People tend to not be aware of software testing patterns but the Page Object Model would help clean this code up a lot, especially around the hard element ids that could change at any time.
public void testLogin() {
// fill login data on sign-in page
driver.findElement(By.name("user_name")).sendKeys("userName");
driver.findElement(By.name("password")).sendKeys("my supersecret password");
driver.findElement(By.name("sign-in")).click();
// verify h1 tag is "Hello userName" after login
driver.findElement(By.tagName("h1")).isDisplayed();
assertThat(driver.findElement(By.tagName("h1")).getText(), is("Hello userName"));
}
}
Into this?:
public class SignInPage {
protected WebDriver driver;
// <input name="user_name" type="text" value="">
private By usernameBy = By.name("user_name");
// <input name="password" type="password" value="">
private By passwordBy = By.name("password");
// <input name="sign_in" type="submit" value="SignIn">
private By signinBy = By.name("sign_in");
public SignInPage(WebDriver driver){
this.driver = driver;
}
/**
* Login as valid user
*
* @param userName
* @param password
* @return HomePage object
*/
public HomePage loginValidUser(String userName, String password) {
driver.findElement(usernameBy).sendKeys(userName);
driver.findElement(passwordBy).sendKeys(password);
driver.findElement(signinBy).click();
return new HomePage(driver);
}
}
/**
* Tests login feature
*/
public class TestLogin {
@Test
public void testLogin() {
SignInPage signInPage = new SignInPage(driver);
HomePage homePage = signInPage.loginValidUser("userName", "password");
assertThat(homePage.getMessageText(), is("Hello userName"));
}
}
There are better ways to write the pattern but the idea is having the elements in one place so if the site changes you can update them quickly, and then in your code accessing them by variable name. It's much cleaner, easier to edit if they change the UI (which happens) or if they use a web framework like React that has strange elements to access.
I don't know. I guess that's subjective. I would personally rather work on code with much less abstraction.
All of the Java codebases I've worked with, that have 20 levels of hierarchy to 'clean up' the code bases and make it easier to edit, turn into giant balls of spaghetti at some point.
I normally agree with code being subjective but with test code around the UI I'd argue actually that this is a good abstraction. For example this code would completely break if they added another div with text on a page. It'd also completely break the Page Object Model. But imagine there are 50 tests covering these pages. In the iterative example you'd need to update the divs for all 50 tests, with a page object model you'd need to update them in one place and the tests would then be updated. I appreciate this argument might come down to "trust me, I've seen this" but it really is a good abstraction to look at if you need to write selenium or cypress tests.
As someone who worked IT at Kellogg's, I would say the interview was more about confidence and communication skills then it was technical ability. The only "programming" I ever did was VBA/Excel. Although I did dabble with PLC from time to time. I'm not sure if they even have actual software engineers at their company, they seem to like contracting out a lot of that
kind of stuff.
I wouldn't survive the interview because I would have to answer "Why do you want to work here?" with "To fund adult art commissions of Tony the Tiger."
I think a more commercially successful venture would be an adult cinematic franchise set in the Dark Frankenberry/Count Chocula universe as they save breakfast (and morning sex) from nefarious threats like the Frosted Lucky Charms Elf and the evil Quisp.
Can you be more clear on this? I don't see where this is happening. There's a start_drive function that they call once in main and use that reference the entire time.
> Can you be more clear on this? I don't see where this is happening. There's a start_drive function that they call once in main and use that reference the entire time.
They run start_driver() inside a while loop with 10000 iterations
> How else would you get around navigating the DOM which this has to match precisely?
For that specific one I'd probably try "//*[contains(text(), 'Apply now')]", if they add a single element to that page the entire xpath will fail in the code example
> Very subjective?
Do you have two first names?
> Agree with this but maybe it's not possible for some reason in regards to how the webpage is configured?
Maybe! Still, I bet you it's possible to wait for an element even if it's your own action taking effect.
> They run start_driver() inside a while loop with 10000 iterations
I mean wouldn't that allow 10,000 parallel operations? If you waited for each one to complete, then close each one, it would take forever.
EDIT: Gruez(below) made the point that the code isn't written to be async so this is definite issue.
> For that specific one I'd probably try "//*[contains(text(), 'Apply now')]", if they add a single element to that page the entire xpath will fail in the code example
You're prob right about this to be honest.
However, there's two elements with 'Apply now' on the page. A button with 'Apply now' and a dropdown with 'Apply now' that opens when you click that button. Lol
> However, there's two elements with 'Apply now' on the page. A button with 'Apply now' and a dropdown with 'Apply now' that opens when you click that button. Lol
You can chain them! It's still better to [0] the text one and then click the pop-up than use div chains the whole way down. Yes it's not perfect, if I was testing the site as part of Kellogg I'd ask for test ids to make them unique, but it's still immune to additional divs.
>Can you be more clear on this? I don't see where this is happening. There's a start_drive function that they call once in main and use that reference the entire time.
