> a former interim IT manager still had an email client connected via token authentication - with access to all messages. And that person had signed the original contract with the provider years before. Informally questioned, he admitted contacting them "to warn them" but claimed it was harmless.
This kind of behavior rubs me the wrong way. People leaking stuff, breaking compliance and then say - It was just harmless.
I work with a Director who has done something similar multiple times. The chain of events often is - She attends an industry conferences, there she learns about a piece of software, she goes ahead and schedules product demos and solicits a contract. She then contacts the only outsourcing agency she is aware of and promises to give them the implementation contract. Then reaches out as she doesn't have the authority to sign those contracts.
Since the time I have been responsible for product selection this has happened twice. Both times I have been under different managers. Both managers have insisted it was harmless.
Last time this happened the Director was told by promising work and soliciting contracts she was in gross non compliance of the company policies. Her response showed how little she cared. As per her, this was an internal matter and no one could punish her.
Later when we evaluated the product and it promised to "get better with time". All the company's data was being ingested into an AI without regard for enterprise data security rules. Even then her response was - What is the big deal? Everyone reads everyone's data. Legal got involved and shut it down - they asked the product to turn off AI features for our instances.
It is really hard to contend against a malicious or dumb team mate. In a corporate setting if they are higher than you then it is even more difficult. They can chalk it up to a harmless mistake and no one can do a thing.
I worked for two very large fortune 100 companies. Both of them had people in management quite obviously taking personal kickbacks from vendors. Sometimes right out in the open. I would loudly point it out in meetings, which got me uninvited from a bunch of meetings.
What you're describing the director do sounds like the favorite pastime of HR directors. They just love going out and changing up the performance review software every couple years without consulting anyone else and paying enormous amounts of money for it. At least the current favorite for this (Lattice) has decent UX versus some of the past ones I saw used all over (PeopleSoft in particular)
Sounds like Oracle. Of course, they're much more clever about how they do it but always recommend people stay as far away from any of their products as possible.
> The request was simple: “Evaluate this solution, and if it’s suitable, we’ll migrate.”.
This took me a few tries to figure out. "This solution" is the open source stack without the vendor from the previous paragraph. I thought it was including the vendor and got very confused when more comparisons started to happen.
The author says the company is very litigious. He probably doesn't want them suing him on a personal basis, which makes a lot of sense. Keep in mind their own directors wouldn't pick a fight with this company themselves.
I hope one day we get to see real names in this story.
> to protect the privacy of the people and companies involved
Companies get privacy rights now?
Snark aside, I think I understand how this person feels.
I once worked for a company that did something abhorrent during a natural disaster. I spoke up and was reprimanded, while my coworkers just sat there and accepted it. I came very close to losing my job, and ended up leaving the company at my first opportunity.
It was 20 years ago, and I keep meaning to write an article about it, but never do. It's not that you want to protect the company, or that you're afraid of being sued. But there's something that weighs on you when you think about actually putting the words down.
It's all a decade or more old, so what's the point? Nobody will be held to account. The company is no longer under the same leadership (or even the same name).
My personal blog has a dead-man's switch that will reveal a number of ugly things about several of the companies for which I've worked. But who cares? That's part of the weight. What good will it do? If, by some remote chance, someone reads it, it will only make them mad. How does that help anything?
But I'm also one of those people on HN who's always crying "name and shame." So, I'm a hypocrite. Such is life.
It doesn't help that really everyone already understands that basically every company is completely devoid of morality and ethics. Noone who pays attention is surprised or shocked at companies taking advantage of disasters. They're not even above manufacturing the disaster themselves if they think they'll get away with it. Reporting on what they do feels like screaming into the void.
The minefield is just the reality of the Italian business landscape. In a country dominated by small companies run by families and friends, this sort of thing happens every other day.
In that particular story, if true, I bet the writer is a relative of someone in the branch of police dedicated to tax checks (the much-feared Guardia di Finanza, who effectively wields power of life and death over most small businesses).
There are plenty of projects like that. Gitlab, for example, has an open-source "Community Edition" and then "Premium" and "Ultimate" editions which they charge for.
I think it's one of these "reading the letter of the law" instances. European laws (or rather, laws in European countries) often mandate public sector to use open source. The reasons vary, some of them are about promoting interoperability, and avoiding vendor lock-in, digital sovereignty, and the EU commission has a principle of "public money = public code".
So using open source on someone else's computer technically fulfills that requirement, without completing some of the reasons why the requirement exist (vendor lock-in in this particular instance is particularly laughable).
Yup, even for smaller business stuff. For a non-profit I'm on the board of, the staff wanted a more useful printer/copy machine than just a store bought thing, it's a small office, so I said sure find something and let us know.
