Adventures of Sharky! - Cheaper is not always better or cheaper.
-
http://m.blogs.computerworld.com/security/23898/how-save-money-it-credit-card-edition
<quote>Consulting outfit takes on the job of setting up an e-commerce system for a local manufacturer with nationwide sales, says a pilot fish on the scene.
"We produced a custom-made e-commerce site, working in conjunction with the company's bank to ensure compliance with the PCI credit and debit card security standards," fish says.
"But after the project was put into production, the client contacted us and advised that they would no longer require our assistance in maintaining the e-commerce system, and requested the root access information for the server."
Turns out the manufacturer has been contacted by an overseas-based company -- one that fish has never heard of -- with an offer to manage the site for a fraction of the already modest fee that fish's company charges.
Fish advises the client of the risks involved in providing an unknown overseas company with root access to any server, let alone an e-commerce site that handles credit card payments. If anything happens that violates state or federal laws, the client would be liable, fish points out.
But the client is adamant. Fish's company turns over the root access codes and transfers full control of the server over to the client.
"We didn't hear anything further for a few months," says fish. "Then we were contacted by the client's bank, asking if we were still managing the site for them. We advised that we weren't, and asked why the bank was asking."
It seems for the past few months the bank has been dealing with a large number of payment disputes from the manufacturer's customers, who say they've been billed for unauthorized credit card use overseas in countries they've never visited.
Fish suggests the bank contact the manufacturer -- and less than an hour later, the ex-client is asking if fish's people can look into what happened.
They log into the server -- which turns out to be easy, because none of the access credentials have been changed since the handoff -- and discover that some code has been added to the e-commerce application.
The code isn't for conventional e-commerce features or monitoring. It just sends a copy of all credit card information to a remote IP address registered in Russia.
"We took the server offline, invalidated all pending transactions, cleared out all credit card information and provided the ex-client and the bank with a report on what had occurred," fish says.
"Our ex-client has since paid somewhere around $10 million in fines and compensation to the government and to their customers, and the bank has blacklisted them from ever using the bank's credit card gateway again.
"We did tell them it was a bad idea, didn't we?"
</quote>
-
Wait, did Nagesh just write intelligible English, or did he just copy-paste this article?
-
@too_many_usernames said:
Wait, did Nagesh just write intelligible English,
His english is intelligible, it's just that the point is is arguing often has something off with it.
@too_many_usernames said:or did he just copy-paste this article?
It is copy paste in case you didn't want to go to the not a link he put at the top.
-
If true, amazing how someone will take a mission-critical (heck, business-critical) service and hand it off to someone they've never met, on the other side of the planet. But don't we all do that every day now, with cloud services?
-
@DrPepper said:
If true, amazing how someone will take a mission-critical (heck, business-critical) service and hand it off to someone they've never met, on the other side of the planet. But don't we all do that every day now, with cloud services?
I trust Alex to handle years of my valuable, valuable comments, and he's on the other side of the world. It's a Brave New World!
-
Yes it is copy-pasted. I also posted the link, so you need to read more carefully or get new and improved vision.
@too_many_usernames said:
Wait, did Nagesh just write intelligible English, or did he just copy-paste this article?
-
@DrPepper said:
If true, amazing how someone will take a mission-critical (heck, business-critical) service and hand it off to someone they've never met, on the other side of the planet. But don't we all do that every day now, with cloud services?
That is why all code shipped from offshore must be reviewed by someone with brains. I have heard of one case where the developer decided to put his own "spam mail server" in a java class. Luckily he was prevented from actually using that class, because the client had some bright guys in the server room.
-
@Nagesh said:
That is why all code shipped from offshore must be reviewed by someone with brains. I have heard of one case where the developer decided to put his own "spam mail server" in a java class. Luckily he was prevented from actually using that class, because the client had some bright guys in the server room.
This is part of why I stopped working with places that off-shore. I'm sure there are plenty of great Indian engineers, but the system is not set up to work that way. Instead, it's people trying to replace one $200k engineer with 10 $20k off-shored engineers and it does not work. Then I get stuck managing twenty off-shored developers who I'm having to baby-step through how to write a class or use a debugger over a crappy phone connection or Skype, which is like a crappy HD phone connection.
Three weeks later those 20 people, under my constant supervision, have managed to string together something to handle a task that I could have written in, no joke, 3 hours. And the code is a mess, riddled with bugs and security holes and just a fundamental misunderstanding of how core language features are used.
