People have been through a lot of hype cycles and the grandiose claims of what AI/LLMs could be / "superintellegence" etc are a complete distraction from a pretty impressive tech accomplishment. Too few people wonder if the wins we got are worth it even if we hit a wall trying to achieve "AGI". And the real world impacts with electricity and billionaires running around with no guardrails are starting to slowly come to light. It sure looks a lot like the last hype cycle where we were promised a global currency without government intervention... lol. Do you remember the part where people took out loans to buy cartoon apes?
(I personally/philosophically don't believe AGI is a natural next step for LLMs as I don't believe the English language alone which training is so heavy on encapsulates all of human ability, rather it's very honed in on English speaking countries/cultures - I also don't believe humans are very capable of creating derivative products with capabilities greater than their own - we can barely make progress on what really causes mental illness[1] - how can we claim to understand our minds so well we can replicate their functionality?)
About 'Default Deny': 'It's not much harder to do than 'Default Permit,' but you'll sleep much better at night.'
Great that you, the IT security person, sleeps much better at night. Meanwhile, the rest of the company is super annoyed because nothing ever works without three extra rounds with the IT department. And, btw., the more annoyed people are, the more likely they are to use workarounds that undermine your IT security concept (e.g., think of the typical 'password1', 'password2', 'password3' passwords when you force users to change their password every month).
So no, good IT security does not just mean unplugging the network cable. Good IT security is invisible and unobtrusive for your users, like magic :)
A friend of mine has trouble running a very important vendor application for his department. It stopped working some time ago, so he opened a ticket with IT. It was so confusing to them that it got to a point that they allowed him to run Microsoft's packet capture on his machine. He followed their instructions, and captured what was going on. Despite the capture, they were unable to get it working, so out of frustration, he sent the capture to me. Even though our laptops are really locked down, as a dev, I get admin on my machine, and I have MSDN, so I downloaded Microsoft's tool, looked over the capture, and discovered that it the application was a client/server implementation ON THE LOCAL MACHINE. The front end was working over networking ports to talk to the back end, which then talked to the vendor's servers. I only knew that I had just undergone a lot of pain with my own development workflow, because the company had started doing "default deny," and it was f*king with my in several ways. Ways that, as you say, I found workarounds for, that they probably aren't aware of. I told him what to tell IT, and how they could whitelist this application, but he's still having problems. Why am I being vague about the details here? It's not because of confidentiality, though that would apply. No, it's because my friend had been "working with IT" for over a year to get to this point, and THIS WAS TWO YEARS AGO, and I've forgotten a lot of the details. So, to say that it will take "3 extra rounds" is a bit of an understatement when IT starts doing "default deny," at least in legacy manufacturing companies.
> Good IT security is invisible and unobtrusive for your users
I wish more and more IT administrators would use seat belt and airbags as models of security: they impose a tiny, minor annoyance in everyday usage of your cars, but their presence is gold when an accident happens.
Instead, most of them consider it normal to prevent you from working in order to hide their ignorance and lack of professionalism.
Wise IT admins >know< they are ignorant and design for that. Before an application gets deployed, its requirements need to be learned - and the users rarely know what those requirements are, so cycles of information gathering and specification of permitted behavior ensue. You do not declare the application ready until that process converges, and the business knows and accepts the risks required to operate the application. Few end users know what a CVE is, much less have mitigated them.
I also note that seatbelts and airbags have undergone decades of engineering refinement; give that time to your admins, and your experience will be equally frictionless. Don't expect it to be done as soon as the download finishes.
I think you are missing the main point of my analogy: seatbelts and airbags work on damage mitigation, while the kind of security that bothers users so much is the one focused on prevention.
Especially in IT, where lives are not at stake, having a good enough mitigation strategy would help enormously in relaxing on the prevention side.
Depending on your sector, I would argue that in IT, lives can be at stake. Imagine the IT department of a hospital, a power company, or other vital infrastructure.
