Software Developers, American or Foreign, Are NOT Always of Good Quality

One defense the industry lobbyists like to use when confronted with overwhelming evidence that there is no STEM labor shortage, even in the computer fields, is that software developers are not interchangeable.  Typically the lobbyists are referring to specific skill sets, such as Android (a red herring, as I’ve explained in detail before), but in some cases they are simply talking about raw quality.  As I’ve stated many times, I strongly agree with the lobbyists on this point.  For instance, studies have shown that there is at least at 10::1 ratio in productivity between the best and weakest programmers.

However, this applies equally well to both American (U.S. citizen/permanent resident) and foreign (H-1B etc.) programmers.  The lobbyists would have you believe that the foreign workers are of uniformly high quality, but that is certainly not true.

I was moved to write this post after seeing these comments on Slashdot, a popular techie news site.  The Slashdot posting, titled “What Portion of Software Developers Are Bad at What They Do?”, says in part

We are looking to fill a senior developer/architect position in our firm. I am disappointed with the applicants thus far, and quite frankly it has me worried about the quality of developers/engineers available to us. For instance, today I asked an engineer with 20+ years of experience to describe to me the basic process of public/private key encryption. This engineer had no clue. I asked another applicant a similar question: “Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?” The person started off by asking me if it was an excel file, a PDF, etc. In general, I’m finding that an overwhelming number of developers I’ve interviewed have poor understanding of key concepts, especially when it comes to securing data. 

To me, that second example, in which the applicant thought that one could not use the same encryption algorithm regardless of the file type, epitomizes the problem.  Though it is technically not about programming per se, it certainly shows that that applicant “just doesn’t get it.”

In my experience, a substantial portion of computer science students, including foreign Master’s students (the industry lobbyists’ favorite group; see below), “just don’t get it.”  It is usually not as blatant as the above “file type” example, but of very serious concern.

This point is directly relevant to proposed legislation now in Congress, in which a common provision would give special visa and green card deals to foreign STEM graduate students at U.S. universities.  The rationale for this is that these are supposed to be the “good” H-1Bs, the ones whose addition to the U.S. workforce raises the overall quality.  But the reality is just the opposite:  As shown in my research and those of others, the average quality of the foreign CS grad students is LOWER than that of their American peers.  (I do have to add, as always, that there are also some really brilliant ones, whose immigration I strongly support.)

All this matters — a LOT.  Not only are the foreign worker programs reducing job opportunities and wages for American software developers, the programs are also resulting in BAD CODE that affects each and every one of us.  The IT disaster in the rollout of Obamacare is a perfect example, very expensive (including in terms of Obama’s political capital), harmful to many who were most in need of it, and reportedly due to incompetent programmers, said to be largely H-1Bs.

Similarly, consider the fact that one of the major companies in the U.S. electric power grid is in the process of firing American ITers and replacing them with H-1Bs.  Putting aside the issue of possible national loyalty conflicts, the prospect of less-competent programmers working on this key to our security is rather scary.

Congress should ignore the industry campaign dollars and look at the big picture.

Advertisements

24 thoughts on “Software Developers, American or Foreign, Are NOT Always of Good Quality

  1. Well, the point of the exercise is that there is a ratio of 10:1 between the best and the *average*, it’s no fair using the “worst” as a denominator because you get into negative or imaginary numbers!

    There are still some good developers out there but precious few and they are not responding to your ads because your salaries are a joke, raise your pay by 3x or 10x and see who responds.

    One indicator is the kinds of questions that get asked on support forums. One could do a study correlating the grammar and technical level of the questions (and answers!) by the country of origin of the posters, and it would NOT be a good result for most H-1B sources.

    But the thing is, life is complicated, and it seems that most organizations really seek incompetence, it gives the managers a chance to look superior. Seriously. Which makes a double (or triple, or what number are we up to?) lie out of the piteous cries for more better cheaper (cough) candidates.

    Like

      • “I too have often said that a weak programmer has negative productivity”

        Much more common are people who are very strong at a very few things, mediocre at most things, an very weak at many other things.

