Slashdot Mirror
Employee Outsourced Programming Job To China, Spent Days Websurfing
New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."
I'm a bit torn on TFS.
On one hand, companies outsource "our" jobs with absolutely no remorse at all.
On the other hand, ... fingers?
Now, who is going to complain about job outsourcing? Market & economy have laws that can't be broken. No matter how hard some countries try to.
#
#\ @ ? Colonize Mars
#
Aside from the security issues, is such a thing legal in the US? I mean, are you required by contract to do the work you are paid for yourself?
Not only was he the most effective employee in the company but he was managing a successful software consulting service providing services to several other local companies. He delivered the goods. In fact he was more successful at managing software outsourcing than most large companies are.
When corporations do it, it's efficient. When an actual human does it, it's a scam. Can this social order please collapse now? It's bankrupt.
Of course "Error establishing a database connection" is text.
It's not really a scam is it? It's just subcontracting.
Maybe the guy in they fired in TFS is actually the guy who takes care of their database server.
VerizonBusiness Link not working got /.
Getting the error Error establishing a database connection
You know all the stuff from China is cheap and poor quality. Bunch of lazy communists over there... "best programmer in the building" Oh wait. Never mind.
What's the problem? Does the employee contract have a clause against subcontracting?
Always going forward, 'cause we can't find reverse.
1. Large host organisation / government body requires programming done
2. Subcontracting specialist organisation / other company/ freelancer / offers price to satisfy tasks
3. Subcontractor chosen, price agreed, task allocated
4. If task successfully completed than host organisation happy and continues with its bigger work, may call on smaller subcontractor for further work or even employ them on rolling contract
Seems to me like this is just how contracting works. The guy was asked to produce code and he did.
I can see there's a security issue here (unauthorised handing out of VPN) and *potential* legal issue (does his contract say he must do the work? if not then no legal issue perhaps), maybe a tax issue (were tax payments made to subcontractors etc. as should have been).... ...but generally it seems like he was just doing what lots of companies do, subcontracting work out to specialists and claiming a percentage for handling the work and taking the risk on its delivery.
Not a lot different from how big companies work? and lets face it, big companies would NEVER put data security at risk or look for loopholes to avoid paying tax to the government, would they ? ;-)
When asked how he manages to code so well and seemingly spends so little effort on it, he said: time managing.
Turns out what he actually ment was time spent managing.
Unlike the usual way outsourcing works where someone gets fired or laid off. Everyone wins. Company gets good code. Programmer gets to sit on his ass and get paid. Some guy in china makes a living.
Win all the way around.
This employee has a good future in corporate america. He has a fine corporate attitude already.
Unfortunatly i suspect the company he works for is going to throw a world class hissyfit.
...for this contractor who produces clean code, cheaply, on time?
Just for...you know, research purposes.
Wow! I could be a genius programmer too. I'm actually an analog guy.
This brings up an interesting angle to outsourcing, outside of the loss of American jobs. If I was searching for a company to meet my programming needs, and was offered the choice of a foreign company doing the work or an American company doing the work, I would choose the American company. I would choose it based on my wish to help the economy, and the comfort of knowing that any legal issues to arise from such a deal would be (hopefully) easier to resolve if it were handled domestically. That being said, I would feel pretty betrayed to find out that the American company I hired was simply outsourcing my request to a foreign entity.
So, I can understand why Verizon would not look favorably upon such activities....but I'm also surprised that there are still so many clients willing to work with American companies that outsource any part of their workload.
It's all about anticipating and meeting the customer's expectations. In other words: TRUST.
The real (and scary) message here is that the best programmer in the building was a chinese working for 1/5th of the usual programmer's income.
Cheap, low quality asian workforce, indeed...
Not one of the commentors bothered to read the original post?
Because the bloody link is dead.
Should be outsourcing their servers too
How is this a scam if he does his job correctly?
first comment
i guess securityblog.verizonbusiness.com should maybe outsource their db work....
Just wondering whether the employee was fired, or promoted to the management.
google cache of page
I had no idea websites still got slashdotted.
