The color the director turned when he found out!! Oh man.
Haven’t laughed this hard in a long time.
Sounds like he's getting paid to work on the same thing by a slightly different stakeholder.
I'd happily pay $$$$$$ to hire someone with commit access to Cloudflare, AWS or Google's codebase who could fix the goddamn bugs, let alone add new features.
This honestly sounds like the sort of thing I'd sit down with the employee, their new employer, and various "Compliance Team" members, and firm up a bit.
Sounds good for everyone.
We get our bugs fixed, $vendor gets to say "Well we have this thing that was developed in-house for BoshNet, that might solve your problem too, it's going to cost you <some comical amount>", and everyone's happy.
Who even owns the code the person is working on? Who is responsible when it goes wrong?
They even send the “you’re being fired” email to their personal email they have on file. Didn’t even schedule a meeting.
I went through a similar thing at Amazon. Locked out of my laptop at 3 a.m. and emailed I was laid off. The key thing though is that my official end date was 90 days in the future. Legally, the 3 a.m. lock out was actually just a warning of impending layoffs. I got paid to “work from home” for 3 months after I returned my badge and laptop.
My understanding is that Europe may have longer wait periods, but most tech companies still essentially do the same thing there. Amazon’s laid off Berlin employees still get locked out at 3am and told to do nothing for months while legal does whatever it needs to do to get rid of them.
But you can be placed in a room/office with no windows (not the OS), a computer without internet access and nothing to do. How long can you go on like that?
The law, sadly, can't forbid asshole employers.
Was a battle of wills and eventually after 5 weeks of coming into a random branch office and sitting in an empty room, we came in one Friday to be told that the manager in charge of the building closure had been removed from the project and they would be paying full redundancy pay and we didn’t have to come back in but they’d pay for the next 3 months as well.
Fun as a 21 year old.
yeah, shit like what we're reading here is precisely why y'all need unions.
Until someone starts providing examples of software companies where the employees are unioned and clear $400k+ annum, the bar is still “no unions”.
I'm not sure there's any good way to lay off large amounts of staff (besides not getting yourself into the situation in the first place where you have to)
Someone on HN once wrote that after the dot.com bust, Yahoo! HR had 1-1 meetings with every single employee that was part of the mass layoffs back then, and they did this for hundreds of workers. Boy what I wouldn't give to go back to such state of affairs, even though I wasn't yet part of the workforce back then.
An older family friend of mine who started working in tech around 2003-2005, told me "back in my day, to get a job, you'd just send your CV to HR@corpo.com, and in 2-3 days you'd get a call asking you when you're free to come over for an interview". Now today you're lucky you get an automated reply back from 50 CVs sent, just for the opportunity to do an impersonal take home assessment as part of the seven stage interview process. It's like screaming into the void of AI bots and automated CV screening systems, while you spin the barrel of the revolver to play the next round of Russian roulette.
And the crazy part is, that when people talk about "the good old days", we're talking about events from recent history, just 10-25 years ago, that a lot of current workers experienced in their lifetime, not stuff from when boomers were kids.
The massive sudden shift in the commoditization of human workers and turning them into faceless labor resources that can be inhumanely disposed of with a keystroke, is real and noticeable to everyone, that I'm envious for you guys who are set to retire soon out of this shitshow.
What comes after this? Have we reached rock bottom, or will it get even worse?
IDK, I'm not from the US/Bay-Area, nor does my country have any big-tech/FANG jobs to distort the market for what constitutes a "high wage" in tech, it's all the same.
>in the back-half of COVID.
Sure, but Covid was only a short blip, a temporary exception, not a baseline norm for wage/job growth, like the years prior which was a longer period of getting a job was easy, like 2012-2020.
For me where I live now, the career depression I saw came in 2023 already when jobs become less abundant and harder to get, and it only got worse later when mass layoff started. So we're already 3 years in the decline, longer than the Covid boom lasted and things aren't going better yet.
I entered the workforce in around 2012-2014 and it was significantly easier to get a callback from sending a resume than it is now where it's mostly automated rejections. When I say "easy" I also mean you didn't need 7 stages of interviews to get a job back then, you'd have 2 stages and those were pretty chill and get a call back from every 2-3 resumes sent. Now you need to send dozens. I guess "easy" is relative.
