Blocking Website Stupidity

If you’re someone who cleans up after your mess (i.e., you clear your browser cookies) then you’ll run into these irritating messages every time you visit a site and they’ve forgotten that they nagged you (because they don’t actually remember anything – they make your browser remember things for them, in cookies, and you can remove those memories any time you choose … like, when you shut down your browser). These messages would look like the huge waste of space banner, shown here taking up most of the page:

I hate these. They do not add anything, and they make you decide something you’d rather not decide. When I visit a page, I’m trying to read something, and I do not expect to be challenged to evaluate their privacy policy. Sites bank on this – they’re betting that you’ll just say OK and move on, without really considering what you’re agreeing to. Well, there’s a way around it (and it’s good to do anyway, honestly): install uBlock Origin and learn to use the wee eyedropper tool to select the garbage you never want to see again. I click the little shield in the top right of the window, then click the eyedropper, then click on the offensive piece of the page. I then work my way down the list of elements until I get the container that’s holding the garbage (in this case it’s a site-message container) and then simply tell it to go away.

It’s easy to do, takes fewer mental resources than looking at whatever idiotic policy they’re trying to get you to agree to, and it will persist even after you clear your cookies.

You do clear your cookies, right?

-D

Little Bobby Tables

Every now and again I explain to people what “SQL Injection” is. I generally do this by writing a bit of an SQL string for them, using a string which can be manipulated (one which is vulnerable to this particular exploit, down at the database level of the application). And I then show them this XKCD comic:

So, for example, I’d define the following as an example of a vulnerable stored procedure:

create procedure SaveStudent
	@StudentName	nvarchar(256)
as

declare @sql nvarchar(max)

set @sql = 'insert into Students ( StudentName ) select '
set @sql = @sql + '''' + @StudentName + ''''
exec(@sql)

go

I would then put in the example name from the XKCD comic above to demonstrate just what ends up happening. Let’s say you were to call that stored procedure, passing in Little Bobby Tables’ name as the variable:

exec SaveStudent 'Robert''); DROP TABLE Students;--'

The stored procedure would then execute the following commands:

insert into Students ( StudentName ) select 'Robert'); DROP TABLE Students;--'

So … why is this a problem? One salient point is that the apostrophe character is used to enclose strings in quotation marks. The way Bobby’s name is constructed allows for a malicious command to be sent to the database (the Students table is erased by the command DROP TABLE Students;), and no error being necessarily returned, because Bobby’s name fits in perfectly with how SQL works – he’s got a proper semicolon, terminating the command that comes before, so he was added to the table … but then the table was dropped, using a valid command, and everything after that is commented out (the double-dash is a comment marker), so there wouldn’t necessarily be any errors at all coming out of this – it’s perfectly valid, it’s running in a privileged context (it has been “blessed” by being turned into a stored procedure, so it’s trusted to run).

All of this is the lead up to the punchline, which is this company, apparently registered in the UK (or, something used for testing, I suspect, as this is the beta for UK Government’s Companies House): ; DROP TABLE “COMPANIES”;– LTD. This, passed into the above sample procedure, will yield the following SQL string:

insert into Students ( StudentName ) select '; DROP TABLE "COMPANIES";-- LTD'

Now, this one’s going to throw an error, because it’s actually improper syntax no matter which database you pass it to (well – any of those I have used, anyway, which is … way too many). However, if this is indeed used for debugging or as a demonstration, it will 1) throw an error if you feed it to anything that’s vulnerable to this exploit, 2) hopefully not throw an error anywhere, because the UI is supposed to be sanitizing these inputs, so it should be properly formatted (“escaped”) so as not to cause this problem. I can see this value being used both to test the UI (put it in & see if some database code which is intentionally vulnerable to this exploit throws an error) and also to test the database code, for scenarios which do not use a user interface such as loading in data from another application or a programmatic interface.

This technique is not just dangerous because it allows things to be broken; this technique is routinely used to exfiltrate data such as usernames and passwords, credit cards, or whatever other juicy details are in the database. If an adversary can figure out just which poor programming technique was used, and can figure out how errors are presented to the webpage, then they can intentionally cause errors which return data which should remain secret, or they can simply replace the query that’s supposed to do something legitimate (pull back a list of toasters, for example) with a query that returns that sensitive data right onto the webpage.

