It is my opinion that Chris Hadfield has done vast amounts more toward popularizing space travel than NASA has in its entire run, the televised moon landings notwithstanding. The general public even got bored of going to the moon after the first few trips, as Apollo 13 dramatizes, but Cmdr. Hadfield has cultivated an enormous, captivated audience for what is arguably routine space travel. (That's not a dig at NASA; it's a compliment to Hadfield.)
That accomplishment is even more notable because while Canada has a space agency, most of the world wouldn't consider Canada "spacefaring" in the broad sense (also not a dig at Canada). That a man challenged himself in his career to become an astronaut without a clear path to orbit, then reached a position where he can bring space travel to YouTube, Reddit, schools, and countless young minds in a new generation with the light touch required to "make it stick" is an accomplishment worthy of immense praise. Maybe a Nobel.
EDIT: Holy cow, this got flagged off the front page in the time it took me to get coffee.
It is my opinion that Chris Hadfield has done vast amounts more toward popularizing space travel than NASA has in its entire run
I'm going to give an opinion here that has no evidence- so consider me devil's advocate-ing, I'd love to see contrary evidence. I have long suspected that Chris Hadfield has been phenomenally popular among the tech-inclined, tweeting classes- but has had a far smaller impact on the 'everyday' person.
I do not mean this as a slight to him in any way- I think he has done everything and anything that he could. But the mainstream media seems uninterested- the height of the NASA space faring days was when there were about four TV channels anyone watched- the mindshare it captured is incredibly difficult if not impossible to replicate today. It's very sad.
Young people are not the mainstream media's target audience, but they are Hadfield's. The obvious undercurrent to his efforts is to get more kids interested in science, engineering, and potentially space travel; mainstream media doesn't get ratings out of that, so it isn't really worth covering for them. This Bowie cover seems to be gaining some steam, though; as another poster mentioned, I've heard about it from several people not in my usual "tech" circle.
Listening to the kids react in wonderment as he demonstrated wringing a towel out in orbit really drove home that he's reaching, and really reaching, the right audience in a way that NASA has struggled with for decades. He is exceedingly well-educated and is probably aware of declining interest in STEM among younger kids and especially declining interest in space travel as a whole. (I don't have data to back that up, just basic anecdotal experience much like you, but it seems true.)
I can believe that he has impacted kids. I'd be interested to know how widespread coverage of what he's been doing has been in schools- and how far it extends beyond suburban middle-class kids.
Allow me to offer some anecdotal evidence to counter your speculation: in the waiting room at my doctor's office this morning, there were three little old ladies discussing his cover and how he's returning to Earth today.
(Mind you this is Canada where he's perhaps getting more press as a hometown boy done good)
He definitely gets mainstream attention in Canada. CBC Radio and the National news program often discusses his exploits and the Q radio program interviewed him live.
I second that opinion -- he deserves enormous praise. I must also add that this video -- with a real astronaut staring in awe at the stars and looking longingly at earth -- is one of the most authentic, touching, musical performances I've ever seen.
Oh, he's savvy on tech. Just not the way you want him to be.
Leland Yee is a heavy, outspoken critic of the ESRB and was one of the most vocal politicians during the "Hot Coffee" debacle. Not a fan of video games.
It's on the FAQ and, without saying the exact price, is discussed on the application. It's an education program, so I don't think a "Pricing" tab would fit as well (it'd feel a bit cheap, like Phoenix College).
I should not have to dig around the FAQ to find out it costs $12k, that's a large sum of money to consider spending before jumping into the class. It should, at the very very least be on the application, if not on the front page.
The price (at least for me) was not a _frequently asked_ question, but rather the _very first_ question I thought of asking.
Some hopefully-helpful clarifications of the inside baseball talk from just the overview (I haven't read the full zine), enhanced with inside and general knowledge I've gained in my travels on this mortal coil:
- HTP claims to have{, had} access to name.com, which Linode currently uses. This access enables an unauthorized party to update authoritative nameservers for your domain; i.e., if you host at Amazon, very likely your authoritative nameservers are Route 53 on your account. HTP would not have access to modify the zone directly through the registrar and would instead have to hijack the entire domain with a working, completely-transferred zone on their own nameservers. For this to go down entirely unnoticed is extraordinarily difficult. I won't say impossible, but damned close without a copy of the zone in hand and with Linode running AXFR disabled (you should be too). There are subzones of linode.com; they wouldn't have gotten them all, and it would have been noticed within minutes.
- In order to attack SwiftIRC, to get back at some script kiddies DoS attacking them after their last release (because you know, that's a good target to burn registrar access on and all), HTP decided to backdoor SwiftIRC via their nameservers which are hosted at Linode. That's not the same as the registrar nameservers discussed above, but is instead the DNS data actually stored on a Linode on SwiftIRC's account. They do not hint what they were going to do with it once they had hijacked the nameservers, and I will not theorize. I could guess, though.
- Before utilizing their registrar access (from the first bullet point) to hijack the linode.com zone and intercept manager logins silently by redirecting traffic via DNS -- also fairly difficult to pull off without a good linode.com certificate in hand, in terms of keeping the TLS session non-suspicious to a browser -- they instead discovered a zero-day in ColdFusion (Linode's stack) and got in that way. That's much quieter and much more likely to not be noticed. If we take the FBI's actions at HTP's word, the FBI was the only reason Linode was made aware of this outside of HTP's control; a DNS hijack would have been immediately noticed by Linode administrators.
- Knowing what I know (let's leave it at that), a successful exploit on Linode's ColdFusion stack entails a database of Linodes, DNS, credit cards, e-mails, addresses, and keys to decrypt the actual card numbers, and a lot more data. You have to decide whether to take HTP at their word that they deleted credit cards. Consider your credit card and all prior credit cards compromised if it were in the system before April.
- The access that HTP obtained does not, full stop, lead to root on Linode instances without at least one shutdown job or change of root password job showing up in your Linode's history that you did not ask for. Your Linode's root password is not stored in any Linode system aside from on your Linode itself. Your LISH password, as they say, is, and according to them is stored in plaintext; if you see things on your Linode's console (located under the Remote Access tab) that you did not type, that access was used upon you. If not, it wasn't. If you used the same root password on your Linode that you did for your LISH password, consider that password compromised. I'm suspicious of the claim that they rooted all those (assuming) customers without any of them noticing their Linode being rebooted to apply the new root password to allow HTP in, and I would read that as "potential access" instead of "access". They probably bounced some nmap.org servers to reset their root passwords -- a Linode system requirement -- without fyodor noticing. Which is interesting for a couple reasons.
- Also, the access they obtained does not lead to root on the Linode host fleet itself, unless they are holding back some extra access they obtained such as a shared password between the ColdFusion stack and administrator credentials for Linode systems, which I consider unlikely for a couple reasons. With several days to get familiar with the architecture, HTP could have used their database write access to do things on the hosts, but it's a fairly limited set of things. Dumping Linode's database is bad, but root on their hosts is far, far worse, and by indications, I don't think they got it.
- How does this relate to the Bitcoin hacks of yesteryear, you ask? The Bitcoin hackers probably got in the exact same way -- Linode hinted at a compromised admin credential, which is close enough to do everything HTP was able to do -- then shut down and reset root passwords on the Bitcoin Linodes they were after, which then gave them filesystem access.
So ends clarifications, thus begins conclusions:
- PAY ATTENTION WHEN YOUR SERVERS ARE REBOOTED WITHOUT YOUR COMMAND.
- PAY ATTENTION WHEN YOUR SERVERS ARE REBOOTED WITHOUT YOUR COMMAND.
