> [Opexus] said that “the individuals responsible for hiring the twins are no longer employed by Opexus.”
Getting close to the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).
I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins, hash your @!#$ing passwords, etc.
Terminating access and rotating passwords (if needed) while the person is in the meeting but has not yet found out they are being let go has been SOP for at least the last 20 years
Is this specific to US culture? And what about your work environment makes it such a risk?
Where people are laid off here (Norway), they're still employed by law for 3 months. Most companies don't force you to work all that time, but it's pretty common to finish up your tasks, do offboarding etc for a few weeks. Never considered it an issue. Maybe it's a high trust society thing?
I have had this (garden leave) specified in contracts in Norway too - it's not strictly a requirement that you're allowed to serve out the full 3 months, but the default unless specified is 3 months. In the cases I had it in the contract, the contract generally framed it as if some other perk (like shares) served as consideration for giving my employer the right to put me on garden leave.
>Is this specific to US culture? And what about your work environment makes it such a risk?
It's called garden leave, it's popular everywhere, especially if it's a big international company with diverse workforce, sensitive to IP rights, since there's been plenty of cases of people taking company IP on USB drives to the new employer, like that Indian guy who took IP from Valeo to Nvidia and got his home raided by the police because the Valeo guys saw him share it on a Teams call lol. Same for companies in finance or that handle sensitive information. Norwegian trust doesn't fly anymore when it comes to multinational corpos.
Companies run on liability and risk mitigation. If something bad happened once (IP theft or sabotage from someone they let go), then they have to prevent from ever happening again, not keep blindly trusting people while letting it happen.
It is not that common in Norway. It has at least been argued in the past that working your notice period is not just an obligation to employer if they want to enforce it, but a right for the employee on the basis that being walked out can affect your reputation by implying possible misconduct exactly because it has generally been uncommon in Norway.
I haven't worked in Norway for a long time, so haven't kept up to date on the current legal position. The typical argument used to be that if there were concerns over IP theft or sabotage, there were other ways of protecting against that - and indeed, insider risk is something companies need to deal with whether or not someone has been fired.
Garden leave isn't for when you don't want to force people to work out their leave, but when you want to force them not to, and as the very next clause of my comment pointed out ("but a right for the employee"), it's not a given you can just do that in Norway. Most of the time, employees will be happy to be told they don't need to show up. Sometimes they aren't. There have been lawsuits over attempts to force people on garden leave in Norway.
What's stopping people's from doing that while employed? I think if you treat your employees with respect, they don't feel the need to this kind of retaliation.
So stealing IP, breaking the law and your contractual obligations, should be allowed if you feel like your employer isn't valuing you enough?
That guy was a six figure paid SW engineer, who stole IP for the opportunity to jump ship to an even better paid gig at Nvidia, not a minimum wage fast food worker who couldn't take it anymore.
Scammers will always be scammers and will use any excuse and opportunity to get ahead, no matter how much you trust, value and pay them, they'll always want more from you even when you have no more to give. They'll bankrupt you gladly if they can get away with it, out of greed, envy, spite and malice, I saw this when my parents ran a small business.
In globalized multinational companies, you can't defend from this using mutual trust and respect, only by strict IP protection, law enforcement, fines and jail time as a deterrent.
> So stealing IP, breaking the law and your contractual obligations, should be allowed if you feel like your employer isn't valuing you enough?
Please don't straw man me. Discuss in good faith, and don't invent things I didn't say. I never said anything remotely close to that being allowed. I said that it could happen even if you don't terminate all their accesses the moment they're let go. And the fact that some people have to worry about it reflects on how the employer behaves or the trust in the society.
>Please don't straw man me. Discuss in good faith, and don't invent things I didn't say.
I'm not. That's just the only logical takeaway from your comment saying: "I think if you treat your employees with respect, they don't feel the need to this kind of retaliation."
How else would you interpret it, rather than a veiled threat that if employees don't get their way then they'll steal or sabotage you? Please explain in detail. If you feel you're not treated the way you want to, then quit and find another job, don't steal or sabotage your employer.
> I said that it could happen even if you don't terminate all their accesses the moment they're let go.
