Figure out who's leaving the company: dump, diff, repeat

Layoffs in the WFH era are weird. Back in the day you had a pretty good idea of who got laid off because you saw them walking out the door with a box of their stuff. You could go up to them and say, "hey let's meet at $local_watering_hole and hang out". You could swap contact info if you didn't already have it.

You could get closure.

Now, one day a bunch of people just stop replying to email. You have a to wait a while to figure out if they are actually gone or just busy. And if you're waiting on them for some output to work on your project, they may just never deliver and you won't know why for a while.

The company directory, if there is one, often still shows them for 60+ days because of the WARN act. And it seems most companies won't make a "layoff list".

It's really hard to get closure if they won't even tell you who got let go, and if they don't give the people a chance to say goodbye by cutting off their access before telling them they are laid off.

Watching people’s accounts go into deactivated status in Slack with no goodbye is sad.

The most toxic boss I ever worked for would request access to former employee’s Slack accounts under the guise of looking for data to transition their job. Their accounts would periodically go green when he logged in as them. Spooky to see ex-coworker accounts go green and know the boss is scouring their private messages.

I know companies can get slack messages anyway, but seeing your boss do it in real time is extra creepy.

Fortunately in Europe what the said boss did is illegal and this can end with a criminal prosecution.

What? First, Europe isn't a single country and there are large difference between legal systems.

Second, what you said is just plain wrong in at least one. In France (which is known for strict worker protections) the employer can go through any employee's mailbox or files on their work computer/account provided 1. that the messages/files in question aren't clearly marked as personal 2. that the conditions for the access are laid down in advance with proper notice. When an employee is let go, they need to be given time to empty their mailboxes etc of private correspondence or files. https://www.cnil.fr/fr/lacces-la-messagerie-dun-salarie-en-s...

I had some DM’s which were of personal nature that were rifled through after a contract ended. How do you "clearly mark a DM as personal"? It was creepy, and further illustrated that anything you say in Slack can and will be viewed by the whole company. If not literally, then that’s how you should treat it.

You might be right that it’s not illegal, but it would be nice to have those kinds of protections. Trying to talk to anyone at work in the WFH era is a field of landmines, because you never know at any given time whether what you say will make it back to the person you’re discussing. Discussions like that are a normal and healthy part of socializing with coworkers, and it happens at every company. Except in the WFH era everything you’ve typed is a permanent record, whereas previously you’d be able to say something to a coworker without worrying that someone else will someday hear it.

But, it’s a new era. It’s easy to adjust. Just don’t get personal at work. It sucks, but work is designed to suck, or else it wouldn’t be work.

anything you say in Slack can and will be viewed by the whole company. If not literally, then that’s how you should treat it.

Anyone thought otherwise?

In private DMs?

In company Slack?

Private != personal. At least I never ever imagined one could even assume DMs on work IM are personal private conversations. They're organizationally grouped as chat between to accounts, as opposed to group chat, but they're at work, for work, using work-provided tools...

Or put another way: why would anyone consider work Slack to be different in this regard than company e-mail? Much like with e-mails, the difference between DMs and group chats is whether the number of participants is > 2.

I guess the cognitive dissonance is that I used to be able to say things to a coworker in-person which wasn’t recorded and tracked, using my voice. This was always a normal part of work, and I didn’t give it a second thought until it was gone. Nowadays it feels like someone is constantly standing over your shoulder whenever you’re at work, and there’s never a private moment. This is especially strange during holidays, since personal conversations tend to spontaneously happen around those times.

You’re right of course. I just wish we had something to fill the void that was left by in-person interactions vanishing. I think I’ll be doing WFH pretty much the rest of my life, and I absolutely hate going into an office in general, but there are definitely some aspects I miss. Being able to chat off the record with a coworker is one of them.

Call! Yes, most communication can be done with chats in slack or teams, but take the excuse to call and chit chat a bit before getting down to business.

Unless all calls are transcribed and recorded, it’s pretty “watercoolerish”.

At that point, the bigger risk is that someone repeats something to someone that you wish they hadn't. But I've had that happen with an in-person conversation.

That's funny, because as someone who has worked mostly remotely, I consider the recording of every chat a feature. For example, I have been able to use this to figure out why code I wrote a decade ago is the way it is.

It is still strange to me that:

1) people think that anything sent on an employer system isn’t visible to the employer

2) people send private DMs from work accounts

Most large companies will tell you two contradictory things:

First of all, they'll tell you that even the most junior helpdesk workers can remote onto your machine, reset your password, disable your 2FA, and monitor all your web browsing and chat history.

Second of all, that this unannounced product, this not-yet-filed patent, this big planned layoff, this prospective hire background check result, these upcoming financial results, this employee's reason for needing medical leave, this pentest result document, and this forthcoming change to pricing are Strictly Confidential. You shouldn't discuss them even with your own boss, unless you've first confirmed they're on the need-to-know list, and that certainly doesn't include level 1 helpdesk workers.

Most large companies, to address this contradiction, will say access is possible but rarely used, tightly controlled and carefully audited.

The way this was communicated to me in the past was "don't say/write anything using company resources that you don't want to see on the front of <insert major news publisher>". All communications on employer-operated platforms are subject to discovery.

Senior leaders tend to skirt this by using the telephone or video calls predominantly. However the infiltration of machine learning and AI means transcripts of calls, etc are now possible too.

In addition, the growing use of "disappearing" messages despite litigation holds has come up in more legal cases recently.

A video call on a company account isn't ironclad but, unless you're discussing something actually illegal, it's probably good enough for most purposes. Maybe not as good as personal cell phones or in-person, but a lot better than anything written--especially on company systems.

That seems like it would be a much larger constraint than you're making it out to be.

I agree with you, Europe has different countries and some of them are not in E.U. so different rules may apply. However, since France is in E.U. what you describe should be illegal. The article you refer to is 15yrs old btw....

The "article" is published by the French data protection authority. They update them when regulations change. They didn't update this one. Make a deduction, now.

However, since France is in E.U. what you describe should be illegal.

What's the regulation or directive you're talking about?

Europe isn't a single country

Correct, but it does have a single ECHR. Even though some countries still ignore them.

What ECHR principle are you referring to here?

What the said boss did sounds to me like impersonation, which is not only illegal, but a crime. Accessing records kept on company assets is one thing, logging in to someone's account in a communication software is another.

The rules on this vary across Europe, though broadly speaking accessing an employees mailbox is “something you only do after speaking to legal”.

The patchwork of national laws and national interpretations of EU regulations is quite interesting, and rather confusing especially if you do offensive security work or DFIR.

As an example, when doing consultancy we would do the usual phishing as part of an assessment. Usually this is followed by dumping the users mailboxes to look for further credentials/access to corporate resources (eg: are they emailing passwords around?) - but in some countries such as Germany that’s often explicitly ruled out due to fear of breaching privacy regulations.

The rules on this vary across Europe

Not really, ECHR has already ruled on this.

It's pretty much only allowed if there's an important reason for it. For example, to recover something invaluable (contract, code, report) that isn't available somewhere else and cannot be replaced. In that case that's also the only thing that them employer can look for. They can't open obviously unrelated e-mails. So before talking to legal, make sure you have a valid reason.

What mechanism is there to prove who looked at what emails? And who would be there to enforce it, especially at a small business?

Difficult, very difficult on deed. As with most corporate and whize collar crime, the investigation rate is extremely low. That being said, worker councils and unions. The former has to involved in these things, if the exist. The latter pushes for the former.

That is valid for Germany.

There really is none. A smart company would work with the 4 eyes principle though (still no guarantee).

However, if a company does find an unrelated e-mail they want to use against you (which is what most people fear), that makes them liable.

It's completely legal in the US and often mandated by regulation. In some US industries, even your phone calls are recorded by law.

You can’t get private Slack messages easily if you don’t have direct access to the account. There is an audit feature on the Enterprise version that allows it, and you can appeal to slack to open the messages due to a crime or similar - but AFAIK on the normal plans you are out of luck of you want to read private messages as workspace owner.

Request access to former employee’s corporate email and reset the password.

Yep. That’s how it happened for me.

Ouch. My takeaway is that I should probably delete my slack account before leaving the company.

The takeaway is that no message on Slack should be considered private.

Why would anyone consider a company provided messaging service as private? Or even a company provided laptop, cellphone, etc.

Because private messages carry an expectation of privacy.

They're different parts of speech from the same root word, after all.

The only expectation of this is in your head. It is a fantasy that doesn't exist.

There’s no legal obligation of privacy on a work system though. Not in the US at least.

People have terrible opsec.

I'd extend that way beyond that, to anything done on a company system/network/device.

If you need privacy, use your personal phone (and don't connect it to the company wifi)

Deleting company data before leaving probably won't end well.

Slack keeps those messages even if you delete the account when you leave. It's a data retention setting.

Hah, that would be the trick wouldn't it. My old manager used to get all of his former employees work emails forwarded to an account he had access to. Ostensibly it was a precaution against accidentally missing anything critical from a vendor or partner.

And all but extremely early startups or cheapskate companies have the Enterprise version.

I haven't checked in a while, but I think there's also an API for it too.

The correct mental security model here is “if you used an account on a company issued laptop/phone/any hardware” == “the company technically already has or can get access to the data”. There are so many ways for a company to do that.

Granted, some of these ways might be legal or not depending on jurisdiction, but then lots of company will thread or cross the legal fine line if they are happy with the risk/benefit trade off.

One company I worked for used to have an unofficial “ex-company” slack setup, where people would get invited to by others that have already left and were in there, it was kinda nice since you form bonds with people and suddenly they’re just gone. You might have not managed to connect with them in any other form. But you login to “ex-company” slack workspace and here they are - everyone that went through the company. I mean lots of people would stop responding after a while, but there was enough time “buffer” to allow people to connect with other means.

I am a part of one such group! It started as a WhatsApp group for all ex-employees, but has now morphed into a discord server. It's a great way to remain connected to friends you make at work, and recently, it has also become a way to share job openings to your network to help laid-off people.

Anybody have connection to the ex-google one if there is? I just left and didn't see it referenced in any of the leaving guides.