In any event, once you understand this humor as a programmer, your programming fundamentally changes, as there are only a handful of bad programming techniques which allow for this kind of vulnerability – so, you quickly eradicate those techniques from your practice (and hopefully go back and clean things up in older code). The fact that a huge number of websites are vulnerable to this tells you something (bad) about the competency of people who write and test code. I will not rant here about the many programmers who think about databases as being simply dumping grounds for data, rather than fully-functional programming environments.

-D

Critical Thinking

I happened across a great passage about critical thinking and thought I’d share. It’s in a Christopher Anvil short, about aliens bearing gifts.

“I seldom watch television. I get my news from the papers, where I can take it in at my own pace, and pick out the bones, instead of swallowing it all whole. No, I don’t trust the Shaloux. What’s their motive? Why do they offer us this ‘life-serum’? What do they get out of it?”

“Open-mind! Everybody’s supposed to have an ‘open mind’. Humbug! Open it far enough, and who knows what will come in? The whole thing’s a trap. Leave the door open, to prove you trust everyone. Then the thieves can strip the house and put a knife in you while you sleep.”

Cautiously, he began to read the paper, conscious of the article’s bias, opening his mind just a little slit at a time to bash the unwelcome ideas over the head as they entered: Washington — Miliram Diastat, the benevolent (How the devil do they know he’s benevolent?) plenipotentiary (Hogwash. He may be just a messenger boy.) of the Shaloux Interstellar (They could come from Mars, for all we know.) Federation, met with the President today, and in solemn rapport (What’s “rapport” really mean? Maybe it’s hypnotism.) concluded the mind-exchange (Or brainwashing) which is a precondition for entry into (defeat by) the Federation. Mr. Diastat (Why call him “Mr.”? The damned things are neuter.) assured reporters afterward that all had gone well (For the Shalouxs, that is.) in the mind-exchange (brain-washing). He said (It said), raising his (its) hands (extremities of upper tentacles) to heaven (over its head–that is, over the end of the thing with teeth in it.), that our peoples will be joined as one (eaten up) with (by) theirs, in a final ceremony next year. At that time, travel throughout the vast extent (They claim it’s vast.) of the Federation will be free to all (Economically impossible.), and Earth’s excess-population problem will be solved (Everybody will be killed.), while at the same time (never) personal immortality will have been granted by universal (Humbug. There must be some people with sense enough to keep out.) inoculation with the serum (slow poison).

This passage seems to me to really exemplify the kind of thinking which should be applied to most things, to be honest.

-D

Stirling 132

Dickinson, 236

San Francisco 243

Most of us studied, if only briefly, the poetry of Emily Dickinson of Amherst, Massachusetts. Born 1830, we know she wrote poetry in the imported-from-England-and-Isaac-Watts hymn meter; we know that any of her poems can be sung to the tune of The Yellow Rose of Texas or the theme to Gilligan’s Island, because hymn meter is a constant, rhythmic form. We know Emily Dickinson was sent to Mt. Holyoke Seminary, a very respectable, very religious ladies college. We know that Mt. Holyoke was all the organized education she ever received.

What we aren’t told in school is that, despite the Dickinson’s Puritan background and Emily’s lifelong habit of writing poetry that was spiritual in nature, her time at Mt. Holyoke didn’t “take.” She was categorized as a “no-hoper” at the school. At Mt. Holyoke, during the Second Great Awakening religious revival in American history, when Emily attended, the women were counseled,then categorized. They were divided up into three categories: those who were “established Christians,” those who “expressed hope,” of becoming so, and those who were “without hope.” They were met with continually for counsel, and Emily could find no objection — nor any interest, either, in joining a church. Emily Dickinson worried about this a great deal, but finished her first year in the “without hope” category, and never went back to school.

Our society is never very kind to those whose decisions take them out of step with the majority. Emily Dickinson chose not to marry, so she was isolated. She could not believe as others did, so chose not to join a church, limiting the already narrow circle of 19th century women’s interactions within her community to her parent’s home, where she helped her father after her mother’s nervous breakdown. And yet, she wrote:

Some keep the Sabbath going to Church – (236)

Some keep the Sabbath going to Church –
I keep it, staying at Home –
With a Bobolink for a Chorister –
And an Orchard, for a Dome –

Some keep the Sabbath in Surplice –
I, just wear my Wings –
And instead of tolling the Bell, for Church,
Our little Sexton – sings.