Off-shoring software development is the worst kind of false economy.
-
@morbiuswilters said:
Then I get stuck managing twenty off-shored developers who I'm having to baby-step through how to write a class or use a debugger over a crappy phone connection or Skype, which is like a crappy HD phone connection.
Three weeks later those 20 people, under my constant supervision, have managed to string together something to handle a task that I could have written in, no joke, 3 hours. And the code is a mess, riddled with bugs and security holes and just a fundamental misunderstanding of how core language features are used.
Oh good, I'm not the only one who has had this exact experience. Multiple times. Granted, on the last project the offshore guys bid $100k on an RFP that all the American vendors bid $1MM on (and the stupid idiots agreed to fixed price, while all the Americans had a cap on the hours then would bill on a time+materials basis). I'm still fixing their bugs over a year and a half later though, so I'm not sure we really saved any money.
-
@joe.edwards said:
@morbiuswilters said:
Then I get stuck managing twenty off-shored developers who I'm having to baby-step through how to write a class or use a debugger over a crappy phone connection or Skype, which is like a crappy HD phone connection.
Three weeks later those 20 people, under my constant supervision, have managed to string together something to handle a task that I could have written in, no joke, 3 hours. And the code is a mess, riddled with bugs and security holes and just a fundamental misunderstanding of how core language features are used.
Oh good, I'm not the only one who has had this exact experience. Multiple times. Granted, on the last project the offshore guys bid $100k on an RFP that all the American vendors bid $1MM on (and the stupid idiots agreed to fixed price, while all the Americans had a cap on the hours then would bill on a time+materials basis). I'm still fixing their bugs over a year and a half later though, so I'm not sure we really saved any money.
I've had things like that with a few of the offshore guys I've worked with, but other ones are more like jr. Devs than the messes you guys are describing. I'm just trying to point out that it's not always as bad as you are saying (but the reasonable ones I work with are also in house guys and not contractors).
-
@Nagesh said:
Fish advises the client
of the risks involved in providing an unknown overseas company with root
access to any server, let alone an e-commerce site that handles credit
card payments. If anything happens that violates state or federal laws,
the client would be liable, fish points out.But the client is
adamant. Fish's company turns over the root access codes and transfers
full control of the server over to the client.I imagine the conversation went something like
-"It's probably a scam, don't do it"
-"Shut up"
-"At least do some research into them first, to see if they have some good or bad reputation"
-"Shut up, they're cheaper"
-"Look, we did it for you, their company was literally founded 2 weeks ago and the founder's name is listed as 'Ben Dover'. Does this really seem legit to you?"
-"Fuck you"
-
@joe.edwards said:
Granted, on the last project the offshore guys bid $100k on an RFP that all the American vendors bid $1MM on
Wow, their bid was $1 trillion?
Oh, but maybe by "MM" you meant "million". But in that case, why wasn't the offshore bid "$100M"?
Just trying to be pedantically helpful, friend.
-
-
I must note your companies seems utterly unable to interview people. Multiple companies I worked for often used what's called near-shore developers (same time zone) that produced twice as much of quality code for a third of a price. I've personally interviewed and worked with many of these people (mostly from Balkan area and Ukraine, but also Brazil and other places, as we have a few branches so 'same time zone' might mean different things) and have nothing but good experience. Sure, some are juniors and some are seniors and we interview and pay them accordingly. The only downside has been the loss of ability to quickly double-check things and to do meetings efficiently as absolutely all remote meeting solutions are shit. Including the expensive ones, which are honestly less shit, but are shit nevertheless.
It's worth noting though that many companies figured this same thing, so good devs from these areas are becoming increasingly expensive and rare.
-
@morbiuswilters said:
@joe.edwards said:
Granted, on the last project the offshore guys bid $100k on an RFP that all the American vendors bid $1MM on
Wow, their bid was $1 trillion?
Oh, but maybe by "MM" you meant "million".
Millie millia, a thousand thousands, otherwise known as a million.
@morbiuswilters said:But in that case, why wasn't the offshore bid "$100M"?
I didn't come up with the standard notation here.
Edit: the etymology came from a dubious source, but the usage of MM for million is standard (especially in financial contexts)
-
The only thing I can say in your case is "Do not hire cheap offshore vendors". Hire people who have global experience. Insist on one person to be at onsite at all times or better still go offshore and get yourself acquainted with the people.
