hacker news with inline top comments    .. more ..    26 Dec 2014 News
home   ask   best   4 years ago   
1
Hackers Who Shut Down PSN and Xbox Live Now Attacking Tor
111 points by conover  4 hours ago   90 comments top 22
1
alexggordon 1 minute ago 0 replies      
I'm always a little bit fascinated by these sorts of attacks.

On one hand, I guess I understand (yet don't condone) the motivation for the 'vigilante' justice they're trying to do. On the other, I really don't understand what benefit you can get from attacking Xbox, then Sony, and finally Tor.

When I think of the people doing this, I tend to think of them as understanding the importance of Tor and the benefit of anonymity it brings. However, here are people doing a DDOS attack (obviously illegal) trying to bring down the biggest illegal goods marketplace on the internet.

Maybe I'm alone in this, but outside of attention, I really don't understand any logical reason for this happening, and that really makes me dismiss any message they may have. I can comprehend being motivated by anger or some event, or just being a douchey company, but I just really don't understand what anyone besides the US Government would gain by attacking Tor.

2
rcamera 1 hour ago 1 reply      
Tor Devs haven't made any announcement yet, there is, however, a discussion about it on the mailing list:

https://lists.torproject.org/pipermail/tor-talk/2014-Decembe...

If you use Tor, I would follow the suggestion by another member of the mailing list [1], simply add to your torrc file:

  ExcludeNodes US  StrictNodes 1
That will disallow using any US nodes, which works since all of LizardNSA's nodes are currently in the US.

[1] https://lists.torproject.org/pipermail/tor-talk/2014-Decembe...

3
linksbro 5 minutes ago 1 reply      
4
jamescun 3 hours ago 1 reply      
For Tor network status and node list: https://torstatus.blutmagie.de/

All names appear to begin with LizardNSA.

It must be said, however, that all exit and non-exit nodes go through acceptance process over 88 days

https://blog.torproject.org/blog/lifecycle-of-a-new-relay

5
mattdeboard 31 minutes ago 1 reply      
This group has been DDOSing game networks for quite awhile now, a year at least? Are they just super skilled at covering their tracks, are they not being investigated, is federal law enforcement not good at tracking this down yet, or what? I don't understand how a major crime spree is being conducted in public and gleefully boasted about for this long.
6
tanglesome 14 minutes ago 0 replies      
What a great bunch of guys! And, oh by the by, PSN is still down and Xbox Live is still having trouble.
7
jwcrux 1 hour ago 0 replies      
I'd be curious if this would be considered against the google compute engine ToS.

If so, it'd be simple for Google to wipe them. Otherwise, I have no doubt the tor directory authorities will be keeping an eye on these for malicious activity and will mark them as Bad Relays if any is detected.

8
abritishguy 2 hours ago 1 reply      
They appear to be using Google Compute instances (based upon the IP addresses) to create TOR relays but since they are not exit nodes I'm not really sure what they are hoping to achieve.
9
dirkk0 2 hours ago 3 replies      
I don't get it.

They attack the PSN and XBox networks. Kim Schmitz gives them 3000 vouchers for Mega to save christmas (what?) and/or the world. Then they claim, he's the reason they stopped the attacks.

And then they target their next victim.My point is: one might not like Kim but he is way too smart to expect such a barter to be successful.

So, given his own background, what makes him this? A stupid hero? Or is there a much smarter option?

10
comex 3 hours ago 1 reply      
It's unfortunate that they're attacking Tor, but at least this type of attacks is being demonstrated now by someone presumably only out for lulz, rather than potentially by more malicious entities in the future.
11
jayrox 3 hours ago 2 replies      
first off, quit calling them hackers. they aren't hackers. they are script kiddies.
12
deanclatworthy 3 hours ago 3 replies      
So from what I've read so far they are trying to deanonymize TOR users by having a large number of relays in the network. This isn't an unknown attack vector. But surely the NSA could easily do the same. What's to say that half the relays aren't already NSA owned?
13
s_q_b 55 minutes ago 1 reply      
They're trying a correlation attack on the network. Create enough entries and exits, then matching traffic by time, size, and shape.
14
sjreese 2 hours ago 0 replies      
That is the point .. the tor people said we are the USA and we will play the PIG movie World Police style. Just as with them working with the FBI, NSA and NRO.
15
higherpurpose 3 hours ago 4 replies      
Kim Dotcom gave them 3000 Mega accounts yesterday, and now they seem to have created 3000 relays. Is the number just a coincidence, or are they doing it through those accounts somehow?

http://torrentfreak.com/kim-dotcom-stops-xbox-and-playstatio...

16
tw04 2 hours ago 3 replies      
PLEASE stop calling them hackers. They're DDoS kiddies who have now switched to spinning up TOR on their botnet. THESE ARE NOT HACKERS.
17
yeukhon 2 hours ago 2 replies      
The thing I fear the most is cyber retaliation. So many of us have accounts on the Internet that matter to us day to day. If they are reading this (I am damn sure they are), and if they don't like you, they will try to take over your accounts and make fun of you. Fear is the most destructive and most effective weapon and such weapon is most terrible when targeting at individuals.

But I still have to drop a line: please arrest these "hackers" / "crackers" / cyber criminals.

18
chatmasta 4 hours ago 0 replies      
how many bottles of mountain dew?
19
alexivanovs 3 hours ago 0 replies      
This is fun to watch, even funnier when you realize that any talk around this is just that - talk. But, I'm intrigued for the future, this type of hacking is starting to make its comeback, and that's a cute thing.
20
sjreese 3 hours ago 0 replies      
Sony - had this coming - fake security experts said the NK could do nothing - Now look - Ha! they stole the Admin password Ha! it was "lena" but we will kill their "NK" internet and stop them cold from further take-downs. Ha Ha he he ho ho ho..
21
a-ghost-fart 2 hours ago 1 reply      
A bunch of children who don't know how to use Tor (take a look at the dox from TheFinest) decide to try and compromise Tor.

Colour me surprised.

Given that a bunch affiliated with the group's names, addresses, numbers and the like have been compromised, this doesn't seem like a very smart plan.

22
yedpodtrzitko 1 hour ago 1 reply      
This isn't Fox News, can we call the things correctly, thus "crackers" in this case, pls?
2
Cello Higher Level Programming in C
166 points by denysonique  7 hours ago   40 comments top 14
1
orangeduck 1 hour ago 0 replies      
Author here. I always get asked two questions about libCello.

1. Why?2. Is anyone using it for anything serious?

The second one is easiest to answer: no. And most people are suprised to hear that I probably wouldn't use it for anything serious either.

If you hadn't noticed from my github page I love C, and while I am also very interested in the things Cello adds such as duck typing and interfaces, and all the syntactic sugar that makes thing really nice and literate; it doesn't interest me enough to choose it over C. Additionally who is going to want to use my project if it uses this weird hacky C library! People are (for good reason) very suspect of dependancies.

That isn't to say I don't like programming in Cello. I'm almost definitely the person who has written the most in it and some things are just a joy to write in it, and look so clear and functional and algorithmic. At some point in the distant future when I find the time I really will attempt something serious such as a web framework. If that takes off we seriously can decide if it really is a good project (hur hur hur).

To be fair, "why" can also be pretty easy to answer depending on who is asking: because I could. Because I thought it was kinda cool and that people would be interested. There seems to be some default position in programming that unless your project is silly or sarcastic people assume you are "advocating" something by doing it, or making some kind of political statement on software development. I didn't work on this project to try and change the world. Nor to create something better than the alternatives. It doesn't change my life if people use Cello or not. I wasn't frustrated with C++, and I wasn't looking for a cylindrical rolly thing for my cart. I just made it for fun.

2
TheDong 5 hours ago 1 reply      
Previous discussion: https://news.ycombinator.com/item?id=6047576

This has tons of sugar; if you're just interested in how this stuff is possible in C it would probably be more instructive to look at the GNU library libffcall[0] which implements trampolines. The code is simpler and there's less syntactic sugar obscuring what's going on. Of course, the linked articles on the Cello home page are instructive too.

I've yet to actually use Cello myself since I feel like if you hack C up that much, you might as well just use something like C++, C#, Rust or what have you and gain even more benefits, like a mature ecosystem that's highly compatible with the features you're using while I worry Cello, when relying on normal C libraries, might require you to slip back into some C-isms that Cello desires to avoid due to your dependencies not caring.

[0]: https://www.gnu.org/software/libffcall/

3
runewell 5 hours ago 1 reply      
I really love this. Are there convenience functions to convert existing values to and from your new data types?

I would love to use this library but as C programs often requires third-party libraries I could see many instances of having to use normal C types. Is there a way, for example, to easily convert a float to and from a var (with a Real key/value)? How would I use your library to take hash table values and assign them back into standard struct members? Would I just use traditional casting? Something tells me normal casting is not an option, or at least not so easy.

4
pavanky 1 hour ago 0 replies      
Has the development moved away from github[1] or has it completely stalled ? The last commit I see is from 8 months ago.

[1] https://github.com/orangeduck/libCello/

5
userbinator 4 hours ago 1 reply      
The syntax is rather reminiscent of jQuery... and just like how that has created jQuery developers who know next to no JavaScript, I could envision many Cello developers who know almost no C which given the characteristics of the language would probably be an even bigger problem. It's good that they have a disclaimer saying that this isn't for those who don't already know C.

I think it's more like a framework than a library, based solely on the principle that it basically encourages a completely different syntax and code style that someone else would have to learn in addition to C in order to work with code written using it.

6
antirez 5 hours ago 0 replies      
Too high level IMHO... $(Int,5) is not reasonable, also everything is too opaque for it to be a C library. You can go a long way without creating such a layer of abstraction with just a set of libs implementing data structures, dynamic strings, with simple object-alike structures that are reference counted so that it is trivial to have lists of hashes or alike, but where you can also store raw stuff trivially just changing the "method" to free or dup the objects.

EDIT: AFAIK "$" is not valid ANSI-C, however I would love it... For example in a reference counting system could be cool to have $() and _() to incr/decr references.

7
zserge 3 hours ago 2 replies      
> To compile Cello requires a C99 compatible C compiler.

In fact, it fails to compile with -std=c99, it seems to require GNU extenstions, that's why they have -std=gnu99 in their Makefile. They use ##__VA_ARGS__, which is not in the C99 and AFAIK there is no portable way to make a workaround.

8
_RPM 58 minutes ago 1 reply      
How are you implementing the dynamic type interface? Discriminated union?
9
otis_inf 5 hours ago 2 replies      
Let C be C. For the people who don't like C for one reason or another, there are a ton of alternatives available, from x64/x86 targeting languages to manages stacks. Adding these libraries to C might look nice, but if you want to experience the things it brings to the table use a language where it's been borrowed from.
10
diego_moita 3 hours ago 1 reply      
> /* Heap objects destroyed with "delete" */

> delete(items);

This part is funny: "Higher Level" but still no garbage collection.

11
api 3 hours ago 0 replies      
It would be very interesting to pair this with a very well designed minimalistic web framework, drivers for things like Redis, etc., for some VERY high-performance web backends.
12
chris_va 3 hours ago 2 replies      
Why does this exist?

(Serious question)

13
aosmith 5 hours ago 1 reply      
I'd love to know how this compares to GoLang... Conceptually similar, which is faster?
14
halayli 1 hour ago 0 replies      
Just use C++11
3
Unexpected Life Found in the Ocean's Deepest Trench
48 points by benbreen  3 hours ago   5 comments top 2
1
ceejayoz 2 hours ago 2 replies      
This is why the term "habitable zone" can be a bit laughable.
2
gee_totes 1 hour ago 0 replies      
I wonder how sensitive these forms of life that live in such hostile conditions are to climate change. Perhaps in the future, we will farm them for food once the oceans acidify.
4
Why Oakland's a Tech Start-up Game Changer
26 points by MilnerRoute  4 hours ago   8 comments top 3
1
tzs 16 minutes ago 0 replies      
According to Wikipedia, "Oakland has the fifth largest cluster of 'elite zip codes' ranked by the number of households with the highest combination of income and education". That's a good sign.

On the other hand, Oakland is also persistently near the top of the list of most dangerous cities in the US. One recent report put it at #2 [1]. That's generally not a good sign.

Is there much interaction between the high income/high education areas (presumably where you'd want to put your start up), and the high crime areas?

BTW, in addition to having one of the highest crime cities in the nation with Oakland, the Silicon Valley area also has one of the lowest. That would be Sunnyvale, which was the 10th on this recent list of safest cities in the US [2].

[1] http://247wallst.com/special-report/2014/11/11/the-most-dang...

[2] http://247wallst.com/special-report/2014/11/12/the-safest-ci...

2
ryanSrich 1 hour ago 2 replies      
Oakland is incredibly close to San Francisco. If you want all the benefits of being in Silicon Valley's startup network with only a fraction of the cost, then Oakland is your spot. The only downside is that many businesses already realize this and have begun driving up renting costs.
3
fyell 28 minutes ago 1 reply      
Great article. The diversity in tech is definitely apparent in Oakland. Not just in employee demographics, but in how companies tend to think in a different manner.

The article mentions that start-ups in Oakland are driven by a social mission, and it's very true. I work at VSCO and we're based in Oakland. VSCO is not about giving likes, being popular, or generating money through ads. We are simply about empowering the community with the art of photography. Without trying to sound too self-righteous, I like to think that the tech companies coming to Oakland also share a sentiment of contributing to social causes bigger than themselves.

5
The Doomslayer (1997)
14 points by sutro  4 hours ago   discuss
6
Great Quotes
35 points by jeremynixon  4 hours ago   12 comments top 5
1
aristus 2 hours ago 2 replies      
It should be noted that "Tara Ploughman" is an anagram of "Not Paul Graham".
2
serve_yay 31 minutes ago 0 replies      
My favorite:

"A witty saying proves nothing." - Voltaire

3
Jun8 2 hours ago 1 reply      
"I hate quotation. Tell me what you know" Emerson :-)
4
pastProlog 2 hours ago 1 reply      
> "When schoolchildren start paying union dues, that's when I'll start representing the interests of schoolchildren."

> - Albert Shanker, president of the American Federation of Teachers, 1985

This is of course an invented quote, but it tells you where the head of the person quoting it is at.

5
otherusername 1 hour ago 0 replies      
These are surprisingly worthless, without the quoty explaining the context. Kind of like Zen Koans, you can make of them what you will.
7
We believe we may be infected with malware
30 points by marcopolis  2 hours ago   11 comments top 4
1
ams6110 1 hour ago 1 reply      
Until this site is restored, you can download your ISC software from our ftp site.

How do we know the ftp site is clean?

2
yourad_io 2 hours ago 1 reply      
Disclosure is great and all, but.. which malware?

I searched a few of the *-announce lists and didn't find anything obvious. Is there a discussion somewhere that I'm missing?

3
rattle1337 1 hour ago 1 reply      
4
mosselman 1 hour ago 2 replies      
Great idea to link to a potentially infected site. "Please scan any machine that has accessed this site recently for malware." OK, thanks, now I have to scan for malware.
8
JavaScript Equality Table
46 points by antoinec  8 hours ago   20 comments top 8
1
jakub_g 20 minutes ago 1 reply      
Interesting, I didn't know about `[1] == true`, `[0] == false` family of equalities.

Edit: it seems more general, `42 == [42]` etc. holds.

Edit: more fun

  ([0])==false // true !([0])==false // true

2
sheetjs 3 hours ago 0 replies      
3
judah 2 hours ago 1 reply      
I like the end of the article. "Use three equals unless you fully understand the conversions that take place for two-equals."

Or better said, "Always use 3 equals unless you have a good reason to use 2."

4
stefek99 1 hour ago 0 replies      
Object plus object is not a number :)

https://www.destroyallsoftware.com/talks/wat

5
ambrop7 1 hour ago 0 replies      
It immediately grabbed my attention that they used images for the column labels. Vertical text should be doable with CSS.
6
farnsworth 1 hour ago 3 replies      

  if (2) { console.log('yes') }  > yes  > undefined  if (2==true) { console.log('yes') }  > undefined
I would have thought these would be the same - what's the difference between being "truthy" in the first case, and being ==true, as in the second?