Or that Slashdot still has the ability to slashdot websites.
http://webcache.googleusercontent.com/search?q=cache:EGh4ld_KwXUJ:securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/+&cd=1&hl=en&ct=clnk&gl=us
We did something like this more than 7 years ago.
"We" being a team of developers in Eastern Europe. Our employers were two brothers who had moved to the US and had found IT jobs. We did their work for them and had time left over for side projects. Our team of 5 people got some fraction or other from their regular salaries and it was still a good wage for us. Things have changed in the last couple of years, but not by that much.
Was doing his job, and better than anyone else there. And got plenty of free time doing it that way, that is efficiency. If instead of coding letter by letter he took a public domain code (to avoid messing with licenses) that do the same would be a not so different situation, mainly changed the timing related the code.
But also gave to another party (that be the one that did his job is not relevant, that is overseas or in china in particular depend on your own prejudices) internal access to network/code/information without authorization. That is not scam, is a security breach, and shoudl be taken as seriously as all the other security breachs there (i.e. if he was so happy watching lolcats and visiting facebook and ebay probably others could have been doing it, and maybe sharing with the world even more internal/critical information, or downloading malware without being aware and so on)
Wait, how is this a scam?
He provided clean code, and made a profit.
Are they jealous they didn't think of it first?
He's just acting as all headhunters do,
earning 10-30 U.S. dollars/hour for basically nothing.
Al least he was able to QA their work.
This is outsourcing.
This is why there should be laws against it, for U.S. corporations.
CAPTCHA = unsolved (I swear, how does /. come up with these)
The Onion already knew about this back in 2009: http://www.youtube.com/watch?v=rYaZ57Bn4pQ
Seeing as the link given isn't working, there's a bit more detail at http://www.theregister.co.uk/2013/01/16/developer_oursources_job_china/
I've outsourced all my Facebooking, slashdotting and cat-video-watching, so I can spend more time programming!
Think about it.
A company has $100 budget to write a program.
They can employ a US local, who will want $100. Or they can employ a 'consultancy company' (probably multi-national), who will buy the code from a Chinese coder at $10, and charge the company $90, keeping $70 for themselves. Net loss to US - $90.
But in this case the company pays $100, 10$ goes to China and $90 stays in the US.
What's not to like?
This story sets off my bullshit radar. Too many things about it don't make sense: 1.) Why would "Bob" give full access to company resources to subcontractors? Were I to subcontract a job, at the very least I would want to review everything before it was committed - especially if I was taking responsibility for it. 2.) What would happen if a colleague asked "Bob" about his code? Or as regularly happens on all but the smallest of tasks he had to collaborate closely with another fellow developer? There is a level of knowledge that you get from being part of a development process that you don't get otherwise. This sounds to me like an advertisement for outsourcing services.
Why is this called a scam? Did the subcontractor use bad quality electrons?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
The 18th century Swedish poet Carl Michael Bellman did something similar. The king of the time (Gustav III) liked his songs and gave him a really cushy job as head of the state lottery. Bellman new he would not be able to hold down a job so he employed someone else to actually do the work and he lived from the difference of what he got from the king and what he paid the person doing the work. He spent most of his time in pubs and wrote an enormous number of drinking songs. He is the Swedish equivalent of Robert Burns.
Does this mean the Chinese programmer is now available to take on new work... anyone got his phone number?
P.S. Unrelated. Anyone know how to hide the source of a VPN connection...?
Good coders copy, great coders outsource.
Is that how these youngsters call it nowadays ?
He should have been less of a moron and set up linux boxes at his home for the china contractors to VPN in through.
Do not look at laser with remaining good eye.
When they realize they canned their "best programmer"
heÂs my new hero!
This guy is so shrewd and heartless that he should make great management material!
???
Profit!
Defining Statistics and Social Research
Take music. The CD's are produced in China to lower costs, this is legal. You buy them from China, ILLEGAL PIRACY!
Outsource production, perfectly legal. Buy imports, pay max taxes including taxes on shipping PLUS a customs fee PLUS a fee for the shipping agency ON TOP of the shipment fee for it all... AND STILL it is often cheaper...
