The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Free registration at the forum removes this block.

Watch for this fraud on Upwork

Topics relating to managing people and relationships

Rabby

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
319%
Aug 26, 2018
1,924
6,128
Florida
I wanted to document something we discovered recently. You probably already know that if you post a job on upwork for software developers, you'll get plenty of bozo applications. However, there are also some honest to goodness frauds, and they tend to follow two patterns.

Here's what they do.

1. They link to their github, where you'll find that they've been working on some project for years. You read the code and, maybe, you think, wow, this is really sophisticated. You look at the commit history, and see that they are the lead developer. Maybe they're the only developer. Wow! "A" player! What a catch! But wait. Unfortunately what you are looking at is someone else's work, and they are attempting to take credit for it by rewriting the commit history (so that you see <bozo> as the author of each iteration of code, rather than the real author). I don't know what they do if you hire them... probably thrash around and and make excuses while billing you, until you fire them. And maybe steal your code if you give them access to your project.

2. They run a script that creates thousands of fake files, one for almost every day of the year, for a period of years. The script checks these into git, back-dating them... the whole thing happens in seconds. The project is then uploaded to github, which honors the fake dates, and it looks like the person has been regularly contributing code for years.

I know people have different levels of sophistication regarding software development. If you're an experienced programmer, this probably would not fool you... at least not if you spent 10 minutes or so looking through the repositories and evaluating code (eg: you would wonder why there was such a large project, yet it had not been starred or forked). Someone who knows "just enough" could easily be fooled. I think these people are preying on small business owners who don't know any better, and probably also corporate outsourcing recruiters who have been told what to look for (such as regular commits, lines of code, etc). I just thought it was worth mentioning here, and I hope it will help someone avoid being defrauded.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Einfamilienhaus

Bronze Contributor
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
188%
Feb 8, 2019
217
408
I would like to understand how can I separate to fake one from the good one?

Are there any tools I can use? Or on what should I pay attention exactly?
 

SEBASTlAN

Marketing Wizard
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
149%
Dec 22, 2014
1,888
2,813
Los Angeles
That's why I ask for a link to their own website, along with a small task and see how they execute on that task before hiring them for the actual job.
 

ApparentHorizon

Platinum Contributor
Speedway Pass
User Power
Value/Post Ratio
301%
Apr 1, 2016
942
2,836
Greenville, SC
Great catch!

I've been hiring developers there for the past 3 years. Few bad apples, but got it down to a process now.

Most important of which, is creating my own test questions, related to the project at hand.

One of my lowest requirements is a resume/portfolio. Which is only factored in between the remaining applicants.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

dkostadinov01

Contributor
User Power
Value/Post Ratio
144%
May 31, 2019
25
36
I would like to understand how can I separate to fake one from the good one?

Are there any tools I can use? Or on what should I pay attention exactly?

They would have been a student in Computer Science's college and have history of geek stuff... It's typically the self-taught who have missed logic development exercises(which are not easy at all, it took me 2 years) and have to rely on this stuff.
 

Rabby

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
319%
Aug 26, 2018
1,924
6,128
Florida
I would like to understand how can I separate to fake one from the good one?

Are there any tools I can use? Or on what should I pay attention exactly?

There are a few things that will help. Sometimes, the readme or some other part of a plagiarized repo will have a reference to the original project, which you can then lookup. Often, the original has been starred and forked a lot, while the fake never has (although, I think the fakers will adapt this eventually... they'll just create fake github accounts to star and fork their plagiarized repos).

The starring and forking, for now, is a hint. If someone appears to have been working on a project for years, and it is quite large and sophisticated, it's a little mysterious for them to be the only one working on it. Not that it's impossible, but you might look into why.

If they are just faking git commits, they'll have lots of small changes to giles - like changing one number in a file. Often, at the end of all the changes, the changed files will be deleted, leaving a relatively small, clean repo. In actual practice, nobody would do this... would you add a few numbers to a file in your code every day and then delete it after doing that for a few years? Of course not. They're counting on you just looking at the amount of activity, and maybe reading some of the code, but not noticing that the activity was faked.

For code that has been packaged via Ruby Gems, NPM packages, Lua rocks, etc., you can probably find the real package, which will correctly attribute the real author. If you then go look at the real project's github, you'll see all the same git commits, but made by other people (the real authors). Look back at the plagiarizer's account, and you'll see those commits all rewritten to make it look like they did the work.

I think Mr. G is going to start a white paper on the topic, and we'll work on it together to show the frauds that are being perpetrated, how they do it, some ways to detect it, etc. I'll post here when that's done (assuming we do it... let me know if you would want to read it). Mr. G was quite peeved... being a long time developer and open source contributor, he would like to see the plagiarizers go down in flames.
 

Einfamilienhaus

Bronze Contributor
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
188%
Feb 8, 2019
217
408
I think Mr. G is going to start a white paper on the topic, and we'll work on it together to show the frauds that are being perpetrated, how they do it, some ways to detect it, etc. I'll post here when that's done (assuming we do it... let me know if you would want to read it). Mr. G was quite peeved... being a long time developer and open source contributor, he would like to see the plagiarizers go down in flames.

Please share it! Would be great! Since I have a bad experience with one of the "Developers" I'm more carefully with who I'm working with. And I need to learn how can I identify to fake one
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

Latest Posts

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top