Yeah, but it's WAAY more likely to happen AFTER you give them notice of termination since breaking relationships be them romantic or employment, can cause people to do illegal things like steal from their employer or murder their spouse in an impulse of revenge, when they hear their relationship is being terminated. All this is documented from decades of police and legal records, and companies know this, so they take preventive measures.
>And the fact that some people have to worry about it reflects on how the employer behaves or the trust in the society.
Companies worry about it because some people are gonna be evil thieves no matter how well they're treated.
If you want to get better treatment then negotiate better, talk to lawyers, organize in unions, vote, go protest, pester your representatives, but don't break the law or steal from your employer in revenge, as that reflects badly on all workers, and the economic, legal and societal costs of a few thieves will be distributed on the honest ones in forms of more workplace surveillance, higher cost of doing business, higher insurance premiums, etc all of which have a negative upstream effect on wages and employment opportunities.
Heh, a place where I worked some guy who left kept committing code for months (he went to work for a company we were a vendor for). Some of my teammates knew and just thought it was no big deal, he was fixing bugs and adding features.
The color the director turned when he found out!! Oh man.
he went to work for a company we were a vendor for
Sounds like he's getting paid to work on the same thing by a slightly different stakeholder.
I'd happily pay $$$$$$ to hire someone with commit access to Cloudflare, AWS or Google's codebase who could fix the goddamn bugs, let alone add new features.
> Sounds like he's getting paid to work on the same thing by a slightly different stakeholder.
This honestly sounds like the sort of thing I'd sit down with the employee, their new employer, and various "Compliance Team" members, and firm up a bit.
Sounds good for everyone.
We get our bugs fixed, $vendor gets to say "Well we have this thing that was developed in-house for BoshNet, that might solve your problem too, it's going to cost you <some comical amount>", and everyone's happy.
Never happy is a bit of an exaggeration. SYSV UNIX had all of these risks
and various legal departments went through them as they do regularly for more typical types of research.
That’s the “firming up” bit. You have a contract that deems the code “work for hire” even though the money flow is wonky. Legally the guy is like any 1099.
I have door codes and passwords for a major organisation that I last worked for somewhere in the region of 20 years ago. They haven't rotated a damn thing. I still know people who work there, and I guess technically I still support things for them in an informal question-over-a-pint kind of way, but damn me, put in some effort guys.
My first task at my last job was removing access to an employee being let go. I had just gone through onboarding so I knew every (documented) service we needed to handle. We live tested it on my own accounts, measured the time before I noticed, and then proceeded to successfully go through the checklist.
Except not everything was properly documented, and it turned out the employee had given admin rights on some resources to a contractor which proceeded to wreak havoc on their behalf (the 'rm -rf' kind). Eh!
Amateurs. My employer does mass layoffs by terminating access to everything except their email account at 3am, and then sending an email to the victim saying “you were let go at 3am”. Managers get to figure out who’s left on their team by pinging everyone when they learn about it at work.
Google powerwashes your corp Chromebook when they let you go. A friend was composing an email on the train when their screen went black and the device reset itself to factory settings.
They even send the “you’re being fired” email to their personal email they have on file. Didn’t even schedule a meeting.
Most of the employer behaviour described in such gleeful terms here would be outright illegal in most of Europe and open up the employer to risk of being sued for wrongful dismissal, etc.
Eh, there are ways around that. I've worked for multiple Finnish companies that do layoffs via "lomautus" whereby they put the laid-off employees on a forced, unpaid, indefinite leave. After multiple months of not receiving a paycheck, the employees inevitably "resign".
In Germany that's forbidden, you'd have to pay them.
But you can be placed in a room/office with no windows (not the OS), a computer without internet access and nothing to do. How long can you go on like that?
Royal Bank of Scotland did that to me and a few colleagues when they didn’t want to pay redundancy whilst closing the only building for us to work in.
Was a battle of wills and eventually after 5 weeks of coming into a random branch office and sitting in an empty room, we came in one Friday to be told that the manager in charge of the building closure had been removed from the project and they would be paying full redundancy pay and we didn’t have to come back in but they’d pay for the next 3 months as well.
We’re talking about a Google employee that makes 5x or more of what a European counterpart would. Lack of termination notice and other at will employment is easy to plan for when you make so much money.
Until someone starts providing examples of software companies where the employees are unioned and clear $400k+ annum, the bar is still “no unions”.