I have no experience at all using Selenium (nor automated scripts that POST stuff in the web) but I could understand what the code was doing. I can follow the code just fine.
> 1. undescriptive variable names (eg. data2)
Doesn't matter. The file is 200 lines of code.
> 2. inconsistent formatting
That didn't make the code harder to read/follow.
> 3. copy pasted fragments everywhere
Meh. Really, I've seen code where everything that could be repeated was encapsulated in a function/method/class which was being used only once.
Right, I can follow the code just fine too, but OP's claim was
>well written, rather pretty code
Like you mentioned, the file is only 200 lines, so you can get away with quite a bit and still be understandable/maintainable, but that doesn't mean they're all "well written" or "rather pretty".
Due to selection effects, I wouldn't find it too surprising that the "middle of the road" (ie. 50th percentile) of developers with a job is equal to the 80th percentile of developers seeking a job.
Well, the reason I was able to apply both "middle of the road" and "80th percentile" labels to the same code is because the former was regarding code quality and the latter was regarding code prevalence (in the same sense that scoring 50/100 on an exam doesn't necessarily put you in the 50th percentile).
As far as developer quality goes...I'm afraid I'm not qualified to comment.
Most job postings online are made through an applicant tracking system (ATS). Many of these also handle application submissions as well. These systems typically let the HR department filter through results that they don't want. Unless the striker is adding enough variety in the applications and when they are submitted, I think it would be pretty easy to match and discard the bogus ones.
It looks like this script is using the standard Faker module email generation, which will generate email addresses exclusively with domains at example.net, example.com, and example.org.
It also attaches the exact same .png [0] for the resume in every fake application. So these should be pretty easily filterable based on those 2 facts alone.
Additionally, there are plenty of red flags that any human reviewer would quickly pick up with these applications. The addresses don't exist. The random prior occupations it submits are rarely in line with what you'd expect for these positions. The name generator is pulling random first names for the last name as well. And the randomly generated email addresses contain names that don't match the name on application. So, the script will submit an application for "Susan Justin," a former Surgeon with the email address ronaldbrewer@example.com, at an address that doesn't exist.
I'm sure this is a nuisance for the HR analyst who's the first line of defense in reviewing applications. And they might've had to bring in someone with more technical/fraud skills to help weed out the fake applications, but it seems quite manageable.
"Unless the striker is adding enough variety in the applications and when they are submitted, I think it would be pretty easy to match and discard the bogus ones"
Not at all. Many of the people from Reddit are specifically applying using local zip codes, local addresses, and local area code phone numbers. Kellogg is going to have a massive headache trying to sort through these imo.
Edit: One thing I didn't think of was application source IP address. It's possible the ATS records that info when an app is submitted, so they could possibly delete bogus records that way but I'm no ATS expert and this is literally just my own conjecture.
I've written systems that integrate with these. The old crop (bullhorn and similar) probably wouldn't be able to do what you're saying easily. The more modern ones out of the usual places could likely do it easily.
I base this opinion off of ~6 year old data and experiences. The "best" horror story was an ATS that used client-side browser datetime without timezone support as their official timestamp record for various events.
Also they could just pull the listing then go to some temp agencies (for example manpower, randstad) and say 'i would like to hire 10 people that have these qualifications'. I know a couple of people who do not even look at company websites and deal only with companies like this for these kind of jobs. They are perfectly fine being forever temp.
Historically, law enforcement, courts and at time even military force have been used to put down labour action when it goes outside the box the NRLA drew. So I have no doubt they would throw the book at this kind of action if they can get away with it.
Even regular picketing sometimes gets sanctioned by the police. Just this October John Deere picketers were sanctioned for blocking a gate. [1]
>Historically, law enforcement, courts and at time even military force have been used to put down labour action when it goes outside the box the NRLA drew.
>Even regular picketing sometimes gets sanctioned by the police. Just this October John Deere picketers were sanctioned for blocking a gate. [1]
Did those actions get put down because it was labor action, or was it because those actions were not acceptable? ie. if I said [unpopular thing] online, and a bunch of protesters showed up to my house and blocked my driveway, preventing me from going to work, would it be reasonable for the police to disperse those protesters? would it be reasonable for me to get an injunction against those protesters to prevent them from doing it again?
All "labor actions" have only become "acceptable" through sacrifices of people fighting for it. Its a hard thing to get companies to agree to make less profit, as making profit is how they justify their existence, and profit tends to fall, so they are incentived to fight even the smallest demands from workers. "Acceptability" is a dynamic thing, decided by those who write laws.
Not sure how to respond to your example because its a different situation? Do you think workers are just angry in the same way the mob outside of your house is? Or do you maybe think they are just trying to survive in this world?
To the first point, I think I agree, and in general, I personally would like workers to run "against the rule of law" more than they do now, where it is in their interest. I think it's plain to see that the rule of law is generally not in their interest, so I think they should do what they can, but I get that is probably an unpopular opinion here.
To the second point, I don't think we need to decide on the fineness of either, in order to understand their qualitative difference.
