Set Up Read-Only Access
Is there any way to set up a Linode with debian so that a prospective developer I have not yet hired can look at the code for my site, but not be able to download the code or change anything? I basically just want to put it in a vault and have them look through a window.
thanks
12 Replies
> I basically just want to put it in a vault and have them look through a window.
Without being able to take a picture either? Good luck with that. If you can read it you can copy it.
@Jackson1007:
I don't care about a picture of a screen. I just don't want them to be able to download files or copy files or change files.
okay, srsly, these forums have very little traffic, you don't need to x-post.
But this part is pretty much pointless. stopping a download or copying is useless. if you have that little trust, don't hire the person. readonly is trivial
As a developer for many years, if you tried to provide me this type of material, I would say no thanks - fwiw.
@Jackson1007:
I don't care about a picture of a screen. I just don't want them to be able to download files or copy files or change files.
Read-only is one thing, but how do you expect them to view files without also being able to download them? The contents have to end up being sent to their system somehow to be displayed. It's like saying you want to let them view a web page but not be able to grab the HTML source, when the latter is already on their system in order to present the page.
Now, if you want to excerpt from your code base, or hand pick certain files so they are limited in what they can view, that's a possibility. Heck, you could get crazy and turn it into a graphics image or something to make it harder to replicate, but even then it's just a matter of retyping.
Just assume anything you're going to let them see they can make a local copy of. Anything you might try to prevent it is going to have holes and be far more effort than its worth.
If you have to be that security conscious about your code base (and in all seriousness, I'd at least think about it a bit), then you need to do more pre-qualification of your candidates, or perhaps more importantly, get them to sign NDAs before taking the step of showing it to them. Anything else IMO is a losing cause. Plus, it might even backfire and turn off the very candidates that you are looking for by treating them as untrustworthy.
– David
First you send some hot sexy babe to the potential code monkey.
Then the babe convinces the code monkey to go with her to meet the "boss" (that would probably be you in this scenario).
Then the hot sexy babe takes the would be code monkey to the bosses rave/drug den/secret mansion.
Then you interview the would be code monkey on your own laptop while having another super hot sexy babe "distract" the would be code monkey so that even his nearly photo graphic memory can't remember exactly what he's seen.
Then you threaten to blow the would be code monkeys head off with your .45 held gansta style.
Easy Peasy.
Just a observation, but some of you guys seem to really over think some of these problems.
glg, AVonGauss, db3l:
Thanks for your help. I'm very new to development. But it seems odd to me that you give someone your code that you've been working on for a year and they can just go set it up elsewhere and use it. How is it possible to know someone you're just testing out. If you're interviewing someone for a job, do you give them the password to your alarm at your office and your password to your computer and say if we don't jire you please just forget what I gave you. Seems crazy to me. Of if you are interviewing nannies for your children do you just give them all the alarm code to your house and pray they never come back and use it?
I can't believe no one has come up with a way to share code without allowing people to copy it. Lawyers and Investment Bankers often use digital "deal rooms" where potential acquirors can look at document but cannot download them or copy etc.. Maybe I can use one of those -but I have no clue how code is set up or if it can be displayed as documents can be.
Think of it this way, you're hiring someone to work on your code - they should, before they met you, be able to code whatever you are asking them to work on. Its what is done with the code that makes it valuable.
@Jackson1007:
Thanks for your help. I'm very new to development. But it seems odd to me that you give someone your code that you've been working on for a year and they can just go set it up elsewhere and use it. How is it possible to know someone you're just testing out. If you're interviewing someone for a job, do you give them the password to your alarm at your office and your password to your computer and say if we don't jire you please just forget what I gave you. Seems crazy to me. Of if you are interviewing nannies for your children do you just give them all the alarm code to your house and pray they never come back and use it?
No, but I also don't typically give potential developers access to the code. If I want to see what someone can do, I've got a pile of features/specs on the to-do list that can be developed and tested "in isolation."
Also, while we love our source code and it is very important to what we do, it is but a small part of what is required to reproduce our business. Without the writers, editors, salespeople, executive team, and readers, the source code is rather impotent.
> I can't believe no one has come up with a way to share code without allowing people to copy it. Lawyers and Investment Bankers often use digital "deal rooms" where potential acquirors can look at document but cannot download them or copy etc.. Maybe I can use one of those -but I have no clue how code is set up or if it can be displayed as documents can be.
Those are gimmicks, for reasons that should be obvious, but if not:
~~![](<URL url=)http://drop.hoopycat.com/IMG_20110824_110006.jpg
I'm not entirely sure what one might accomplish by giving someone the ability to look at source code without being able to run it or edit it or thumb through it in their favorite IDE, but a walk-through demonstration of what the product does would probably be significantly more useful (and safer).~~
@Jackson1007:
Thanks everyone for your help. I guess I'm not as trusting as most people – but it seems I will have to bite the bullet and live with it.
Perhaps you also constructed a scenario that just doesn't work for you, given your own preferences.
Why does your prospective hire have to see your code? There are plenty of other ways to evaluate them without giving them access to your existing code, including, for example, having them provide you with samples of their own work that you then in turn evaluate. Plus all the typical interview questions, asking them to solve an outstanding problem (as mentioned in an earlier post), etc…
If you don't feel qualified to evaluate the technical merits of an applicant, see if you can find someone more expert (in interviewing if not coding) in your local circle of friends/workers that would help out.
-- David