The Hermit Shrimp

2021.04.06

The corporate mosquito

What can be done about horrible companies with terrible policies in a post-human world? Evolution of course.

In the olden times, there was this well-respected creature called the "company man". He was the manufactured pinnacle perfect for a world in which businesses respected their workers as human beings who have families and consume food. Such an outlandish fantasy land that must have been. This creature would often be rewarded for his loyalty and determination and garner respect among even the highest heads of a company if he worked hard enough. He would pull up his bootstraps and climb the company ladder in the matter of years and his entrepreneurial spirit would be loved and adored by all.

Sounds like something out of a fantasy novel at this point. Now those who stick around are viewed as little more than "suckers" to be exploited for their manpower.

"Oh Bob? Yeah he's been here for years! He's obviously happy where he is! Otherwise he'd have left."

But don't you dare ask for a promotion or a raise. You should know already that that just makes you look greedy and unappreciative.

What's left at this point? Quite literally, "get good and get out". No matter where you are or what you do. If you have a boss, you're going to get shit on. The more bosses you have, the more insanity dribbles down through a sick game of telephone. So the only answer is to at least get enough pay to make the agony subside long enough for you to enjoy the rest of your life. (Self-employment is another option but just remember you're trading a handful of predictable idiots for bosses with hundreds of unpredictable idiots.)

Don't wait for promotions or raises. That's a boomerism; a relic of the past. Those only occur if someone above you leaves or dies and usually someone will get the position from another region first if there's an opening. Instead, find something that you don't entirely hate, Keep getting better at it, then every few years jump diagonally to another company. Never jump horizontally or you've cursed yourself to live in that caste forever. Will you become rich with this strategy? Probably not, but neither will you as a company man. But isn't it more exciting to live life knowing that you won't have to watch yourself become the company man who is stuck in his aimless rut for the rest of time when you can suck one company dry then hop to another one that will give you more?

The company man is dead. All hail the corporate mosquito.

2021.03.16

Company goals are a joke

There's nothing quite like watching executives writhe and twist to meet their own statements and goals. "But they are the company's goals". No. Not really. It's the Executives goals heaved upon their underlings without any question or forethought to the validity of the accomplishment.

"Increase sales by 5%!" Can we raise prices? No. Can we change the marketing campaign? No. Can we hire more people. No. Do we have to continue the same horrible strategy that you enforced for the past few years, continue to sugar coat a few numbers when we blow well below the goal, and then hope you don't have two connecting neurons to notice? Yes, of course.

This is truly the natural flow of thing I guess. Tribe leader says he needs more berries. Berry pickers go get more berries. "But tribe leader we live in the desert." "MORE BERRY NOW." It's almost as if that no matter your background and upbringing, once you hit a certain level of wealth, certain brain cells associated with scarcity and planning just seem to turn off. Sure we have plenty of higher ups that don't have that issue. They end up being the Bezos of the world, using their past knowledge of being less than rich to engineer a company to make full use of those who are not rich.

You just hate the rich!

Although I do have my issues with the mega rich (to be addressed some time in the future), they are absent from the discussion of glorified middle managers uplifted to making more than 6 digits a year in an area with an average income below 35k.

The workers should just work harder.

Classic boomer response. What's often missing from this statement is the ignorance of the environment and constraints which these goals are allowed to be executed on. Take for instance your standard cashier at your local big box store. Most of these stores have some sort of goal to push X amount of credit cards a month. Aside from this being a horrible and predatory practice to further the world's growing debt economy, is this really something a bottom-of-the-barrel-pay teenager working their first job should be doing? This isn't a goal that should be normal in decent human society, but in the world of executives, this is a brilliant plan to grow their 401k. So let's ask every single customer that comes through the line, "would you like to save 10% today by signing up for a Target credit card?" even though they are just picking up a couple vegetables in rush home from work to make dinner. Odds are that the cashier will be verbally assaulted at some point (and in some cases multiple times daily) by a customer for asking that damn question for the millionth time. It's not the cashier's fault. They are the last person in the world that wants to ask the question. And what customer in their right mind would be picking up a box of pasta and be like, "Hm. yeah. I DO want to save 10% on this purchase." If you think a customer would ever do that, you may be suffering from being a middle-to-upper-class manager/executive.