7
prezjordan 3 hours ago 1 reply      
Well, at least it's got some symmetry to it!
8
frou_dh 2 hours ago 0 replies      
dynamic typing good

weak typing bad

9
Using the Quick Raise of Matrices to a Power to Write a Fast Interpreter
68 points by skazka16  7 hours ago   19 comments top 9
1
tel 5 hours ago 0 replies      
This is an instance of the "Maximally Powerful, Minimally Useful" principle from a few days ago [0]. Because the language being described is sufficiently minimal it has multiple valid, meaningful interpretations including the direct "just execute it" interpretation, a theoretical "compile this to some kind of other language and interpret it there", and, most interestingly, interpret these relations as a linear algebra problem.

It should be quite clear that a more "powerful" language would not admit this last meaning/interpretation/denotation.

[0] http://blog.higher-order.com/blog/2014/12/21/maximally-power...

2
Animats 1 hour ago 1 reply      
Arithmetic confined to addition, subtraction, and multiplication by constants is Presburger arithmetic. It's decidable; there are automatic theorem provers for statements in it. The classic Oppen-Nelson prover converts theorems to be proven to matrices, then useslinear programming on rational numbers as a solution mechanism. That may be isomorphic to this approach.
3
Someone 5 hours ago 1 reply      
"The exponentiation algorithm is quite simple:

If the power is zero, we will return the identity matrix.If the power is even (2N), we can recursively compute M^N, and then return the square of the obtained matrix.If the power is odd (2N+1), its enough to recursively compute M^2N value, and return the obtained matrix, that has been multiplied by M."

Tidbit: that likely is the best approach in practice, but perhaps surprisingly, it is not optimal in the number of matrix multiplications. See http://en.m.wikipedia.org/wiki/Addition-chain_exponentiation and https://oeis.org/A003313. Wikipedia has a link mentioning addition-subtraction chains, so it may even be beneficial to compute the inverse of the matrix in some cases (M^1023 likely is such a case, if inverting M isn't too hard)

4
ivan_ah 5 hours ago 3 replies      
How about computing any Fibonacci number in constant time? This can be done using the eigendecomposition trick for computing powers of matrices: http://minireference.com/static/excerpts/fibonacci_in_consta...

caveat: will fail for large N due to limited precision of floats... works fine on paper though.

[update] caveat 2: assumes a model of computation where ^N can be computed in constant time, which only works on paper.

5
aruss 2 hours ago 0 replies      
The author needs to be careful in what model they are using to show asymptotic runtime. Sure, this reduces to O(log n) matrix multiplications, but matrix multiplication is not a constant time operation (and is actually between quadratic/cubic in the dimension of the matrix, assuming arithmetic operations are performed in constant time, which is also not always a great assumption).
6
okigan 5 hours ago 2 replies      
Link bait ?

Original article: http://habrahabr.ru/post/148901/Post date: 2012

More from the same author: http://habrahabr.ru/users/skidanovalex/topics/

7
carlob 4 hours ago 0 replies      
> [] will calculate the 1 000 001st and 1 000 002nd numbers in 4 seconds. Classic version would take much more time, as the program has to operate with multi-thousand-digit numbers.

I'm not sure what classical algorithm of computing Fibonacci numbers OP is mentioning, but using Mathematica on my machine takes about 4 ms to compute the 1,000,001st Fibonacci number exactly

Maybe by classical he means naive, in that case: doesn't it ever get tired to pick as an example an algorithm that will be optimized away by any half-decent compiler?

8
jmount 4 hours ago 0 replies      
More good ideas in this direction: Hashlife http://en.wikipedia.org/wiki/Hashlife
9
crb002 5 hours ago 0 replies      
I believe this technique is by Valiant?

Leslie G. Valiant: General Context-Free Recognition in Less than Cubic Time. J. Comput. Syst. Sci. 10(2): 308-315 (1975)

10
The Death of Agile [video]
69 points by StylifyYourBlog  11 hours ago   32 comments top 11
1
slowmovintarget 3 hours ago 2 replies      
Now if we can just get management to sit down and watch this...

I keep watching Cargo Cult "Agile" turn every project into a galley, developers at the oars with the scrum master merely manning the drum and shouting "row!" Two lashes for failing to update your task in the system, no matter that the work got done...

We really need to get back to the real measure of working software instead of "are we going to have a demo or not?"

2
Toine 1 hour ago 3 replies      
I'm really surprised by this video.

I'm a junior developer who just got out of college. I knew the software industry isn't as mature as some other industries, but I kinda thought as a whole we were moving towards a more professionnal, more robust, less amateur industry.

This guy, if I heard correctly, participated in writing the Agile manifesto, which is basically software's 10 commandements written by the Agile gods. In this talk, he basically says :"Yea actually we were kinda wrong, you shouldn't listen to anyone telling you to do anything, just run free in the jungle and you'll be fine."

So after all those years of trying to find a solution to how to do software correctly, this is his answer? Why would you say something like that?

How do you teach people then? Where can i learn how to do my job correctly? The 4 steps he give cannot be taken seriously...can you imagine medical students being taught "yea just try something and see what happens, hopefully your patient doesn't die and you'll learn something for the next patient."

3
guiomie 13 minutes ago 0 replies      
I keep hearing the word "agile" from vendors, consultants and non-software related stakeholders at my work (a telco). For me it is a buzzword, thus I have been quite reluctant toward it.

Seeing also one of the original authors thinking so, means I'll stay even more away, and perhaps take people using the word with skepticism.

4
wavefunction 38 minutes ago 0 replies      
Pair programming is not part of "agile," it's "extreme programming." I don't see a lot of value from regular or formally instituted pair programming sessions. You're also only supposed to have one "standup" a day under "SCRUM/Agile."

Agile is all about autonomy of the team over what you're describing, which is a mish-mash of a lot of different strategies.

5
pmoriarty 1 hour ago 1 reply      
I'd like to show this to my company, but I'm afraid I'll offend coworkers who make their money at the company "doing Agile" and I'll get lynched, not to mention fired.
6
threepipeproblm 9 hours ago 2 replies      
I really enjoyed this.

One detail that stuck out at me is that after Thomas makes the claim that the single metric that matters in software is how easy it is to change, he moves on to show a balancing robot.

Now he doesn't directly connect those concepts, instead he talks about the PID algorithm. But what struck me is that Moshe Feldenkrais defined good posture almost exactly in the same way that Thomas defines good software, although he is talking about humans rather than robots. Specifically, Feldenkrais says that good posture in a given context is that which makes it easiest to move into the next desired position (or a spectrum of potentially desirable next positions).

7
mathieuh 54 minutes ago 1 reply      
I'm in university at the moment and we're learning about Agile. Next year I've managed to get a year long placement with a big local software company and their interview and technical assessment mentioned Agile loads. The year after that, I have half a module (worth 8% of that year's available marks) based solely on Agile. I've also attended talks by big names like Citigroup and also local startups which were almost entirely about using Agile.

So is it in fact the case that in The Real World Agile is starting to go out of favour?

8
capkutay 1 hour ago 1 reply      
Not to sound lazy, but I'd like to make a humble request for a TL;DR? I can skim long papers, but you can't do that for long videos!
9
rebelshrug 1 hour ago 0 replies      
Not everything about agile software development is bad. Planning poker is a great team exercise if you replace the planning part with a deck of playing cards, poker chips and beer.
10
tunesmith 2 hours ago 2 replies      
For those that are allergic to snark like me, skip the first fifteen minutes - it doesn't start getting constructive until then.
11
pmoriarty 2 hours ago 1 reply      
Anyone have a direct link to the video?

I'd like to watch it, but it requires me to run some Flash plugin, which I'd like to avoid.

11
At Facebook, Boss Is a Dirty Word
15 points by prostoalex  5 hours ago   9 comments top 4
1
j_baker 11 minutes ago 0 replies      
Like similar abstractions, participation is an empty goal unless it is gauged in relation to the job to be done. It is a means, not an end, and when treated as an end, it can become more repressive than the unadorned authoritarianism it is supposed to replace No one wants to see the old authoritarian return, but at least it could be said of him what he wanted primarily from you was your sweat. The new man wants your soul.

William Whyte, The Organization Man, 1956

2
dep_b 6 minutes ago 0 replies      
At Hacker News, Paywall is a Dirty Word
3
joncp 38 minutes ago 1 reply      
Most telling line: After seven or eight years or 10 years, youre done, youre burned out, you get replaced...

So it's just another Silicon Valley meat grinder. They just grind the meat a little differently.

4
rhgraysonii 54 minutes ago 3 replies      
Anyone have a non-paywall link?
12
Roadster 3.0
107 points by cpwright  4 hours ago   56 comments top 8
1
kenrikm 4 hours ago 3 replies      
If Tesla continues to follow this route it will have lasting implications for the automotive industry. Instead of replacing" your car every 5-10 years you can "Upgrade" keeping existing chassis but replacing enough to make it "Like New" (Refurb vs Replace) Automakers sell a completely new car just to make a few thousand dollars every 5-10 years and that's only if the customer stays loyal (Also why some car companies have loyalty incentives) in this case Tesla can still make that income and the customer is locked in as a bonus this will help to keep resale values high since there will be less cars on the market because owners upgrade instead of selling.

Now more then ever I wish I bought Tesla stock before it went through the roof.

2
beltex 4 hours ago 1 reply      
"Should mention that a battery pack upgrade is not coming soon for the Model S, but it obviously will happen long-term."

https://twitter.com/elonmusk/status/548269323681529856

3
ktzar 21 minutes ago 0 replies      
It'd be awesome to get the old batteries adapted to be used in off-grid homes, where they could be of great use.
4
xasos 4 hours ago 1 reply      
>Roadster upgrade will enable non-stop travel from LA to SF -- almost 400 mile range. Details tmrw. Merry Christmas! (https://twitter.com/elonmusk/status/548269323681529856)

I think this is super awesome. The fact that range is up from 265 miles to 400 is a great accomplishment. I look forward to seeing what the Tesla team will be doing in the upcoming years.

5
spodek 4 hours ago 1 reply      
Someone somewhere is reacting with "We must further prevent them from selling in our state!"

Actually, probably fifty people like that. Or rather organizations.

And they'll work as hard as they can to keep this from consumers.

6
sz4kerto 4 hours ago 4 replies      
"The original Roadster had a drag coefficient (Cd) of 0.36. Using modern computational methods we expect to make a 15% improvement, dropping the total Cd down to 0.31 with a retrofit aero kit."

I wonder how's this going to affect the generated downforce (=> and, as a consequence, the aerodynamic grip). Cd for a F1 car is around 1.

7
finid 4 hours ago 4 replies      
> ... we can achieve a predicted 40-50% improvement on range between the original Roadster and Roadster 3.0. There is a set of speeds and driving conditions where we can confidently drive the Roadster 3.0 over 400 miles.

That has been the range where I'll even begin to consider a car of that sort. I'm seriously rooting for Tesla.

8
NDizzle 3 hours ago 2 replies      
I wouldn't think that a roadster is the correct vehicle for LRR tires. I had them on my 1st gen Insight and they are terrible, terrible things from a performance point of view.
13
The Bug Nobody Is Allowed to Understand
79 points by lisper  5 hours ago   24 comments top 6
1
kcorbitt 3 hours ago 3 replies      
If multiple proprietary software packages are talking to each other at all, there must be either an implicit or explicit specification they're talking over. And if that interaction is broken, that implies that either (1) the spec is ambiguous/wrong or (2) one or both parties are implementing the spec wrongly.

It seems to me that engineers from the relevant companies ought to be able to get together, talk over the problem and figure out which of those is the case, even if they're not looking at the same source code.

In any case, a well-defined spec/API is critical to effective integrations between pieces of software maintained by different teams, even if both components are open source.

2
sgentle 3 hours ago 2 replies      
Yes and no. I think Stallman is right in that it's important to realise the relationships between components are often a bigger and more pernicious source of bugs than the components themselves. It's not a problem when you can pretend the components are actually one single component, which is obviously not possible with service architectures or proprietary code.

I'd expand that to say there's a kind of CAP theorem analogue for code, where if you want it to be sufficiently modular (partition-tolerant) you'll need to either sacrifice availability (before you know if it works you have to check its interaction with every other module) or consistency (you write code assuming the other modules work the way you expect and maybe they don't)

Unfortunately, beyond that core idea this article is just sort of befuddled. It is possible to understand the behaviour of a component without seeing its code (contracts, APIs, specs and tests are all examples of doing this). Further, it's a problem not at all specific to proprietary software. Even if you have access to every line of code ever written you're still not going to be able to understand the million interactions that could exist between all the things currently running on your computer in their various languages, frameworks, architectures and programming styles. And, to the extent that you can, it's probably not a very good use of your time compared with just emailing whoever wrote it and saying "hey, your software's not doing what I think it should do".

3
cmdkeen 3 hours ago 2 replies      
The Guardian like to run these stories about how terrible competition is without acknowledging that no other system in reality actually fixes the problem, no-one is actually ruled by philosopher kings. IT security is notoriously bad in many governmental areas, non-profits, universities etc as Manning showed us. The Soviet Union after all gave us the Stakhanovite movement.

The difference is that in a competitive environment you get creative destruction, where things that go wrong benefit competitors who then learn from the problem. Yes there are all sorts of problems when banks become too big to fail, it's far worse when there is only one bank.

Competition is an amazing thing - this salesman who moaned who the Guardian has an opportunity to start selling better encryption software, disaster planning and testing consultancy services, virtualisation software or toolkits that stop random people messing with production server they don't understand.

4
geographomics 56 minutes ago 0 replies      
One doesn't need access to source code to fix bugs. However, it does make it a great deal easier, and saves time that would otherwise be wasted reverse engineering the system to understand exactly what is going on. But it's not a necessity.
5
yourad_io 2 hours ago 1 reply      
Are we discussing this[1] or did I somehow get lost?

> Then he tries to copy the contents back, which is impossible with encrypted files and this is how he discovers what he's done [...]

facepalm

> To unlock the encryption you need special keys, which are stored in one central place [...] They went through the system and thank God, the switches had not yet been reset, meaning the keys could be retrieved

Thankfully, God duplicated the keys onto... switches?

After a while, my eyes rolled too much and I stopped for fear of epilepsy.

[1] http://www.theguardian.com/commentisfree/joris-luyendijk-ban...

6
lotsofmangos 3 hours ago 3 replies      
After reading the linked article, I am thinking of writing a bash script called 'lookBusy' that makes a machine look as though it is doing vital work.

This can then can be run on any machines that are idling but important, to reduce the chance of idiots appropriating them.

14
Capsela, the game that changed my life
276 points by jfroma  19 hours ago   85 comments top 42
1
keenerd 9 hours ago 2 replies      
> In this vide you can see even a remote control that I never had. I read also in wikipedia that there was a model with an interface to Commodore 64, a Lego Mindstorms predecessor!

Lego Logo predated Capsela and was mostly inspired from Seymour Papert's 1980 book, Mindstorms. It ran on an Apple II through a special daughtercard and was amazing.

I got to play with Capsela as well, but only ever the basic kit without any expansions. Mostly because of the astronomical price of the parts. I wouldn't be surprised if there is someone with a 3D printer trying to design a printable modular motorized construction kit.

2
kalleboo 6 hours ago 0 replies      
The toys I remember best from my childhood were all the building toys - LEGO, Capsela, k'nex, and this one where you built towers with beams and blew them up with a timed bomb. I had cars and action figures and such as well but can't really picture them and remember as well as the construction toys.
3
GuiA 15 hours ago 7 replies      
I remember these, they were semi-popular in France when I was growing up in the 90s. Sadly Santa Claus never brought them to me :(

Similarly engaging toys:

Meccano (http://en.wikipedia.org/wiki/Meccano), a French brand of metal rods, plates, gears, etc. that you can assemble together to form functioning small scale models (usually of vehicles). E.g.: http://upload.wikimedia.org/wikipedia/commons/f/f4/Meccano_0...