I can't remember the details exactly but there was a case in Germany in which a coordinated online and offline protest against Lufthansa was carried out, the online component being a denial of service attack on the airline's website. Lufthansa attempted to charge those response and the court dropped all charges - seeing it as a legitimate form of protest.
The German (and generally, almost all European) legal system is a very different beast to the American one. What might be dropped by the court there may very well be seen as legitimate and prosecutable on the other side of the Atlantic, and vice versa. For something happening in the USA, you'd be best served by precedents from the USA itself, then from other common law countries, before considering anywhere in mainland Europe.
I'm not an American, but from what I know of the US judicial system and the power corporations have, I would think the courts would come down very heavily on anyone doing this - they'd rot in jail.
Regardless, I can't see how anyone could fathom prosecuting thousands (if not millions?) of participants in a DDOS attack and actually being successful.
It would be much more effective to go after the facilitator who made it possible, in this case the developer. Both efficient and punative messaging-wise
>If picketing IRL factories is allowed, what would the law be on DDOS of an online business by union members?
I'm pretty sure union/striking isn't a valid excuse to violate laws, and that "picketing IRL factories" doesn't violate any laws (ie. they do in on the sidewalk/public roads).
Perhaps surprisingly, whether picket lines are lawful is often a matter of legal contention when there's a strike. Company owners argue that they are obstructive (which is at least partially the point), and courts often grant injunctions or restraining orders placing limits on the size, location, or even existence of picket lines.
Have any of these restrictions been on people operating entirely on public property? The only ones I've ever seen typically entail trying to block access entirely, something that by definition almost requires access to private property unless you have a ton of people, which most picket lines don't.
Submitting a job application with false information does not violate any law that I am aware of (perhaps if it's a government position there is? I'm not sure).
Manually submitting 50 job applications with false information also does not violate any laws that I am aware of.
The focus then becomes on automation. But if I automate the job application process at 1 application/day, that's not illegal. So it becomes a balancing act between how fast I am automating, and how shoddily designed the application system is.
I don't think it's as cut and dry as "this is illegal" or not.
Sending a single request to a website is not illegal. Hammering a website with thousands of requests per second with the intent of taking it down or making it inaccessible is. I agree it's not cut and dry but intent matters to some extent.
In the context of this specific scenario, I can agree to that.
But in the context of the parent comment ("what would the law be on DDOS of an online business by union members"), there's a valid discussion to be had.
If my code submits 1 fake application to each open position, once per hour or once per day (which is well within what I can do manually), and that code is shared between thousands of striking workers (and their supporters), and that results in downtime or inaccessibility, should that be illegal? If so, why? Would it be different if there wasn't code, but just thousands of strikers submitting applications as fast as they manually can and as fast as the website allows?
At what point does the responsibility lie with the company who isn't rate-limiting or captcha-ing?
With the CFAA, it's actual entirely possible that the person who wrote the code is entirely at fault if their intent was that multiple people run malicious code. Courts aren't black and white and take intent and amount of damage into account. There's no hard and fast "number" on how many people makes a DDOS. In fact, the service (site) doesn't even need to be hampered to be considered a DOS. Just having HR have to filter through tens of thousands of bogus applications can be considered a DOS.
In the context of the CFAA, I think you can make just about any activity on a computer be deemed illegal. Which is why I think these cases are worth discussing, and we should have the discussions with the intent of improving what the CFAA is and does, because it's grossly outdated.
Personally, I believe that if a few thousand striking workers decided to manually fill out job applications as fast as they could, as opposed to walking a picket line, that should potentially considered a valid form of protest. If the job-application-taking website fails or slows down or HR gets a headache, so be it. That's sort of the point of union workers protesting - cause headaches so their voices will hopefully be heard.
And at that point, what is the difference between a few thousand people manually submitting applications or using code to submit them at a pace which they manually could anyways?
>If my code submits 1 fake application to each open position, once per hour or once per day (which is well within what I can do manually), and that code is shared between thousands of striking workers (and their supporters), and that results in downtime or inaccessibility, should that be illegal? If so, why?
A lot of it hinges on intent. If the people striking are attempting to overwhelm the service, I could see that being illegal, regardless of whether or not a program was used to assist in the denial of service.
Put another way, if I and a group of friends coordinate to call your office and tie up all of your phone lines, should there be legal consequences for my group?
I agree intent matters. But if the intent is to strike, which is what my posts are in the context of, the intent is obviously to cause headaches. That's what strikes do - cause inconvenience (less production, picket lines slowing traffic into/out of the workplace, etc.) so that demands can be heard.
>Put another way, if I and a group of friends coordinate to call your office and tie up all of your phone lines, should there be legal consequences for my group?
I think this is somewhat detached - your friends aren't striking workers trying to make a point - but I think it somewhat depends on what easily available mitigations I could employ. Can I simply block the numbers? Then I should do that. Can I rate-limit the number of times a certain number can call me? Then I should do that as well.
