Ask HN: How do you hire remotely when you have to turn over the crown jewels?
How are people managing having remote workers who have full access to their codebase?
What happens when they turn around and steal your code and launch a competing service?
How do you sue some digital nomad?
20 comments
[ 3.3 ms ] story [ 47.7 ms ] threadas far as I have ever been able to tell 'trust' is a commodity that has to be managed no matter how the work is being done.
to put it another way : does a lawsuit actually prevent an employee from stealing the code and launching a competing service?
"Hire the right people" might be the best advice; remote or otherwise.
I know people with private copies of some decent chunks of FAANG source code, for example. They'd never leak it, it's tucked away just in case they want to refer back to it, for whatever reason.
Just don't worry about it, it's not a big deal.
High risk, very low reward
Yes, it's probably illegal and ethically questionable.
I don't show or sell the codebase to anyone else. It's more for me to refer to when I encounter a similar problem that I recognize I already tackled years ago. I'm not going to copy verbatim, but if it can save me time to refer to a working implementation of a solution I need to repeat, I'm going to do it.
And this happens pretty rarely, but I'm competing in this job market with people who are doing the same, or, if they're not, probably have much better memories than myself. If I can keep up with competition by referencing things, it improves my own ability to do the work I do.
I'm in my late 30s btw, so already at the point in my life where I need to do whatever I can to keep a competitive edge against 20-somethings in the industry... I'm very concerned about my memory continuing to get worse and the implications it may have on my employability, despite not having much money saved up.
If we're ever in some weird sci-fi future where people who leave jobs have their memories erased, I'll gladly delete my copies of code I wrote. That way, at least my age will only work against me in the context of my current job.
Until then, I don't see why someone with perfect recall should be able to refer to things they worked on in the past, and I shouldn't.
I am interested to explore this recurring theme, in that how does 10 years difference at that age make such a big difference?
When you think a world class sprinter is not regarded to coming into their own until their 30's at best, it can't be physical condition.
Then you think, is it mental condition, the ability to absorb and adapt to new things, and sharpness of memory? But I wonder if not, when I think back to my 20's and of my friends and collegues, any sharpness was well overwhelmed in a wholistic sense by inexperience and often excessive hubris.
I would have said 30's is about when an individual may have accumulated enough balance and skills to really start considering to eb able to deliver, unless being managed exceptionally well earlier in life.
So that leaves possible other factors
1) Many manegers are quite young these days and don't like to manage people older than them, for a wide variety of reasons.
2) Tech is cashing in on a bunch of unpaid work when they acquire fresh young talent who have worked hard in their own time for many years previous, to be up to date with the latest languagse/stacks etc. After ten years unless they have really kept up, they are stale.
3) Once you hit 30, you might be a little sick of living to work and want to spend more spare time with family and friends, so therefore maybe not doing the extra (unpaid) work to do more and/or keep up.
4) Once you hit 30, tried your guts out, been unlucky with hitting the fuck off money and still really need to work, maybe the hunger is gone. (or that is the perception)
5) It's a cult and there is no reason, but once the club has formed that's how it runs.
By now I am getting more and more out there, but all of the above have some premise of plausability, but I am interested to know what everyone's experiences/thoughts are from SV/tech.
Note of Context:
I work in another country, in a tech based field being industrial engineering of electrical and control systems, but any ageisim doesn't seem to really kick in until after 50, if at all.
But it is a bit more conservative, and uptake of new tech is much slower compared to SV because the risks are far more tangible (long lead very big money projects, possible harm to human life) and the conservative position is to do what is known to work. Breaking things is not in the normal acceptable range of outcomes.
The slower rate of new tech adoption is especially because Final Investment Decision (FID) may not occur until 10-20% of potential budget has been expended doing front end studies and tightly defining the path forward to completion.
Is it actual capacity of memory, or amount of information required on tap so much higher?
At age 35 there was not quite mobile phones as common items, and I could rememebr 200+ landline numbers off the top of my head, people used to call out to me for them across the room.
In my mid-to-late 20s when I started programming professionally I didn't have the experience to know how important thorough documentation was, but it didn't cause problems for me because I could generally just remember all the things I had worked on.
I periodically have to reimplement things from scratch and that is indeed irritating. Fortunately version N is usually better than N-1.
The solution to that annoyance is open source.
I think it would be a big deal (worth worrying about) to have physical/digital proprietary information in your possession after you left the company.
But in any case, you handle it the same way you'd handle this problem with regular employees. Get their personal data written down as part of the employment contract. Verify that it seems plausible. If legal issues occur, sue them at that address.
If you're US based and hiring US employees, you'll already have plenty of personal info available to be able to pay them, so you're unlikely to not know who they are.
If you're hiring out contract workers via 1099s, this is part of the risk.
Ways to lower this risk: - Meet in person before hiring. - Check references. - Check past work.
Also, if what you're actually worried about is someone launching a competing service, unless they have resources to Marketing, Sales, and Operations, it's unlikely to be so trivial as to just stand up your source code and have a viable business. And if it is that easy, you're probably not making any money now anyway.
For what it's worth, though, clearly a company needs some secrets even if the code isn't. I've only worked on government contracts and they handle this in a pretty simple way. You're required to use a CaC to access anything. That means you need to be a US person and go in person to an ID card office to have your identity and location verified. While your company doesn't have the means to set up remote offices all over the country to verify identities and issue smart cards to your employees, you can at least have them go to IdentiGO or something to get fingerprinted, which has the same effect of verifying they're in a locality where you can sue them and they won't easily disappear if they steal something from you. Remote workforce doesn't mean all of your employees are digital nomads. They can have a nice, stable, law-abiding existence in a US city that just happens to not be the same one you're in, and that is easy enough to verify.