Most mitigation tends to be in the form of backup and disaster recovery plans, which, when well implemented and executed, can restore everything in less than a day.
The issue is that some threats can lurk for weeks, if not months, before triggering. In a car analogy, it would be like someone sabotaging your airbag and cutting your seatbelt without you knowing. Preventing a crash in the first place is far more effective and way less traumatic. Even if the mitigation strategy allows you to survive the crash, the car could still be totaled. The reputation loss you suffer from having your database breached can be catastrophic.
Prevention in the car analogy would be like adding a breathalyzer and not allowing it to start if the person in the driver's seat fails.
It's been a gimmick idea for decades but I'm not aware of any car that actually comes with that as a feature. Kinda think there's a reason with how much friction it would add - I just did a quick search to double check and found there are add-ons for this, but without even searching for it most of the results were how to bypass them.
Damage. Pinhole is just as damaging to corporation that may result in leakage of password files, sales projections, customer records, confidential data, and mass encamping of external hackers infesting your company's entire networked infrastructure.
Slowing down everyone is also incredibly damaging to the corporation though. And as others have pointed out might even be counterproductive as workers look for workarounds to route around your restrictions which may come with bigger security issues than you started out with.
Really well put and I always tell people this when talking about security. It's a sliding scale, and if you want your software to be "good" it can't be at either extreme.
Good IT security isn't invisible; it's there to prevent people from deploying poorly designed applications that require unfettered open outbound access to the internet. It's there to champion MFA and work with stakeholders from the start of the process to ensure security from the outset.
Mostly, it's there to identify and mitigate risks for the business. Have you considered that all your applications are considered a liability and new ones that deviate from the norm need to be dealt with on a case by case basis?
But it needs to be a balance. IT policy that costs tremendous amounts of time and resources just isn't viable. Decisions need to be made such that it's possible for people to do their work AND safety concerns are address; and _both_ of them need to compromise some.
As a simplified example
- You have a client database that has confidential information
- You have some employees that _must_ be able to interact with the data in that database
- You don't want random programs installed on a computer <that has access to that database> to leak the information
You could lock down every computer in the company to not allow application installation. This would likely cause all kinds of problems getting work done.
You could lock down access to the database so nobody has access to it. This also causes all kinds of problems.
You could lock down access to the database to a very specific set of computers and lock down _those_ computers so additional applications cannot be installed on them. This provides something close to a complete lockdown, but with far less impact on the rest of the work.
Sure it's stupidly simple example, but it just demonstrates the idea that compromises are necessary (for all participants)
I think the idea is that if you don't work with engineering or product, people will perceive you as friction rather than protection. Agreeing on processes to deploy new applications should satisfy both parties without restrictions being perceived as an unexpected problem.
I believe a "default deny" policy for security infrastructure around workstations is a good idea. When some new tool that uses a new port or whatever comes into use, the hassle of getting IT to change the security profile is far less expensive then leaking the contents of any particular workstation.
That being said, in my opinion, application servers and other public facing infrastructure should definitely be working under a "default deny" policy. I'm having trouble thinking of situations where this wouldn't be the case.
> When some new tool that uses a new port or whatever comes into use, the hassle of getting IT to change the security profile is far less expensive then leaking the contents of any particular workstation.
Many years ago, we had , in our company's billing system a "Waiting for IT". They weren't happy.
Company IT exists to serve the company. It should not cost more than it benefits.
There’s a balancing act. On the one hand, you don’t want a one-week turnaround to open a port; on the other you don’t want people running webservers on their company desktops with proprietary plans coincidentally sitting on them.
The problem is that security making things difficult results in employees resorting to workarounds like running rogue webservers to get their jobs done.
If IT security's KPIs are only things like "number of breaches" without any KPIs like "employee satisfaction", security will deteriorate.
