that your values do not match up with your users' values. That, while you may be competent to operate a system for them, you are not trustworthy to do so.
That is a very different way to be bad at one's job.
The ramifications reach beyond the painfully obvious privacy issues, touching on outsourcing and peer ethics.
To hell with outsourcing and peer ethics, how about outsourcing and accountability. We know that there is quite often a loss of quality and/or integrity caused by outsourcing, especially with such touchy information. What I want to know, is that when the sh*t hits the fan and damages me or somebody I care about, whom do we hold accountable?
The fact that the county is considering not telling them shows what sort of a priority they place on the peoples privacy!
You get what you pay for.
But the real question is, "What was the policy?" Was there a policy that said development should not be done on real data? Did he have to have access to real data, or would dummy data have worked just as well? After all, the programmer himself could be a pedaphile. Whenever I see something like this that says a programmer made some kind of error, I want to know what the programmer's managers did to prevent it. They should had known that the data was sensitive and taken steps to to keep it confidential.
===== Murphy's Law is recursive. =====
The title of this article is a crime to the English language. The way it's worded, it implies that the childrens' data was outsourced. I assume that simoniker contorted the sentence because he or she wanted to get "outsourced" into the start of the title.
Simoniker: Please tell me that English is not your primary language!
A deep unwavering belief is a sure sign you're missing something...
This filemaker pro database is available on-line. No password.
who has recently been fired?
We had a project with a lot of info, something like half a million very confidential names and addresses. We just ran a perl script which transformed names and addresses to something that was reasonable (no duplicate data where it shouldn't be) and munged everything. Yes, the data wasn't completely sanitised, but it would be pretty damn hard to reverse engineer.
In other words, this guy could not only have given a black-eye to the county, but he could even go to jail for it.
If the information lost can be linked to a crime against one of the kids (no matter what age), he better have a good attorney. Gross Negligence and Reckless Endangerment come to mind.
This moderator needs a clue. Parent is on-topic and addresses the blind side of the slashdot community by pointing out that this programmer is a person too. In all reality he'll probably lose his job which paid for food for his entire family of 24. People need to acknolodge that the people doing outsourcing are humans too, and that this person probably made a mistake that cost his family dearly.
Since this is an outsourced job, there is very little, if any recourse that can be taken against the person in question. Perhaps US companies will see this and think "whoa, if this happens to me, and somebody sues me...who can I sue?"
One of the "justifications" for non-open-source-software was that there was a specific company to sue or threaten if something went wrong. It is odd how the very same corporations don't (yet?) see the same problem with intellectual property and confidential information going overseas.
Table-ized A.I.
some idiot didn't sanitize the data before it went out. Once the data passes out of direct control, it should be cleaned. It really isn't that much of a deal and is something that good old Perl does well.
here is an example of such a comment from last August. I'm sure more exist if you google for start-base64
This just goes to show that if you surf around long enough, you can indeed find everyone and everything on the Internet. Additionally, I can't tell you how many database search forms I found that suffer from simple SQL injection problems. Next time you run into a cheesy web form, try putting a '%' in instead of search text. You may get a dump of the whole database. It is amazing to me how bad and insecure some web apps are and, how much personal data is stored in them.
Care to take a read and see the relation of this to the main story???
--
FreeNET user? Comfortable with the adverse selection?
Look, as far as outsourcing goes, this does not matter.
Outsourcing will continue unless the parent company is held financially responsible for the non-economic problems caused by their decision to outsource. (This is technically known as "internalizing market externalities" -- for instance making someone pay for the social/environmental/etc bad effects of something they do that doesn't affect their business directly).
Even if they're held financially responsible, if the outsourcing is still cheaper, it'll still continue. Even if major firms have to pay hush money on 5% of the data they use. or, of course, if they just have to pay to write a couple perl scripts to randomize the characters in a data set... (It's a couple hours max, if you're slow.) So don't go looking for privacy issues to be the magic bullet that saves your IT job...
(N.B. this case was not actually an instance of outsourcing; I'm just making a point about the economics driving the outsourcing movement.)
Freedom isn't free; its price is the well-being of others.