>Also pay was relatively decent but much less than what you saw even 5 years ago.
Inflation also happened in that time.
Says who? What does God have to do with this topic? And why are you censoring the word God?
>but you sold out and took the easy pay check.
I didn't sell anything, nor was the paycheck easy, it was all hard honest work from school to university to put food on the table for my family. Why do I need to justify myself to you?
>Now You’re fucked
I'm doing fine, thanks. Your username is accurate though.
Things can be easy or difficult at different parts of the hiring funnel.
Towards the end of covid, it was easy to convert a resume into interviews, and successful interviews into a job.
But in the 1990s the tech industry hadn't yet invented the five-interview, live-coding, culture-fit, hiring-committee gauntlet. If a hiring manager liked your resume there'd be one interview, and it wouldn't involve any coding.
What I hear about today seems crazy hard.
2021-2022 was pretty good as well.
Nobody ever seems happy about how the announcement part is done though. "Wait for everyone to have 1:1" and the problem is the mass panic that starts to roll through the workday as employees wonder if they are next. "Mass announce and then engage after" makes another group upset they were told by a generic mass email. I've been at places which have gone each way and I'd honestly rather hear from the mass email myself.
There was no leetcode and the resources weren't great. The introduction of leetcode made everything super painful.
> The massive sudden shift in the commoditization of human workers and turning them into faceless labor resources that can be inhumanely disposed of with a keystroke
Look up the treatment of labor during the industrial revolution. Similarly then large competitive advantages in automation lead to concentration of power in the hands of those that (not to spill the beans on where I'm going with this) controlled the machinery and means of production by way of access to capital. Collective bargaining of some form by labor was (and I would maintain, still is) a reasonable response, as is state regulation. Not to literally use the M-word* here but ... these problems aren't new, and solutions have been explored in the past (not that they were or are perfect!). As is typical in tech, we could stand to learn a bit from history when considering paths forward from the present. History may not repeat verbatim but it sure as hell rhymes.
idk, just my two cents as someone in the technical trenches who happened to fall in love with an historian. :)
* Marxist/ism. The communists certainly had/have their problems, as did Marx's analysis itself, but he wasn't wrong about there being some society-scale Problems with unfettered capitalism.
Except not everything was properly documented, and it turned out the employee had given admin rights on some resources to a contractor which proceeded to wreak havoc on their behalf (the 'rm -rf' kind). Eh!
Where people are laid off here (Norway), they're still employed by law for 3 months. Most companies don't force you to work all that time, but it's pretty common to finish up your tasks, do offboarding etc for a few weeks. Never considered it an issue. Maybe it's a high trust society thing?
It's called garden leave, it's popular everywhere, especially if it's a big international company with diverse workforce, sensitive to IP rights, since there's been plenty of cases of people taking company IP on USB drives to the new employer, like that Indian guy who took IP from Valeo to Nvidia and got his home raided by the police because the Valeo guys saw him share it on a Teams call lol. Same for companies in finance or that handle sensitive information. Norwegian trust doesn't fly anymore when it comes to multinational corpos.
Companies run on liability and risk mitigation. If something bad happened once (IP theft or sabotage from someone they let go), then they have to prevent from ever happening again, not keep blindly trusting people while letting it happen.
I haven't worked in Norway for a long time, so haven't kept up to date on the current legal position. The typical argument used to be that if there were concerns over IP theft or sabotage, there were other ways of protecting against that - and indeed, insider risk is something companies need to deal with whether or not someone has been fired.
And what if they don't want to enforce it? Which is what I was talking about.
That guy was a six figure paid SW engineer, who stole IP for the opportunity to jump ship to an even better paid gig at Nvidia, not a minimum wage fast food worker who couldn't take it anymore.
Scammers will always be scammers and will use any excuse and opportunity to get ahead, no matter how much you trust, value and pay them, they'll always want more from you even when you have no more to give. They'll bankrupt you gladly if they can get away with it, out of greed, envy, spite and malice, I saw this when my parents ran a small business.