The global economy is there to benefit the rich, not the poor.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Granted, the guy did a bad thing in letting his VPN access go to a third party - but a smart company would see his potential. He already handles multiple sub-contractors if we choose to call them that, and apparently manages to get them to perform well. Some of the posts here suggests that the company should fire him, and use the Chinese dude themselves - but it is worth remembering that HE was the one finding this Chinese person, and he is the one doing quality control, to an above-average level. Get him an official position as manager for a small overseas team of Chinese developers, and he could be worth a lot more to the company.
. . .the outsourcer claimed the scheme was merely an oblique reference to the U.S. government.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Company gets butthurt when lowly employee dares to do the exact same thing they've been doing for decades. Film at 11.
GET OUT OF MY BRAIN!
It's front page at reddit right now as well I believe - and HN
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
1. Programmers in the US are worth the money corporations spend on them.
2. China and India are full of crappy programmers who can't understand specs, cannot correspond in English, let alone produce quality code.
3. The value of the US currency is a true measure of its worth in global markets.
4. US corporations are killing US jobs despite the fact outsourcing produces lesser quality goods and services.
I know the plural of anecdote is not data, but still...
If you keep throwing chairs, one day you'll break windows....
He should have forced the contractor to use a vpn proxy rooted through his home computer, this would have never happened then.
And what about the VPN connection during working hours you ask, simple: He has a couple things running at home that are part of his expanding his skill-set for the future or other such bull.
Can't really fault him for gaming the system.
I bet the name of the employee was Wally.
Sack the guy and hire the chinese consulting firm directly if they are making code that good!
I can see how he breached security by allowing unauthorized third parties to access their intranet. But who did he defraud?
He was hired to provide code. He did that. Not seeing how any stretch of the English language could make it a "scam"...
see subject.
For the price of a single worker, (if he was a manager, this wouldn't even be considered for news), they get an entire company's worth of coding. He was managing this company ON HIS OWN, so doing so without any additional overhead. He completed every assignment on time. The only difference between him and company executives is that he managed to do so WITHOUT TAKING AWAY A SINGLE US JOB.
But, because he wasn't born part of the managerial caste, what he did was illegal, and he's probably going to be fired (and sued) over it.
A six figure salary for a developer? I'm at the wrong company.
"Hello this is Joe, Bob's boss. Bob is no longer available to correspond with you on this project. I will be handling all correspondence with you from now on. I will be responsible for sending the payments of the sum that you and Bob agreed to. You can contact me at joe@dev.verizon.com ...."
The company paid him to produce code. He produced the code. How is that a scam?
Especially in consulting and banking firms, rather than working 80 hours a week ...
And outsourcing effectively is a skill. Modularity is not easy to attain.
Let's call the Chinese programmer the "Handler", and the U.S. programmer the "Dupe". The story reads a bit differently: the Dupe allowed the Chinese Handler and his/her team to infiltrate several companies, potentially in turn infiltrating more companies (and so on ...).
The Dupe was being paid by the Handler through the discounts s/he received.
The Dupe should be charged under applicable corporate theft or espionage statutes as applicable.
he never said that he wasn't subcontracting.
He just never said he was.
If mfg CDs is a fraction of the cost, then doing it locally in a more expensive job market won't increase the price of the CD much, will it.
Didn't see that on Dilbert. Wally would be proud!
Paul: Father... father, the sleeper has awakened! - Dune
All these years I have been doing it the hard way.
Genus! Sheer Genius!
willy
No hour on a horse is ever wasted. Winston Churchill
"I learned it by watching you!"
"Market & economy have laws that can't be broken"
I can only conclude that you just awoke from a 5-year coma...
glad to hear you're doing better!
that's not how PCI works at all, no carrot, just stick
you comply with PCI rules, or pay through the nose
Sounds like good ol' Yankee ingenuity to me!
To justify more H1Bs
This is how govt and friends work....charge big bucks from taxpayers, pocket the difference....
I love stories like this.
