Hacker News new | past | comments | ask | show | jobs | submit login
Maybe you should store passwords in plaintext (qword.net)
177 points by qword on April 30, 2023 | hide | past | favorite | 141 comments



I worked for a startup from 2015 to 2022.

From 2015 to 2020, it was great. I (and most other employees) was working hard, and was consistently rewarded for my efforts.

In 2021, the company benefited from a huge boost due to the pandemic. Hiring went through the roof and the company became very performance focused. Unfortunately "performance" now meant "meeting your OKRs" and nothing else.

The company culture went through the drain. Most of the new hires were from FAANG and knew very well how to play the game. Whereas before, if you asked someone for help, they would help you, now the answer became "file a run ticket". After all, why would you spend time helping anyone? That's time not spent on your own OKRs, and that's literally the only thing that matters.

Nevertheless, I kept working hard. I was involved in multiple company initiatives, mentored new hires, still helped people when they asked for help, etc. After a year, when performance review time came, I got a "meets expectations".

I was livid, and asked my manager how that could be possible. He basically told me that he had no visibility into all the non-team initiatives I was involved in, and that it was my own fault for not making myself more visible and drafting my OKRs in a way that would have allowed him to justify why I deserved more than "meets expectations".

I refused to play the game and told my manager I was sure I could get "meets expectations" by doing a lot less. I basically slammed the door on all the side initiatives I was involved in and stopped doing anything besides "core work". I went from working 50+ hours a week to working 25-30 hours. I did not enjoy it -- I was actively miserable, and started taking steps to move on.

It took me nearly a year to leave the company (I was on a visa that did not allow me to switch jobs so had to obtain an H-1B, which took time). Another perf review came by, and lo and behold, I got "meets expectations" again.

I am so much happier in my new job, but I'm still salty about the previous company. What used to be a great company culture became a toxic, political, gamed environment.

(Oh, and of course they had a huge layoff round a few months ago. But hey, at least leadership "took responsibility" for overhiring.)


I agree with Nihilartikel’s comment. It’s nice when you’re the one doing business development.

But as a manager at any organization, the correct answer is to fire people like this because they become insidious and take over your business.

Have a moral backbone.

Is it fair? No. Lots of corporate decision making will never ever be fair. Deal with it, or work with these people. Find ways to financially incentivize morally correct behavior and exceptional engineering. The latter is important because good people leave and they’re literally worth more than your other employees.

Oh and by the way, they’re disgusting to work with, and regardless of your moral compass they will make you a worse engineer.

I worked with these types of people at my last job.

One guy didn’t know how to fork a repo and maintain an internal copy of a project with clean portable diffs.

The other was afraid of regular expressions and didn’t understand libc versioning.

Losers behave like losers.


As an addendum, you don’t need to kill yourself over your job. Just do what’s asked of you.

But you don’t need to be a parasite either. It’s disgusting and you WILL be remembered for it years later.


I won’t be at my employer years later, so why does it matter? Max of 4 years to cash out the stock.


Because the people you work with might also move around and end up with you again.


one has to have honor for themselves

you may win the FIRE game but you've cost yourself the chance to be something you respect


This line of thought shows a fundamental difference in perception. To a lot of people, working a 9 to 5 will never make you respectable no matter what it is you're actually doing. These people work to live, whereas your stance is that of someone who lives to work. I don't care how the company remembers me after I've retired and never have to give them so much as a spare thought. I have a whole life ahead of me that I intend to live without having their massive black hole of time waste looming over me.


Shit, I lost that when I went into the industry.


> One guy didn’t know how to fork a repo and maintain an internal copy of a project with clean portable diffs.

Or don't care about it. I started my new job by forking 2 or 3 repo (one was from an almost new project), but then i looked at the commit history and i was like "Fuck it, i'll just branch out and rebase before the merge to clean up my shit". I know how to do it, i do not bother.

My commit titles are often enough, i sometimes add a commit comment but i know no one really cares. I just do my job well enough, and try to stay motivated by doing the most interesting parts well, and do not forces myself on the boring parts.


Managers are not somehow exempt from this line of thinking. Firing someone is labor intensive for a manager and will actually reduce their power. No one wants to fire anyone, especially lately.

This is clearly the result of corporations destroying workers’ incentive to produce quality work. If you don’t pay people to care, they will not care


Meh. I’ve seen very good and caring workers at all levels of the pay scale. Pay impacts caring, but caring doesn’t start with pay. Many people care because they value quality work intrinsically.


My experience is that the managers themselves are the ones driving this behaviour. They either don't even know who are the best engineers in their team, or they know and assign all the work to them.


My eyes really opened to this during the pandemic and its aftermath.

Working from home I did almost nothing productive. Got paid the same.

Returning to the office, I noticed half the people still seemed to be working from home most days, so I started doing that too. And did almost nothing productive. Nobody apparently noticed or cared. Got paid the same.

Got the same raise (yes, below inflation).

So now I have given myself a >4x raise by working about 10 hours a week of real work (and that's a high estimate). I work on whatever tasks are currently on the radar, do the least amount necessary, and ignore everything else. I get paid the same.


This just means that your line manager, whose role it is to ensure all resources under them are working at efficient capacity, is not doing his/her job.

And in turn neither is his manager.


The goal of a manager or worker isn’t to be efficient, it’s to produce value. I suspect the diminishing returns of effort at most companies is astonishingly high.

I would much rather a developer work 10 hours and accomplish what needs to get done than work 40 and negatively impact the business.


> I would much rather a developer work 10 hours and accomplish what needs to get done than work 40 and negatively impact the business.

It feels like there is a third option here that I can’t quite put my finger on.


i see two additional options. one is, find something else to do that actually benefits the company. that only works if the climate in the company supports that. the other is to reduce the size of the team because apparently so many people are not needed to get all the work done.


If hospitals only employed enough surgeons to ensure they were always in surgery, people would die.

Systems need slack to respond to change. A fully utilized queue quickly leads to infinite backlogs.


of course, but i didn't mean to remove all the slack, just some of it. you don't need 4x the capacity (OP was talking about working 10 hours out of 40), especially not for IT work where people generally don't die just because your capacity is maxed out.


The funny thing is, that extra working does actually negatively impact the business at least in the software world.

People seemingly end up having a lot more time for _defining processes_.

There are people at nearly every large company I’ve worked on that so more meta work, and sometimes demand more meta work than actual work.

Like there are folks that are actively costing productivity in exchange for the meta work.

I’ve challenged them to actually back the work they’re doing with data and how it’s actually helpful and generally there’s no follow up. It’s amazing.


Ah yes, I've worked before with developers that believed that processes didn't matter. They produced amazing value, or so they thought. Except that...