So I decided to post. I think you'll like the story, though: I work for a large and very famous company (you all used our products, one time or the other in your lives) and a couple of years ago some bright manager decided it's safe to outsource most of the dev work on a certain product to this Indian company whose name begins with W. Apart from very varying degree of quality (they were supposed to have UNIX expertise, that's why they were chose. Not much of it, there, though). The most comical episode must have been when they created a distribution media for our product and it shipped to a few customers. The media contained the whole source tree for our product! Just a little screwup, except that we're not an opensource company, and that product certainly wasn't.
Luckily for them, our managers took in in their stride, but under the laughs they were furious.
Sigged!
There is one Mark Dennis listed in Google in Lima, New York. This same Mark Dennis is also listed as the webmaster and treasurer for the local democratic committee in NY (http://www.limademocrats.com/bios/mark.asp). From there he volunteers a wealth of information about himself, including his email address.
I'm sure the 1200 families affected by his decision wouldn't mind finding out how to contact him.
10:00am: Subject Wakes up
10:05am: Subject takes a piss
10:08am: Subject opens fridge... peruses shelves, closes door.
10:09am: Subject eats some left over chips and salsa for breakfast.
10:15am: Subject sits at computer
10:16am: Subject checks E-mail
10:17am: Subject checks Slashdot
10:18am: Checks E-mail
10:19am: Checks Slashdot
subject continues to sit at computer till 8:30pm
8:31pm: subject goes to bathroom with certification book.
9:15pm: user comes out of bathroom holding nose, and turns on techTV.
10:01pm: subject sends out resumes, while playing Everquest.
2:00am: subject rolls off of chair and crawls to bed.
repeat.
I'm speaking from a Canadian viewpoint, and am unfamiliar with professional practices in other places such as the US.
It seems to me that the work should have been outsourced to an actual Engineer, i.e. someone who has acquired a degree in engineering and who practices as a Professional Engineer (e.g. electrical or computer engineer). The reason being that an Engineer, like other professionals (doctors, laywers) has a particular duty to the public which is enforced under tort law, and additionally governed by a regional body responsible for engineering practices in the area.
Where I live, computer scientist != engineer. If a professional were to make a blunder such as the one described here, they would likely be disciplined by the professional body (not to mention the legal system, for negligence under tort law). The point: hire a professional, it's worth it.
You people are full of paranoia. Watched to much horror movies? Or got to much 9/11? If one wants to kidnap a child it can be done without a online database.
And this is one of the main objections I have to such deals as EzPass, GPS locators, etc.
Not so much gubbmint abuse (although that IS a potential problem) but accidental, or stupid, releasing of the data. And once it's out there, you can't get it back.
It's pathetic that they even question whether or not to inform the parents. That's like publicly saying; "Hey, we know we screwed up BIG, we know the media knows, but we're not quite sure if we're going to try and cover our own asses yet or not."
Knowingly endangering a child in any form is a felony. This is simply more proof that allowing the government to act with relative impunity results in criminal acts against citizens. The county is responisble for the leaked information and should be responsible for securing the daily activities of those children, to ensure the leaked data does not allow any harm to come to them.
When I was seven years old, my day-care center had 'accidently' released confidential information about myself and several other children in their care. The day-care center cared for somewhere around 70 children. The leaked information was found in the posession of a convicted child molestor. By the next day, the day-care center was shutdown and the city had filed criminal charges against it's owner and two employees at the facility.
Why is it that when the government does it, everything is not only OK -- but they're not even sure they should bother wasting their time to inform the parents/guardians that their children have been placed at risk.
This bogus trash needs to stop, the government has to be responsible for it's actions. They violate laws on a regular basis as a part of their daily operations. Enron is almost perfect compared to our own government.
That's pitiful.
Oh, shut the fuck up. It was a joke.
Any chance this guy could get screwed on copyright as well? He was allowing people to copy the db.
Here's his Rent-A-Coder page:
Mark Dennis
I've also managed to find the job that was being discussed:
The Job
Seems the job has been "deleted"
Quit your knee-jerking. This issue is about outsourcing; the country being outsourced isn't as important as the issue of outsourcing itself. When a company (or govt agency) decides to outsource work, they're losing a measure of control over it, and if they divulge confidential information by outsourcing the work, they're creating a huge security risk.