More illustratively, if my phone system is poorly designed and only accepts 1 phone call every 5 minutes or it crashes, should there be legal consequences for someone who calls twice in that 5 minute period? I say this, because if a website has no rate-limiting, no captcha, and can easily fall over -- is it really solely the fault of the striking workers who manually submit applications?
What if your phone system is poorly designed and only accepts 500 phone calls a minute or it crashes, should there be legal consequences for getting 600 people to call during the minute? What if your web site is poorly designed so that more than five million requests make it crash, and a DDOS sends ten million requests? Is it okay for the NSA to hack your computer to spy on you because computer software is poorly designed and includes exploits that allow hackers in? What if your automobile is poorly designed in that it can't handle having caltrops thrown in front of it to puncture the tires and cause a crash?
All systems are "poorly designed" if by that you mean they'll fail under pressure but this could have been prevented. It would, after all, be possible to design a car that is more resilient to running over a row of caltrops, it would just be expensive and unrewarding most of the time.
Of course, the person disrupting the system is a biased party. He shouldn't get to decide what counts as poorly designed in order to excuse his disruption; if you allow that, he's always going to claim that whatever vulnerability he found is just poor design. We don't think this is a good excuse for the NSA; it shouldn't be a good excuse for anyone trying to overwhelm a phone system.
Your whole comment is based on an analogy which I already said is detached from the issue at hand. None of your examples relate, at all, to a striking worker.
Was my phone analogy poorly constructed? Yes. Does your extension all the way to NSA hacking innocent citizens make sense? No.
Nobody is talking about "hammering a website with thousands of requests per second with the intent of taking it down." They're flooding an application process so that Kellogg HR can't find any real people in the giant pile of fake applications. Taking the website down is not a goal.
Both are attacks on availability in an IT context which is what makes it illegal. The goal is to cost the company money by reducing their ability to use recruiting systems, which is rather analogous to taking down a website in the eyes of the law.
What do you mean by "in an IT context?" The limit of the "IT" part of this is submitting the application online. There is no further technical piece, and I can't help drawing a parallel between you saying this is illegal because it's "in an IT context" and similarly ridiculous things like patenting already-patented processes but "on a computer."
If this stuff is illegal then posting a job when you already have an internal candidate in mind, or you are just collecting resumes or the actual job does not match the listing should also be illegal. After all aren't they sabotaging my application process with their spammy adds?
The intent to access systems in an unauthorized way in order to disrupt those systems-- the clear intent of this script-- would fall afoul of the rather broad CFAA.
This isn't technically a DDOS though, is it? My understanding is that they're overwhelming humans' capacity to process the applications, rather than machines' capacity to process them.
I don't see how the thing being overwhelmed matters for determining if a DDOS took place. For instance, I think many people would characterize the Church of Scientology's attack on the IRS [0] as a denial of service of sorts.
I don't think they'd characterize it that way in court. The Church of Scientology's dudes appear to have done a bunch of other illegal stuff in setting up for the requests.
OTOH, if we're going to consider "sharing too much information to an individual for them to process it" to be a DDOS, there are a whole bunch of Terms of Service that will need to be rewritten. So maybe this is a good idea...
> the Court adopted a “gates-up-or-down” approach: either you are entitled to access the information or you are not.
To me, it sounds like you are entitled to submit a job application or you are not. I don't see how a charge under the CFAA for submitting an application would stick, when they are inviting the public to submit applications.
Nonsense. Using a public form, which is clearly intended to be a public form, is not using a computer without authorization or in excess of authorization.
You can't make someone using your computer a crime just by retroactively deciding that you don't like they way someone used it.
They are also the reason many corporations are immoral.
Or: most unions are legitimately just trying to improve the situation for their workers, and many business owners have a conscience and weigh more than profits in their business decisions. It’s mostly the mega-wealthy who have become disconnected from normal humans and give us these Snidely Whiplash characterizations that ultimately paint both sides with a bad brush.
Legal lawbreaking is such a stupid concept. Have people forgotten that civil disobedience is purposely breaking the law for good reason? God it's like an entire generation forgot how to be rebels when they grew up -- "Oh I'm sorry could you pretty please let me protest you."
Isn't part of civil disobedience that you understand there will be negative legal consequences for your actions, but you do them anyway? What I see a bunch of today is people saying "yeah I broke the law but I should be immune from the consequences because blah blah blah".
That and denial of service doesn't even need to be something that "clogs up" technical systems. Just making it impossible for the HR people to work by overwhelming them is still a DOS attack.
This isn't the case, though, the intent is to disrupt their ability to hire non-union workers by submitting bad data, not by taking down their ability to ingest data in general.
Was just thinking this - and I also think quite a few people have been arrested for using it over the years, including some jail terms. While I'm not on Kellogg's side on this, I'm nervous for a lot of US residents who might be jumping on this bandwagon for lolz without understanding the potential consequences...
picketing explicitly CAN NOT prevent people from crossing the line. Though in practice it does just that, they have plausible deniability. A DOS attack is harder to use this defense, plus typically you attest that the information is correct so unless you're actually automating this will real information you could potentially be opening up that concern as well.