Half of what they did was never committed into git, because a software versioning process is for dummies. And the other half could only be found in a random feature branch, because they didn't need any review process, their code was always faultless.

Whatever was running in production did not match any state of the repository, because CI/CD processes only get in the way.

The documentation never matched their code because documentation is only for people that don't know what they're doing, and we shouldn't hire such people anyway.

Not saying that's you. But that is the type of person you appear to me when you proudly proclaim that processes have no value.


If you read what I said a bit more carefully, you'd see that I specifically wanted to _measure_ what the outcome was and that there be data backed up with the processes being made.

I'm not talking about the use of git, etc. I'm not even talking about process in relation to the code either. It's process for tracking how we track projects. Like, that level of indirection.


i think you are misreading the parent comment. it's not claiming that processes have no value but that busybodies use their free time to invent additional processes beyond those that are actually needed.


If you haven't read or heard about David Graeber, then you've independently put your finger on the subject of his book "Bullshit Jobs", but I'd imagine it's a common realization for many in large organizations.


I think this assumes managers (or anyone else for that matter) are able to actually quantify productivity.


That's an incredibly difficult thing to do. I can quantify SLOCs. I can quantify hours of effort. I can quantify story points. Maybe I can even quantify value added by tying features out to revenue. But which of these measures, if any, is closest to productivity?


Do you shoplift? Serious question. Shoplifting is rarely caught, and even more rarely prosecuted in many major cities (e.g. SF). While you probably won't be able to steal anything high value, there's a lot of things you'd be able to steal without being caught, and why pay for something if you can have it for free? Most grocery stores are owned by billion-dollar corporations, which don't hesitate to raise prices, engage in tricks like shrinkflation and otherwise make sure they get the best end of the deal. So, if you do not shoplift, why don't you?


Go look up banana trick, aka PLU 4011.

This shoplifting joke is thanks to the replacement of humans with these terrible self(aka unpaid) scan machines.

Stuff gets put in as bananas, and then weighed. You pay $.29/lb for whatever. And this works beautifully for high price stuff like steaks and the like.

Not that I advocate physical theft, but it's definitely a thing. And it's a thing where more people are being screwed. I sure as hell don't get a "you scan it" discount, officially.

https://losspreventionmedia.com/the-banana-trick-and-other-a...

And there's plenty other 'tricks' aka shoplifting that can be done to little risk, primarily due to companies fucking customers over by making us unpaid employees.

Excuse me while I cry an alligator tear for them

Edit: tough crowd, I see. You all don't get it. Shoplifting has increased by like 600% because companies are getting rid of cashiers. It's corporate greed is what's allowing shoplifting with the thin veneer of 'legitimacy' to happen. (Legitimacy of 'i scanned it but oh well, wrong barcode/plu.)

And I find it funny, because corporate greed is triggering revenge shoplifting, for customers being forced to be unpaid employees. And the u-scan-its are basically idiot jackpot machines with anyone with low ethics.


In Australia the supermarkets use cameras pointed at the scanner and AI to visually match items. When you scan a steak as bananas, it notices something isn't right, puts an image of the item you weighed, and the item you selected on screen and flags a staff member to verify it.

As a nice bonus, when you open the selection menu, it has the item you want shown up front so you don't have to search for it most of the time.


What I like about this system is that every time I've ever encountered this it's always been a laughable error. The last time, I weighed a carrot and it reported that I had actually weighed plums, despite the image clearly being orange and longer than most plums in a longest plum competition.


up next, banana stickers to make the ai do the banana trick for you!


> customers being forced to be unpaid employees

Do you consider yourself a forced unpaid employee when you go through the checkout screen on Amazon?


Same energy as “I pirate stuff because it’s not provided to me exactly when, how and at the exact price I want”. “Information wants to be free!”

This entire thread is depressing.


Yes, I am an unabashed 'pierat'. I've talked about that elsewhere in comments. And it's because I've been screwed time and again is why I'm solidly in the pro-piracy camp. I've paid enough. And buying legitimately means you're now subjected to buying rentals classified as 'purchase'.

Go read: https://xkcd.com/488/

Now as for shoplifting, I did not advocate it. I said I found it funny that shoplifting is being multiplied in direct proportion to the greed of the companies (getting rid of cashiers and putting in you-scan devices). Corporate greed is *enabling* customer greed.

When I worked "shit jobs" (read: box stores at 9$/hr), I didn't give one shit if I saw someone steal. My job was to stock shit. I wasn't in LP nor did I want to be. And if someone was stealing, not my goods, not my problem. And not worth bodily injury.

I didn't encourage it, but nor did I attempt to stop it. And then there's classes of shoplifting that I would completely look the other way (baby formula, diapers, baby food, etc). If you're that bad off attempting to steal that, I never saw even if I'm right there.

And yeah, it IS depressing when we talk about humans doing stuff to survive. And this is predominantly about petty theft for food. But talking about how big business intentionally rose all prices for the pandemic: well, business is just business. And the poor pay even more.

https://www.oxfam.org/en/press-releases/pandemic-profits-com...

Ethics (and laws) for thee, but for me.


Most shoplifting - in fact, almost all of it - in places like SF is not done by people starving and having to steal to survive. If is done by organized crime sending people to steal and then reselling the goods. It is about greed, but of course the actual criminals get ignored and the imaginary criminals are blamed because the ideology demands so.


That poster should look up what groceries stores used to look like...


The old ones where everything is behind the counter, fetched for you by the checkout clerk, to prevent shoplifting? I've seen the pictures, and I never want to go back to that kind of low-trust society. Please, I'm begging everyone who will listen: do not erode the social norms that let us have nice supermarkets. Or most other nice things.


I am more in the "do everything you can to let the big corporations die" camp... but to each their own


Decent people are in the "stealing is wrong" camp


Decent people are also in the "if you want people to do work for you, you need to pay them" camp.


Why does a “corporation” face your ire? Are unincorporated groups of people somehow superior in your perspective?


Do you understand you correctly that you claim a) it's ok to shoplift because grocery store owners are big corporations b) it's ok to shoplift because they make it too easy to shoplift c) it's ok to shoplift because they don't provide you with shopping experience you consider ideal d) since you see nothing wrong with shoplifting, you personally do it frequently, maybe every time you go to the grocery store?


> Excuse me while I cry an alligator tear for them

I don't think grocery stores are very sad about it either: they probably ran some cost-benefit analysis and decided that the friction from increased shoplifting cost X, the salary savings are Y and Y > X.