The biggest problem I can see with default deny is that it makes if far harder to get uptake for new protocols once you get "we only allow ports 80 and 443 through the firewall".
Yes, I think blocking outgoing connections by port is not the most useful approach, especially for default deny. Blocking incoming makes more sense, and should be default deny with allow for specific ports on specific servers.
That's because IT security reports to the C level, and their KPI's are concerned with security and vulnerabilities, but not the performance or effectiveness of the personnel.
So every time, if there is a choice, security will be prioritized at the cost of personnel performance / effectiveness. And this is how big corporations become less and less effective to the point where the average employee rarely has a productive day.
> Meanwhile, the rest of the company is super annoyed because nothing ever works without three extra rounds with the IT department
This is such an uninformed and ignorant opinion.
1. Permission concepts don't always involve IT. In fact, they can be designed by IT without ever involving IT again - such is the case in our company.
2. The privacy department sleeps much better knowing that GDPR violations require an extra u careful action, than being a default. Management sleeps better knowing that confidential projects need to be shared, instead of forgetting to deny access for everybody first. Compliance sleeps better because all of the above. And users know that data they create is private until explicitly shared.
3. Good IT security is not invisible. Entering a password is a visible step. Approving MFA requests is a visible step. Granting access to resources is a visible step. Teaching users how to identify spam and phishing is a visible step. Or teaching them about good passwords.
hm I don't think that passwords are an example of good IT security. There are much better options like physical tokens, biometric features, passkeys etc. that are less obtrusive and don't require the users to follow certain learned rules and behaviors.
If the security concept is based on educating and teaching people how to behave it's prone to fail anyway, as there will always be that one uninformed and ignorant person like me that doesn't get the message. As soon as there is one big gaping hole in the wall, the whole fortress becomes useless (Case in point: haveibeenpwned.com) Also, good luck teaching everyone in the company how to identify a personalized phishing message crafted by ChatGPT.
For the other two arguments: I don't see how "But we solved it in my company" and "Some other departments also have safety/security-related primary KPIs" justifies that IT security should be allowed to just air-gap the company if it serves these goals.
> Meanwhile, the rest of the company is super annoyed because nothing ever works
Who even cares if they're annoyed. The IT security gets to sleep at night, but the entire corporation might be operating illegally because they can't file the important compliance report because somebody fiddled with the firewall rules again.
There is so much more to enterprise security than IT security. Sometimes you don't open a port because "it's the right thing to do" as identified by some process. Sometimes you do it because the alternative RIGHT NOW is failing an audit.
> Good IT security is invisible and unobtrusive for your users, like magic
Why is this a standard for "good" IT security but not any other security domain? Would you say good airport security must be invisible and magic? Are you troubled by having to use a keycard or fingerprint to enter secure areas of a building?
Security is always a balance between usability and safety. Expecting the user to be completely unaffected through some magic is unrealistic.
> Would you say good airport security must be invisible and magic?
Very possibly. IMO a lot of the intrusive airport security is security theatre. Things like intelligence do a lot more. Other things we do not notice too, I suspect.
THe thing about the intrusive security is that attackers know abut it and can plan around it.
> Are you troubled by having to use a keycard or fingerprint to enter secure areas of a building?
No, but they are simple and easy to use, and have rarely stopped me from doing anything I needed to.
> Security is always a balance between usability and safety. Expecting the user to be completely unaffected through some magic is unrealistic.
I never quite understood the security theater thing. Isn’t the fact that at each airport , you will be scanned and possibly frisked a deterrent and you can’t measure what dissent occur so the only way to know if it works is observe a timeline where it doesn’t exist?
For one thing the rules adopted vary and different countries do very different things. It struck me once on a flight where at one end liquids were restricted, but shoes were not checked, and at the other we had to take our shoes off but there were no restrictions on liquids.
So an attacker who wanted to use a shoe bomb would do it at one end, and one who wanted to use liquids would do it at the other.
