Corporate Hackathons: the Fine Line Between Engaging and Exploiting

New submitter dasacc22 writes "Campbell is inviting developers to hack the kitchen with their recipe API. But wait — the API is private, so first you need to submit an idea. If they like the idea, you'll be given access to develop the app. If they like the app, they may give you some money. Otherwise, you can expect to have an app that connects to an API you no longer have access to. The author of this article covers his recent experiences after engaging with Campbell's Adam Kmiec to try and answer the following: '... my question to software developers out there who are thinking of devoting any real effort to a corporate hackathon like this is: "Why?"'"

Why?

[Dexter+Herbivore]

So that Campbell can do to developers what Andy Warhol used to do to his most fervent followers. Use them in new and interesting ways for their own amusement.

Re:Why?

[war4peace]

The answer is on the main page: 50K dollare, and 4x 10K dollars for runner-ups. That's why.
It's like any sport out there: you can either win the big buck or go home with your dick in your hand. It's a fucking competition, that's what it is. Sheesh.

Re:Why?

[dasacc22]

As it was put over on reddit, "Another way to look at this is that if you were to work 3 weeks for 40 hours a week on the app, and have a 1 in 30 chance of winning the $50,000 prize, then your expected value is $13/hour. And that doesn't include the time spent on the initial proposal."

What are *YOU* getting out of it?

[Alwin+Henseler]

That's the question to ask. Experience? Fun? Bragging rights? Whatever... if you can't think of anything like that, all you'd be doing is bolster the company's bottom line. Which personally I wouldn't even consider doing unless money was changing hands.

And in this age of IP-madness, check the rules carefully. If you write code for such an event, are you handing over any rights? Would you still have the right to use that code yourself elsewhere? You might expect so - that's not the point. Make sure. Before getting into any agreements, or spending significant effort on it.

Re:What are *YOU* getting out of it?

[oodaloop]

And in this age of IP-madness

Man, tell me about it. IPv4 addresses are running out, and adoption of IPv6 is still so damn slow. It's crazy!

Re:What are *YOU* getting out of it?

[ZeroPly]

Their soup is overpriced shit that appeals to people too lazy to explore what else is out there. If you fall into that demographic, are somewhat dim-witted, yet somehow have learned the basics of a programming language, this challenge is perfect for you...

Re:What are *YOU* getting out of it?

[westlake]

That's the question to ask. Experience? Fun? Bragging rights? Whatever...

Campbell's has been around since 1869. Revenues $8 billion US a year. A company with a global reach and instant brand name recognition in North America. Clients like that do not fall from the sky ---- if you want their attention you are going to have to work for it.

Re:What are *YOU* getting out of it?

[0xdeadbeef]

Clients like that do not fall from the sky ---- if you want their attention you are going to have to work for it.

You seem to have software development confused with advertising, and besides, the best advertising agencies have billion dollar companies coming to them, competing for their time. If you want the best, you have to be willing to pay for it.

Contests are scams to find young, hungry people just good enough to produce something useful, but still naive enough not to recognize its true value. As the graphic designers say: say no to spec work. And the typical programmer is nowhere near as poor and hungry as the typical graphic designer.

Re:What are *YOU* getting out of it?

[phantomfive]

Sort of, but look at the website of any startup. They all try to list their large corporate customers. Being able to put Campbell's on your website is surely worth something.

come up with the next big thing and win 5,000$

[tommeke100]

...That way we don't have to invest > 1M$ in R&D to do it ourselves!

Bottom line: not worth it

[lucm]

From a probability point of view, here is the true value of that thing:

(Total prize: $50,000 + $10,000) / (Number of challengers: 30) = $2,000

The access to the API is limited to 3 weeks. This means that what they offer is the privilege of working for $16 per hour as long as you initially provided a good idea for free.

Financially speaking, one is better off working at Mikee Dees for 3 weeks and using the wages to buy lottery tickets (you also get free soft drinks while you work if I'm not mistaken).