God preaches, a noted Clergyman –
And the sermon is never long,
So instead of getting to Heaven, at last –
I’m going, all along.

There is a sort of ease to her words, even as she sat out Sunday mornings, alone in the woods, while miles away, her brothers, sister, and father sat in the family pew, seeing and being seen. She’s not in step with the world, but she’s finding what she needs where she is. Being raised in faith, and attending church frequently, and having our community be largely church-y, possibly as church-y as the Dickinson’s lives in the 19th century, I can imagine that taking a step… away from all of that made Emily a different, different person. And yet, she was no rogue godless rebel, but a person who found her spirit fed by other means.

Our poetry group played with hymn meter this past week, and I won’t bore everyone with iambic tetrameter discussions (if you’re actually interested, they’re on the project post), but just for fun, I’m sharing a tribute to Emily’s 236:

Keeping Emily’s Sabbath

cathedral light abounds
through old growth canopy
as crows produce a raucous sound, as fog’s damp surges all around
and we breathe Autumn’s ease, in redwood panoply.

(no sermon, no sexton. birdsong, from every direction
the quail’s quiet sageness is truth for the ages, and never is service too long)

leaf-fall means death. Rejoice
in every dying tree
for Autumn leads to Winter’s choice. Then, ending, Winter gives Spring voice
and brings the honeybee, renewal’s guarantee.

(no chalice, no cantor: listen to the blue jay’s banter
the woodpecker’s rapping, its beats overlapping, and never is service too long)

scythe down, like Autumn’s weeds
what binds you to the pew
no dome nor chorister a need, that “all are loved,” be that the creed
which Sabbath-hearts pursue; may Light be found in you.

No vestments, no hymn book. Take to the woods. Change your outlook.
Your body will thank you – the dogma will keep – and the sermon won’t put you to sleep.

Bonus fact: you can sing this to the tune of one of Isaac Watts’ (I shan’t tell you which – guess) hymns, too. Because it’s a modified short meter, however, with an added refrain, it doesn’t work with The Yellow Rose of Texas OR that other earworm song which shall not be mentioned.
This, I count a victory.

May you find yourself, if not in the woods, by an estuary, near a reservoir, around a stand of willows — somewhere that there’s no internet connection, you can turn off the news, and try to recenter. There is good in the world, kind hearts and truth… but you won’t find it via newscasters and talking heads on TV. Get out.

San Francisco 257

Muir Woods, unidentified pink wildflower

More On Tech Hiring

Technical interviews have fairly infinite ways of going wrong. The tweets above reminded me of a few interviews I’ve had over the past seven months of job search, looking for a position that will keep me busy and happy for the next several years. I’ve interviewed with some of the big guys, even going so far as to go up to Amazon in Seattle. I’ve interviewed with startups. I’ve interviewed with a variety of different industries, from retail data services to biotech, from health-care to nuclear cleanup. I’ve interviewed in rural Washington State, Seattle, San Francisco, and Reykjavik, Iceland.

Over the course of all of these interviews (and literally hundreds of phone interviews), I’ve seen the extremes, in terms of technical interviews. I’ve had companies try to rattle me into getting angry (the Santa Barbara company – if you’re interviewing for a database company in SB, hit me up for the name, ’cause you don’t wanna work there) and be unable to answer the question they asked me (some vague mumblings about there being a “math” answer doesn’t cut it). I’ve had companies not ask me a single tech question (Reykjavik: I think they’re so desperate for programmers that they’re willing to believe you have the skills you say you do). I’ve had hours of algorithm and data-structure questions (Amazon, and what a waste of all of our time that interview process was, when I told them up front that I basically do everything with a database if I can, and have no interest in the things they do there).

All of these companies did some things better than others, and none of them was what I would call perfect.

I think the thing they all missed out on, or could have emphasized more, was the human dimension. Would I be happy there? Would they have enough meaningful work for me to do? Were they interested in any of the same things in which I’m interested? Would I feel happy in a huge company, or in retail systems, or building parking solutions (cool company, that one – but they’re in down-town SF, and walking over human excrement on the way to work just doesn’t do it for me)? These are things which I had to know about myself, but which they didn’t seem to think were important.