If you're talking about Oracle, the large round previous to that they did had individual meetings with employee, manager, and HR. With so many layoffs it took a week+ to do, effectively torturing an entire set of employees who had no idea if they'd have a job by the end of the hour, let alone week.
I'm not sure there's any good way to lay off large amounts of staff (besides not getting yourself into the situation in the first place where you have to)
In much of Europe, if you're planning redundancies above a certain (low) number of employees, the employees / unions has a consultation right before layoffs start in order to be able to negotiate or consider other options...
>I'm not sure there's any good way to lay off large amounts of staff
Someone on HN once wrote that after the dot.com bust, Yahoo! HR had 1-1 meetings with every single employee that was part of the mass layoffs back then, and they did this for hundreds of workers. Boy what I wouldn't give to go back to such state of affairs, even though I wasn't yet part of the workforce back then.
An older family friend of mine who started working in tech around 2003-2005, told me "back in my day, to get a job, you'd just send your CV to HR@corpo.com, and in 2-3 days you'd get a call asking you when you're free to come over for an interview". Now today you're lucky you get an automated reply back from 50 CVs sent, just for the opportunity to do an impersonal take home assessment as part of the seven stage interview process. It's like screaming into the void of AI bots and automated CV screening systems, while you spin the barrel of the revolver to play the next round of Russian roulette.
And the crazy part is, that when people talk about "the good old days", we're talking about events from recent history, just 10-25 years ago, that a lot of current workers experienced in their lifetime, not stuff from when boomers were kids.
The massive sudden shift in the commoditization of human workers and turning them into faceless labor resources that can be inhumanely disposed of with a keystroke, is real and noticeable to everyone, that I'm envious for you guys who are set to retire soon out of this shitshow.
What comes after this? Have we reached rock bottom, or will it get even worse?
Either your dates or experiences are off, because I've been working in software since 1999 and the easiest time to get a job was quite recent, in the back-half of COVID. The early 2000's were decent, but I didn't experience - or know anyone who did - any sort of "free jobs' period. Also pay was relatively decent but much less than what you saw even 5 years ago. It's only the in the past year or so that the world has appeared to be ending for developers, and I think that pronouncement is premature.
> the easiest time to get a job was quite recent, in the back-half of COVID
Things can be easy or difficult at different parts of the hiring funnel.
Towards the end of covid, it was easy to convert a resume into interviews, and successful interviews into a job.
But in the 1990s the tech industry hadn't yet invented the five-interview, live-coding, culture-fit, hiring-committee gauntlet. If a hiring manager liked your resume there'd be one interview, and it wouldn't involve any coding.
During the dot.com bubble, so many folks went to work for startups that old-fashioned corporate IT (in insurance, industry, banks) was struggling to hire. The saying goes that they hired you if you could spell "C++".
In 1996-1998+ they had something called the Brass Ring job fair in the Santa Clara convention center in the heart of Silicon Valley. Employers would set up booths and some would hire people on the spot.
>Also pay was relatively decent but much less than what you saw even 5 years ago.
IDK, I'm not from the US/Bay-Area, nor does my country have any big-tech/FANG jobs to distort the market for what constitutes a "high wage" in tech, it's all the same.
>in the back-half of COVID.
Sure, but Covid was only a short blip, a temporary exception, not a baseline norm for wage/job growth, like the years prior which was a longer period of getting a job was easy, like 2012-2020.
For me where I live now, the career depression I saw came in 2023 already when jobs become less abundant and harder to get, and it only got worse later when mass layoff started. So we're already 3 years in the decline, longer than the Covid boom lasted and things aren't going better yet.
I entered the workforce in around 2012-2014 and it was significantly easier to get a callback from sending a resume than it is now where it's mostly automated rejections. When I say "easy" I also mean you didn't need 7 stages of interviews to get a job back then, you'd have 2 stages and those were pretty chill and get a call back from every 2-3 resumes sent. Now you need to send dozens. I guess "easy" is relative.
>Also pay was relatively decent but much less than what you saw even 5 years ago.
You should have tried to create a business or fulfill G-ds hopes for you when you had the chance… but you sold out and took the easy pay check. Now
You’re fucked
I know enough people who tried, to be able to tell you that it's not all roses over there. Some had to go back to being a corporate slave and some just continue grinding a barely viable business earning much less than they could at a large company
>You should have tried to create a business or fulfill G-ds hopes for you when you had the chance
Says who? What does God have to do with this topic? And why are you censoring the word God?