The strange chinese VPN traffic I could never get rid of.....was probably employees doing the same exact thing at one of my former jobs. Of course we already had two VPN connections to china going and I thought they were doing some sort of highly skilled firewalking to get to our blacklisted mail server. No wonder said employees kept asking me for the VPN credentials over and over. Anyhow, the guy puts a lot of people at risk and even more mail servers by doing that- should have used his home computer than no one could have stopped him.
If your home internet isn't stable/fast enough then dedicated servers or even just a VPS are cheap. A little more effort to setup, but having conections to the company come direct from overseas seems an obvious way to get noticed.
Heck, it might even be tax deductable - though if you are an employee not a contractor that might be harder to manage.
When an employee does it, it's fraud; when a company does it, it's "smart business".
The Dilbert principle
He will fit in as a manager.
So I haven't RTFA but the "best programmer in the building" thing, and the fact that it's Verizon, a telecommunications company who would be a prime target for foreign intelligence, makes me think that maybe we're giving the employee too much credit for being a genius here.
Which is more likely, that he sought out and found a good, cheap, reliable programmer, and then went on to expand his scheme into multiple companies, or instead perhaps that someone sought him out, and suggested the scheme to him, and maybe later said "Hey, I have more free time and some friends here, so maybe if you applied for jobs at some other companies that your resume matches we could make you even more money!". But I'm sure he would have been made to feel like it was all his idea as much as possible.
G.
Sounds like someone followed the "4 Hour Workweek" book a little too closely.
Not really, but it would be funny.
This sounds like something Wally from "Dilbert" would do.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The vast majority of employees (not 1099 ICs) in the United States have no employment contract. You're an at will employee, with the "deal" being employer doesn't change the job or pay without telling you in advance, both you and employer can walk away at any time with no penalty. You show up, you follow their rules, you get paid what they said they'd pay you (note carefully, there is no "contract" or "agreement" here.. ) If they change the rules and say you have to wear green socks on wednesdays, and you don't like that, you're free to leave.
the only case where there is "constructive termination" or "unlawful dismissal" in the absence of a contract is something like retaliation for reporting a fairly small class of problems to the authorities (whistle blower), or where there is overt discrimination against a protected class. Moving your office to the basement storage cage next to the HVAC blowers... that's just space reallocation. Doing away with holidays and vacations on a go-forward basis, not a problem.
This particular case is interesting, if only because this activity probably wasn't described anywhere as proscribed. The giving your RSA token to someone else is clearly a dismissable serious offense, but having someone else do you work? Kind of depends on what your job description is, and if noone ever said "you have to do this yourself", maybe it's cool.
Were we are paid a fraction of what we are worth by investors and an owner class who do no work except review their financials annualy and live in luxury. An actual serf dares and heads will roll.
It sounds like he needs to be promoted to management.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
Executive compensation is tied to share price. The things done to maximize shareholder value are done to enrich executives themselves, not out of some technocratic, altruistic desire to enrich others or adhere to a principle.
... we have many employees who spend their days with YouTube, Facebook & Co., but they didn't outsource their work (i.e., it doesn't get done).
I'd much rather have this guy here.
I would like to know how he found that a good, apparently perhaps very good, programmer that far away, I've tried but failed myself...
I've heard nothing but orgasmic charoling of the joys of outsourcing from folks like Verizon's spineless handlers. And now, when they are the reciever of such business practices, they're the ones that are screeming the loudest. "Selfish" doesn't even begin to describe Verizon's/HP's/GE's/Google's business practices; it would take an Artist to be able to accurately communicate their form of pestilence.
There's outsourcing, and there's outsourcing with getting clean code back and getting it on time. There's a difference. The difference is flying to east-bumfuck-nowhere (Bangalore, Shanghai, Bluefield WV) to have a sit-down/chat to find out who's the one who's contributing crap code and getting the contracting business to put him on someone else's project. This has a tendency to fail and it's why some businesses are bringing coding back home.
He has found a way to get the holy grail - cheap, good, and on-time instead of just picking two.
Yes, he just proved his own job could be outsourced to China, but then he should be promoted to a management position due to this skill.
Either that or he should just hang up his own shingle and compete.
--
BMO
Dude was almost a genius. He just forgot to have a USA proxy for this worker.
