the outsourcing curse strikes again!!
-
I'm sorry to point out that in INDIA close enough is never good enough,until they have very little time to put all the business requirements into action or the problem is really understated in one line "Security has to be enabled". No offence meant. P.S.: I'm a INDIAN and I never settled for anything less than perfect in my development if it means I have to defy project time lines set for completing the task.
Sastry
Sastry_kunapuli wrote:
the problem is really understated in one line "Security has to be enabled".
well, the solution architects on our side drew the exact picture for them on what is expected and how, so the spec was in no way "understated". I think the real problem is they don't see our vision at the same level as we do, its not their baby, they don't care. Their job is to take payments, deliver half-baked stuff and charge more money for fixing defects they introduced in the first place. I am not implicating all the developers in India, I am sure there are brilliant ones that come at nearly the same cost as an onshore programmer that we would hire. But assuming that these "top" companies will do a top job (well, coz they are "top"), we trust them a little too much. The problem is most of these "top" offshore companies, as I have learned, hire fresh graduates by the thousands many of who lack appropriate soft skills i.e. time management, communication, sense of ownership for the task given, passion for the field of work etc. I have been told that 8 out of 10 so called engineers are only in IT for the money which obviously is plenty for Indian standards and an onsite trip which they seem to love. This kind of culture proliferates a lot of "wanna-bes" that can only ever produce low quality work.
Sastry_kunapuli wrote:
No offence meant.
None taken :)
-
Sastry_kunapuli wrote:
the problem is really understated in one line "Security has to be enabled".
well, the solution architects on our side drew the exact picture for them on what is expected and how, so the spec was in no way "understated". I think the real problem is they don't see our vision at the same level as we do, its not their baby, they don't care. Their job is to take payments, deliver half-baked stuff and charge more money for fixing defects they introduced in the first place. I am not implicating all the developers in India, I am sure there are brilliant ones that come at nearly the same cost as an onshore programmer that we would hire. But assuming that these "top" companies will do a top job (well, coz they are "top"), we trust them a little too much. The problem is most of these "top" offshore companies, as I have learned, hire fresh graduates by the thousands many of who lack appropriate soft skills i.e. time management, communication, sense of ownership for the task given, passion for the field of work etc. I have been told that 8 out of 10 so called engineers are only in IT for the money which obviously is plenty for Indian standards and an onsite trip which they seem to love. This kind of culture proliferates a lot of "wanna-bes" that can only ever produce low quality work.
Sastry_kunapuli wrote:
No offence meant.
None taken :)
Don't go by the name,you could get very good people from companies whose names are un-heard of,or the other category from companies that are "Top".My suggestion if the next time you are offshoring some work do not go by the company name but have a good interaction with the team that is working on the specs and if they are not upto the mark as a customer I think you have the privilege of getting a new team(not sure though) and do not settle for something less.every $ is valuable.
Sastry
-
Sastry_kunapuli wrote:
trying to mint
We heard from one of the guys after we severed our relationship with the company. The management over there was directing the employees to do everything that they could get as much money out of our company without actually producing anything.
Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
Told you they are trying mint you guys out.After all the employee could not do anything better than what his management orders to do.Anyways all the teams of the company are not so,some of them are really good in delivering the work without getting back a remark from customer.
Sastry
-
I'm sorry to point out that in INDIA close enough is never good enough,until they have very little time to put all the business requirements into action or the problem is really understated in one line "Security has to be enabled". No offence meant. P.S.: I'm a INDIAN and I never settled for anything less than perfect in my development if it means I have to defy project time lines set for completing the task.
Sastry
-
we pay them to deliver a web product security of which is an integral part. It shouldn't even need stressing on, if they have a better idea then communicate not silently go in and do crappy work!
I have seen some students while I was in university, they used to do out-source through other companies. The problem is, those university student has very little idea about security, because they know how to do javascript and html and other programming language, but security is more related with experience. The experience is not only gathered from year of working experience also working with the people who knows about it. When you outsource your work you give it to some company in some country but you don't look at their setup. You really don't know how much they care about your security. I am not telling you to do out-source. I am telling you to rethink how you would give your precious system to be developed by some company you barely know.
-
Last week we came across a serious security flaw in our soon to be released major web product that we had trusted the offshore partner (one the largest Indian IT firms) with. This happened despite clear guidance as to how to implement the security in the product which uses Silverlight and ASP.NET. They completely disregarded what was told and came up with a weird crazy arse lame mechanism of their own which led to the password being sent in a cookie merely as an ASCII valued string along with the login request!!! This is a cardinal sin, this is something you study in Web Security 101, totally unacceptable. Now, we can't just lay them off and bring all the work back onshore, the business financials don't probably allow for it. But it leads me to wonder whether outsourcing at all is worth the money spent or not? I know some of you may say, "you get what you pay for!!" but when a company boasts claims of excellence in delivery of solutions, I would atleast expect them to understand what web security is and what's the right way to do it. In my opinion all these cheap outsourcing companies are just that - CHEAP both in terms of money and quality. I m pretty sure many around here must have similar stories to tell.
I too was forced to work with an off-shore Indian company. I was explaining to them that the file was binary. Someone spoke up and said "I looked at the file and it's not binary as it contains more than ones and zeros." Things did not get better from there!
<>
-
I too was forced to work with an off-shore Indian company. I was explaining to them that the file was binary. Someone spoke up and said "I looked at the file and it's not binary as it contains more than ones and zeros." Things did not get better from there!