Leaving guides? I imagine a pamphlet.

"We wish you well on your departure; as you embark on new adventures your about to open your eyes for the first time.

This may be a shock to some of you as you may discover that the world is more dystopian than you've may of seen from your altered reality mind-implants.

We would like to thank you for your service as a tool at the corporation."

You could rewrite Plato’s Cave for some companies, especially the insular ones where there’s some culture shock when you get into “the real world”.

Plato’s cave needs to be rewritten anyway

time to just acknowledge that its an overly long arduous convoluted setup that can be vastly simplified for the message it creates

Tempt me with a good time lmao. "Imagine someone spends their entire life in a dark room with only an ebook reader..."

if Plato's cave were rewritten today, it would probably be from the perspective of the cave

"Handbook for the Recently Terminated"

As long as it doesn't read like stereo instructions ....

https://xoogler.co/ has a xoogler slack

This seems common now, I’m part of two such groups and it’s a nicer experience than trying to keep up via LinkedIn.

Only a recruiter would think keeping up on LinkedIn would be the route to take

One company I worked for used to have an unofficial “ex-company” slack setup,

More than one for me.

I am in a Discord of full people that all got laid off from the same place in 2019 (I actually left on a Wednesday for a new job, and everyone else got their pink slips Friday that same week). At first it was pretty lively, as you can imagine, but its settled into a wonderfully cozy online space and I'm so glad I'm a part of it. It's good to have connections to people with whom you have shared experiences but no real ongoing professional relationship (these are called "friends"). It's also good for networking, since we're all in the same industry. In some ways it just feels like a continuation of the Jabber rooms we all shared when we worked together, but it's also something more.

I think admins don't need to log into an account to see private messages. Was like that at two of my previous jobs.

It’s usually an additional step as admin to access messages, but “login as” can be easier/simpler.

Learned that Office 365 now has a “login as” for email which is convenient for setting out of office, deleting calendar invites, or email snooping.

Their accounts would periodically go green when he logged in as them.

The new dystopia will be when an LLM steps in to reply like them.

Wow, that is creepy.

The lockout always struck me as dumb and I didn't do it as a manager.

If I trusted them for the 3 years they worked for me, I can trust them for another week or two.

Tie up loose ends, take your time. We're all adults here.

I understand that under the worst circumstances bad things can happen but that's always the case.

I worked at a large web dev company and for years they had this attitude.

Then one designer put in his two weeks and spent the majority of the time downloading all the site files for all of the sites the company had built over the two years he was there. We're talking hundreds of static sites where he took the all the design docs and static HTML/CSS/JS files one would need to recreate them somewhere else.

Instead of going after the guy legally, they passed and then instituted the same policy. You put in your two weeks? Nah, you're out the moment you hit send on that email. Manager alerts security, who then come over to your desk. You get your jacket and whatever you walked in with and get walked out. The one designer totally ruined the company from ever letting someone stay for their two weeks.

Get a DLP system in place for god sakes. I’ve even seen off shore people work from VMs only where they can’t download or store any file locally, much less dump everything to a USB stick.

Top search result is from Gartner: alarm bells ringing. Data loss prevention seems to be enterprise speak for doing as much intrusive monitoring you can do, in as neutral speak as possible.

1984 is so appealing for so many people, it seems like it is just a book about the tendencies that power can take when it is not guided by sane principles. I have always been employed in a high trust capacity since I was a young adult, there is not a technically feasible system in the world that could prevent me from wrecking havoc in a company. Social ones though, they are extremely effective.

Every so often a client asks if we are using a DLP, and if not, why not.

All the DLPs rely on, effectively, regular expression searches of traffic.

This is fine if what you need to protect are SSNs, phone numbers, credit card numbers... but if your data is not easily recognized that way, they don't work.

If you ask the DLP vendors about their threat model -- and the salespeople generally don't know what a threat model is -- it's always a set of stories about a salesperson who clicks the download-as-CSV button on a CRM system, a DB reporting specialist who generates a report full of raw passwords and credit card numbers, and an off-shore programmer who sends AWS credentials via email.

Hopefully you can spot the non-DLP prevention mechanisms for all of these...

Hopefully you can spot the non-DLP prevention mechanisms for all of these...

What is it?

What does any of this have to do with theft? In most lawful places, if you dump source code and documents to take with you it’s not going to end well.

https://www.cnbc.com/amp/2020/08/04/anthony-levandowski-gets...

I’ve even seen off shore people work from VMs only where they can’t download or store any file locally, much less dump everything to a USB stick.

Sure, they can't do any of that, and development becomes miserable. You don't have to go full VM and remote desktop to prevent those things.

If you really want protection you don't want a DLP, you want a (limited) air-gap.

Basically the machine is not allowed to access the internet and USB drives do not work. Only specific locked down applications like the email app, web browser, and so forth have internet access. Downloads are allowed but uploads are not.

A permissions interface is available for say legitimate transfers of data to a flash drive or a web upload, in that case the user will have to add a valid reason and the specific files into the form. Once that's checked and approved by a higher-up the files are temporarily placed in a special folder that permits transfer out. The same thing goes for external emails that aren't on a whitelist, they'll need approval before they get sent.

If you're running a VM you're storing the whole state of the VM on the host machine, there's nothing technically stopping you from copying all the data, and worse, there's no way to even know that it happened.

What VMs are helpful for is cross-contamination and spyware attacks from other clients a contractor is working for.

Anyone could have done that at any time. The two weeks isn't magic.

It could have been unannounced and they just stop showing up.

You either trust your people or you don't. If you don't, get rid of them and lock them out. If you do and you still have to let them go then don't worry about it.

People are far too inhuman in professional relationships and I strongly dislike that tendency. You likely spend as much time with your colleagues as your spouse, make it a real connection.

But once they receive the bad news, their motivation for revenge increases, which is why similar policies exist in many workplaces. Trust isn’t a univariate, piecewise defined function like you suggest.

Right, if you're being a dick then sure. I'm advocating for not being one in the first place. That's the challenge.

If you can't meet that use keycards instead of keys, voip instead of real phones, lock file cabinets, I mean go all the way.

Corporate America loves pretending. Pretending you're part of the family and then treating you like you're trying to rob the place at the drop of a hat.

That's the messed up thing. Be consistent and don't be fake. People can deal with you for being overly formal and paranoid but probably not for being a phony backstabber, that's how you grow haters.

The hardest thing for a brand to shake off is a bad reputation, whether they justly deserved it or not. You don't want haters in the Internet age.

I think people in general are a lot better about being fired if it doesn’t happen at the drop of a hat. Unfortunately in the US it seems like you can go from gainfully employed to jobless in the space of an unfortunate 10 minutes. That’d piss me off too.

I think it’s a scale thing, honestly.

Yes, most reasonable adults remain reasonable even after fired

But once you hire a thousand, ten thousand, a hundred thousand people… statistically there are gonna be some wackos you didn’t filter out!

It’s tough. I agree that treating each other like humans is the best policy.

Of course it increases. That's why you have permissions and guard rails on the employees in the first place. Those should be sufficient.

Also if you want to work with the people you like again but need to actually downsize because of external pressure, good luck trying to get them to come work for you at your next venture after some fucked up bridge burning ceremony.

You also have the situation where the boss usually KNOWS who might do things that he shouldn’t - but you can’t have policies that only apply to some, so they get applied to all (there are still unofficial ways around this, of course, like letting someone know unofficially before they’re officially laid off).

We're talking hundreds of static sites where he took the all the design docs and static HTML/CSS/JS files one would need to recreate them somewhere else.

You make it sound like he poached your clients or extorted your company. As they didn't go after him legally, I assume that didn't happen.

I assume all the files are on a thumb drive in his drawer, unopened, just in case he wants to remember how "that cool animation" was implemented. And when that moment comes, he will not find the thumb drive, anyway.

And all that security charade will accomplish is that people who care enough about their work, will make a copy the day before they quit. Congratulations, your policy achieved nothing, except get rid of their two weeks notice and everyone feel a bit worse working for you.

One thing I noticed is we got in the last few years a lot stories of the form "Adobe donates Photoshop 1.0 source code to Computer History Museum, saved because early programmer kept it on a floppy disc in his house". Or games especially we get a lot of this.

It feels like if an employee did this with modern projects, they would at the very least be summarily fired, if not have legal action taken against them.

These days, we use centralized source control, instead of emailing zip files and patches back and forth. Having all the source on a random piece of media was a lot more normal back then.

Designers also need to show portfolios. Hard when your work is all behind some corporate firewall.

I don't know the details but so long as its not some top secret IP, taking copies of various work you've personally done seems pretty reasonable. Good idea to do it periodically as you go along though.

You put in your two weeks? Nah, you're out the moment you hit send on that email. Manager alerts security, who then come over to your desk. You get your jacket and whatever you walked in with and get walked out.

This will work for the first 5-10-20 people, then word of mouth goes out about this policy and your evil designer is downloading everything the day before sending their resignation mail.

Or “your sales guy is making a little backup of the leads from the CRM before handing in notice”.

Though with sales orgs I think this is almost an expected practice - sales people are often hired on the tactit, never officially acknowledged basis that they will bring their leads list.

Years ago I got a job through a recruiter, left company A for B. She called me after a few months and asked me for the Compsny A internal directory - which I declined to provide and she got kind of nasty about it. Maybe ten years later I was at company C and my manager mentioned hiring a recruiter - same person. I mentioned our previous interaction (not out of spite, just a naive narrative) and they stopped working with her immediately. My point being - your behavior has a long tail, so don’t be trying to take advantage.

People asking for company directories amuses me so much, especially when most company email patterns are completely guessable.

it's more the name and the org chart?

maybe the phone number too

But what would prevent someone from "downloading files" BEFORE they send the notice?

...so now people who want to do that just copy everything before sending the email?

You put in your two weeks? Nah, you're out the moment you hit send on that email. Manager alerts security, who then come over to your desk. You get your jacket and whatever you walked in with and get walked out.

The only thing that that accomplishes is that people don't put any notice.

So what stops people making their “backup of files” before hitting send on the email?