K'nex (http://en.wikipedia.org/wiki/K%27Nex), my personal favorite as a child- rods and plastic connectors that you can use to build vehicles, small scale models, toy guns, etc. I really liked them a a kid because while LEGO are more about building static dioramas/models, K'nex is more about building dynamic/usable contraptions. For example they had really cool kits to make solar powered robots that would crawl around and were very easy to modify; unfortunately these days they seem to be more focused on branded content (e.g. Mario Kart, Angry Birds).

Logiblocs (http://www.logiblocs.com), plastic blocks from the UK with electronic components encased in plastic that are easy to plug together, allowing kids to assemble projects such as alarms or a basic voice recorder. E.g.: http://www.logiblocs.com/images/understanding_spytech.gif . Their website seems to be stuck in the 90s :)

Littlebits (http://littlebits.cc), in a way a modern reinterpretation of Logiblocs - electronic components that snap together using magnets, sold as kits.

And of course Lego, but no need to talk about these :) Although the LEGO Mindstorms series should get a special shoutout.

Those are all the ones I can think of, but I'm sure other HNers will have contributions. I wonder if there's room to do a construction toy these days, given LEGO's titanic market and mindshare. I was very excited about Goldie Blox recently, but I thought it fell kind of flat - their models aren't very extensible/modifiable in the way that LEGO or K'nex or Capsela are.

4
facepalm 4 hours ago 1 reply      
It looks very interesting.

I just want to mention "Fishertechnik" as another alternative to Lego. Not sure how common it is in the US, but it seems to be available on Amazon: http://www.amazon.com/s/ref=nb_sb_ss_c_0_10/191-8762533-9514...

As a kid I enjoyed it much more than Lego. It is more about gears and motors, and back then there were also specialized kits about electronics, pneumatics and robotics.

5
smanuel 12 hours ago 2 replies      
Fortunately Capsela is still alive:

http://www.captoy.eu/toys/iq-key-and-capsela-358/

6
slashnull 4 hours ago 0 replies      
I had Legos, K'nex, Meccano, a lot of Legos, Capsellas, lose PVC pipes I screwed around with in the bath, some roller coaster ball thing I forgot the name of, two spaceship things featured in Lego mag, and probably another modular toy system I forgot about.

Capsela was really cool, but I mostly remember that the tolerances or the connectors were loose enough that some didn't connect properly, and some other just stuck together forever.

And now I program.

Correlation not causation, but...

7
bane 7 hours ago 0 replies      
Oh gosh, I think I had a Capsela set. I didn't recognize the name but the pictures brought back a nostalgia wave.

I don't think I ever got into them in the same way I got into tinker toys or lego though.

8
DaveSapien 14 hours ago 0 replies      
This was brought into my school when I Was 7 or 8 for an afternoon.

Working with my classmates, it was the first time I didn't feel like an idiot. I just simply 'go it' and knew how it worked.

I was quite let down when they took it away, and fobbed me off with an excuse that I can't remember now.

It would take me over a decade to find that part of me, but we got there in the end.

Thanks for the reminder (and the name) of this great toy.

9
bullman 4 hours ago 1 reply      
Curious - Is calling a building toy a "game" a regional dialect thing, like soda vs pop? I have never heard of Legos, K'nex, Tinkertoys, etc. referred to as "games" before.
10
JunkDNA 3 hours ago 0 replies      
LOVED these as a kid. I loved building all sorts of fans and paddleboat things. Only bummer was that my mom who knew jack about electronics was hyper-paranoid that I was going to electrocute myself playing with them in water. I used to sneak them into the bathroom and put them in the sink behind her back.
11
nilsbunger 3 hours ago 0 replies      
I tried to create a perpetual motion machine out of Capsela when I was 9 by connecting a propeller to the wheels, so the propeller turns when the wheels move. I was really puzzled when it didn't work! But I still remember that machine clearly 30 years later.
12
dharma1 5 hours ago 0 replies      
I had this when I was a kid. Stuck the wires into a mains socket once, sent sparks flying, blew a fuse and probably closely escaped electrocuting myself. Oh well, lesson learned about 230v AC at an early age.

And yes they were ace. What's the modern equivalent for a 5 year old? Maybe something with a robotics spin?

13
tlrobinson 6 hours ago 1 reply      
I remember being upset my parents wouldn't buy me video games or action figures like GI Joe, Ghostbusters, Teenage Mutant Ninja Turtles and whatnot, but looking back I'm really glad they bought me LEGO, Meccano, Capsella, etc instead.

I know LEGO still exists of course (despite LEGO's focus on movie tie-ins, Technic and Mindstorms still seem like good products) but are there other similar newer products worth considering?

14
gdubs 6 hours ago 1 reply      
Wow, so _this_ is what this toy was. I got several non-working pieces from a yard sale when I was in 5th grade, and had no idea what to make of it -- other than it lookedseriously cool. Since it was non-functional, the pieces mainly became incorporated into Lego play-time.

Really neat to see the full extent of the product.

15
xorcist 13 hours ago 1 reply      
Not Icelandic, Swedish!

Anyway, I too had one of these and what I loved most was that you could build boats with propellers.

16
gregrata 5 hours ago 0 replies      
It was discontinued, but looks to be available again here (old parts or comparable with new)

http://www.iqkey.jp/

17
warble 4 hours ago 0 replies      
I had this too. Great stuff. I'll have to see if I can get one for my kid. She's digging lego's right now.
18
JonRB 5 hours ago 0 replies      
I had Capsela (I, for whatever reason have always called it Capseula) as a child, too. Some of it was donated to me by a neighbour and some was purchased. That, along with Lego and knex made up my 'constructive' learning. I also had logiblocks, which allow you to build basic circuits, and I was very fond of them indeed.

Thank you for this flashback.

19
apricot 5 hours ago 0 replies      
Oh my god. Those manual scans gave me a serious case of the flashbacks. I must have spent hours reading it when I was in grade school.
20
evantahler 6 hours ago 0 replies      
I remember these fondly! I also remember overflowing the bathtub in the name of science more then once with those water modules.

So what's the equivalent toy these days?

21
StephenFalken 5 hours ago 0 replies      
Back in 1994, this LEGO Technic set [1] impressed me beyond anything else related to toys until and after that time.

[1] http://www.leg-technic.hu/images/sets/6/lego-8880-super-car....

22
naner 4 hours ago 0 replies      
I also had these when I was a kid (and Legos, K'Nex, Erector sets, model car kits, etc).

These didn't have as much of an impact on me as some of the other toys. There isn't really as much flexibility as there is with sets like Legos or K'Nex.

23
davidw 13 hours ago 0 replies      
I just spent the past hour playing with a capsela clone that we got our daughter for Christmas :-) I had these as a kid too, although the legos were better in some ways: less prone to destruction and more "abstract" in tht you could create anything you could imagine.

http://iq-key.com is the manufacturer.

24
Htsthbjig 13 hours ago 0 replies      
This is the great thing about 3d printers, as Linus Towards said:"if I had one of these (3d printers) when I was a kid, I would have done amazing crazy things".

We teach little kids basic freecad, openscad design and give them communal access to the printers too.

Some of them are really great designers. It is amazing when they start thinking on their own.

25
danmaz74 14 hours ago 0 replies      
For me, it was Lego Technic that played the role that Capsela played for the OP. One of my fondest memory as a child was when I created a mechanically programmable excavator 3-joints arm by mixing ideas from some of the suggested models... I just wished that modern-day Lego didn't have so many specialized, single-use parts.
26
danellis 14 hours ago 0 replies      
Wow, I had this too. Thanks for the nostalgia trip! I loved this way more than Meccano, but not as much as Lego.
27
hartror 14 hours ago 0 replies      
I wanted one of these so bad when I was a kid. I did have a couple of these awesome science/engineering type of toys, as well as a load of lego.

The one that stands out in my mind still was a little solar steam "engine". Once heated by the sun would draw water through it with a loud "putt putt putt" sound.

28
snarfy 8 hours ago 1 reply      
I had the big kit. It was one of the most awesome toys. I looked into buying one again but there seem to be a lot of poor reviews of the newer versions. They don't make them like they used to, and the old versions are pricey retro items. I thought about 3D printing something similar, but for the amount of time involved it's worth it to buy the real thing.
29
tricolon 5 hours ago 0 replies      
For some reason, I used to play with some non-functioning Capsela capsules along with my Lego sets. Thanks for writing this; I didn't know what they were called.
30
KillerRAK 6 hours ago 0 replies      
Absolutely LOVED Capsela! Eventually, I started applying a lot of the modularity concepts to my Lego Technic projects by recreating the gearing sets and interconnects in Lego. Great stuff!
31
jcromartie 7 hours ago 0 replies      
I just found a completely new, unused (things are still in plastic baggies) Capsela 400 box at the thrift store. This is one seriously great toy. I don't know whether to let my daughter play with it or sell it on eBay...
32
kennywinker 14 hours ago 1 reply      
I also had this toy!

Another lesson applicable to coding that this toy taught me was about the basics of standards, compatibility, and lock in. I believe I only had single set of Capsela, and no matter how hard I tried I couldn't get them to satisfyingly inter-operate with lego, mechano, or any other building-toys. Getting more was a non-starter (pre-internet). My dad had brought it back from a business trip to SF where he visited FAO Schwarz, and I'm not even sure they sold other sets.

33
mergy 6 hours ago 0 replies      
Geez. I want to say this is 1985. I had a bunch of Capsela kits. I really loved them. Thanks for bringing back some wonderful memories.
34
richardw 13 hours ago 0 replies      
Loved this in the 80's. Wonderful thing about this toy is that it was very accessible, you could do something fun in one or two capsules and grow from there. No need to build an entire model before something works. Adding e.g. gears took seconds, which gave a very intuitive feel for the mechanics.

Lego, Meccano, Capsela. Great childhood memories :)

35
dapatil 6 hours ago 0 replies      
This brings back happy memories. I had a few of these growing up in India. Definitely the best toys I had!
36
dybskiy 14 hours ago 0 replies      
Oh wow, thanks for some nostalgia! I grew up in Ukraine and played with this :). It wasn't exactly the most reliable thing (like lego bricks are, for example), but definitely fun memories!
37
XorNot 13 hours ago 0 replies      
Man I had one of these when I was a kid! It was great!

A trip down memory lane when I was looking for my old Legos and found this (well part of it) in the box as well.

38
oconnor0 6 hours ago 0 replies      
I knew that name sounded familiar.
39
nmb 13 hours ago 0 replies      
Thanks, I'd completely forgotten I had this as a kid until just now.
40
davidgerard 12 hours ago 0 replies      
My school had this in the late '70s! It was fantastic fun!
41
fit2rule 12 hours ago 1 reply      
For me it was Capsela and Gakken Denshi Blocks:

http://en.wikipedia.org/wiki/Gakken_EX-System

Denshi blocks were one of the most significant educational toys that I had as a kid growing up in the 70's and 80's, and many an afternoon was spent with my Space 1999 Eagle model, a Capsela "moon base", and me "inside with the computer" (Denshi blocks) commanding 'the system'. Ah, to return to those halcyon days when modular toy systems gave my systems-management skills a sharper edge. ;)

42
biomimic 12 hours ago 0 replies      
I used to have this set.
15
The Shawshank Residuals
54 points by yarapavan  9 hours ago   4 comments top 3
1
anigbrowl 9 minutes ago 0 replies      
"Shawshank" was an underwhelming box-office performer when it hit theaters 20 years ago

This is something to bear in mind when advocating shorter copyright terms or arguing that the market will establish the 'right' price for some piece of IP. Studios cross-subsidize pictures all the time as a matter of fiscal necessity. While Shawshank has proved to be a very reliable money-spinner and secondary & tertiary market rentals thus subsidize lesser films, in turn it is because of the residual income from other films that films such as Shawshank get made and have theatrical releases. Packaging films in the distribution cycle is a risk mitigation strategy: if every film had to be the subject of an individual deal then fewer and more (aesthestically) conservative films would get made, because neither producers' expectations nor release audiences are good guides to the long-term performance of a film. The same is true in many fields of the arts. Insistence on equating the commercial of cultural products with artistic merit promotes the lowest common denominator of whatever performs best in the initial release window, and 'whatever performs best' is typically a function of the marketing budget, which these days makes up about 50% of a film's headline cost.

2
diego_moita 4 hours ago 0 replies      
Shawshank Redemption is one of the most "American" of all movies, the movie Frank Capra allways wanted to make but never did.

When I first saw this movie, in theaters, in 1995 I found it highly enjoyable, with a narrative very well built, but certainly not a classic. It is very conventional and I didn't see anything revealing or innovative about it.

Now I understand that its virtues are exactly its conventionalism. Its message is the same belief that drags people to churches and self help books: "preserve and you will prevail". The storytelling is perfect: a slow and steady stream of setbacks until a liberating end. It has a Morgan Freeman voice over, what can be more reassuring than this? That voice is so reliable that the man played the role God more than one time and Nelson Mandela.

Whenever you're unsure, confused and insecure about what you think or believe "Shawshank Redemption" is the most reassuring and comforting of all movies. Not even Frank Capra could do better.

3
pp19dd 10 minutes ago 1 reply      
> Mr. [Stephen] King never cashed the $5,000 check Mr. Darabont sent him for the right to turn his story into a movie. Years after "Shawshank" came out, the author got the check framed and mailed it back to the director with a note inscribed: "In case you ever need bail money. Love, Steve."

That's ... incredible.

16
Doctors Revive and Transplant Hearts That Have Already Stopped Beating
7 points by lelf  3 hours ago   discuss
17
Programming a Bot to Play the Sushi Go Round Flash Game
17 points by luu  7 hours ago   1 comment top
1
jpdus 2 hours ago 0 replies      
Can't find the original submission but the source[1] was already on HN 3 years ago.

[1]http://code.tutsplus.com/tutorials/how-to-build-a-python-bot...

18
A virtual machine in Excel
56 points by ColinWright  9 hours ago   6 comments top 2
1
userbinator 5 hours ago 2 replies      
There's a well-known technique for solving certain types of equations by making use of circular references, and people have simulated digital logic too (e.g. http://mypage.uniserve.ca/~jeffsch/writing/SimPage.html and http://makeyourownchip.tripod.com/flipflop_simulator.html ), but this is something even more ambitious. I wonder if this virtual machine could be driven by using a circular reference as an "oscillator" ( http://en.wikipedia.org/wiki/Ring_oscillator ) to increment a counter, and use that to fetch and execute instructions... the amount of actual functionality needed to implement a rudimentary CPU is surprisingly small.

The actual system a spreadsheet would best simulate is known as a "systolic array": http://en.wikipedia.org/wiki/Systolic_array

I don't know if it's something to do with culture but for some reason I see far more of this "lateral thinking" and clever creative solutions coming out of Europe and in particular East Europe and Russia than North America - look at the demoscene, for example.

2
sz4kerto 4 hours ago 1 reply      
It is quite fascinating that the localized Excel function names do not have some kind of internal reference/ID so a spreadsheet's language could simply be set by the user.
19
Not invented here syndrome is not unique to the IT world (2013)
54 points by matt_d  10 hours ago   13 comments top 11
1
thesz 3 hours ago 0 replies      
Chinese wheelbarrow optimized for different operations than European one.

First, you have to lift load higher for Chinese wheelbarrow. Second, you have to be more careful with Chinese one, because overloading of wrong end will dump all load to ground. Probably, one man loads it while another man carries.

It looks like Chinese wheelbarrow is optimized for one scenario (separate loader and operator) and European one for another (same loader and operator).

