Working for a while in a very small team, outsourcing has been discussed a lot.
What stopped us every time was the coding part.
Imagine having perfect business requirements, and preparing perfect acceptance tests. Once your feature is delivered you safely ship, and after a week or two come up with improvements.
You prepare to redo the cycle, except your outsourcing firm is busy and you need to ask elsewhere. They come up for twice the expected price and want to rewrite half of the logic. From there, it will basically cost more and more each time to make the feature evolve, as arguably it will have become complex and touched by many hands.
A solution to that is to keep a stable outsourced team. Except it’s not actually stable, people come and go and quality vary. Either way you keep someone on your team busy making sure you don’t get screwed. More often than not, that person has coding skills, that could be used to actually clean code the feature instead.
Basically, outsourcing only made sense if we had no way to hire more at any reasonable price, or for one-shot project with no future behind.
Why do you think that you can hire stable team in your country, but you can't do that in a distant country? Seems that problem roots in those "outsourcing companies". Avoid those companies then. Hire directly.
Setting up a payroll in a different country is a lot more effort than what most companies want. You can do consulting contracts instead, but it then becomes harder to find people who want long term contracts for single clients (those people need a solid reason to not choose a local company or a bigger global company that has a full payroll in their countries). Not considering you have to do the hiring in the first place.
It’s not intractable, but we wouldn’t have been hiring full remote teams of 10 or 20 people so the effort doesn’t scale much, and the price difference really isn’t worth the hassle.
PS: looking back at the last 2 years, many employees have looked at moving long term to another country while keeping their current jobs. I’m pretty sure even in these cases (= established relationship, proven skillset etc.) most companies bailed on dealing with the international ongoing paperwork.
Difference between 10x $50k/year developers and 10x $150k/year developers is $1m/year. How much money would a company need to actually do an effort? Billion? Are lawyers who can fill some papers that expensive?
Bearing in mind if we’re going for 3x cheaper we’re not getting people that are super competitive on the global market:
Your other costs are not just lawyers: you’ll often need near perfect task definitions and acceptance criteria. That takes time (=money) and it requires a degree of upfront knowledge of the system that is way higher than if you’re working with devs you’re interacting with 6 times a day.
You’ll often realize that you messed up the specs on some edge case or they messed the implementation, and you get a redo a full cycle for the correction. And all that could be opportunity cost as well for your PO dealing with that team.
That remote team also probably won’t have the same access to your production than your local team for many reasons, including legal ones.
You’ll also have to adjust for timezones, regular trips etc. You then factor in the stress on wether your staff wants to babysit a remote team.
All in all, it’s not as clear cut as just stacking salaries, except if you’re IBM or Accenture, where the result doesn’t really matter much and the above quagmire is your core competency.
PS: hiring a $150k/year remote team is another story, of course.
I think that is still a middle layer problem. A root layer problem would be "pay your developers enough they don't leave", but that in general is in conflict with business practices optimized to make as much profit as possible next quarter.
>Meeting the acceptance criteria with guess and check isn’t hard.
Acceptance criteria often don't exist or are wrong. Incidentally, when someone says "business requirements are easy", that's a pretty big tell they have never worked on a complicated project.
> that's a pretty big tell they have never worked on a complicated project.
Even an 'easy' project, it's not easy. Edge cases, security, performance, dealing with error conditions, dealing with bad external vendor/data. "We'll just import data from vendor X". Yeah, that can never go wrong!
Hardest yet: apply professional rigor and be actually given time to do so because apparently just hacking something together that looks to work is the best thing ever (in the eyes of managers and business owners).
Software engineering is a well understood science in many cultures. Parsing acceptance criteria written by someone of another culture and domain experience can be difficult for some, and it’s not something learned in computer science courses.
I really don't understand the Intel hate in this situation. A third competitor is a good thing, and on DirectX 12 titles they are good price for performance.
It's not just logging. L4J is so extensible that people have used it for all kinds of things, way waaaaaayyyyy away from just logs. So disabling logs won't necessarily cut it.
I am no expert. I ended up indexing all the open source kruft I use to hold this ship of fools together, then verified that the Log4J pieces were definitely disabled with a bunch of monitoring while I tossed stuff at it. I did mention I am not an expert, right? I am sure there is a more Pro way to do this.
option 1 - we and farmers, as professionals are responsible for supplying stuff that is not dangerous and works as it should
Option 2 - which you are advocating - it's every man for himself and we decent into socity of warring tribes of hunter hatherer or subsitence farming at best
I mean, how do you know your webserver doesn't have a bug? How do you know your OS doesn't? Just write those yourself? How do you know yours doesn't? One must still verify the key functionality regardless.
But, you're not wrong, some people reach for every library and framework they can, and others focus on building the most minimal and understandable thing that will work. I'm not saying writing your own server in assembly, but, avoid unnecessary junk and magic and libraries.
It's the classic dilemma: in this world of ours, one can either return to monke or progress to crab.
the issue is that this can pop up in any library, not just logging. It's about keeping your deps up to date (or not) by a "3d party" (assuming he mean 3rd party)
Yes, this can pop up in any library. But only because developers aren't taught "don't put remote code execution into your code". You'd think that would be something that someone would teach, but it doesn't really come up. Remember that log4j was vulnerable because of a feature - it all worked as designed.
Same, Covid wasn’t that bad, certainly nothing to close the economy and schools for. It is very survivable, the vaccines shouldn’t have never been recommended for anyone except elderly and high risk individuals.