In globalized multinational companies, you can't defend from this using mutual trust and respect, only by strict IP protection, law enforcement, fines and jail time as a deterrent.
Please don't straw man me. Discuss in good faith, and don't invent things I didn't say. I never said anything remotely close to that being allowed. I said that it could happen even if you don't terminate all their accesses the moment they're let go. And the fact that some people have to worry about it reflects on how the employer behaves or the trust in the society.
I'm not. That's just the only logical takeaway from your comment saying: "I think if you treat your employees with respect, they don't feel the need to this kind of retaliation."
How else would you interpret it, rather than a veiled threat that if employees don't get their way then they'll steal or sabotage you? Please explain in detail. If you feel you're not treated the way you want to, then quit and find another job, don't steal or sabotage your employer.
> I said that it could happen even if you don't terminate all their accesses the moment they're let go.
Yeah, but it's WAAY more likely to happen AFTER you give them notice of termination since breaking relationships be them romantic or employment, can cause people to do illegal things like steal from their employer or murder their spouse in an impulse of revenge, when they hear their relationship is being terminated. All this is documented from decades of police and legal records, and companies know this, so they take preventive measures.
>And the fact that some people have to worry about it reflects on how the employer behaves or the trust in the society.
Companies worry about it because some people are gonna be evil thieves no matter how well they're treated.
If you want to get better treatment then negotiate better, talk to lawyers, organize in unions, vote, go protest, pester your representatives, but don't break the law or steal from your employer in revenge, as that reflects badly on all workers, and the economic, legal and societal costs of a few thieves will be distributed on the honest ones in forms of more workplace surveillance, higher cost of doing business, higher insurance premiums, etc all of which have a negative upstream effect on wages and employment opportunities.
Which is what makes it hard for you to fathom it doesn't have to be that way you experience. When my company laid of half it workforce two years ago, everyone stayed for a few weeks to help in the transition, with the same accesses as before. Because we were treated nice all the years working there, and with respect during the process, it was absolutely no ill feelings or any risks of people doing what you describe.
So again, please read and answer comments in good faith. It's your mind that's not open enough for alternatives here, please bear that in mind - don't use your own closed mindedness to misread my comments.
Edit: your other comments in this thread shows you absolutely loathe your employers. I feel sorry for you having had those experiences, but don't assume they're global.
https://www.usenix.org/legacy/event/lisa99/full_papers/ringe...
The reason they fired the whole dept. was that they were going to centralize development, as they had 200 other developers. After 5 years, they still hadn't developed a new product. Then they bought a competitor and rebranded it. The old product had to be kept running for years after. I guess they finally switched all their clients, because the web sites now open with <!--eslint-disable @angular-eslint/template/prefer-self-closing-tags-->. Who puts that in their HTML?
> Muneeb had been assembling usernames and passwords—5,400 of them taken from his own company’s network data.
I worked for a Big Tech company that actually did this, and it made the transition a lot easier. You could still access corporate resources necessary for the transition (HR, benefits, internal job postings, training offerings, expense reporting, etc), check-in with colleagues 1:1 (who would be warned this person was no longer part of the org, attachments could be blocked to prevent exfil, etc), and still send/receive email internally (though external was blocked by default and required justification).
You can safeguard your corporate infrastructure without actually cutting everything off entirely and sending someone home to stew angrily about it. In fact, there might be (as yet undocumented) advantages to letting folks exist in that transition period on that segmented infrastructure, so as to identify potentially bad actors before they can do harm and see about mending bridges.
Of course all of that requires conscious investment in projects with no clear quarterly/yearly KPIs to measure cost or success against, so most employers will never remotely consider it.
You're proving my point—employers take the most extreme lesson and it's considered expected practice. They absolutely should have immediately terminated the credentials that granted unilateral access to sensitive databases. (Ideally those would never exist in the first place—there are two-person schemes. A pair of bad actors...well apparently happens according to this article...but is far more unusual.) But employers regularly (but shouldn't) terminate all access including credentials that allow last email to colleagues exchanging personal contact info or something.