Seriously, you get the big ass bonuses when you do this as a CEO, and he gets, um, actually I don't know, i didn't see it when i skimmed the article.
Be seeing you...
I live in Mexico, if I would do something like this i would have to pay about half my salary :(
especially since no reads the articles
Almost all employees (contract or regular) usually have to sign a non-disclosure agreement, among other things. So he broke that for sure. Re export of the RSA token - if it contains encryption software he probably should have gotten export paperwork done for it, but he's not likely to be prosecuted for that.
There are a lot of untapped talents willing to work for cheap in the USA, it has to be done by the public sector because the private sectors are unwilling to invest domestically (a.k.a. unpatriotic). Funding massive job programs by minting a couple of quadrillion-dollar-platinum-coin is a good start in reviving the USA.
New Economic Perspectives
(via the submission queue, posting anon because I already moderated a post)
http://www.net-security.org/secworld.php?id=14247
The idea of outsourcing your own job isn't new. First time I remember the idea being presented was in a Sunday comic in 2004.
http://www.gocomics.com/doonesbury/2004/11/07
And more recently the onion presented the same idea... right down to the cat video.
http://www.theonion.com/video/more-american-workers-outsourcing-own-jobs-oversea,14329/
executive compensation is tied to your relationships on the compensation committee. nothing more.
Exhibit A: HP
This isn't new. In the early 1990s, a coworker approached me to help with an outside project he was doing. I'd code C functions based on a specification. Other people were doing that too on his projects. We didn't know what the final project was, just what our inputs would be and what the expected output needed was. Simple. We provided him with source code.
I learned that he was doing the same thing for another company - he was given specs for functions and provided functions back. I think that he retained the source code and only provided libraries. Smart.
It wasn't much effort to earn an extra $200/week doing this. I spent less than a few hours for every function. Seemed like a win-win situation, but it wasn't enough work to quit my day job and lose all those benefits.
All of us were violating our employment contracts. Back then, it was common for the employer to own all intellectual property created by an employee - at least that is what my contract said. Whether it was legal or not is a completely different question. The functions had nothing whatsoever to do with my day job. Actually, I was working on a government contract during the day, so it wasn't possible to do any of that work at home. Heck, it wasn't even a language we used at that job.
As long as no proprietary data was leaked, we didn't use any company/government resources at all, then I have no reason to believe any was leaked or used, I don't see the issue.
Hard and smart work should be rewarded.
I read TFA and have major concerns about how this was implemented. Had he outsourced functions and still integrated them into the company's systems, I would have felt better. Allowing someone else remote access into corporate networks without written approval needs to be a major lawsuit. He needs to be fired and NAMED publicly.
The chinese currency is undervaluated and the USD overvaluated.
Once the big correction shall take place suddenly outsourcing --which already brought havok in a lot of companies (and which are abandoning it)-- won't be anywhere near as "interesting".
I've outsourced to China, India and South-America. India was a disaster. China was ok but we got outbid by another company: basically out of ten coders, two were good and these two were "stolen" by one of our partner.
We had a small team in South-America of very motivated people and that one gave good results.
But all in all it's not worth the trouble: outsourcing totally s*cks and in a lot of domain the cultural barreer or the laws in place make it impossible to work in satisfying condition.
I realize a lot of people here are from the U.S. and very nervous about their jobs: don't worry. Not only outsourcing does truly suck but moreover once the currencies shall be "corrected" there's no way it's going to be financially interesting to outsource.
Kudos to the dude that said.
When a corporation does this?
Good stewardship of shareholder investment.
Make the corporation illegal!
"Flyin' in just a sweet place,
Never been known to fail..."
1) Why ship your key fob? Just point a webcam at it. Besides saving on shipping costs, you could quickly revoke access if needed.
2) Learn from your mistakes: set up a proxy inside your house that he can connect to so the VPN logs don't show foreign access.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Recently I had some of my windows (real windows in a house) replaced. On the first day, the white American contractor showed up. He poked around, took some measurements, and came up with a quote. The quote was reasonable so I went with him.