But aside from the fact that the goals themselves are often completely ridiculous, there is rarely any room for changes to be made to actually be able to meet said goal. For instance, instead of asking EVERY customer that comes through the line, maybe only target those that are spending more than $500 today? These customers would be "saving" $50 dollars signing up for that credit card. They could actually have a vested interest in that? No? Manager-man says ask everyone because other store does it? Okay. Now all the customers will instinctively hate this question regardless of it's worth to them. What if we made the interest rates less predatory or an awesome rewards system (that many people often forget even exist)? No? Doesn't make enough money? Another store does 40% interest rates so we should? Alrighty.

And don't you dare question the methods or you'll be targeted as the reason the goals weren't reached in the end. Black marks across the company. Special notes in your HR file. Whispers between regional managers. Next thing you know, you'll be getting slowly, yet gradually promoted to night shift until you're basically a creature of the night.

If you do not know already, in any business where's a significant enough separation of hierarchy between the bottom and the top, there is barely a way to affect change upward. I find that upward change can at most affect three layers upwards. Basically your boss's boss's boss. And that's on a good day and you're rising star employee. Most of us should be happy with breaching the first level. At this point it's up to that higher up to carry to metaphorical football up through their layers of influence. Most of the time, you'll find that since they have no skin in the game, they'll lose interest quickly, and if you remind then, you're in the fast lane to being on their shit list. Sometimes you can get lucky enough to rally your slave plantation to gain some attention, but that'll usually just end with corporation operatives suddenly making visits to your lowly establishment. Next thing you know, everyone stops talking about it and you're back to never meeting that credit card sales goal.

2021.01.30

Silence is not always a good thing.

What can you do when your end users are afraid to speak up.

I don't think this is a normal topic for a normal workplace. I also don't think any healthy workplace would ever experience this. Hell, I think this is the exact symptom of a terribly unhealthy work environment. A work environment that's so toxic that end users are terrified that they are going to get the stick if they even make a peep that a serious system issue is going down. My organization has been one that has slowly instituted this kind of fear over the past few years and the Covid layouts accelerated the issue faster than I could have ever imagined. Who would've thought that having a suggestion, idea, or issue would cause upper management to come kick in your door and give you the third degree.

The best way I can describe what is happening is with an old Japanese saying, "The nail that sticks out gets hammered." Which if you do into the backstory of the quote, the original translated meaning is closer to, "People who try to set themselves apart from the crowd will be pulled down in envy by those around them" which is still quite applicable here. (Also, almost the same definition as crab mentality if you want to dive even further.) Luckily, this isn't happening directly to my department, however, I do have to deal directly with the users that are experiencing this environment.

There's several reasons that I can percieve as what's causing this problem, but I'll just refer to the elephants in the room. The first one is everyone's attempt to not be known. At this organization, whenever there are any kinds of cuts or layoffs they almost always seem to hit those who generally are quite well known and liked by a large amount of the population that is downstream from the person. We have had (yes, past tense) a lot of really good people who did really well at their jobs and had great relationships with those around them. Immediately, any normal person would ask, "Wait, why is this person's head on the block?" The answer starts right from the top.

Executives come up with dumb ideas. Yes-men formulate these ideas into dumb plans. Executives approve these dumb plans with dumb modifications. Then the dumb plan is assigned to someone who isn't in the graces of the upper echelon.

This is truly the modern corporation at work. We can all sort of guess what happens next, the person bungles the project, higher ups give no assistance, and then they are off to the guillotine in no time. This has become such a common occurance that most people are afraid to achieve anything past the bare minimum. Rarely is any form of achievement rewarded and even if someone achieves something, upper management swoops in and grabs it to curry favor with the nearest caeser. Eventually this also flowed over into fear of doing anything outside of the ordinary to almost the point that they feel shameful for just asking to get their account unlocked after forgetting a password.