>but you sold out and took the easy pay check.
I didn't sell anything, nor was the paycheck easy, it was all hard honest work from school to university to put food on the table for my family. Why do I need to justify myself to you?
>Now You’re fucked
I'm doing fine, thanks. Your username is accurate though.
(hackeridiot12 may be Jewish - IME Jews often type "G-d" because spelling the deity's name in impermanent text is disrespectful. Bit odd from my perspective, but harmless :))
How you handle employees after the layoff announcement is a much easier conversation: Give them a lot of dedicated resources to navigate it and give them a good parting offer.
Nobody ever seems happy about how the announcement part is done though. "Wait for everyone to have 1:1" and the problem is the mass panic that starts to roll through the workday as employees wonder if they are next. "Mass announce and then engage after" makes another group upset they were told by a generic mass email. I've been at places which have gone each way and I'd honestly rather hear from the mass email myself.
The 2010s were not that easy to get a job in. It took quite a lot to actually get a job. It didn't take 6+ interviews and takehomes. But you could use a recruiter, go through the interview etc.
There was no leetcode and the resources weren't great. The introduction of leetcode made everything super painful.
I mean, not to snarkpoast on main, but all of this has happened before re:
> The massive sudden shift in the commoditization of human workers and turning them into faceless labor resources that can be inhumanely disposed of with a keystroke
Look up the treatment of labor during the industrial revolution. Similarly then
large competitive advantages in automation lead to concentration of power in the hands of those that (not to spill the beans on where I'm going with this) controlled the machinery and means of production by way of access to capital. Collective bargaining of some form by labor was (and I would maintain, still is) a reasonable response, as is state regulation. Not to literally use the M-word* here but ... these problems aren't new, and solutions have been explored in the past (not that they were or are perfect!). As is typical in tech, we could stand to learn a bit from history when considering paths forward from the present. History may not repeat verbatim but it sure as hell rhymes.
idk, just my two cents as someone in the technical trenches who happened to fall in love with an historian. :)
* Marxist/ism. The communists certainly had/have their problems, as did Marx's analysis itself, but he wasn't wrong about there being some society-scale Problems with unfettered capitalism.
I experienced that once. The parent and the parent's parent company were from the USA. The top CEO and CTO came over and fired everyone. My laptop was controlling a job that had to run pretty long on a 16 core server, but I did as asked: I shut down the laptop and left it on my desk. That was at least $50k down the drain.
The reason they fired the whole dept. was that they were going to centralize development, as they had 200 other developers. After 5 years, they still hadn't developed a new product. Then they bought a competitor and rebranded it. The old product had to be kept running for years after. I guess they finally switched all their clients, because the web sites now open with <!--eslint-disable @angular-eslint/template/prefer-self-closing-tags-->. Who puts that in their HTML?
Though you'd want to make sure there's no essential information that only this employee knows, because that action might terminate that employee's desire to cooperate with the company.
When you are talking about access like they had "make firings as abrupt as possible including terminating all access immediately" not doing this is incompetence. This is absolutely a standard and has to be for these kinds of positions. I've never worked anywhere where it wasn't for the majority of IT staff. You meet with HR, someone clears your desk, and security walks you out.
There is a middleground, but it requires conscious effort to prop-up, support, and maintain over the long haul: off-boarding centers.
I worked for a Big Tech company that actually did this, and it made the transition a lot easier. You could still access corporate resources necessary for the transition (HR, benefits, internal job postings, training offerings, expense reporting, etc), check-in with colleagues 1:1 (who would be warned this person was no longer part of the org, attachments could be blocked to prevent exfil, etc), and still send/receive email internally (though external was blocked by default and required justification).
You can safeguard your corporate infrastructure without actually cutting everything off entirely and sending someone home to stew angrily about it. In fact, there might be (as yet undocumented) advantages to letting folks exist in that transition period on that segmented infrastructure, so as to identify potentially bad actors before they can do harm and see about mending bridges.
Of course all of that requires conscious investment in projects with no clear quarterly/yearly KPIs to measure cost or success against, so most employers will never remotely consider it.
Your last sentence sums it up. I was blown away by the system you described that would allow for such a humane transition through such a difficult time. At least process wise it seems like a good place to work.