A week later, when he received all the necessary parts, the contractor showed up again. This time, with 3 Mexicans in tow. Mr. contractor stayed for about 15 minutes in total, explaining the work to the Mexicans. The Mexicans spend the rest of the day there doing the actual work.
The end result is good, I have to say. It is done quickly and professionally.
However, I'm sure that there is a huge markup between what I paid to Mr. contractor, and what Mr. contractor paid to the Mexicans.
I had a contractor colleague who used to outsource, In The Same Office. Here was his scam: ...
1) Approach programmer #1 and say, "I'm new here and I want to work within the established company guidelines. How would you organize this?"
2) Approach programmer #2 and say, "I'm thinking of organizing my project like so because that fits in the company guidelines. I'm curious about your thoughts on this first step."
3)
4) Profit!
The lazy employee in TFA is a master of labor arbitrage.
Eric B.
In the world of bilateral economic relationships (contracts and otherwise), we recognize that a third party can share liability for a breach despite not being a party to the relationship (e.g., tortious interference.) I don't see any reason why we shouldn't recognize shared third-party responsibility, on a moral level, in the case of non-economic relationships where parallel circumstances apply (knowledge of the relationship by the third party, intent of the third party to induce breach, lack of special privilege justifying the third party inducing the breach, and actual success in inducing the breach).
To all you flamers who say 'They're not going to take your guns away.'
Is that why every time in history, when guns were taken from the masses, it all started with smaller laws like regulating sales of guns, banning certain types of guns, regulating the sale of ammunition?
Fools, here is your sign; "I'm a moron and the government is here to help me!"
Oh, I'm sure there is enough profit motive in getting backdoor access into major corporation's networks (especially if you are getting an monetary subsidy through an employee of the target corporation) to subsidize finding a coder (or team of coders) that can actually provide quality work on the workload assigned to a single developer in that corporation.
Or, he found a way to become the man on the inside for a ring of corporate spies, and instead of getting paid by the spies he was fronting for, he paid them.
Wally would be too lazy to find a contracter overseas to do his work for him... He would also not want to get a good review since he always strives for mediocrity (it's not like they're going to fire him, so why put forward any real effort).
Instead, I think Wally would just browse the internet for cat videos and let Dilbert and Alice pick up his slack (like they do).
Wally isn't lazy. He's useless. There have been a number of strips on the difference.
I honestly don't believe this story. I think it's made up. I believe in the outsourcing part but VPN monitoring and a large company reporting this to the world? I don't quite believe it. I think whoever posted this should be ban from posting on slashdot. It's just BS
How is this a scam? He not only provided the work he was paid for but his worker's work was outstanding.
If anything the guy should be given a medal.
Are you suggesting that a third party, outside of a relationship can breech said relationship and neither party of the same relationship is responsible?
What are we contracting for as employees? If the job's done can the employer complain if the means the employee used were legal? I think it's perfectly moral, ethical, and legal. He screwed no one unlike the behaviour of many employers and human resource professionals.
Company pays employee. Employee subcontracts job to Chinese 'Lead Programmer'. Chinese 'Lead Programmer' actually runs a company that employs 25. He takes the 1/5 pay that the originating company pays him, takes 1/3 for himself and in turn outsources to 3 of his 'top people' who each share the 2/3 of the 1/5. Because there are 3, they can get 3 times as much software out in the same amount of time as a regular day-shifter. They code, test and divide the work among themselves. Its not a great way to keep your job if you get found out, but it is a good way to get ahead stress-free. Your Facebook page can be updated almost instantly, you can be up to date on all the lastest over at "I Can Has Cheezburger".
haha, that's a genious plan, if you really come to think about it, it isn't really a scam.. He's contracted for doing the job, and he get's the job done (on time), how he does it really doesn't matter.. You can compare it to letting your IDE do some work (like refactoring), only in this case he doesn't let the IDE do it for him, he let someonelse do it for him.. It's just like a lot of other sectors where one hires a contractor to do a job, and the contractor hires other people to do the job for him.. damn why haven't I though of this. LOL..
