

What Can You Do If a Coder Cons You? - jv2222

I met a coder (via Twitter) when I was looking for someone to help me with some stuff. He had a great resume with buckets of experience listed on it. He was approx 35 so I believed the resume and he "talked the talk" as well as any coder I've ever met. As it turned out, he never did any work with me... but... an old friend of mine was looking for someone to help with his new site.<p>The site was a simple points/wallet system that you can earn points by filling out surveys and then download games using those points.<p>So, without thinking too much of it, I put the new coder buddy I had met via Twitter in touch with my old friend. My friend interviewed him and agreed that he looked like a great guy with lots of experience.<p>Anyway, he quoted 7 days work at a cost of $2k to do the job.<p>Everything was fine, and he delivered about 80% of the site. Then my friend made the mistake of paying him the final 50% because he was happy with the work to date.<p>After this, the developer stopped work.<p>After which point, each time he was sent an email asking when the next 20% would arrive, he would send back an email saying that he only had a couple of hours left and he would complete the site within the next day or so.<p>This went on for 6 weeks. Which of course drove my friend nuts, who finally contacted me to get involved.<p>My gut reaction was that my friend was over dramatizing and that I would be able to resolve the issue. So I spoke to the developer and he assured me that there was only few hours work left and he would get it done in a few days.<p>So, I set up a bug tracker and I checked in the exiting code to svn to make it a bit more track-able and easy to sign off the final 20% - after all there was only 5 small issues.<p>So, now what happened was, every few days I would send this guy an email saying hows it going, and he said I've finished everything. I'm going to commit it tonight.<p>This went on for two weeks.<p>At which point I realised that he was never actually going to do the work. So I had to apologize to my friend and find another trusted resource to finish it.<p>Then, after cutting this developer off by changing all the passwords etc, I decided to have a closer inspection of the code he'd written.<p>Well, let me just say that he had used a code generator to build many active record style classes that loaded rows from the db with insert/update etc... Not a problem right? But the code was so bad!<p>For example, there was zero use of a database abstraction layer, and each of these code generated classes had the full mysql declarations inside the objects.<p>He then tied up these classes with some verrrry questionable procedural logic.<p>NONE of the db queries anywhere were escaped. Even for form input. So not only could you easily perform SQL injections, but any one who typed a ' into an HTML form would break the system.<p>What amazes me is, how could you write a code generation tool that generated such bad code. Surely during the course of his career he woudl have noticed that the most basic of bugs was present in all the SQL. Wouldn't you think, after years of using the same code generation tool to re-factor it?<p>I can tell he's been using the same tool for a while because it's using PHP4 style constructors rather than __construct.<p>Anyyyyway.<p>The question I have for you is... What can be done about con artist coders like this? Is there anything? Should there be some kind of "con artist coder" registry?<p>It doesn't seem right that this guy will be working for other clients, when he is clearly not going to have their best interests at heart.<p>All thoughts, much appreciated.
======
lhorie
The problem is that you're starting from the assumption that things can be
made "fair", by "punishing the offender". Consider that the legal system
(which is designed to make the fairest decisions possible) takes forever and
is not necessarily accurate. For starters, you need to admit the possibility
that a fair resolution != convenient resolution.

A "con artist coder" registry isn't fair. It's error-prone at best and
exploitable at worst. Sure, those "registries" might make you _feel_ safer,
but they don't really accomplish anything useful. (See the no-fly list, for
example)

The logical thing to do (imho) would be to take the loss as a lesson and move
on. (Paying the full amount only after completion sounds like the glaring
lesson here. Also, getting second opinions before choosing a freelancer and
having a written contract are no-brainers)

~~~
mattm
Agree. It's an expensive lesson to learn but it's not going to help you trying
to get back at him.

Next time make sure to do some code review early on, start with a simple task
(not a whole project) and look into using an escrow service or hire through a
outsourcing website which offers good protection against poor work.

------
amackera
How are we supposed to police our fellow hackers? In my mind there's no way to
ensure that this "blacklist" stays objective, and people don't abuse it for
their own advantage (or for mischief!)

~~~
jv2222
Yeah I have to agree it would be used for no good ;)

Hmm, maybe I'll just send him a link to this thread so that he can see that
his behaviour does actually effect people.

------
yan
This might be of questionable ethics, but if you put his twitter handle here,
anyone googling for him will without a doubt come across your description.
Google loves HN. Mention it on another high-traffic web site?

Send him an email warning him before with a chance to come clean or repair the
damage he's done. Also, don't threaten; just write "I will post this on date
X, and I'd like to hear your side of the story before then."

~~~
jv2222
The problem is he's incredibly eloquent and it's hard to believe that he's
anything other than a decent bloke. It's only by personally experiencing the
promise of "I'll check in the completed work tonight" for two weeks that I
actually believed my friend.

Also, If I was to in any way publicly denounce another person it would
probably have more negative effect on me than them :)

~~~
yan
Very fair point and I'm sure my advice is only reasonable in quite extreme
situations. Did you try approaching him directly and ask what was up? Also,
were completion dates mentioned at all when he was being hired? Maybe he
technically didn't do anything wrong from his perspective.

------
radu_floricica
Well, the way I solved a similar problem with a sales person was to send him a
mail in which I made clear that I was about to contact his ex-employers to
investigate, and ask questions like "I intend to follow legal channels and I
was wondering if you had similar experience working with X". After all, paying
for unfinished job is at least reason for a trial, and good pre-trial strategy
is to look for a pattern.

Of course, you don't have to actually do this (though I was prepared to at the
time), but hopefully you won't need to.

------
wglb
Perhaps the fundamental thing to do is to not pay the final 50% until mutually
agreed-upon criteria were met.

And for something like this there clearly needs to be a periodic code
inspection, or specific guidelines such as anti-sql injection and the like.

Blacklisting this fellow wouldn't necessarily do the job. The hard thing is
that you often don't really know if someone is any good unless you work with
them, which makes this very hard.

------
gte910h
This is called "tortuous interference". Your friend can meticulous call the
guy out, getting the details correct, but you shouldn't.

<http://en.wikipedia.org/wiki/Tortious_interference>

------
jv2222
@yan I had a number of conversations with him, in all of which which he seemed
like a really nice guy and perfectly reasonable. Each time he assured me that
he had every intention of finishing the work, and there was only a few hours
left.

He knew very well that the work was meant to have been completed in seven
days. He explained to me that the project had overrun because my friend
supplied the artwork late. Which was a perfectly valid explanation for 1 week
of overrun. The other 6 weeks, however, are not so clear...

~~~
ars
He probably has another (better paying) client, and intends to do your work,
but something else always gets in the way, so he doesn't have enough time.

Most people are not deliberately evil, they want to do the right thing, but
find excuses.

If you are still interesting in him doing the work, find a way to increase the
urgency - for example tell him if we don't launch really soon it will fail,
etc, etc.

As far as the bad code, nothing you can do about that.