        If you push one into playing to his weaknesses, he will do poorly, while if he’d been playing to his strengths, he would have done great.

        I’ve worked with guys I thought were almost worthless… until a project came along that played to their strengths and interests, at which point they shone brightly.

        But how do we evaluate to help further develop talent and get the job done? I think that’s where the software product industry, and the bodyshopping/professional & business services/custom programming/IT industry execs and hiring managers have fallen on their faces.

        Like

  2. … but I should add as a separate issue, and in all due modesty as one who has looked at this up close and personal, for a long time, in many environments, and as one of those at the top of the ratio, that in most projects in most organizations I’d really rather just lay off the bottom 50% to 80% of the staff, and things would move along a lot faster. It is so often much more efficient to simply get something right the first time, rather than manage, diagnose, and mitigate incompetent work, especially if you are supposed to diagnose and mitigate *through* an incompetent staff.

    You need some junior programmers so that they can learn and progress, and you weed out the weak ones and fire them – because that long game is much more realistic than thinking you can pull top “talent” out of thin air at *any* salary. But you don’t seriously expect productive work out of junior staff.

    Like

    • Actually I disagree.

      This kind of reminds me of the difference between leaders as in there are those that push their troops from behind and there are those that lead their troops.

      I prefer the latter and I believe the true value of a leader can be the way that they take raw recruits with little to any skills and slowly but surely build on those skills to they reach the point where the weakest link is substantially better than the strongest link in the prior example.

      People are not a disposable commodity and it saddens me that we view them that way.

      I too used to believe in cleaning house but as somebody that has seen the boot heels of capitalism first hand, I no longer believe that this is the best route to take.

      Like

  3. Much worse than negative productivity caused by inferior capability of the vast majority of H1bs is the damage they do to everyone else by playing company politics to cover their inability to do their job. They come from cultures where cheating is the way to success and they use those well honed skills on the job.

    Like

    • I don’t entirely disagree. But after finding three U.S.-native students cheating in my class the last few days — in a class in which I happen to have a wonderfully helpful immigrant TA — I would point out that it is nowhere near as clearcut as you are making it sound here. Let’s stick to the issue of the professional quality of the H-1Bs.

      Like

      • And did the penalties teach everyone in the program/campus (and a significant number of prospective students still in HS or equiv.) not to try to cheat? Did it teach the bounds of what was acceptable and what was not. (I’m thinking of some old head-lines, students who thought their cheating was a generally acceptable way to take a test and staged protests at being prevented from doing it.)

        Or maybe it only taught a few not-nice people how to avoid getting caught the next time… or a mix of the 2. Hmmm, perhaps a series of anonymous (no institution, no names) articles in the Chronicle of Higher Education once or twice a year would help. (Another column by an econ prof a couple weeks back about massive cheating with teacher complicity in a couple HS systems.)

        Like

        • My institution has an excellent Student Judicial Affairs office, and I’m sure students understand quite well that cheating is not condoned in any way. But I do believe that the students who cheat do so because they see their parents engaging in dishonest behavior.

          Like

  4. I sure wish I knew who made the changes to the online store website I was trying to use today. It is broken; it was obviously not tested before it was released since it took me 40 minutes (and a call to customer service) to place my order and then it was not as an account holder but as a guest. Every time a product in my basket sold out, it locked my order.

    Then there is the website of a private university with a PhD programs in computer science and computer engineering. They released a new website last week and the number of broken links makes it unusable to find simple information. The faculty and staff directory includes no information about the staff; it is not like the faculty and the VP for Finance are in their office to answer the phone. Upon asking a staff member how to obtain some information, I was told that they are to make a list of the problems for the IT department. Are you kidding me! They are notorious for doing things on the cheap; a bunch of high school hackers could have done a better job of testing than whoever did the task.

    What is pathetic is that both of these websites were functional before the changes; I had used both for years with minimal problems on the store’s and, if I stayed away from the last upgrades to the university’s, I could eventually find what I needed.

    As for the “cooperate to graduate” problem, I suspect it is not limited to specific groups. What is unique to each is that some know that it is wrong but do it anyway and others just believe it is just the way things are. I have found this to be the case in the workplace as well.