If you’re going to sink $100K into a new hire (when you figure hiring bonus, travel, relocation, training, and the first however-many months it takes them to come up to speed, this is maybe even a low estimate), you should figure out whether that person is going to be happy. Yes, their technical skills matter somewhat, but they’re the least of the factors you should be examining. You should be looking at whether they can learn, and whether they want to learn. You should be getting a feel for them as a person, and what they’re looking for from the deal.

Tech companies tend to focus on either computer-science fundamentals, or they focus on their own narrow set of coding gewgaws. They don’t tend to get the actual human aspects in there except as an afterthought. The problem is, this just isn’t how you build good teams, it isn’t how you get happy employees, and it isn’t how you get people who will stick with you beyond the next project.

The people who form a meaningful connection during the interview process, who feel valued and as if they’d continue to be valued, those are the ones you want to keep. Sure, there may be some phenomenally bright programmer out there – so what? If they can’t be part of the team, contribute towards the team’s goals, support their other team members, then you’ve got nothing worth having. If you want good teams, you have to find good people whose goals align with those of your group. You won’t find out about those goals unless you know your own goals and ask about theirs.

-D

Reykjavik 69 HDR

Buying Spices

So, we watched this youtube video the other day on how to make “tuna” sliders out of unripe jackfruit (go – watch it – then come back and let’s talk). It really is an awesome recipe, and we’re nearly ready to make an attempt at it (it’s too hot, and we don’t have Old Bay Seasoning). That’s not what this post is about today, though.

Today, I want to talk about choice. Like, if you go to Amazon, and try to buy Old Bay Seasoning. Go ahead, go over there and drop it into the search box, then come back here and tell me how you found the experience. Did you locate what looked like the best deal? That would be the 24-ounce item that shows up first on the list. Do notice, though, that it is a “Fresh” item (so, you have to join some program or other in order to buy it) or an “add-on” item (which means you have to play grocery-cart bingo and put enough in your cart to actually get it delivered). Also notice that there are just about 100 different things from which to choose.

There’s a thing going on here that I think is important: I think that there is a payoff here on the part of Amazon in that you’re going to have to 1) join some program of theirs (which makes them money) or 2) add more things to your cart than you want to buy or 3) troll through literally 100+ items to figure out which one you can and should buy. I think that this level of product chaos is found in a few different places, and I suspect that there’s some degree of psychological testing going on here, to figure out what drives the most profit. Or perhaps this level of chaos actually accomplishes that, and this is simply the new normal when shopping on Amazon.

In my case, I decided that I really didn’t need the Old Bay and that I’d spend the couple dollars at the grocery store, rather than suffer through the buying process on Amazon. I emptied my cart (including the slippery add-on item which put itself on my “buy later” list, repeatedly) and went to buy the other things I wanted elsewhere. I’m sure I’ll use them for other dishes, and Amazon is perfectly prepared to drive a certain amount of business away in order to maximize revenue. They’re a store – that’s what they do.

This jumble of bad choices is what’s known as a dark pattern: something which drives the user to do something they do not want to do. Once you become familiar with dark patterns, you start to see them, and then start to look for them. In this case, I’m sure that I’ll continue to use Amazon. But I’m also sure that I’ll start paying attention and, if I find myself struggling to actually find the thing that I want, I’ll go elsewhere.

I ended up spending way more money than I’d intended to spend just then, but also bought a whole bunch of things that we needed: I went to the SF Herb Company’s culinary herbs page and simply went down the list, adding 1 of everything on there that we do use and have run out of. Those spices and a stop at the Asian market and we’re done. And some time today we’ll get our delivery and will have the joy of unboxing bulk spices! (below is a previous order)

SF Herb 1

-D

Technology Hiring Practices and Diversity

Stirling 311

I would like to talk about hiring practices in the technology field, in particular as those have an impact upon who does and does not get hired to work in technology. This is important because the tech industry talks a lot about limiting racism and sexism in their hiring processes (they’re ignoring age bias for the moment), but then the tech industry also talks about systems designed for interviewing candidates which are designed to result in high rates of false negatives. By “false negatives” they mean that more good candidates will be told that they don’t meet the needs or the requirements of the position – that they will err on the side of not hiring.

There’s fairly solid mathematical reasoning for why hiring this way does not make sense (read the extensive and geeky discussion on Hacker News). So, we have to ask, Why maintain this type of a hiring process if it results in poor organizational outcomes? And, if they’re maintaining this in the face of poor outcomes, we must further ask, What outcomes does this system actually have and are those outcomes the real reason for maintaining this type of a system?