There are also some very weird things like rules against taking things that look vague like weapons. An example in the UK were aftershave bottles that are banned - does this look dangerous to you? https://www.fragrancenet.com/fragrances?f=b-spicebomb
Then there are things you can buy from shops after security that are not allowed if you bring them in before (some sharp things). Then things that are minimal threats (has anyone ever managed to hijack a plane with small pen knife? I would laugh at someone trying to carjack with one).
> know if it works is observe a timeline where it doesn’t exist?
Absolute proof maybe, but precautions need to be common sense and evidence based.
If you have two security models that provide identical actual security, and one of them is invisible to the user and the other one is outright user-hostile like the TSA, yes of course the invisible one is better.
It is the standard for all security domains - police, army, etc.
I would reword it to say that security should work for the oblivious user, and we should not depend on good user behavior (or fail to defend against malicious or negligent behavior).
I would still say the ideal is for the security interface to prevent problems - like having doors so we don't fall out of cars, or ABS to correct brake inputs.
That’s what I gave my firewall, all out traffic is default deny, then as the screaming began, I started opening the necessary ports to designated IPs here and there. Now the screaming is not so frequent. A minor hassle… the tricky one is the DNS over HTTPS… that is a whack-a-mole if I ever saw one.
good IT security is invisible, allows me to do everything I need, protects us from every threat, costs nothing, and scales to every possible technology the business buys. /s
Ok so to summarize: Credentials have been stolen using a rather common malware from some people that didn't protect their computers properly. A subset of those credentials were related to OpenAI - while at the same time this malware (or malware like this) is used to steal gmail-, outlook-, amazon-, facebook- and all other kinds of credentials of services where potentially sensitive information is often entered.
Wow, we really are at the point where you just need to insert "ChatGPT" into some boring random headline to make it news :)
> we really are at the point where you just need to insert "ChatGPT" into some boring random headline to make it news
No, we're at the point where the inserted item is ChatGPT, it's been many things in the past and I'm sure it'll be many other things in the future too. The pattern of cherry-picking to sensationalize headlines is as old as headlines.
> Wow, we really are at the point where you just need to insert "ChatGPT"
Except companies with valuations in the billions should be monitoring the darkweb and automatically revoking/resetting compromised accounts. Every good-sized bank and credit card provider does it.
On the annoying side, I have a 20yo email address... A CC provider notifies me every time it sees my email on a new list. But it doesn't give the origin of the list, the site(s) that were compromised, so the notification in and of itself is almost worse than useless since it's pure noise.
Almost all of my logins are generated 30-character passwords that are from/in my Bitwarden setup. I only have about 4 I have to remember (actual computer logins for work/personal and my password for Bitwarden). Exception being streaming sites (hulu, hbo max, etc) since getting 30 characters in on a TV is a pain.
I also have a host server passphrase that is words, since in the worst case, getting the random 30 was impossible in the 30s I had to enter it on a terminal view that can't paste, I had to completely reset it once (It was when first setting it up so nothing lost), but a pain.
It does make sense for russia (or at least Gazprom). They've cut deliveries through the gas pipelines anyway. Now they might have needed a reason not to pay penalties for contract violation. By blaming random terrorists or the US they can claim technical issues beyond their control.
If you wonder why an argument might be controversial, it can helpful to imagine how it would sound like in mirror world:
Assume for a moment that working remotly and a flexible workday would have been always the default. And now some companies decide: Hey let's contractually enforce a 9 hour continuous workday where all our workers will be locked in a big ugly building that we build just for that purpose (Btw. at least one of the 9 hours will be unpaid because this is where people will have lunch. Also we won't reimburse anyone for their traveling expenses or their time spent during the commute).
Now read again the arguments you wrote to support this new idea.
Disclaimer: I support fully remote work and will likely never be returning to office in my lifetime if I can help it.
