So that's probably a sign that your team culture and management isn't the best... Healthy teams communicate a lot and really get to know each other, whether in person or remote. Ideally with regular in-person meetups to reinforce those working relationships.

If you're just throwing work over the fence and it takes network analysis to figure out who's doing it...then maybe you should just be hiring a contractor anyway.

Yeah I similarly find this baffling. This very flatly would not work in any job I've had, whether in person or remote.

I have worked in places where this would work...all terrible places that usually had someone with a "maverick" view of how organizations worked derived from reading Warhammer books or something.

> with a "maverick" view of how organizations worked derived from reading Warhammer books or something

Did they want to serve the god emperor of SAAS?

We all believe that using recruitment software is sufficient to prevent fraudulent candidates from being hired and that's what makes it true.

Yep. It started with COVID where understandably 100% of interviews were remote.

But now with COVID a thing of the past, for "fairness" reasons (DEI?) we still do 100% remote interviews, but now have the ludicrous situation where we're asking interviewers to do absurd things like look for the reflections in the candidates' eyes/glasses to see if they're using ChatGPT, ask the candidate to swing the webcam around to make sure there are not other people in the room, ask them to hold their hands up to the camera to show they're not typing a prompt (which is even more stupid than it sounds because voice recognition is amazing these days), or ask them not to look away from the camera when answering questions (so not reading answers from another monitor) and other stupid things. How ridiculous.

The sooner we get back to in-person interviews the better. Get them to come to the office (which they'll need to do one day if they get the job) and sit next to them while they code on a work laptop).

Sorry to all those folks who want 100% remote, but this is why we can't have nice things.

And similarly forbid them from using AIs while they code on that work laptop in person? Are employees forbidden from using AIs for work? If not, why require that during evaluation? If it's not required during evaluation in person, why require it remotely?

(I don't know the answers to how to interview in this brave new world, but I'm increasingly skeptical of forbidding tools that people will be using for the job.)

Because job interviews don't test real-world programming skills, which is a whole other issue.

The closer you can get to doing so, the better.

I think the best interview question, and really the only one you need to determine technical ability is ask someone to describe a http request in as much detail as possible.

To write code (even with the benefit of AI) effectively you need a mental model of the systems you work with, reading the chatGPT response doesn't prove you have that.

That's a stupid interview question for the vast majority of software jobs. Many people don't work with HTTP or web software at all.

So replace it with something from the relevant field.

Yes, technical interview questions should be relevant to the job field. What's your point?

The hard part is selecting good questions that act as reliable predictors of actual job performance. Very few hiring managers can do that reliably, although many fool themselves into believing that they can.

The point is that someone gave a specific example of the much more general concept of probing for mental model by way of detailed explanation of a process he ought to be familiar with. You objected to the specific details - knowledge of HTTP. That's not an indictment of the general approach.

That said ML models have gotten to the point where I'd have to disagree with OP that this approach will necessarily filter their use. However there are plenty of available mitigations, from latency of response to requiring a video feed that fully covers the candidate, his screen, and his keyboard.

It was a stupid example.

The "what happens when I enter facebook.com in the browser and hit enter" is/was a well-known FAANG question a few years back so I would expect that all the LLMs are well versed in it, as will be NK infiltrators

If you want to work as a clerk at Target, the video is not even an interview, it’s a one-way audition you record to be judged anonymously.

My suspicion is that it's purely monetary and driven by the finance people.

a) Don't have to pay to fly candidates out, pay for their hotel, etc.

b) Don't have to pay relocation

c) Get access to a larger pool of candidates, so can price the wages lower than local wages would require

My last company there was a top down directive that in-person interviews were straight up not allowed, everything had to be over Zoom. Even for local candidates, for a job that was supposed to be in-person! Completely crazy IMO.

The advantage of a larger pool of candidates is not mostly a financial benefit, IMO. The benefit is mostly the ability to hire from a larger pool of people especially with a specialized skillset, and also to have less of an echo chamber.

But yes, that directive to interview local candidates over zoom does seem very silly.

My experience is that yes it opens up the wider pool, but it makes the filtering process much more difficult in trade.

Opening up the wider pool without the in person interview is where things hit the wall since the filtering criteria everyone learned over their careers went out the door thanks to the online interview process. And the online interview process is much more subject to cheating--not exactly a huge concern in-person.