In the UK, and most European countries, locking someone out during their notice period is really rare. Big companies exist and are not destroyed by disgruntled employees.

If someone is fired for cause then they go immediately, but if they are given notice then they are usually trusted with access, and it rarely goes wrong.

Stealing IP is rare because it's hard to benefit from it. If stolen IP is offered to another company, usually they report it to the owner to cover their backs legally. Funders are not going to want to invest in a company that is based on stolen IP, where their investment can become worthless overnight.

So I think these stories about how 'we have to treat employees like they are potential criminals' (not accusing parent of that, but you hear them) are bugos. Treating people like human beings is both right and economically efficient.

The one designer totally ruined the company from ever letting someone stay for their two weeks.

No, it's the over-reaction by whoever instituted that policy that ruined the company. They should've cut their losses and ignore the outlier, perhaps make it tad more difficult to copy off data en masse without being noticed, and/or do many other things addressing this risk without ruining the workplace for everyone else.

This is the organizational equivalent of autoimmune disease. Works at every scale. On national/international scale, this is what terrorist organizations are exploiting - do an X amount of damage that may even be counterproductive to their goal, and watch the victim do 1000X damage to itself by overreaction.

It's one thing I miss from the work from office lifestyle - the more human connections. People stopping by your desk to chat about life, the joking - I'd never laughed so hard in my life. Closer connections in general, and being sad when people left, but happy when they were for greener pastures.

WFH feels so sterile and impersonal in comparison.

I've been WFH since 2015 or so, so this isn't a RTO endorsement, just reminiscing.

I miss that too. Some of my best friends are former co-workers. Especially from when I was younger and we spent nearly every waking hour together either at work or at a bar after work.

I don't miss it enough to want to go back to an office though!

The way I see it I go to work to exchange my skills for money. Often that involves working with others, but I’m not there to socialize and make friends. I have friends.

So given that outlook, WFH seems just kind of more “pure.” It’s distilled work, unencumbered by phony pseudo-friendships and awkward water cooler chit chat about sportsball. When we start a zoom meeting I can just launch right into the agenda without having to do that offtopic pre-meeting banter ritual. To me it’s work without waste. I feel like with WFH I get more done per hour and that means more time for me to do what I enjoy: things that aren’t work.

So when you've earned your f-u money you stop showing up for work?

That's not what we see in practice. Most people with a sudden windfall (stocks, lottery winnings etc.) keeps showing up for work. Because how else would you stay socially meaningful in our society? Nobody really wants to sit at a beach sipping drinks the rest of their life, accomplishing nothing.

There is clearly a social aspect of work, at least for the majority that we can call socially functional. And it's at least as important as getting paid. Work is also a social role, and it hurts many people if they are left out of it. It's not easy.

So when you've earned your f-u money you stop showing up for work?

Yes. Absolutely 100% I am looking forward to it and counting down the days.

Absolutely, there are plenty of ways to be social, on my terms, with the people I choose. If I didn’t have to trade my time for money there are plenty of ways I can fill my days without corporate bullshit.

This is one reason why playing the lottery [even if once] has some positive value.

It forces people into a thought experiment on what they would do if they didn't have to work.

Nobody really wants to sit at a beach sipping drinks the rest of their life, accomplishing nothing.

Speak for yourself.

I also have friends, but I rarely see them on workdays. Having other people around me on those days feels good, I don't like being alone for several days. I totally can do and have done that, but I prefer to not be alone.

Additionally, my colleagues and I share big parts of our life: every damn workday. None of my friends are capable of talking as long and nuanced about things happening at my workplace. They don't really want to hear emotional rants about bullshit projects because they have no way to relate to those feelings.

But I want to rant about bullshit projects and thankfully, I have colleagues that like hearing such rants from time to time, as they totally can relate. When I am mad about some shit, start talking about it and they ask "oh, was that XY who said that?" and it totally was XY, that is comforting.

I have friends, yes, and I don't need to meet my colleagues after work. But I still have healthy social relationships to them.

Man, i have different friends than you. I have listened to a friend rant for 3 hours about a BS project at a company I haven't worked at. Another friend rant over weeks and I wasn't even in the same industry.

I talk to my friends during the day. I'm lucky that we're all remote, but honestly even my in office family members can chat sometimes at work.

When I was in the office, I rarely connected with coworkers. I was often the youngest and/or just not in the same life stage. I could exchange pleasantries and that was about it. I have a grand total of 2 friends from work after over a decade of work across several companies. My social life is still vibrant outside of that.

I don't even understand where people think you can't connect to peolle WTH. I just had an hour long chat with a coworker about nothing at all. Sometimes people just need to chat about nonsense and VC people. Peoppe seem to be afraid of that, but I don't see why. We can work and talk. We did it in the office.

Until the pandemic, we would regularly eat lunch together somewhere. For years, this was a standard routine in my life. It was a perfect way to get a feeling what others were doing, what the problems were, how the general mood in the team was, what was going on in their lives. I invited everyone to my wedding during lunch. I told them I was becoming a father during lunch. 2 people told us they were leaving during lunch.

In the beginning of the pandemic, we even switched to cooking at the office kitchen. Now there are only 2 people left on the floor, and eating lunch has stopped completely. Most of my colleagues I only see 1 or 2 times a year (Christmas party and work stuff that requires physical attention).

I noticed that it is much harder now for people to integrate when they are new. There is no real forum left for beginners to ask dumb questions they would rather not see in some chat log.

There is no real forum left for beginners to ask dumb questions they would rather not see in some chat log.

this is a key point; employees who have been together a long time can easily switch over to maintaining that same level of connection while WFH (I've experienced that). But it's very hard for a "new guy" to integrate if s/he has never interacted, or only occasionally, with their coworkers in person.

There is nuance to this as well. The company size and culture make a dramatic impact. I recently joined a small company which is fully remote. Everyone has been helpful and supportive as I have been onboarding.

Most of what I read about people missing offices makes me think "gee, I'm glad I don't share an office with that person."

But I do miss lunches. Even the loud, obnoxious people are much more tolerable in that context.

This really highly depends on the people that you work with.

At a previous employment (a 100% WFH position) I had most of my colleagues in India, roughly 4 time zones away from my own so we almost never met in person, and we'd have personal chit chat sessions while working.

Then I've worked with people who weren't present even when you were sitting right next to them. They'd come into the office, say "morning", put on their noise cancelling head phones and be gone for the rest of the day (modern open space office life in a nut shell).

That's of course true, but then there's a large group of (I assume) introverts with whom it's kinda difficult to get close with, but once you do, you can have a great relationship with them. It's an order of magnitude harder problem to break ice remotely with such people.

Speaking as one of those introverts, it's actually much easier for me to get to know people over video calls than it is in person, at least if there's an actual task at hand.

In-person I tend to be a little more no-nonsense, whereas over video calls I'm sitting comfortably at home with a cat in my lap, already relaxed and much less uptight as an emotional starting point.

I mean, I love working without headphones in a room with 4 people in. I detest it in a room with 100.

As someone who has enough social interactions and friendships outside of work I am very happy with this attitude. My co-workers are not my friends and I'd like to keep it that way.

Indeed nowadays I have seen many articles publishing that it is even more prominent idea with Zoomers entering workforce and have a clear boundary between co-workers and personal outside-work friends. The companies actually do not like this because this means that those people have literally 0 loyalty to the company and only care for the money. Which is shocking, I know. \s

I've seen a company during WFH let a laid off employee (who asked) keep their access for an hour, to post a goodbye message.

It's not good practice for all situations -- you need some trust, despite the stressful situation, when people tend to show character and weaknesses -- but in this case, it worked out.

The departing employee posted a message of encouragement to the remaining people.

Kind words and contact info were exchanged, etc.

You can get nearly the same result with less trust: let the employee draft a goodbye message and have the boss (or so) forward that to the other employees.

Good idea. Though I think the fact that they trusted the departing person, and the departing person delivered -- if it plays out that way -- is much more positive message than effectively implying that the company didn't trust the person.

The company letting a manager relay a message, with any censoring, is certainly better than the person having no way to get their contact info to people, and they might also say something nice for morale.

You are right that the other way sends a stronger signal.

My suggestion was meant as something that's feasible even for a company that already got burned by vengeful leavers; and also something that an individual manager has an easier chance of pulling off, without having to change all of corporate policy.

A man moves from East Germany to Siberia, where he knows his letters will be censored. He establishes a code with his friends: anything written in blue ink is honest and true; anything written in red ink is false and only there to get the truth past the censors. A month goes by and the man’s friends receive a letter written in blue ink: “Everything is wonderful here. Stores are full of good food. Movie theaters show good films from the West. Apartments are large and luxurious. The only thing you cannot buy is red ink." [1]

[1] https://www.guernicamag.com/tomas-hachard-the-red-ink/

That's a very old joke, thought I think I usually heard it as a Yiddish joke.

Surprisingly enough, as toxic as Amazon is, after I got Amazoned and made my choice to “leave Amazon and get a nice severance” instead of “try to work through the PIP and still get fired and only get a third of the severance amount”, they let me stay for a week to finish up a customer project. I worked in Professional Services.

I told them that I really wanted to finish the work for a customer (large state organization) because I liked the customer. They let me stay for a week.

Of course that was bullshit, I took the time to have back channel communications with the customer to see if they would hire me as an independent consultant after I left and to start interviewing.

I’m sure they would have. But I gor a full time offer less than two weeks later.

Sorry about getting Amazoned. They don't have a reputation as a place inspiring loyalty. But, at least in non-Amazon contexts, I absolutely know people who would say they wanted to finish up some work, and they'd mean exactly that.

Nah it was fine. I had a job offer two weeks after I left doing the same thing.

I knew after the first year that I didn’t plan on stay at Amazon for more than four years and I planned accordingly.

I was nine months and two vesting periods short. But the severance more than made up for one.

The longer version of the story.

https://news.ycombinator.com/item?id=38474212

IMO their slack avatar/posts go gray within minutes of them being sacked.