I can only assure you that things will be much different after that situation. The trouble is most offshore team is having people fresh out of college like me. Well like I was 4 years ago. Then it is a time consuming process. The person is try to learn 3 things at once and with so many distractions like "Thedailywtf", "Facebook", "Google Chat". "WhatsApp", it gets tricky for him or her to focus on work. A more mature fellow is what you want.
@morbiuswilters said:
@Nagesh said:
That is why all code shipped from offshore must be reviewed by someone with brains. I have heard of one case where the developer decided to put his own "spam mail server" in a java class. Luckily he was prevented from actually using that class, because the client had some bright guys in the server room.
This is part of why I stopped working with places that off-shore. I'm sure there are plenty of great Indian engineers, but the system is not set up to work that way. Instead, it's people trying to replace one $200k engineer with 10 $20k off-shored engineers and it does not work. Then I get stuck managing twenty off-shored developers who I'm having to baby-step through how to write a class or use a debugger over a crappy phone connection or Skype, which is like a crappy HD phone connection.
Three weeks later those 20 people, under my constant supervision, have managed to string together something to handle a task that I could have written in, no joke, 3 hours. And the code is a mess, riddled with bugs and security holes and just a fundamental misunderstanding of how core language features are used.
Off-shoring software development is the worst kind of false economy.
-
@veggen said:
I must note your companies seems utterly unable to interview people. Multiple companies I worked for often used what's called near-shore developers (same time zone) that produced twice as much of quality code for a third of a price. I've personally interviewed and worked with many of these people (mostly from Balkan area and Ukraine, but also Brazil and other places, as we have a few branches so 'same time zone' might mean different things) and have nothing but good experience. Sure, some are juniors and some are seniors and we interview and pay them accordingly. The only downside has been the loss of ability to quickly double-check things and to do meetings efficiently as absolutely all remote meeting solutions are shit. Including the expensive ones, which are honestly less shit, but are shit nevertheless.
It's worth noting though that many companies figured this same thing, so good devs from these areas are becoming increasingly expensive and rare.The off-shoring to Eastern Europe and the UK is worlds better than the off-shoring to India/the Philippines. Still, I'd rather hire a couple of good Americans because they will produce 10x what the off-shored guys will, at maybe 6x the cost. I also don't have trouble understanding the thick, thick accents.
-
@joe.edwards said:
Millie millia, a thousand thousands, otherwise known as a million.
Yes, I know. But then instead of $100M you said $100k. I was just teasing you.
-
@morbiuswilters said:
I'd rather hire a couple of good Americans because... I also don't have trouble understanding the thick, thick accents.
Unless they're from some place like Jawjuh.
-
@joe.edwards said:
@morbiuswilters said:
@joe.edwards said:
Granted, on the last project the offshore guys bid $100k on an RFP that all the American vendors bid $1MM on
Wow, their bid was $1 trillion?
Oh, but maybe by "MM" you meant "million".
Millie millia, a thousand thousands, otherwise known as a million.
@morbiuswilters said:But in that case, why wasn't the offshore bid "$100M"?
I didn't come up with the standard notation here.
Edit: the etymology came from a dubious source, but the usage of MM for million is standard (especially in financial contexts)Um, your link leads me to Wikipedia which in turn leads to this site: http://www.renaissancecapital.com/zendesk/ipo-zen.html
Which actually uses "mm" (notice the small letters?). Makes much more sense since capital M is usually reserved for the prefix Mega.
I'm also not quite sure that this site is such a great source for defining prefixes. Are they an international body like the CIPM? I'm also not quite sure why somebody insists on inventing new prefixes when SI works just fine and keeps the confusion factor low.
-
@HardwareGeek said:
@morbiuswilters said:
I'd rather hire a couple of good Americans because... I also don't have trouble understanding the thick, thick accents.
Unless they're from some place like Jawjuh.I have more trouble with New Englanders. I don't understand how they can mispronounce so many words..
-
@Rhywden said:
Um, your link leads me to Wikipedia which in turn leads to this site: http://www.renaissancecapital.com/zendesk/ipo-zen.html
Which actually uses "mm" (notice the small letters?). Makes much more sense since capital M is usually reserved for the prefix Mega.