Also, you can drag European wheelbarrow instead of pushing it. This way you get rid of many difficulties in operation. We did that when I was young and had less power and worked in gardens and/or construction.

To conclude, author does not distinguish between different use cases for seemingly same instrument (e.g. BerkeleyDB and SQLite) and he does not apply enough reasoning against his own argument, just to be fair.

What many consider NIH is often deliberately optimized choice for some specific and important use case.

2
fishnchips 3 hours ago 0 replies      
I know that this is an unpopular opinion but I've seen numerous cases where NIH is the optimal approach. I worked in a large company that insisted on using open source everywhere they could. Except that making all of that zoo work with a a single {build,logging,monitoring} system was a major PITA and so folks often cut corners turning large parts of crucial systems into black boxes. Also, some of the open-source stuff used was of suboptimal quality to say the least and so the company was forced to start maintaining a whole bunch of projects that no one else cared about. And if something stopped working there was hardly anyone who understood how exactly a FOSS project X or Y works and so countless hours were spent on digging through proverbial mud.
3
dasil003 5 hours ago 0 replies      
Great story and great article touching on many of the problems affecting the healthcare.gov website. I don't disagree with any of the details, but I can't really get behind the idea that NIH plays a significant role in the failures.

You can probably dig into the project and pick out thousands or tens of thousands of objective mistakes that someone somewhere is capable of diagnosing and proposing a better solution. And on the same token you can probably do that same for good decisions which someone somewhere thinks would have thought they knew better and attempted to fix what wasn't broken.

This is just the nature of large projects, and well understood in such literature as The Mythical Man Month. And I would submit that it's not technology projects per se, but rather the unforgiving literalness of computer systems that throws the overall systemic failure into stark relief.

As the scope and required knowledge of a project increases, the communication overhead increases non-linearly. Not only must thousands of leaders at every level have access to the right information and make good decisions, they in effect act as a distributed system to specify the technical implementation. It will be extremely difficult, if not impossible for all the subordinates to filter the information correctly such that the people at the very top have exactly the right information to make the best decisions.

The reason a couple college kids end up creating something more impressive is because they have the freedom to ignore intractable problems. If you threw Larry and Sergey at this type of problem they would be nobodies today because there's nothing you can do against that wall of legislation. The legal code is like computer code that is never subject to performance benchmarks, the people who touch it (legislators, judges, lawyers) are all well paid and have exactly zero incentive to make it efficient. It's tragic because there are no doubt places where 8-figures could be shaved off the budget if the implementers had channels to the legislators to raise issues that make the system intractable, but unfortunately the legal requirements are done in a too-big-to-fail waterfall fashion where the hopes of ever simplifying the system are slim to none.

4
jrochkind1 6 hours ago 0 replies      
This is good, and perhaps less about "not invented here" then about trying to solve social/organizational/human problems with blind application of technology:

> mindlessly replacing human labor with technology instead of solving the actual problem.

5
ruricolist 3 hours ago 0 replies      
About wheelbarrows: the Western wheelbarrow isn't unoptimized, it's just optimized for a different purpose: loading instead of moving. Having the wheel at the front allows for a deep body with low sides, which makes it easier to fill (and empty) the wheelbarrow with a shovel.
6
qwerta 5 hours ago 1 reply      
European wheelbarrow has lower center of gravity, it is easier to balance and handles rougher terrain, it is mainly used on construction sites. To transport cargo we use 2 or 4 wheels :-)

And I think HealthCare.gov was very successful. Its purpose is not to build website, but employ large number of people and make a few people rich.

7
Htsthbjig 2 hours ago 0 replies      
"...where the Next Big Thing has been a seemingly infinite sequence of concepts such as high-level languages, structured programming, relational databases, SQL, fourth-generation languages, object-oriented programming, agile methodologies, and so on ad nauseam. I think it is fair to say that none of these technologies has made any significant difference in the success/failure ratio of IT projects"

Those are amazing tools when used correctly, but they don't work on their own. They need people that knows how to use them.

In a big project you need a good design or all the structure falls down.

Nothing to do with NIH. More to do with how bad politicians are at choosing who is best suited to carry a project.

They are mostly lawyers that prefer someone who gives a great presentation than an expert on the field. Smooth talkers who say yes to design by committee, mostly because they are not the ones who work on it, get the projects.

Imagine you were to judge Donald Knuth by their presentation skills(he stutters and use handwritten transparencies). That is what politicians do, because they don't know better.

Also politicians have a vested interest in expending as much as they can. Basically the more they spend, the more important they are, the more they earn, the more influence they have.

Chinese wheelbarrow is better suited for some things, but is worse for others. It is bigger and less stable, and splits the space in two, making harder to transport some objects.

8
anigbrowl 2 hours ago 0 replies      
Good article, but I feel he overlooked another problem; in any large organization (corporation as well as government) it's quite hard to deploy a minimal product and let it gain traction through organic growth. Small apps from startups can take off in the marketplace because early adopters are often willing to compromise on security or functionality or interoperability if a new toy or tool does one thing really well, and if the popularity of the new thing reaches critical mass then those other considerations get taken care of, thanks to a combination of the early revenue and the foreseeable future revenue.

But it's very hard to do that within an organization, whether governmental or private. Most organizations are hierarchical, so ground-up IT innovations tend to be politically unpopular to start with. But even if a company or agency has an open internal culture, letting part of the organization use some new tool risks sacrificing efficiency, by taking away resources from the existing platform in the short term, or security, by making informational resources available via the new platform without the existing access or audit protections.

9
exabrial 5 hours ago 0 replies      
Incredible read and a great analysis of the problems with the IT side of the Affordable Healthcare act. Unfortunately, the IT problems with the AHA were just the beginning. The terms are non-negotiable since they carry the weight of law. Agile boils down to having negotiable, discoverable requirements during the engineering process, which is basically the complete opposite.

The AHA was intentionally "overengineered" and unfortunately we're going to be stuck with the damage for a long time :/ The few good things that did come out of the AHA could have been passed in smaller separate bills, for instance, state health exchanges (Why hasn't this been done before?) ...But the point it seems was to drill something down our throats and serve special interests. In the end, not much has changed, yet somehow an incredible tax burden has been levied on the people of the USA :/

10
RRWagner 6 hours ago 0 replies      
This is a great article, not just about the Not Invented Here syndrome, but the efficacy of replacing humans with automation.

I'm very involved with educational technology, where there is indeed a lot of work to replace the "person at the front of the handbarrow" (the teacher) with "a wheel" (a computer). The proposed answer to that includes Khan Academy or other videos, and a variety of online and "app" education sources. It's an interesting effort, but this article is great at bringing back the metaphorical reflections about which you'd rather have when the cargo is a human (especially your child) in a stretcher vs. a load of rocks in a wheelbarrow.

Then again, just to play the other side of wheelbarrow scenario, replacing the other person at the front of the handbarrow with a gps-guided, obstacle-avoiding, all-terrain, path-to-destination optimized robotic motive unit, then we can just replace the human at the back with a wheel.

11
erikb 3 hours ago 0 replies      
I just want to add another factor that I don't see discussed here yet. That is an object like healthcare.gov is not just a website. It is a system. It influences the work of thousands of people, institutions, dozens of local governments, vastly different companies and people. All that doesn't mean it would be efficient, successful, or reasonable all together, but just that it's more than a website and organizing something of that size will cost a lot more money than a website of equal quality and end user value will cost for a new 5 people start-up without customers.
20
Researchers Advance 'Quantum Teleportation'
6 points by lelf  3 hours ago   1 comment top
1
hippich 30 minutes ago 0 replies      
Could someone point me to better explanation how this is teleportation if to restore state at destination, you need to send some information via fiber cable anyway? Aren't it more like encoding and decoding at destination?
21
The Surf Office Santa Cruz: Live and Work at the Beach
4 points by codam  50 minutes ago   discuss
22
Convex hull visualizations with D3
20 points by 1wheel  5 hours ago   discuss
23
Consensus in Bitcoin: One system, many models
16 points by randomwalker  5 hours ago   3 comments top 2
1
danbruc 2 hours ago 1 reply      
Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization?

For a certain set of scenarios probably but what if the goal of an attacker is, for example, the destruction of Bitcoin? I don't think you can capture motivation for such a scenario in a model that, as far as I understand it, is based on value maximization within the Bitcoin system. The negative effect of any action within the system can always be offset by some positive effect outside the system. So I don't think it is a good idea to decide what metric should be used to judge the behavior of actors if you want to analyze attacks.

2
kushti 2 hours ago 0 replies      
I hope following article will be more interesting, this one is kinda introduction, I guess.

We in Consensus Research( https://github.com/ConsensusResearch ) are study some consensus properties of proof-of-stake cryptocurrencies with executable models written in Haskell & Coq. Feedback from HN guys is highly welcomed!

24
When security goes right
306 points by cperciva  23 hours ago   86 comments top 13
1
chris_wot 19 hours ago 4 replies      
The first comment was:

"I don't see why this was a security problem in the first place. No personally identifiable data was disclosed. What does it matter if you can view anonymous traffic graphs from other customers?"

I hate it when people say this sort of thing. That just indicates they can't see a potential exploit, not that it won't be one potential aspect of an attack. Honestly, attackers - regardless of their morality - will tend to look at things from a viewpoint others haven't imagined. It's best to give them as few avenues as possible.

2
patio11 19 hours ago 2 replies      
As mentioned, a great five minute project for when you get back to work after the holiday is adding a /security page to any website you control which handles user data. All it needs is a monitored inbox, a promise to get back to security researchers, and a PGP key.

If you want to make it a 15 minute project, write a bit of customer-facing "We take your security seriously. That's why we encrypt all data with bank-grade security..." copy above or adjacent to the researcher-focused payload.

Good examples (I picked their disclosure pages rather than the security marketing pages) include:

https://basecamp.com/security/responsehttps://www.twilio.com/docs/security/disclosure

3
jacquesm 21 hours ago 4 replies      
Merry Christmas Colin! Nice to see this worked out. I'm confused as to why you're surprised they had working whois contacts, most real businesses do, it's usually the scammers, the spammers and people that are up to no good that use whois privacy, rarely you see that used for someone who genuinely needs some protection.

If a company uses whois privacy I don't do business with them as a rule.

4
noonespecial 21 hours ago 2 replies      
Granted that this is Canada so is a bit different from where I live, I personally would still at this point fear malicious prosecution just enough that I would not have taken action. That's a little sad all by itself.

Hats off to Colin for the (brave) good deed.

5
wtbob 19 hours ago 2 replies      
Why not just store each user's information in a file whose name is based on HMAC(some secret, user's account number)? That should be secure against enumeration attacks.
6
mnarayan01 2 hours ago 1 reply      

  Use a cron job to delete all the generated graphs every minute.
That doesn't strike me as all that great of a solution, since (at least naively) this is going to result in a small (but presumably non-trivial) number of 404s on initial load.

I guess if it's just a stopgap until a better solution could be implemented then it's fine.

7
protomyth 20 hours ago 1 reply      
"First, they were using widely used open source code; if I hadn't been familiar with it, I wouldn't have noticed the problem. Bad guys will always dig deeper than unpaid good guys; so if you're going to benefit from having many eyeballs looking at what you're doing, it's much better if your bugs are shallow."

That is a really interesting reason to go with the popular open source solution. I guess I don't always follow that advice, but I wonder why I didn't think of it as a security decision.

8
click170 21 hours ago 2 replies      
Novus is great, they offer some of the highest speeds available in the areas that you can get access.

My biggest gripe with Novus (besides limited coverage) is they have no unlimited bandwidth offering like my current provider has. Despite that, I'm still considering switching to them for those awesome upload speeds. In light of this, I'm probably going to sign up.

Last I heard, when you went over your bandwidth limit with Novus they cut you off to prevent overages. I really liked this because you have the freedom to call them and confirm that you're fine with additional charges and they'll immediately reconnect you, but I'm curious about if they still do this. Any current customers able to clarify?

9
fubarred 15 hours ago 0 replies      
Re: whois.

There's a need for extremely private registrations that still have a feedback channel. A guy I know has such a registrar, but I doubt there's any means of contacting any site's operator for technical, legal or other matters. (The whois postal address always lists somewhere Europe, but there's absolutely no published details. So it's a registrar that's about as private as allowable.)

10
danieltillett 19 hours ago 2 replies      
My only concern here is how quickly support was making changes to production code. Should changes like this be made to a functioning system within 10 minutes of getting a verbal bug report?
11
fubarred 15 hours ago 1 reply      
Don't have a screen capture, but several insightful comments on the blog disappeared. Wtf?
12
chubot 15 hours ago 1 reply      
A short time later they started checking Referer headers; but as I pointed out to them, sending a fake Referer header is easy, so that only helps against the most careless attackers. I suggested several options for solving this, and they chose the simplest: Use a cron job to delete all the generated graphs every minute.

If I'm understanding correctly, I think this problem can be elegantly solved with Macaroons: http://research.google.com/pubs/pub41892.html

And it's relatively common issue with auth on the web. I think Facebook has (or had) this problem too. You can generally right click and "copy link" to get a .jpg URL, and send around people's pictures without any auth.

Basically the problem is when there are two web servers, a "dynamic" one with auth, and a static one that serves images. The static one is often a CDN.

Macaroons are basically a simple technique for decentralized auth, involving HMAC chaining. In this setting, the static server would first give the dynamic server a macaroon M authorizing ALL pictures.

At serving time, the dynamic server authorizes the user for a particular request. That request will have an <img src="acct123.jpg"> link. The dynamic server will take the macaroon M, and add a CAVEAT that the file must be "acct123.jpg", yielding Macaroon M2.

The client gets the restricted macaroon M2 with the HTML, and sends it back to the static server to retrieve the .jpg. The server can 1) verify that M2 is derived from the original M, and 2) read the caveat from the dynamic server, proving that the user was authorized for the image acct123.jpg (and only that image). The HMAC chain is constructed so that the client can't remove the caveat and get access to all pictures.

Basically what happened is that the static server DELEGATED auth logic for its resources to the dynamic server. In figure 2 of the paper, the static server would be TS (target service), and the dynamic server is IS (intermediate service).

The static server still needs extra code for Macaroons, which existing CDNs and static servers don't currently have. It would be cool to have an Nginx plugin that does this. But the key point is that it is preserving the original intention behind the static/dynamic split: performance.

In less performance sensitive context, you would have a web server perform custom auth logic, and then just read() the static file from disk and serve it over HTTP. This is likely to be many times slower than say Nginx. With the Macaroons, you can authorize ONCE in the dynamic server, and then PROVE to the static server that the auth decision was made. So all the .jpg requests can be fast and only hit the static server. The HMAC calculations are just hashing so they are cheap. It is symmetric crypto, with the shared HMAC secret.

The paper has some other use cases and is definitely worth a read. I'm thinking about using this technique for a project. I'm interested in opinions from crypto/security folks.

13
xupijack 16 hours ago 0 replies      
really insteresting
26
Images of Math
51 points by amathstudent  9 hours ago   14 comments top 7
1
tehaugmenter 1 hour ago 0 replies      
The formula: (x y) = z(x + y)

Made me dig up this old guy: https://www.google.com/search?q=5+%2B+(-sqrt(1-x%5E2-(y-abs(...

2
robinhoodexe 6 hours ago 0 replies      
Suggestion: allow us to use left/right button to navigate.
3
Retra 2 hours ago 1 reply      
http://images-of-math.tumblr.com/post/105433933328/the-goal-...

This is a game? It takes maybe 2 seconds to find a solution on this thing.

4
oliv__ 8 hours ago 1 reply      
I like how it only goes article by article, it brings more focus and attention to these short posts and leaves more space for the mind to wander.
5
jordigh 8 hours ago 2 replies      

   You never need more than four colors to color every country   on a map a different color from its neighbours. This was   proved in the 20th century  but nobody knows why it is true.
Heh. I suppose we've proved it, but this author doesn't accept this proof as an explanation for why it's true.