At Amazon, when someone was laid off their Slack still worked for the 60 day WARN period. It was actually a problem because you would Slack them and get mad that they didn't reply. The only way to know for sure was to ask their manager, but you didn't want to do that because if they weren't laid off you didn't want to throw them under the bus!

their Slack still worked for the 60 day WARN period

So weird companies can’t just pay that out as severance

That's effectively how it ends up, except with a slight advantage to the company. They cut you off and tell you that you don't have to work anymore, but in the off chance you get a job within 60 days, they don't have to keep paying you. They can also preserve their cashflow by not paying you up front.

But since you technically have to be "on the books", if something like Slack is tied to your status in the company directory, it's easier to just leave it.

Just an FYI - you can still get paid the WARN severance even if you take another job, just don't "quit" during warn. Your employment contract may or may not say you can't do side work, but (1) what, will they fire you? (2) it probably just says that you can't do work that interferes with your current employment, which is not a problem.

The WARN period exists to give you the money, but also keep you on for insurance and 401k vesting purposes (and similar). Getting cut off immediately, and suddenly losing insurance would be much much more disruptive, even with COBRA.

Yeah, whenever I want to find out if someone still works at the company, I just search them on Slack. If it has "(deactivated)" after their name, they're no longer employed here.

There must be a Slack API that could be used for this, and written to git periodically as the other post said.

My org had a big cut last year but nobody would tell us how many people were laid off for some reason.

I happened to remember the total number of people who were in our org’s giant slack channel before the layoffs and thus was able to do some hardcore detective work subtracting the new number of people in the channel from the previous amount to get the answer…

This may be the only time I ever say this, but thank god for LinkedIn. At least you know you can always catch up with someone who has left

Assuming they have LinkedIn and you bothered to connect while they still worked with you. :)

Between jobs is the only time you touch LinkedIn, lest HR sees some activity on your profile and buckets you into a "actively job-searching" risk group.

lest HR sees some activity on your profile and buckets you into a "actively job-searching" risk group

well.... yes? HR considering you "at risk" is a pretty good thing :)

Conversely: being in that “risk group” can, in many situations, be extremely useful when it comes to negotiating raises.

May depend on your job market, but it’s a pretty normal tactic for a lot of people I know.

First part is a personally solvable, and as for the second part: you can still add them if you know their name.

idk I added a lot of people after I quit my last place

We tried at first, but we were so overwhelmed by the rate of deaths from the earliest moments of the pandemic that the org couldn't keep reporting them. It was a demoralizing effort for HR to try to put something, even a few words together for everyone, and it's left a lasting pallor where vibrant personal touches once were. People continue to vanish, and there's still no notice that, or how, they've moved on.

Our General Counsel and I met for the last time during the early months of the pandemic. Like most people during the shutdown, he hadn't seen anyone outside his immediate family or had a chance to tell a good story in a few months, which would have eventually killed him, anyway, and I got an earful as he unloaded all the work he was wrapping up. After, as lawyers excel at, he wrote a great letter to our CIO about it that led to probably my favorite exchange between us.

Six months later, someone called me to say they were headed to Legal because someone had died, and I was struck by an immediate sense of dread. I searched our website for any word, then our directory, and then for local obits and found nothing. Even the grapevine was silent, so I called his admin who pretty casually told me our GC had died six weeks prior.

Almost a year to the day later, the mechanisms caught up, and the org put out a "Remembering $generalCounselor". By then, we'd missed his funeral, his family had relocated, and many felt awkward trying to send condolences so late. Watching other's surprise, shame, and sadness wasn't reassuring, even if it told me I wasn't the only one.

We're not small, but we're personal, and each death has left a little void that we collectively haven't acknowledged or addressed. We still don't have a way to handle the losses and haven't talked about it. Having old saved contacts pop up after their extensions are reassigned is inevitably like a call from the grave. I try to keep in touch to keep track, but little by little, the connections are fading, and the memory and history of us with them.

rate of deaths from the earliest moments of the pandemic that the org couldn't keep reporting them

Truly sorry for your collective loss, but where/what industry did you work in where this was a significant number?

Public sector in one of the earliest hotbeds, with a large vulnerable population across several demographics.

Think, a city, and it swept through us like it did the hospitals and nursing homes.

Healthcare would be one place where a very large number of workers died.

you saw them walking out the door with a box of their stuff

That's cool, I've never seen anyone that worked in a 90's movie before!

Seriously, though, is that a thing? Was it ever?

...yes? That's why it's in movies

I mean, I have a bunch of personal stuff in the office. On my last day in the office I’ll bring it all home because I need it until that time.

I can imagine myself bringing it all in a handy box if I were suddenly fired (which is impossible in my country of residence, but it’s about the idea)

In the company I knew, it’s usual for people to send an email telling others “hey, it’s my last day, thanks for all the memories. Here is my contact info if you want to.”

Others colleagues would also usually organise a virtual envelope with money inside to wish you farewell.

We had biweekly team videocalls, so I just announced my last week in my last call.

I find it hard to imagine you have no such contact at all, or that you would say nothing in those meets. You are planning work every now and then, aren't you?

You are planning work every now and then, aren't you?

In the past, I've tried to give key people on longer-term projects I'm working on a heads-up. But I trusted them and it was longer-term. At the end of the day, I'm not going to let the word out before I'm ready if I'm worried it has the potential to bite me financially, e.g. because of vesting.

During layoffs session last year, the company I work for immediately removed people from the corporate directory, and then went to the guy who had made the unofficial facebook and made him hide them in his tool too. They still technically worked there during the WARN period, so they didn't have epitaphs either. That went over about at well as you'd expect.

This time around, the laid off people show up as on vacation. If you see a team of people all on PTO until the end of May, you can presume that team is donezo.

I worked at AWS in the Professional Services department and people got cutoff in the middle of customer conference calls during the first round of layoffs and then found out about their layoffs.

The infuriating part is when they spin this as some sort of employee privacy move, as if the employee (now ex-employee? But not really, because of WARN) has no input in that decision.

I regret to have had a recent opportunity to notice that MS Teams shows an empty status icon for deleted/disabled accounts. Their documentation describes it as "status unknown": https://learn.microsoft.com/en-us/microsoftteams/presence-ad...

The user was disappeared

My family's chat server still shows "Offline" for the account of a deceased relative. Like yeah... they're pretty well offline.

I got fired from the office on a Friday evening when more than half the company already logged off.

What is the wonderful closure you get?

Anyway, welcome to the corporate world. It pretends to be personal, but it's business.

I'm sorry you had a bad experience, but most people get laid off Friday morning (it's the most common time).

Anyway, welcome to the corporate world.

I've been in the corporate world for 27 years, and been through many layoffs (usually as a survivor, sometimes as a victim). The ones during WFH have all been worse.

I don't understand the secrecy about firing somehow. If I were an employer, I'd want my remaining employees to know that what the fired person did was unacceptable.

Companies very rarely do not want to open themselves to liability so they usually go for the blandest possible description, even laying off and paying unemployment for someone who should be fired for cause.

Office layoffs are weird too. A friend worked for Oculus. One day they went to lunch and the manager muttered something quietly about the whole team being laid off then ran off. A team of like 10-15 people had to stand outside and wait for security to bring out their stuff. Sounds pretty awkward.

Another large company I worked for sent out random meeting with the CIO, if you got the meeting you were laid off. At least the CIO did it himself.

Was it ever really real anyway if you're just little faces or icons on a video call while you worked together.

There are no more people in that process, just “resources” that you “let go”. Welcome to 2024.

After going through my first layoff (not affected personally, I just saw people who were), I just started posting my personal contact information preemptively. I've seen others start to do the same. It's kind of depressing but I think it really helps to be able to reach out after the termination is done.

Yeah I actually asked for a few weeks ago when we experienced 10% cuts and I was told they won't share one because of privacy reasons...

But we were seeing the list of deactivated slack accounts crop up slowly anyway.

Also the language everyone uses to tip toe around saying people got laid off. Some employees 'were affected' or were 'part of the RIF' or whatever other acronym is currently popular.

There’s also Blind, but only if you’re on it before the layoff: you need access to your company email account to create an account.

linkedin ?

This is just a natural consequence of WFH. Communications are work tasks are so isolated and transactional, there's no reason termination would be any different.

The attributes that would let one reliably eyeball a person who got fired doing their walk of shame also made for a soul-sucking workplace.

That "back in the day" algorithm required an office that emphasized butt-in-seat, lacked flexible working hours, and lacked both personal offices and multiple exit points.

When someone new comes on board, I make it a point to send a LinkedIn connection. While I'm no fan of LinkedIn per se, it's neutral enough that nearly all of those connections are accepted. If necessary, it then becomes a non-company channel for having safe (ish) discussions about the company.

I work at a large corporation. Most of the people have transitioned to WFH now.

At least five times I can say I had no idea someone had been laid off or sacked until weeks later. I just assumed they were on PTO or something, and then in the middle of a meeting, I'd say something like, "Yeah, where's James been, I haven't seen him online for a few weeks now." Then the manager would chime in and say they got laid off or let go several weeks ago and they were waiting to announce it to everybody.

Twice my director had a meeting with the team and forgot to include myself and two other devs to announce someone had been let go - which is scary AF when we're all on Teams wondering why they just randomly left us off the meeting, which then made us all paranoid AF for a few weeks.

The whole process with laying people off or people getting sacked has just been handled in such a ham handed way, it doesn't inspire confidence at all, and people are constantly looking over their shoulder when a team loses people and have to pick up the slack immediately.

The email sentiment is both true and somewhat strange.

Simply shut down, just like a service or API that got deprecated. It is a weird experience, if you happen to know these leaving people only by email.

In a large enough company, the experience will be exactly the same even if you do go to the office. It might take weeks or months before you have a reason to reach out and finally realize that you haven't seen someone around for quite a while. And "large enough" is surprisingly small.

For close colleagues leaving, WFH makes absolutely no difference though. Those you keep track of regardless.

On the first project where I was team lead one of my team members was laid off and nobody told me. I worked with her on Thursday, took a PTO on Friday, and on Monday around noon noticed she hadn't been in at all. I asked the guy who sat in the space next to her, and he told me she had been laid off on Friday. I had no idea there had been any layoffs as there wasn't an email sent out like in earlier rounds. Turned out she was the only person laid off. Really weird way of handling things.