The issue of the country being outsourced to is also important, but as an additional factor. Imagine if the DoD outsourced important embedded programming work for the F-22 fighter; if they outsourcing it at all, it'd be a terrible decision because of the security risk. But at least if the work went to some American who leaked some secrets, they'd be able to get the FBI to bust the guy, track who was involved, etc. If it went to some foreign country, they'd be screwed. Similarly, if this posting of childrens' whereabouts had been done by an Indian programmer, there'd be no way to hold that programmer personally responsible, only the people that outsourced the work to him.
The bottom line is: when you're dealing with confidential data, you need to keep it as close to yourself (or your organization) as possible, and outsourcing simply isn't compatible with this. If you have work to be done which involves anything confidential, it simply shouldn't be outsourced anywhere.
concerning the daily whereabouts of hundreds of children in upstate New York
Try a search for 'school'...
California has a bill designed to deal with these situations, though it's not clear if it would apply to this specific situation.
5 1- 1400/sb_1386_bill_20020926_chaptered.html
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_13
The problem is that the bill is designed for data theft, not for dipshits giving it away for free. Nevertheless, the bill requires that consumers whose data has been stolen be notified through viable means - email, letter, public notice if they can't be identified. Fines to the company for not doing this and the person responsible for the data is open to civil action.
The main problem I see from the article is that the impacted individuals may not be notified, which is just wrong. Granted, this kind of thing probably can't prevented (minimized, yes, stopped, no) but there's a right way to address the problem and a wrong way. At least notify the affected people of what's happened.
Its been mentioned a few times in slashdot and elsewhere about the medical transcription service who outsourced to an Asian country. There was the dispute about pay and the contractee threatened to post the medical record SS# on the web. FYI- almost all medical database use your SS# as your id. (CA passed a law to change this, but not retroactively.)
Hospitals and doctors involved say they always contract out to bonded US transcibers. However these firms sub-contract out abroad as mush as 70% of their work.
But how bad is this, MSNBC just reposted it, only to a lesser extent.
yeah, interesting, but help a guy out and mod him down. It least it won't be splashed all over the page....
-oh it's hopeless. I've been there myself and it hurts. my sympathies, dude.
This reminds me, if you're doing a web search feature that accesses your backend database, make sure the *data* it accesses is secure.
... ... don't go doing something stupid like thinking "well, my search form only lets people read specific information." Trust me, you'll make a mistake. It'll suck. You'll feel bad. Hopefully, you'll get your ass sued into next century for not thinking ahead.
GRANT SELECT ON PublicDatabase.SpecificTables TO websearch@hostgroup
Please think.
- Michael T. Babcock (Yes, I blog)
I'm sure the programming wing of pedophiles international would be glad to help for free! ;( I's not "what were they thinking", but why didn't they thoughtfully consider what they were doing?
All of the data formats could have been faked and then submitted for analysis. I would suspect something very, very scarily wrong going on here.
broadcasting that I have access to them really doesn't change much
:)
You think someone knowing you have them is the issue?
Try telling your boss you just shared that info here, and see how long you keep your job...what a marroon
I think the best point so far is the lack of indenability for off-shore shops. In america we can get the authorities to arrest someone for disclosing IP and data that is sensitive. If you off-shore data or IP, you no longer have the ability to excercise NDAs, enforce patents, enforce copywrite, or enforce licenses. I can imagine off-shore companies creating software for large companies in the US, then selling the same sofware to the UK or some other country with big business.
... ... even if I am smarter than him and can program better than him (though slower out of the gate) due to my great schooling at a decent CS program?
This is a good idea. I should go to India and start buying UP IP and selling it. I know DELL, HP, and IBM are not outsourcing their sensitive projects because they have a large amount of skilled in house labor and more money than god. But I would like to know who is off-shoring what big projects?
I am a skilled programmer with no experience, unable to get a job in southern california because the market is flooded with highly skilled cheap IT/programmers. How can I compete for a $35,000 a year job with a guy with an MCSE, CCNA, A+, Java Certified, etc
- Kill Yourself, spare us all! -
"The ramifications reach beyond the painfully obvious privacy issues, touching on outsourcing and peer ethics."