This especially includes creds like root or admin level access to AWS/GCP/whatever-cloud-or-hosting-service, and other critical creds like user/password management, domain name registrations, AppleStore and GooglePlay accounts, source code repos, documentation and internal tooling, external services like observability/analytics/crash-trcking. It also keeps a current(ish) list of all clients/projects where I've had any access at all, listing things like API keys, ssh keys and bastion hosts, project or platform admin creds, as well as systems like databases (SQL and KV caches), firewall rule specific to me.
I also try to list anything else I could, if I were a malicious disgruntled ex employee, use to cause grief to the employer or their clients.
I point out in this email that if I were to be rouge, I'd most likely have intentionally left something out or left behind backdoors or timebombs, and while I am not that kind of person and I have not done those things, they owe it to themselves and their clients to have someone else senior and experienced enough to carefully audit everything to ensure I cannot access anything.
I send this from a personal email account, so I still have timestamped records of having sent it. If an ex employer ever gets hacked shortly after I leave, I want evidence I did everything I reasonably could to remind them to lock me out.
(Writing this down reminds me it's been a while since I updated this - I guess thats something I'll ned to get on to soon.)
Isn't this an unrealistically black-and-white mode of thinking? Humans are complicated and have many values and perceived responsibilities. It's not healthy for them to throw them all out and act as if they only have one responsibility that needs to be maximally upheld at all costs. They should balance their actions thoughtfully.
Meh? Sure, stuff that would help assemble a credible phishing attack, but not customer SPII or huge amounts of intellectual property or anything. If the assumption is that employees' inboxes are full of dangerous things, I would focus on fixing that.
Looking at it from Europe - it is such a weird inhumane practice.
Someone decided your position is redundant. Okay, shit happens, economic downturn, etc. Then you have extra 3-6 months of work to pass your knowledge, train replacement and document everything.
Pretty standard practice in many technology(not just IT) and finance companies in Europe as well.
>If you don't trust your people so much, why to hire them in a first place?
It's not about trust, it's about risk, and most companies operate on liability and risk mitigation. If society ran on trust alone, we wouldn't need contracts, door locks, passwords, IDs, judges, security cameras, jails, police, etc.
You can verify someone's performance at the job interview, you can't verify their trustworthiness, especially once they've learned they lost their job, even trustworthy people react irrational once emotions hit making snap decisions they'll later regret without thinking of the consequences on the spot, and you see innocent people suddenly turn vengeful or violent and break the law (just look at relationship breakups and domestic violence).
You can't predict such reactions, so best to prevent them instead of chasing damages from them later through the court system.
Put yourself in a business owner's position for a minute. Nobody wants to be the "this former employee set my building on fire after I gave his notice, by leaving him in the flammable material warehouse unsupervised, because I wanted to show him that despite the layoff I still trust him".
For some businesses and jobs the trust alone is enough, for other jobs that involve access to sensitive data or money, it's straight to paid garden leave because nobody wants to risk it.
>Then you have extra 3-6 months of work to pass your knowledge, train replacement and document everything.
Yeah, that happens sometimes like for CxO's, managers, execs who get generous golden parachutes/severance packages, but for rank and file workers in the trenches, having to show up to a workplace you know you'll soon loose, for several more months of work till it's finally over, feels like torture unless you're getting a crazy severance package. That's like your wife telling you "honey, I'm divorcing you, but I still want you to live with me for 3-6 more months, and perform your regular duties".
You can be dismissed when you have done something wrong, in which case there's no notice period but the employer has to be able to show they've followed certain rules.
You can be dismissed when you haven't done anything wrong, in which case you either get several months notice or several months pay ('in lieu of notice') or a 'voluntary settlement agreement' (more pay, negotiable terms) all subject to slightly different rules.
So a US employer can cut a UK employee's computer system access the same day, it just costs a bit.
It's just one of these rules that unfortunately in Europe allow people to view life purely as the time between jobs. I'd never tell that to someone's face but it's simply a fact that the world stops of people don't work and no matter what the ideal world looks like in your dreams, working is the only real way forward for anything. It's part of the reason why Europe is falling behind on everything.