Here I play devil's advocate. Even though it is a hypothetical world you've constructed, you still framed it from the perspective of this world.
I can do the same thing you did with a different bias.
Imagine a world where everyone is socially isolated, forced to work 8 hours a day from their living space where they're supposed to be able to retreat from work. They're not allowed to have social in-person contact with any of their peers, but they must login to show activity on their computer every 15 minutes or else be fired.
Then along comes the "office". An amazing centralized place where you can take frequent breaks to have social interaction with your peers. You no longer have to wait for everyone to join the Zoom call and turn on their cameras and ask "Can you see my screen?" — you all can just look at the same whiteboard in the same room! Need to get in touch with Bill? Just stroll over to his desk. No need to ping him and wait for a response. We'll even feed you for free, and you can play ping-pong on your breaks! You won't have to bother furnishing your home office with a standing desk and complicated technology setups. We handle all of that for you, and even have in-house IT staff to fix any issues that pop up.
It all doesn't sound so bad when you frame it differently (which is what the middle managers try to do). Again, I don't really believe these arguments, I'm just pointing out that the way you framed yours can easily be done by someone with a competing view.
> Need to get in touch with Bill? Just stroll over to his desk.
Sorry to be flippant, but to me this is one of the worst parts of office life summed up in one statement. The bar for other people to carelessly interrupt you can be unbelievably low sometimes.
I am a fairly high level engineer. People would come over to my desk all the time to either discuss work or shoot the shit.
However I still have my own work to do. Most of the questions they came to me for are a short slack message. I’d often literally have a queue at my desk of people. I’d also be constantly running between meetings.
Having me work from home is better for everyone who deals with me.
I’m more reachable all the time. That queue of people no longer waste their time waiting on my time.
I’m insanely more productive because I am great at multi tasking when I’m not having to simultaneously hold a discussion in person.
It’s not hyperbole on my part to say that having me shift to working from home has been a force multiplier for everyone who depends on me for something.
It does make some sense to me! It's a lot easier to manage several slack messages simultaneously than several in person conversations (although the image of an engineer helping a bunch of juniors like Magnus Carlson playing a bunch of chess tables in a line is funny!)
I also like to move conversations to group channels so that even more people benefit from the conversation. It really is a force multiplier.
In my opinion, it's the employers that are pushing us to view these as two opposing extremes. I suspect this is because for so long (as long as I can remember) they've had all of the power and control.
Clearly something more personal is the best solution, there's likely also an age component here as well. I know that with a child it's much more convenient to be at home most of the time.
Now that employers have given up some control, I bet it seems risky to a lot of people to start talking about going back to the office even one day a week. In my own experience, that small concession could easily lead to my employer pushing harder and before I know it, I'm looking at commuting for 90 minutes each day and sitting at a desk Monday through Friday: back where I started.
If employers want to retain talent and get some people to spend more time in the office, I think they should make some concessions to make that attractive. Putting some dollars in to offset the commute (and not just gas, maybe just pay people as if they were at work). Maybe throw away the old mid-height cube system and put something in that's taller and more like an individual office, etc. I'm sure other people have ideas out there, but just asking us to "go back" isn't reasonable.
My thoughts exactly. Even if software devs still maintain a better than average negotiating position, companies continue to have the upper hand and it's just going to get worse for a while.
I think inside of five years 9 out of 10 people who work from home today will be back in the office. Against their will or not. The company just doesn't need most of us more than we need it, and that won't change. I think a lot of people in the IT field right now just haven't been around long enough, so they think the current employment environment will continue indefinitely. The last 15-20 years have been pretty good, but they are almost certainly the exception.
There are more jobs in tech than people to fill them, places are always hiring even if FAANG is laying off. One day that dynamic will change, it hasn't yet.
To people that loved their school days the current office culture is probably already great. To people that did not, the office is just as bad. Except it is worse, because it feels like something you inflict on yourself.