6
alokyadav15 6 hours ago 0 replies      
7
Mz 1 hour ago 0 replies      
D&Ders take note:http://images-of-math.tumblr.com/page/8

Y'all did not invent a d20!

This is just a really nifty site. Much deeper than I know how to express. One image per page, but it's really good. ("Bookmarked", so to speak.)

27
Field Manual 21-78: Prisoner of War Resistance (1981) [pdf]
10 points by marktangotango  5 hours ago   1 comment top
1
themodelplumber 1 hour ago 0 replies      
Related: Attempts to Escape Oflag IV-C (Colditz Castle)

http://en.wikipedia.org/wiki/Attempts_to_escape_Oflag_IV-C

28
Let the Other 95% of Great Programmers In
269 points by gpoort  4 hours ago   386 comments top 107
1
dang 2 hours ago 3 replies      
All: much of this thread is of low quality, below the standard that Hacker News discussion should aspire to, because it doesn't engage with what pg's essay actually says. It merely uses it as a trigger point for passions about other things, like H1Bs and Infosys. In other words it goes on a generic tangent, and generic tangents are the vectors we most need to avoid if we want discussions that are substantive instead of a handful of always-the-sames.

When I see cases like this, I've been asking: would the Principle of Charity [1] have helped here? The answer is usually yes. In this case, the idea of pg lobbying to flood the market with cheap programming labor is not only demonstrably wrong from the article (which talks about a much smaller order of magnitude and endorses lowering H1B-style quotas), it fails a laugh test for anyone familiar with his arguments in general.

The essay may be wrong, impractical, or impolitic; if you want to criticize it, there are plenty of legit criticisms you could make, starting with: how are we to objectively evaluate who the great programmers are, when it has often been argued (including by a certain essayist) that this can't be measured?

But if you're going to dispute an articleany articleon Hacker News, you have a responsibility to engage with what it really says. The Principle of Charity is the best way I know of to formalize this requirement, and unless someone can make a case for any bad consequences of doing so, we're planning to add it officially to the HN Guidelines in the new year.

1. http://en.wikipedia.org/wiki/Principle_of_charity and http://philosophy.lander.edu/oriental/charity.html

2
sz4kerto 4 hours ago 3 replies      
Hm, an article from pg I don't really agree with (even if I am benefiting from EU's open labor market).

There are plenty of 'exceptional' programmers out there with not exceptional salaries. Anybody is free to hire one. There are a couple of problems though:

- they're hard to identify- they might be exceptional in one situation and mediocre in another situation. The fact you are doing great at company X and task Y does not guarantee you'll be a rockstar at company W and task Z.- you don't want to pay for them. "I asked the CEO of a startup with about 70 programmers how many more he'd hire if he could get all the great programmers he wanted. He said "We'd hire 30 tomorrow morning." Well, if they're really exceptional and they worth 100x more than the others then pay them $5M/year and they're going to come to you. I know this won't happen, and the reason for that is exactly the fact that you have no clue how much they're going to worth for you. You could even pay only $500k/y to these excellent guys but no startup does that because they're not sure.

So please let's forget these stories about rockstar programmers and whatever. It's simple: if US could tap the international talent pool without restrictions then labor costs would go down by 50% OR it'd be easier to find good ones quickly at the same price, therefore one of the biggest risk factor in startups would be less of a problem. I completely support this argument, by the way. Don't dilute this debate with 10x (1000x?) programmers and companies who'd hire 30 people tomorrow morning at the market price (??) if they could find them.

*Edit: I have zero problem with downvotes but I'm genuinely interested in counterarguments, so please explain where am I wrong. :)

3
austenallred 4 hours ago 10 replies      
I really want to believe this, but I'm not sure that I do.

Of course the tech companies want to hire people from overseas; being able to hire someone from India for half the cost but have them live in the US so there's some level of accountability/trust is a no-brainer. Huge new, cheap talent pool.

But, if I'm an entry-level, US-based programmer, what I see are floods of cheap talent, some with questionable skills, coming over to compete for my job.

On the surface it seems as simple as a conflict of interest between employees and the companies that employ them. Supply/demand.

Dig a little deeper and the argument becomes that the top programmers we're bringing over are going to start great companies. That makes sense; part of the reason the United States is so powerful is selection bias: If we create an environment the hardest-working and smartest people in the world want to come to, the end result is a lot of great companies that create enough jobs for everyone. Elon Musk isn't starting Tesla or SpaceX in South Africa (where he's from). So we create an all-star selection of the human race in one country, make laws that are favorable to people coming/staying, and the economy explodes.

What I'm not clear on is what the effect of opening the doors to programmers would be. Would truly great companies be started enough that the entire economy is shored up, or would it just dilute the talent pool to the extent that being a programmer isn't a "special" job you get paid $150,000/year for being decent at? The long-term, macro result of this would be interesting.

4
ta75757 4 hours ago 4 replies      
Paul Graham is fighting for his side. I hope any developers here are smart enough to fight for theirs.

He's arguing that the same companies who colluded illegally to drive down the wages of the "best" programmers, now have no interest in lowering their wages when they're arguing for increased immigration. LOL.

5
mrottenkolber 3 hours ago 6 replies      
What I take away from the HN/Startup/Recruiting drama:

* Companies don't know how find good people (they think they know how to attract them, but honestly, how can they tell? They don't notice the ones they fail to attract, which I'd argue is most people)

* Companies are unable to produce (e.g. educate) good people

* They want to solve their failures by increasing the search space of people

I have no sympathy at all here. If you want good people you have to pick them up early and educate them. A startup however wants great people now, and they are supposed to be a great match by pure chance. This is classic irrational dream-thinking. You have to be pretty proud of yourself to expect all the good things will come to you just like that.

I suggest an alternative (my) approach, I call it the "secret elite ninja clan" approach:

1. Find out what skills are required in your industry.

2. Become a good at teaching these skills.

3. Find a pupil (as motivated as possible, no skills required)

4. Educate that pupil until a) they are as good as you are or better / b) they loose interest and leave you

5. Make money by utilizing the resulting skills. Also test your pupil's new talents.

6. Make pupil a partner if possible, return to step 1.

Also important: If you meet someone, figure out how that person can generate value, don't get cornered by your expectations. Improvise, diversify.

I am currently with my third pupil (first two were not motivated enough) and she seems to have it in her blood. I think if we keep up we can "grow" a pretty good company of really good people in a decade or so. Of course, there won't be a CEO, or a product, just really good hourly rates.

6
danmaz74 3 hours ago 4 replies      
It looks to me like the solution to the problem is simple. Just have a "high tech visa" with no number limit, but one simple requirement: The company requesting the job needs to be offering something like 150% (or 200% or whatever makes sense) the average salary of the US workforce, or in their state.

This will ensure that the visa will only be offered for skills that are difficult to find in the USA (or the specific State). No problem of driving salaries down.

7
wallflower 4 hours ago 0 replies      
If you put all the engineers at Facebook, Apple, Google into a typically-sized college football stadium, they would barely fill it. The new digital economy is not inclusive for everyone, most everyone who does not produce technology is a spectator (e.g. walking down the street swiping their phone, sitting in a bar swiping their phone v. writing apps or infrastructure software).

The reality is that the Apple/Google/Facebook level (and aspiring) companies want the H1B limit raised so that they can attract the best in the world. However, there are companies with profit-based motives. Infosys, Wipro et al. extensively abuse the H1B system and create a system of indentured servitude for, mostly, the non-Apples of the world. The companies that aren't shining stars - but like most other companies need software maintained and built to sustain their business.

Not every talented non-US Facebook employee wants to live in their home country. In some cases, the home country has rampant inflation/unemployment/bad schools/crime. America is still very much the land of opportunity, despite its flaws.

Consulting agencies almost always reach a point where they can't maintain quality and simultaneously pursue greater revenues (because they can't hire enough good people). What usually happens, sadly, is that the revenues take precedence and they start diluting the overall work quality.

You still can't beat the power of face to face human interaction unless you build something like The Matrix - where every one inside it is a hologram.

8
ulfw 4 hours ago 4 replies      
Here are the H1B Top Ten visa sponsors:1Infosys32,379$76,4942Tata Consultancy Services8,785$66,1133Wipro6,733$69,9534Deloitte Consulting6,165$98,9805Ibm5,839$87,7896Accenture5,099$70,8787Larsen & Toubro Infotech4,380$59,9338Microsoft3,911$113,4089Hcl America3,012$81,37610Satyam Computer Services2,249$73,374

How many of those are America's top tech companies who are in dire need of foreign engineers? The Top 3 by far are Indian outsourcing, sorry, 'consulting' companies.

http://www.myvisajobs.com/Reports/2014-H1B-Visa-Sponsor.aspx

9
voidlogic 2 hours ago 3 replies      
IMHO the real issue isn't that they many companies can't find great programmers, its that they only want great programmers who live in their locality.

For many (most?) startups in the valley, if you aren't living in the greater SFO area, or willing to relocate there, they are not interested.

They are dinosaurs living in the past, fighting distributed collaboration. (Which is ironic as they are technology companies). Importing people from overseas to the bay area is actually the hard way of solving the problem.

From first hand XP, I can tell you going distributed has made hiring top notch talent 10x easier. And if I hire someone overseas, they don't have to move...

Again, IMHO all the excuses like "culture" are bullshit, if your culture depends on holding hands as a group every day, your company culture is already fatally weak.

10
mrrrgn 3 hours ago 4 replies      
This concept of a "great programmer" is something I find very suspicious.

A competently trained engineer who works with distributed systems may implement a trivial fix and save her company tens of thousands of dollars in AWS bills.

Someone with a strong background in programming languages might implement a PHP -> C++ cross-compiler and double the throughput of her company's web servers.

The capability to recognize these improvements does not require some inborn spark of genius. Rather, it requires the prerequisite experience in some programming sub-field. Experience which can be learned.

Moments of rare insight do happen - "hey what if we cross-compile all this crappy PHP to C++?" - but these are a matter of random chance: get enough folks with programming language expertise working on a strictly PHP codebase and eventually someone will have the idea.

The "born programmer" is a myth. A great programmer is often a person with a high level of training in some particular sub-fields, and/or, a person who is very savvy regarding the craft of building software (i.e. "The Pragmatic Programmer").

11
kohanz 4 hours ago 3 replies      
There exists no practical, reliable method to identify the "great" programmers from the rest (other than by employing them or working with them over a significant amount of time). Many of them interview poorly. If you could actually identify these people, you'd have a billion dollar idea.

So that implies that in order to grant entry to the "great" programmers, the door needs to be wide open to everyone. I'm not saying that's a bad thing, but it doesn't appear to be addressed by PG.

12
xiaoma 4 hours ago 8 replies      
>The US has less than 5% of the world's population. Which means if the qualities that make someone a great programmer are evenly distributed, 95% of great programmers are born outside the US.

This assumption is repeated throughout the essay, but I'm not particularly convinced it's true. Why would the qualities be evenly distributed between first world countries such as the US where programming is respected and well paid vs failed states like Nigeria or the war-torn Congo?

13
volkadav 4 hours ago 5 replies      
We already have visas specifically targeted at letting in exceptional talent: the O (temporary) and E (permanent) series. Of course, the tech industry lobbying is not generally speaking around those visas, but rather H1-B. So I don't think it is entirely correct to assert that industry wants more "genius visa" types, they want more journeymen (gender-neutral; the kind of staff that are competent but not exceptional, or else they would be here on an E-series). Why ever would they spend lobbying dollars unless there was an expectation that spending $X on Congress today will save them $Y (Y > X) in wages in the future?

Don't get me wrong, I've greatly valued the talented non-US folks I've had on my teams over the years. But I'd rather we gave them an easy path to citizenship if they want to be here rather than giving more of them the opportunity to be borderline indentured servants. Then they could fully enjoy the benefits of the society they're contributing to, including labor flexibility and the ability to bargain for a fair market wage. I'm sure the free-market enthusiasts running large tech companies or venture capital firms love that idea.

14
andyl 4 hours ago 1 reply      
"American technology companies want the government to make immigration easier because they say they can't find enough programmers in the US."

Clarification: can't find enough American programmers willing to work for low foreign wages.

15
buro9 4 hours ago 6 replies      
There is more than immigration in the way of non-US programmers moving to the US:

1) Immigration

1) Health care

3) Living standards (some part cost of rent, some part accessible lifestyle, some part relationships and future plans, etc)

I'm a London programmer and yes immigration is an issue, but health care (for themselves and their partner) is joint #1 on that front. It's hard not to look on US healthcare as being the worst possible product of US politics and that starts to impact the standard of living thing.

Most non-US programmers I know come from societies where we're happy to pay more in tax to have a more civilised society and life. You may fix immigration, but to make the US an attractive place to want to relocate to far more needs to be fixed.

16
moocow01 4 hours ago 2 replies      
How about Silicon Valley first working on actually optimizing the use of the current labor pool by letting in the REAL other 95% of programmers meaning ...

- Anyone over 40

- Anyone who doesn't fit the profile of a 25 year old white male

Until this happens in any real manner, these sort of pleas are just politics as usual for economic gain.

17
xiaoma 4 hours ago 4 replies      
>So they claim it's because they want to drive down salaries. But if you talk to startups, you find practically every one over a certain size has gone through legal contortions to get programmers into the the US, where they then paid them the same as they'd have paid an American. Why would they go to extra trouble to get programmers for the same price? The only explanation is that they're telling the truth: there are just not enough great programmers to go around.

And yet most start-ups pay programmers far less than they pay their lawyers.

18
grandalf 4 hours ago 3 replies      
If someone is smart and wants to work in the US there should be no barriers to doing so. I don't deserve any job or salary if someone else can do it better or cheaper. We are all human beings in the sense of our right to fair work and wage.

Who wants to wake up in the morning and think "thank goodness some lawmaker is forcing someone smarter/better than me to live in poverty so I can have this cushy job"?

PG is right that most programmers are not all that bright. This limits the state of the art in our industry far more than most people realize.

[edit]: I can't believe this thread is getting hijacked by people who oppose PG's view on this and are downvoting comments in support of it!

19
jacquesm 3 hours ago 1 reply      
Why limit this to programmers? It's not as if we're some kind of privileged and special sub-species of humanity. People should be allowed to move around the globe at will without those pesky borders. That would be one way to get us out of the hole we're in. Drawing arbitrary lines for certain professions and not for others only further deepens the gap.

Companies have long ago figured out ways to go trans-national, simply by opening up offices in low wage countries.

Another, easy solution if you want more talent is to pay more.

20
rayiner 2 hours ago 0 replies      
I think very few people don't want the U.S. to let in exceptional programmers. But the fact is that "1%" programmers are 1% of the population. Tech companies have tremendous trouble identifying those 1% from the other 99%. The government is almost certainly going to do a worse job at that. And if the government delegates screening to the private sector, then the system is tremendously gameable. So the issue isn't whether we should let in those 1% programmers. It's wether it's worth it to let in 99 mediocre programmers for every exceptional one, or to create a system with tremendous incentives to import those 99 mediocre programmers in an effort to drive down wages, hoping we'll get some exceptional ones in the process.
21
btilly 3 hours ago 0 replies      
A big problem with the current H1B system is that companies like Infosys are supposed to pay what they claim is market rate, but have every incentive to lie about the true market rate. The problem that Paul would like fixed is that there are a lot of really good programmers who startups would rightly like to hire but can't.

Paul would like to eliminate the cap. But this makes the first problem worse. If you solve the first, then removing the cap makes perfect sense.

So how do we solve the first? My proposal is that any company wanting import an employee can, but has to post a significant bond for the cost of deporting the employee if there are problems. That immigrant is free to transfer employment. At the end of a year, if that immigrant left to go to another company, the original employer loses the bond and owes the difference between the immigrant's current income and the original one.

Under this proposal there is a disincentive to bring in an immigrant unless said immigrant really is paid above market rate for their skills. Locals may not like the competition, but people will be hiring immigrants because they think they are better, and not because they are cheaper than the market.