- Linode added a feature that shoots you an e-mail when your Linode is manipulated in any way via jobs, such as resetting your Linode's root password (a la Bitcoin/HTP hacks). It's depressing they had to do this, but pay attention if you get the mail. External monitoring like Nagios that pages you when your server goes down is also a good idea, as long as it is hosted at another provider.
- EDIT: After reading the zine, yet again, /CFIDE is the vector. There's no excuse for not hiding your administrative tools, generally the soft underbelly of the whole smash, from the Internet. None. It's one rewrite in nginx. Match /CFIDE<anything> from the public, redirect to /. Done.
- EDIT: Again, after looking at how trivial the exploit was, it's probably time to reconsider using Adobe ColdFusion from a business continuity standpoint. Half Linode's fault for not hiding /CFIDE, half Adobe's fault for the engineering missteps that lead to this capability for a remote attacker. We should be just as hard on ColdFusion as we are on Rails.
- SwiftIRC is a den of inquity, up there with EFnet; if you run a hosting provider, think twice about permitting SwiftIRC anywhere near you. To reiterate that, Linode was a casualty of someone going after SwiftIRC. Delink their nodes, cancel them, and kick them to the curb if you're interested in preserving your business. Not worth the money. Same with damned near all the IRC networks except OFTC and, to a far lesser extent, Freenode. There will always be targets but harboring SwiftIRC is probably a malicious-actor magnet.
- Registrars (and CAs, though that's outside this discussion) are the weak point in the entire system. This is not the first time they have been shown to be so. Linode could be Fort Knox of digital security but if name.com falls over, it's all over; that's entirely outside of Linode's, and your, control. Currently, the registrar market is heavily profit-centric and, personally, I think people spend far too little on a domain in the general case. I would happily pay a registrar a lot more money -- hundreds a year or more -- if their offering were run competently, as it is fairly obvious name.com isn't. Compare your hosting bill to your registrar bill; what's wrong with that picture?
- HTP is apparently fairly easy to troll into using valuable access for vengeance purposes. Shameful target selection and a burn of a good hack just to root SwiftIRC. That's like pissing in the ocean for a good time.
- Linode got railroaded here and the general reaction by folks is a little overdone. You know that's true when even the hackers' overview of the hack specifically calls out people bitching about Linode security on Twitter. All it takes is one zero-day, and you will all be hit by one in your career, so cut Linode a little slack.
> - Linode got railroaded here and the general reaction by folks is a little overdone. You know that's true when even the hackers' overview of the hack specifically calls out people bitching about Linode security on Twitter. All it takes is one zero-day, and you will all be hit by one in your career, so cut Linode a little slack.
Unfortunately, there's not much slack left to cut. Linode pulled that line taught with the last major breach of their system (and their subsequent opaque response).
It's clear Linode's security practices leave a _lot_ to be desired, and their response to this incident, while better than the last, didn't go anywhere near far enough in terms of transparency (as well as demonstrating some fundamental gaps in their understanding of the current state of infosec).
I didn't pull my hosting from Linode because they got hacked, I pulled it because they were hiding this from me. I even went as far as replacing the card I used to pay them and dealing with the massive headache of updating payment info with a new card number because I didn't know if I could trust their assertion that CC numbers didn't get released.
If I can't trust you at your word, you no longer have the privilege of holding my data or my CC info. Two breeches with a lack of communication really does spoil overnight the trust that has been built up over years of wonderful and reliable service.
I'm curious to know who you moved away to? and what gave you the confidence that they are a) better at security b) better at communicating transparently when things go wrong.
This security incident is very upsetting, but for me the linode track record in communication, responsiveness and support is still pretty amazing compared to the competition. At least at this price range.
AWS might be safer, but I basically don't get any support (for a reasonable price like I pay linode), Rackspace didn't seem nearly as responsive or transparent on much more trivial matters. Who else is out there which is worth switching to?
I have found lots of the smaller VPS providers (especially those that provided dedicated/colo services) to have great service. Check on http://webhostingtalk.com
I fail to understand how you can think Linode has a great track record. It is an unequivocal disgrace. TWICE they have mislead their own customers over a major security incident. And there have been lots of times during outages (in particular my time at Fremont) where they were MIA.
I give Linode a lot of slack. When people say "Oh, they should be more secure" I often say "Really?"
In an ideal world, yes, they should be more secure. However, as in this case, they got taken advantage of via a zero-day attack, with others planned well outside the scope of what Linode could have planned for. Which is insane. Can you even name something, anything that they could have done to protect themselves? Additionally, given the unique form of attack, figuring out what was going wrong was probably not possible. Thus, they knew as little as you did.
And then, everybody switches to some other provider. But do they switch to "super secure, we examine every byte of the software that we run to make sure we're bullet proof" hosting provider? NO, everyone just switches to another commodity VPS provider that is vulnerable to all the same super high level attacks that Linode is vulnerable (maybe even more attacks, given that Linode actually has a tremendous amount of experience).
In reality, you're only getting more security by switching to a less prominent hosting provider, A.K.A. security through obscurity. Which is the worst kind of security because it's not secure at all.
It's like getting mad at the mayor of your city when a meteor falls on your house: unproductive and misguided.
While what you say has merit, Linode's actions demonstrate an ambivalence toward security. Public key encryption for card numbers (yay!). The private key stored on the same machine and the key loaded in memory (boo!). ColdFusion was not properly secured (simply preventing access to /CFIDE would have neutralized this vector) and they focused first on preserving themselves. I've also been personally annoyed when there are sweeping outages and information is withheld for seemingly arbitrary reasons. Support is apparently instructed to be vague. It's overwhelmingly frustrating.
I'm just as annoyed at Amazon for this, to be honest, and in the large, annoyed at our industry for being so unnecessarily secretive. We need to stop thinking of our infrastructure as our competitive advantage; to pick on Google as an example, while Google are obviously masters of running systems at scale, their infrastructure efficiency is not the reason people choose Gmail. Obviously their platform gives them some competitive advantage but, for example, their policy of withholding even the innocuous names of internal systems is bizarre. I think the rest of the industry follows that lead.
It's weird that we embrace openness in the FLOSS communities but when it's time to build a revenue-making company, the details of the inner workings are immediately a hush-hush secret. If you're doing something simple enough that describing it means someone can replicate it, it's an idea that can be replicated trivially anyway. I bet everybody in hosting knows how Linode works, and I doubt there's any kind of espionage taking place.
In this case, it's fine to be secretive if you'd like, but at least tell me how you plan to prevent the problem from recurring. Linode always says "we're working diligently to prevent this from happening again" but provides no details whatever. The announcement from the founder of Linode[1] underlines this; the entire tone of the post is "here's how we band-aided the immediate problem," with no details on where they go from here as a business or culture.
I tend to agree with you. We don't see much transparency in the industry as a whole.
When a security incident happens, I believe most security professionals would advise to keep details to the minimum necessary. I can imagine how misleading info can cause panic and dire consequences (to both linode and its customers). In Linode's case this could have been mandated by the FBI even, giving Linode no choice.
For me, linode is still one of the more transparent providers out there. I doubt AWS or any other provider would be more forthcoming if something similar happens.
Of course, there's a lot of security improvements to be made. I hope Linode would shake-up and improve and signs are they're doing that.
I'm still curious to hear some brand names that are better in that respect (hence my question about). From what I read there really is no better alternative currently at this price range.
I moved away to me. I enjoyed having my test server in a data center so I could work on it from anywhere, but it wasn't worth risking a security breech where no one would tell me I had been compromised. Instead, now I somewhat inconveniently host it on a machine sitting in my basement.
