People in this thread are talking about how they wouldn't trust the NSA at all. I went to a presentation and talked with people from the NSA before and at face value they seemed like a silicon valley tech company. In their presentation they talked about how they were interested in open source, diversity, big data, artificial intelligence, and all the other buzzwords. They all seemed like they genuinely thought what they were doing was helping people. I know what they've done (and continue to do) but it's strange being able to attach a face to an action. You're more likely to believe them and buy what they are saying. I suppose the best thing to do is check over their code and accept it if everything looks good. They probably are being genuine.
As a an extra piece of information that I found interesting, they were pushing the diversity stuff hard. Everyone that gave the presentation were women (and they weren't low level people), they had an African-American person that worked there talk about how inclusive it was, they talked about how they're super accepting of LGBTQ+ people, and on and on. The tech stuff was for like 5 minutes, then the rest was on diversity (at a tech presentation, looking for recruits). I'm not exaggerating.
Something to keep in mind is the fact that even (or especially) within agencies like the NSA, secret operations are kept secret from every staff member who doesn’t need to know about it for the op to succeed (higher-level people too).
Also, they know they have a public image problem since Snowden and are doing everything they can to change that.
It’s likely you can trust the individuals you saw to be nice people. But that doesn’t mean the agency as a whole can be trusted not to compromise the digital privacy and security of American citizens (not to mention citizens of other countries).
EDIT: As another commenter noted, the NSA is unfortunately a combination of red and blue teams within a single agency. So when you see positive signals that they’re working towards improving security, don’t believe for a moment that they aren’t working equally hard towards pwnage.
If this was before 2015, there's a chance the person giving the talk about inclusivity was my father-in-law; I know in the last few years of his career there he got involved in the push for diversity. He always talked very fondly of his career at the NSA.
I think in a lot of ways the NSA is a better workplace than any silicon valley tech company; you don't really have to worry about profitability, there's an enormous breadth of interesting work to be done, and you get to work with a lot of really talented people (I think the NSA is the largest employer of mathematicians in the US). Of course there are downsides too, like the low pay (set by Congress) and the constant drug tests and polygraphs.
Based on my discussions with him, I believe that the organization has two conflicting goals; to improve the IT security of the US and its allies, and to weaken the IT security of everyone else. And there are historical examples of the NSA doing both. But internally apparently there is a lot of debate about what the NSA should be doing, especially post Snowden. So yeah, I can believe that plenty of people at the NSA are deservedly proud of their work. Not everyone there is a cynical government drone working to undermine IT security globally. But of course when the NSA starts contributing to your project, you don't know which of their two goals they're working towards...
As an aside, my father-in-law is a very passionate mathematician, and in his retirement he just published a book on some interesting and approachable topics in mathematics that much of the HN crowd would probably find interesting:
https://bookstore.ams.org/mcl-22/
If the polygraphs are anywhere close to as bad as some CIA/NSA/etc. personnel describe online (e.g. [1]), no amount of money or interesting work can get me to have myself violated like that.
Even though the NSA falls under Department of Defense, their stated mission is to collect and process global information so more or less it is functioning very similarly to a human brain, providing intelligence and guidance not only in the security area, but it's also influencing all American domestic and international policies.
Even back in 2010, the NSA was already collecting over 1.7 billion of communication records every day. As far as I know, that amount probably doubles every couple of year so just imagine the enormous size of data that they have to process. It's no wonder the NSA is the only single entity in the world that own gigantic centers of supercomputers. Without AI technologies their information analysis mission would be nearly impossible so it just makes perfect sense the NSA is after those technologies. Honestly I would be surprised if they don't already own quantum computing power.
In addition to low-level firmware codes, I imagine for all those 1.7 billion records of data to be routed back to the NSA every day without a trace, completely invisible to the rest of the world, it must have required another hidden layer of network protocol beyond the current OSI model that we have. The low-level firmware codes must work in sync and convert data following the model of this hidden network protocol for it to transfer away successfully without being detected.
For it to operate effectively, the NSA must be miles ahead of any Silicon Valley company. Their work is truly astonishing no matter how you look at it.
I'm not sure about the NSA but I know that plenty of employers of that kind would frown upon having their personnel (or ex personnel) identified like that without their consent.
You're right of course. With Mel I know he's very forthright about his career in the NSA, so I figured it would be alright. I just confirmed with him too, just to make sure.
So all of this makes what they actually do as a living okay? You know, dragnet surveillance, physically wiretapping Google's internal network, backdooring encryption, etc.? Since when are we trusting the face value of anything somebody at the NSA says? Where's the skepticism gone from the Snowden days? Like, these people aren't our friends. Any code contributions from organisations like this, which do not have our best interests at heart and at worst actively attempt to subvert efforts at hardening encryption and other security efforts, need to be combed over with a fine-tooth comb.