22
bsbechtel 13 minutes ago 0 replies      
Wasn't it Ben Franklin that made a very similar appeal, regarding all occupations? The US should want the very best talent the world can produce, in every field, not just technology.
23
protomyth 1 hour ago 0 replies      
First, characterizing anyone against the current H1B program as anti-immigration is a nice political tact but has nothing to do with the truth. It is a great way of framing the other side, but it is not a nice way to debate, but it is so common.

The current H1B lowers prices of IT by mostly supplying body shop consultants to American corporations. Go look at the stats of who is getting the most H1Bs and the dirty tricks they are using to assure no citizen can apply for those positions. Now that the big players have been caught illegally colluding on depressing wages this is the next step to cheapen the wage pool.

Second, the silicon valley folks could start recruiting a lot better. Since we talk about ageism[1] and sexism so much, perhaps some effort into recruiting could be spared. While we're at it, perhaps recruiting from other colleges that have programs[2].

Third, I'm all for legal immigration after all part of my family came that way, but I want the H1B program (and its hidden friends) removed. I want all the folks who came here and got degrees given first chance with NO indentured servitude to a single company. The American taxpayer had a hand in educating these students and it is high time we got value from it.

Yes, we should speed up the path for STEM folks we need, but it should not be at a single company's whim.

1) It seems like hollywood actresses have about the same career length as programmers (30 is too old, 40 and 50 are un-hireable).

2) Microsoft in the 90's made it very clear they only wanted people from the school I attended for support since we had a nice midwestern accent.

24
thesz 2 hours ago 0 replies      
1) by educating you will uncover latent exceptional programmers and

2) by educating you will raise educational level and make life better for everyone in country (any country).

http://en.wikipedia.org/wiki/Statistical_correlations_of_cri...

http://www.commissiononhealth.org/PDF/c270deb3-ba42-4fbd-bae...

Those two arguments are omitted from essay. I think it is a sign of sloppiness on PG's part.

25
cpwright 4 hours ago 1 reply      
The big issue I have with this essay is that, while I believe it is true that letting in exceptional foreign programmers would benefit the economy and that probably does not overly hurt many exceptional American programmers; I don't see how just opening up the H1B program would achieve that.

Instead, I believe you might get some fraction of those exceptional programmers to come to America; but you would probably get many more less-than-exceptional programmers (which pg called competent) competing with less-than-exceptional, but competent Americans (or those who could be trained to be competent).

On balance, I'm unconvinced this would help.

Potentially, instead of having a lottery, the government should just run a dutch auction for the same sized quota. If someone is truly exceptional, it would be worth paying for them. You'd also end up naturally giving American programmers a bit of a home-field advantage; because their cost would not be burdened with the additional cost of winning an auction.

26
j_baker 3 hours ago 0 replies      
I have a ton of issues with this post.

For starters, the idea that some people are just inherently exceptional programmers and others can only be competent is elitist. Is it any wonder that every programmer in Silicon Valley thinks they're God's gift to the programming world? We've been taught that to be hirable we have to be "10x" engineers who spend all of our free time hacking.

But ok, maybe you don't agree with me on this point. You feel as though there truly is some kind of "master race" of programmers who are inherently gifted in ways that nobody else can learn to be gifted. That still doesn't mean that you should agree with PG.

Why do we need to import all of these engineers into Silicon Valley? One of the great benefits of Software Engineering is that it can be done from anywhere in the world. Why can't people choose to stay where they live? My suspicion is that it has more to do with entrepreneurial arrogance than anything else. Company executives simply want to build big empires with lots of programmers all under their thumb under one roof.

So what happens? If you want to be an engineer, you have to come to Silicon Valley and displace someone who already lives in the Bay Area. It's displacement that breeds displacement.

Ok, maybe you still don't believe me. You think that we need exceptional engineers and they have to be in the Bay Area. The immigration policies that tech companies are pushing for aren't based on merit. The STEM visas only apply to people who are schooled in the US. In other words, the people who will be coming to the US on these new visas aren't coming here because they are one of the exceptional engineers tech companies fawn after. They're here because they have parents who can afford to send them of to the US to fancy schools. We're not getting the "poor and huddled masses" that made this nation great anymore.

Is it any wonder people in the Bay Area hate us? We're elitist, we displace people, and we're importing people from affluent backgrounds.

27
itg 4 hours ago 1 reply      
Read: We don't want to train workers or pay them a good salary. We expect them to know everything beforehand and be content with crappy wages, then wonder why the brightest kids are going into fields like medicine and high finance.
28
johnohara 3 hours ago 0 replies      
The US has less than 5% of the world's population. Which means if the qualities that make someone a great programmer are evenly distributed, 95% of great programmers are born outside the US.

That is the question isn't it -- are those qualities "evenly distributed" around the world?

Africans make up a lot less than 5% of the great marathonersin the world. Does that mean the remaining 95% of great marathoners in the world live outside of Africa?

There are usually a whole host of other intangibles associated with exceptional performance, which are sometimes directly undermined by a change in physical location.

29
dasil003 4 hours ago 0 replies      
I think it's a bit disingenuous to not even mention cost in this article. Clearly a lot of companies are using H1-Bs to save money more than to find great programmers. Even ones that genuinely want exceptional programmers may not even have the capability to identify great programmers.
30
andrewmutz 2 hours ago 2 replies      
I have a quick question for those arguing against PG's position:

Do you genuinely believe that increasing the number of talented software engineers emigrating to the United States is bad for the United States? Or bad for you?

In the same way that I would argue for public policy that benefits us all (not just me), I think we should have immigration policies that benefit everyone, not just Software Engineers.

31
epicureanideal 1 hour ago 0 replies      
I think the best way to address everyone's concerns is to do a trustworthy study (trusted by both management and engineers) on the effects of opening the doors under different scenarios.

How does the situation play out from everyone's perspective? If we open the doors too fast, do we get a huge drop in wages, everyone loses their houses, and students flee from tech education? Is there a rebound after N years?

If we open the doors slower, are we able to maintain wages at their current level? After how many years have we fully absorbed the talent and / or the effects of importing more talent start to ADD to the compensation of current workers, based on the improved tech ecosystem?

So, who can provide a model of what would happen at 3 month to 1 year intervals (I'd prefer shorter) in terms of salaries and rent, going out lets say 10-20 years?

Also, maintaining wages at their current level may not be a good thing. It seems that they've been suppressed lately and so we'd be maintaining them at a suppressed level, but this is just to start the discussion.

32
davismwfl 3 hours ago 0 replies      
To me the main failure and what negates the argument to me is that 95/5% population. Yes, I agree that the US makes up a small percentage of the global population and to think we have the best, smartest or only of anything is stupidly arrogant and extremely short sighted.

However, to assume that of the 7 billion people on the planet and the 6.7 billion that are not in the US are comparable in education, opportunity, training and ability is just not realistic either. While I agree too that greatness can't be taught necessarily, it also can't exist without education, drive and opportunity.

The problem is when you use misleading statistics to make your argument it causes intelligent people many times to negate the validity of the entire argument. While I don't have a problem with h1b's overall, I do have an issue when startup's and other companies argue they can't find anyone in the US.

Having managed a large development team at one time and having used large numbers of H1B's, what I learned was that H1B's are far less job mobile and far more tied to the organization sponsoring their entry. Which is of course one of the core reasons companies like them. It makes competing for the same resources far cheaper and keeps wages lower overall. In most situations when demand increases and supply decreases, cost goes up across the board (e.g. salaries). In tech, the salaries don't increase as much as the cost to the lawyers to get more H1B's to help keep the pay lower.

33
bmdavi3 3 hours ago 0 replies      
In high school, part of the reason I chose computer programming as my future career is because I like it, and part of the reason is that I knew not a lot of other people did, or could do it well. I didn't know what the world would be like in 20 years, but I figured that was a good way of giving myself a chance at having a good job down the road.

Computer science courses in college were much tougher than in most other majors, and there were many, many nights I'd be coding away to finish a project while my friends were out partying, playing video games, etc. I like art, history, and music too, but I figured it was worth it, just a few more years and it would pay off.

Now, just as it is starting to pay off, people are trying to change the rules. I've been trying to get my 10 year old nephew interested in science and math, encouraging him, so he can make the same choices down the road if he wants to. But if the plan is to swoop in at the last minute and remove the rewards for delayed gratification, maybe I should tell him to have a blast and do whatever.

Either allow full immigration for people in any career (best option), or have the same stifling limits for all careers (distant second). Don't cherry pick who's going to have their careers dis-proportionally affected.

34
michaelvkpdx 4 hours ago 5 replies      
Part of the reality of founding a company in the United States, and taking advantage of the freedoms and protections being in the USA offers, is that you have to work with the USA labor force.

If you don't like it- well, go international. Fast food restaurants don't get to import the best burger-slingers from Germany. Software companies have to live in the same space.

And it's complete and utter BS to suggest that there's no way we can make up for the gap in our education system. You have to invest in the society, and it takes time to train people. Railroads in the 1890's didn't suddenly wake up with a million trained workers at their disposal, and they didn't have the option of importing trained workers from the UK where railroads were booming. Part of the limits of their expansion was the need for training- and when they didn't train, they ended up with dead workers (25,000 out of a force of 1 million killed on the job in 1900 alone).

If someone wants to come to the USA on their own volition, and take their oath of citizenship- fantastic! We should all welcome them. But it is not up to corporations to dictate terms of citizenship at their convenience.

35
zerr 4 hours ago 1 reply      
Meanwhile, why don't get better at management to allow remote work? ...
36
chetanahuja 1 hour ago 0 replies      
Everybody seems to be discussing the pros and cons of H1-B and it's various misuses etc. It's very clear to anybody who's gone through the process (as I have, both as an employee and as an employer) that this is an extremely flawed process based on a mid-20th century model of industrial work in huge factories.

But PG's essays is not about necessarily maintaining or expanding the existing flawed process itself. It's about the end goal of having a rational legal process to keep the tech ecosystem healthy. Some of the concrete ways I can think of that makes the situation better:

1) Right away, grant all tech degree holders from say, the worlds' top 200 universities immediate medium term visas equivalent to current OPT (Optional Practical Training periods which are short term). The current version of OPT allows about 18 months of work permit for jobs somewhat related to their degrees. An alternate, more politically palatable version of this might only include US universities and/or only post-graduate degrees. A very basic version of this idea can simply extend the term of the current OPT to say, 5 years.

2) Dissociate the granting of green cards to skilled employees from a particular employer. This is a major reason H1-B visa holders feel trapped with one employer (otherwise the mobility between jobs is pretty easy for H1-B holders). Let the skilled immigrant directly apply for permanent residency based on employable skills supported by, say, education, employment, compensation history so far in their careers. Make sure equity compensation is given weight here (to treat the startup ecosystem fairly).

3) Remove the per-country quotas on green cards. India and China having the same quota as say, to pick a random small country - Latvia, is ridiculous and quite possibly mirrors the old style racist immigration policies from the previous centuries.

(1) and (2) will pretty much mitigate most of the issues foreign engineers face when participating the startup ecosystem. All three changes together will take away any motivation/power employers have over skilled employees in today's H1-B -> green card pathway based system. This should also assuage any valid wage suppression issues raised by some people on this forum.

37
cma 4 hours ago 1 reply      
> And since good people like good colleagues, that means the best programmers could collect in just a few hubs. Maybe mostly in one hub.

Owner of prestige hub wants it to be more prestigous, and wants your policy support to make it happen. No where is this spelled out as a conflict of interest.

Ycombinator seems similar in many ways to the Law Firm partner/prestige system, or the university prestige system, or the scientific publisher prestige system.

38
beejiu 3 hours ago 1 reply      
Anybody who travels 4,000 miles to a new country to work in, and to live with people they have never met, have proven themselves to be the sort of motivated person you want to hire.
39
23david 2 hours ago 1 reply      
As PG states:

  it's easy to imagine cases where a great programmer might invent things   worth 100x or even 1000x an average programmer's salary.
If this is true, rational companies should be willing to pay salaries between 100-1000x of average for great programmers.

All hail the $100M/yr rockstar programmer.

I can't wait to see the cool things that will come out of a greater distribution of wealth to hackers, geeks and programmers. Think of all the neat kickstarter campaigns that will get funded... and all of the startup ideas that can find angel funding. And all the open-source and Makerspaces and rockets etc, etc.

40
mnglkhn2 4 hours ago 1 reply      
The value proposition needs to be right.

So far, tech companies only propose to let people come and work, for 3 to 6 years. There is no guarantee made to the exceptional programmer that the company will apply his/her green card, and hence facilitate the actual act of immigration. Until The company applies and the application is approved, we are talking just about work visas and not about immigration.

The only reasonable way to immigrate at this moment is through family, which means come and get married to a citizen.

If you don't do that, then you are totally dependent at the whim of the sponsoring company, which might decide at some point during those 6 years that you are not exceptional anymore and hence you should pack and close down all your stuff (apartment, bank accounts, etc) within 30 days (at some point not even these 30 days were not guaranteed).

If we discuss about having talent coming in, then the discussion has to clarify what the value on the table is.

41
1971genocide 2 hours ago 1 reply      
A lot of people in this thread seem to be really short sighted. Yes every tech worker's salary will drop significantly if the United States allowed more open immigration laws. But think about this - what would have happened if elon musk, vinod khosla,Sundar Pichai though the united state was not worth the trouble ? Silicon Valley would prolly exist but wouldn't have the monopoly on software that it has.

I am not an american but I am really happy that the united states government has strong anti-immigration laws. This might not be an popular opinion but the United States has mooched off talent from the rest of the world without paying for it. It has actually allowed rapid development of the start-up scene in my country who are in direct competition with the bay area. The best part is unlike the bay area most of the tech workers are able to save a majority of their money as the living cost is dirt cheap compared to the disgusting wealth extraction from the young and talented that happens in the bay area.

Now just for a second imagine if these tech hubs grow and take a large market share from the likes of google and facebook ?

As a student of Computer science who doesn't happen to be the the united states all this is really good news and I wish the govt doesn't listen to PG as it results in the 95% to decentralize the wealth generated from technology from the hands of PG and silicon valley. ( And I am of the believe that power is always best kept in the hands of the many compared to the hands of the few )

42
NhanH 2 hours ago 1 reply      
It's kind of weird to see the same discussion being repeated over and over again, with people talking over each others with the same point, again over and over.

How about this instead, let's say I'm Patio11 and I want to go to the US, how do I do that? I personally consider Patrick to be the top 1% in what he is doing. And from what I've seen in on of HN's thread last week, a lot of people are aspiring to be the same.

Funny enough, after I typed the above paragraph, I just realized that I can't actually think of a good way to move to the US if I was Patrick. And I'd wager I know more about immigration (pertaining to tech works) than at least most people here, seeing that some of you quoting H1B as "over 100000 coming per years". H1B won't work, you can't have side project/ company on H1B while in the US. And I'm not particularly sure Kalzumeus Software will fit the profile for the investing/ job creators visa one. O visa is just iffy. (Special visas for country aside).

I'm not sure if I'm a great programmers or not. But I'm young enough to hope that I could one day be one. Please, actually proposing solutions on how great programmers could come to the US, with current immigration laws or any changes you think should be made. Keep bashing the H1B is not productive.

Or you can just come out and say "fuck you foreigners", in which case I will gladly reevaluate my plan.

(And then there is still a whole discussion with the OPT system, for some reasons, I have not seen anyone discussing about foreigners graduate from US university, and then have to leave because of the immigration system. There are a whole lot of us too!)

43
ChrisAntaki 2 hours ago 1 reply      
> A great programmer doesn't merely do the same work faster. A great programmer will invent things an ordinary programmer would never even think of.> ... a great programmer might invent things worth 100x or even 1000x an average programmer's salary.

I like how Paul slips in some encouragement for engineers wanting to start their own businesses.