I'm merely a hobbyist/researcher, so I don't have a production environment to worry about.
I see. For me this is unfortunately not an option.
I need to be able to serve my customers, and they are all over the world. So I need a provider with data centers in multiple global locations, that offers an API, that has decent support that responds quickly, and at a similar price range... Interested to find alternatives that are also more secure and better at communication.
> The access that HTP obtained does not, full stop, lead to root on Linode instances without at least one shutdown job or change of root password job showing up in your Linode's history that you did not ask for.
If they had access to the database, it may have been possible to delete malicious jobs from people's histories. Even if the user had email notifications turned on, an attacker with full access to the database could have turned it off temporarily (just flip a boolean flag).
That's a good point and I hadn't considered it. It still reboots your Linode, though; worth considering a 'echo "I just rebooted! Did you expect that?" | mail' in your rc.local for this reason, since a reboot should be an infrequent event.
yeah, but will likely reboot it into recovery mode so they can remove anything like that from your boot sequence anyway, and if they don't notice it, they will be done by the time it goes out anyway. External monitoring is the best way to notice the node went down.
> For this to go down entirely unnoticed is extraordinarily difficult. I won't say impossible, but damned close without a copy of the zone in hand and with Linode running AXFR disabled (you should be too). There are subzones of linode.com; they wouldn't have gotten them all, and it would have been noticed within minutes.
what's stopping the bad guys from just proxying dns queries they don't care about to the original NS?
with this sort of trickery you could get a "domain control validated" https certificate too!
Hence why I hedged impossibility, and while I can think of a way that would work, it'd be tricky. You could probably hack BIND to do this (in resolver mode) fairly trivially, but I'll defer to the actual security experts here of which there are many to shed light on whether such an attack is commonly observed in the wild.
My usual suspicion is that in general, the volume of DNS traffic should give you pause before you start putting custom code in the path of answering a query. Clearly it's possible -- Route 53 is built upon that very notion -- and I suppose in this scenario it's feasible.
Don't forget every Linode has a hostname under linode.com. I think splicing yourself in and running a conditional on every query would overwhelm whatever you point the firehose at and you'd have to plan accordingly. All it would take would be to add a couple hundred milliseconds of latency to the average DNS query (even before the inevitable carpetbombing of p99 latency) and a competent high-traffic administrator is going to start looking around.
It's not about size, it's about rate and introducing latency. Just the hijack itself is going to add DNS latency, which is monitored by any competent operations team. Expert operations teams, and I know of one, also monitor the BGP path to their public addresses (including nameservers) to detect things like the Youtube kerfluffle.
Adding a conditional ("do I answer or do I proxy?") on every DNS query -- and there are many -- is going to introduce enough latency to be noticed unless you throw a lot of gear at it. And you're still going to introduce latency by inserting another hop. That's my point, though I do agree with you.
>Adding a conditional ("do I answer or do I proxy?") on every DNS query -- and there are many -- is going to introduce enough latency to be noticed unless you throw a lot of gear at it. And you're still going to introduce latency by inserting another hop. That's my point, though I do agree with you.
Welcome to the world of recursive name servers, there is a lot of software out there that does exactly what you just mentioned, I fail to see what would be hard about making this change.
Adding a conditional ("do I answer or do I proxy?") on every DNS query -- and there are many -- is going to introduce enough latency to be noticed unless you throw a lot of gear at it.
Hm, why? Any modern CPU is blazingly fast. Writing it in Ruby probably wouldn't be smart, but Python + PyPI or Lua + LuaJIT would easily get within a factor of 10x of C.
I didn't say it would be technically impossible, I said it would be noticed. If you make it a theoretical problem, and it most certainly isn't (there are a lot more practicalities involved), you're adding at least another string compare to every query. That's enough of a latency shift for me to notice in my graphs -- I notice when the Internet reroutes itself and my DNS latency goes up by 5 milliseconds.
This isn't a "could it be done?" exercise, it's more of a "could it be done without detection?" exercise. For this specific case, it's a pretty big risk.
I wasn't speaking theoretically. I don't understand how a pipe read + string compare + pipe write would add 5ms per query.
As for detection, that was the reason I brought up CPU power. Modern CPUs are so fast that that it seems like this redirector would hardly generate a blip in any chart (such as top).
I don't care about proving anybody wrong. I care about filling my knowledge gaps. I.e. it's interesting to try to figure out how something like this would be detected in practice.
You'd be using network sockets, not pipes (pipes are slow as fuck btw). And it would add the latency of the network transmission in both directions, plus the processing time, which would add up to much more than 5ms unless you're on the same network segment as your target. And higher CPU load increases latency.
Who is going to notice increased latency in DNS queries? Most likely web developers. Nobody else I can think of would do (non-cached) bulk DNS queries to random domains and actually be looking for millisecond changes in lookup time. And those developers would have no insight to the DNS infrastructure serving requests, so they'd have no idea to contact the DNS admins to investigate. Even the DNS admins could be fooled before they contact network admins to do further research.
The bottom line is not "has DNS latency changed?", it's "has DNS latency become unacceptably high enough to force me investigate?" Unless it's becoming a problem, I think anyone would ignore increased latency because they have ten other work tasks to deal with.
> Unless it's becoming a problem, I think anyone would ignore increased latency because they have ten other work tasks to deal with.
You'd be surprised once you start working with larger, higher-traffic infrastructures. If our average external DNS query rises 200ms, my phone goes off. There's more slack on p99, but it's also monitored.
All of the timings for the various parts of a request to the system that I administer are instrumented from a small libcurl app running in multiple ASNs remotely, because Pingdom and other services do not provide the resolution that we need. They are then rendered on a stacked graph that always lives on my third monitor, and any significant deviation averaged out over five minutes catches my eye.
I know it sounds like overkill, but it's crucial at scale.
Okay, so, when you notice your DNS latency going up by 5ms... how much investigation do you then do to confirm exactly what caused this, and have a very high confidence (how high?) of ruling out it being caused by a MitM on the DNS? Really?
Without getting too far into specific operational security -- the same reason that I hate there's an entire branch off my thread discussing this specific attack, which I think is detrimental to the discussion -- we have monitoring in place to tell me if this exact attack happens. Within seconds. The latency would just be a clue.
Think about the dumbest way you would do that. Then implement it. That's how simple our system is.
"because you know, that's a good target to burn registrar access on and all"
No, nearly ideal use. Its like a strategic nuclear weapon. You don't use it sneakily, that's the opposite of the whole point. Always intimidate as publicly as possible and in the tech community messing with linode is about as public as it gets.
The other part is showing off, its like declaring "we have access to them all but we don't care about name.com". Maybe they do...
They didn't utilize the access to go after Linode. They intended to utilize it to go after SwiftIRC, which nobody gives a shit about. That's where my comments came from. Linode just happened to be a nice prize on the way.
Yeah, I mean, it's supposed to come off as showing off, right? "Sure, we're so crazy good, that we can take out name.com and linode just cause some script kiddies pissed us off, no sweat. Don't mess with us. And we're so in it for the lulz, that' SURE we'd take out linode and name.com just to get some script kiddies, and not bother trying to sell the CCs or anything."
Or, they're lying. I mean, they could be lying about the whole damn story, who knows (not me).
Assuming the account is completely true though, I would say they succeeded in showing off. It's pretty impressive that they took over name.com and discovered a CF 0-day just to get into Linode, all just to fuck with one IRC network no one cares about.
> All it takes is one zero-day, and you will all be hit by one in your career, so cut Linode a little slack.