> When you are talking about access like they had "make firings as abrupt as possible including terminating all access immediately" not doing this is incompetence.
You're proving my point—employers take the most extreme lesson and it's considered expected practice. They absolutely should have immediately terminated the credentials that granted unilateral access to sensitive databases. (Ideally those would never exist in the first place—there are two-person schemes. A pair of bad actors...well apparently happens according to this article...but is far more unusual.) But employers regularly (but shouldn't) terminate all access including credentials that allow last email to colleagues exchanging personal contact info or something.
For most of my career (over 30 years now) where I've had sufficient access privileges to matter, I've fairly diligently maintained a "Important credentials and access" list, which I've sent to my employer when leaving, strongly advising them of the need for them to disable or rotate those credentials.
This especially includes creds like root or admin level access to AWS/GCP/whatever-cloud-or-hosting-service, and other critical creds like user/password management, domain name registrations, AppleStore and GooglePlay accounts, source code repos, documentation and internal tooling, external services like observability/analytics/crash-trcking. It also keeps a current(ish) list of all clients/projects where I've had any access at all, listing things like API keys, ssh keys and bastion hosts, project or platform admin creds, as well as systems like databases (SQL and KV caches), firewall rule specific to me.
I also try to list anything else I could, if I were a malicious disgruntled ex employee, use to cause grief to the employer or their clients.
I point out in this email that if I were to be rouge, I'd most likely have intentionally left something out or left behind backdoors or timebombs, and while I am not that kind of person and I have not done those things, they owe it to themselves and their clients to have someone else senior and experienced enough to carefully audit everything to ensure I cannot access anything.
I send this from a personal email account, so I still have timestamped records of having sent it. If an ex employer ever gets hacked shortly after I leave, I want evidence I did everything I reasonably could to remind them to lock me out.
(Writing this down reminds me it's been a while since I updated this - I guess thats something I'll ned to get on to soon.)
The first option is flipping one switch. The second option is flipping some switches now, and flipping the rest later. Of course the safest (first) option is the correct option from a liability standpoint, which is all a company should operate on since it's first responsibility is to protect the company for those that are still there. There's plenty of ways to communicate with ex-colleagues that don't involve company resources or opening the company up to liability.
Let’s not forget the third option: proper security practices and principle of least privilege. No one should have been able to do this in the first place. Why were they able to get plaintext passwords with a simple query? Why did they have delete permissions on production db tables? Why were they able to modify system logs and delete backups?
> Of course the safest (first) option is the correct option from a liability standpoint, which is all a company should operate on since it's first responsibility is to protect the company for those that are still there.
Isn't this an unrealistically black-and-white mode of thinking? Humans are complicated and have many values and perceived responsibilities. It's not healthy for them to throw them all out and act as if they only have one responsibility that needs to be maximally upheld at all costs. They should balance their actions thoughtfully.
System security is not a human value. Access key rotation effective immediately is a compliance requirement, and completely orthogonal to human decency, which is delivered trough garden leave or severance, not extended system access
I'd argue that failing to segregate things so that there's a switch for the sensitive stuff and a separate switch for the not-sensitive stuff is an operational failure. A rank and file employee having access to his email account should never pose a serious liability to the business.
Yeah I don't see why that's necessary. I'm sure you can always reach out to HR and ask (I have facilitated this in the past, pulling contact lists and phone numbers) but that also gives them ways to exfiltrate data. It's company data. Just think of all the info you have in your inbox. Unless you've managed offboarding for high level IT positions it seems harsh, but the risk is just too high to allow the user to do that stuff themselves.
> Just think of all the info you have in your inbox.
Meh? Sure, stuff that would help assemble a credible phishing attack, but not customer SPII or huge amounts of intellectual property or anything. If the assumption is that employees' inboxes are full of dangerous things, I would focus on fixing that.
No you don't get it, we have to take a harsh approach to firing people because we keep pallets of high explosive in the break room and management doesn't want to change that. /s
If you don't trust your people so much, why to hire them in a first place?
Looking at it from Europe - it is such a weird inhumane practice.