Portland 142

I believe that this type of a system is designed to allow the bias (“culture”) of the organization to perpetuate. I believe that these hiring practices are designed to systemically discriminate, while pretending to be based upon merit. [side note: People are quite attached to the idea of meritocracy even in the face of proof that meritocracy actually results in worse outcomes for the organization (here’s a paper which proves that random promotions yield better organizational outcomes than merit-based promotions).]

When you design a system which yields false negatives, what you actually accomplish is to normalize the practice of making hiring decisions based upon gut feel and bias rather than upon objective criteria such as whether the applicant is really interested in the position or whether the applicant can do the job. That’s a big statement to make, but I think it’s proved out by the psychology.

Tversky, Amos - Preference, Belief, and Similarity, ch. 24

We can evaluate this in terms of prospect theory and the framing effect, which pretty much describes the landscape of this decision. The framing effect plays a role here because the decision makers approach the interview having been told that it is better to mistakenly pass up a good candidate than it is to mistakenly hire a bad candidate. This framing puts the decision maker into the mindset of loss / risk aversion, which tends to be vastly more conservative than does a mindset of possible gains. When evaluating problems in a risk-averse or uncertain mindset, people attempt to reduce that risk or uncertainty however possible. In this mindset, hiring someone of the same general profile as oneself provides an immediate reduction in risk, so basically guarantees that candidates who are different (diverse) will be excluded.

This is not limited to the tech industry, by any means – I’m certain that these same problems are pervasive in other hiring systems. In tech, though, the big players have all made noises about diversity, and yet have maintained a system of hiring which continues to yield the same problematic hiring decisions. The tech industry is supposed to be the best and brightest – they certainly tell us that they are – yet it cannot seem to figure out how to hire women or blacks or Hispanics (or people aged over 35). This tells me that the noises made by tech are basic cover for not really wanting to solve the problem.

Tech companies are happy being pretty much white (and a few Asian) dudes and do not want to change. Tech companies want to mouth the right words about diversity, to maybe hire diversity officers, but they do not really have any interest in being diverse. They have designed hiring systems which are systematically discriminatory, but subtly so, which is problematic because it is the systemic problems which are hardest to fight.

Finnieston Quay 72

I’m sure some of my reasoning in here isn’t as thorough as it could be. I don’t think that my reasoning is wrong, though – I think that the hiring systems of big tech companies essentially guarantee a lack of diversity, and that the companies are either uniformly ignorant of this or are happy for it to remain this way. Before you think that they’re ignorant of this, think about where psychology graduates go if they don’t become professors (hint: big technology companies, which is why everything tech is designed to be addictive).

Fact Checking

OK, folks, please bear with me as I go on a bit of a rant about statistics and using data to basically lie (and end with a rant about why this might be happening).

I had been reading an article entitled Young White America Is Haunted by a Crisis of Despair and happened upon a graph. It wasn’t a remarkable graph, except something about it just didn’t make sense to me, and then I looked at the axis (which runs from 12% through 32%) and I began to question the data.

People put things on a truncated axis like this when they want to emphasize the data more than it actually warrants. OK. So, we can go through and type this into Excel and make up a bit of a graph to show us what it looks like on a more accurate axis.

OK, that lets us see the data a bit better (i.e., that there’s not much of a difference between Pennsylvania and the rest of the USA). But it still doesn’t tell us anything – I mean, there must be a reason the writer is all het up about whatever’s happening in Pennsylvania, right? So, let’s slap a trend line on things and see where they’re going – let’s put a 3-year moving average on both the US and Pennsylvania’s percentages and see if they’re radically different from one another.

OK, so, that one shows us the raw numbers as dotted lines and the moving average as solid lines. Yes, it does look as if Pennsylvania seems to be edging up. But this is weird, really, because we really don’t understand what we’re looking at: we’re looking at an arbitrary slice of the population (ages 25-34) across 16 years. So … what does this really tell us? Well, without knowing how the other age bands behave, we won’t know anything at all. So, let’s go see what the Kaiser Foundation tells us about that. Kaiser Foundation data pretty much says that, yes, this age range for Pennsylvania does, indeed, overdose on opioids more often … but it also says that ages 35 and above overdose on opioids far less frequently than the US population (which could be saying that people in Pennsylvania overdose earlier than the rest of the country, but at about the same rate).