What I am saying, explicitly, is that your claim in GGP that only the direct parties to a relationship can have responsibility for a breach (and, at that, only one of them) is incorrect, and that third parties can bear some responsibility. This is separate from the question of whether all breaches must involve a direct party to the relationship bearing some responsibility.
Whether there can ever be a case where only the third party was responsible is a question I wasn't addressing in GP, either explicitly or by implication. I can certainly see an argument for that in cases where there is outright compulsion, rather than mere inducement or cooperation, by a third party to act inconsistently with a commitment that was part of a relationship, though whether that is a breach where only the third party has responsibility for the breach, or not a breach at all, or a breach where despite lack of choice the compelled party has responsibility probably depends on the exact sense of "responsibility" being addressed--as that term can mean multiple different things that don't always rest in the same person--and the precise nature of the relationship at issue.
This was a Dilbert cartoon a few years ago, wish I could find it. Anyway, it's come to life! And why not? Capitalism at it's finest, yay! Man should just have started his own outsourcing firm.
OMG a coder who is on time, with clean code, at 80% off? GIVE HIM A RAISE, make him a VP!
In case you are finding that securityblog.verizonbusiness.com is refusing your connections, here is a cached version of the source article: http://webcache.googleusercontent.com/search?q=cache:http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/
But it is a problem if we do it. I say good for the goose good for the gander.
Because Outsourcing is trading a domestic employee for a foreign employee. This is done because it saves the company money.
This is different. This created a brand new job in China whilst costing nobody a job in America, and saved the company nothing. It actually COST the employee, but considering the benefit - 80% of the salary for 0% of the work - it's a fucking bargain anyway.
That said, this is like a lot of "game the system" stories lately, in that I don't have a problem with the concept, but the execution was just done poorly. The idiot both FedEx'd his RSA token to China and kept the fucking invoices? How stupid can you be?!
This is SO much simpler to do and could have been undetectable. Create a secondary, separate VPN for the guy in China to use to access his computer, and print out the invoices then DELETE THEM. This way, nobody is any the wiser, and worst case scenario, he probably still wouldn't be fired. He got fired here for mailing his credentials to the dipshit in China. Had he not done so, he could've simply cut off the separate tunnel to China if the Chinese guy ever did anything malicious, and the whole system is instantly secure (I mean, assuming he keeps logs and checks to be sure the Chinese guy doesn't create another backdoor, etc.)
So yeah...I want to be a fan of this whole idea so badly but...I can't. If it had been done better, sure. But like this? No.
People who can do outsourcing that well are very rare.
How "well" is that? He pushed a "critical infrastructure" job offshore without a full ISO security audit, putting his employer in the position where they risk losing their ISO certification and get sued into non-existance. The reason his offshoring was cheap and profitable was because he made a very, very bad job of it. He has lost his job, and the only reason he hasn't been sued into bankruptcy is the fact that his employer is sh*t-scared of anyone knowing it was them.
I see this word "critical infrastructure" applied to many things to which it does not apply. Let's break this down:
o The article said that the employer was a "critical infrastructure company", not that the employee was engaged in that as part of his duties
o They did not indicate whether the token allowed access to areas of the internal network where sensitive information resided
o They did not define "critical infrastructure"; it could refer to GE nuclear plants, or a condom factory. Declaration is fact.
o They did not indicate if an employment agreement was violated
o They did not indicate if a non-disclosure agreement was violated
So so far, we have a security blogger bemoaning the risk associated with someone out-sourcing their own job, at a profit. Yeah, this is a theoretical risk, if this were done by someone in such a way that it gave access to information protected via "security through obscurity", or if it effectively allowed an agent into an area that matter, neither of which is evident here, since they were unwilling to name names. So they've identified a potential attack vector, publicized it, and gotten slashdot hits on their blog over it.
The lack of ISO certification, by which it is implied ISO 9000 certification, is a process certification suite, and technically could be handled back at the office by the outsourcing employee. It doesn't matter where the code came from.
Either way, you'd think a "critical infrastructure" company would region-limit the RSA token access via its firewalls on a per-employee basis, and require that they request additional regional access for vacations, business trips, and so on, if they expected to be working outside the allowed region(s) already known to the firewall.