I'm also not quite sure that this site is such a great source for defining prefixes. Are they an international body like the CIPM? I'm also not quite sure why somebody insists on inventing new prefixes when SI works just fine and keeps the confusion factor low.
It's usually capital M, not lower-case, and it's been used in finance since before SI existed. You need to educate yourself, son. I'm sure your local community college has night classes you can take to expand your horizons.
Education isn't just for getting a better job: it can be fun, too!!
-
@morbiuswilters said:
I have more trouble with New Englanders. I don't understand how they can mispronounce so many words..
I used to work with a woman who was originally from some eastern european country who then moved to the U.S. and lived in Boston for several years. Now THATS somebody hard to understand.
-
@El_Heffe said:
@morbiuswilters said:
I have more trouble with New Englanders. I don't understand how they can mispronounce so many words..
I used to work with a woman who was originally from some eastern european country who then moved to the U.S. and lived in Boston for several years. Now THATS somebody hard to understand.As an East European, I have to admit that Bostonian is the one accent in the world so annoying that it makes me want to physically punch the talker. Seriously, I bet the British just used the whole Revolution thing as an excuse to go beat up some Bostonians.
-
@morbiuswilters said:
@Rhywden said:
Um, your link leads me to Wikipedia which in turn leads to this site: http://www.renaissancecapital.com/zendesk/ipo-zen.html
Which actually uses "mm" (notice the small letters?). Makes much more sense since capital M is usually reserved for the prefix Mega.
I'm also not quite sure that this site is such a great source for defining prefixes. Are they an international body like the CIPM? I'm also not quite sure why somebody insists on inventing new prefixes when SI works just fine and keeps the confusion factor low.
It's usually capital M, not lower-case, and it's been used in finance since before SI existed. You need to educate yourself, son. I'm sure your local community college has night classes you can take to expand your horizons.
Education isn't just for getting a better job: it can be fun, too!!
Oh, is that the reason why the Wiki article is absolutely unable to link to anything resembling a proper standard giver or at least a proper reference, instead being forced to link to a page which doesn't even support the claims it's making? Not to mention the fact that you seem to be utterly unable to read: I myself noted that it's supposed to be Capital M and yet this poor excuse for a reference uses lower case m. So, maybe you should turn your condescension at yourself and look up the terms "reading comprehension" since you seem to be utterly lacking them.
Additionally, my dear, extraordinary claims need extraordinary evidence. So, put up or shut up. Your local farmer's college obviously neglected teaching you something about making broad claims and failing to support them, in this particular the claim that this notation was a standard before SI.
-
@Rhywden said:
[quote user="morbiuswilters"][quote user="Rhywden"]
Um, your link leads me to Wikipedia which in turn leads to this site: http://www.renaissancecapital.com/zendesk/ipo-zen.html
Which actually uses "mm" (notice the small letters?). Makes much more sense since capital M is usually reserved for the prefix Mega.
I'm also not quite sure that this site is such a great source for defining prefixes. Are they an international body like the CIPM? I'm also not quite sure why somebody insists on inventing new prefixes when SI works just fine and keeps the confusion factor low.
It's usually capital M, not lower-case, and it's been used in finance since before SI existed. You need to educate yourself, son. I'm sure your local community college has night classes you can take to expand your horizons.
Education isn't just for getting a better job: it can be fun, too!![/quote]
Oh, is that the reason why the Wiki article is absolutely unable to link to anything resembling a proper standard giver or at least a proper reference, instead being forced to link to a page which doesn't even support the claims it's making? Not to mention the fact that you seem to be utterly unable to read: I myself noted that it's supposed to be Capital M and yet this poor excuse for a reference uses lower case m. So, maybe you should turn your condescension at yourself and look up the terms "reading comprehension" since you seem to be utterly lacking them.
Additionally, my dear, extraordinary claims need extraordinary evidence. So, put up or shut up. Your local farmer's college obviously neglected teaching you something about making broad claims and failing to support them, in this particular the claim that this notation was a standard before SI.
[/quote]
Who's making claims about standards?
-
@El_Heffe said:
I used to work with a woman who was originally from some eastern european country who then moved to the U.S. and lived in Boston for several years. Now THATS somebody hard to understand.
Is this a setup for a joke about being hard to understand someone who moves to Boston?
-
Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
-
@LoremIpsumDolorSitAmet said:
Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
Thousand millions is a milliard of course.