So, is Pennsylvania doing worse than the rest of the country? Well, Kaiser will let us troll through the data, so let’s see if we can put together a chart to tell us just that. If we ask for non-age data (e.g. by going to Opioid Overdose Deaths by Gender and removing Gender) then we see something that paints a different picture entirely.

Looking at the data without including age as a factor, Pennsylvania has historically been a pretty decent place to be, in that their opioid overdose deaths have tended to be several percentage points lower than the national average. This has stopped being true as of last year … except that how do we know that there’s a trend, rather than this just being noise?

Also, there’s one thing that’s missing from all of this analysis: how do we know that it has anything whatsoever to do with race? Because, really, we haven’t had anything that shows race at all in here, and when I try to ask Kaiser about their data by Race / Ethnicity I get some interesting results … in that I get a handful of data that is “NSD: Not sufficient data. Data supressed to ensure confidentiality.” Try it yourself and see what you can make of it.

That last query brings up another problem in the article: the article says that the deaths of a particular age range and ethnic group are different from the same age range for different ethnic groups … but that data doesn’t appear to be readily available, nor does any of the data out there seem to support that, nor does any of this appear to be beyond the range of statistical noise.

Now, what happens if we ask for numbers rather than percentages?

The top line is the total US number, keep in mind. But, yes, there does appear to be a wee problem there in Pennsylvania among white people. Of course, we don’t know how many black or Hispanic people there are in Pennsylvania, so we can’t say what percentage is affected by “the opioid epidemic,” and this is particularly true because when you look at the trend of Pennsylvania it kind of seems like it’s rising very slowly, whereas there’s a jump beginning at 2013 for the national average. So, does Pennsylvania have a problem? We just cannot say. (We also haven’t looked at when the stronger variants of opioids came onto the market, but do know that those are having some effect, as people encounter drugs which are stronger than expected.)

The other thing to point out: we’re talking about some pretty small numbers all along. I’m sorry, but 27,000 white people dying in a year, out of a total population of 320 million people, just doesn’t seem like a huge thing to talk about, to be honest. I mean, sure, it’s a tragedy for the families involved. But how about the 614,348 people who died from heart disease in the same year? The 591,699 who died of cancer? The 147,101 who died of respiratory disease? Or 136,053 from accidents, 133,033 from strokes, 93,541 from alzheimer’s, 76,488 from diabetes, 55,227 from influenza, 48,146 from kidney disease, and 42,773 from suicide?

In case you missed it in those numbers (all of which are significantly greater than the number of opioid deaths): 55,227 Americans died from the flu last year, which is nearly twice the number who died from opioids.

All of this leads me to wonder: why do we place such importance upon this particular narrative? Why is it important to tell the story that poor white people who didn’t get college degrees are getting into heroin? Why are we, as a nation, accepting articles like this one, which are barely supportable by the statistics, and which are looking at a problem which, on the face of it, doesn’t seem to be a significant problem when compared to other things? (As an example: give everybody a flu shot and you’ve likely saved as many as overdose on opioids.)

I would like to have full access to the data set, to see if I can slice it and come up with something compelling about Pennsylvania White People, but I just can’t see it in the available data. What I do see is a story being told without the data to support it, and I wonder why it’s an important story to the nation, at this time.

My answer to that question? We’ve seen that the war on drugs does not work, and this is a narrative which can be accepted (by White People) as a reason to change our national strategy. Spinning the story this way, though, ignores the generations of minorities who have been incarcerated for drug offenses. It lets White People continue to think that mass incarceration of minorities for drug crimes was OK. Making “the opioid epidemic” about Poor Whites allows a change in drug policy without addressing racial injustice.

-D

Santa Barbara … Nope.

Well, that was one of the stranger interview experiences I’ve ever had! Long story short: I’ll not be taking that job in Santa Barbara!

So, I went down to Santa Barbara to interview with this company after having had a few phone interviews, including a technical interview. Before going down it had seemed like things were really going well, like we were a great fit (albeit with a few things I’d have to get used to). I get to the interview at 11:00, we chit chat, go out to lunch, and then settle in for interviews. At this point, I’m expecting to meet people, talk with people – basically, to see what things are like and have them sell me on what a great company they are and how much of a nice place it is. Hahahaha, Nope!