So I get a contract and am told it's been vetted and I should sign it. What I found was outrageous.
- If we cancelled for any reason, including if they just didn't do any of there terms in the contract, we owed the full price of the remaining contract immediately.
- The way they structured it was also as a rental, so we were paying full price for purchase of the equipment embedded into the term of the contract, but it was the vendors equipment, so if we cancelled we still paid them full price for the equipment, and they got to keep it.
- If there were any legal disputes, no matter which party was at fault, my side would pay for all the lawyers.
I said nope, can't do it. And my staff were pissed at me for like a year because everyone just signs those things.
I’m also on a nonprofit board. They have an independent LLC and an independent nonprofit which signs contracts for various services like that, and then contracts with the “real” nonprofit to actually use the services. Was advised to set it up this way by an experienced nonprofit consultant.
We had to shred a bad contract (oddly enough, also for a printer / copier) and simply abandoned the LLC and declared it defunct. The service provider never has even showed up to pick up the printer. It was a pay per page contract where they unilaterally raised the price about 200% for no reason.
We also abandoned a water cooler and water cooler service after the vendor simply refused to answer our requests to end the service. (It’s $20 a month. There was no long term contract signed.) Apparently nonprofits are a target for this sort of thing, so we now don’t even mention we are a nonprofit and handle business relationships via the LLC.
I get why your staff would be pissed because dealing with a crappy printer/scanner is the bane of a lot of office workers' existence... but they must have been able to find a better vendor or something off the shelf which supported the features they needed right? What special feature could they possibly offer to make them brave enough to put all those terms in their contract?
So make sure you fully read the fine print before signing an agreement for something.
The article makes it sound like that wouldn't have helped.
It states that the terms of the contract were "unilaterally" changed, without anyone being told -- Something that the tech industry has normalized.
Reading the fine print of the signed contract wouldn't have helped, since the contract changed since then.
These days you're lucky if you even get an e-mail saying "Our terms of service have changed, and if you don't like it, tough noogies." People who are not lawyers on HN will say it's illegal, yet it still happens constantly, and doesn't seem to have been struck down in any court, or it wouldn't keep happening.
If you sign such a contract then you have already screwed up. Note that terms of service and licenses are not the same thing as such contracts and are a bit more limited legally (heck, such a clause in a full-on contract is already on shaky ground)
I'm curious about about how the "unilateral amendment" works. If you didn't like the fine print in it, do you have to give your six month termination notice then and there?
If they unilaterally amend the contract to go from 6 months' notice to 12 months' notice, then presumably you'd have to give your 12 month termination notice then and there...
...and hope they don't unilaterally amend the contract in the interim to allow them to retroactively extend the termination period.
AFAIK, "unilateral amendment" should be considered at least very suspect by most courts?
"You can’t watch YouTube without a Google account"
you cant??? I reinstall my dekstop the other day, it let me view without login
the problem is recommendation tab/service is empty because there is no history so it cant recommend something, hence you assume that you couldn't view videos
I'm no lawyer, but I would think the purposes for which they read your email and the actions taken subsequently are blatantly illegal, and would invalidate the entire contract.
Yes, but severing would end up in court versus a very belligerent party, who would do their utmost to cost you money. An organization that prioritizes safety over ethics will just suck up the extra cost, apparently.
There are companies and organizations out there fighting for what’s right in courtrooms. Invalidating troll-owned patents, striking down unfair contracts etc. Agency A was obviously not one of those organizations.
I worked for a very successful multinational that I think was relatively moral (at least very moral vs average - e.g. we at least stood by our commitments and contracts and didn’t try and re-trade them if they went against us) and they took the approach that they were never going to be a “soft target”: nuisance law suits - litigate don’t settle, unethical behavior by vendors or customers - we’ll see you in court. It was probably more expensive for a decade or so, but over the long run it saved a ton of money and hassle.
Yes, especially since this sounds like a government agency. Some contractor snuck a backdoor into your email servers and is secretly reading them? Imagine what kind of corrupt practices, up to and including foreign espionage, that they could get up to. They could have been justified in sending in the FBI or CIA if this was the US. Probably would have put a stop to their vendor problems really quick.
Readit News
This kind of behavior rubs me the wrong way. People leaking stuff, breaking compliance and then say - It was just harmless.
I work with a Director who has done something similar multiple times. The chain of events often is - She attends an industry conferences, there she learns about a piece of software, she goes ahead and schedules product demos and solicits a contract. She then contacts the only outsourcing agency she is aware of and promises to give them the implementation contract. Then reaches out as she doesn't have the authority to sign those contracts.
Since the time I have been responsible for product selection this has happened twice. Both times I have been under different managers. Both managers have insisted it was harmless.