This is where it starts to get messy for me. We roll out updates to our internal applications constantly and we've been sort of running on a skeleton crew with little to no QA/QC since executives thought it would be a good idea to completely axe that entire group when Covid hit. I beat the heck out of my code before I let it into the wild, but without a second pair of eyes, I still miss quite a few things that I'm left scrambling to fix afterwards. That is, if I'm even notified. A lot of our staff have just stopped reporting issues completely for fear that there's any escalation to their supervisor. This means there can be crippling issues eating hours of productivity and I'd never know about it. Some departments have just outright dropped using an application just so that they didn't have any conflict rather than make a small request that eventually took me less than an hour to implement. (You'd think this kind of behavior wouldn't be possible but it's the wild west out there for all I know.) The general populace is so focused on not making a single peep that they do everything possible to avoid any communication.

As always, this comes back to a toxic work environment. Sure, I didn't cause it. But it's my problem. But how do you work with a dysfunctional mess like this? Well, you get creative and personable. So the first thing we learned in the story is the avoid the big shakers and movers. Generally, this would usually be the opposite as you suckle from the teet of your boss hoping for him to bestow a nickle raise upon you. But in the world of Covid, none of that matters anymore. Just revealing yourself is the same as asking for a pay cut at this point. So what do you do? Well, you'll need to find someone who's willing to talk. Most are too afraid. Some are just plain incompetent. But eventually you'll find someone worth your time.

The plan is to go straight to the people who will be using the systems and ask them how they're doing. Screw the managers. They probably don't even know 90% of what happens aside from the pretty report it dumps out once a month. Screw surveys. Surveys can say that they are anonymous but nobody trusts that especially when their job is on the line. Screw meetings. People are there to eat then leave. No, what you need to do is have relationships with people of various levels who use your applications.

Sadly, a great population of my contacts have been cut, but I still have a few people here and there that I can rely on to tell me that something serious is happening. Most of them communicate outside of any sort of ticketing system and you'll usually get a direct email with nobody else on it, but that's fine.

Because they know I don't care about office politics and I don't pass info upstream unless absolutely necessary, I'm a safe haven for complaints and requests.

They're choosing to do it this way for their own safety. It might seem obnoxious or that they are jumping the line, but in the situation that they are in it's usually just to protect themselves.

"But that's not protocol." Okay and? If the protocols are causing the issue, then they are broken and just like our users, you have to find work arounds. And I'm not saying that you have to be buddy buddy best friends with these people. I'm just saying it's good to keep them at arms length where they feel they can send you something that they came across. If I didn't have that much, I'd be completely blind to what's happening outside my department. "But that's your boss's job." Why filter-feed 3-day old information from someone who barely cares? Sometimes you need to make your own destiny and if that means shifting priorities around a little, well then, sometimes it has to be done.

2020.12.22

Dear Users: "It Broke" is not enough anymore.

Also, know as, "typing is hard. Do it for me."

Picture it now. It's Sunday morning around 8:00 AM. You wake up, start preparing breakfast, and you get an email notification from your work email. You know it's probably nothing important because it's not a direct message from your boss so you continue on with your life. A few minutes later, you get a direct message from your boss. You sigh and open your phone to see what's up. "One of our executives is having issue with his machine. this is an urgent issue. I have went ahead and assigned the work order to you. You don't have to do it right now. Just an FYI." Yes, the codewords of "you don't have to do it right now", also known as "the boss man is breathing down my neck and I need a paper trail to prove that I'm trying to do anything of worth to appease him." So, of course, you jump on the saddle and take a look at this work order that was submitted.

"I was working on my machine yesterday and now it doesn't work. HELP URGENT."

Nothing else. No description, no times when it started, not even a blurry picture taken on an iPhone showing that the computer is still even in our realm of existence. You now have to plod onward on your aimless task of squeezing information out of this person like a terrorist in Guantanamo Bay for the rest of your Sunday morning just to find out they didn't realize that a laptop needs to be plugged in to be charged.

Beside the point that a basic computer literacy test should be given to anyone who needs to touch a computer on a regular basis, we just tend to ignore the fact that we were gifted a wild goose chase. I know that the car-mechanic-computer-technician example has been bludgeoned into everyone's brains over the years, however, I will walk through the exercise once more.

Let's say you take your car to the mechanic and you're able to provide about as much detail as most end users provide to their computer technician.

Mechanic: "What seems to be the problem?"

User: "It broke."

Mechanic: "What were you doing when it broke?"

User: "I forgot. That was yesterday. I'm very busy and can't remember everything I do."

Mechanic: "Does it start up?"

User: "How would I know?"