At least it’s made LinkedIn useful for something

I had an old boss with a Powershell script that auto-ran each morning and did a diff with the employee list in Outlook or something (can't remember what)to see who got terminated or left. I think it was the only sure fire way to know.

Not a WFH thing. This is a USA thing!!

Edit: OP said "Layoffs in the WFH era are weird" Yes they are, but people here don't suddenly go offline quite as weird is what I was trying to get at.

Here in Sweden if you are FTE there is usually a 1-3 month layoff period (upppsägningstid) where you work and get paid still. At the end of the period you leave.

People usually email the team and even the entire company with "hey im leaving here is my info"

Now people CAN get fired day of, but that has to be VERY grounded.

Again, Not a WFH thing. This is a USA thing!! I notice this time and time again where people complain about IT or WFH, but it's just that you're in the USA, land of the exploited.

But if the company is worried about access can't it just pay the employee the 1-3 months without allowing them to work, even in Sweden?

I work with identities. I've worked in Spain, France and uk.

99% of lay off are agreed and there is no need for account termination, my current company let's you have your account open 30 days after your last day, so you can move data out to your next company.

Sorry, move data out ?

Can you expand on exactly what this means, as I imagine most companies would not want their data moved out to another company.

Presumably things like "your credentials to the account that we deposit RSUs into" or "your picture of the beer they served in the cafeteria one time that you liked".

Pictures of beer aren't usually moved into your next employment place though, as GP implies, but rather to your own devices.

Yup, same in Denmark. It’s called “fritstilling” - basically they pay you severance equally to the amount of months you should have gotten advanced notice (3-many months).

But there has to be a very good reason. Such as theft, or actual security worries.

I believe this is called "garden leave" in the Commonwealth countries.

“Gardening leave” is the polite fiction - much to do in your personal garden, so you are being given exceptional paid time off to deal with it.

I have genuinely spent a lot of time once sorting out the vegetable beds during a period of gardening leave. It was VERY therapeutic!

Gardening leave is usually a term for a paid non-compete. I.e. you're not allowed to work in the same industry for 6 months, and you're paid salary for those months.

I am unsure actually as I am not an employer. I am sure it is possible but probably for sensitive jobs like military or something.

Some links if you want to google translate https://www.unionen.se/rad-och-stod/uppsagningstider-om-din-...

There is "duty of loyalty" where you can get sued for leaks etc https://www.unionen.se/rad-och-stod/om-lojalitetsplikt-och-l...

Of course we fire people in Sweden pay them and revoke their access, this is very uncommon I have only seen it once myself. Would like to note that, simply speaking, the rules change the more responsibility you have.

Yes, it's normal in IT in Europe to fire someone, revoke their access and still pay them for 1-3 months. On the other hand many IT professionals work b2b so some of the normal employment policies do not apply. On b2b contract the other side usually is obliged to pay for 1 month.

Yes, at least in Finland the penalty for not adhering to the notice periods is full pay during that time. But I never heard of it happening.

Yes, but in cases where a disgruntled employee can do real damage, companies can and do simply ask employees to go on gardening leave with immediate effect, while paying them the rest of their notice period.

Sweden doesn't need employees to do damage, they outsourced that to eastern Europe.

https://www.theguardian.com/technology/2017/aug/01/sweden-sc...

Not really in the nordics (europe?)

On the other hand, when we talk about low it salaries it is never a USA thing, but an Europe thing.

Not Switzerland, still Europe, still can't fire on the spot during layoffs like in the US. I know it's an exception though.

When Europeans quit their jobs, they're often required to stay on for 1-3 months, as well, and many if not most employers actually hold employees to that when they get new jobs. In the US you can leave same day, and it's considered rude but meh; 2 weeks is almost always fine unless you're super senior.

We also make 2-3x what you do for exactly the same work, sometimes up to 5-10x in tech.

There are tradeoffs, but in my experience European workers are more likely to wish that they could come to the US to work than vice versa. When contracting in Europe I've had clauses written into my contracts on multiple occasions that forbid me from disclosing my rate even to the people managing my work, because I was making more in one month than they (as senior project leads) did in a year...

The employee in Europe usually has a shorter notice period (if they wish to leave) than the employer.

Americans make more in highly skilled jobs, and less in low or unskilled jobs.

Beyond that I can't generalise, Europe is 44 countries. The Americans I meet were obviously keen to move here.

Here in Sweden if you are FTE there is usually a 1-3 month layoff period (upppsägningstid) where you work and get paid still. At the end of the period you leave.

That might be very local. There is a long layoff period in Austria too but I don't think any company will let you back into the office. You just get paid without access at home.

Here in Sweden if you are FTE there is usually a 1-3 month layoff period (upppsägningstid) where you work and get paid still. At the end of the period you leave.

This is only part of the story. They can just pay you the 1-3 months and mark your firing as "effective immediately". Absolutely legal in Sweden, EU and US, and indeed even better for the person fired - 3 months of pay for no work.

This is not a particularly helpful comment. I work at a California-based company, though we have employees all over the world. In our layoffs, typically employees stick around for weeks, months, even 6 months sometimes.

How are we supposed to know? Sometimes people put cryptic slack status icons or messages. Sometimes they slack the team or close contacts or something. But in a company with thousands of people, unless an employee sends a email to the entire company, how are you supposed to know? The layoffs happened months ago, why would it occur to me that the person I am working with today will be gone tomorrow, unless they start every conversation with "hey, so I got laid off..."

Nobody really wants to relive that trauma over and over again. It's frankly MORE confusing the longer coworkers stick around after the 'event'.

When I quit my work at Goldman Sachs (a very American company), they made me work the whole three months of my notice period.

(Just as one example. The American economy is a big and diverse place. Though in the interest of full disclosure, I was working for Goldman in Singapore, but they were just following global corporate policy; and our labour laws in Singapore defer more to contracts than the US one. Eg no WARN act here.)

(We detached this subthread from https://news.ycombinator.com/item?id=39311754)

If you're going to run something like this, I thoroughly recommend using Git for it.

You can have your cron do something like this:

    curl https://internal.corp/employees.txt > employees.txt
    git add employees.txt
    git commit -m "Automated: $(date -u)" || exit 0

The || exit 0 should ensure no errors even if there is nothing to commit

Now you have a commit history of every change made to that source of information - just run "git log" to view it.

I run this kind of thing on scheduled GitHub Actions all the time, see https://simonwillison.net/2020/Oct/9/git-scraping/

I've been seriously considering using Git for all sorts of oft-changing-but-rarely-majorly data. Lists of books in my bookshelves.

The other problem is that I sorta want transactional-database features on top of these things. Git does this well. I also want fast indexing on parts. Git does not do this well. I am considering writing a "standard" for the dumping of sqlite to git, so that I can just delegate this out; Any transaction can be expressed as a git commit, and I can run both at once for both the durability and the reasonable indexing; The sqlite database can be re-created and reindexed whenever, and it also sorta works for backups...

Definitely just spinning my wheels, though. We'll see where databases take us next.

Maybe this https://github.com/dolthub/dolt

Dolt is really close and yet just doesn't feel right; I don't want to "commit" between transactions, I want every transaction to be a commit.

You can do this with a setting:

https://docs.dolthub.com/sql-reference/version-control/dolt-...

That's awesome. I will have to try that out.

Would fossil fit this bill?

Somewhat git-compatible, based on sqlite3.

What does "somewhat git-compatible" mean? Can it sometimes use existing git repos, or is the mental model close enough to pick up without learning much?

is the mental model close enough to pick up without learning much?

I would say git core concepts are pretty similar to fossil concepts, but actual plumbing implementation details are pretty distinct.

The major difference that I remember from a day-to-day "git porcelain" perspective is that rebases and other types of history rewriting are very discouraged.

For a Rosetta stone of somewhat comparable commands: https://fossil-scm.org/home/doc/trunk/www/gitusers.md

Can it sometimes use existing git repos

You can, but it's kinda a lot of really slow busywork. And you lose some of the not-file-dvcs features of Fossil, but it is possible.

This page explains how: https://www.fossil-scm.org/home/doc/trunk/www/mirrortogithub...

Specifically the fossil repo is a sqlite database.

I have a cron script stashing whatever is currently in an obsidian vault into a fossil repo. There's a fossil addremove command that makes that very easy. Thus distributed backups of said vault.

oft-changing-but-rarely-majorly data

I think you're referring to SCDs, and there are plenty of well-defined ways to track these within relational databases:

https://en.wikipedia.org/wiki/Slowly_changing_dimension

Why git?

In your git & sqlite setup, I'm not sure which way round you are thinking - which is the SSOT (Single Source Of Truth) and which is the handy cache.

I've been working on a tool that treats the git repo as the SSOT then lets you dump out all kinds of formats for data work including a sqlite DB. I haven't had as much time as I would like on it but it's at https://pypi.org/project/DataTig/

I do something similar but instead of `|| exit 0` I use `--allow-empty` on the `git commit`. I don't mind the empty commits this creates, as they let me know that there was a successful automated run that happened to be empty, rather than having failed to run for whatever reason.

Thanks for this, much more "intent revealing" than my (up to today) standard practice of `... || true` to keep my `set -e` from killing my script for this "error-but-not-really"

That's clever, thank you! I will definitely use this.

A colleague of mine would do a sort of temporal-network analysis of this data to see which people either enjoyed working with (or for) each other or which did not, based on how people would switch groups over time.

I used your exact technique to start generating a diffable archive for the Finnish easy language news broadcast. It's been a huge help in gathering high quality comprehensible input for me, thanks!

https://github.com/hiAndrewQuinn/selkouutiset-scrape/

Maybe add a ‘| sort’ in there for determinism. But yeah, git is an underrated database for this type of small scale data.

Love this bit:

"Incidentally, if someone gets mad about you running this sort of thing, you probably don't want to work there anyway. On the other hand, if you're able to build such tools without IT or similar getting "threatened" by it, then you might be somewhere that actually enjoys creating interesting and useful stuff. Treasure such places. They don't tend to last."