    Like

    • “I sure wish I knew who made the changes to the online store website I was trying to use today. It is broken”

      This is common. YouTube worked for me when it came out, then they “enhanced” it into working as well as a rock. Similarly, Google keeps making their stuff worse (but ow I mostly go through proxies and meta-search engines).

      The MIT on-line course videos and materials worked fine a few years ago, then they hatched MITx which doesn’t work at all.

      At every pres. admin change-over they’ve wrecked the whitehouse.gov site, made it less accessible/user friendly and more graphic-designer and privacy-violator/campaign fund-raiser friendly.

      Yahoo, and Hotmail went through a slower, incremental down-hill series of “face-lifts” until they became essentially unusable (HotMail a total write-off, and Yahoo has a few bizarre ways to work-around it… mostly).

      Ditto the local library web-site — the contractor enhanced to death (but on the + side, this way I get to chat with the reference librarians).

      Some of it is planned obsolescence by MSFT or someone else along the chain, pushing people to get new software, buy new hardware, get the latest whiz-bang privacy hole. Really, you should be able to do 99% of all e-commerce via the web on a computer built in 1993 or 1994. But then a lot of it is that the contractors who do the face-lifts don’t have a variety of hardware, they upgrade software frequently and hardware annually, and only test on that one hardware/software combination they currently use.

      Oh, and the execs hate to invest in tech support; look down on them as not fit to be software developers, etc., don’t want to pay them, don’t want to hire enough of them to cope with peak demand… It’s because they don’t see it as a “profit center” because customers don’t want to pay much directly and it only brings in revenue indirectly and on a much-delayed basis for the most part. I mean, if you had to pay a pro-rated salary plus benefits (call it $30-$200/hour) for that 30-90 minutes (and you know it will take 2 or 3 times as long as you initially expect for your “simple” issue… and perhaps 3 calls before getting at the “root cause”) of tech support would you even try to send e-mail or call? And will we consciously remember how helpful the person at that particular firm was when it comes time to choose new software or hardware?

      Like

  5. A couple of people have asked me whether the manager’s questions were fair.

    Given the role of encryption in our daily lives today, I do believe that anyone calling him/herself a computer expert should know in at least very rough terms what encryption does, and the notion of public and private keys. I personally would hesitate to hire someone who did not have enough curiosity to at least read the first paragraph or two in the Wikipedia entries on these topics.

    But in any case, giving a very wrong answer, as the job applicant did, is much worse than simply saying, “Sorry, I really don’t know anything about encryption.”

    Like

    • ≪Given the role of encryption in our daily lives today, I do believe that anyone calling him/herself a computer expert should know in at least very rough terms what encryption does, and the notion of public and private keys.≫

      I wouldn’t make something like that part of an interview, unless the job required knowledge of encryption. IMO, encryption is a specialty — something that people shouldn’t be expected to answer questions about if they don’t work with it regularly. A computer expert might have worked (at the implementation or design level) with encryption, or studied it for a class, but might not remember enough of what he or she did to answer even rough questions about it, compared to someone else who has worked with it more recently.

      ≪But in any case, giving a very wrong answer, as the job applicant did, is much worse than simply saying, “Sorry, I really don’t know anything about encryption.”≫

      Possibly. It depends upon who is interviewing the candidate. Some interviewers actually consider this just as bad as giving a very wrong answer. They consider this to be giving up.

      The topic of (unrealistic) expectations placed on candidates is explored in Steve Yegge’s “Get that job at Google” article. Note the “interview anti-loop” section.

      http://steve-yegge.blogspot.com/2008/03/get-that-job-at-google.html

      Like

  6. I’m fairly good at what I do.
    And I come from a navy background as a radioman where we studied and implemented electronic, physical and electromagnetic security and used encryption on a regular basis.

    But, I would not have been able to answer that question because in 30 years of doing projects of all types, we very seldom design a system to send our data files anywhere simply because you lose control and you start experiencing all of the negative data problems that we read about these days and this simply means that encryption as a developer is not a routine matter.