NO THEY DON'T. IT'S NOT A SOCIAL DILEMA FINALLY OPENING OUR EYES TO THE UGLY TRUTH, IT'S RETARDS BEING RETARDS. It's not news. It's not an eye opener. It's not worth of discussion. It's not worthy of being posted on a "news" website. "Someone fucked up? NO WAY!"
Christ, what's next? Articles on Yet-Another-OOP-Vapourware? Links to articles with worse grammer than Snoop Dog hosted on shit like "eliteproxy.com"? Maybe the LASTEST BREAKING DEVELOPMENT in the SCO case?
Oh wait...
He mapped all alphabetic characters to X and all numeric characters to 9. The data will look like this:
XXXXXXXXX XXXXXXXXXX 9999 XXXXX XXX 999-999-9999
XXXXXXXXX XXXXXXX 999 X XXXXX 999-999-9999
XXXXXXX XXXXXXXXXX 999 XXXXX XX 999-999-9999
Which is fairly obfuscated. Obviously it looks like name, address and phonenumber and a skilled logician might be able to extract information based on the lengths of the data fields, but it's pretty secure.
numerous chillun' between the ages of 11 and 14 will be emerging at or around 3PM from a building near you.
it's called a "middle school".
hope my liability insurance is paid up.
Thank you to the poster and the moderators.
Although this accidnet has happened in the United States, it gave me some food for thought. What if you expose companies that oursource personal data to foreign companies? Will people be motivated enough to stop doing business with firms that move private information across the world?
I think that it might work. See, despite everything that you have learned in high school, the world is a cruel place. Americans do not trust Russians and Russians do not trust Americans (take my world for it, I lived in both of the countries long enough to find that one out). What will happen if somebody tells people that their credit card numbers and bank accounts go to India, Russia, and China? Will Americans, who are still trying to forget racial inequality of the past, let _insert_your_racial_slur_here_ manage personal data of American citizens? I think not.
Mark my words, it will take only one person to sell personal information on the black market and Americans will look at outsourcing and offshoring through a different pair of glasses. You know that something has gone terribly wrong if you get a credit card statement stating that you have spend $10,000 in Bombay if you haven't traveled outside the U.S. in years.
I know that there are many places where it is very bad to live, but the crazy thing is it's all a numbers game.
US dollar is worth 1.33 canadian dollars, but it takes 1.66 US dollars per U.K Pound. The quality of life in America, Canada or U.K isn't that much different. A US dollar is 45 Rupees.
The funny thing is the standard of living has very little to do with exchange rates. Economics is crazy. Work is the price you pay for money. How many loafs of bread is that per hour of work? Someone could live like a king in some countries for an amount that would put me on the streets.
I don't know how to fix it, but it seems we are all trapped by our own self intrest. I would really like to help those people in some other country, but I think I'll get that new Mini-van instead.
Forget a Victory Garden - in this war you need to buy a Victory SUV.
Regardless of whether the work is done in your own country or offshore, outsourcing has issues in terms of quality control, responsibility for non-delivery or other problems (like this one), and whether it makes as much financial sense as is often claimed.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Sorry, but the guy is obviously a complete idiot. He published personal data about kids, then gave a total stranger access to the data. Get him up against the wall...
I guess this article is trying to ride on the coat tails of the rising resentment against off-shoring. If you read the article you will notice that the coding job was contracted out to someone in the US not in Russia, India or Mexico.
of what Offshore Outsourcing was going to be like.
RentACoder.com was created by Ian Ippolito who originally founded the Planet Source Code website (pscode.com). I started visiting PSC back when it first opened sometime in 1997. It was a good place to share code with other programmers and was at first mainly a Visual Basic site. It's since expanded to other languages, but it's still dominated by VB.
In 2001 an announcement was posted on PSC on the formation of Rent A Coder. I remember think "Hey, I'm a good programmer and I could make a few bucks on the side, this could be a good deal." Little did I know that the "few bucks" part was the only accurate part of that thought.