44
lukasm 2 hours ago 0 replies      
Surprisingly, the solution is the free market. Make a pool of 5k visas with almost no requirements. Companies will bid on it. Add 50 visas for startup founders. Run this experiment for al least 6 years and measure the outcome.

On the other hand, that maybe a good thing. If we have more "Silicon Valleys" there will be more innovations, more competition. We don't need one superpower a.k.a monopoly that comes with other risks like NSA.

Price of starting a company is going down, markets are becoming more liquid therefore you don't need SV crazy money to get you going. What is more, you can reach ramen profitability faster outside SF, get more talent.

45
cottonseed 2 hours ago 0 replies      
Even the "need" for exceptional programmers is really about companies getting a good deal on labor:

> it's easy to imagine cases where a great programmer might invent things worth 100x or even 1000x an average programmer's salary.

Wouldn't it be nice to hire people that are 100-1000x more productive while only paying them marginally more?

46
SCHiM 3 hours ago 0 replies      
While I do agree in the general sense with what is being said, I very much dislike it when numbers are abused to strengthen a subjective argument. It feels like you're abusing facts and lying.

>"Which means if the qualities that make someone a great programmer are evenly distributed"

This is a pretty big assumption, there are huge cultural differences between, for example, India and the US. Who says that these differences could not enormously sway the distribution of great talent?

The next argument made is that since the US only has about 5% of the worlds population it also follows that only 5% of the worlds great programmers are naturally available there. However, apart from the question of potential, there's also the question of opportunity. I'd wager that the standard of living in the US is substantially higher than in most other parts of the world. Which leads me to suspect, but not to prove, that that 5% of 'all great programmers available' is actually quite a bit higher.

It's obvious that no matter how good you _could_ be with a computer, you won't be able to sharpen your skills if you don't have the means and those means are more readily available in the US than in China.

47
loteck 3 hours ago 1 reply      
This may be the least inspiring, least visionary solutions for one of the tech industry's challenges I've ever read from PG. That's unfortunate.

The tech industry's hostility to the basic concepts of training and employee development, which have long since been implemented in every other long-lasting trade and industry, need to change. That change needs to start with the industry's most prominent leaders and foremost thinkers.

48
qwerta 3 hours ago 0 replies      
I am from EU and moving to US would not bring me much improvements. Especially with a family it is very expensive there.

Perhaps US could first tap resources within its borders. There are 50 million people in 'fly-over' states which are sort of ignored.

And 1% of all men are in prison, perhaps allow them to learn (and graduate) while in prison. Right now they are not even allowed tv, not mentioning internet.

49
tomohawk 3 hours ago 0 replies      
There are a lot of things that should probably be fixed in the immigration system/laws, but starting out by labeling one side "anti-immigration" is probably not the best place to start.

If you have something to say that is worthwhile, there is no need to apply labels to people who may think differently.

50
chmartin 4 hours ago 1 reply      
"it's easy to imagine cases where a great programmer might invent things worth 100x or even 1000x an average programmer's salary" ... yet they get paid maybe 1.5x
51
tw04 2 hours ago 0 replies      
The anti-immigration people aren't trying to keep the elite programmers out. The technology companies aren't trying to get the elite programmers in. The technology companies are trying to pay slave wages to mediocre programmers rather than pay competitive wages to Americans.

I've watched it first hand from the sidelines. I'm not a programmer but I work directly with them on a daily basis. VERY, VERY few of the immigrants I've seen coming in are what I would consider remotely in the realm of elite.

Elite programers can find a job in any country, and they can make a ton of money in any country. That's the beauty of the internet, there's absolutely no reason they need to come to the US to flourish. The people trying to come here aren't the elites.

52
Tarrosion 3 hours ago 1 reply      
I generally find PG very convincing, but not here. Opening up immigration would have major side effects, though probably it would help companies hire top programmers. But rather than bear that cost, would we as a society be better off if we tried to educate children better, get more kids hooked on being makers, whatever it is you believe is important?

Fundamentally, making the 95-to-5 population comparison only makes sense if the 5% is at or near maximum utilization. And it's not at all obvious that American potential talent is that heavily utilized.

As an aside, it's also not at all obvious to me that we can't teach exceptional programming, at least for some people. In fact, the idea that top programmers are vastly better than merely good programmers is also not obvious to me. Think about lifting things: Perhaps I can lift 50kg and some one else 52kg. If the task is to lift a 51kg object, the other person is infinitely better than me. But if the task is just to lift moderate weight objects, we are indistinguishable. Similarly it seems plausible that for most tasks "very good" programmers are indistinguishable from"great" ones.

53
tsotha 3 hours ago 4 replies      
>The technology companies are right. What the anti-immigration people don't understand is that there is a huge variation in ability between competent programmers and exceptional ones, and while you can train people to be competent, you can't train them to be exceptional.

What Paul Graham doesn't understand is hardly any of the H-1B people companies are importing are exceptional, and half of them aren't even competent. It's not even about getting enough labor to fill open positions. It's about flooding the market with low cost labor so US technical people lose market pricing power.

These companies don't even know if there's a US citizen who's qualified for the job. I mean, this kind of stuff goes on all the time:

>The contention of the DoJ in this indictment appears to be that Mr. Cvjeticanin was defrauding companies seeking to hire IT personnel, yet for all those hundreds of ads ads that for the most part never ran and therefore could never yield job applications nobody complained!

http://www.cringely.com/2013/07/18/so-thats-how-h-1b-visa-fr...

54
wheels 3 hours ago 0 replies      
I agree with the basic thrust of the argument, but there are a couple of sticking points:

The first thing that caught me reading through the comments section here is that a lot of folks complain about immigrants pushing down wages. While there are certainly places that happens, I don't think that's what Paul's talking about here. However, there is another form of that which does happen -- immigrants do stabilize wages, even at startups, and wage fluctuation dictates some of which businesses are tenable and which aren't (and where they're tenable and where they aren't -- some businesses that would make sense in Dehli wouldn't make sense in San Francisco).

For the CEO mentioned, as salary goes to infinity, so to does his ability to hire as many great developers as he would like. To hire 30 developers the next day, there exists a salary which would make that possible. It's just that his business would probably not be tenable paying that much.

So, I think there's a component missing to the essay: how much wage stabilization is desirable via immigration? There's already a salary gap between working as a developer in the Bay Area vs. working almost anywhere else. How large should the ratio be allowed to grow? How much of being the hub is defined by having wages that are a small multiplier of wages elsewhere in the world for the same positions?

Second, the title seems a bit unfortunate. There's obviously not a uniform distribution of great programmers around the world. There's probably a pretty strong correlation between the distribution of home computers a decade ago and the home countries of great developers. The distribution not being uniform isn't really important to the point being made (it's fair to assume that most great programmers weren't born inside the US), but since it's implied so prominently in the title, it's harder to give it a pass.

55
rfrey 3 hours ago 0 replies      
There's a number of comments here disputing the "even distribution" assumption pg makes. The disagreements are wrong because pg did not say that great programmers were evenly distributed, just that the qualities that make great programmers are.

Some of those qualities are, IMO, curiosity; a mathematical inclination; attention to detail; an ability to quickly move between levels of abstraction; and so on.

I have no trouble believing those qualities might be evenly distributed among all humans. Of course, in many places people with those qualities might not choose to study programming, because the local culture and economics do not reward that path. An established and reliable migration path to a place where it is valued might change those choices though.

56
windlep 4 hours ago 2 replies      
Two immediately obvious problems in this set of arguments:

1) There'd be more great programmers if they wouldn't all divide themselves amongst so many startups, the vast majority of which will fail. Some other VC's have pointed out this problem as well. Less start-ups overall would increase the amount of great programmers available, and maybe more of them would succeed.

2) PG himself has said that great programmers grew up coding. PG's own population argument misses this as the greatest populations (India / China) do not have the wealth for kids to grow up coding. As people trying to increase the diversity of programmers have pointed out, getting this type of upbringing is hard even in America if you're not a well-off (generally white) male.

There's plenty of talent here in America, but let's be honest, its harder to utilize. It's much much easier to just import talent from countries that have education systems and cultures that do better at creating programmer talent than to fix America's deficiencies.

57
edw519 4 hours ago 3 replies      
...and while you can train people to be competent, you can't train them to be exceptional.

Why not?

Every exceptional programmer I've ever met was unexceptional at one time. Something happened for them to become exceptional. I personally believe that while that "something" is most often "doing", "training" is often a big part of the equation. And that training is more often than not training their beliefs as much as training their skills.

Many of the best programmers I've even known never imagined themselves being able to do what eventually became their norm. For a lot of them, all it took was the guidance of a caring mentor or trainer to see the possibilities.

Regardless of where programmers come from, I take it as a serious responsibility to help them become what they can be. Not saying "can't" is the first step.

58
michaelvkpdx 3 hours ago 0 replies      
Typical self-service from yet another rich VC.

Founders don't want to do anything to improve US society as a whole. Investment in education? Retraining workers whose skills have become dated? No- that's expensive and doesn't benefit the rich as much as another steady supply of below-market cost labor.

It's funny that so many of the VC's and Valley elite rail against the ills of the earth resource extraction companies (oil, coal, gas, etc...) yet see no harm in doing the same sort of scorched-earth work with human resources.

59
slantedview 4 hours ago 1 reply      
Paul's entire argument is a strawman.

H1B isn't about hiring "great programmers". It IS about importing cheap labor. This fact has been proven many times, with actual data rather than rhetoric, yet we still find ourselves having this same argument over and over. Here's a nearly 10 year old study that lays it out:

http://www.cis.org/PayScale-H1BWages

60
Htsthbjig 2 hours ago 1 reply      
Let's put an exemple of what PG is saying: Ellon Musk

Ellon Musk is from South Africa, he was not born in America. He has created an enormous amount of wealth in the US.

It is as simple as the US won't have self landing space rockets today without this man. Tesla would be bankrupt today, like Fisker.

It seems clear to me after reading comments here that Americans feel entitled to the position of world rulers they enjoy today. As if the wealth they enjoy as hegemonic power was generated in America and not all around the world.

Do you believe your salary is American generated? It is not.You print dollars that the world needs to use because it they don't sanctions are raised to them, or the US just invades them.

But as PG is saying, the world using the dollar as world reserve could change overnight.

You take your privileges for granted.

61
andyidsinga 2 hours ago 0 replies      
>> [2] .. An influx of inexpensive but mediocre programmers is the last thing they'd want; it would destroy them

i wonder if the great amout of inexpensive mediocre programmers everywhere else will wtill have a similar a similar effect over the next 50 years.

62
DontBeADick 2 hours ago 0 replies      
> But if you talk to startups, you find practically every one over a certain size has gone through legal contortions to get programmers into the the US, where they then paid them the same as they'd have paid an American.

The whole argument hinges on this unverified anecdote.

Sorry, but your personal experience isn't universal.

63
fdesmet 2 hours ago 0 replies      
pg may be right in some respects, but that doesn't mean his opposition is wrong.

pg's argument cannot explain the reality that we've all seen: companies hire droves of H1B folks who are anything but exceptional.

Only a fool fails to understand why.

64
23david 3 hours ago 0 replies      
Skilled programmers are able to generate incredible economic value, and companies having difficulty hiring should consider whether they are undervaluing programmers when they set salary ranges.

It's possible to quickly test this by simply adjusting the salary ranges upwards until good candidates start accepting job offers. Believe me... it works.

65
YuriNiyazov 4 hours ago 3 replies      
I am surprised by this. It would be so much more efficient to concentrate on building technology that makes working with people around the world as seamless as working with them in the same office.
66
tezza 3 hours ago 0 replies      
What PG is stating is broadly true.

It may be possible to eke out a few more % of programmers by teaching computing more widely.

At the moment the bunch of programmers is fairly self-selecting, and there may be many more people who may be great programmers if exposed to the possibilities.

For instance, some people who would normally become metal workers, stone masons, fine artists or mechanical engineers could make excellent programmers.

67
tdicola 3 hours ago 2 replies      
Why can't this argument be flipped on its side, if 95% of the best programmers are outside the US then why aren't the venture capitalists investing in and building companies outside the US? Surely we should see 95% of their portfolio companies are outside the US too...
68
jerdavis 3 hours ago 0 replies      
I see PG's resume, but I seriously wonder how many programmers he's interviewed, hired, managed, and fired in the last 5 years. How often has he thought about what to pay his engineers in relation to their output and others in the group. How much experience does he personally have with offshoring?I bet not that much actually.
69
polskibus 3 hours ago 0 replies      
Why don't SV companies hire programmers abroad by opening tech centers abroad? That's what other tech companies do, either directly or via outsourcing companies like SII or EPAM. Quality control is mostly a matter of pay - if it is good enough, you will get the same quality of work as in US.
70
CaptG 4 hours ago 3 replies      
I'm new to HN, and would consider my self a competent developer. How does a competent developer become an exceptional one?
71
rwallace 1 hour ago 0 replies      
As an anti-immigration person, my position is not the one suggested by Paul Graham. I make no claims either way regarding the ease of training people to be programmers. My position is that we should put an end to this ridiculous 19th-century idea that you can only be a productive programmer if you are physically located in the US.
72
aristus 4 hours ago 0 replies      
Or, perhaps, companies should become smarter about recruiting and hiring the large-but-unknown "false negatives" that are generated by their current process. Easier to implement, a competitive advantage, and you don't have to run a lobbying campaign. All you have to do is prick a few egos. Oh, wait... that's why.
73
xacaxulu 2 hours ago 0 replies      
It's incredible what shortages exist when you don't provide meaningful work, competitive wages or room for advancement. Time to import less demanding people.
74
strommen 4 hours ago 0 replies      
Sure, sounds great.

But out of all the people that would love to immigrate to the USA, how can we possibly distinguish the "great" programmers from the merely competent (or less)?

Hiring is already an extremely difficult problem for the most sophisticated technology companies in the country. We can't possibly expect a government agency to do it well at all.

75
cykho 4 hours ago 1 reply      
I wonder what the all up cost of getting someone an H1B visa is currently? Is this an annoying bureaucratic hurtle or a real barrier to talent entering the US?

My perception is that the cost is around $20k (lawyers/filing fees) + some uncertainty due to the lottery. Is that a barrier to a person that's worth paying $100k+?

76
stinos 4 hours ago 0 replies      
But, is it really necessary that all, or most, those exceptional programmers are concentrated in one country? Becasue in the end that's what is being advocated here: keep the US a technological 'super'power. Why is that needed (honest question)? How about diversity?
77
jarsin 4 hours ago 0 replies      
Please tell me how the startup you mention identifies great programmers.

I would not be suprised at all that they are yet another company that thinks solving trick programming questions under pressure is what makes someone great vs not great.

sorry but i call bs on your startup that cant find great programmers.

78
rglullis 4 hours ago 2 replies      
One thing that I don't get about the critics (especially the liberal-inclined) from H1B programs is: even if opening the gates ends up resulting in cheaper labor, what is wrong about that?

If the gates were open, the ones coming here to work for cheap won't be taking your jobs at the next startup fad. They will be working doing the things that Americans don't want to do: improving network infrastructure, doing boring TPS reports in biotech firms, basic IT, local (better) tech support, maybe modernizing your craptastical banking systems. None of the Americans that complain about H1B ever seem to realize that.

You guys seemed perfectly fine to have the Chinese building your railroads and to have the hispanics taking care of your children or to work in the kitchen of your favorite restaurant. So much so that you seem to be okay with giving amnesty every 10-20 years to undocumented immigrants. No need to worry, the status quo will not be challenged.

79
thesz 4 hours ago 0 replies      
1) By training you will uncover latent great programmers.

2) By training you will raise overall education level, making life easier and more pleasant for everyone in country (any country, not only US).

Either I getting old or PG getting sloppy. His latest essays do not stand a bit of critique.