I agree that there's a trade-off in filtering, but I really just don't resonate with this "cheating" issue.

I haven't run into this thing where I'm talking to a video AI, but maybe I'll sing a different tune if that ever happens and is high fidelity enough to trick me.

If "cheating" just means using AI assistants to answer my interview questions, honestly I think I've done a poor job structuring the question and interview.

I do recognize this as a giant challenge right now, to structure interviews in a way that provides real signal, while allowing candidates to use the tools they'll actually be using for the job. But I don't think the challenge is significantly different between remote and in-person.

What is the local pool like?

If you want a software engineer silicone valley you can stay all local. There are companies in remote small towns who need a software engineer - they have to open up to non-local candidates as there are zero people in town who could do the job that don't work for them. There is always someone from elsewhere excited to move to a small town, but finding those people is hard. (and for those people finding a company that wants them is hard)

I'm in a tech hub so the local pool is wide and deep. But I was flown up for an interview, and I've known other people who were flown out, were hired, and have become locals.

This didn't used to be a huge problem.

Only a) is valid, as you can fly candidates for interviews and have them go back to their home city to work remotely.

Yeah after a disastrous remote hire I started requiring in-person 2nd round interviews. Company policy is that all future hires are hybrid only (not that we or anyone else is hiring these days...) so it just makes sense.

For developers I share my screen on MS Teams so everyone can watch, then hand them my laptop with Visual Studio. They've got 90 minutes to complete a small assignment while we look at them code - Google is allowed, so is copying and pasting from Stack Overflow, and we'll probably allow Copilot as well. The code needs to run and return the expected results. One candidate said, "this was great, it felt like real work".

For cloud admins, our Devops lead creates a new resource group, hands over his laptop, and we ask them to create a few resources and do the network and authentication to make them talk to each other. Most candidates can't do that anymore - we're finding they've become Terraform operators that don't know how the underlying technology works.

COVID isn't in the past, just no one doing anything about it. :)

The 1918 Pandemic is still around, too... A/H1N1

Different species, you can't generalize like that. It's pretty unclear what actually happened with H1N1. Scientists were able to resurrect the more virulent strain in the lab two decades ago and it was just as potent in lab animals...

Two possibilities are that it did in fact mutate to become "milder" or those strains were already circulating. Either way, H1N1 killed so quickly it ran out of victims and the highly lethal strain went extinct. Another notable aspect of H1N1 is that is mostly didn't kill directly, it made victims weaker to opportunistic lung infections and that's what killed them. Antibiotics have made this kind of attack vector much more difficult for viruses.

Omicron is only loosely analogous to the "flu fairy tale" as the major threat is Long COVID now and it is circulating at high levels. Other viruses have had vastly different natural histories, 1918 is only a single reference point, and a muddy one at that.

I was under the impression that it mostly killed by causing cytokine storms.

I won't claim to be an expert on 1918 influenza, but here's a reference for the claim I was making: https://pmc.ncbi.nlm.nih.gov/articles/PMC5481322/

After reading this, I am less sure of the claim "most", but it seems that opportunistic infection was an important factor. There were a few unpleasant ways to die...

I had a colleague doing this in 2006, and he wasn't remote. He would just sit playing games on his phone all day yet he would check in code. I could never figure it out, so I just asked him and he showed me the chat window to his friend back in the Czech Republic that he paid 25% of his wages to each month.

I'm not sure I'm really against this! --IF-- the company is happy with the results and code being delivered, and the compensation they are paying for that code, what is the actual, meaningful business difference between whether your colleague wrote it or the Czech guy wrote it?

I'm not asking what the moral or ethical difference is. They're paying for engineering output, and if they are getting that output, why does it really matter whose fingers are typing it in?

I can think of a few reasons, most obviously that it's a security nightmare - you've got a non-employee accessing and modifying your company's code and possibly having access to customer data. Some shops might not care about this, but it's ridiculously irresponsible in principle.

What if, instead, the guy was 100% honest and up front about it, and offered to enroll the Czech guy in all security checks that any other contractor would get, and treat them legally as any contractor would be treated?

I wouldn't see anything wrong with this, but I would be willing to bet that 99% of companies would not go along with it--for reasons I'm not sure I understand.

If they were ok with doing the work to bring in the overseas person in the first place why should they hire their onshore cutout? To do it legally would be a whole mess of getting involved in business in a new country.