I wonder if this counts as personal data. It's a copy of everyone's name, job title and employment dates.

I can certainly see many European businesses would be wary of an employee keeping this list.

Are you referring to GDPR? Does it apply to employees too, or only customers?

GDPR applies to everyone in the EU/EEA/UK.

They don't need to be a citizen, they don't need to have any sort of contractual arrangement with the data processor. If they're alive and identifiable, the GDPR applies.

So interesting that you say alive. There's always a some obscure bit of GDPR I've never heard of. Does a dead person not have PII?

They can't be harmed by mishandling of PII.

Recital 27 of the GDPR states:

This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons.

It's not part of the operative text of the regulation, but it provides for a clarification on what a "natural person" is, and the principal prohibition in the regulation is the processing of data about an identified or identifiable natural person.

I would also assume, but I'm not 100% sure, that there's some case law from the CJEU around whether or not the definition of "natural person" includes dead people, which is why it's not in the main body of the text.

GDPR definitely applies to employees as well. It applies to all handling of personal data.

One of the most important rules in GDPR is the requirement for companies to have an up to date list of all places where personal data is being stored, the reason it's stored there and what it's used for and the retention policy.

So an employee creating their own lists of previous employees could potentially get the company in trouble if it was discovered during some external audit if it wasn't listed.

Depending on the business, employee data can be more of a concern than customers.

A business probably handles sensitive private data on employees (e.g. medical conditions, family records). Employees know this, and could report an ex-employer out of spite, especially if they're aware of poor data security.

uids are definitely not pii

If I read it correctly, they just dumped and diffed their uid, not all of that information.

In central Europe, we have the complete company organigram in namely, so it can't be that bad.

This is definitely processing personal data.

What Rachel is describing is absolutely illegal under the GDPR.

I don't love it at all.

It's over-the-top posturing for posturing's sake.

A way to confirm this is to look for HN comments who posture the same. After the Overton window widening, they forget to hold back, and will openly say what we know: it's an abuse of the system that turns an outmoded address book into a gossip rag, to the surprise of the actual people involved.

Citations:

"First I just cared about which accounts got deactivated. Then I started tracking title changes, last name changes (people getting married), department sizes, company head count over time etc."

"LDAP's full of secrets. And to think that you can get nearly all of it with anonymous access. Team or department mergers before they were announced? Yep, I've caught those. Secret mailing lists for internal projects? Check who's a member and you can ferret out what's going on. Bonus if the list mail address gives some of it away."

"Lots of weird things depend on the LDAP tree being broadly accessible. It's just that it leaks more information than most people think."

"Monitor when and what HR is doing. Detect when users are logging in and out of LDAP."

Amazon fired a guy that shared an LDAP query to find folks affected by a round of layoffs....after the layoff happened. So it's not like he was leaking information.

Incidentally, if someone gets mad about you running this sort of thing, you probably don't want to work there anyway.

If you do want to work there, though, maybe check the legal situation first...

I am almost certain, this counts as unauthorized processing of personal information. Just because you have access doesn't mean it's fair game to do whatever you like with it. Especially archiving, keeping a history or linking (external) data is not the intended use for such an interface. If you take the information home with you, e.g. on your work laptop, that may be a whole nother can of worms. May even count as business secrets you're exfiltrating.

At least in Europe, abusing such an interface likely would be illegal, certainly if you keep a copy/diff. Your employer may have to act against you, or become liable. Or they may use this misconduct later to conveniently terminate your contract (lol, especially, if you use your insights as leverage).

I presume the larger the network, the more likely this will get you in trouble. Conversely, collecting the data has little use otherwise.

How about you organize with your colleagues to voluntarily share employment information to gain collective leverage?

I made epitaphs! AMA

Is it still going?

Were you ever made change it by HR?

I left 5 years ago. Loved that thing!

It was there when I left several months ago, so I assume so. Or maybe I shouldn't, they started shuttering a lot of these kinds of things after layoffs.

It's still there, just used it to see if I had guessed right on Rachel's workings (I hadn't). Thanks for making a very useful tool!

Just in case you meant otherwise Epitaphs is not my tool, but I agree it is very useful :)

It was still going at the time I left (~2y). Most of the work of keeping it alive had been done by others for the last decade, so I hope someone else is still carrying the torch.

We had the occasional HR interaction but to my recollection never anything nasty.

I'm still (poorly) maintaining it!

The blog post mentions "Someone else who knew you had to add it", but this is not exact (or no longer exact). An employee can send an email to a special address with the content, and it will show up when they leave the company.

That's what I did. That said, I can't double-check to see if it worked. :)

Thanks for the tool, Evan!

Laurent FYI it didn't work (FYI we interacted over the cider font size thing). I couldn't find you anywhere even though I know your ldap.

You are both right. Originally you could not email, and like the OP I kind of liked the ceremony of entrusting someone with a message to send from beyond the grave. But someone contributed the code to make the email work, likely after the OP's time.

In what company, if I may ask?

It seems like Google from all the people who responded in this thread :)

Why did you make epithaps? Any interesting organizational or technical challenges you encountered on the way?

Initially it was a combination of just for the fun of it (it's a small script, as OP described). Secondarily there was the feeling of "everyone is going to go work at [major competitor]" and I was curious whether I could collect the data to show it. (I never ended up looking into this, but maybe HR did.)

As a dumb script it was not designed to be especially flexible. One thing I remember needing to fix was that by its nature it was archiving old data and preserving it, which meant that it was accidentally deadnaming trans people. My recollection is this was a small code fix, but an interesting lesson in social consequences of oblivious software.

Thanks for making epitaphs <3

I don't know what to ask you in a public forum, but it's nice to see your name pop up!

There's a very common problem with systems that use SSO, where the 3rd parties that accept SSO logins cache the login information, sometimes indefinitely. A user can leave the company but their login placeholder account stays in the 3rd party, and active login sessions are maintained basically indefinitely. So you can leave the company and lose your AD account, but still access the 3rd party. As Rachel says it's kind of a hard problem to solve (but not that hard).

In most cases wouldn't that session info be tied to physical hardware to which the employee no longer has access? Sure, tick all of your boxes, but I would think that losing the company laptop/phone/VPN would be a pretty significant barrier to maintaining access to other systems.

Not with BYOD

I refuse to BYOD, so I am not familiar with the nuances, but wouldn't the corporate controlling entity wipe/reset/deauthenticate the corporate partition of the device?

Not worth 3rd party vendors with basic SSO. They have no idea when the user leaves the company because there's nothing updating the vendor's sessions.

The answer to this is SCIM, which allows an app to sync the user state with the identity/directory system.

IT admins call this "User Lifecycle Management" and it's typically a required feature for enterprise-scale customers.

(I work at WorkOS and we help developers with this: https://workos.com/directory-sync)

Now to figure out how the frig to implement this at $work.

Since we're a puppet shop, the user account definitions are largely (albeit not exclusively) kept in hiera (i.e. yaml), tracked in Git.

We haven't used this for the purpose of writing epitaphs, but we could. In fact, since such changes need to go through code review, someone could theoretically author their own removal and add an epitaph of their choice in the commit message; after they leave, the change can be approved and merged in their absence.

Heh. Now I want to sneak in a CI automation or a pre commit hook or something - to post _my_ version of my obituary when I've left.

'Reflections on trusting trust' :)

Ahhh thanks!

Of _course_ the right place to do this is hidden in the compiler.

;-)

I wonder how long it would take them to figure it out. Bonus point if it is a two stage, where the compiler contains the real logic but some innocent tool looks like it is the culprit. And of course per the original you modify the compiler in such a way that an attempt to recompile it will reinstall the gimmick. And maybe redirect the distribution downloader to the point that it uses a locally cached devtools copy that ... you get the idea...

uid (unix account name)

Is this a joke or for real?

Why wouldn't it be for real?

Given the context of the post, the uid info is likely populated from a central source. I log into one box anywhere in their infrastructure and see who has what uids, it is evidence about who is permitted to that part of the infrastructure at that time.

Sorry, for some reason, I thought the author meant UID stands for "unix account name".

It's totally my fault for misunderstanding.

Rachel doesn't joke much in her posts.

Most likely real. In LDAP, the "uid" attribute is commonly used to store the Unix account name. The numeric Unix uid/gid are stored in the "uidNumber"/"gidNumber" attributes.

LDAP's full of secrets. It's a great way to keep tabs on what's going on in a company. And to think that you can get nearly all of it with anonymous access.

Team or department mergers before they were announced? Yep, I've caught those. Secret mailing lists for internal projects? Check who's a member and you can ferret out what's going on. Bonus if the list mail address gives some of it away.

`ldapsearch' is good if you know your way around LDAP. Apache LDAP Studio is a great UI tool if you just want to explore.

Everyone should know enough about LDAP to build a login service that binds against it for internal apps. You can exploit the groups the sys admins maintain to control permissions in your app. It's very powerful and an easy way to get up an running in no time.

I'm still flabbergasted when a company lets me index their entire AD tree as a random (or, holy crap, anonymous) user. Very nice of them, but still.

It's also often the only way to get information that doesn't exist in an Intranet page, like, literally what teams are there in IT, where are their offices, who's somebody's manager, and of course, what distribution lists am I not on that some other user is on that's causing one of us to have issues accessing some internal company portal.

It has to be public (or at least not too locked down) or things like Address Book in outlook would stop working. Lots of weird things depend on the LDAP tree being broadly accessible. It's just that it leaks more information than most people think.

Still, it's a tool made for another era. It would be sufficient to let it return one search result at a time, or complete specified group aliases, in order to work for groupware clients. Applications mostly needs to authenticate a specific user.

The ability to walk the tree is something else. Just like we don't allow zone transfers for dns anymore, there should have been similar best practice changes to ldap if people just gave it some love.

Everyone should know enough about LDAP to build a login service that binds against it for internal apps. You can exploit the groups the sys admins maintain to control permissions in your app. It's very powerful and an easy way to get up an running in no time.

Sure, if you want to be the next SolarWinds.