The increased growth in USA the last decade have largely been created by means that one day will be quite costly for you (debt).
The USA under MAGA is falling apart. EU and others are actively minimizing risk by selecting non-US IT providers. EU and others are actively selecting non-US defence aystems.
I say that it is very positive to protect your citizens. Russia (sending their citizens en masse to a certain death on the front lines) and USA have more in common politically than USA and EU.
But there's nothing like AWS, Google Cloud, facebook, Azure, ChatGPT, Tesla, etc etc the list goes on and is very long, in Europe. They're switching way too late. Why did it not happen before? Why do we have very limited IT providers, for example? Due to the culture and regulation that doesn't incentivize it sufficiently.
I'm European too btw and live in the EU and I'm happy about a lot of things we have that the US doesn't, I'm just personally worried that we're setting priorities wrong. Having a chill life in the park is good in the ideal it's just detached from what's needed to make a state run; and it will end in the EU having even less power that is has now, resulting in fewer moral values being carried into the world.
I read a news article that Orange Telecom in France was being sued by a woman they had on payroll for the last 20 years doing nothing, because due to a medical condition she suffered, she became unable to do her job, and since they couldn't fire her due to France unions and labor laws, nor did they have any available job that could fit her current condition, they just kept paying her for 20 years to do nothing at work, and now she's suing them for the depression she got to get paid for no work.
It felt like reading a Monty Python skit.
But Europe is failing due to a myriad of compounding issues and structural deficits, not just because firing workers can be a Kafkaesque nightmare in some countries. European workers' unions and labor protections were even stronger 20-25 years ago and in 2004 the Euro stock market was worth more than the US stock market, while now it's worth half the US one. But that's whole different discussion where pages have to be written to encompass the whole context and cover all aspects of European economic decline. Boiling it down to crazy labor protections would be reductionist and incorrect.
They couldn't find anything for her to do? Hard to believe, but if there's a reason not to fire her then then pay her the money she's owed and stop demanding she show up. Making someone come in with no tasks assigned is fun for a week and quickly turns into punishment detail. Putting someone on punishment detail because you're not allowed to fire them is Bad.
Unless she was allowed to stay home, in which case I take most of that back and it falls on her to go outside and find something to do. I can't find any articles with enough detail. But I'm still skeptical they actually couldn't find a job for her to do. It was 'just' paralysis on one side.
If a person's now disabled, what can a company give them to do profitably, that isn't already optimized, automated or offshored?
There's plenty of civil servants whose jobs are just moving one paper from one room to the next, just to keep more useless people employed that nobody would hire in the private sector. But this doesn't really exist as much in the private sector.
If I found the right article, the disability is epilepsy and paralysis on one side.
Which mean she can do pretty much any office job fine. She already was doing office work, so the disability should not have changed things all that much. I'm sure she typed slower, but that can be worked around and mitigated.
Honestly, I doubt it. If you show up to an interview of "any office job" with "epilepsy and paralysis on one side" nobody will hire you simply because you won't be as productive as those without such disabilities.
Also, "epilepsy and paralysis on one side" is the legal medical diagnosis, but in practice the impact can be much greater, especially with age, which is why ageism is a thing even among people who are legally in full health because in practice your body isn't the same like when you were 19-25.
She doesn't need the equivalent of "moving paper from one room to the next". She lost some number of dollars per hour worth of productivity, but it sounds like she was still capable of being reasonably productive.
It's called "mise au placard" and it's illegal. It's a technique to get people to quit by themselves, so companies don't have deal with the hassle of firing them. The lawsuit is 100% justified.
It's also very common in Japan.
If she had been hired after, it would have taken time but she would have been found unfit for work (she had epilepsy and hemiplegia), her contract terminated, and she would have most likely received a handicap pension instead.
Like there's so many other attack vectors besides an upset ex-employee.. Like all those articles about NK employees who presumably are trying very hard not to be fired. Or employees using company provided insecure email software leaving them vulnerable to ransomware et al.