Instead of selling me on them, they proceed to ask me tricky programming questions. Which, OK, fine, yes, people do this. They usually do it earlier in the process, but whatever, I can roll with it. The questions are usually idiotic, so that’s not unusual, even though I thought we were past this point, but hey, not getting hung up on that. Did I expect each of the three different interviewers to demonstrate odd personality traits that I would find distasteful to work with? No, certainly not. Did I expect to be pushed to answer when I had stated that I did not know the answer? Nope. Did I expect someone to mimic my body language? Like, I was fiddling with an earring while thinking about a coding question and the guy goes and tugs on his earlobe? Oh, no, I did not expect this. Nor did I expect them to be rude to other employees (a lady asked to change the thermostat in the conference room, since it was freezing in their space outside the conference room, to which the interviewer responded that he didn’t care).

After this strange day, wherein I sell myself to them and straight up do not respond to complete rudeness, I go back to the hotel basically exhausted and play some mindless games on the phone (frozen bubble is fabulous for not having to think, by the way). As I’m playing, I’m thinking over all the little things, and I’m adding them all up, and I’m reaching the conclusion that these are not nice people, and this is not going to be a nice place to work.

So, we drive home, and I talk it all out with T, and I write the recruiter a politely worded response to say that I don’t think it’s going to be a good fit.

And then I get a call from the hiring manager, wanting to talk it over.

Santa Barbara 82

The hiring manager tells me that these behaviors were intentional. They had intentionally done these things to see how I would react.

Let that sink in for a minute.

A potential employer essentially conducted psychological experimentation with a candidate. Over the course of 6 hours, and by 3 different people, they attempted to see whether I would react negatively to their behavior.

Here’s a little secret, people trying to hire: if you act like someone with whom the candidate would not want to work, that candidate is going to decide that they do not want to work with you. If you later try to tell them it was all a test? Well, that says that you felt entitled to know how the candidate would respond to stressful situations … which says that you intend to subject them to those types of situations, else why subject them to the test? If you do not intend to treat them poorly, why would you need to know how they will react to being treated poorly?

I don’t think there can be any ethical justification of such a test.

In talking with the hiring manager I told him that maybe, if he’d told me what they’d been doing before I left the interview, I might have reached a different decision. Thinking it through, though, I do not think so; I think that even knowing it was a test I would be offended because, again, If you do not intend to treat me that way, Why do you need to know how I will react?

I think I find this especially frustrating because I feel like it was a lie: that I wasted my time going down there because they were not being honest about the purpose of the meeting. Whatever they learned, I hope that they learned that some people react to macho BS by being polite and then removing themselves from the situation as quickly as possible.


I have a few more interviews lined up for the coming weeks, one of which I think looks like it could be quite interesting, the other of which is more “let’s talk more and see what kind of a company you really are.” We’ll see.

-D

Public Service Announcement

This Public Service Announcement brought to you by incompetent web developers. Please note that putting a little sign that says “this site is secure” does not make that site secure.

insecure

When I click on the little informational icon to the left of the URL, I can plainly see that the site is NOT secured. Thus, anything entered on the page can be intercepted between my web browser and the server that’s supposed to be collecting the information. And when I try to go to an https:// version of the site, I get told exactly why the site isn’t secure:

insecure

That’s right: the site might have been secure, except that the certificates that the web developer tried to use to secure it were not registered to the website, but to some other website. Security doesn’t work that way, folks.

The PSA portion of this post, now: everybody should know to click that little icon, to the left of the URL, any time a website is asking you for information that you wouldn’t want to broadcast to every criminal in the world. And if you get told anything that seems like the site isn’t right, you should leave.

Personally, I contacted the site owner and told them to slap their web developer (literally: I told them that their web developer needs a sharp slap, for trying to play this off as secure when it’s not). In doing so I told them my name and email, but hey, that’s publicly available, so no harm. Other than that, though? Not giving them any of my information, and certainly not giving them my credit card number!

Be careful out there, folks. Just because the website looks slick doesn’t make it trustworthy.

-D

ps: I blacked out the name of the website, because this isn’t about them. I suppose it also serves to protect the incompetent, but hey, I’ve already sent them a nasty note, so there’s no need for public shaming.