Is it common in the USA that employees just disappear without getting the chance to say goodbye to their colleagues? At most places I worked, people tended to send a goodbye email to everyone@company and got a chance to say personal goodbyes, even when there was a negative reason for them to leave.

Yes it is common when the employee is being terminated. It may depend on the industry, but it's always been like that at the 10+ companies I worked at.

Honestly, I much prefer it to the long notice (sometimes 3 months!) you get in say some European countries. Just rip the band aid and move on. Most likely you'll have a way to connect with former coworkers easily on LI and such.

A week or so seems fine to me. Gives you a chance to wrap things up and transfer stuff.

Or roam the hallway, do nothing but bitch and all.

If I'm terminated I'm not gonna care about wrapping things up, I'm out of there.

It isn't the usual way for an employee to depart a company. It is common in layoff situations, though.

Note: don't ever depart with public criticism, you have little to gain and potentially a lot to lose with the burned bridges.

Do you guys feel sad when your colleague leaves the company?

You'd have to define "sad" but naturally there's a sense of emptiness immediately after a friend disappears from your life. Someone you've learned to know and share jokes and interests with. Not every colleague is a friend though.

I feel sad if this means I have more work and responsibilities for same amount of pay. Otherwise - no.

Depends, but not really.

It's like saying sorry for someone getting divorced.... in all likely hood you should be happy for them and congratulating them on ending a toxic relationship.

A former company I was at was really weirdly tight-lipped about people leaving.

I'm sure totally unrelatedly, we got dinged a bunch on our SOC2 reports improper "off-boarding" and not removing access from terminated folks since no one knew to remove them.

Once we added quarterly SOC2 controls to make sure only employees had accounts it was always a shock to see who had to be removed.

I know the intent was to improve morale, but it had the opposite effect.

That definitely sounds bad. I wonder what sort of justification they had to not tell people who left?

Not having closure is one of the most common grievances people have about relationships, friends, lovers, siblings, or colleagues that disappear.

It seems purposely malicious.

Agreed the lack of closure was frustrating.

Stemming the tide maybe? Don't want people to leave when they see a respected or well tenured person leave / get laid off?

All happened after an acquisition, so I'm not sure if this was business as usual for the other company or in response to increased attrition.

We ended up with an alumni slack like others here have mentioned.

I've had companies use privacy concerns as an excuse, which was hilarious. They couldn't tell us who left because they wanted to respect the laid-off people's privacy so the entire company spent the day compiling a list of all the deactivated Slack accounts. Great job!

So negative! Where I work this tool is called “new-hires”. It uses a restricted read-only API key to our third-party people tool. It was given to me by our People Director. Sometimes there are lines beginning with - but the tool is named for the lines beginning with +.

new-hires is built on top of the “people” python module / cli in our monorepo. That tool is so much more useful than just a way of diffing the org chart. Who is in what team, where are they, are they working today, is it time to celebrate their anniversary, etc. It also follows what I coin the “ZFS litmus test” for good CLI tools by providing -pH for parseable, headerless output.

Treasure such places indeed.

Where is this? Sounds like a great place!

Speechmatics.com in London and Cambridge, UK. We build audio and language models that perform the most accurate speech recognition available.

https://www.speechmatics.com/company/careers/roles

Your site looks great. Clean description of the draw of your product!

I'm not sure I get this.

If it's in my team/department, I'll know about it one way or another. If not ... Why would I care? People come and go, and if we're friends outside of work, we'll have other channels.

Besides that, most companies I worked at don't even maintain the LDAP/whatever properly. I've seen contacts from people that left/were fired stay around for years.

If not ... Why would I care?

What if they're someone you're working with on and off. Or if you're waiting on some tasks from them?

On an individual level: maybe you don't work closely but know the name, might be interested to know ahead of suddenly realising you haven't seen/heard from them for weeks/months; or maybe you used to but they moved to a different group, you're not in touch but vaguely interested if they've left.

On a more macro level: you might be interested in an apparent layoff/significant restructuring.

Someone used to (/maybe does) run this as an email service ('orgdiff') at Arm. I wouldn't have gone out of my way to do it myself, but it was something to skim with a Monday morning coffee.

Hacking is fun but how is this useful?

A modicum of increased transparency/visibility.

Being able to bind and query useful/interesting information on LDAP is always useful.

Don’t think my employer would take too kindly to attempts to download bulk employee lists

Can they monitor for such a thing? Does say, Azure AD show whenever someone downloads data? Does Outlook make a similar call to figure out the name dropdowns?

Perhaps for small orgs. We’ve got thousands upon thousands of people so little chance of grabbing the entire AD or leveraging some outlook dropdown.

Is be surprised if any competently run large org allows that anyway. Just takes one rogue dude trying to make a quick buck by selling the info to spammers and you’re dealing with that for the next decade

Scanning, dumping, and diffing of active directory also helps seeing when people got promoted. ("Software Engineer" -> "Software Engineer II" -> "Senior Software Engineer" etc). Useful for figuring out stats on "promotion velocity" in one org vs other.

Wouldn't work at "a certain company" if such company now made all their levels secret by default of course.

There is no need to show levels if the company has solved equity already, right?

Learned a new term today, promition velocity.

There's data and there's also the behavioral / psychological stuff which is the bigger tell in my experience. Things like delivering half assed work despite having a good track record, and not caring about problems that need to be solved in the mid term.

Hmm, how is this related to the article exactly? Bigger tell... of what?

Back when I was at DigitalOcean they were laying off/firing people from the company but not announcing any departures. You'd just go to message someone and their Slack account was deactivated. This was over the course of several weeks. I built a Slack bot to post when accounts got deactivated and learned of some new departures well before those impacted actually did.

https://github.com/eddiezane/no-ghosties

It seems DO uses the same methodology for their customer support.

Adam Savage's recent video said large companies don't like to lay off big blocks of employees so they just do it in small batches over the year. They fire the last person who made any mistake.

https://youtu.be/CzjftlUQs4g?t=403

That doesn't fit my experience. Google's stock price increased after a large block of layoffs. And they were making every effort to put as many as possible in a single block. For example, my department was "impacted by the layoffs" but given 9 months to keep working and possibly transfer out. If they didn't want to announce a large number at once they easily could have waited.

At one role our GitHub access was mediated by a CI job that would export users and groups from Google Workspaces and apply them to GitHub. The script would helpfully print a list of actions taken, and we had a general policy of CI logs being world-readable - and this job was no exception.

It was a useful way to keep tabs on any skulduggery that was going on.

Unrelated, but Confluence has very powerful support for email alerts on changes. These include notifications of deletions, and the email includes the diff of the deleted content. One thing I do at any org that uses confluence heavily is set up notification rules on some interesting spaces and check in from time to time.

Unix hacker approach to corporate drama, I like it.

Just be aware that your company will be logging this behavior and it will seem suspicious. They can make a good case for termination with this evidence.

Speaking from the other side (the side that does the termination), as long as your IT team is actually good a simple ldap diff isn't going to be enough.

Why? Because a good termination process is sensitive to there needing to be a communication about a termination that can happen well after the actual process of eliminating their access and telling them it's their last day.

So a better termination process is something like:

1. Employee goes to a physical space (preferred) where they don't have their work equipment or talk to their manager and/or HR using something that isn't work controlled (phone call, etc.).

2. A manual or scripted process executes that forces sign outs of all work things (computer, slack, google, whatever). Credentials get reset and not disabled. Perhaps someone can try to look for password reset metadata or other things that might indicate a departure, but it's a lot harder than looking for disabled uids.

3. After the person leaves or has finished their conversation remotely, the team that works with this person gets a broader communication from someone to tell them about the departure. If the company is small enough, maybe there's a broader communication to more people.

4. The rest of the termination process gets fired off that does disable accounts, etc.

Why don't all IT departments do this? Well for a lot of reasons:

1. They don't care, don't have incentives, or haven't been told by HR, etc. to care about handling the termination process in a more sensitive way.

2. For any sufficiently complex company, the number of edges cases of systems where you can't force a logout or handle a password reset increase over time. It takes a lot of testing to make sure a process works because vendors have bugs all the time or unintended behavior.

3. The risk of poorly communicated terminations increase as the number of people that either perform or can troubleshoot the automated process to terminate increase. As others commented, you don't want some ticketing system that is readable by a wide amount of people to see termination requests, so now how do you communicate a termination without too many people knowing about it?

Strangely enough, I think trying to achieve the most sensitive but automated process is good because it forces the company to communicate and acknowledge a departure before the full termination process fires off, but maybe I'm in the minority.

I’ve done this multiple times, and have two instances running right now which have been active for years. One is simple and watches a smaller org:

ldapsearch … > new; diff old new > updates; mail … < updates

(On phone, pseudo code, definitely wrong)

The other is perhaps more interesting. I built a tool for a tool for a population of specialists in a large company. The tool requires ldap data synced in, and I capture the diffs. That sampling approach provides surprising insights into what’s active/hot/declining, even when the total size of the company would making tracking every employee change quite difficult.

Is there a script to check the users from the windows graph !!??

This is a very fun thing to do, unfortunately where I work (France), the HR team send out weekly/monthly emails with somes HR updates, and at the end the list of everyone who is hired (this includes conctractors), and everyone who leaves (resigned or fired), so it would not add any information to run LDAP searches and dumps/diffs.

It's always kinda stressful to open this email and find out if one colleague you liked has decided to leave, but most times, this colleague informed you before the email arrives.

I once worked at a large bureaucratic org that tried to keep it secret when people left (if quit or were fired) because they thought departures were bad for morale. So it was just a big secret. Are they here any more, are they on PTO, are they out sick, who knows! Can't talk about it. It caused way more gossip and bad morale than it would have just to be straightforward letting us know that so and so was gone.

I postulate that if your company uses LDAP, and you are here on HN, you're going to be laid off within the next 12 months. The existence of LDAP at a company implies that the company is likely highly um "mature" and isn't amenable to the kinds of hackers who have actual interest in the programming field.

I once discovered that a very large org had AD configured in such a way that you could see “last seen at” timestamp for everyone profile in the company.

It would have been trivial to track everyone’s hours using this, which would likely have been unpopular.