<>
-
I too was forced to work with an off-shore Indian company. I was explaining to them that the file was binary. Someone spoke up and said "I looked at the file and it's not binary as it contains more than ones and zeros." Things did not get better from there!
<>
That probably was the moment you realized that there still was a long way ahead of you :) What did the file contain? Hexadecimal? :) Our intern said almost the same when I showed him a hex dump for the first time. At the beginning it seems to be hard to see any connection between those hex numbers and binary. The kids get their heads stuffed full of high level languages and how to write pretty source code. And they are told that the great modern compilers take care of the dirty work better than they ever will. It took some time for him to realize that the true magic is happening at that level. :)
At least artificial intelligence already is superior to natural stupidity
-
I too was forced to work with an off-shore Indian company. I was explaining to them that the file was binary. Someone spoke up and said "I looked at the file and it's not binary as it contains more than ones and zeros." Things did not get better from there!
<>
Either you made it up or those guys were really that ignorant! :D
-
Either you made it up or those guys were really that ignorant! :D
-
Last week we came across a serious security flaw in our soon to be released major web product that we had trusted the offshore partner (one the largest Indian IT firms) with. This happened despite clear guidance as to how to implement the security in the product which uses Silverlight and ASP.NET. They completely disregarded what was told and came up with a weird crazy arse lame mechanism of their own which led to the password being sent in a cookie merely as an ASCII valued string along with the login request!!! This is a cardinal sin, this is something you study in Web Security 101, totally unacceptable. Now, we can't just lay them off and bring all the work back onshore, the business financials don't probably allow for it. But it leads me to wonder whether outsourcing at all is worth the money spent or not? I know some of you may say, "you get what you pay for!!" but when a company boasts claims of excellence in delivery of solutions, I would atleast expect them to understand what web security is and what's the right way to do it. In my opinion all these cheap outsourcing companies are just that - CHEAP both in terms of money and quality. I m pretty sure many around here must have similar stories to tell.
-
Last week we came across a serious security flaw in our soon to be released major web product that we had trusted the offshore partner (one the largest Indian IT firms) with. This happened despite clear guidance as to how to implement the security in the product which uses Silverlight and ASP.NET. They completely disregarded what was told and came up with a weird crazy arse lame mechanism of their own which led to the password being sent in a cookie merely as an ASCII valued string along with the login request!!! This is a cardinal sin, this is something you study in Web Security 101, totally unacceptable. Now, we can't just lay them off and bring all the work back onshore, the business financials don't probably allow for it. But it leads me to wonder whether outsourcing at all is worth the money spent or not? I know some of you may say, "you get what you pay for!!" but when a company boasts claims of excellence in delivery of solutions, I would atleast expect them to understand what web security is and what's the right way to do it. In my opinion all these cheap outsourcing companies are just that - CHEAP both in terms of money and quality. I m pretty sure many around here must have similar stories to tell.
God bless the Indian Firms. I have made $1000s of dollars "fixing" and making legal, code generated overseas. For 10 years, it was my bread and butter. The upfront cost of doing business with Indian shops is cheaper up front but the costs rise rapidly when the company has to hire me.
-
Last week we came across a serious security flaw in our soon to be released major web product that we had trusted the offshore partner (one the largest Indian IT firms) with. This happened despite clear guidance as to how to implement the security in the product which uses Silverlight and ASP.NET. They completely disregarded what was told and came up with a weird crazy arse lame mechanism of their own which led to the password being sent in a cookie merely as an ASCII valued string along with the login request!!! This is a cardinal sin, this is something you study in Web Security 101, totally unacceptable. Now, we can't just lay them off and bring all the work back onshore, the business financials don't probably allow for it. But it leads me to wonder whether outsourcing at all is worth the money spent or not? I know some of you may say, "you get what you pay for!!" but when a company boasts claims of excellence in delivery of solutions, I would atleast expect them to understand what web security is and what's the right way to do it. In my opinion all these cheap outsourcing companies are just that - CHEAP both in terms of money and quality. I m pretty sure many around here must have similar stories to tell.
...and they probably got the coding idea by posting a question on Code Project asking 'can someone give me code to....'
-
Last week we came across a serious security flaw in our soon to be released major web product that we had trusted the offshore partner (one the largest Indian IT firms) with. This happened despite clear guidance as to how to implement the security in the product which uses Silverlight and ASP.NET. They completely disregarded what was told and came up with a weird crazy arse lame mechanism of their own which led to the password being sent in a cookie merely as an ASCII valued string along with the login request!!! This is a cardinal sin, this is something you study in Web Security 101, totally unacceptable. Now, we can't just lay them off and bring all the work back onshore, the business financials don't probably allow for it. But it leads me to wonder whether outsourcing at all is worth the money spent or not? I know some of you may say, "you get what you pay for!!" but when a company boasts claims of excellence in delivery of solutions, I would atleast expect them to understand what web security is and what's the right way to do it. In my opinion all these cheap outsourcing companies are just that - CHEAP both in terms of money and quality. I m pretty sure many around here must have similar stories to tell.
We had an Indian company taking our code and converting it. In our initial discussions I stated two architectural requirements and they later stated I never said them!!! Then they said that they wanted more money due to meeting my specs. So when we had our next big meeting I gave them the requirement of 300 txn per second and would not let the Indian move away from the subject until he wrote it down on the board as a requirement. (he tried to pass over it stating that it was "standard" or some kind of bull cookie)