Actually, the biggest lesson I'm taking away from this is to never trust any one piece of software, and to always have multiple lines of defense/alerting sitting on independent software stacks.
> The access that HTP obtained does not, full stop, lead to root on Linode instances without at least one shutdown job or change of root password job showing up in your Linode's history that you did not ask for. ... the access they obtained does not lead to root on the Linode host fleet itself
I wouldn't bet on that.
> There will always be targets but harboring SwiftIRC is probably a malicious-actor magnet.
Isn't that the same logic Everydns/Dyn Inc. used when they censored Wikileaks?
> All it takes is one zero-day, and you will all be hit by one in your career, so cut Linode a little slack.
I don't need to wager, and can speak with authority based on what I know (which I'd prefer to leave vague). There are two vectors into a Linode's filesystem from the perspective of an internal attacker: having root on the Xen host or gaining a login on the Linode. Knocking over the database and Web server gives you neither unless the person reused their account's password as their root password, in which case it's behind a cryptographic hash and subject to the typical rules there. If you own the database, you do have LISH access which gives you the equivalent of a VGA console; if someone left that console logged in, it's a vector as well.
The only vector HTP would have had in the general case would be bouncing the Linode. It's a fairly sufficient air gap, in a way.
ISTR being able to back up Linode images, migrate them around, and perform some other admin tasks from the web interface. So I still wonder if the "air gap" API is a bit more powerful than simply the ability to request a reboot. But, again, I don't know.
The buttons belie the existence of an API that can "instruct the hosts to do things". Some of those "things" are pretty powerful.
Without knowing what those things are, I'll just take your word for it that none of them could ever possibly be leveraged to compromise a host or guest without unmaskable and permanent messages appearing in the logs.
You have to decide whether to take HTP at their word that they deleted credit cards.
Don't we also have to take them at their word that they even had decrypted CC's? I haven't seen any proof yet that they obtained the decrypted private key, just their statement saying they grabbed in-memory keys.
If they pwned the server that accepted the HTTP(S) POST with the payment information, they were in a position to obtain at least some CC numbers. They were probably also in a position to obtain the keys by which the CCs were encrypted.
The encryption keys are useless. The decryption keys are what's important. You do have a point that they could have theoretically intercepted HTTP(S) POSTs, but I don't think anyone's claimed that they actually did that.
Yes. Linode publicly stated that they were using public-key cryptography, that the private key was secured with some crazy-long passphrase, and that the passphrase wasn't stored digitally, meaning that once a month when they billed they had to manually enter the private key.
So for the hackers to get the decrypted private key, then either Linode must have royally screwed up and kept the decrypted key in-memory during the rest of the month (which seems rather unlikely), or the hackers must have had control of the machine during the time in which they did billing (which I don't think is true, because billing presumably happens either at the start or the end of the month, and didn't the hack take place a bit earlier than that?).
So yeah, I believe them when they said they got the private key. But nobody's said anything to convince me that they got the _decrypted_ private key. And if the passphrase really is as long and complex as Linode claims, then it should be reasonably secure (caveat: I am not a security researcher, or otherwise qualified to judge the security of anything).
> So for the hackers to get the decrypted private key, then either Linode must have royally screwed up and kept the decrypted key in-memory during the rest of the month (which seems rather unlikely),
They bill you the moment you add a Linode, automatically, if your credit is not sufficient to cover the new Linode. Careful walking that assumption too far; I think it's safe to say the key was kept in memory.
Well it's not like it originally comes in encrypted with the public key, it has to be on there for a short amount of time already, why would they keep the unencrypted version around longer than the initial billing?
re: your first paragraph, there is a way to jack an entire DNS record and not miss anything. It involves writing a custom DNS server. Once you become the primary, as the queries come in, if you are queried for a record that you don't know, you simply forward the query to the old primary and then store it yourself. Works all the time.
Domains are jacked and proxied a lot more than people know. The hackers have custom tools (rather than Squid + BIND etc.) that perform these tasks and keep them hidden.
Even better, you could host spoofed DNS for a number of Linode's on a single small 128-256MB virtual machine. The infrastructure required is tiny. Definitely possible, definitely happens all the time.
It bugs me that apparently, everything I'll ever host can just be "owned" at will by some random bunch of hackers doing whatever they feel like doing. Is it feasible for a "mere mortal" to stay safe?
User input is trying to kill you until proven otherwise. And even then, it probably still is. If you accept anything from a user, treat it like you're carrying spent nuclear fuel around your application; that doesn't just mean form inputs, either; sometimes you have to wear gloves that even consider files read from the filesystem as suspicious. There are numerous attacks on temporary files if implemented incorrectly.
Damned near every exploitable security problem in an application can be traced back to this one simple rule. XSS is a common one. The ones that don't conform to the rule are rare and magical, like unicorns, and usually involve something exotic like hardware side channels. If you take input it will be abused, so plan accordingly. That occasionally manifests in unexpected ways like timing attacks, in which case an attacker repeatedly sends you lots of carefully-chosen input to deduce something based on how long it takes your code to reply, much like cracking a safe. It's a basic attack on a string compare, which is O(n). This simple code is vulnerable:
A timing attack would try to deduce each letter here, since the string comparison will short-circuit once it finds a wrong character. Using a simplistic model, say I sent 'a' through 'z'; 's' took 10 time units to respond, but the other characters took 8. Now I try 'sa' through 'sz', and go from there. As a thought exercise, try to imagine a few ways to prevent it, and consider the pros and cons of each; now you're thinking in the security mindset.
Securing an infrastructure is another story, but the rule is applicable with the occasional clarification to everything there, too. There are domains of trust even within your own organization; malicious employees will try to harm you, as well, and you get little to no warning of those. Do your interns need root on machines containing customer data? Employees are users too.
Well, it's somewhat comforting to know it's mostly about user input. Thanks! Not that it's easy to secure input handling either.
I've seen that kind of timing attack discussed somewhere, and the solution there was to do some kind of byte-by-byte comparison that would always take the same amount of time. It makes sense.
Security is about mitigating risk, not about eliminating it.
Keep up with CVE's, don't provide a wide attack area (so lock down interfaces to your machine and don't expose much to the world), and keep blast radii as small as possible (so even if your machine does get owned, you can possibly restrict it so it doesn't automatically mean they gain access to other systems in your network.)
Oh, and model the threats to your network/application. Make sure you're securing against the right threat. As an example, anti-malware is wholly ineffective against social engineering - maybe it's more productive to train employees and make sure that each employee doesn't have total access to all privileged systems.
If you've redelegated a domain which you don't have a full copy of to your own servers, couldn't you just proxy all the requests that you don't want to hijack to the original name servers?
Not publicly, as far as I know. They claim to have deleted them, but I don't think it's exactly possible to prove you've deleted every copy of digital data. You should probably assume they're compromised.
Running on Windows on the developer's workstation, no less...
Let me quickly clarify that I'm not anti-Windows, it was just a double-take to see it used as a workstation for security research like this (though I'm using the word 'research' lightly). Strange article all around, lots of it caught my eye.
Maybe they have only windows licenses of IDA pro? There are a few very useful tools for windows - especially for reverse engineering and hardware/embedded stuff.
The residents who fight tooth and nail against going up and more dense forms of housing are just as much to blame as the BoS. The city could ignore them, yes, but government is about what people want.
Most residents of San Francisco -- homeless, tech, lower-income, whatever -- want absolutely nothing to change except for what makes them happier. And in most cases, the loudest, wealthiest, Pac Heights/Sea Cliff voices want the "charm" of San Francisco to stay the same. Meanwhile, it's one of the most undesirable places to merely walk around that I've come across in my life, and I only work in the city because I have to. I will never move to the city.