Hey I tried to add a top root comment going over my disputing of what others are saying. Sister sibling: https://news.ycombinator.com/item?id=35777458


Not to advocate for doing either, just to point out potential flaws in your argument:

(1) Value gained

Assuming you steal things that aren't of high value, let's say you steal a bag full of groceries at the supermarket, every day, worth $50. Do this for a year, and you'll have stolen < $20k of goods.

Assuming an annual salary of $100k, if you slack off 75% of your working hours, you'd gain a "windfall" of ~$75k.

Conclusion - the payoff for slacking off is much higher.

(2) Risks and adverse outcomes

Shoplifting is a crime in most jurisdictions. If you get caught, you'll have to deal with law enforcement, even if you don't get prosecuted in the end. That's generally quite unpleasant. If you are prosecuted and found guilty, it tends to make your life quite a bit harder given that many employers are opinionated about hiring people with a criminal record. Not to mention fines or even prison.

If you slack off at work, the worst thing that can happen is a confrontation with your manager, your coworkers look at you funny, and you get fired from the job. This is almost strictly worse than the adverse outcome for shoplifting because if you get convicted of shoplifting there's a good chance you'd lose your job anyway.

Conclusion - the risks and adverse outcomes of shoplifting is much worse.

So in summary, it can be rational to slack off at work but not shoplift for purely selfish reasons.


> (1) Value gained

Does it follow that stealing is only wrong when you steal not enough?

> Shoplifting is a crime in most jurisdictions.

In most jurisdictions where you earn 6 figures slacking off 75% of your time, actually, it either officially or practically isn't. And if you look as clean and upstanding citizen, the chances of you getting off as "this is just a misunderstanding" are very close to 100%.


I've seen people justify much worse on this site because it pays well.


The facts and data show how absurdly criminal companies are. They steal 15%-ish from their workers.

Corporations complain about shrinkage so much. Shrinkage includes lost items. Shoplifting, and most of all employees stealing. As you noted.

Employees steal more than shoplifters. They are exploited and mentally alienated and isolated with the strict way corporations handle low level employees. Some see they are cogs and the moral system is fugazi.

All workers and lower class will always have more in relation to one another than the capitalist owners or police there to protect capital, property, power.

“Why don’t you shoplift”? I won’t go over what I do in a thread where it can be used against me.

OTOH the American system has stolen from me. I pay my taxes so I expect a balance of the government helping me too not just corporations. Unfortunately I never received any help from the state while others in my situation with more privilege were at least able to get the meager $15K a year from disability so I wouldn’t have had to be r-worded etc for a place to sleep where at least my laptop won’t get stolen (while the state didn’t provide any help). I was a child when I was abandoned by the state.

At the same time, liberal countries enable and help businesses all the time. Look toward austerity and tax breaks since the 80s thru to Biden and Dems not undoing Trump’s cuts.


> So, if you do not shoplift, why don't you?

Have you hears of ethics?


Good idea. I have. But then I wonder why ethics would allow one to do a shit work but not to steal groceries?


I'll be honest here and tell that anyway, if outside crunch week i get more than 25-28 hours of productive work, i'm either workin on something highly interesting or lyig (im supposed to work 35hours btw).

I'll be even more honest, looking back at what i've produced as a junior, if i spent my weeks working 10 hours and refining another ten, doing nothing the remaining 15 to 25, i would have produced four time as much, and be a mid-level devops in less than a year.


Did your company have layoffs by chance? Maybe this is why so many tech companies have had layoffs… it is terrible for morale but maybe not a lot of work is being lost.


It is naïve to think the layoffs were even meaningfully targeted towards unproductive employees.


I don't think that sort of strategy can work for everyone because there's two possible negative mental outcomes in there too.

First, some people will feel that they're "cheating" and don't deserve the paycheck because they're intentionally working less. That feeling can be worse than the benefit of having more time.

Second, some people have too much of a sense of personal pride to do that sort of "quiet quitting".

This is all ignoring the fact that some people have management who will actually notice quiet quitting.

Good on you for having a relationship with work such that "quiet quitting" isn't causing undue mental anguish.


I didn't say I felt good about it. But I don't feel bad about it either. I do what I'm asked to do, just nothing more.

As far as pride goes, what I do I do well, or at least to the best of my ability. I don't sabotage anything. Based on reviews of my work and absent any criticism, my employer seems to feel they are getting what they are paying for.


I'm not claiming you are sabotaging things or going out of your way to do poor work, that's a given.

However, based on your phrasing, you make it clear you're intentionally putting in less work than you could, and recognize it's less than your employer assumes you are.

You didn't say "Even if I tell my boss I finished my work, there aren't more tickets", you phrased it as "do the least amount necessary, and ignore everything else".

That last sentiment is the thing I'm saying not everyone can do, the thing that may mentally be worse than the benefit.

As above, good on your for having a relationship with work where you can do that. It seems healthy.


You sound like you're burying the leed here a bit. What tech company only has 40 hours a week of measurable work ready? Most companies have a big backlog of work that needs to be done.

It sounds like you're not doing all your tasks, you're making it look like you're doing enough tasks to not be fired. What happens if you have a project that takes 40 hours to get done? Do you work 10 hours and stretch it to the whole month?


I get this feeling. When I get through a day where I’m not blocked on anything I feel satisfied and happy. If I have to wait half the day for someone to reply and I just watch YouTube in that time, it feels bad. Not even that I’m “cheating” but that it was just a waste of time.


Ah, when that happens for me, I keep trying to learn new things. I call it professional development.

And that's served me well too. Every time I job hop, I already have that "hot new skill in demand" along with 30+% salary increase.

And I don't feel bad one bit. I know that every job 'takes advantage' of me and my worth, since by definition, capitalist companies will ALWAYS keep the surplus of my labor. I will never see 100% of my efforts when working for others.

Do I have to take part in the system? Well, I like eating and living in a home, and these life things. And those are implicitly threatened and me blamed if I don't. So I play the "game". I certainly wasn't born in a family I didn't have to play that game.


You're absolutely right, and I think that's the source of the feeling as I know there is always _something_ I could be doing which is more productive than reddit and youtube.


What’s example of how new skill that gets you the pay bumps?

Also yes Ofc with the surplus value of labor it all makes sense.


In chronological order:

Linux admin, reverse engineering, VM infrastructure, 3d printing and design, electronics design, radio and signals, docker, K8s, ML, ChatGPT.

I find new areas I want to deep dive in. And I do just that. I may not be at full mastery of a thing, but I'm proficient at all of them. I'm also superb at blending them together in unorthodox ways, and that's where you can really shine.

Recognizing that you can make your own microwave horns using 3d printing and metallic spray paint is one of those things.