How it works is a company posts a software job they want completed and how much they want to spend and when they want it done. Registered coders then bid on the job. This is where the "few bucks" part came in. Jobs where being posted for ridiculously low amounts of money. Now, I figured that no one would bid on the jobs: I was wrong. The bidders were primarily from India, Pakistan, Russia, and the Pacific Rim. No job was too small, and no contract was too small. College students would post IS homework projects for $5 and they would get done. There was a job posted for a complete custom web-based store with requirements for security, inventory, dynamic presentation, remote admin, credit cards, user accounts, database, the works with the company asking a price of $400 maximum. It got bid down to $75. That's where I got my first taste of what outsourcing was going to be like. $75 for a job that would probably take at least 200 hours to complete and that was in 2001. I don't know if they still keep the stats on the coders, but they used to keep job satisfaction ratings and average price per project in a top ten list of coders. There was a guy in the top 3 who had done over 50 projects and had an average price per project of under $80. I went through most of the job proposals he won just to see what he worked on and it was astounding. Projects that you couldn't get a decent consultant to even talk to you about for under $500, he would do for $50. There was one project he did for $300 that really caught my eye. The reason it did was because the company I worked for at the time had just won a contract for a project that was similar in function and scope, and our winning bid was $8000. That $8000 was as tight as we could trim it with the owner of the company hoping he would see a less than 8% profit from the project.
Welcome to the new world order.
I strongly suspect I work for the same hosed up HMO as this guy, and I'm in a position to know for a fact this happened pretty much as he said it did.
I don't need no estinkin'
Jeepmeister
At least he didnt get kicked from an irc channel
for pasting to much information to the channel and
not to a pasting facilty.
I'm the American who wrote the original post. I used to be a full-time consultant (meaning I took outsourced jobs) and I still do small, extracurricular jobs occasionally, in my spare time. Still, I don't want my relatively new full-time job to be outsourced. I've come to believe that there has to be a balance between in-house and outsourcing, and the American economy is still attempting to find that balance.
I was disgusted by this news. I felt it was important to bring out the outsourcing issue because there are certain standards, responsibilities, and trusts that professionals must maintain in order for the balance between outsourcing and in-housing to be met. This is one rough example of the risks of outsourcing that obviously people were so unprepared to handle that it went on for months (with multiple incursions!)
Consultants and outsourcers alike, everywhere, should be hanging their heads low in shame for this... myself included, for any part in making outsourcing seem such a thoughless activity.
I'm also a daddy-to-be (my first baby is due in weeks) and the thought of something like this happening... Don't even get me going there.
Also note... in the original post, I said outsourced, not off-shored. :-)
God bless ya!
I usually just read /., and I've only commented a few times here and there. But I feel this is kind of important.
RentACoder kind of had this coming. When I was struggling to be a, "real," programmer... wait, I'm still struggling.
Anyhow, I used to bid on some of those jobs at RaC. Not for the money, but to actually have something to put on my resume. This was way way back when RaC was just starting out. The site was very lightweight. Light on the cookies and HTML. Fast to download. Fast to browse.
I did a few jobs here and there. Picked up a couple of decent things to put on my resume. I felt things were looking good. After a while, there was one coder in particular who was beating me out on my bids. The strange things was that he was beating me out on every single job! "Well," I thought, "that's a part of competition."
One day, I was browsing an entirely different web site for help with a pet project of mine when I spotted a request for help. The title of the request for help was exactly the same as a project I got beat out on at RaC. Looking into the body of the request, I discovered the request was identical to one at RaC, right down to the typos!
So who was the person who was requesting help on this other site? Why none other than the very same person who beat my bid at RaC. I did a little research on the site and a few others and found dozens of projects that have been outsourced by the low bidder at RaC. At the time, I still had ideals, so I contacted the site admin/owner and pointed this out. Noting that the other sites had a point reward system (if any reward system at all) whereas RaC was exchanging money for the work.
I was appalled at the answer I got back. I was told that this was the ultimate in outsourcing and he would not bother intervening.
And yes, he is from India. This was well before the Indian outsourcing issue became big in the public eye. So I never really attached any importance to that, other than having a very unusual name (to my American ears).