80
Torgo 3 hours ago 0 replies      
Fix the obvious, rampant fraud first, otherwise you're dumping water into a bucket with a giant hole in the bottom. If you can't stop fraud then you can't stop more fraud when the numbers are increased.
81
raintrees 4 hours ago 0 replies      
Recognizing other countries' education/qualification/certifications would assist, as well (once they are here). I have spoken with a few people directly that had to start over once living in the US, their previous efforts were discounted.
82
dangoldin 3 hours ago 0 replies      
Using the same argument we should be investing more in the groups that traditionally haven't been into programming - women and minority groups. They are already US citizens without needing a visa sponsorship.
83
JoeAltmaier 3 hours ago 0 replies      
Enlightened self-interest. Great people increase opportunity. To the degree that happens, this is a good idea. In the short term there will be supply/demand issues and some folks will get hurt.
84
Khelavaster 4 hours ago 0 replies      
I hope the qualities that make someone a great programmer aren't evenly distributed. I hope that the American education system effectively develops those qualities on average better than any other country in the world.
85
aheppenstall 3 hours ago 0 replies      
I think a lot of those talking about cheap labour really don't understand how the current US immigration system works. Maybe large companies have other options but as a startup founder I've been through the H1-B process and it is anything but cheap and easy. Legal costs are in excess of $5k and the you must pay the employee a prevailing wage. For my cofounder this was in excess of $180k and thus as a series seed startup we simply can't afford to exercise the visa.

I absolutely understand the need to protect US jobs but the situation isn't very good when two cofounders can't stay in the country after raising almost $1m in seed capital and employing US citizens.

86
tartle 4 hours ago 4 replies      
"I asked the CEO of a startup with about 70 programmers how many more he'd hire if he could get all the great programmers he wanted. He said "We'd hire 30 tomorrow morning."

Evidence-based policy proposal at its finest :)

87
oskarth 4 hours ago 0 replies      
YC has a big advantage over US: they are not geographically bound to one place.

Say nothing changes in a decade. There's nothing that's fundamentally stopping YC from starting branches in SE Asia, Europe or Canada.

88
xigency 2 hours ago 0 replies      
There are plenty of exceptional people who are not given any sort of meaningful opportunities.
89
trothamel 3 hours ago 0 replies      
Isn't this what E-1 and E-2 visas are for?
90
FlipFlopsb 4 hours ago 1 reply      
"The US has less than 5% of the world's population. Which means if the qualities that make someone a great programmer are evenly distributed, 95% of great programmers are born outside the US"That is some very flawed thinking right there.

If this statement about how all the great workers are not US was true then they could outsource all programming outside the US easily just like call centers. This article is just more propaganda to pay programmers the same wage as minimum wage.

91
Terr_ 4 hours ago 0 replies      
> The only explanation is that they're telling the truth: there are just not enough great programmers to go around.

Hardly the only explanation.

First, the "career fakers" are unlikely to be seeking international relocation, which means that imperfect interviewing/hiring systems don't exhibit their latent flaws as much.

Second, "post-purchase rationalization" becomes a factor: "I went through this effort in the past, it must have been worth bit."

Third, how much more time is spent vetting a single international hire, versus the same attention to a local candidate? If the outcome is better, how much of that is due to a deeper engagement by the company?

92
iamwil 4 hours ago 0 replies      
Why would the distribution of great programmers around the world assumed to be even?

Is it because of widely accessible programming resources for cheap through the internet?

93
neaanopri 4 hours ago 0 replies      
We shouldn't restrict expansions to digital talent.
94
droopyEyelids 4 hours ago 1 reply      
> American technology companies want the government to make immigration easier because they say they can't find enough programmers in the US. Anti-immigration people say that instead of letting foreigners take these jobs, we should train more Americans to be programmers. Who's right?

What a biased 'framing' pile of bullshit.

Let as many programmers in as you want. Just give them the right to quit their job without deportation, and ensure they're paid the exact same wages as an American.

Thats the only honest solution to this problem. It'd make everyone happy except for the very people pushing to open immigration.

95
cletus 4 hours ago 1 reply      
This is nothing new. The problems with work visas in the US are:

1. Cheap bodyshops consuming much of the quota; and

2. Immigration being tied to an employer.

(2) is a direct cause of (1).

For those that don't know, sponsorship for a green card basically involves two stages.

Labor Certification ("LC") is the first and most time-consuming stage. It involves "proving" you can't find a US citizen to fill the job. There is then a queue with a quota system based on country of _birth_ (not citizenship). For countries with a high number of immigrants (eg Mexico, Phillipines, India, China), the queue can be _years_ long. During that time the employee is essentially an indentured servant. Employers can and do exploit this situation.

The Department of Labor can add to this by randomly auditing a particular application, which will add a minimum of 1-2 years to the process. Sometimes this is for cause but the DoL's stated policy is to prevent petitioners from "gaming" the system so they disguise their auditing criteria by randomly selecting applications to audit.

The second stage is basically a formality: filing for adjustment of status.

So for a period of 10 years or more the employee may be in no position to leave, no position to negotiate and will quite possibly have to work under abominable conditions for substandard wages.

The LC process ostensibly has a prevailing wage determination step to ensure the employee isn't being victimized. Trust me, it's a joke.

Startups here, as a general rule, aren't the problem. These nameless bodyshops paying $50,000/year or less for a warm body to contract out to a Fortune 500 company for $500/hour are.

If you kept the current green card quotas and simply made H1B visas portable and immigration essentially automatic when your number (in the queue) is up then you'd end a lot of these problems.

96
duaneb 4 hours ago 0 replies      
Yeah, let's prioritize blind progress over employing local citizens.
97
xacaxulu 2 hours ago 0 replies      
Read, drive salaries into the dirt.
98
michaelochurch 1 hour ago 0 replies      
I don't buy the overall argument here.

Anti-immigration people say that instead of letting foreigners take these jobs, we should train more Americans to be programmers.

I don't think most people who oppose the disingenuous invocation of "talent shortage" (while discriminating against women, minorities, and programmers over 40) by tech executives are "anti-immigration people". Immigration, at a reasonable rate, is a good thing.

What the anti-immigration people don't understand is that there is a huge variation in ability between competent programmers and exceptional ones

I hate being That Guy, but... [citation needed]. I don't exactly know who these anti-immigration people are, though.

So they claim it's because they want to drive down salaries. But if you talk to startups, you find practically every one over a certain size has gone through legal contortions to get programmers into the the US, where they then paid them the same as they'd have paid an American.

I don't think that it's just about driving down salaries. I think it's also about age discrimination (enabled by the ready availability of young programmers) and implicit expectations of obedience. In the US, you get talent or obedience but rarely both. Overseas, you have at least a chance of getting both (but if you're hiring on the cheap, the hit rate for talent is pretty low).

He said "We'd hire 30 tomorrow morning." And this is one of the hot startups that always win recruiting battles. It's the same all over Silicon Valley. Startups are that constrained for talent.

And yet they only want to hire pedigreed men under 40 who live in California... Somehow, I don't buy it. If you want more talent, raise wages. That's how economics works.

Exceptional performance implies immigration. A country with only a few percent of the world's population will be exceptional in some field only if there are a lot of immigrants working in it.

We're still the 3rd-largest country by population, and have some of the best land, and speak the dominant language...

Still, I take no issue with what the H1-B program is supposed to be: high-talent immigration. I'm for that. But a true high-talent immigration would have, by definition, to be employer-independent, meaning that once you're in, you're in and can move about the economy just as easily as anyone else.

One of the problems with the H1-B program is that it makes it hard for visa-holders to change jobs, and leaves them beholden to their employers because they can be deported if they're fired. If we're going to have a high-talent immigration program, we should have one... but that requires an unconditional "once you're in, you're in" policy, not some subordinate/contingent status.

Technology gives the best programmers huge leverage

I still haven't seen it. Upper-middle income is a nice improvement, but none of the people buying houses in Palo Alto or Mountain View are programmers. They're all VCs and product executives working 11-to-3 while the engineers do all the heavy lifting.

We have the potential to ensure that the US remains a technology superpower just by letting in a few thousand great programmers a year.

Why not just kill off the bro culture and the age discrimination? If we only need a few thousand more great programmers, then just making the industry more hospitable to women should do the job, right? If that's all we need, there's no reason we need our tech CEOs to lie to politicians about a "talent shortage" in order to get immigration policies changed.

Again, I have no problem with high-talent immigration. I think that we absolutely should allow more upper-tier technical people (if at a level where they'll create more jobs than they take, and top programmers are at that level) into the country. But I don't think that the H1-B program, as it is structured, does the right thing. Once someone has it, it should be employer-independent.

99
byEngineer 2 hours ago 0 replies      
Well, they are so constrained of talent but then they treat you like shit. What gives?
100
shamney 3 hours ago 1 reply      
what about the countries that are then deprived of this talent?
101
rweichler 3 hours ago 0 replies      
What about the 95% of great companies overseas?
102
vegabook 3 hours ago 0 replies      
Basically this proposition makes complete sense if you're an employer, and complete nonsense if you're not.

Of course the seductive argument of the bosses is that economic growth will benefit, but the post-crisis economy is proving to concentrate all returns to capital, and none to labour.

It's no wonder that those who champion it the most have nothing to worry about to feed and house their families for the rest of their lives.

103
larrys 3 hours ago 1 reply      
"American technology companies want the government to make immigration easier because they say they can't find enough programmers in the US. "

I think the question is who are the technology companies that want the government to make it easier. Is it "traditional established" companies that can't get quality programmers because anyone good is off trying to hit the lottery at a startup? Or is it the startups (trying to hit the lottery) who can't recruit?

Either way the question is if the chance of a startup working is considered mid to low (failure rate) then what happens to all of this exceptional labor down the road? The assumption that the current demand (startups) will last for a long time isn't necessarily correct.

Being in business many years (longer than PG iim and it should matter actually) I've seen plenty of cases where people make a demand assumption that later turns out to be the reason they go out of business (buy a new warehouse, expand the restaurant and so on).

104
slantedview 3 hours ago 0 replies      
Re this footnote: "An influx of inexpensive but mediocre programmers is the last thing they [Google and Facebook]'d want; it would destroy them"

If this is the case, why aren't Google and Facebook coming out strongly against our current H1B mechanism which is demonstrably little more than a tool for importing cheap labor?

105
pastProlog 3 hours ago 0 replies      
> Anti-immigration people

Like the author? He wants a tranche of immigration slots to open and for that tranche, indirectly if not directly, to block immigrants from Mexico, Honduras, Nigeria, and so forth. These slots are effectively only open to Indians, Chinese, and a trickle from other countries.

So this H1-B proposal is anti-immigrant. It means immigration only from mostly two countries. Of a certain class of person. In order to cut the wages of US programmers and force them to work more non-FLSA hours.

> Exceptional programmers

This is risible. I worked with a Chinese H1-B hire who told me he had never touched a computer until he got to the US. While that may have been anomalous, research on the H1-B immigration program ( http://web.cs.ucdavis.edu/~matloff/h1b.html ) shows that it is not the best and brightest immigrating. The millionaire and billionaire angels and VC's want to flood the US with indentured servants chained to their H1-B visa. Look at the top H1-B sponsors - they are for Tata's indentured servants, not for people doing bleeding edge compiler/AI/whatever work.

> you can train people to be competent, you can't train them to be exceptional

Perhaps not, but I've met plenty of people with the capability to be exceptional programmers, but during non-flush times companies want programmers to have a BSCS, and with public colleges become more selective and raising their rates, they never get a chance to do so. The millionaires and billionaires get tax cuts on their capital gains, so the training they require for this work becomes more costly to the worker, and in fact more workers can't afford it, so a shortage develops. So then the parasite millionaires want to suck off of India's free IIT program instead of restoring US education to the level it used to be.

> how many more he'd hire

Yes, times are flush now. How many was he hiring in 2008-2009? How many in 2001-2002? When the economy goes into the toilet again, there will be millions of indentured servants still here on H1-B visas. How many 40 or 50 year old programmers is he willing to hire? Or are we supposed to pay and take out big loans for our college, work 60 hour weeks in our 20s and 30s with the carrot of options while paying San Francisco rents, suffering through the post-dotcom and bank failure recessions, only to be cast aside at 40?

We hear about supply and demand from the oracles of economics all the time, but somehow this NEVER applies to salaries going up. I mean I am open to hiring programmers right now as well - seriously. You'll be paid minimum wage and the output will have to be spectacular. As soon as the economy dips you'll be gone.

We the programmers work. We are the creators of wealth. I have been studying biology recently, including species which have become parasites. As one species becomes more parasitic on another, it changes form completely. It usually gains hooks and suckers to latch on to the working species it is a parasite off of, and the parasite devotes its body to eating and sexual reproduction. In our modern times, the angels, the accelerators, the VC's are the parasites. These "job creators" expropriate the surplus labor time of we the programmers, the network/system/database admins etc. who do all the work and create all the wealth. The LP's of the big VC firms are the type of polo-playing Phillips Andover heirs you can see in the documentary "Born Rich". Something I know the 20-something unkempt dorks who go to Python conferences know nothing about, although they are the ones ultimately being given their marching orders and who are getting profits sucked off their labor. These heirs have set up additional financial hurdles to getting a BSCS at a public college over the years, and the parasites now want to parasitically suck of of India's free IIT universities and turn their graduates into H1-B coolies over here.

> we should train

When the hell was the last time a tech company really trained its employees? Aside from the odd week-long class here or there? What a farce. Companies haven't trained for decades, and the parasites who use companies to parasitically suck off the labor of those of us who actually work have reworked public US colleges to be more financially impossible to get through than they used to - then they whine they can't find more "exceptional" US programmers. What a farce.

106
zerooneinfinity 4 hours ago 1 reply      
That or they can pay foreign programmers a lot less and drive the average rate down for everyone.
107
wittgenstein 4 hours ago 1 reply      
Another great essay by Paul Graham that spells out the idiotic state of the current US immigration system in a clear manner. It is fucking unbelievable that even in the comments here there are still people complaining about foreign programmers driving salaries down or taking jobs from US citizens. Paul Graham is right and any intelligent person can see this.
29
Crow Intelligence Study Shows Birds Can Solve Puzzles Inspired by Aesop's Fables
16 points by ekianjo  9 hours ago   1 comment top
1
elwell 1 hour ago 0 replies      
I much enjoyed this old TED talk on the Intelligence of Crows by Joshua Klein: https://www.youtube.com/watch?v=bXQAgzfwuNQ
30
NSA Reports to the President's Intelligence Oversight Board
68 points by tephra  6 hours ago   8 comments top 2
1
koops 4 hours ago 1 reply      
Date posted: December 23rd. Enough to tell you the NSA would love this, as pathetically obfuscated and incomplete as it is, to be ignored.
2
meowface 4 hours ago 2 replies      
From the most recent report (https://www.nsa.gov/public_info/_files/IOB/FY2013_2Q_IOB_Rep...)

>NSA/CSS is developing a tool to automate submission of mission compliance incident reports across the NSA/CSS enterprise. The [REDACTED] will become the Agency's central tool for reporting potential mission compliance incidents and will provide a streamlined management process, a central repository, and metrics data to support root cause identification and trend analysis.

I'm rather surprised they've been in existence for this long but apparently do not yet have a centralized way of submitting and tracking misuse and leakage incidents. Even small organizations dealing with data that's not nearly as sensitive usually have systems in place to do this.

I interpreted this to mean they don't even seem to have a centralized internal incident response team at all? Or if so, perhaps a very small one. It almost sounds like they're just relying on managers and analysts to report incidents to their Office of the Inspector General by "good faith".

It's possible I'm wrong and they do have an existing system for this, but it's just mostly restricted to pen and paper instead of a database.

Either way, that doesn't sound like a good thing to me. An organization like the NSA should have some of the strictest oversight and compliance requirements imaginable, not this ad hoc "whoops one of my subordinates emailed TS data to some random people, sorry about that" via a phone call.

       cached 26 December 2014 23:02:02 GMT