Or combining electronics design with ChatGPT allows rapid iterative design. Stuff like that.

Also, I tend to stay at a place longer if I have superb management and ample free time. I also balance my 'sanity' as well, as a hard-to-identify money benefit.


> Linux admin, reverse engineering, VM infrastructure, 3d printing and design, electronics design, radio and signals, docker, K8s, ML, ChatGPT.

Wow such breath. Chronological order makes this even cooler.

I believe I can do some semblance of Linux admin, reverse engineering (depending on what this means), VMs, LLMs.

> Or combining electronics design with ChatGPT allows rapid iterative design

I haven’t advanced with LLMs enough. This sounds interesting though I don’t understand it :)

Did you get your current job or will get your next one based on ML, or chatgpt? Or is it more to gain these knowledges as they are the clear big new thing that’s actually unique (vs basics like web frameworks)


Well, good question.

There's a LOT of stuff I'd like to involve in ChatGPT4, pertaining to organization rules. They're so voluminous, that nobody really knows them, especially around "colors of money" and appropriations committees. That sort of thing.

I would love to ingest those rules all in a special enclave of ChatGPT4 run inhouse that we can give it whatever.

To talk 'around' where I work, it'd be a felony to do that. But in areas where the data is public , I've played a bit and super surprised at the results.

As an example, look up a game you like with rules publicly available. Ingest it in as a url, and start asking it questions. I think you'll be significantly surprised. Also, try asking it strategy questions on win-optimization and rules exploitation. All these easily extrapolate to the real world.

The real key is to embrace ML in all forms, and use it to leapfrog your skills. And it took can help show you where to focus given your existing skills and abilities. Try telling it about yourself and just ask!


I believe you’re missing a major point that most of the benefits of the work are going to the companies. Not the workers. No one is choosing to participate in this system freely since we all need money.

We should blame capitalism for not incentivizing workers more. Not congratulate some people for being okay with not working hard for a for profit corporation.


The key assumption is that workers produce much of the company's profit. That is increasingly an incorrect assumption.

There are now companies with zero employees, and I expect to see many more in the future. If a founder writes a highly profitable SaaS app, then hires an assistant, to help with minor tasks, and a janitor to keep the small office clean, why should their pay be proportional to the success of the SaaS app?


The movie Office Space is about this exact problem. Why go above and beyond the bare minimum when management doesn't care? (And then is so oblivious that they fire some of the hardest workers?)

I'm personally the sort who gets frustrated when there isn't enough to do or when it's clear other people on the team aren't carrying their weight, but I can't say I blame the "why try harder than I have to" crowd, but I try to avoid companies with that culture. I've seen some companies avoid it by trying to punish and fire people to ensure a 'minimum quality bar'. That works better than letting obvious negligence slide, probably, but still isn't particularly motivating to go above and beyond. The "pay well but make it understood that you're paying for quality" method is way better as long as you still keep a close eye on that quality and it doesn't just turn into "pay well and screw around" (it's not hard to find stories of this in FAANGs in the past decade).


I can’t speak for others, but for myself it’s next to impossible to live a good life while working a job where I sink into a “plaintext passwords” type of mindset.

That being said, I don’t really envy that mindset, I suspect there’s something fundamentally broken about a mind that’s resigned to treating a supposedly symbiotic relationship as adversarial, even though it may be a warranted reaction given how so many companies treat their employees.


You’d be surprised at the amount of people in, say, Europe, who don’t identify with their daytime jobs in the ways some Americans do. The mindset I’m talking about is something along the line of that there’s actual life outside work, and your job is used to pay for it, and that’s about it. In some societies it can be even perceived as rude and selfish if you’re trying to push and be competitive.


European here. I'm honestly shocked to find out that there's anything else than the "work for money so you can live" mindset.

Unless you have equity or it's a charity, of course.


You're shocked to find out that pride in craftsmanship exists?


"Not being rewarded with money seems to be the common theme here, but financial incentives are tricky to get correct"

Giving pay raises which exceed inflation for someone who meets expectations (in anonymous peer reviews) is tricky?

Ensuring expectation meeting employees pay stays in line with market rates--when the company knows the market rate because they are hiring new employees--is tricky?

Even if one argues it is not possible to accurately measure performance (or to get honest reviews from peers), punishing everyone because some employees may be underperforming is clearly not the solution (it will only serve to demotivate or drive away previously motivated and happy employees).

And to be clear, reasonable pay raises is not a solution to all of the problems the article is talking about, but it's a simple place to start.


It really depends where you work, you role and what the incentives are.

You are young and working in a small startup with revenue share? Yeah, go wild and try to leave your mark! Just avoid getting burned out!

Boring corporate job and have family to feed? Don't rock the boat.

Though generally, don't. Best case you will make other people richer. Worst case is it backfires and you get more work assigned.

If you want to advance your career, work on your social skills. If people like you they will automatically rate your job performance highly. Conversely your programming skills are pretty worthless if nobody wants to work with you.

Might be cynical but that is how it works.


In healthier workplace cultures, this kind of don't-give-a-shit behavior is socially stigmatized, while behaving like someone who wants to do things right is socially rewarded. It's easy to forget, but not all incentives are measured in dollars.

I'm not trying to go full Confucius here, but people who do better work than they have to shouldn't be made to feel like chumps by the people around them. They should get respect, so they feel good for doing good things.


The incentive to not act like the slackers is how it impacts your "network". It's pretty insufferable to work with these people, when the success of your project depends on them or their team for whatever reason.

If our team is hiring and I see a former coworker got laid off who was a slacker I won't put in a referral for them. I guess it won't impact them much, because tech is still growing and demand exceeds supply, but at least it will keep my work slightly more enjoyable. A job well done is it's own reward.


From the article:

> [they] say their new goal is to be “perfectly mediocre.”

Note that mediocre is not the same as slacker. It is impossible to distinguish a genuinely mediocre developer from an intentionally mediocre one, so no, it won't impact their network unless they are really careless and tell everyone that they can in fact perform better.

Do you stop talking to a colleague because they have never found a security vulnerability and fixed it?


The 4 case examples in the article are absolutely slackers. Not mentioning a 6 figure cloud inefficiency, or knowingly shipping bugs, or leaving 100's of diffs for compiler warnings and not publishing them.

You're right about not being able to tell a genuinely mediocre developer from an intentionally mediocre one... unless they tell on themselves like the above did.

>Do you stop talking to a colleague because they have never found a security vulnerability and fixed it?

This feels like a reach? Obviously not, I'm perfectly cordial to everyone I work with. If they find a security vulnerability, and don't fix or even bother reporting it then I'll obviously think less of them and probably not give them a referral. But I'd never hold it against someone for not identifying one or accidentally shipping one.