I rather suspect that anyone reading about this-- whether computer literate or not-- will suspect in the back of their minds that this thing is not legal.
Turns out those hunches are pretty reliable, who woulda thunk it.
A business parted ways with some staff who were refusing to work under the contract that was offered. The business is now looking for new staff.
I'm strongly against the idea of using weaponized computer code to disrupt their hiring operations and flooding. Sounds like it is probably illegal.
I guess I am new to Ycombinator, is this type of thread the norm here? Seems pretty sketchy and I would say this is probably the lowest quality thread I've seen on this entire network this week.
To me this submission exemplifies the hacker in hacker news. This isn’t White Hacker News or Black Hacker News. It’s important we discuss events like this as they happen. It would be ridiculous not to.
Weaponizing computer code to attack a domestic company's normal and legal operations is a bit black and white to me.
As far as I am concerned, anyone has the right to disagree. The company disagreed on terms with some potential hires who wanted a better job offer and has a right to look elsewhere for employees. There is nothing more to it than that.
The value of this board is an extension of the quality of comments and discussion. We need to hold each other and ourselves to a high standard.
The community guidelines are an attempt at saying please be decent so as to foster a more desirable community. Think about it. That is why you are here and not reddit.
>>Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.
>>Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
>>Eschew flamebait. Avoid unrelated controversies and generic tangents.
I think unions should change the way they work and focus on helping people find other jobs. Trying to get a company to meet your demands about increased wages and benefits seems futile in a world where competition is local and global.
For example, if a tech union offered networking opportunities, resume-building help, internships, and access to companies looking for employees, I would join.
Typically engineers for example will join something like IEEE, ASME, or AIChE.
The reason for this difference is that in the case of well paid, in demand professions like engineering, it is typically a better strategy to just have enough money stored to to bridge the gap and move on to another job quickly if your employer is shitty.
Laborers don't typically have those privileges, so they form organizations that help them defend their current jobs.
I agree, it's also very difficult to do one's best by the customer when there's such an adversarial relationship inside the company structure. I think Unions work better when they're more like guilds, where the primary focus ins perpetuating best practises and serving the public, with fair wages for work done being a natural consequence of the best workers being union members.
Unions would work better if they were more like guilds, in the sense that guilds and professional societies serve an entirely different type of worker, with jobs that are in higher demand and have more training requirements. So yes if unions had to do a very different, much easier job, they'd probably do great.
> if a tech union offered networking opportunities, resume-building help, internships, and access to companies looking for employees
And I would add, banning employers that use anti-labor tactics... Bring in "Scabs" ? Lose access to the best people until restitution is made.
Edit: I also think incentives can be better aligned by bringing more equity or corporate performance pay eg: you get $20 an hour base pay, but $15 an hour is actually in company stock or bonuses on profit etc.
IIRC westjet (canadian airline) had a lot of success making every single employee have equity pay ("be an owner/shareholder") ...
Absolute nonsense. That is utterly worthless, and giving up a massive amount of power for basically nothing at all. It would be pure insanity to do so.
Its all about power dynamics. Kellog here decided that they have more power on their side so why should they come to the negotiating table.
If you look at /r/antiwork you’ll realize that these demands are more and more moving goalposts. I don’t understand that subreddit. They think jobs grow on trees.
This is the kind of thing that the CFAA is supposed to be for. If a fired employee broke into the office and welded the HR department's door shut, they'd end up in prison, and what these people are doing is just as bad.
These are strikers, not fired employees, and what is happening is a protest. It's no different than mailing in a bunch of applications, it's just digital instead. They aren't burning down the offices (although I think it's fair to point out that most of our labor rights do come from unions threatening- and in some cases doing- things exactly like that).
>These are strikers, not fired employees, and what is happening is a protest
Why is this relevant? Does being labeled as a "striker" give you additional legal rights that you wouldn't otherwise have?
>It's no different than mailing in a bunch of applications, it's just digital instead. They aren't burning down the offices
"not burning down offices" seems like a pretty low bar for acceptable conduct. that doesn't mean their behavior is legal. The obvious analogy would be: would it be legal to spam a pizza restaurant with fake orders? Or spamming a doctor/hospital with fake appointments? Or spamming police departments with fake tips?
> Does being labeled as a "striker" give you additional legal rights that you wouldn't otherwise have?
Actually, yes.
For instance, if you are an employee who is striking, you have the right to use racial slurs to abuse and harass employees who are not striking, without being fired for use of those remarks. See Cooper Tire & Rubber Co. v. NLRB. (Remarks included: "Go back to Africa, you bunch of f--- losers!", statements regarding fried chicken, watermelon, etc.)
There are a variety of other rights conferred by law.
Being a striker does give additional legal rights you wouldn't other wise have, but I don't think that this is one of them. It's also unclear whether the author or people using the script are actually fired employees or bored teenagers jumping on the bandwagon.