I'm in a WeWork building currently, and I do kinda like it, maybe it's the novelty, but seeing so many other little start-ups and various micro-businesses doing their thing, often in shared spaces, is curiously inspiring and various other perks do make coming into the office attractive enough that I do it more than I technically need to or are even expected to (it helps that it's only a very easy 15-min bike ride away!). Plus for the team I work with, I generally do find it easier to get (and provide) help when in the same physical space, and it's rarely distracting.
Now throw in the fact that the workers may also have family (spouse + a little kid) living with them and present inside the house during the working hours. Suddenly, the idea to have a physically distinct place dedicated (almost) exclusively to work sounds very attractive and very sensible.
Of course, one could have a dedicated "study"/"office" room with a lock and sound proofing but that costs.
Now throw in minimum 0.5h + 0.5h commute or more realistically at least 1.5h total commuting time and suddenly you leave for work before your kids wake up and arrive back home 2-3h before they go to sleep.
Who do you want to spend more time during the day, your coworker Bill the senior Java guy or your child Charlie, who has just learned to walk but you were not there to see their first steps? I mean, Bill's a great guy, but I didn't marry the company.
Minimum half hour commute? Definitely not a minimum. I've had a <15min commute practically my entire career. My current commute is 15 minutes by bicycle, 5 minutes by car, and my kid's daycare is on the way.
Minimum commute is more like 5 minutes. Sure, maybe average commute is a good bit higher, but then say average not minimum.
Thats lucky for you but you must be aware of how uncharacteristic that is. When you get a new job that commute disappears unless the new job is close to the old job or you up and move.
It might be a bit uncharacteristic, but it still doesn't change the fact saying commutes have to be a minimum of 30 minutes isn't true. Its not entirely out of the ordinary to have a <30min commute. Most people in my office have a <15min commute, with a few having a similar commute as mine (~5min by car). My wife's commute is 12-15min. Most of my friends have a 15-20min commute.
Many people have commutes much less than 30 minutes. Maybe 30 minutes is an average, I'd probably agree average commutes are close to 45 minutes, but that's an average not a minimum. Those words have two very different meanings.
This probably depends on your local traffic environment in your city. Depending on the time of day and exact routing, 7 miles in southern california can take you 45 minutes or more. If you take the bus like I do you are in for closer to an hour.
Sure, commutes in Southern California seem to be a nightmare. But most office workers don't live in Southern California, so using that as a global minimum of commute times is probably extremely biasing it.
> Now throw in minimum 0.5h + 0.5h commute or more realistically at least 1.5h total commuting time
This is what I'm responding to here. ihateolives is suggesting all commutes are a minimum of 0.5h each way, with 1.5h being a realistic figure. They make no mention about Southern California, they're talking about WFO in general. Would you agree that 1.5h commutes in general are realistic, or do you think that's pretty big hyperbole?
To me, 1.5h commutes are insane and are a massive outlier, and I live in one of the most sprawled out metro areas in the US.
You are wrong. Look up what average commute time is in US. 40+ minute commutes are uncharacteristic, except for a small fraction of Americans who live in a handful of metros.
> Look up what average commute time is in US. 40+ minute commutes are uncharacteristic
Emphasis mine. Average is not minimum. Those are two entirely different concepts.
I'm not wrong about my commute time, it's legitimately roughly 5 minutes. Since nobody is suggesting a lower commute time for WFO, I'd say that's probably a minimum. I totally agree the average is closer to 40ish minutes, but minimum is not average.
My home door is the garage door, so I'm already in my car "door to door". The distance is <3mi. Assuming an average speed of 32mph (almost 1/3 of that <3mi is at 55mph, most is 40mph, I get that average speed often according to my car's computer) that's 0.5333 miles/minute. So that's then 5.625 minutes.
Sorry, I guess I was wrong, its 5 minutes and 38 seconds.
Next time use your watch and see how much time passes between going out of your door and entering your office. And your door is not the garage door, but the one you use to enter the garage.