To be clear, I was angry at the outsourcing of the work. But, what really irked me to no end was that this guys resume claimed he was a skilled programmer who worked on dozens of jobs! I sent off another eMail to RaC that I lost my respect for the web site and that I would no longer promote the site to anyone looking to outsource any work. I vowed never to return looking to increase my skill marks.
After this incident, I started paying more attention to other, "programmers," around me. The amount of outsourcing appalled me. A Visual Basic programmer who got extremely low marks in school the following semester (he couldn't build a simple tic tac toe program and, "borrowed," the source from another student instead.) manage to snag a decent job building UI to Database applications at a small telecom installation company.
A few years later, I caught a, "senior," programmer outsourcing a closed source and propriety database interface application on a web site. I knew it was the project I was working on since the requests were exact copies of my own internal requests for bug fixes to the programmer, again, right down to the very same typos!
I can't begin to express my disappointment about this sort of thing. Years of studying a half dozen different languages and all I needed to do was outsource everything I did to land that perfect job?
I get more satisfaction working in a retail warehouse and having customers screaming at me for their own stupidity.
Like many others I'm down as a Data Controller within the meaning of the Data Protection Act. I take this role very seriously even though I have just a few personal details, but also because I have access to a lot of other records and I view it from the point of view of: what if it was MY personal data that was being copied about ? My declaration also states that any data never leave the EU. Personally I see any data sent to the US as secure as posting it on the Internet. Good to see the actual US government confirming my views.
One of my clients is a youth services agency that deals with children and families. First of all, in the development work we do, we're not using a live database, and we would NEVER EVER post the database on the Internet! If this programmer wanted to show other people what the database looked like, he could have emptied the tables or simply described the table definitions. I have a confidentiality clause in my contract, and I take it seriously. It's because the agency got their ass caught in the state's grinder before that I am doing this project.
Always look on the briight side of life! (whistle, whistle)
What's amazing to me from reading the previous 350 or so posts is the prevailing attitude towards kids like those whose records weren't proected -- they are foster kids, who are all too often "snatched" from their parents, who are all too often put up for forced adoptions, and who are all too often abused in their new "placements." All for money -- the local government gets federal money according to the number of children taken away. And it doesn't just happen to "them" -- being normal by geek standards is enough get your kid snatched in many jurisdictions. Lots of these victimized kids get killed. And all the records of the child deaths, thousands every year, are sealed to prevent public scrutiny. It's not just the data that doesn't get protected.
Companys paranoid that a group of geeks won't properly peer review the code they write will then chouse to hire profesionals... outsourced profesionals they can't watch over and won't be able to implement any sort of review process themselfs (trusting yet annother organisation do to that).
I've nothing wrong with outsourcing so much as how companys don't trust peer review anymore. Seams pritty dumb to me.
I don't actually exist.
Since there was an ongoing battle to make new and improved reports, the sales data was not munged so that side by side comparisons of live and dev reports could be made. If they had been, figuring out whether the new reports meet the specs would have been rather hard.
google dorks news item. outsourcing or not, its just bad administration. Q.E.D.
Kaiser Foundation Hospitals is seeking approval of a labor condition application for the period of February 26, 2004 to February 26, 2007 to permit employment of one H-1B worker in the classification of Programmer Analyst. The salary for this job is $77,501 per year. The H-1B worker will be employed at our facility located at 501 Lennon Lane, Walnut Creek, California 94598. The labor condition application relating to this employee is available for public inspection at our main office located at One Kaiser Plaza, Oakland, California 94612. Complaints alleging misrepresentation of material facts in the labor condition application and/or failure to comply with the terms of the labor condition application may be filed with any office of the Wage and Hour Division of the United States Department of Labor.
Posted January 26, 2004
(can't read the signature)
So I guess the good news is that the tech recession is over -- this company in the San Francisco Bay Area can't find a local unemployed programmer willing to work for $78,000 a year, so they are forced to go overseas...
I spent Sunday with a programmer friend with a family who would take this job for much less than this. I am ashamed of my employer.
Tell you what. Incompetent jackass progammers of the home grown variety are available by the truckload, too.
You can tell a great deal about the character of a man by observing those who hate him.
Having once signed up for rent-a-coder toward the latter part of my 6-month unemployment a couple of years ago, I can safely say that if he was bidding $3.50 an hour, he was probably the highest bidder on the project by a factor of at least 5.