The main problem is at that point the US guy is operating outside the model of being a direct employee of the company. He's operating as a contracting vendor.

There's legal aspects to the employer-employee relationship that are different than the company-vendor relationship.

Even reporting the pay to the IRS as personal income would probably be legally problematic, because from a legal aspect a vendor is being paid for a service not an individual receiving income from an employer.

Typically, employers expect more in return for your salary than engineering output - they pay for employees to be engaged with the business, learn it, become subject matter experts, so that their value over time increases and they deliver more than just the engineering. When all your need is engineering output, you hire contractors.

At the same time, you are correct that it doesn't matter who is typing it. One of my favorite setups I've worked under is where throwing it over the fence is explicit - where a small team of employees each has their own small team of contractors. The management doesn't care who does what, as long as the work gets done, so we were free to parcel work out to our contractors as we saw fit, and that the institutional knowledge stayed baked into our heads.

Ironically if he told management that he's able to manage a remote team which provides the same amount of work for 25% cost there's a good chance they give him a raise and promotion to outsourcing manager /s

I don't think this has anything to do with remote vs. onsite work. It has more to do with remote vs. onsite interviews. A thorough onsite interview should catch all of these fake candidates. Companies should be doing at least one onsite interview regardless of whether the role itself is remote or onsite.

A very easy way to verify a remote candidate's identity is to buy them a plane ticket to an in person interview.

If they cannot board a plane using their claimed identity from their claimed city of origin, you can stop there.

Only if they are 100% fake as opposed to farming out work to someone else. I can turn up to an interview in person no problem. When hired I just have the person in India use my name/picture and do the work.

Of course if they hire me as opposed to that person in India directly there is likely a reason they wanted someone in the US. Often those reasons are legal and somewhere a law is being broken.

Easy, but expensive way.

Are you really going to do this for all candidates that make it to the final round of interview?

Are you also going to compensate the time for the candidate if he doesn't get selected?

Unless what you're proposing is more a formality, and that unless the person doesn't show up he's guaranteed to get the job.

By the time someone gets to the on-site interview, the job should be "theirs to lose." You wouldn't be spending the cost of an on-site trip for every candidate that shows some promise during the distance interviews--you'd do it for those very few you're ready to give offers to already, but just want to double check a few in-person soft-skills things (and now, want to double check that he is who he says he is).

A friend of mine's company is completely remote only, but they use a shared workspace to conduct interviews for exactly this reason.

Totally agreed. The number of "engineers" who try to cheat their way through interviews, juggle multiple jobs without disclosing them makes it a total nightmare.

I've heard through the grapevine of some designers (one who worked at Shopify) getting caught using Fiverr (or something similar) to farm out all of their work.

Despite all the weird crazy dog and pony show and jumping through hoops that most companies do now, most companies are abysmal at hiring.

What can you do during the hiring process to know that this amazing person, who aces every part of the interview, will farm out their work to cheap subcontractors?

Nothing I guess? Except that they will continue to be vetted after being hired for the quality of their work.

just spitballing but even if someone has a remote computer after getting hired, and is onboarded they should not have access to sensitive systems. So while you can't completely prevent the possibility of hiring a malicious actor security should not simply be on/off. The register article mentioned how after these devs were hired they were immediately able to kick off their plans. I think security is not structured properly if that is the case.

It's hard. I mentioned in another comment I had a work colleague in 2006 who farmed out all his work. He was capable of doing the job, but it was simply more enjoyable for him to play video games all day while someone else did the work for 25% of his salary.

The thing I'm always curious about with this is: What is the actual bad thing happening here?

Is the subcontracted work not good enough? Well, then the problem is that the work is not good enough.

Is the person not contributing in other ways that you want them to contribute because they have other jobs? (eg. chat conversations, meetings, team building, etc.) Well, then the problem is that they aren't making those contributions.

Or is it just that you're paying them more than you would have to pay the subcontractors if you found and managed them yourself? Well, then you are totally free to skip the middleman and do that yourself. But there is, actually, value in finding and managing freelance work. I certainly don't want to do that myself! If someone is good at doing that, and the quality of the work they are managing is acceptable to me, then it seems like they might be earning their paycheck?