I've looked at the clock before, it's been about 5 minutes. That's how I arrived at that value originally, as before needing to drop off my child at daycare I budgeted about 5 minutes to get to the office and was usually just about right. As mentioned, it's less than 3 miles on streets with 40+mph speeds. Sure, sometimes I get stopped on the by one of the two stop lights and it adds another minute and a half to my journey.
And ok, instead of my garage door it's my living room door 15 feet from my car door. Why not make it my bedroom door or shower door while we're at it.
Said space can also be rented in a dedicated co-working space (close to home or close to other place of interest) providing both the benefits of a space dedicated to work and the benefits of no commute, rent flexibility (you can choose a more preferable housing opportunity since proximity to work is not a factor), social mobility (you can choose to live in a different city) and personal security (a lot harder for physical harassment in a power imbalance context to happen when you are remote, a lot more likely for other forms of harassment to be recorded).
The fundamental drive of WFH is the opposition towards lords attempting to dictate how people live their lives. If a subset of workers want to work from the company office, good for them. If a subset prefer to work from co-working spaces, good for them. If some free spirits prefer to work from a tent in the mountains with a satellite connection and solar panels, good for them. If some prefer to switch environments, good for them.
This is the same as installing (side loading) apps on iOS. One group desires freedom (to install whatever from wherever) and does not care what others do (use only the official store). The other group (those who like the walled garden) prefers that all others do as they do (only use the official store and nothing else ever, preferably making it impossible or illegal).
I will actually express this in even harsher terms.
Mandatory WFO is a communist notion, it is fundamentally undemocratic and fundamentally un-American. It values uniformity the same way communism does. WFH values freedom and autonomy. So going forward, I will call all those who want to enforce WFO when it is not necessary: Commie-Bastards.
Do you get breaks to play pingpong and catered food at your offices? I've never worked anywhere that actually paid for food, honestly, and while a few places have had pingpong tables it's hard to justify leaving my desk to go use them when there's tasks I could be getting done.
A minor point, but I've always wondered if you're ever actually allowed to use the nice benefits like that, or if they're just something startups show off to investors to try and look more friendly to their workers.
> Do you get breaks to play pingpong and catered food at your offices?
Oh yeah, it was great ( billiards,pinball,foosball,restaurant catered lunches,beer fridays ). It never lasts, usually a company gets purchased and all those niceties are the first to go. This has happened to me three times.
It made for a fun workplace, those were definitely my favorite jobs.
Not gonna lie, the lack of free food in the companies I've worked for has left a chip on my shoulder, and this is after working at a place which pays slightly better than Amazon with the express purpose of poaching Amazon engineers.
I know it comes out to less than 10K per year, but I don't care
I don't feel like an elite engineer until I get the damn free food!
Imagine a world where people work from home but aren’t socially isolated because they spend time with their families, friends, and local communities rather than whoever they happen to be working with at the time.
> They're not allowed to have social in-person contact with any of their peers
I don't think any companies with remote work policies enforce a 'no in-person contact' policy.
> they must login to show activity on their computer every 15 minutes or else be fired
I don't think most companies have this policy.
> An amazing centralized place where you can take frequent breaks to have social interaction with your peers.
Those companies with strict policies on activity monitoring for home workers are unlikely to allow 'frequent' breaks. The few short breaks you have are mostly spent in the toilet, or queuing to buy coffee.
> Need to get in touch with Bill? Just stroll over to his desk.
Have we asked Bill how he feels about this :D
> We'll even feed you for free, and you can play ping-pong on your breaks, [and we'll give you a] standing desk!
Relatively few companies do this.
Your framing is heavily subjective and seems to contrast the best, employee-friendly companies' in-person benefits with the worst micromanaging companies' remote work drawbacks.
OP's framing is less subjective. Although the number of hours, the paid vs. unpaid lunch break, and the ugliness of the building do vary, the principles are broadly more objective.