Mechanic: "Does it make any kind of strange noises?"

User: "I wasn't paying attention so I don't know."

Mechanic: "Can you bring it in so that I can look at it?"

User: "I have a bunch of meetings. I'm very busy all of the time so no."

Mechanic: "I can't really help you then."

User: "What do you mean you can't help me aren't you an expert?!"

This is almost an exact rendition of what anyone who works in technology has to go through several times of day every day. This isn't a rant about how IT is the smartest people in the room and everyone should bow before us. No, this is rather pointing out that we want to provide you a better service. IT wants you to get back on your feet as fast as possible, because the sooner you're back to work, the lower the chance of someone yelling at us for something that's not our fault.

Okay, now that we've hammered the issue into the ground, what can both sides do to help? Let's start with the IT side.

What can IT do?

Work orders are a magical ticket into the world where miracles happen for anyone outside of IT. For those who work under the umbrella of IT, they are your daily lashings so that you know your place in the world. Most organizations generally have a very, very simple work order system where you just submit an email to help@company.com. Seems harmless in theory, doesn't it? Surely nothing could go wrong with letting end users dump un-validated and unstructured data into a bucket. That has never hurt any process ever.

Let's go ahead and make birthday fields a text area while we're at it.

I find that the biggest issue during the entire work order process is the creation. Not just users but humans as a whole will always move towards the point of least effort and if you allow, 1% effort, you will get 1% effort. This is where you can get creative with your process to save yourself a headache later. Many work order software come with the ability to set up a sort of "Q&A" structure where the user is presented a list of choices or asked to fill in the field in steps, so that information gathering can be done right up front rather than having to fish down this data from endless emails and missed phone calls. This also allows the user to enter in the information when it is most fresh in their mind. Once a two hour meeting happens, most users will have already forgotten that they even submitted a work order, much less any of the information around said problem. Needless to say, this is sort of a "leading the horse to water" situation, which most will feel obligated to at least take a sip, but we'll always have some that will prefer to thirst to death and, honestly, good riddance to them.

But what can users do?

They've made it quite apparent that anything beyond an email and a phone call is absolute black magic because "I'm not a expert." Well, they can start with what they do (hopefully) know. Start with the simple things: who, what, when, where, and how. I, personally, hope that this is still a fairly common skillset that even most elementary school student can grasp.

Who are you?

Yes, many people tend to forget to let us know. Email or username is plenty for most occasions. And before you say it, yes, I know there are users who have difficulty with this one. I'm pretending to ignore that right now. Also, stop sending your password in IT. Nobody in IT will ever ask for this.

When did this occur?

A good date and time can greatly help the troubleshooting. We can run through error, activity, etc. logs around that period to see if there was an issue that may have affected you.

Where did this occur?

Especially, in the age of covid remote working, this is very nice to know. Whether you're at work or home or what office and/or building you're working at. Simple bits of info that help paint a much more complex issue.

What happened and how?

I'm combining these two because they tend to blend together in a cause-effect reaction similar to Mentos and Coke. This is also where the "it broke" does not cut it anymore. Just like you would tell a mechanic that "the car started feeling wobbly", you would provide the information that you know in the language that you know.

Sure, saying that the car is "wobbly" feels really stupid and uneducated to you, but to an experience mechanic, he's probably already narrowed down the possible issue to a list of the 10 most common wobbly issues.

Just saying something that you may feel dumb saying such as "I was clicking the red x and nothing was happening" is a huge amount of information to someone trying to track down the issue. If you even added what you said before like, "I clicked save, then...", you're practically one step away from fixing the machine yourself at that point. Sure it's not a technical description. Sure, it's not what you think one expert would say to another.

Don't worry most experts sound stupid too.

But these little tidbits of what you know combined with what I know is a undefeatable force know as, basic human communication.

2020.12.17

Nobody Cares About Security

At least anybody who can expense it.

Once again, I have been blown off by managers and other assorted budgets handlers about the potential of major security issues throughout our ecosystem.

"Why do you care? You're just a developer." -t. Managers Everywhere

Well, aside from not only my job and livelihood riding on the security of our data, but everyone in this department's jobs and livelihoods, not much aside from a our customer's own personal information. But, hey, Yahoo doesn't mind letting that data bleed out every few years so why should I care? I know that's a pretty tall order to protect what we've been tasked to protect. I know it's even harder to spend a budget to benefit our job security. Especially when there's a new Keurig model coming out. But is security really where we should be skimping?