-
@LoremIpsumDolorSitAmet said:
Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
You've got that back to front. In most of Europe and Latin America the word cognate to billion means million million. The USA is the one causing global confusion here.
-
@pjt33 said:
@LoremIpsumDolorSitAmet said:
What, you expect Americans to learn French and say milliard? That's insane!Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
You've got that back to front. In most of Europe and Latin America the word cognate to billion means million million. The USA is the one causing global confusion here.
-
@TwelveBaud said:
@pjt33 said:
Hah... Yeah... I think I have to side with the USA on this one. I was taught that a billion was a thousand million even though I've always lived here. Perhaps it's just the financial sector that has its own definions once again? I've also never heard of milliard until now.@LoremIpsumDolorSitAmet said:
What, you expect Americans to learn French and say milliard? That's insane!Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
You've got that back to front. In most of Europe and Latin America the word cognate to billion means million million. The USA is the one causing global confusion here.
-
@LoremIpsumDolorSitAmet said:
Hah... Yeah... I think I have to side with the USA on this one. I was taught that a billion was a thousand million even though I've always lived here. Perhaps it's just the financial sector that has its own definions once again?
Having grown up in the UK, I was taught that there were two definitions of 'billion', the short scale one and the long scale one, and that you should be wary of the source/intention of the speaker before assuming whether 1e9 or 1e12 was meant....@LoremIpsumDolorSitAmet said:I've also never heard of milliard until now.
I'd heard of it; never heard it being used colloquially though....
-
@LoremIpsumDolorSitAmet said:
I've also never heard of milliard until now.
If it hadn't been defined, I might have mistaken it as a typo for a duck.
-
@pjt33 said:
You've got that back to front. In most of Europe and Latin America the word cognate to billion means million million. The USA is the one causing global confusion here.
I remember in some science video (Cosmos?) the presenter was using "thousand million years" where Americans would use "billion". I guess it was to avoid the confusion.
-
@alegr said:
@pjt33 said:
You've got that back to front. In most of Europe and Latin America the word cognate to billion means million million. The USA is the one causing global confusion here.
I remember in some science video (Cosmos?) the presenter was using "thousand million years" where Americans would use "billion". I guess it was to avoid the confusion.
I think they do that to give the layman audience some hint at the actual size of the numbers involve. At that scale, your mind can't really grasp the magnitude, and "billion" sounds not too far off from "million" or "trillion."
-
@Rhywden said:
Oh, is that the reason why the Wiki article is absolutely unable to link to anything resembling a proper standard giver or at least a proper reference, instead being forced to link to a page which doesn't even support the claims it's making? Not to mention the fact that you seem to be utterly unable to read: I myself noted that it's supposed to be Capital M and yet this poor excuse for a reference uses lower case m. So, maybe you should turn your condescension at yourself and look up the terms "reading comprehension" since you seem to be utterly lacking them.
Yeah, Wikipedia is garbage. If that's your primary source, whaddya expect? But using "M" for thousand has been around a long while and it's pretty easy to research it.
@Rhywden said:
Additionally, my dear, extraordinary claims need extraordinary evidence. So, put up or shut up. Your local farmer's college obviously neglected teaching you something about making broad claims and failing to support them, in this particular the claim that this notation was a standard before SI.
It was a de facto standard long before SI existed. Once again, you could easily find information pertaining to this. Why be so lazy / intellectually incurious?
-
@Scribbler said:
Seriously, I bet the British just used the whole Revolution thing as an excuse to go beat up some Bostonians.
Actually, the non-rhotic accent came from Britain. Pre-Revolution, the British didn't have "British accents". It became popular in Britain in the 18th Century and made the leap to the New England/New York parts of the Colonies, but the Revolution happened before it became widely-spread in the rest of America.
-
@pjt33 said:
In most of Europe and Latin America the word cognate to billion means million million.
All the better to represent the denominations of their ever-devaluing currencies!
@pjt33 said:
The USA is the one causing global confusion here.
Yeah, because countries without running water should get a vote in defining a number 99% of their citizens will never encounter.
I'm pretty sure Carl Sagan was using the correct, American definition, so you lose.
-
Another thread derailed.
-
-
@Nagesh said:
Another thread derailed.
As long as nobody replies to the obvious nationalistic trolling, we should be fine.
-
@joe.edwards said:
@Nagesh said:
Yup. On the other message board. There are even rubies on them....Another thread derailed.
Wait, there are rails?
