Rabby
Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
I wanted to document something we discovered recently. You probably already know that if you post a job on upwork for software developers, you'll get plenty of bozo applications. However, there are also some honest to goodness frauds, and they tend to follow two patterns.
Here's what they do.
1. They link to their github, where you'll find that they've been working on some project for years. You read the code and, maybe, you think, wow, this is really sophisticated. You look at the commit history, and see that they are the lead developer. Maybe they're the only developer. Wow! "A" player! What a catch! But wait. Unfortunately what you are looking at is someone else's work, and they are attempting to take credit for it by rewriting the commit history (so that you see <bozo> as the author of each iteration of code, rather than the real author). I don't know what they do if you hire them... probably thrash around and and make excuses while billing you, until you fire them. And maybe steal your code if you give them access to your project.
2. They run a script that creates thousands of fake files, one for almost every day of the year, for a period of years. The script checks these into git, back-dating them... the whole thing happens in seconds. The project is then uploaded to github, which honors the fake dates, and it looks like the person has been regularly contributing code for years.
I know people have different levels of sophistication regarding software development. If you're an experienced programmer, this probably would not fool you... at least not if you spent 10 minutes or so looking through the repositories and evaluating code (eg: you would wonder why there was such a large project, yet it had not been starred or forked). Someone who knows "just enough" could easily be fooled. I think these people are preying on small business owners who don't know any better, and probably also corporate outsourcing recruiters who have been told what to look for (such as regular commits, lines of code, etc). I just thought it was worth mentioning here, and I hope it will help someone avoid being defrauded.
Here's what they do.
1. They link to their github, where you'll find that they've been working on some project for years. You read the code and, maybe, you think, wow, this is really sophisticated. You look at the commit history, and see that they are the lead developer. Maybe they're the only developer. Wow! "A" player! What a catch! But wait. Unfortunately what you are looking at is someone else's work, and they are attempting to take credit for it by rewriting the commit history (so that you see <bozo> as the author of each iteration of code, rather than the real author). I don't know what they do if you hire them... probably thrash around and and make excuses while billing you, until you fire them. And maybe steal your code if you give them access to your project.
2. They run a script that creates thousands of fake files, one for almost every day of the year, for a period of years. The script checks these into git, back-dating them... the whole thing happens in seconds. The project is then uploaded to github, which honors the fake dates, and it looks like the person has been regularly contributing code for years.
I know people have different levels of sophistication regarding software development. If you're an experienced programmer, this probably would not fool you... at least not if you spent 10 minutes or so looking through the repositories and evaluating code (eg: you would wonder why there was such a large project, yet it had not been starred or forked). Someone who knows "just enough" could easily be fooled. I think these people are preying on small business owners who don't know any better, and probably also corporate outsourcing recruiters who have been told what to look for (such as regular commits, lines of code, etc). I just thought it was worth mentioning here, and I hope it will help someone avoid being defrauded.
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.