Last time this happened the Director was told by promising work and soliciting contracts she was in gross non compliance of the company policies. Her response showed how little she cared. As per her, this was an internal matter and no one could punish her.
Later when we evaluated the product and it promised to "get better with time". All the company's data was being ingested into an AI without regard for enterprise data security rules. Even then her response was - What is the big deal? Everyone reads everyone's data. Legal got involved and shut it down - they asked the product to turn off AI features for our instances.
It is really hard to contend against a malicious or dumb team mate. In a corporate setting if they are higher than you then it is even more difficult. They can chalk it up to a harmless mistake and no one can do a thing.
So, not a total loss.
This took me a few tries to figure out. "This solution" is the open source stack without the vendor from the previous paragraph. I thought it was including the vendor and got very confused when more comparisons started to happen.
> to protect the privacy of the people and companies involved
Companies get privacy rights now?
Snark aside, I think I understand how this person feels.
I once worked for a company that did something abhorrent during a natural disaster. I spoke up and was reprimanded, while my coworkers just sat there and accepted it. I came very close to losing my job, and ended up leaving the company at my first opportunity.
It was 20 years ago, and I keep meaning to write an article about it, but never do. It's not that you want to protect the company, or that you're afraid of being sued. But there's something that weighs on you when you think about actually putting the words down.
It's all a decade or more old, so what's the point? Nobody will be held to account. The company is no longer under the same leadership (or even the same name).
My personal blog has a dead-man's switch that will reveal a number of ugly things about several of the companies for which I've worked. But who cares? That's part of the weight. What good will it do? If, by some remote chance, someone reads it, it will only make them mad. How does that help anything?
But I'm also one of those people on HN who's always crying "name and shame." So, I'm a hypocrite. Such is life.
Deleted Comment
i would love they mentioned the name of the people involved.
Dead Comment
https://news.ycombinator.com/item?id=43985971
In that particular story, if true, I bet the writer is a relative of someone in the branch of police dedicated to tax checks (the much-feared Guardia di Finanza, who effectively wields power of life and death over most small businesses).
> The company offered a managed version with its own proprietary additions
Doesn't sound like open source to me?
So using open source on someone else's computer technically fulfills that requirement, without completing some of the reasons why the requirement exist (vendor lock-in in this particular instance is particularly laughable).
You should do this for consumer stuff, but it's mandatory for business stuff.
So I get a contract and am told it's been vetted and I should sign it. What I found was outrageous.
- If we cancelled for any reason, including if they just didn't do any of there terms in the contract, we owed the full price of the remaining contract immediately.
- The way they structured it was also as a rental, so we were paying full price for purchase of the equipment embedded into the term of the contract, but it was the vendors equipment, so if we cancelled we still paid them full price for the equipment, and they got to keep it.
- If there were any legal disputes, no matter which party was at fault, my side would pay for all the lawyers.
I said nope, can't do it. And my staff were pissed at me for like a year because everyone just signs those things.
We had to shred a bad contract (oddly enough, also for a printer / copier) and simply abandoned the LLC and declared it defunct. The service provider never has even showed up to pick up the printer. It was a pay per page contract where they unilaterally raised the price about 200% for no reason.
We also abandoned a water cooler and water cooler service after the vendor simply refused to answer our requests to end the service. (It’s $20 a month. There was no long term contract signed.) Apparently nonprofits are a target for this sort of thing, so we now don’t even mention we are a nonprofit and handle business relationships via the LLC.
It’s absurd things have become this way.
The article makes it sound like that wouldn't have helped.
It states that the terms of the contract were "unilaterally" changed, without anyone being told -- Something that the tech industry has normalized.
Reading the fine print of the signed contract wouldn't have helped, since the contract changed since then.
These days you're lucky if you even get an e-mail saying "Our terms of service have changed, and if you don't like it, tough noogies." People who are not lawyers on HN will say it's illegal, yet it still happens constantly, and doesn't seem to have been struck down in any court, or it wouldn't keep happening.
ToS are for low-value consumer accounts. 500 seats and public institutions is very different.
...and hope they don't unilaterally amend the contract in the interim to allow them to retroactively extend the termination period.
AFAIK, "unilateral amendment" should be considered at least very suspect by most courts?
There is no other way to log into IRS.gov.
You can’t watch YouTube without a Google account.
You can’t be in the parent group chat without agreeing to the Meta TOS for WhatsApp.
The list goes on.
you cant??? I reinstall my dekstop the other day, it let me view without login the problem is recommendation tab/service is empty because there is no history so it cant recommend something, hence you assume that you couldn't view videos
There are companies and organizations out there fighting for what’s right in courtrooms. Invalidating troll-owned patents, striking down unfair contracts etc. Agency A was obviously not one of those organizations.
Deleted Comment