It makes sense to terminate someone's high-risk credentials immediately when they're fired. But it's extremely worrying if every credential held by every employee is considered high-risk. It suggests a bigger failure. "Unilateral access to a database filled with plain-text passwords" shouldn't ever exist. "Email account filled with dangerous stuff" should at least be unusual.
Someone with an interest in scuttling your company could just as easily maintain a low profile and do it at any time. Termination forces execution into a more-predictable timeframe. Once notified, the malevolent only have opportunity to exfiltrate or sabotage whatever they can reach in the time it takes to walk them out the door.
European laws require us to give people something like two months' notice. Even then we don't trust them; we pay them their salary and tell them to stay home.
This seems like a self inflicted problem where the solution to the problem also made the problem worse when it happens.
If you know that you have X months of pay if you behave, then why misbehave? You'll lose out on money and get a criminal record. Meanwhile if the employer wants you gone it's free money. Everyone is happy.
You've been given enough time to find a new job. It's enough time to sit back and relax at work since you're getting paid either way.
The primary reason why people want to get revenge is because of how inhumane the entire process is.
The mass layoffs are random and impersonal, so you inherently think it is unfair and you will never agree with the reason of the layoff.
The immediate access block and security escort is a reaction and extension of the inhuame treatment.
Sibling comment correctly points out that misbehavior would follow a different termination path, but I don't actually know what it is since I've never seen a European employee successfully fired. We normally just lay off problem employees and follow the same offboarding procedure for everyone. This does present its own retroactive abuses of the PIP process.
> If you know that you have X months of pay if you behave, then why misbehave?
Ageism is real. For those expecting to retire from a company in Y years, seeing expected future income reduced to X months is catastrophic since there's no guarantee they will ever continue their career in any capacity yet expect to live beyond X months. The inhumanity comes from realizing how insignificant you were to the grand scheme of things, and how easily you are discarded and forgotten.
Only the younger crowd thinks the way you do, where there's always more time to find another job. They can afford to be rational. For the rest this will be the last job they ever have; it is an indignified and humiliating end to a career they spent decades building. Revenge is easily rationalized.
Employment is modern slavery. Few earn enough to have meaningful agency over their lives.
Escorting them to the door, and revoking access for the remainder of contract yet paying wages for that period seems very descent. Off course, you don't do that when the termination was triggered by employee's misbehaviour.
But, yeah - the point I was trying to make is that there is only so much you can do as an employer to protect the company while there's an infinite number of reasons for anyone to be traumatized or otherwise act erratic. Admins are always entrusted with huge power and while wariness is probably warranted, distrustfulness is IMO counterproductive and often harmful.
Eventually I tried to log into one of my old cloud accounts, to find it was only disabled since 9 days after my layoff. Pretty sloppy.
Sadly, behaviors and expectations converge toward one another.
In the US, they'll terminate your access while you're on the Teams Meeting behind the scenes and if you have any gaps, issues, blips, or smudges in your resume it gets thrown into the recycle bin by some AI agent.
But things are different both in small companies, and non-US environments where minimum notice periods or redundancy consultations are a thing. You may put people on "gardening leave" where they're still paid but not actually working. Or it may be the case that the sysadmin is the one person who knows and controls a lot of stuff, and the employer has ended up relying on them for a smooth handover. Password and role management for the "root" of things is a real problem.
The employee is always the last to know. This is standard fare.
Too complicated and subjective, stinks of more risk.
Also, I don't think it's dehumanizing it all (having been on the receiving end of it way back when during a layoff, and involved in the process more times than I care to count). It's standard practice for involuntary terms at all companies we work with, whether employee is IT or not. If a company is not doing this already, I'd encourage them to.
I actually think there's less risk, because it's not as narrowly focused on what a just-fired employee can do. That's not the only scenario of concern.
> Also, I don't think it's dehumanizing it all (having been on the receiving end of it way back when during a layoff, and involved in the process more times than I care to count).
Interesting. Thanks for the perspective. I've been fortunate enough to not be on the receiving end of a lay-off, knock on wood. It's happened to my teammates/reports though. Wasn't my decision. :-(
The most fool proof way is just to nuke the computer in its entirety.
Leaving no one to say anything anymore on their behalf.