I'm genuinely wondering if this is satire. No offense. I was just under the impression that the ping pong table has been the subject of enough startup-culture critique in popular opinion to put the idea that employees will actually see it as a meaningful perk to rest. Also interesting is the assertion that having to ask "can you see my screen" is enough of a problem for someone that it rivals waking up an hour earlier for a grueling commute...
I found that the sweet spot is somewhere in between these two extremes.
After a week of working from home, sometimes I found that I hadn’t left the house for anything other than groceries.
In the mornings, I get up and get the kids ready. Then work. Then the kids come home. Family time, dinner and so on. Time to sleep. Rinse, repeat.
So yeah, I find going to the office from time to time refreshing. It helps that my team agreed that office days are for socializing and focused work is not expected.
> it gets a bit tricky when you ask urgent question to colleague and he is not responding to you for 30 minutes.
This type of interruption culture is very harmful both directly to productivity (it takes a long time to get back to focus from being interrupted) and also to mental health from the pressure of being constantly interruped and expected to jump at every slack message.
There should be no question that is so urgent that it can't be answered tomorrow. Do a full day of work and check & answer your messages once a day, morning or evening.
The exception is people on call who of course do need to respond to things within minutes but that's why being on call is so exceptionally stressful. Rotate that so nobody is subject to such stress very often.
That’s not at all helpful and in fact it’s confusing.
Going to a place of work is the status quo with one of the exceptions being bubbles in IT. Some offices are nice, some not. Some are within walking distance, others are not.
You are not locked in to your office unless you work in a literal sweatshop. The lunch hour is a legal right in Europe.
It’s your task to check that you have a reasonable commute before accepting a contract. Why should a company care that you picked a job on the other end of the city?
Jesus, I can’t believe how spoiled and entitled so many people are. But that will resolve itself once remote developers start getting replaced with cheaper workers which can develop apps or websites just as well.
>Jesus, I can’t believe how spoiled and entitled so many people are
The entitlement is called workers rights. People fought quite hard to get the ones we have right now. E.g. my grandfather was still working 6 days and 48h a week (same country as OP). Back then people also called the workers "entitled" who dared to ask for more than one free day per week.
As I see it, this movement will only be succesfully completed once people can rent your skills without also owning your body during that time.
I love this style of reasoning. Status quo bias is a severely strong psychological effect on some people in some cases. This is a nice way to "bust the cache" ;)
There's a really cool philosophy paper "The reversal test: Eliminating status quo bias in applied ethics" - using a reversal like the one you describe (imagine a world where the opposite was true). But then the authors also do a double-reversal (imagine the world is identical to ours, but there's a policy about to be implemented which will make it into "mirror world" and we have the option to do nothing and let it happen, or act and prevent the reversal). Great thinking tool!
The guy providing the data in the CA scandal was a credible scientist at the Universities of Toronto and Cambridge. His social media data collection back then was considered part of his legitimate research activities. It was funded by research grants, and nobody had a problem with that. That is, until some of the data he collected was potentially used for political microtargeting.
The thing is, Facebook and the other social media companies have never had any real interest to support research projects that collect and analyze their data. Why should they?
However, since the public outrage over the CA event they basically have carte blanche to deny all these requests - even from seemingly credible scientists - and just say: "Hey, we just want to prevent another CA."
To get rid of search engines like Google and Bing we don't need to build a new internet - we just need to build new search engines.
E.g., how about an open source spider/crawler that anyone can run on their own machine continuously contributing towards a distributed index that can be queried in a p2p fashion. (Kind of like SETI@home but for stealing back the internet).
Just think about all the great things that researchers and data scientists could do if they had access to every single public Facebook/Twitter/Instagram post.
Okayokay ... also think about what Google and FB could do if they could access any data visible to anyone (but let's just ignore that for a moment ;)