> This feels like a reach? Obviously not, I'm perfectly cordial to everyone I work with.

Sorry if you were offended, but I didn't mean that you do. Nobody does. That was a rhetorical question to emphasise my point.


I think personally it's important for people to realize that people are creature of habit. A person who has the disicipline of going extra miles and strive for excellency in their work, regardless of compensation, is likely to carry his habit across different jobs or even when he decides to do his own startup or anything non-work related. I think this is such a good habit to have will prove beneficial sooner or later. A lot of people think they will just work hard and do their best whem they need to, and take it easy for now at a corporate job. Personally I don't think work-ethics can be switched that easily, it has to be built.


I remember a story I was told at school that made an impression on me.

A stone carver was making gargoyles for a cathedral. His apprentice noticed him carefully carving the back of them. The apprentice asked why he was doing that, since no-one would ever see the back or know. "I will know", replied the carver.

Now, that is not an argument for doing unnecessary work. I saw it as an argument for taking pride in the work you did, even if you would be the only person who knows.


I've done the AWS thing. We spent over $1 million on AWS and I couldn't be bothered to care. We were in eternal crunch mode, 10-14 hour days for 6 months. If I spoke up about AWS waste I'd get ripped apart by upper management.

Eventually it became apparent what was going on. I was pushed out and went to a competitor who paid me more and had better hours. I gave that competitor a lot of information about the previous company and transfered a lot of my knowledge. I delivered quite a bit of value rather quickly because of that and was recognized and rewarded for it.

We work in an enormous industry. It doesn't seem like there are any consequences.


“You don’t get rewarded for being extra. You don’t get any money when you save costs. You’re going to get a raise below inflation. You’re stupid for caring the way that you do. The business’ downside risk is not yours, and it’s profits are not yours either.”

Except when you're granted RSUs or participate in some private company's profit sharing scheme. So if that's important to you, find such a place. The smaller the company, the more impact you can have on their profits.


Typically those equity schemes will amount to nothing for most employees at small companies. They're a little better than buying a lottery ticket every week.


The business downsides are your problem though. Nobody gets a raise if the company makes great profits, but if it is making weak profits you're going to get a pay cut or be laid off. Maybe there was a time when this was not the case, but it was not during my lifetime.


> You don’t get rewarded for being extra.

100% true. Our salary, barring real (not manufactured) fires, should be for 40h/week. Any more is free work not compensated for.

> You don’t get any money when you save costs.

There is no equity for doing significant tasks. The common area here is automation. I automate, but don't share. I would never get compensated appropriately, so I save my time in lieu of money.

> You’re going to get a raise below inflation.

Yep, 3%. Job hoppers get 30% or more. My last hop was 115%. Loyalty is NOT rewarded.

> You’re stupid for caring the way that you do.

That's a subjective assessment. But yeah, caring too much leads to extreme burnout. And our only real change is to find yet another slaver, oh I mean capitalist to work for.

> The business’ downside risk is not yours, and it’s profits are not yours either.

Exactly. Start providing real equity, and a seat at the board of directors as an 'emoloyee's director'.

Aside that, we're just resources to be strip-mined at 'human resources'. At least we can choose our slaver as a guise of an "interview".

And RSU's are a game, that we lose. The companies made this, and they do NOT want to pay. So they gamify it to make the appearance of mounds of money. Here's your pennies.


> And our only real change is to find yet another slaver, oh I mean capitalist to work for.

Can we please tone down the rhetoric? This is quite disrespectful to the millions who suffered through actual slavery.


Is it? Todays chains may be less visible and the crack of the whip is mostly silent... but its slavery nonetheless


Please. You can draw an analogy I guess, but it's not a good one and it is disrespectful.

Slaves had no choice. That is what made them slaves. You do have choice, even if you don't like your current choices.


Yes, it is a good analogy. And you're correct that this is not chattel slavery.

However this variant of slavery requires that we sell our bodies to whom will buy them. Instead of a lifetime commitment, it's per hour. I will never get back time I sell, and no amount of money can buy back that time. Many places also try to claim the contents of our mind as well as our physical output.

And what happens if we don't engage in selling our bodies? Well, we run our money down. We miss paying bills. We get our car repo'ed. We lose our home. We resort to food banks and soup kitchens and SNAP.

And the result here is you become homeless. Unlike the slaver's whip, this is the eventuality threatened to anyone who can't or refuses to work. And naturally, the existing homeless are used as a threat and a sign to all those who would act out, as a threat to anyone wanting to upset the system.

It also explains why we have homeless in the great quantities we do. It's a trap that you cannot get out of by yourself, and lifting people out removes the societal 'sign' of this threat that it entails.

When I said that you choose your own slaver in this system, I sincerely mean it. I'm required to sell my body on threat of destitution. I just so happen to choose who I sell my body to. (The only people exempt are those born in rich families that needn't sell themselves.)


We will have to agree to disagree then.

You have so many choices, including setting up your own business if you don't want to work for others, or living somewhere that is inexpensive and working less.

From my perspective you are just complaining that the universe does not owe you a living.


The smaller companies are probably not IPOed so the stock has no actual value


#3 (mediocre work after an effective pay cut) doesn't sound at all unreasonable. In effect those people are getting a pay cut and decided that investing effort to be "top-notch" is not justified. They're doing a mediocre job - by definition middle, not low quality. The author tries to paint this in a very bad light but I think this is a mentality of "it's bad because someone else does it".

For some of those people the issue is not financial but one of respect. A little spit in their eye is still spit in their eye.

What's a reasonable amount to cut from an agreed payment while still expecting top notch quality? How much does the author like to give up in such conditions?


Exactly, if you give someone a cut in pay, why shouldn't they give you a cut in effort?


I am basically that employee in several ways.

I know about wasteful cloud spend that I do nothing about. My last comment on HN actually was asking if anyone could give me a reason to report that cloud waste. The best arguments were for the sake of the environment and to build credibility with co-workers to make it easier to jump ship. Nothing from the company at all.

I can't say I deliberately ship bugs, but I don't care that much about eliminating them. If I were not worried about legal issues, I would investigate whether we had a bug bounty program and give them to a friend to collect and split the prize.

And yes, I use the same password at my multiple full time jobs. If you knew my email, you could find that password in a password leak on the internet. So my password has already leaked. It is out there, tied to my name.

> This group of people seem to have been like that at some point in time, and then turned to “misbehaving” in this manner.