Some of the comments are already popping up on TechCrunch; "do you want SF to be the next NYC?" My answer to that is abso-fucking-lutely. New York City is perfectly suited to dense living without gritting your teeth; the subways run 24/7, the risk of stepping in homeless shit is significantly lower, there are very few places in NYC that make me cringe as much as the TL after sundown, the varying cultures get along and complement each other instead of beating Google Bus piñatas at a dirty-ass BART station...
If San Francisco slowly became the next New York City I'd be pleased as a peach. (Imagine NYC with SF's weather!) But it will never happen in our lifetimes. Honestly, I think it's a California thing, because L.A. has a better shot at it and that's not going to happen either.
> it's one of the most undesirable places to merely walk around that I've come across in my life
I hear that. Every time I come to SF I'm reminded of why I never want to live there (I live in Seattle).
> "do you want SF to be the next NYC?"
+1.
Frankly, I see a lot of the same shit (not literally, but you get the idea) here in Seattle, and I find it incredibly disappointing. There's constant hand-wringing about the lack of affordable housing, but the minute solutions are proposed, all of the once-upon-a-time hand-wringers vociferously cry out "Not in my backyard!"
The NIMBYism has to stop. I can only hope that as people in their 20s grow older and turn into those louder, wealthier voices, that they remember just how much it sucked for them to live in a city that didn't properly increase population density when it should've.
I wouldn't hold your breath. The current generation of suits were protestors in the 60s before giving themselves debt-financed tax cuts in the 80s and complaining about socialist kenyans in the 10s.
The fear that SF would turn into NYC is definitely odd. Seems to me that SF has already taken on the bad aspects of being NYC, while avoiding many of the good aspects. Becoming more like NYC could only be an improvement.
San Francisco's tourist areas is almost like a completely separate universe than San Francisco's residential areas.
On one side you have old streetcars, cable cars, cute restaurants, tourist traps, and wide sidewalks.
On the other side you have extreme poverty, homelessness, gang wars, a huge violent crime problem, literal shit and piss in the streets, and enough race and class tension to cut with a knife.
The two seldom cross, but they do sometimes. The southern end of the Powell cable car stop is one such place. Walk just a teensy bit further west along Market and you will notice a complete collapse of the city. In the Union Square area head just a few blocks west and you will be in the middle of the Tenderloin, which is the infamous heart of unsavory and disgusting things that happen in the city.
More adventurous tourists that don't rely strictly on the most standard guides will also get to see the other side of the city. Find your way down to El Farolito in the Mission for their famous tacos and burritos? Welcome, you're now in contested gang territory where randoms get shot as part of gang initiations.
It's a puzzling city. I lived there for a year, and while I enjoyed a lot of it, my overall impression was deeply negative.
I used to love to go to the Roxie Theater in the Mission, where they showed movies you might never encounter otherwise. During a retrospective for some anniversary of a Friedkin film, the great director himself just came walking up the sidewalk right through his speechless fans.
On the other hand, I have been stuck in traffic on Mission near 17th while the SFPD put down rows of little yellow numbered plastic cones across three lanes of traffic -- one for each shell casing.
Is there any public transit facility less welcoming than the urine-drenched BART station slash homeless zoo at 16th? Yes, actually. Just pop down to 24th, if you dare.
Heroin dealers used to turn little alleys off of 26th into open-air markets in the wee hours. Maybe they still do.
I just can't bring myself to visit the Mission anymore.
Well, it depends. If you only ever hang out on Valencia (or west thereof), the Mission is vibrant, active, and more or less safe. Just grungy enough to be interesting, and the worst you can expect is a bar fight.
The Mission is very different to visit vs. to live in. It reminds me slightly of Belltown in Seattle - nice to visit, kind of shitty to live in. If you're just there on Thursday nights a lot of the awfulness of the neighborhood fails to bother you.
Catching a giant whiff of shit and piss coming out of the BART station you can shrug off when it's once in a while, especially when you're on the way to a good night out. When it's every single day, to and from work, all hours of the day, it becomes tiresome. When you pass by a homeless dude passed out (maybe dead? who knows) on the sidewalk you can shrug it off, but when you see him slumped over every day on your way to work it starts digging at you. When you hear about some poor Mexican kid who got shot as part of a gang initiation, you can think "how terrible" and get on with your day... when you see the street-side memorials, and then you see another a week later, and then another, it becomes different.
The Mission is a different beast when you live there vs. just visit. If you decide to cocoon yourself strictly in the heavily gentrified western border of the Mission (because let's be honest, the Valencia corridor is a tiny sliver of the Mission), you will never have to deal with any of it. For many people though, the Mission includes everything east of Mission St also ;)
Not to mention, once you leave the bar and restaurant stretch along Valencia/Guerrero the whole thing becomes really shitty, really fast. Have you ever walked down Capp St at night? It's two blocks away from party central at 16th and Valencia. You really, really don't want to.
The Mission isn't Afghanistan, but it's objectively a troubled neighborhood that is among San Francisco's most violent (which is a small feat in itself, considering that SF as a whole has elevated violent crime rates compared to other major American cities). The Tenderloin tends to get a bad rap as SF's "worst" neighborhood - but its violence rate is actually not the highest in the city. Even more concerning is that the Mission's violent crime rate is largely driven by gang activity, which sets it apart from other neighborhoods of the city also.
Yeah dude, I live there, the southeastern sketchy part, and I've been jumped off of my bike by random people for no other reason than they wanted to kick my ass. And I don't hang out on Valencia street at all. So thanks for being presumptuous, but you missed that one by a longshot.
You're still overstating the case. Yes, gang violence is prevalent, but its not like in Oakland where bystanders get shot for shit they had nothing to do with.
And I should add, I live about a block from where that 19 year old football player got shot a few weeks ago. I saw the memorial, the posters up all around the block, the whole thing.
I think you should ask yourself what made you automatically assume I was the kind of person you're describing in your response to my original comment. Because this whole debate is constantly poisoned by idiotic assumptions on both sides.
San Francisco is one of the only places I've ever commuted where the question isn't if you'll step in human shit, but when. The quality of my workday usually begins with "did I get a face full of hot, evaporating urine and avoid a pile of shit on the way here today? no? gonna be a good day."
The people that live near my office on the ground level have put up "please don't defecate near our door, this leads right into our living room" signs. Good luck getting anybody to care. Nobody cares. I bet if someone dropped a deuce in front of a New York bodega, there'd be a dozen locals competing to rinse it off. I love New Yorkers. Tough as nails and been through some shit, man, and you really get that in the culture.
Walk around late enough in the same neighborhood and appear vulnerable and see what happens, too. If you stuck to the various places that we keep squeaky-clean for tourists, that's why you didn't notice.
What is it about San Francisco that causes its denizens to defecate on the streets?
I've visited it as a tourist many times, and have walked around extensively in neighborhoods such as Nob Hill, Fisherman's Wharf, Union Square, Financial District, and Inner/Outer Richmond. Never stepped on human shit, much less dog shit.
Homelessness and a government whose attitude towards it is to pretend the passive aggressively opposing them will make them go away.
The city has, over the past decades, slowly taken over all public seating in homeless-prone areas of the city. It's a sunny day outside and you want to have a seat and munch on a sandwich instead of eating at your desk? No can do, there are literally no seats, benches, or anything that might be remotely comfortable to rest on.
Ditto public restrooms, which have been taken away under the same pretenses.