Someone decided your position is redundant. Okay, shit happens, economic downturn, etc. Then you have extra 3-6 months of work to pass your knowledge, train replacement and document everything.
sometimes you fire because you trusted them then they gave reasons to stop. At company I work at it happened, but the more common way is just getting info few weeks later then working normally till the end date
>Looking at it from Europe - it is such a weird inhumane practice.
Pretty standard practice in many technology(not just IT) and finance companies in Europe as well.
>If you don't trust your people so much, why to hire them in a first place?
It's not about trust, it's about risk, and most companies operate on liability and risk mitigation. If society ran on trust alone, we wouldn't need contracts, door locks, passwords, IDs, judges, security cameras, jails, police, etc.
You can verify someone's performance at the job interview, you can't verify their trustworthiness, especially once they've learned they lost their job, even trustworthy people react irrational once emotions hit making snap decisions they'll later regret without thinking of the consequences on the spot, and you see innocent people suddenly turn vengeful or violent and break the law (just look at relationship breakups and domestic violence).
You can't predict such reactions, so best to prevent them instead of chasing damages from them later through the court system.
Put yourself in a business owner's position for a minute. Nobody wants to be the "this former employee set my building on fire after I gave his notice, by leaving him in the flammable material warehouse unsupervised, because I wanted to show him that despite the layoff I still trust him".
For some businesses and jobs the trust alone is enough, for other jobs that involve access to sensitive data or money, it's straight to paid garden leave because nobody wants to risk it.
>Then you have extra 3-6 months of work to pass your knowledge, train replacement and document everything.
Yeah, that happens sometimes like for CxO's, managers, execs who get generous golden parachutes/severance packages, but for rank and file workers in the trenches, having to show up to a workplace you know you'll soon loose, for several more months of work till it's finally over, feels like torture unless you're getting a crazy severance package. That's like your wife telling you "honey, I'm divorcing you, but I still want you to live with me for 3-6 more months, and perform your regular duties".
No this is labour law in the UK, I just had this last year. Its 3 months where you get paid and you can search for a job etc. Made our new American CEO livid that he could not just fire people.
More specifically in the UK there are a few ways employees can be dismissed.
You can be dismissed when you have done something wrong, in which case there's no notice period but the employer has to be able to show they've followed certain rules.
You can be dismissed when you haven't done anything wrong, in which case you either get several months notice or several months pay ('in lieu of notice') or a 'voluntary settlement agreement' (more pay, negotiable terms) all subject to slightly different rules.
So a US employer can cut a UK employee's computer system access the same day, it just costs a bit.
All the couples I know who are divorced did continue living together after one of them said it was over, I think the longest time actually was about 6 months.
Yeah but did they still keep banging and cuddling like before the divorce announcement? They probably weren't doing much of that anyway if they got divorced but you get my point.
Looking at it from Europe, this definitely also happens. It depends on the situation. I know of ppl who were kept bcs the parting was in good faith (which was less a firing and more an agreement that parting is in everyone's interest), but I also know of ppl who had their access revoked before firing bcs it wasn't. The latter had unilateral system access as well, which added to it. It's not about humane or inhumane, it's about risk. The 3-6 months being nice is also a fairytale that I have only ever heard in a positive light from employees who are not particularly ambitious or awake or in any way satisfied with their jobs or the prospect of a future job. On the other hand from the perspective of employers it's consistently hard to effectively restructure, it's expensice and awkward to have to pretend to want to keep someone around that you or they don't want around.
It's just one of these rules that unfortunately in Europe allow people to view life purely as the time between jobs. I'd never tell that to someone's face but it's simply a fact that the world stops of people don't work and no matter what the ideal world looks like in your dreams, working is the only real way forward for anything. It's part of the reason why Europe is falling behind on everything.
Europe is not falling behind on anything that is not reasonable.
The increased growth in USA the last decade have largely been created by means that one day will be quite costly for you (debt).
The USA under MAGA is falling apart. EU and others are actively minimizing risk by selecting non-US IT providers. EU and others are actively selecting non-US defence aystems.
I say that it is very positive to protect your citizens. Russia (sending their citizens en masse to a certain death on the front lines) and USA have more in common politically than USA and EU.
I agree with everything you said, it's great that they're trying to detach from US IT providers & alternative, and I do think Europe is doing a lot things better than the US.