I was like that. I like creating stuff. I like building great experiences. But working as a corporate employee is an extra painful way to do it in many cases. I enjoy finding weird bugs and figuring out the fixes. But everything from the Scrum to the layoffs to the executives trying to drag you in for corporate team building events to the non-technicals who don't have a clue what you do makes it not worth it to engage at work. The project you care about will be carelessly tossed away in a reorg. You will be judged based on output report from Jira, which is actually an incentive to ship as many bugs as possible because that increases the number of Scrum points you have done.

Is that really what you want for your life? Sounds miserable to me. I want out. And I do all those things to get out as soon as possible.

So what is the endgame? Spend time working on cool things myself while doing all I can to minimize time work takes from my life. Cut every corner to save effort, from the passwords to the utter eradication of any speck of initiative. Work multiple full time jobs to accelerate progress to retirement and slash output at those jobs to make way to even more jobs, further accelerating my workforce exit.


For nothing else than the sake of “life is about the journey”, please consider changing your job. It is absolutely possible to align paid employment with fulfillment.


I've heard people bandy that trusim my whole life. And I find that for like 99% of us, it's just false.

Or, you do find your 'dream job', and pays $17/hr no benefits, cause it's a non-profit. (Aside: I've never dreamed of work. Not once. I like keeping the surplus of my labor.)

What I want to do is to build new stuff, and greenfield. Basically, it'd be a R&D variant, but most of those jobs don't even exist. It's a cost center, and the C levels equate it to corporate gambling.

There's working at a national lab, or NASA, or similar. And most of those are clearance jobs that nobody, save a few, will ever see come to light of day.

I'll just choose a mundane, paying well job, and on the sly automate. Ideally, I'll get good money and have 10-15h work a week, and regained time. Basically doubles my effective wage.


I’m hanging onto this post for the next time I see people on their high horse about integrity among engineers. The fact is, some people have it and some don’t, regardless of job. This makes me sad. Economically it makes sense, but it’s a sign of the sickness in our modern society. Everyone looking out for themselves first without much thought to the community around them. I say this having been burned by employees like this (that did maybe, maybe, an hour’s worth of remote work per day). Maybe it all boils down to “this is why we can’t have nice things”.


> Everyone looking out for themselves

yes, including/especially employers.

maybe (or not) these employee started doing this after been burned by their employers before. the very same that talk about the community, greater good, and being in it together but suddenly change speech when they're on the benefiting side.

I've been on both side of the equation so I understand. I also have acquaintances that were too, they used to behave the same way as mentioned in the article but once they had their own company started talking the same way you do, suddenly what was acceptable for them to do is unimaginable and unacceptable behavior for other people to do. that society should not have such things. not because they changed their opinions but because their incentives are what changed, so if they go back to their previous position so would their attitude.

at the end of the day, the reason people work is not because they want to, it's because they have to in order to get what they want.

wanting to have employees that go above and beyond, are the most productive, the most knowledgeable, most skilled, and accept the least pay is what best for you when you're the employer. but when you play in the other camp it's the reverse: the best job is the one that demand the least out of you for the most pay.

the payoff functions for the different actors roles are the not same, trying to appeal to a sense of shame, duty or merit is just a way for one actor to hijack another's perception of the game for their own benefit.


Totally agree with almost everything you say. But there are lines both sides should not cross. For employers it’s exploitation (don’t expect unpaid work) and for employees it’s theft (don’t take pay for no work). If we can’t agree on that then we’re headed for a break down in society.


We got here with hyper aggressive shareholder value optimization and management (broadly speaking) turning practitioners into interchangeable, replaceable cogs. Game’s the same, just got more fierce. Talk about community doesn’t pay inflated rent, food, or healthcare costs.


Theft will eventually result in even less pay over time. Both sides need to respect each other. In my case a dev was paid very well and given tons of freedom, and screwed me. I’m not some huge company making bank here.


I’m not saying you personally are the problem, nor that theft is condoned or called for. I’m saying that in the greater labor market macro, there is no evidence that hard work and being diligent will be rewarded, and therefore it should come as no surprise that people are “acting their wage”, “quiet quitting”, or whatever the PR engine is calling it most recently as part of the marketing campaign.

Workers are responding to incentives and the environment they’re operating in, plain and simple. When people don’t care, I don’t blame them, it’s the second order effects that result that sucks. I have no solution to suggest unfortunately besides only hire and work with professionals you know and trust.


If your employer doesn't reward its employees for doing things that benefit the bottom line, it's perhaps time to look for another employer.


You’re replying to someone who claims to be working multiple full time roles. What employee rewards effort with multiples of your total comp?

None, to my knowledge.


Or maybe the company has identified that their bottom line would be improved more by working on other things rather than the relatively small cloud waste.


we all play games

if your game let's you do this without guilt then good on you

but, maybe there's a better route than escape...

turn work into something worth doing


Sure would be funny if you were tossed under the bus for blatantly reducing the security of your org by using a previously compromised password. Bug bounty integrity isn’t the only issue that could land you in legal trouble.


Work Attitudes and Work Organization in the Soviet Union (date unknown - ? 1985) [re-formatted]

"Over the past two decades there is abundant evidence of Soviet concerns with the problems of job dissatisfaction and poor work morale. The evidence appears in a score of sociological studies of work attitudes and in the more "popular" periodical literature on labor problems.

The kind of work discontent which is apparent, however, does not appear to be potentially "explosive" in nature. It manifests itself chiefly in

- indifferent job performance,

- poor work discipline, and

- high rates of job instability.

Job dissatisfaction is not confined to any one sector of the work force, but the discontent of relatively highly educated young workers in routine, low skilled jobs has been particularly troublesome.

Continuing problems of poor work morale and lackadaisical job performance have elicited Soviet interest in Western experiments in work re-organization (work "enrichment"programs, job rotation, autonomous work teams), and initial steps have been taken to introduce a modest Soviet version of the "humanization of work". The urgency of mobilizing disciplined work commitment becomes all the more pressing as the Soviets enter a period of intensifying labor scarcity, in which economic growth becomes increasingly dependent on the growth of labor productivity rather than on additions to the work force"

https://www.ucis.pitt.edu/nceeer/0000-625-7-Yanowitch.pdf

-

OP > "Now, I would personally feel shame if I did these things".

The Ideal Communist Worker

Within a communist society, people are expected to act in the interest of the Communist Party and the majority of society. Specifically, the individual is expected to work and act to promote the betterment of the community. Chairman Mao Zedong elaborates, “At no time and in no circumstances should a Communist place his personal interests first; he should subordinate to the interests of the nation and the masses. Hence selfishness, slacking, corruption, seeking the limelight are most contemptible, while ... working with all one’s energy, whole hearted devotion to public duty, and quiet hard work will command respect.” Hence, communists are expected to work diligently and thoughtfully in order to ensure he or she provides the most benefit to society.