Spamming a police department with fake tips is specifically illegal (making a false police report and/or obstruction of justice and/or USC 1001). I'm not sure about fake appointments for a hospital, that seems the most unclear of the cases you've listed.
Be careful with the claim that a "protest" makes something legal.
A bunch of trump supports went to Washington to "protest" - not turning out very well for them. Similarly with many other protests (BLM etc etc), folks getting picked up breaking windows, stealing, burning down buildings etc - they don't get off free because it's a protest or there is not something in the law that makes calling something illegal a protest legal.
There was a claim that because this was a protest it was OK to use code to flood a website with applications.
For anyone who has paid attention to CFAA if you have a computer used in interstate commerce and someone knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer, then whamo, down you go.
This code that has been written to disrupt the operations of this business (Kellog) if it does disrupt their operations and they complain, the person knowingly transmitting it is at risk.
Again, calling something a protest is not a free pass.
They haven't fired them. They're beginning to attempt to start to replace them.
"Rutgers University professor Todd Vachon, who teaches classes about labor relations, said he's not sure the company will be able to hire enough workers to replace the ones who are out on strike in the current economy, and Kellogg's may have a hard time finding people willing to cross a picket line."
In an economy where finding workers is really tough, where target, walmart, etc have had to raise min wage to 15+ and add free college tuition....
They cannot fire the employees in question, they can only replace them 1:1 and w/ the amount of publicity, and the striking it's bound to deter a lot of potential applicants, and with people using automated and manual methods to spoof applications --some presumably locally even going through the entire application process, going through training, and quitting day one on the floor... seems to me like it'll bleed Kellogg's dry long before they ever find the employees they need to continue.
They're more likely to fully automate 100% of the plant before they find the staff they need for permanent replacements.
I'm seriously betting Kellogg's does a full reversal, esp when profits start to fall, and revenue expectations get dwarfed by the boycotts that are ongoing.
Personally, I can do without ever buying poptarts, eggo waffles, or any of their cereal. There's plenty of alternative junk food out there to fill the gap.
If something's not okay to do, calling it a protest doesn't make it okay. For example, consider what should happen to someone who robodials 911 to protest police corruption.
I 100% think this is right to do. The only thing this harms is the company's bottom line, and frankly it's ridiculous how much power corporations already.
Your metaphor to police corruption is also why "context" is an important thing. In that case people would actually get hurt, in this case a company loses money. They are different scenarios completely.
I would encourage you to look at how prosecutors have successfully utilized the CFAA as a blunt instrument before making analogies that may garner upvotes on HN but wouldn’t reduce a prison sentence.
CFAA is a bad law: it's excessively broad and can apply to almost anything.
However, Kellogg's is soliciting job applications from the public. Automating the submission of a single application is clearly legal, but submitting many with the intention of overloading digital systems is clearly illegal.
IMO, this case is legally ambiguous because they are using a digital system to overwhelm a human system.
The public is 'authorized' to submit one application, so it's hard to say submitting many applications is unauthorized, unless done with intent of crashing servers.
By what principle does a group of striking employees have some intrinsic God-given right (or right conferred by some other source of truth, outside the law) to sabotage the company that they are protesting? Is the company their property, that they have veto power over hiring? Is the labor force their property? If there is some property-like interest that grants these rights, then under what circumstances would that interest became their property rather than the original worker's? Is it strictly first come, first serve? Is there a vesting period during which this right accrues? Are the striking employees as a group to be considered a form of government, that they may regulate hiring and firing? What elevates this right or interest over other cherished principles, such as free association? Or do the strikers simply wish to subjugate such principles to serve their own self-interest?
I believe that you propose mob rule. It is no surprise, then, that you are in conflict with a nation ruled by laws, rather than by mobs and strongmen.
If you try to buy a car, but you and the seller fail to reach a deal, is it okay for you to let the air out of their tires, since they sabotaged your ability to negotiate fairly?
Working a specific job at a specific price isn't a requirement for feeding your family either. Neither is living in a specific location for a specific rent price, for that matter. The idea that you are entitled to whatever job you want to work at a price that you think is fair is just as absurd as insisting you are entitled to a specific car at a specific price.
If you have somehow gotten yourself into a position where you are supporting a family based on knowing how to do one thing that you can only do for one company, sorry but you either massive screwed up your life (unlikely) or you are afraid to step outside your comfort zone and work elsewhere (likely).
>Buying a certain car at a certain price isn’t a requirement to feeding your family
It isn't? In many parts of the US a car is needed to hold a job, or to even get to the grocery store (which might be miles away). Moreover, grocery stores do provide the means to "feed your family". Does that mean looting/vandalizing them is fair game after failing to "negotiate" with them?
Seems like bullshit. I know there are some pieces of software that can bypass CAPTCHA at a low success rate but certainly not at a high enough rate to be a bother, especially when the CAPTCHA settings are turned up (e.g. multiple challenges in a row).