I'll give a little background here. I am a cheap developer. I'm talking really REALLY cheap. I've built internal products and libraries off the clock just so that we don't have to pay for external products and services. I've made vendors bend over backwards and give 50%-75% discounts just to get our business. I don't bill gas when I have to travel all over for meetings, trainings, and other whatnot. My office chair is practically falling apart from sheer age and wear while most of my other coworkers replace their workspaces almost bi-yearly. Hell, I do the most high-end computer work in the office yet have the cheapest computer. Sure I'm going full clown by trying to make my workplace better than when I joined, but I also don't want to be the one who's name shows up when the boss man starts asking where expenses are coming from. But security is the one thing is something that I just can't get anybody with a GL code to even acknowledge.

But you're a developer. Shouldn't you know all this security stuff?

I'm not saying I don't know security. I know quite a bit to be honest. Sure I can't quote OWASPs security recomendation of the hour, but I'm not completely out of the loop. Most of what I know is simply because I have to touch pretty much every inch of our software achitecture (and some of the hardware depending on who feels like working that day). But I know what I know and I know that I'm not an expert in this field. I'm constantly learning and implementing new security procedures, patches, and policies to further secure my environment. I'd say 75% of the security work I do should be falling under our network engineers (yes, I'm even managing network and server infrastructure), but they're far too busy letting SSL certificates expire and not letting anyone else be on the reminders for them.

For the love of God, don't let SSL certs expire. Put everyone in IT on the reminder if you have to.

But even with all this effort being put in, I still couldn't do 10% of someone who's truly an expert in the realm of security.

"Shouldn't you bring this up to the network engineers? A large amount of this definitely falls under their responsibilities." Is this the part where I start laughing? No? Okay sure. I'll go talk to them. "Yeah, we're real busy with this project that, you know how it is. Send me an email and I'll get around to it." Ah, yes. The email inbox which you recently bragged about it hitting 50,000 unread messages. The one where system critical messages are squirreled away so that we can find about them two weeks later. Cool. Yeah. I'll send an email there.

The fun fact that I've learned about network engineers in my own personal experiences is that they don't care unless they are told to care. Maybe others have much better interactions. I hope so for the sanity of everyone everywhere, but I've yet to see it and I would classify them with bigfoot and unicorns at this point.

"Have you tried bringing this up with higher ups?" The issue with managers, is that they are terrified that something horrible will be exposed and that they will be sent packing. In their mind, this purposeful ignorance is a survival tactic. From the point of view of a specialist, it's oftentimes hard to understand that 95% of managers fall into the the "Yep, I've managed a thing at one time" category and HR departments everywhere can plug the first one that meets the bare minimum requirements in.

I've learned over time that managers aren't as worried about getting executed, but rather, how long they can smoke that final cigarette before the trigger is pulled.

I don't even feel as if I'm asking for that much to be honest. I'm simply pushing for us to have a security audit. "Wait. Just a security audit? Are you implying that you've never had a security aduit?" most may ask, and all I can reply with is a sigh and a nod at this point. I'm managing a spaghetti of questionable project decisions and archaic vendor applications from long before I started, with a nice layer of swiss cheese security on top of it, while I wait for the day of the guillotine. Honestly, the entire department should be bringing up the same concerns. But we all know how it goes.

If executives, don't understand, management doesn't care, and if management doesn't care, then that money is spent on Zoom business licenses. (Even though we've never used features outside of the Basic plan.)

At this point I'm not sure if it's the ignorance or obsolescence of those in charge. Honestly, I don't even care anymore. We live in a world where organizations are getting hit by attacks every day. We get cryptolocker'd on a regular basis and luckily it's only been very limited accounts from low-level users where we can just purge and move on, but one day, I'll be writing this from an unemployment line even though I'm the loudest canary that any coal miner has ever heard. I guess the point that I want to make here is,

if you're not auditing, you're not living

That might seem a little extreme but knowing you can come into work any day and be fired for what was probably an incredibly simple to remedy security issue is quite terrifying.