As a result, any worker in the computer field is expected to manufacture computer products without the wish for acknowledgment or excessive monetary reward.

https://cs.stanford.edu/people/eroberts/cs201/projects/commu...

But u/throwawaysleep, at least take heart that scrum sessions (so far) do not entail 'self criticism' sessions.


There’s no black or white here.

You’ll be on both sides of this depending on your phase of life and the incentive structure at work.


Reading things like this reinforces the satisfaction of being independent...

When I inevitably notice these issues in the course of work for a client I can bring them up with the one writing the checks.. if they want it fixed, I fix it. If they don't, well there are other clients.


The quote at the end of the article really sums up my feelings:

> “I think the real answer, the real answer […] this is going to sound weird or bad – is to cajole or trick your employees into thinking that what they’re doing is important.”

Basically I like to fix things at work because I get some sense of satisfaction by doing things the "right way".

Of course this feeling can be worn down, other coworkers not caring, management not caring, etc.

And then you end up in a "work to the contract" mentality, which is what the "store your passwords in plaintext" people seem to be doing


It could be improved into "make sure your employees enjoy their work".

Working at the same companies, the quality of my code varied wildly based on how enjoyable that particular project was. Not just the task itself, but also whether the deadlines were reasonable, the stakeholders were nice to talk to (or the PM kept them away from me if they weren't), etc.

Of course, sometimes you will have some flat-out unpleasant work that needs to be done anyway. In that case, boosting the employee's ego is the only away they are going to get any satisfaction out of putting effort into the task. But it should be a last resort, not the default.


In some ways it seems related to Goodhart's law "When a measure becomes a target, it ceases to be a good measure" https://en.wikipedia.org/wiki/Goodhart%27s_law


Something that I feel like I disagree with here is that it doesn't take into account all the intangibles that you get from working hard. Personally I work hard and I feel like I get:

* Appreciation from my manager and team, who I respect and love working with. * New knowledge that I can use later, and possibly build trust with others. * Influence that I can use later * The good feeling knowing I solved a problem for my business and hopefully letting them spend that money or effort elsewhere. * Some sense of job security

This is probably a very Pollyanna view of the world, and maybe it's all because I have a good team and manager. But nevertheless, I feel like I hit the lottery as a programmer. It's enjoyable, the work changes day-to-day and it pays well.


Great article. Sums up what I've observed over my entire career. Incentives are orthogonal at best to what is actually good for the company, and at times, doing things that actively harm the company can be the way up the ladder. We're worse than bad at measuring and rewarding good performance.


Right! Other commenters here seem to have interpreted the article backwards. How I read it: caring and working hard can get you punished; taking the safe and easy path can get you rewarded. Sadly, that lines up with my experience.

Although I still love the work (the real work) I hate The Game® more and more every year.


I can’t even imagine how crushingly depressing it must be to spend 50% of your waking hours working with this kind of attitude


Good security practices are in this unfortunate category where:

1) The actual risk calculation is somewhat nuanced, but advocates are very clearly on the right side when you do it.

2) The advocates drastically oversell it as a coping mechanism for it being hard to convey nuanced issues, and even come to believe their overselling.

3) Some who go along at first gradually gain some intuition that they've been lied to, and wrongly conclude or begin to behave as if the advocates are on the wrong side.

In the case of storing passwords in plaintext, it causes a low probability increase in chance of a some very bad outcomes.

It can be correct that it's well worth mitigating, while also being a hard calculation to reason about and find salient. If we compensate by treating it as if it's a high probability event in order to get everyone t comply, and begin to believe it ourselves, people may eventually notice that not everyone is compliant, but they never see anything bad happen in their immediate surroundings, become increasingly lax themselves, notice nothing bad is happening still, etc.

Seatbelts are maybe a counterexample to my point here, where people have come around despite their personal experience never including an accident. Maybe with the help of laws, or maybe more because it's personal risk to self. Or maybe it's just that enough people know someone who has had a bad car accident even if they haven't themselves.


There are people like this everywhere; the lack of overall caring has been happening, i'd argue, for quite some time. From physical construction to tech jobs; people want to get the job done (and cut whatever corners as they can), to get paid and move onto the next job. Can we really be surprised?

Take a good look at any part of any construction that goes on, from the concrete to the finishing paint jobs and I'm confident the more you look the more you will realize folks either do not pay attention to detail, or they simply do not care. It goes deep into all corporations, especially when buisness-is-booming; gotta move onto the next client to get more cash!

The same can be said for what items we consumers get as well; Apple selling laptops where the cords turn yellow, plastic freys and expose wires after 8 months of use; Samsung has similar issues, and the list goes on.

Now take a look at the products spammed at us via Amazon; searching is abysmal (search for an audio cable, get results for usb cables instead). Want to check the quality of an item? Better order it and return it later when you figure out it is trash.

Long dead are the (deparement?)stores/(big?)corporations/people that had at least some caring about others. What was once normal is shifting, and it has been for years.

I am curious if the dude writing the article did raise up said concerns of fellow employees to their (respective?) boss(es); essentially if management does not prioritize caring is said issues, why would the lowers care about it?


>> "They pretend to pay and we pretend to work"

I have a monitoring instance which monitors a couple of URLs of some client. Every now and then something is wrong somewhere and it's spams the messenger with 'not available'. In a minute it spams again, now with 'Resolved' status. I can just turn the trigger time to two minutes or change it to trigger only after a two/three consecutive failed checks... But should I?

Not only it wouldn't change how much I receive for this service (a pint of Guinness/mo, really), but it also would make it look like the monitoring isn't monitoring. I don't want to make proofs what it's actually working.

Bonus point: if I receive the alerts I know what the monitoring works.

And to the TFA: I made a proper VPN network for a client a decade ago: a VPN concentrator, dual path through two ISPs to the main office with the on-premise services, 15+ branches in the city, a couple of remote ones. Except I didn't buy Cisco gear, but some, ugh, not quite enterprise gear running FOSS solutions. Did I got anything from it? OFC no.


I disagree with the author that normal people don't think this way. Most people I know won't go out of their way to help their employer. In my experience you can usually find a few people who care about doing things right and they work hard, are passionate, go above and beyond, etc. Almost everyone else is in a different lane. Some are in the far right lane, where they cleverly exploiting things (as a few people mentioned in the article) but most are somewhere in between.

I don't think there is really anything you could do about it. Mostly people don't want to work. They do work for money. They won't do more work than they need to because they don't want to do that. These people also don't want to expend more energy than they have to. They won't do something hard that solves the problem if doing something easy won't get them in too much trouble.