Of course, the response hasn't been a decrease in homelessness - they lean, lie, and sit against buildings just fine, and they piss and shit in the streets just as well too.
San Francisco's stance towards homelessness seems to be "if we make it inconvenient to be homeless, people will stop being homeless", which strikes me as shockingly idiotic for a city famous for its liberalism.
Heh. Where I live (Long Beach, CA), they deal with the homeless in equally idiotic ways.
I was volunteering for an "alleyway beautification" project in downtown, and it just turned out that there was a small, cute park adjacent to the alley. To our dismay though, we found it to be locked 24/7. When we asked the city officials, they said it got locked because the homeless were using it as their living space!
Similarly, when the cops are dealing with homeless people with mental disorders, do you know what they do? They don't actually take them to the station to write them up - they learned long ago that doing so doesn't accomplish anything (the system is not equipped to deal with mental disorders, especially in people with no money).
Instead, they sit them in the backseat of their patrol car, drive them over to one of the adjacent cities (i.e. San Pedro, Carson, etc.) and drop them off there. That way, those homeless become that other city's problem!
Can you believe it?
It's crazy. I feel really bad making this analogy, but it's like sweeping the trash under the carpet and pretending the room is clean.
In Detroit the police used to round up homeless people in vans and after promising to take them to shelters, dropped them off in the nearby city of River Rouge. If you're not familiar with River Rouge, that's where nearly all of Detroit's heavy industry, such as several steel plants, is located. Here's what it looked like in the 70s:
When I visit family, the I-75 bridge over River Rouge is a windows-up, vent-closed affair. River Rouge is rather famous these days for annoying Canada with hums, too.
SF needs to do what NYC did in the 90s. Bring in someone like Giuliani who will really crack down on these issues. That's basically impossible though with all the liberals in SF.
I'm not sure I'd call NYC's policy less liberal overall, though it's different. It puts considerably more effort (and money!) into providing housing in the first place: about 5% of NYC's population is housed in public housing, versus about 1% for SF. NYC's homeless shelters have also been somewhat more effective at transitioning people off the streets and into apartments, though with recent budget cuts some of the programs that were used for that have been cut, so we'll see if that persists.
The difference between SF and NYC is in SF the homeless never freeze to death. And the difference between SF and Oakland is in Oakland the cops will taser you and the street gangs will break your legs for sleeping in the wrong neighborhood. Compared to everywhere else, SF is a hobo paradise.
I think L.A. is going to happen because it has a dictatorial and thus effective office of Mayor. Antonio Villaraigosa has been cracking the whip and I think his successors can follow in his footsteps.
Oh, I forgot to follow up. Private schools tend to be very different in terms of stuff like what happened with that girl. Its a mix of the higher end parent base along with tuition checks on the line.
Why does this girl deserve attention? Why did she get it? I genuinely can't come up with a reason.
Are you guys prepared to contribute to the legal funds of everyone who is expelled and charged with crimes for unfair reasons? Because this is absolutely not out of ordinary, and I've personally seen a 12-year-old expelled and nearly charged with a crime because his mother packed him a steak knife without realizing the school's zero-tolerance policy.
I wish this girl the best and she deserves a fair trial, but sometimes I wonder if society's tack of showering money on people's legal fund merely because they made news puts incentives in the right places...
If you down vote, can you explain why? I'd like to have an objective conversation about this without drive-by downvotes to shut me up.
I'm not sure where you pulled that number from. I've successfully defended against multiple charges in my life, unsuccessfully others, and the only money I was out was a couple forms and bail, which I got back. The charges I got out of involved a public defender. When I hired a lawyer, I was convicted.
I think there's a lot of misunderstanding about the criminal system from people that have never been through it and, by the very nature of how the criminal system works -- especially if you end up in front of a jury -- it's impossible to predict how anything will play out.
I'm more concerned that people are donating to a legal fund after reading news statements and, possibly, the police report.
I have never been convicted. I have been through 5 court cases in my life time, including reaching the Supreme Court both as a plaintiff and as a defendant. I am 26.
So one's civil -- a completely different ballgame -- since you don't reach the Supreme Court as a plaintiff for a criminal case. Is the other civil or criminal?
Because injustice is being done to her and we know about it.
>>> Why did she get it?
No idea. Luck?
>>> Are you guys prepared to contribute to the legal funds of everyone who is expelled and charged with crimes for unfair reasons?
Not all of them. But probably some of them.
>>> she deserves a fair trial
Actually she doesn't deserve any trial. What she deserves is a talk with her science teacher about how to conduct experiments safely and maybe two-day suspension for scaring the crap out of couple of adults and wasting police's time. And a subscription to a couple of science magazines from her parents.
The report is sketchy, which is good: not a lot if contamination, and no one's had much time to get their 'story straight' yet.
My impression is that see knew something was going to happen, but did not think it through. (If it smokes in a closed bottle... Where'd that pressure go?) that at least jives with the testimony, but there's no evidence for criminal intent there, so more testimony is needed to confirm her character.
I don't know "all the facts". No any person does. I know enough to make my conclusions. You want to challenge them? Be my guest, but do bring your facts and arguments with you.
>Are you guys prepared to contribute to the legal funds of everyone who is expelled and charged with crimes for unfair reasons?
Hell yes. We should get involved. Every. Single. Time. This stuff thrives on people just shrugging their shoulders and moving on, reminding themselves to keep their heads extra down. If we made a stink every time, there wouldn't have to be many times.
When you donate, or even just take the time to get involved, think of it as raising your own taxes just a smidge to actually make the system better.
I don't think of it that way. I think of it as giving money to someone I don't know, so that person can forward (with my trust) it on to someone else who didn't ask for it and potentially doesn't need it (what if her family are billionaires?), to defend against charges that I don't have the full story on (and it's part of my DNA to wait for the facts, sorry if you guys are a little more hasty), for a person I'll never meet and who will be fine from this either way.
Making the system better isn't a legal fund for a kid. Making the system better is a legal fund for anybody that ends up in this situation. That's my point, but apparently I'm not allowed to share it since I wasn't educated in private school[1]. I'm not fiscally conservative, but donating to someone's legal defense personally doesn't sit right with me in the general, even more so if the only reason most people are doing so is because the news made them aware of it and dictated the story that you heard.
I think to a lesser extent there's a little bit of overcompensation going on here since it was revealed posthumously that Aaron Swartz needed money for his legal defense but couldn't ask for it. A Cmd+F of his name around this thread should provide that evidence.
All I ever advocate for is caution. If you see a news story and go "wow, that sucks, I'm going to give her some money," the news media successfully manipulated you. I used to work in print; there are Hollywoodesque people that will send press releases to news organizations on behalf of families in this situation, with promises of tearjerking interviews. I'm serious. I'm just advocating for caution, and in the more broad the trend of Internet lynch mobbing and culting that potentially cost a missing Brown student his life recently. The Internet is graduating into a much more powerful force, particularly here on Hacker News and other sites like Reddit, and I worry about the long-term consequences of acting without full facts of a situation.
She's already been removed from school. That's significantly disruptive to her.
She faces criminal prosecution. That's significantly disruptive.
If convicted, as an adult, she'll have a criminal record. Of federal crimes.
I'm baffled how you can say that she'll be fine from this.
> That's my point,
Well, this is the first post you've said that, so you're not doing such a great job of making it. Instead of your strong positive point[1] you've attacked this girl, and the people who feel sorry for her and who want to try to help her.
Of course you're going to face opposition for your views if you go about it like that.