But there's nothing like AWS, Google Cloud, facebook, Azure, ChatGPT, Tesla, etc etc the list goes on and is very long, in Europe. They're switching way too late. Why did it not happen before? Why do we have very limited IT providers, for example? Due to the culture and regulation that doesn't incentivize it sufficiently.
I'm European too btw and live in the EU and I'm happy about a lot of things we have that the US doesn't, I'm just personally worried that we're setting priorities wrong. Having a chill life in the park is good in the ideal it's just detached from what's needed to make a state run; and it will end in the EU having even less power that is has now, resulting in fewer moral values being carried into the world.
> It's part of the reason why Europe is falling behind on everything.
I read a news article that Orange Telecom in France was being sued by a woman they had on payroll for the last 20 years doing nothing, because due to a medical condition she suffered, she became unable to do her job, and since they couldn't fire her due to France unions and labor laws, nor did they have any available job that could fit her current condition, they just kept paying her for 20 years to do nothing at work, and now she's suing them for the depression she got to get paid for no work.
It felt like reading a Monty Python skit.
But Europe is failing due to a myriad of compounding issues and structural deficits, not just because firing workers can be a Kafkaesque nightmare in some countries. European workers' unions and labor protections were even stronger 20-25 years ago and in 2004 the Euro stock market was worth more than the US stock market, while now it's worth half the US one. But that's whole different discussion where pages have to be written to encompass the whole context and cover all aspects of European economic decline. Boiling it down to crazy labor protections would be reductionist and incorrect.
They couldn't find anything for her to do? Hard to believe, but if there's a reason not to fire her then then pay her the money she's owed and stop demanding she show up. Making someone come in with no tasks assigned is fun for a week and quickly turns into punishment detail. Putting someone on punishment detail because you're not allowed to fire them is Bad.
Unless she was allowed to stay home, in which case I take most of that back and it falls on her to go outside and find something to do. I can't find any articles with enough detail. But I'm still skeptical they actually couldn't find a job for her to do. It was 'just' paralysis on one side.
>They couldn't find anything for her to do? Hard to believe,
If a person's now disabled, what can a company give them to do profitably, that isn't already optimized, automated or offshored?
There's plenty of civil servants whose jobs are just moving one paper from one room to the next, just to keep more useless people employed that nobody would hire in the private sector. But this doesn't really exist as much in the private sector.
>Ithey just kept paying her for 20 years to do nothing at work, and now she's suing them for the depression she got to get paid for no work.
It's called "mise au placard" and it's illegal. It's a technique to get people to quit by themselves, so companies don't have deal with the hassle of firing them. The lawsuit is 100% justified.
The anomaly there is that France Télécom was a public company at the time of the hiring, and through privatisation public servant benefits were upheld for existing employees, which blocked most unpythonesque solutions.
If she had been hired after, it would have taken time but she would have been found unfit for work (she had epilepsy and hemiplegia), her contract terminated, and she would have most likely received a handicap pension instead.
Yeah but if you defense against somebody erasing a database is "we remove their access when they're fired" then your defense is garbage.
Like there's so many other attack vectors besides an upset ex-employee.. Like all those articles about NK employees who presumably are trying very hard not to be fired. Or employees using company provided insecure email software leaving them vulnerable to ransomware et al.
But I'm talking about general day-to-day security as well as off-boarding. What stops a single disgruntled employee from doing this before being fired? And if you have a good story there, why do you need the most extreme approach to "off-boarding"?
It makes sense to terminate someone's high-risk credentials immediately when they're fired. But it's extremely worrying if every credential held by every employee is considered high-risk. It suggests a bigger failure. "Unilateral access to a database filled with plain-text passwords" shouldn't ever exist. "Email account filled with dangerous stuff" should at least be unusual.
I suppose that's a very powerful way of preventing "accidents" on termination. But isn't that just theatre? I mean - as though termination is the one and only case where an employee with the power to destroy the company gets angry and might do something really stupid?!
It's not theater, it's defense against aggrievement. Termination is a traumatic event that threatens your ability to exist or provide for dependents. People [rightfully] don't handle exile well.
Someone with an interest in scuttling your company could just as easily maintain a low profile and do it at any time. Termination forces execution into a more-predictable timeframe. Once notified, the malevolent only have opportunity to exfiltrate or sabotage whatever they can reach in the time it takes to walk them out the door.
European laws require us to give people something like two months' notice. Even then we don't trust them; we pay them their salary and tell them to stay home.