Hell, as a European, the NSA is very clearly the enemy. Their goal is to protect US citizens, maybe, with very unconstitutional methods. They have little to no interest in the privacy or legal rights of people outside of the US, and yet have an unimaginable global reach.
The fact that they’re not committing their changes under a pseudonym or front company suggests that they’re okay with the world knowing about what they’re up to. Same with their reverse-engineering toolkit.
What Snowden publicized was, for the most part, completely hidden from the view of society. The NSA wasn’t coming to tech conferences announcing their new surveillance tools.
Don’t think that the new parts of Coreboot won’t attract scrutiny from security-conscious companies and individuals.
> The fact that they’re not committing their changes under a pseudonym or front company suggests that they’re okay with the world knowing about what they’re up to.
They are not committing their most secretive and effective tools on GitHub for Christ's sake.
I think a comparison to tech companies is quite apt - there are people at Facebook, Palantir, Oracle, Microsoft, Google, Amazon, etc. who are quite genuine about doing some open-aource stuff to improve the world, but for each of those companies you will find plenty of people who quite earnestly believe the company's wider mission will hurt the world. Do you accept network stack acceleration patches from Facebook if they'll accelerate mining personal data? Do you applaud improved V8 performance if it drives people from local apps onto monitored and monetized webapps? etc.
I think it makes sense to be cautious about all of these. I don't think the NSA is an abnormal risk to society, compared to the other major OSS contributors out there.
> they were interested in open source, diversity, big data, artificial intelligence, and all the other buzzwords
I'm sure they were. Being interested in modern technology doesn't imply anything about someone's intentions.
> They all seemed like they genuinely thought what they were doing was helping people.
I've known and worked with several people that used to work at the NSA. I have no doubt at all that they believed they were doing important, helpful work. For many people, most of the time, that was probably true. However, even the best intentioned person will have a hard time actually verifying that speculation; by definition, someone who believed that the NSA's work was good/helpful probably also believes it's important to respect compartmentalization and not ask too many questions about things they don't need to know.
However, this is expected, because it's what most people believe about themselves. As Quark explained[1] about his own motivations as a smuggler, "No one involved in an extra-legal activity thinks of himself as nefarious. I'm a businessman, okay?"
> they were pushing the diversity stuff hard
I saw the same pro-diversity effort at the DOE. I wouldn't be surprised to see similar efforts throughout the public sector. None of this says anything related to the NSA's trustworthiness.
It's a military agency whose stated mission goal (among others) is to be able to compromise any military or civil information processing system used by non-US citizens.
You're a bit gullible if you think that the nice folks from the NSA you meet have any say in what their agency does with the technology and projects they are involved in. I'm sure this aspect of it is one of the more frustrating parts of working for the NSA, especially right now, but it's also fair to say that they probably know what they signed up for.
More diversity means more chance of another Snowden. People are more likely to take risks to protect people similar to themselves, and more diversity increases the chances that the NSA is harming people similar to their own employees.
> I went to a presentation and talked with people from the NSA before and at face value they seemed like a silicon valley tech company.
Why is that a reason to trust them?
> They all seemed like they genuinely thought what they were doing was helping people.
The worst people in history all thought they were doing good too.
> As a an extra piece of information that I found interesting, they were pushing the diversity stuff hard
Diversity at the NSA doesn't factor whatsoever into whether I trust them or not. The damage they've done to secure communications and their cavalier attitude to dragnet surveillance is all I need to know about them.
The NSA is a huge place, you saw only a small segment. Their primary role is to spy on US and international citizens and make sure that nothing diabolical is going on. PRISM (and other programs revealed by Snowden) showed that they have no qualms about violating the Constitution and privacy rights of citizen in pursuit of their job. I am sure there are lots of good people at the NSA just working 9 to 5 feeding their families, however don't overlook that their job is to spy on anything and everything that is going across the internet in order to look for threats to the country, whether it is constitutional or not.
Of course, thats the image they would love to present. And of course, why would they even have the actual people in the know making these presentations.
And it is very natural they'd be interested in Big Data and Artificial Intelligence. Even a fool could understand why.
Don't drink the kool-aid. ...they probably have a bunch of LGBT African-American women whose sole job it is to be visible.
The NSA is one of the few companies legally allowed to do stuff like only hire you if you're a U.S. citizen and even say so in their job advertisements, and keep you out of certain kinds of roles (the ones where the real action is, probably), without being held to transparency standards and nondiscrimination laws that would apply to private corporates. They can always cite undisclosed nonspecific security concerns rather than having to say "We didn't allow that person into that role because it isn't a middle-aged white guy".