[1]Injustice is widespread. We've heard about this girl, but there are many other children facing similar injustices. It's great that she's being offered help, but we need to work as a society to temper our reactions to youthful indiscretions. Getting the police involved in stuff that can be dealt with by school is wrong, and we need to try to stop it happening."
I'm far from a legal expert, but here's why I'd do it:
I don't like to see this kind of abuse by people like the school administrators, etc. If this case is well-funded and successful, it might become precedent for many others, and thus weaken the whole concept of "zero-tolerance" by providing a relevant case for future victims to use in their defense. If she loses, then the opposite will be the case (there will be precedent for draconian punishment) and it'll grease the skids for future convictions.
That's my (possibly ill-informed) reason, I'd be interested to hear if other people here think it is valid or not.
It's ridiculous to suggest that we should do nothing about an injustice that comes to our attention just because it's not the only injustice in the world, and we're not going to do anything about most of them (not least because we don't know about them). Some injustices we care more about than others, and we need not justify ourselves to you.
That said, if you see a news story about a 12-year-old expelled because his mother packed him a steak knife, feel free to submit it. I can't promise it will be upvoted onto the front page, but it's worth a try. I will probably read it if I notice it.
Not to justify myself, but to satisfy your curiosity, I will attempt to answer your question. This girl's situation attracts attention here on HN, I surmise, because her intent was scientific in nature. Okay, it's a teenager's science experiment, but still, she was exploring the physical world. This is something that a lot of people here can relate to.
It's ridiculous to suggest that I'm implying we should do nothing now that we're aware of it, since I damn near typed verbatim "why are we aware of this?" as the thesis point of my comment. Reactions to my comment are all over the place, this has been a net karma sink for sharing an unpopular opinion, and there's someone mocking my education for sharing it. So much for civil discourse, and congratulations on being on the "right" side of this opinion, I guess (as disappointing as it is that there is a "right" side).
The campaign is currently at $1332. That hardly counts as "showering money" upon someone who is facing two felony charges and needing legal representation.
This girl does not deserve a fair trial. She deserves an apology.
The responsible staff at the state attorney's office deserve to be laughed out of office.
And you reached that conclusion based on what evidence? Good thing we don't need evidence to determine guilt in a court of law, since it sounds like you've got the findings figured out already based on what you've read in the news and in statements.
I'm not saying anybody is lying. There is just usually more to these stories.
Based on the police report and media interviews with the school officials.
Even if you assume she did everything in the most damning interpretation of all accounts, she is guilty of enclosing toilet bowl cleaner and bits of aluminum foil in a small plastic bottle and observing that the slowly released gases cause the bottle to rupture.
The facts, as best as any of us can tell, are that no one was hurt and no property was damaged. That alone is enough for me to conclude that the penalty is WAY out of line with the "crime", and that this girl deserves our support.
Now if all the various media reports are actually wrong, and somebody was injured, then fine... somebody shows me some evidence of that, I'll accept that she deserves a harsher punishment. But if that had happened, I find it very hard to believe that it wouldn't have been widely reported already.
> I've personally seen a 12-year-old expelled and nearly charged with a crime
If you actually mean to compare "nearly charged with a crime" with "charged with two felonies," I don't see how we can have a productive conversation, because that is just too bizarre to wrap my head around.
There are grave injustices every day in this country (or any country, really). It's impossible to give everything the attention it deserves without solving systemic issues. However, that doesn't mean people should ignore any one particular event because other bad events happen in the world too.
I always downvote comments that contain complaints or predictions about potential downvotes. Your opinions should stand on their own merits, and let the upvotes or downvotes come as they will.
What a great blanket policy, regardless of the rest of the comment. On the accounts I've had downvote privileges with, I've reserved them for cases where the comment doesn't contribute anything or is disruptive to the discussion; no wonder I get downvoted a lot, there must be a lot of people misusing downvoting as you are. And yes, I'm aware of the guideline. That you've turned a guideline into a blanket downvote-all is pretty depressing, particularly since I didn't complain or invite, as the guidelines specifically say.
I made a request since I've left comments before that have hit the toilet bowl rather quickly, merely because I went against the grain of this sort of feel-good philanthropy. There was no other reason to downvote those prior comments other than disagreeing, which I think is misuse of downvoting. I've already accrued more downvotes on the comment than there are followup comments, so people are ignoring the request anyway, and probably not even making it that far in the comment before clicking the button.
I wish pg would implement a feature where a downvote costs you a karma point. That would be great. Between refreshes I can watch every comment I've left in this thread lose another point, because someone comes through and blanket downvotes everything I've said. Which, obviously, I interpret as trying to shut up (now that graying has been implemented) an opinion that people find unreasonable, rather than letting their own opinion stand on its own merit, as you say, as a reply to mine.
> I've already accrued more downvotes on the comment than there are followup comments, so people are ignoring the request anyway, and probably not even making it that far in the comment before clicking the button.
You can make whatever requests you like, but people are not obligated to accede to them, and I'm letting you know that such requests are generally counterproductive.
I had an account when pg left that comment. That was five years ago, long before grayed-out comments were even implemented. Now, if enough people disagree with a comment, it turns gray and is never seen again. Which means the only comments that will survive now are the ones that everybody considers agreeable enough to upvote or leave alone.
There's a word for that. Several, actually. Because of that, I now think that pg is even more wrong than he was at the time.
>>> the only comments that will survive now are the ones that everybody considers agreeable enough to upvote or leave alone
That's obviously not true, in "everybody" part. True statement would be "the only comments that will survive now are the ones that are not disagreeable to substantially more people than agree with them". I.e., comment that 51% like and 49% hate would still have positive points.
No, I was disagreeing with your point that on HN you need to agree with everybody. Since there are both upvotes and downvotes, only prevalence of downvotes leads to a negative rating, not any disagreement.
I guess the same reason that everyone gave Aaron so much attention.
Over-reactions from political chest thumping ruins lives and damages society. The general public needs to understand that concept. The best way to communicate that to the primitive ape like creatures milling about on our rock in space is to tell them a personal story.
Basically, it's public manipulation, with blessing because it's manipulating the public in the right direction.
I made a request that if you downvoted you explained why. Thank you for heeding my request. You and someone else have already mentioned that merely saying the word "downvote" in a comment is an insta-downvote trigger, which is completely inappropriate since I made but a simple request that you seemed to handle just fine. Your extrapolation of the very ambiguous guidelines into mental rules for downvoting people is disingenuous and harmful to discussion, and you are not the only person that does it. It's one of the diseases endemic to this community, and it was only made worse by pg implementing grayed-out comments. Now it's just an opportunity to censor.
I'm glad you consider my opinion preposterous, because that's an opportunity for discussion. I'm annoyed you think that because my opinion is preposterous, I must be trolling. That's the biggest example of groupthink I've ever seen; "he's way out in left field, he must be here to disrupt the community for his own sick pleasure!" No, people do disagree with you for what you consider to be preposterous reasons. Just look at the gun control debate. There are preposterous things on both sides of that.
My underlying concern here is that we were called to this girl's attention via international media, we're relying upon very little actual demonstrable evidence, including media statements and a police report, and we've already made the determination that the charges were unfair, people in power should apologize and be voted out, etc. The girl changed her story once in the police report. That's cause enough for me to say 'hm, I'll wait for the facts.'
This sort of thing segues into a bigger, disgusting trend of people on the Internet donating to causes like this so they can philanthropically feel good about themselves. The girl didn't even ask for a legal fund, potentially might not need one, yet here we are. Calling the person who prefers to take the long view and wait until all the facts come out a troll.
> My underlying concern here is that we were called to this girl's attention via international media,
Why is that a concern?