Campbell's shows why closed source is bad

[kawabago]

Campbell is demonstrating exactly why closed source is bad for everyone. Campbell has wasted no one knows how much time and effort creating a library to create and manage recipes then doesn't want anyone to use it, rendering it completely useless. Campbell's could have saved considerable time creating a recipe application instead. No one gains from a library no one can use. Maintaining a library for no one is a waste of resources. Everyone loses in this closed source stupidity created by Campbell's Soup.

Re:Campbell's shows why closed source is bad

[Dogtanian]

This isn't really an issue of closed source, it's an issue of pointlessly restricted access. One could quite easily (and still workably) have an open API to a closed source system.

As you say though, spending time creating an API that no-one gets access to really makes little sense- unless one assumes that the API was only ever intended as an excuse and necessary component for a marketing-driven PR campaign. Maybe it does do something useful and they're going to use it internally within the company, but I doubt it. My suspicion is that once this whole thing is over it'll be quickly forgotten about and left to moulder unused on a server somewhere.

Why?

[daath93]

Fortune and glory, kid. Fortune and glory.

Re:unsophisticated ploy for free work

It's called speculative work, commonly shortened to spec work. And yeah, it's exploitation.

Keep it secret, keep it safe? Do Not Want.

[VortexCortex]

Well, I'm sure the folks writing the code that talks to the API will have to sign a Non Disclosure Agreement. Such an agreement states that the if you let slip the information under any means that you agree you've irreparably harmed the discloser of information. That's the most damaging kind of harm there is, which may even be on the same level as a murder if you think about it, esp. considering the amount of money the disclosee risks forfeiting.

The state of computer security and information security security in general is so ridiculously near non-existent in any sense of the word that it would be foolish to sign any NDA, not just one for an eKitchenSink API. There is not a single common desktop or server OS that can not be readily breached by someone of with sufficient knowledge; Indeed the NSA and even China's Cyber Army has asserted they hold 0-day expolits for every OS. Do you think there's a super intelligent breed of hacker they've developed to obtain this power, or do you think that there are crackers & hackers with such skills that they happened to recruit? If the latter do you think they've recruited them ALL? -or- even a significant percentage?

So, here we have a situation where I can not in good faith sign a contract saying essentially that I won't ever disclose information to 3rd parties while there are more 3rd parties every day who can just reach into my systems and take that data at any time. These are not hypothetical statements, my security has been breached before. Now I only use Linux and use MS Win via VM; However even these precautions aren't enough to prevent a diligent hacker from discovering an exploit or a cracker with a few thousand dollars from buying said exploit... Not that I'm saying I live in constant fear of being compromised, on the contrary, I most assuredly do not fear because I don't sign that type of NDA and take on such risks. I need not fear, only keep backups in case a compromise occurs. When faced with eating a fish that may or may not be deathly poisonous vs one that is known not to be fatally dangerous, I choose the latter.

I always refuse to sign those sorts of contracts and instead propose that any disclosure by me to a 3rd party has to be proven beyond a reasonable doubt to have been a willful disclosure, and that unwillful disclosures include but are not limited to having my own security breached. It's worth noting that many companies will not agree to such terms, and in such cases I simply move along to another bid. In other words, I've naturally gravitated toward working predominantly on (improving) open source software to add a feature that a business needs/wants because a simple risk analysis prevents me from signing most any proprietary NDA. What of the company's own employees? Do they bear such risk of irreparable harm to their business and sign away right to defend themselves against such claims where information leakage has occurred if their workstation is targeted by crackers?

Also, If I've got to disclose my Application Idea prior to accessing the API then I'm at a severe disadvantage. This is the Information Age, you'd do well to learn a bit of information politics. I'm doing the work to come up with an Idea that may or may not even be possible via their API, and giving that work to them for free for the CHANCE that I might be ALLOWED to benefit from the idea? Say they turn down the idea, can they not simply run off and create the app themselves now? If not, if the NDA is bidirectional and they will not disclose my Idea, then they are doomed. I will simply propose hundreds of ideas under that contract, and drag them into court as soon as another app implements the features I've described... I don't even have to develop anything! If the risk is not bidirectional, then it's not worth the chance to take considering the market share, and that other markets for ideas exist.

Finally, If you want to prevent unlicensed 3rd party API usage then implement a secure code signing chain and make the API