I'm 19. I've never been a fan of the NSA, my bad I should have been more clear with what I meant.
At least I got a cool notepad https://i.imgur.com/yu103Lg.jpg
When I was in college I used to have positive sentiments towards college recruiting events too. It made me feel very special to think that these organizations wanted to engage in a dialoge of sorts and be in business with me and my fellow students. Now (15 years later), I realize that these people are basically actors in a live-action TV advertising spot and no more credible than one either.
The core is usually HR-people who do these kinds of events as a fulltime gig. They are usually very much out of touch with the rest of their organization because they do indeed spend all their time talking to students, and almost no time engaged in whatever business their organization is actually engaged in. To spice things up, they throw in one or two "real" employees. The reason they come is because there will be an HR policy whereby an employee is enouraged to spend one day per year on an activity like that to tick a box for their next promotion, so they grudgingly go there, but still secretly think of it as a waste of time. They still play their role though in the live-action TV advertising spot and put on a friendly face.
My own experience is that I was quite entrepreneurially-minded when I was in college. I wanted to be in business with a lot of organizations, just not as an employee. I used to go to all these events, hoping that they can put me in touch with people who do certain things, know certain things, get to decide certain things, etc. etc. I would always hit a brick wall. Because the people at the recruiting fair are there solely to get you to interview for the internship program or whatever. If you approach them with any other kind of request, the HR-people are neither incentivized to, nor, in most cases, able to accommodate you. For the real employees (the guy doing his one-day-a-year-stint), you as a college student, are not worth actually investing time into, so they won't do anything for you either.
In other words: Their presence at the recruitment event is not the presence of a human being that wants to engage with you on a human level, nor the presence of an organization that wants to be in business with you, but rather the presence of a robot who can accept your application for the internship program and who is not programmed for any other kind of interaction with you.
You don't need to take my word for it, either. You can easily put it to the test.
Next time you go to one of these events, bring a pencil and say: "I will happily interview for your internship program, but as a sign that you are SERIOUS about wanting to engage in a business relationship with me, I would like you to use company money to buy this pencil from me for 50 cents".
Witnessing what happens next will hopefully rid you of feeling special. -- I can assure you, you won't sell a single pencil. If you do: That's the company you should work for.
I'm not in college, I live as a digital nomad in Eastern Europe. My parents wanted me to go down the traditional path so they made me talk to various companies/agencies to make sure I didn't want to get a normal job and go to school before I left. Your post made me even more glad I didn't go down the traditional path though.
It might be because Slack has support, a great UI, lots of users, and 'just works'. A company I worked with tried to setup Riot and Matrix and they were having all sorts of problems. Even when they tried to use the Riot.im website there were bugs and features from Slack they needed that were missing. What Matrix and Riot.im is doing is still good though, I hope it takes off.
"But Jonathan," I hear you say, "by providing a gateway aren't you just making Cloudflare a centralizing institution?"
The problem is the market share of these institutions. Google could argue that they aren't the sole gatekeeper to search since services like DuckDuckGo exist. This isn't really valid when you control a huge amount of the market share. I'm worried about how the internet is becoming super homogeneous, it really hurts startups. I'm not saying what Cloudflare is doing is bad, but the amount of control Cloudflare has is increasingly worrying based of all the services they are launching. Look at what it did to The Daily Stormer (I think they are disgusting and have zero support for them), it's clear that they aren't unbiased. If Cloudflare blocks your service on their VPN, DNS, DDoS protection, IPFS site, Ethereum, etc you are majorly screwed. Most people aren't willing to change their setup just to visit your one service. I still think what Cloudflare does is awesome, not trying to be too negative, just a little worried.
I think with tools like ipfs the situation is similar to git and GitHub. Yes github could screw you over but it takes very little work to get off their platform. With ipfs you just change your DNS (which is something you do every time you update the content anyway.)
For most purposes, Cloudflare is a DNS provider and CDN. There is no lack of other providers for these services, most of which would be happy to onboard another paying customer.
Unless you've structured your startup around Cloudflare's workers, I would expect ready pluggability.
My understanding of the daily stormer issue was simply that they didn't want to provide their ddos protection for them. Daily stormer was free to find another provider. And there are tons of cdns and ddos protection providers.
So I don't see how what cloudflare did there is any different than a hosting service refusing to serve pornography companies or whatever other unsavory business.
Of course, I realize the controversy was really about consistency in applying their policies. But cloudflare didn't shut anyone down.