PS: The only company that issues or uses the "DBIR" acronym, according to Google, is Verizon, so we can probably safely call it a "dubiously critical infrastructure company", and we can agree from their open job listings that it attempts to implement ISO 9000 practices in portions of its business, with no disclosure as to how effectively this occurs. The token working from China in the first place is on them, as this is part of their corporate skill set.
The course you describe does much to blame "the world" for the problems which only affect the two in a relationship. It's impractical and unrealistic. If both are dedicated to each other, no amount of interference would matter. Further, it can't happen without a member of a couple breaking the agreement. That should be the extent of the harmed party's concern. Anything beyond that leads to... well, as Yoda would put it, "...to the dark side."
Does every women whose man cheats blame him or "all those other women on the planet?" Most often, it is him. It's reasonable. Why is it not reasonable when the roles are reversed?
Sounds very boring. Or did he watch pussy videos? Lost in translation?
If you can find somebody else to do the job for a cheaper rate then it is alright and you can make profit.
That's how to the economy/companies work.
+ It is just ridiculous if you make work contract that you should actually work, all that matter is the results. There is no scam if the other part of the contract gets the results he or she wants.
Nobody would be complaining if the contractor was a script.
He spent days websurfing? I've been doing that for years!
Never let a lack of data get in the way of a good rant.
"That drop in stock price, too, has cut some of HP's executive pay in the form of restricted stock awards from earlier years, according to the proxy filing. The payment of these awards were tied to the firm's per-share performance against the Standard & Poor's 500 Index over a period of time.
HP changed its compensation program last year, and is now giving stock options that vest if the company's stock price meets or exceeds specific goals or thresholds.
Whitman's base salary was just $1. Her bonus was $1.7 million, while the remainder of her compensation was granted in the form of Hewlett-Packard stock options, stock awards and other income, according to the proxy filed with the Securities and Exchange Commission on Friday."
Meg Whitman's Pay Package Tops $15 Million After HP Posts Net Loss In 2012
Reuters | By P.J. Huffstutter Posted: 01/12/2013 11:11 am EST
via Huffington Post
So he found a company in China that could do his work for 3 different companies and produce the best code in the building, all for less than 50,000 dollars per year? The real question, then, is what is the name of this company and what's the phone number?
"With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
RFC 1925
I promise if it doesn't make me happier I will donate twice as much to charity myself.
Prepared to put your money where your mouth is?
ironic captcha: worships
This guy pwned the entire shareholder-oriented business system.
He beat them at their own game.
Well played, sir. Well played indeed.
It doesn't blame "the world" for anything. It places responsibility on specific actors in a position to know that a course of action will cause harm, who undertake that course of action intending to cause harm, and who, in fact, cause the intended harm by that course of action.
Like most things in the real world, "dedication" isn't a binary quality. And responsibility isn't exclusive (or even fixed-sum) -- acknowledging that a third-party can, under certain circusmatnce, have some responsibility in the case of a breach (as we do in the world of economic relationships by way of tortious interference) doesn't reduce the responsibility of the breaching party (as it doesn't in the case of tortious interference).
Clearly, that opinion is far from universal regarding relationships in general, otherwise we wouldn't have tortious interference.
IME, while individual people vary considerably, people (of either sex) in that circumstance tend to be quite likely to not view responsibility as exclusive or limited, and tend to be quite capable of viewing both the offending partner and the specific involved third party (not all the other people on the planet; don't know where this, like your reference to "the world", came from) as responsible, without the responsibility of either one reducing the degree of responsibility of the other.
No one has been arguing that the responsibility differs based on that.
You'll get no argument from me. The only thing that is outrageous about this incident was that a lowly employee behaved like an executive.
is he talking about jerking off?
Unlike Capitalism, Globalization is Zero-Sum
Casteism
Wow,
YAAL - You are a Lawyer
Darn. Maybe that way finally I can get again a job programming without the mess to being asked for 5000 USD certifications per language/program. Slashdot, finally you are useful! :D
I don't see a problem with this. Capitalism at its finest