    On the other hand though I would have said you would need to use encryption software even though I have no idea what brands are available.

    I think that better questions of a senior developer/architect would be:
    1. How do you design the environment to ensure that there are no failures.
    2. How do you ensure the security of our data when we are using remote services such as the cloud as supplied by external vendors.
    3. In the event of a failure, what are your plans to have full production restored asap.

    When I first learned this business back in the 80’s we did it all, and by that I mean development, systems implementation, cabling, everything.

    But over time as the projects got bigger and bigger, the systems side and the software side diverged which means that for the most part the software side will not handle much on the systems side and vice versa.

    Based on those questions I’m wondering if we are not trying to merge the two areas once again and if so, whether that is wise.

    Like

    • “1. How do you design the environment to ensure that there are no failures.” Yes, design the environment to eliminate or minimize the need for encryption, i.e. minimize external communications with multiple parties and external devices.

      Like

  7. India has some top people in science and software, but the average quality of code from India, like the average quality of universities there, is not very good.

    The Atlantic had a story in 2013 about poor quality computer code from India, referencing a Reddit thread:

    http://www.theatlantic.com/international/archive/2013/10/behind-the-bad-indian-coder/280636/

    “Code from India can be truly awful if you work with most companies,” another Redditor said. “A lot of them treat programming as a task to be completed with numbers and fire those that can’t work fast enough, rather than a task requiring quality where people are educated to avoid mistakes and fired only as a last resort.”

    “I am currently working with outsourced code,” said another. “I never knew how bad it could get.” …

    “Rote learning is still the major reality for teaching pedagogy in India,” Kugelman told me.

    Weighing in on the buggy Indian code debate, Indian developer Shekhar Gulati wrote on his blog, “In India … students just cram the things and get [the] score but practically they know nothing.” Gulati pointed out that he once interviewed a computer scientist with a degree in the field and six years of experience who was unable to write a simple program during his test.

    NYT has reported that both India and China have far more university graduates than they have professional jobs available, much worse than here. The proposed program to give a green card to anyone with a masters degree from a U.S. college would open the floodgates.

    Like

  8. When I worked as a Software Engineer for a multinational company, I overheard that Software Engineers could read an entire Engineering book in a day. Is that true? Since, losing my job that’s what I have been trying to achieve. In general, what kind of reader do you have to be in order to work as an Engineer? I hope this comment doesn’t change the current topic of discussion. I am sure they were referring to a book that they have already read before or the book of the same topic before.

    Like

  9. > For instance, today I asked an engineer with 20+ years of experience to describe to me the basic process of public/private key encryption. This engineer had no clue.

    Perhaps a better test would have been to allow the engineer to quickly read the first paragraph or two in the wikipedia explanation at http://en.wikipedia.org/wiki/Public-key_cryptography and then see if they could explain it or comment intelligently about it. I have to admit that I have 20+ years of experience as a senior programmer but could probably not have answered that question. Software is a very big area and, in those 20+ years of programming, I haven’t worked on anything that really required that knowledge. However, it is possible that an “architect” should have known it. I’ve worked as a senior programmer where my focus may be much more narrow. In any event, I agree that the candidate who thought that encryption depended on the type of the file seemed to miss the whole point of encryption.

    On a related topic, this discussion does bring up a question that I’ve wondered about before. Suppose that 80 percent of the programmers who would like to work in the U.S. live outside of the U.S. Also, suppose that programmers from inside and outside the U.S. generally fall into the same distribution of skill. Should we follow a policy by which we replace the lower 80 percent of current native programmers with the top 20 percent of those programmers who want to work here? Although that is an extreme example, it does bring up some difficult questions. Would following that policy be fair to American citizens? Should the government consider the cost of such a policy in aid to and lost taxes from those workers and give companies that hire Americans any sort of tax advantage, at least enough to counter those costs? To what degree is skill in software linear, going from the “one-baggers” to the “ten-baggers” and to what degree do some programmers have different skills?