There's always the first to fall... First it was the Nazis and White Nationalist... then the "Alt Right" ... then they labelled anyone they didn't agree with "Alt Right" or "Alt Right Adjacent" ... Now they're coming for the moderates and "TERF" feminists...
It always starts with one point and never recedes to reasonable.
Providing a gateway is not making Ethereum centralized. It's just an interface to read (or interact) with a running geth node. It's not mining/validating or contributing to the network.
It'd be interesting to see 'super private browsing mode' which has Tor integration be shipped with Firefox. Making Tor easier to use and more accessible for normal people is a huge win for privacy.
I know it isn't Firefox, but Brave is a Chromium-based browser that has Tor built-in with their 'Private Tabs'. It is a really nice privacy focused browser. Everything good about Chrome, without everything bad about Google.
> Everything good about Chrome, without everything bad about Google.
Except, of course, its use of the chromium engine, which is something I think we should fight against. So, basically, one of the biggest anti-features of Chrome from Google.
Not to speak about Brave's business model, around basic attention tokens (my attention is not available, sorry). This is incompatible with privacy. Brave is an ad company! It may be in a nice phase where ads are opt in but it may not be like that forever.
The obvious browser closest to Firefox including Tor is Tor browser, based on Firefox, provided by the Tor project itself.
The only added value that’s important is respecting users rights online and privacy. Brave is as bad as any of them, and being Eich’s new business venture doesn’t inspire any trust none what so ever.
You're assuming we're maximizing the productivity on our debt. I would say the US is spending money on the government equivalent of takeout food and flatscreen TVs.
That wasn't really my point, my point was that we take on enormous debt and we spend it on things that aren't the best. Why don't we spend more on infrastructure, research, investing in clean energy, etc? I understand that we need a military to protect our position in the world, but I'm not sure $750 billion dollars per year is needed. Sure some of that is spent on research, but I think there are more efficient ways to spend the money.
Well, because everyone in the US has brain damage from inhaling leaded gasoline in the 80s, and so they're stuck in 1992 and think all government policy means bombing countries in the Middle East while ignoring Asia, Africa and their own country.
I've been having a hard time getting people to sign up for my service, I found that it's easiest to get to know a person then shill them your product. I guess that's the equivalent of what Jeff Johnson was doing. It's a lot of work for little return, especially for a social media site. A shoe has a lot bigger profit margin compared to a website (per user). I'm still learning though, the site has a lot of other useful examples
I don't doubt that it's far easier to abuse traditional captcha systems, but I wonder how wide spread that is. A while ago I did a test with securimage and tensorflow/python/opencv/keras after I read a Medium post. While it could solve captchas with a little distortion when I added squiggles, dots, and more distortion it was unable to solve the captchas. I'm sure you could spend more time and create a system that can solve these captchas, I wonder how much effort some random spammer will put in to attack your blog. Yandex uses traditional captchas, and they don't seem to have any issues.
If you're serious about it, there is another option. You can move to Europe or Asia and live cheap while working on your business. I make ~$1,000 a month doing freelance work 30 hours a month. The rest of the time I spend working on my project ideas. My living expenses are ~$400 and I spend another $100-200 on project ideas.
I live in a dirt-cheap country and I find it hard to believe that you can survive on $400/month. Do you take a trip back home? Do you factor in the price of your laptop/phone? Does this include clothes/medical expenses? Also, what country are you living in?
I don't take trips back home, I don't have a phone, I don't have health insurance, I have one pair of clothes and gym clothes. I have an 10 year old x200 ThinkPad that cost $90. It's very fast, I use Arch Linux+Libreboot+Vim. I've live in Ukraine, Moldova, Macedonia, Romania and Serbia. Normally I stay in Ukraine or Moldova though.
My expenses are between $150-250 for housing (I live in youth hostels or Airbnb, I travel with my brother and a friend so we split the cost), $165 for food, and ~$20 for the gym.
I can't speak any language other than English. I've never had any issues. You can generally get what you mean across by pointing and/or shaking your head
I've never found myself interesting enough to start a blog. I might write a post on what I've been doing/how to survive as a 'digital nomad'. I think I'm in a unique situation since I've been doing this since I was 18. I was inspired by https://levels.io/eighteen/, but I know when I made the decision I wish there was more info/people talking about how they do it
As a an extra piece of information that I found interesting, they were pushing the diversity stuff hard. Everyone that gave the presentation were women (and they weren't low level people), they had an African-American person that worked there talk about how inclusive it was, they talked about how they're super accepting of LGBTQ+ people, and on and on. The tech stuff was for like 5 minutes, then the rest was on diversity (at a tech presentation, looking for recruits). I'm not exaggerating.