I once heard someone (perhaps jokingly) suggest forwarding the captchas to users of some website you control - e.g. a free porn website where you have to solve a captcha every 10 images.
"reCAPTCHA v3" despite its name is not a captcha though, it's just a very bad risk-scoring service. Bad because (1) it flags plenty of legit visitors as spammy, in a way that's probably a slamdunk GDPR lawsuit waiting to happen, and (2) apparently the returned token is still replayable - Anti Captcha claims to support v3, you can even select what score you want to have (>= 0.3/0.7/0.9) lol
for recaptcha it's even simpler. Because of how it's implemented, all you have to do is send the captcha solving service the site key, and it returns a solved token.
They're using SAP SuccessFactors saas. I'm not sure about the features that platform has, but other easy ways to block the spam would be email verification, shadowban with silent captcha, or turning up cloudflare anti-bot to maximum.
It'll be trivial for any competent administrator to filter the bogus applications based on the non-unique IPs they were submitted from. Further, user agent is probably going to be identical. Finally, the time they were submitted is going to be another way of filtering them out. Addressing these flaws would make the resume jamming far more effective.
Just stop using their products and don't hire anyone who started working there after the labor dispute happened. Get big companies to sign a pledge like a code of conduct that says they won't do business with scabs or companies using scabs. Use collective bargaining to hold their feet to the fire.
> don't hire anyone who started working there after the labor dispute happened.
I kind of see the point that you're trying to make, but I'm sure you understand that not everyone is in the same position to pick and choose jobs that the majority of HN find themselves in. Often when someone takes a job, it's because they need a job in order to live.
It's pretty shitty of you to suggest that that individual should be barred from future employment because they had to take a job that was available, even if the reason it was available is disagreeable.
You could say the same thing about the whole spectrum of ethically questionable jobs. I think we can all agree that there is at least some point on that spectrum where "Well, I needed a job" is an unacceptable excuse.
We're currently living in one of those rare times where there are a lot of non-questionable jobs going unfilled, and employers are a little uncomfortable with the number of job vacancies. So, if you have to take a job, there are currently plenty out there that keep your hands clean of strike-busting.
> You could say the same thing about the whole spectrum of ethically questionable jobs. I think we can all agree that there is at least some point on that spectrum where "Well, I needed a job" is an unacceptable excuse.
Sure, but "ethically questionable jobs" is a pretty massive spectrum, and I'm not sure that I would agree that "making cereal during a labor dispute" meets the line of "to unethical for me" for the majority of people.
> So, if you have to take a job, there are currently plenty out there that keep your hands clean of strike-busting.
So is strike-busting the only place you draw the line? What about having to take a job at Hobby-Lobby? Or Chick-fil-a? Amazon has some some pretty sleezy stuff, so you don't want to support them. Walmart employees often depend on food stamps, and you should keep your hands clean of supporting a company that treats it's employees so poorly.
There are tons of jobs that you could take in order to keep food on your table that aren't Kellogg, or Hobby-Lobby, or Chick-fil-a, or Amazon, or Walmart.
If you keep digging, you'll quickly run out of "non-questionable" jobs. You are definitely welcome to blame the employer for their actions, policies, and decisions, but it's not fair to say "Well Jonny over there once worked at a company that I have an objection to, so he should never be allowed to have a job again!"
It's the place he draws the line because it is the place that organized labor has always drawn the line: wherever anyone challenges the organization. In this the grandparent poster continues an ancient organized-labor tradition, one which once dynamited homes, beat and blinded men, hung them in effigy, insulted and harassed their families, often without a shred of sympathy. For this simple reason you should harbor doubts that there is a real principle behind the thing.
David Dick, of Old Forge PA, letter to the Scranton Tribune, 1902:
"A short time ago, my son, James Dick, had his home attacked at night by an angry mob. The windows were smashed and the house so damaged that he had to move his family out and come to my place for shelter. Now, why these depredations? Because my son and I try to earn a living for our families..."
JR Gorman, employee of Exeter Shaft, West Pittston: "They hung me in effigy and hooted me in the street. I had to go armed."
Of a miner named John Colson: "Five years before he had been in a mine explosion... Colson had been taken from the mine for dead, but he finally lived, blue-scarred, wholly blind in one eye and almost blind in the other... [W]ith the strike came hard times, and [his] sons, though willing to help their parents, had many mouths of their own to feed ... so that old John Colson was compelled to go back into the mine. He told me he was doing [an African-American's] job, turning a fan in a deep working, and he earned only 75 cents a day, but he was glad to be employed again."
Of the mob that attacked John Colson: "The police had warned him of his danger, and he had, indeed, already been stoned, and yet, naturally fearless, he was going back alone. Having a revolver, he thought he could defend himself. A trainload of soft coal was passing; a mob of men appeared, shouting at him threateningly. He reached to draw his revolver, and a man on one of the cars dropped a huge block of coal on his head. Colson fell in his tracks, and after further beating him, the mob robbed him of his revolver and a new pair of boots, and left him for dead. For three days he lay unconscious in the hospital..."