> European laws require us to give people something like two months' notice. Even then we don't trust them; we pay them their salary and tell them to stay home.
Escorting them to the door, and revoking access for the remainder of contract yet paying wages for that period seems very descent. Off course, you don't do that when the termination was triggered by employee's misbehaviour.
But, yeah - the point I was trying to make is that there is only so much you can do as an employer to protect the company while there's an infinite number of reasons for anyone to be traumatized or otherwise act erratic. Admins are always entrusted with huge power and while wariness is probably warranted, distrustfulness is IMO counterproductive and often harmful.
Ok but with the European laws the incentive to do something at the last minute doesn't really exist.
This seems like a self inflicted problem where the solution to the problem also made the problem worse when it happens.
If you know that you have X months of pay if you behave, then why misbehave? You'll lose out on money and get a criminal record. Meanwhile if the employer wants you gone it's free money. Everyone is happy.
You've been given enough time to find a new job. It's enough time to sit back and relax at work since you're getting paid either way.
The primary reason why people want to get revenge is because of how inhumane the entire process is.
The mass layoffs are random and impersonal, so you inherently think it is unfair and you will never agree with the reason of the layoff.
The immediate access block and security escort is a reaction and extension of the inhuame treatment.
You always have to be careful about overfitting to a specific scenario like "this but if they had also forgotten to lock out the other evil twin". I'd prefer a system that is robust to a malicious employee (more likely: compromise of an employee's credentials) but has a slight gap in the "evil twins" scenario over one that prevents all post-firing malicious access from twins but doesn't consider at all what happens if a current employee's credentials are compromised.
This takes the whole "you must mean my evil twin" to an actual example. Maybe this is more "you must mean my other evil twin". Part of me really wishes their names were Daryl
I think mature sysadmins accept there's a certain .. bushido to their security-critical role. It is after all their job to respond to security threats, including by revoking credentials, and to recognize that they might fall on the wrong side of that some day.
But things are different both in small companies, and non-US environments where minimum notice periods or redundancy consultations are a thing. You may put people on "gardening leave" where they're still paid but not actually working. Or it may be the case that the sysadmin is the one person who knows and controls a lot of stuff, and the employer has ended up relying on them for a smooth handover. Password and role management for the "root" of things is a real problem.
In the US, they'll terminate your access while you're on the Teams Meeting behind the scenes and if you have any gaps, issues, blips, or smudges in your resume it gets thrown into the recycle bin by some AI agent.
the problem is that its so challenging to figure out what the person actually has access to. Have they ever done a export with sensitive information, that is now sitting on their local machine? Any important clients they still are in contact with over email that they may try to sabotage? Any other creative endeavors you haven't thought through?
The most fool proof way is just to nuke the computer in its entirety.
Privileged access should only be temporary in context of break glass with approval. People can go ballistic with core systems for reasons other than firing.
In an age of malicious agentic AI, this level of access is negligent. A lack of engineering controls preventing this from happening at all means that a simple phishing or supply chain attack could easily have resulted in the same outcome or worse.
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately
The employee is always the last to know. This is standard fare.
> a more balanced version: <bunch of weedy ACLs, judgement calls, liability/>
Too complicated and subjective, stinks of more risk.
Also, I don't think it's dehumanizing it all (having been on the receiving end of it way back when during a layoff, and involved in the process more times than I care to count). It's standard practice for involuntary terms at all companies we work with, whether employee is IT or not. If a company is not doing this already, I'd encourage them to.
> Too complicated and subjective, stinks of more risk.
I actually think there's less risk, because it's not as narrowly focused on what a just-fired employee can do. That's not the only scenario of concern.
> Also, I don't think it's dehumanizing it all (having been on the receiving end of it way back when during a layoff, and involved in the process more times than I care to count).
Interesting. Thanks for the perspective. I've been fortunate enough to not be on the receiving end of a lay-off, knock on wood. It's happened to my teammates/reports though. Wasn't my decision. :-(
I don't think you understand how this works. The second person was hired because the first one wined at his manager until he was hired. Presumably this was part of a whole chain and that would make me understand why “the individuals responsible for hiring the twins are no longer employed by Opexus.” was a good idea.
Getting close to the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).
I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins, hash your @!#$ing passwords, etc.