This is funny... I thought I was the only one who did this. I work in an org of over 1000 people and have found doing a programmatic dump of the org chart gives me insights I would never get from reading our status update. Often it is the only way I learn about colleagues who have left (and returned!) because not everyone sends goodbye messages or even has the opportunity to.

I made a tool to track ldap like that [0]. LDAP is a treasure chest of info and great for stalking. for some reason i find it fascinating to see people leaving, and if possible, see how long they worked there for. seeing friends get fired via LDAP before they even knew about it was certainly interesting, too.

I noted in the readme..

    Know what's going on in your LDAP directory on-demand with Slack webhook integration.
    See new hires, leavers, and promotions as they appear in LDAP.
    Monitor when and what HR is doing.
    Detect unauthorized changes in LDAP.
    Monitor for accidentally leaked data.
    Detect when users are logging in and out of LDAP.

There's also LDAPmonitor[1] which is designed for Microsoft and Active Directory which does effectively the same thing.

[0]https://github.com/MegaManSec/LDAP-Monitoring-Watchdog

[1]https://github.com/p0dalirius/LDAPmonitor

Ha, I did this about 10-15 years ago at a prior company. The turnover was so high (especially in the sales staff) that there would be at least a handful of people mysteriously disappearing each week.

I automated a small newsletter called "The Weekly Diff" for a few close trusted coworkers and sent it out each Friday with a list of who's new and who was missing from the company directory. And I kept a scraped database including phone numbers in case anyone wanted to reach out to anyone after they'd been removed.

Sometimes you make the best out of a failing company culture. Kept a lot of friends that way just by reaching out with some words of support :)

Incidentally, if someone gets mad about you running this sort of thing, you probably don't want to work there anyway. On the other hand, if you're able to build such tools without IT or similar getting "threatened" by it, then you might be somewhere that actually enjoys creating interesting and useful stuff. Treasure such places. They don't tend to last.

too true

"Treasure such places. They don't tend to last."

True true true. Especially if people are building quirky cool stuff in smaller orgs, its simultaneously a great place to work and has a higher extinction probability.

Fun fact: back when I was a contractor for Apple many years ago (while Steve Jobs was CEO), I learned through their directory service that Steve Wozniack was still an employee and reported to then-CFO Peter Oppenheimer.

doesn't every HRIS have this? workday, et al... all have some sort of "Leave Reason" field which can be reported on & aggregated

There was an automated tool like this someone built at Twitter. At first it was cool just to see who the most tenured people were. Then the layoffs happened and it became essential due to the absolute 0 communication happening thanks to the Cool New Management. I remember we used the count of people in one of the default Slack channels to keep track of how many people got the axe. Woof.

At my last company they had no system for letting us know if someone had been let go. At one point they laid off the VP of sales and it came up almost by accident in an all-company meeting (not a massive company, <100 but >50) and people were surprised he had been let go.

I was young, with nothing to lose (or rather just no self-preservation), and so I spoke up that the policy of saying nothing was silly and potentially very dangerous. If that VP, who I saw around regularly, had emailed me for a list of our clients I would have sent it to him, if he had been waiting at a door telling me he had forgot his keycard I would have let him in, etc. You could argue "You should have always asked up the chain before doing that or refused to let him in on your keycard", but then I'd just shake my head at you. When a VP tells you to do something it's not a great career move to throw up roadblocks, even if it's company policy, in my experience.

Going forward the company agreed to send out bland, generic "X is no longer with the company" for "legal" reasons (as in they couldn't say "was fired", "left of their own accord", etc). Which was better for sure. I never thought to scrape our company directory, that's a clever way to do that for sure.

Hahahahaha... So, I um have a very similar script that I manage for 'KTMJ' - it's not to find deactivated users, but to synchronize certain ldap attributes to another system. This organization is large enough (300k+ users) that typically, between the time that the script queries ldap, prepares the synchronization file, then actually performs the synchronization import which validates if each user still exists, there are already several hundred accounts that have been deactivated during that window and reported in an 'error' log file. (The actual synchronization and 'error' log file are outside of my direct control)

Why did I laugh maniacally?

Due to 'budget constraints' my contract is being terminated (they have just been through several rounds of layoffs, I was expecting this), my account will be one of the ones deactivated on the next monthly cycle - prior to that, I will have to handover the processing and expected 'deactivated' users 'error' logging behaviour to my replacements...

My company has 80,000+ employees. I have a feeling I'd be inundated with the churn.

Irc, cron, ldap, spying on other employees stuff

Yea, admins.

I'm a WFH worker. My company is fully remote. They are really great at managing departures and make sure everyone's aware and has a chance to say goodbye.

However I can't shake this feeling that the mindset that got us from treating servers like pets to treating them like cattle is creeping into workforce planning, and the WFH movement is making it that much easier.

Why plan capacity when you can scale resources up and down on-demand on a whim? With the emotional and morale implications of letting people go hugely reduced it becomes easier to think like that.

The last two sentences of the article were worth the whole read.

I've been using POSIX systems regularly for 25 years. Why have I never seen the comm command used before?

It's amazing how many people came to the same idea independently. At my old gig I created "the sackinator" (getting sacked = getting fired). It was a cronjob that dumped the entire AD directory nightly and then a script to diff the output of any two days.

Since the data was dumped, you could always go back and do more analysis. First I just cared about which accounts got deactivated. Then I started tracking title changes, last name changes (people getting married), department sizes, company head count over time etc.

Incidentally, if someone gets mad about you running this sort of thing, you probably don't want to work there anyway. On the other hand, if you're able to build such tools without IT or similar getting "threatened" by it, then you might be somewhere that actually enjoys creating interesting and useful stuff. Treasure such places. They don't tend to last.

Couldn't agree more.

For those wondering, by default, any user with an AAD account can query /all/ users via the MS graph API.

The trick showed in the article can easily be done on AAD as well.

Note that in Europe or UK downloading bulk employee lists would likely mean you are now handling 'personal data' and so various GDPR rules kick in

I find this super weird and almost borderline invasion of privacy? I mean, a job is your professional life and you’re there to work, not go directly make friends or stalk people… I mean sure I’ve made a few people whom I’d call friends in previous jobs and current one too and I’d like to believe that we’d have enough confidence in the friendship to tell each other about quitting. But seeing that potential info about anyone feels very weird…

Did this for a supermarket delivery company, they had an API that exposed their exact stock level for products, scraped the data every 30ish seconds, diffed and repeated :D There were some interesting orders for sure (cigarettes + soap + 1 beer)

if you're able to build such tools without IT or similar getting "threatened" by it, then you might be somewhere that actually enjoys creating interesting and useful stuff. Treasure such places. They don't tend to last.

Advice I wish I'd been given before graduating, second only to "get everything in writing".

The “epitaph” app that was mentioned is an internal Google web site. I always found it to be fascinating.

We used to use Sametime and I’d periodically search for “Deleted - “, which would show me everyone who was deleted over the past few months, before they fell out of the system.

I built this by accident once!

We had this internal web application. It had its own separate username/password table. I was asked to make it so you could login with your regular password instead.

It wasn't hard to solve the password part. I could make the web app consult the main system to verify your password at login. But... I couldn't eliminate the web app's user table entirely. It was too fundamental.

So I built a thing that ran periodically, got a list of users from both places, diffed the lists, and then did the required create/update/delete operations on the web app's user table. Thus the web app's user table mirrored the main login system.

I rolled this thing out and babysat it, keeping an eye on its log file. Naturally my code logged operations done on the user table. And I was like, "Hey, this is telling me who is joining and leaving the company!"

It even gave me a little additional info. The web app had certain roles and permissions, and these needed to correspond to organizational structure, which I got from the main login system. So if a user's web app roles changed, it was a clue they may have switched teams or got promoted.

I felt like I needed to be a bit careful with this info. Not that I wasn't allowed to have it, but I don't think IT expected anyone to have a tool that would make it that easy to notice changes as they happen. Potentially, I could have known someone was fired before their manager told them or something like that.

TLDR: Tried to streamline operations, accidentally developed a signals intelligence capability.

Incidentally, if someone gets mad about you running this sort of thing, you probably don't want to work there anyway.

Well that depends I guess. A lot of companies/orgs have privacy policies that prohibit accessing services out of "curiosity." I.e. if you're working at a university it's OK to access student information if you're doing it for a specific work-authorized purpose but you can't go casually looking at people's information just to satisfy some personal interest.

I do this for various reasons at my work.

To function in day to day tasks you need to be able to read stuff in AD. I have solved interesting problems this way like: How do I get access to X thing when the security groups are not documented? Find someone with access and recurse their MemberOf and diff your own.

I also have used it to find people leaving.

I wrote a script that is looking at the git log of a git repository, it tries to sum up how many commits per author/number of lines changed etc, when the author was active. This also gives some indication on the 'turnover rate' or whatever. (I know lines changed and number of commits is a very bad indication, but it is some indication)

https://github.com/MoserMichael/gittools/blob/main/git-whois...

I did this before. I ran a cron job once a day that counted the number of active entries in a particular file. It was neat to see the number bump up after an acquisition or drop after a layoff. It was neat to see the overall growth of the company I worked for.

I eventually decided that someone _might_ decide that, although freely available, in aggregate, this material could be _sensitive_. I stopped doing it. I deleted years of interesting data...

In Germany it's also a very good idea to monitor the "Handelsregister" (register of all companies) and see who currently is really the CEO, who can sign things etc. This shows early ripples in the force (e.g. founders on their way out, willfully or forced).

I tried to make one of these systems at my first job, but my manager expressly forbade me after hearing about it.

Later that company would go on to lay off 15% of software engineers in a day. The support team created tickets in the public issue tracker to decommission employee accounts, so a lot of people found out that way before anyone reached out for a meeting.

With Excel and Power Query, you have your own analysis tool...There is a direct connector to dump the full LDAP.

I worked at a company that had an internal website that showed all people, departments, teams, and had a filter you could use for new employees or employees that left. It was sort of a double edged sword: you had enough information to start asking questions about what it meant if a team member or coworker was on the list. What was more interesting is that it almost became ritual for some people to logon first thing in the morning and check the list, every morning.