This once again points to an important argument for not hiring other people.
They make mistakes. The only one you can really trust is numero Uno.
This is exactly why more companies need to hire me. I know all about myself, and can therefore trust myself, and therefore, you can trust me. Too many companies are making the idiotic mistake of trusting people that I don't know, and therefore can't trust, and therefore they can't trust either.
Mod me down and I will become more powerful than you can possibly imagine!
Lets start slamming outsourcing with whatever we've got!!! /sarcasm
It is akin to supplying state secrets to another country and then bitching about how the other guy is somehow responcible for *your* act of treason.
RTFA, lemming.
It's right in there that he _is_ an American programmer. Working in the US. It's also been posted 20 times already in this thread.
So you can get off the "if it was an American programmer" high horse already. Again: he _is_ an American programmer.
A polar bear is a cartesian bear after a coordinate transform.
All I can say is "Amen, brother." It so pisses me off to see clueless HR droids hire _completely_ incompetent burger-flippers. Based on faked resumes and having the right colour socks.
I'm talking people who:
A. Have never even _read_ about the technology they claim to master.
B. At most have a superficial understanding of the language's syntax, but _not_ the standard libraries, best practices, pitfalls, etc.
C. Have never even heard of bog-standard vulnerabilities and security risks (e.g., if you code a web-based GUI, FFS, don't assume that everyone _has_ to click on your links to get to a page. People do edit URLs. Do check that the currently logged in user does have the right to view that data.)
D. Have no clue of even the most elementary algorithms or data structures.
E. All the above.
Yet some clueless HR droid will hire them anyway. Because, hey, "it's just typing. Anyone can learn it."
I find it just insulting. Especially coming from some people who can't even program their VCR's clock. I'd like to see them do my work, and _then_ decide if it's easy.
A polar bear is a cartesian bear after a coordinate transform.
See what happens when you are too lazy to create a proper set of test data ...
It was an open source project at rentacoder.
See, open source is evil.
Nice to see we can now laugh about social services as well. Not like they don't already have enough screw-ups by dismissing child abuse claims when a kid been admitted dozens of times for broken bones and still claim nothing is wrong when finally the kid goes to the doctor for the last time. The coroner.
Idiots.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
...this is 'slash-bindhi' isn't it?...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
Someone who uses proper English?
sulli
RTFJ.
This is a big reason why outsourcing to India should not only be discouraged, but should be illegal. At least if someone in the U.S. does something like this, they can be prosecuted. It's going to be a little harder to prosecute some .head company under American laws.
Proverbs 21:19
>90% of the project bids are written by either complete retards who have no idea what they want, or college people who just don't want to do their projects and can get daddy and mommy to finance the few hundred for someone else to...
(Yeah, offtopic, whatever)
I've often wondered about a variation on that theme - using -1 AC posts to communicate information over slashdot. The specific application I've been thinking of is trojan horses that need to phone home.
Right now, the typical trojan horse phones home by joining some specific channel on some (private or not) irc network. On that network, they announce to whoever's listening their IP address and how to gain remote control of the victim's machine. (Perhaps this announcement is encrypted somehow, or requires that first a message with password be sent to them, or something similar)
The thing is - this is pretty easy for corporate networks to trace (just flag outgoing IRC connections), and places that have a "no outgoing TCP, only outgoing web traffic through this specific proxy" policy in place are clearly protected to some extent.
It also allows law enforcement to start up the trojan in a controlled environment and monitor the connection for clues as to the ultimate controller of these little beasts.
But what if these trojans communicate through follow-ups to the lowest-moderated troll on the first article of each day? Or what if they simply receive their directions by looking for comments with specific subject lines? (Steganography, meet Natalie Portman's hot grits) Of course the person controlling these would work through some random anonymous proxy in Asia - every day, spammers send me hundreds of proxy IP addresses, and there are convenient anti-spam sites that will tell me exactly what those proxies can do.
And it's not just slashdot - many main stream news sites now allow comments posted anonymously with a minimum of fuss, and then there's the idea of looking for certain blog comments, or postings to certain newsgroups on google.