John Colson's mother: "He might better be dead, for he's brought disgrace on the name... He deserved all he got. He wasn't raised a scab."
Scab jobs are a negotiating tactic; they’re very temporary and that should be known. This strike will eventually be over and they’ll fire the scabs immediately (and the scabs will be blacklisted). Taking one of those jobs does nothing to advance a person’s position and in fact will probably leave them worse off.
If someone is struggling to feed their family on $10 and hour and they can get a job on the Kellogs line for $20 an hour essentially changing their life and that of their kids, they are a bad person and should be punished for the rest of their lives? This makes absolutely no sense and you are imposing your moralistic world view on others who most likely don't enjoy the financial freedoms that you do. Family comes first over everything. Also all collective bargaining accomplished in this case is to get everyone fired and 1400 open positions.
The root problem is that this person is struggling to feed their family. If workers had a little more freedom, they wouldn't have to worry so much about finding work ASAP.
The suggestion isn't necessarily moralistic. It's just a way to bring about collective action. In a strike, workers are sacrificing their immediate benefit for greater benefit in the long term. Workers generally win concessions through collective action. It didn't work here because unions in the U.S. are weak. If workers were better organized, they would have stood a better chance. Well organized labor benefits society as a whole; just look at the Nordic countries.
How many Code of Conducts have been added to repository since people have been asking for them?
The collective bargaining I was suggesting was to talk with your own companies which have a business relationship to Kellog.
Work in a hotel that has minicereal boxes? Get with purchasing to stock a different brand. Work in a grocery? Ask the owners to stock a different brand on a public forum.
See Kellogg flakes at a friend's or family's house? Ask them politely not to support union busting.
Daily call one local business until they agree not to stock Kelloggs.
Why would a company's management be aligned with the workers here? If you're hiring people to run your food production factory "crosses a picket line" seems like a good thing.
Collective bargaining might help, but even Kellogg's union isn't capable of doing much -- only one factory is striking. Why would an unaffiliated union spend huge resources on helping Kellogg workers rather than its own members?
Who is "they"? You're talking about different people.
HN is not a person - it can't have human qualities like being hypocritical about something. That would be like calling a room hypocritical because people in it disagree.
Sure, but it's doubtless that there are prevailing attitudes, and also doubtless those attitudes are allowed change over time. Because of the voting system you can even measure that change. I would also argue that a voting mechanism can distill that room into a single amplified voice, even if there's some disagreement within the room. As an example: You could post a Dawkins quote on /r/atheism at noon and you'll probably get some upvotes and some comments. If you post the same quote at midnight (when most of those who interacted on the original post are asleep), you'll probably get a similar proportion of upvotes and similar comments, but from entirely different individuals. Meanwhile, you could expect the inverse outcomes making the same post at different times on /r/christianity.
What I'm asserting here is that any popular community with comments ranked by upvotes and downvotes inevitably ends up speaking with a singular editorial voice regardless of who happens to be online that day. And (here comes the hot take) in the case of HN, that voice has, for better or worse, lost a lot of its hard-edge over time in my opinion.
IMO you're falling prey to the tendency to anthropomorphize these things. That's powerful and common and unavoidable. Where it becomes a moderation issue is when people start posting their images of the community in a snarky or sneering or defensive way, in order to immediately knock them down. (This is what you did above with your "they".) In comments like that, people are simply battling with their own imagination. Such comments are reliably uninformative and go against what we're trying for on this forum (https://news.ycombinator.com/newsguidelines.html), so please don't post like that here.
(On the other hand, if you actually want to do a rigorous analysis of the data I'd be happy to help. We'd never publish vote data but I don't see why that would be necessary anyhow.)
I appreciate your thoughtful reply! Honestly when I replied I didn't realize you were a mod. At any rate though I think there's some interesting meat to this discussion, though I will try to be more attuned to what could be seen as snarky in future comments here.
I assure you though that snark was not my intent. Like if you'll humor me to continue down the path of anthropomorphization, I can elaborate a little bit on what I meant in my original post. Like my theory is that a lot of the community has grown older, likely gotten more stable jobs, and as it goes, probably also gained a more careful and conservative attitude towards risky and rebellious acts. Simultaneously though, they remember and continue to admire their hacker heroes of yesteryear (like Kevin Mitnick, Aaron Swartz, and Edward Snowden). I think it'd be reductive to boil the dissonance between shifting risk profiles and idealism to just hypocrisy, since I think that sort of conflict manifests within different parts of everybody. I think you can hold both and be valid, just as you can be tired and hungry at the same time, but you wouldn't be a hypocrite for eating instead of sleeping. The conflict is deeper in more interesting than that, and I think it can be productive and interesting to inspect that conflict.
https://github.com/SeanDaBlack/KelloggBot/blob/main/req.py
Edit: The code is not PERFECT as MANY people have picked it apart below.
But if I had to work with this code on a daily basis I would certainly not mind.
If you ever need a code review just post your code on hacker news and say it's well written....