    Those questions aside, it does seem that we do need to promote a system where candidates are on equal footing, where older, American programmers are not laid off to make way for cheaper and easier-to-exploit (but not higher quality) programmers. And, as has been discussed here, we need the debate to be informed and factual, not based on dubious studies.

    Like

  10. So, the thing that keeps coming to mind is: “How does one measure skill-level/quality?” There’s a G element (to borrow a term from debates over intelligence measures), and there are more specific application area, even more specific facet areas (to make up a term) as illustrated by the question about public-key encryption, and there are at least 2 and possibly 4 schools of thought/philosophy on proper/good SW dev — one school’s “excellent, elegant…” is another’s “rotten, unmaintainable…”.

    The general G, “I get it” moment rarely occurs before immersing in programming and SW design for 12 months, usually some time between 12 months and 36 months; many people are beginning to think that, regardless of field, it takes 10K hours of practice to really *get it*. Before that *I get it* moment, students are usually inundated with floating abstractions and meaningless details of syntax and such, and are going through the motions without genuine understanding. And sometimes, for some students there are multiple, mini-“I get it” moments for various aspects, at intervals of a few months of immersion.

    (These mini-“I get it” moments also occur with old pros after between 2 weeks and 18 months of adaptation to a new school of thought, a new design philosophy, new kind of programming language, a totally new application area, etc. Employers should expect, plan and budget for those.)

    There are application areas totally focused on math and statistics, medical research, others on math and chemistry, others on accounting, regulatory compliance, nuts and bolts mechanical engineering, artistic drill-down and display of info and imagery and multi-media from massive data-stores which can be very advanced or it could be drudge-work, similarly for extremely simple/mundane but transaction-intensive apps…

    I would expect 90%-98% to “get the gist of” public key encryption/decryption, 80%-90% to be uninterested in it, while maybe only 10%-30% might be able to quickly whip up a feature that depends on it. And most of those wouldn’t know where to look for off-the-shelf components from which to build such a feature, while up to 3% might simply build a custom implementation from scratch, because it was something that once caught her/his eye enough to have experimented with it already, beyond one assignment in college.
    Hardly anyone would be likely to recognize the acronym SCADA, but the vast majority could do it at least competently.
    We all *get* the idea of multi-processing, custom programming languages for vector and parallel processing, we understand co-routines and threads, but I would expect only a very few to cleanly implement such out of the starting gate, whether they’d had 1 week or 3 semesters covering these topics at the U.
    We nearly all *get* the idea of memory management (including *virtual memory* paging and management), garbage collection, reference counting, retain/release, ARC, but implementing such is a mine-field only very few are cast into, and only a fraction of 1% are likely to get through without mishap.

    But, regardless of which side of the deal you’re on, the example shows that the hiring manager’s first priority, his expectation, is not aligning with the priorities and interests of job applicants. And it shows that there are probably many many more or less narrow niches with differing priorities.

    Yes, the best answer when confronted with a question from a niche you’re mildly interested in entering if you can make a living at it, but have had insufficient reason and insufficient resources to research before is, “I don’t know, but I can find out and get back with you within x minutes/hours/days/months.”

    Like

  11. An interviewer asking an open ended question about “how to do encryption” is probably just trying to filter you out by asking a question that would take at least 6 months of education to fully answer in depth to someone unfamiliar. It’s really a stupid question. Who has time to go through at least 5 semester credits worth of Chinese remainder theorem, groups, rings, number theory, Diffie Hellman, El Gamal, IEEE large number formats, and everything else in between during an interview.

    Like

  12. In response to @mib8’s comment:

    “Yes, but how do we find that out in the hiring/job-seeking process… as quickly and inexpensively as possible?”

    Practically speaking, attempts to determine such things quickly and inexpensively run the risk of rejection of candidates who would do well on the job because you don’t learn enough about what the candidates can do.

    In the same spirit of Steve Yegge’s “Get that job at Google”, Gayle Laakmann McDowell wrote about the inherent difficulty of tech interviewing:

    http://www.gayle.com/blog/2015/6/10/developer-interviews-are-broken-and-you-cant-fix-it

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s