I do get that the dishonesty element is bad in and of itself, but I honestly wonder whether, if this is a problem a firm is having, they should consider hiring the work out to subcontractors, without any subterfuge.

Where I work, it would be sharing of credentials and lying (or at least being dishonest) about who did the work.

Yeah I hear that. My underlying point here is: Maybe you don't actually need a full time employee doing this job, if someone can successfully do it by spending a little time farming out to subcontractors.

The funny part is that in these stories about fake candidates using a whole team of people, it sounds like they are actually successful in doing the work, something that had not been achieved in software dev outsourcing before

It's only "successful" because there's an alternative, presumably-nefarious funding stream from a third party who wants to gain access to IP/user data/influential functionality.

It's essentially a subsidy heavily distorting a very specific market.

Are they? I suspect someone I used to work with was outsourcing. They did great on the interview but their on the job performance wasn't nearly as good.

Some people did this with in-office too I think, some years ago. Some people actually had two jobs, both sort of in-office. It's still possible to pull the tricks.

The rate of this happening has got to be so low it's negligible.

I agree. It's kinda hard to pull this off. Just saying.

The common pattern of requiring three days a week of in-office time makes it much harder.

Don’t forget remote workers who are required to work in one area and then travel to restricted areas and continue to work.

Between this and legit candidates cheating with AI, I think we'll soon see the return of on-site interviews - even for remote positions.

Unless you're in a regulated industry, you might just have a new cost reduction strategy presented to you.

This isn't necessarily the issue here -- this attempt seemed to be fairly motivated and had access to resources (AI, coaches, ...) to help them get through the process.

IF they can get such a 'candidate' hired... whats to say they couldn't continue the sham. One could imagine a team of hackers could easily pass of work that a single IC could reasonably have produced.

If their goal is exfiltration (or some other hack) of a {bitcoin exchange, govt, ...} actually putting in {weeks/months/year[s]} of actual work to insert someone into the right position at the right company is insanely worth it.

Do you not have regular calls with teammates?

Sure I guess someone could physically turned up to an office to collect a laptop, be onboarded, get ID checked, then dial in to a few hours of meetings a week, muddle through any questions, rely on the team back at base helping, turn up in person to team get togethers every few months and manage to bluff their way through. It's not unprecedented - Frank Abagnale was running that type of con decades ago, Russia had the "Illegals" program of deep cover spies.

That's not exactly low cost.

Those regular calls is what limits how many places you can work for. You full time job becomes holding those calls, plus knowing just enough about the problem to sound intelligent. You can probably work 4 jobs this way.

Not just planned calls, random unplanned "jump on a huddle for a few minutes" ones at 11:42.

If you're working in another company and on a team meeting there, you're going to get caught pretty quick.

Yeah, that feels more right, and feels like a problem that is only going to get worse.

I also can’t imagine this not getting caught if not in the interview process surely during every day work. Maybe this says more about their work culture and not actually connecting with co workers. Perhaps the manager was just garbage who knows.

On their first day, they will get a lot of accounts, if they syphon data and m set up backdoors quickly, one day could be enough to cause a good chunk of the damage.

Saddens me a bit. I like to trust hires and give them pretty wide access to everything. For my own company, I've so far only hired people I worked with in the past, but when hiring strangers remotely, I'll probably have to rethink my trust-first model.

True, personally I have never gotten much of my access the first day, week or even month but it's certainly possible. Not sure though if syphoning data is the main goal here though as opposed to 1) syphoning money to NK or 2) planting backdoors.

Hate to be that guy, but.. what’s the problem? The work is getting done for the price you agreed on. You care how it’s done suddenly?

If AI does it, it’s the best thing since sliced bread.

I’m sorry but capitalists that want to have it both ways annoy me. Agree on what gets delivered for how much and get out of the way. The “employer” mindset doesn’t jive with capitalism ya’ll are so fond of.

An arrangement like that is probably violating data protection rules that everybody agreed on. In my company, customer data must not leave company systems, let alone the country.

I get the security issues, but let’s be honest. It’s not about that.

The poster included a sneer about “work”. This is about something else.

If you don't want to be an employee then don't sign an employment contract.

Ah, now suddenly you not only need to deliver work but you need to behave in a certain non-specified way. The contract then should arrange for that and perhaps pay extra because it’s a sign of dysfunction.

It may cause the company to violate data protection, privacy, labor, and tax laws.