I can't remember the comedian but there was a joke I heard that really hit this home: People don't get paid because they like their work. They get paid because they don't like their work.


Ownership. This is literally why the employees should own the company, or at least get significant ownership in terms of stock.

In every one of these cases, especially the AWS waste case, an employee with ownership in the company could see a direct monetary benefit from fixing the problem, especially at a small company.


Maybe there's engineers / developers working like this. Most likely it's a reflection of company culture.

But there are real-world repercussions of just plain bad working practices

* https://www.abc.net.au/news/2023-03-27/whats-happening-with-...

It's not as bad as a bridge falling down, but this is why there's professional bodies and code of ethics in certain professions.


Sorry this isn't the purpose of the original article, but does anyone want to give a way secrete should be stored? Even if I use secrets manager for example, I need to store the token for fetching it so there is always a secret or token that needs to be stored.

I might not store an access token, I might use user auth and get a temporary token for a script that then calls to a secret manager. The access token is cached locally in plain text. Is tbis more secure since it's a token with expiry?


First, you need to ask yourself what you're trying to protect the secret against. Then you can figure out some reasonable mechanism to do it.

There's no single proper way. You can't always go with "maximum" protection for everything, because then you'll be doing multiparty ceremonies all the time and it would be mighty impractical https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/


I’m personally not a huge fan of expiry - if your key is compromised within its lifetime, it can be compromised again, attack complexity increases but is not mitigated and requires a bunch more effort (refreshing, graceful fail logic, etc).

Windows implements DPAPI, which is used to encrypt stored secrets on disk keyed with the users password sha1’d (and previous sha1 keys encrypted with the newest password). That way a file system compromise isnt a password compromise, at least directly.

More hardcore is hardware based modules, TPM and yubikeys are in this space, they use pub/private keys so the secret is no longer pre shared. Other hardware security modules also exist which are more full fledged. The former ultimately guarantee authentication but not session security, the latter can potentially do both afaik.


Your guess is correct, the expiration is what adds the security.

The main security need this is addressing is terminating access to ex-employees/contractors given a requirement for shared credentials. If the shared credentials are not short term, you have to rotate credentials every time the team changes. If you don't have a system to do it automatically it's pretty easy to forget to do it or do it incompletely. So better just to do it very frequently and automatically so you don't even need to bother with a revocation process.

You might be thinking that you don't have any shared credentials, but effectively any credential that a server has access to is shared, because there's almost certainly at least two people with access to any given server.


Yes, a credential that expires quickly is more secure than one that expires slowly or not at all.

Anyone who compromises the short term credential only has a short window to abuse it, and then they have to get another one.

Yes, maybe its easy for them to get it again, but maybe it's not. Security is about defence in depth and risk management, not perfection.


"cajole or trick your employees into thinking that what they’re doing is important"

Relevant Subnormality Comix: https://viruscomix.com/page477.html


Yes, bad management exists. That's the #1 reason people cite for leaving companies. The problem is when you allow bad management to not care for your craft. If you find yourself copping the attitude of screw it, I get paid the same - then it's time for you to move on. Over time that attitude will rot you from the inside out.


The way I go about it is that when I find it, I raise it politely, I offer to drive the fix, and then I add it to my resume, and then I tour with it, being "The Guy Who Fixes Things". That way I do get something, even if I'm completely detached from the original thing.


> Is there some way to correct this? How do you reward good behaviour here, and discourage “misbehavior” like this?

…Yes? As the employer, find ways to be as generous and rewarding as possible. In immortal other words, “Fuck uou pay me.”

Every example provided was “I went above and beyond and was not rewarded for it.”

The fix is rewarding people for it.


Yeah but as the Dilbert comic at the end demonstrates, offering rewards for good behavior leads to perverse incentives. So wcyd?


https://strongfemaleprotagonist.com/issue-6/page-125-2/

> "The lie of the slope is the implication that we have ever been or could ever be on level ground."

https://en.wikipedia.org/wiki/God_Emperor_of_Dune

> What do [thinking] machines really do? They increase the number of things we can do without thinking. Things we do without thinking-there's the real danger.

Your workplace has an incentive structure (probably a complex one, made up of monetary, social, etc factors). That structure is akin to a machine. That machine should aide you - as an IC, it should aide you in doing quality work in alignment with business needs; as a manager, in motivating and coordinating your ICs. It shouldn't do it _instead_ of you.

The idea that you can't add rewards for good behavior _because_ it will result in perverse incentives is, IMHO, akin to thinking you can't add code to the product because it'll result in bugs.

So what can you do?

Engage with your people, be generous with them; be generous with rewards and praise and all the good things when they do well; be generous with forgiveness, coaching, and teaching when they do poorly, and be generous with your time and involvement. Do your own thinking - don't have the machine-that-is-the-corporation do it for you, because it's full of bugs and always has been. Be engaged so that you can adjust as things play out.


I am a chump. I've SEEN passwords in plaintext and I even tried to remove it by figuring out how to remove it from git histories.

Heck, for one of those where it was not possible to get rid of plaintext due to the architecture, I even wrote some code to compare hashes instead of password so at least the attacker would need a rainbow table to crack it. Didn't bother salting it, since there's only one user effectively.

But meh.

Life of a chump, ain't getting no promotion and got the lowest possible bonus last year. It's better to be a chump cos I can feel better about myself


The best way is to change the password in the environments, and let it in the commit history. It's both the easiest and the correct way.

And if you can't, your company have to change its architecture.


I cost my company over a million dollars because I was lazy and spiteful. I made an L+1 hop to a competitor and now I make more money for less hours and I'm learning a ton.


> Another person simply doesn’t care about shipping code with bugs, and maybe even tries to. They get to shirk actual development duties by fixing their own broken code instead, and the fixes are celebrated.

In one of the companies where I work, there is a chronic lack of hours for a few freelancers who were taken on with promises of full-time work. They compensate by shipping code with bugs, generating a bunch of bug reports down the line. This compensates for the missing hours. And as performance is evaluated in terms of the number of tickets closed, it also improves their standing in the workplace.


Horribly cynical, and I can't imagine having that viewpoint. It's actually fascinating how the author first justifies that sort of malaise, and then does the "but of course not me" thing.

Even if someone were that self-focused, in almost any group or organization, critical security vulnerabilities and significant costs do hurt everyone in the group. You're going to be the ones having the rough time when expenses exceed value, and when major embarrassments happen. There is no insulation from it.


I'm confused as to how you felt the author is justifying it:

> Now, I would personally feel shame if I did these things.

They seem more interested in trying to find a solution to it. Or just posing it as a legitimate problem, the solution to which is food for thought.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: