> At some point people know if you don't care about them. If you cannot care about them why would they "follow you into battle?"
That's true, but it also works both ways.
If the "problem" person is impacting others on your team, you owe it to them to address rather than ignore the issue. After all, why would _they_ follow you into the trenches if you've shown that you don't care enough to deal with an issue that they're saying is making their lives difficult.
(Good) management is about striking a balance - between the business's needs (otherwise you're all out of a job anyway) and the welfare of everyone on the team (which IMO, should always benefit from a bit of priority over the other).
Sometimes that does mean making a hard decision about someone who's very technically capable, but damages the wellbeing or efficiency of the rest of the team.
As an extreme example - I once worked with someone who was a pretty good engineer and knew where a lot of the bodies were buried in the codebase (i.e. keeping him around would be beneficial), but one day he started regularly talking, quite inappropriately about schoolgirls in the team skype group (and even defended doing so). Good engineer or not, sometimes things have to change.
All of that being said, I think the article is too hardline, at least if those are intended to be the opening gambit. There's a ton of people engineering that you can do before you need to reach the point of making it sound like a PIP.
I had to deal with a horrendous skilled person who made every meeting hell for those concerned. It's hard to fire people where I am but in the end we managed it. I am delighted to handle all the problems this caused because they are far less than the daily massive row.
So I'm no stranger to the whole thing. There has to be something coming back from the team members and if they essentially don't give a stuff and treat the rest of the team like dirt then I don't care how great they are - I don't want them.
dotorg being run by a private citizen who receives no payments does not exempt it from GDPR, because GDPR doesn't make that distinction.
There _is_ an exemption for household processing (recital 18) - which means that I don't need to worry about taking a neighbour's contact number etc - but wordpress.org wouldn't fall under that.
Given Matt's actions (and statements made by his own team so far in the case), I think he'd struggle to claim that wordpress.org is not linked to "professional or commercial activity".
It might be quite difficult to enforce against a private citizen, but that's not the same as it not applying.
> dotorg being run by a private citizen who receives no payments does not exempt it from GDPR, because GDPR doesn't make that distinction.
The dot org being run by an American citizen who does not operate within the UK that country 100% means UK courts do not having standing. Remember GDPR UK is not GDPR. It's based on it but case law is different and other stuff. Remember, just because one country does not allow something or requires something does not mean everyone whose website is accessible within that country has to follow that law. But for UK law to apply to someone there has to be a connection. Not just "I can connect to that website" or they're processing my data.
Legal opinion has also been shared from lots of sources that small businesses operating out with the EU aren't covered by GDPR. I believe there is EU law that says EU law only applies to companies with a significant number of customers who are EU citizens.
> There _is_ an exemption for household processing (recital 18) - which means that I don't need to worry about taking a neighbour's contact number etc - but wordpress.org wouldn't fall under that.
Fun fact, in the UK data protection laws will still cover cameras and whatnot taken from a household. That is UK case law. But again, there is no standing for even the Data Protection Act to apply because there is no connection.
> Given Matt's actions (and statements made by his own team so far in the case), I think he'd struggle to claim that wordpress.org is not linked to "professional or commercial activity".
Yea, but there is no standing for the UK to apply its laws on Matt. The EU may have a better claim since he has servers in the EU. However, as pointed out GDPR does not apply for that person because he is neither an EU citizen or a resident as far as I can tell. Their entire claim would be to apply UK law to someone not operating within the country.
The entire point of commercial activity is that there would be a connection and would give UK courts standing is silly. It's basic law 101. Hence, why I said in my first comment that OP didn't understand the law.
GDPR (including the UK GDPR) is extra-territorial by design.
It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
I suspect that you and I would agree about the wrongs of any law being extra-territorial, but it's where things on both sides of the pond have landed us.
You already linked to the relevant part of the ICO's guidance but *appear* to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
That's not the case, it applies just as much to free services.
Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) *collecting and processing data* is offering a service.
> Fun fact, in the UK data protection laws will still cover cameras and whatnot taken from a household
They do indeed. In fact, it's not just cameras: as soon as you publicly share information you can't rely on the exemption because it doesn't cover it.
> Yea, but there is no standing for the UK to apply its laws on Matt.
You keep using the word standing, which is very much as US-centric term. I'm not, for a second, suggesting that anyone would try and enforce this in a US court.
Being able to enforce is (as I've already said) an entirely different kettle of fish.
> Their entire claim would be to apply UK law to someone not operating within the country.
Yes. Welcome to the intended design of GDPR.
Although you're right that EU GDPR and UK GDPR are now two seperate things, they're not actually particularly different things: we didn't really amend it after leaving the EU - the two are seperate since Brexit, but the way that they work is the same, albeit absent a few years of caselaw.
In fact, it's not GDPR that's extra-territorial (or intended to be). Have you seen the stuff they've been trying to bring it to make the internet "safe"? That's extra-territorial in nature too.
Ever since the US passed the CLOUD act, politicians on this side of the pond seem to have decided that what's good for the goose is good for the gander.
> GDPR (including the UK GDPR) is extra-territorial by design.
> It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
That is now how the law works. A court must have standing or jurisdiction or whatever word you want to use since you seem to think semantics are at the core of this issue here.
> You already linked to the relevant part of the ICO's guidance but appear to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
No, that's UK case law. Basic law 101. That is what the legal definition of goods and services is within the UK. If you don't understand that there are legal definitions for things then we're at the crux of your complete misunderstanding of law. And really we won't get anywhere.
>Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) collecting and processing data is offering a service.
Not under UK law. UK law defines a service as something that is being paid for. This is hundreds of years old.
You would be heavily rebuked by a judge if you tried this nonsense in court of trying to redefine hundreds of years old case law to suit your opinion.
> Being able to enforce is (as I've already said) an entirely different kettle of fish.
No, that's the entire point. THE ENTIRE POINT. A court will not take up a case where it can't do anything.
Quite simply, your entire argument fundamentally depends on you not understanding UK GDPR, GDPR, or even basic law fundamentals.
There's no justification for this whatsoever - it was your actions which meant that the ACF team couldn't manage the plugin on dotorg, and the issue you fixed was unbelievably minor.
IF you even had a point in the beginning, you've fatally undermined it. Hell, WPE's motion for a preliminary injunction even now notes that your actions here have potentially fallen into CFAA territory - https://storage.courtlistener.com/recap/gov.uscourts.cand.43...
Given you've been banning dissenters from Slack, I wonder "why" people might not be reporting issues where you can see them?
I can't say for sure that it directly led to jobs, but my website has been brought up in a positive light during the recruitment process more than a few times.
Because I write about technical things a lot, it's often been viewed as "evidence" that I'm an experienced technical writer as well as an engineer.
But, it (and my github account) have also been flagged as "risks" by a recruitment agency though: I can be a bit sweary at times and they felt that having a project called F*ckAMP might put off potential employers. No-one else has cared though.
But, to echo the advice that others are giving you - the "power" of my blog lies more in it being stuff that I want to write, rather than stuff that I'm writing because I think that it'll help my career.
Deciding what to write about can be hard, and sometimes you'll find you hit a block and don't write about anything at all. Those are both fine, just write about stuff when you want to and don't pressure yourself to write "just because".
Much earlier in my career, I was in the UK public sector.
Internal interviews within the department were conducted using something that mixed STAR with a set of core competencies (external candidates were given a bit more leeway).
So as the interviewee, you had to reply in the style of STAR but also ensure that your answers tied back into those competences. To have a chance of success, you'd need to demonstrate as many competences as possible.
As a methodology it makes it extremely easy for the interviewer to assess suitability (especially for candidates trying to move up the chain - there used to be a qualification assessment for that too) and to do so in a way that can easily be explained/defended if a decision is challenged.
As an interviewee, though, it really was the most awful experience. The questions themselves weren't codified, so the interviewer could ask whatever they liked and you had to find a way to tie it back to a relevant competence in order for your answer to "count" and then explain using STAR.
The problem, in my view, is that there's a huge difference between what works for interviewers and what's likely to work for an interviewee. STAR makes it easy for an interviewer, but it's not the way that engineers normally communicate - just as coding challenges are often quite unnatural (like everyone else, I've had some awful technical interviews).
Having an employment contract is more common over here, but that's not the same as what we'd call being a contractor.
As a full-time employee of the company you're working for (i.e. not simply contracted in), you still have an employment contract (it's a right/required) which'll lay out the employment expectations (salary, hours per week, whether you can be required to work additional hours etc).
We do also have contractors - i.e. those who work for an external company who are brought in for a specific project (or to provide easy-to-get-rid-of headcount).
In my experience, working as a contractor isn't all that much more common than in the US. But people having some form of contract is, because basically all employees have one.
Does this mean employees have to renew the contracts? As in, if the employer doesn't renew the contract, does it count as getting fired? Also maybe it's regional, I know that in France contractors are very common but I might have outdated data!
No, it's the result of that poster's mindset - there's absolutely no need to do any of that. In fact, that type of behavior is against the law in a lot of countries and will leave the employer likely liable.
If someone's under-performing whilst in their probation period getting rid of them is incredibly easy. Outside of the probation period there's a bit more of a process, but it's still not particularly hard - all you actually need to be doing is documenting.
This is not true. It’s impossible to fire an employee for performance reason after the probation period in Germany. If an employee cannot deliver on the tasks assigned, they need to be assigned easier tasks. In order to risk your job you have to actively work against solving your skill gap, e.g. declining offers of upskilling.
First, let's be fair, Germany really is an awful example if you're going to then try to apply it to the rest of Europe.
> It’s impossible to fire an employee for performance reason after the probation period in Germany.
This is untrue.
It's true that Kündigungsschutzgesetz does set a really high bar.
You can get rid of them if they aren't delivering on assigned tasks, but you need to show that they are able (and are therefore simply unwilling). There's also the possibility of doing it if there are personal reasons (i.e. something in their life has impacted their suitability for the role) but that's more complex.
That's why you see people get assigned easier tasks - they're being given tasks that are so noddy that anyone could do them (a failure to do so showing that they're not really trying).
But it's hard. The level they have to achieve is really low - something like 65% of a "normal" employee.
But Germany is just one country in Europe. Have a look at France, Italy, Belgium or even the UK - it's *nothing* like the level of stringency that Germany applies.
I'm not sure that using a browser integration rather than having credentials pass through the clipboard really counts as an edge-case.
In fact, I'd go further and say it's exactly the use-case that should be being encouraged. As well as avoiding the issue of clip-board watchers, it also reduces friction and increases the likelihood of ordinary users being willing and able to use it.
Using a hardware key to unlock the database arguably is more of an edge-case, but conversely I'd argue that it's not acceptable to simply break that workflow.
So, IMO, Klode was very much the "computer says no" part of the analogy. He changed the process so the default was to turn away live use-cases.
TFA says that it has a failure rate of 1:33,000. That's a "do not ship" rating for almost anything else.
> immediately stopping you the only thing you have to do is pull out your ID?
Someone I know was detained on the side of the M25 for an hour sorting things out after being pulled over.
He presented the police with his ID and they decided it was a fake. His name was almost identical to someone who was wanted - his middle name and date-of-birth were different.
The Police said that was common on fake IDs - just change a few small bits of information - and that they'd have to take him to the station where he could sort it.
The only reason he didn't get taken in in the end is because the description of the wanted person noted that he had tattoos on his chest. On the side of the M25, at night, the only thing that stopped my mate being hauled into a London police station was taking his top off.
Anecdotes don't make data, but the idea that a copper will simply accept ID despite a system saying "this is your guy" is incredibly naive and suggests you've not had to interact with them much.
> suggests you've not had to interact with them much.
Or the opposite is true and this has been enough to solve all my police problems? I’ll admit it is not in the UK, but I doubt they have a significantly less professional police force.
> TFA says that it has a failure rate of 1:33,000. That's a "do not ship" rating for almost anything else.
For anything where failure means death, sure. For situations where failure means a minor inconvenience, maybe not so much.
To me, the only relevant point of comparison here is the rate of misidentification by officers while _not_ relying on the face id tech. Because that’s the alternative, not having no arrests or searches at all.
> I’ll admit it is not in the UK, but I doubt they have a significantly less professional police force.
Ah, that explains a point that I'd didn't bother to pull you up on.
Carrying ID is not a routine thing here in the way that it is in some other countries (there have previously been attempts to introduce a national ID but they were staunchly opposed). So, it's not a given that you'll have ID on you to show them.
Drivers probably have their driving license in their wallet, but even that's not guaranteed (because you don't have to have it on you when driving).
The "quality" of police varies by force (and, of course, by officer).
The Met, though, have had some pretty serious issues with misconduct (including sexual assault and murder) and are still working through the processes of identifying personnel who shouldn't be in uniform at all (the Met themselves found there were hundreds of officers who should have been sacked previously).
They're working to fix things (or claim to be), but you probably don't want a force that's been described as "institutionally racist, sexist and homophobic" to be entrusted with something like this.
> For anything where failure means death, sure. For situations where failure means a minor inconvenience, maybe not so much.
I would still say the failure rate is too high given that the outcome of interactions with the Police varies quite significantly (par.
> To me, the only relevant point of comparison here is the rate of misidentification by officers while _not_ relying on the face id tech.
I'd also be interested to know this. But, I don't think it'll go quite the way you expect.
I'd expect there'd be _fewer_ overall stops: coppers simply won't (mis)recognise as broad a range of people. If they're only stopping people they recognise (or based on stuff that's been radioed through), their success rate is probably better
I’m not sure those things go together very well. If they’re bored they’ll just pull ‘random’ people off the street. They might not be at direct risk of arrest, but it’d still waste your time.
That’s half of the reason I need to show my ID all the time :/
Edit: I’m starting to think you might be right, and there’s no direct analogue because police don’t just sit in the middle of the street hoping they’ll see some suspect if they cannot instantly compare with 40k wanted faces. No officer would be able to remember them all.
Question becomes more if it’s worth to have some people misidentified to catch the bad guys.
> TFA says that it has a failure rate of 1:33,000. That's a "do not ship" rating for almost anything else.
I find statements like this interesting, from a risk analysis point of view. In the UK there are breast cancer screening programmes and the risk of a radiation-induced cancer for a woman attending full field digital mammographic screening is between one in 50,000 to 100,000. That puts the rate of inducing cancer vs finding cancer at 1 in 400 to 1 in 800 (because the majority of scan results find no cancer). Should we "not ship" breast cancer screening?
One in forty false positives still isn't bad for a system to automatically sift out wanted criminals. That's going to be orders of magnitude better than police stopping people who 'fit a description'.
That claimed false positive rate sounds unbelievably low to me. Is there any proof publicly available and verified openly by a third party?
Why I find it hard to believe is that I am imagining having access to a face photo of everyone in the world, and trying to pick a specific close friend from those photos. Given infinite time to find the photo of that one person, I am convinced that I would find tons of false positives that might be that person, and that I would never even be sure I found the correct photo.
I am guessing that there is some serious sampling bias leading to such a low false positive rate (assuming the number is not complete fiction).
which makes that 1 in 40 number completely irrelevant when discussing false positives from mass deployment in grocery stores or other non-targeted spying.
There is zero reason for a police van in the middle of a city to sift through the whole internet. Everyone identified as living in that particular area is fine, and cuts down on a huge number of matches. The government also has a lovely national database of facial ID’s with names, so they don’t even have to rely on shitty internet photos.
That's true, but it also works both ways.
If the "problem" person is impacting others on your team, you owe it to them to address rather than ignore the issue. After all, why would _they_ follow you into the trenches if you've shown that you don't care enough to deal with an issue that they're saying is making their lives difficult.
(Good) management is about striking a balance - between the business's needs (otherwise you're all out of a job anyway) and the welfare of everyone on the team (which IMO, should always benefit from a bit of priority over the other).
Sometimes that does mean making a hard decision about someone who's very technically capable, but damages the wellbeing or efficiency of the rest of the team.
As an extreme example - I once worked with someone who was a pretty good engineer and knew where a lot of the bodies were buried in the codebase (i.e. keeping him around would be beneficial), but one day he started regularly talking, quite inappropriately about schoolgirls in the team skype group (and even defended doing so). Good engineer or not, sometimes things have to change.
All of that being said, I think the article is too hardline, at least if those are intended to be the opening gambit. There's a ton of people engineering that you can do before you need to reach the point of making it sound like a PIP.