> we're relying upon very little actual demonstrable evidence, including media statements and a police report, and we've already made the determination that the charges were unfair,
When you arrest someone you don't need to show much evidence, because arrest is merely a way to have a discussion with someone with protections for both sides.
When you then charge that person, as an adult, with 2 federal crimes that carry a potential (even if unlikely) prison sentence you better show you have very good reason to do so.
Using a chemical reaction to create steam to pop a bottle is a bit silly. Do you honestly believe it deserves prison time? A criminal record?
> The girl changed her story once in the police report. That's cause enough for me to say 'hm, I'll wait for the facts.'
She's young. Many people don't know their rights, and do not know "Don't talk until you have a lawyer. Say only 'Please can I have a lawyer, and then I'll answer all your questions.'"
PS Now you know that pre-emptive mentions of downvotes is a trigger for knee-jerk down voting you may wish to reconsider mentioning downvotes until they've happened.
> This sort of thing segues into a bigger, disgusting trend of people on the Internet donating to causes like this so they can philanthropically feel good about themselves.
What a goofy thing to say. Why do you think people do anything when they aren't under coercion or obligation, if not to feel good about themselves? Acting out of a desire to feel bad about yourself would be rather perverse.
> The girl changed her story once in the police report. That's cause enough for me to say 'hm, I'll wait for the facts.'
The part where you demand everyone else be hobbled by this same uncertainty is kind of amusing. (Whether it's intended as trolling or not.)
I wouldn't have deleted my comment if I'd seen your reply. But this is clearly the wrong kind of conversation to be having, so it's probably best that I did.
"... benevolence is a commitment to engage with others, to participate in society, in order to achieve the values derivable from other human beings. This commitment is based on the belief that one’s interests are not in conflict with those of others, but in basic harmony. It involves the expectation that one will be able to like, respect, enjoy the company of, or at least profit economically from exchanges with, most of the people around one—that they will make a positive contribution to one’s life."
When you use specific terms like PIPs and perf, we know who you're talking about. I interviewed at Google recently and asked my interviewers about you, Michael, based on the threads you start here that talk about the management vs. engineers culture at Google. Rather than go "oh, Michael, you're so wrong," I gave you a chance and brought it up as a valid concern to each of my five interviewers. The resounding sentiment from every single engineer who interviewed me (two of them with more than 8 years at Google) was how badly you misrepresent and malign Google and how half of engineering wishes they could correct you, but legality and common sense prevents them from doing so. (It goes without saying that it's really interesting that all five knew who you were, since I interviewed on the warm coast and you worked in NY.)
I didn't just get that from people putting on a game face to interview me. I know five current Googlers from all walks of life and corporate structure, including someone who worked near you during your tenure, and they all hate what you do in public. It's an effective technique, really, because you know that you win if they go toe to toe with you.
Given that you're discussing slitting throats for more equity in other parts of this thread, and previously you've compared Google management to the terrorists that brought down the World Trade Center, I implore you to seek help. Please. Way too many people feed in to your reality distortion who haven't been around the block in the valley and Hacker News, and it's disgusting to watch.
When you use specific terms like PIPs and perf, we know who you're talking about.
I wasn't talking about Google. Not for that specific case. That happened at another company, where I didn't work, but I know the story. Lots of companies use PIPs and performance reviews.
The resounding sentiment from every single engineer who interviewed me (two of them with more than 8 years at Google) was how badly you misrepresent and malign Google and how half of engineering wishes they could correct you, but legality and common sense prevents them from doing so.
If they want to defend their company's practices, they should. Who knows? Perhaps the company improved massively after I left. Perhaps calibration scores were abolished last year. I'd have no way of knowing and, if that's the case, the public should know.
I'm better known for that than I'd like to be. However, I'd say that my support is about 25/25/50. 50 percent of Googlers see me as Emmanuel Goldstein and would probably never want to talk to me, that's true. I don't like that I have potentially thousands of enemies, but sometimes a person like me has to do the right thing, even at the cost of unpopularity. 25 percent are just completely indifferent. 25 percent view me positively because they want to see Google improve and think it takes someone like me to draw executive attention to problems.
Oddly enough, I'm probably doing more good for Google engineers than anyone realizes, because upper management is now aware of abuses in the middle and, at least, has a chance to correct them. I haven't probed (I don't care) but the company could be fixing itself, thanks to something I started. Of course, the perverse irony is that if Google management fixes their culture, I'll probably still be the villain (as a guy who worked there at the nadir and gave it a negative reputation) rather than the catalyst.
The best thing for my personal reputation is for Google not to improve itself, because then I'm still right. Still, it's better for the world for Google to heed my advice and fix itself in order to make all the things I've said wrong.
I know five current Googlers from all walks of life and corporate structure, including someone who worked near you during your tenure, and they all hate what you do in public.
I've said a lot of positive things about Google. They have great engineers. I've also criticized the place. Whoever came up with "calibration scores" needs to stop using his employer as a nursing home and start using an actual nursing home as a nursing home.
If Google's upper management indicates will to resolve its cultural problems (and hell, I'll work with them on this, and at a cut rate) then I will shut up.
I am already willing to admit that my information is a year and a half out of date. So there.
I'm sorry, Michael, but it is not true that 25% of Googlers view you positively. The vast majority of Googlers view you as a nutter, especially following your revelation a few days ago that you are thinking about killing people who ostensibly gave you bad references.
You need to get over this delusion that Google is wrong and and you are right, and that eventually Google will somehow come to its senses and beg for your forgiveness and guidance. It is never going to happen. Ever.
I really think that you should seek professional help. You're not just going to wind up an unemployed pariah at the rate you're going; you're going to wind up in a padded cell.
The vast majority of Googlers view you as a nutter, especially following your revelation a few days ago that you are thinking about killing people who ostensibly gave you bad references.
I don't know what you're talking about.
You need to get over this delusion that Google is wrong and and you are right
Not delusion. All I have said is that they're badly run and that most of the corrosion is in the middle-management layer.
and that eventually Google will somehow come to its senses and beg for your forgiveness and guidance. It is never going to happen. Ever.
You are almost certainly right on that one, although I find it pretty obvious. People rarely backtrack on mistakes, and organizations are even more prone to foolish consistency.
Also, how in the fuck am I the crazy one? I don't attack a person I've never met just to uphold the reputation of a gigantic company.
It's actually a bit sickening. Yes, I have taken aim at Google's management. If you are an engineer, you aren't in this fight and you should stay out, because I never did have any problem with you.
"The vast majority of Googlers view you as a nutter, especially following your revelation a few days ago that you are thinking about killing people who ostensibly gave you bad references.
"Yes, I have taken aim at Google's management. If you are an engineer, you aren't in this fight and you should stay out, because I never did have any problem with you."
I think the reason many Googlers speak up against you is because of basic empathy: we see a group of people being unfairly maligned, and it's not right or ethical to keep secret and let that happen. It's somewhat unfortunate that the response of many of them has been to malign you, but you have to understand that your perception of the company is very different from many other insiders' perception of the company. Yes, it's quite possible you drew a bad manager; they do exist, even at Google. But you paint with an awfully broad brush, making grandiose proclamations about how the company is rotten to the core and run by sociopaths that should be shot, and I and many other Googlers just don't see it.
My manager(s) worked his ass off so that I and his other reports could have an environment where we're free to innovate, free to work on things that interest us, and free to accomplish things. A lot of mid-level managers burn out because of it, eventually getting fed up with having to reconcile so many different constraints and getting zero credit for it. My VPs also seem to usually make good decisions: I disagree with them sometimes (okay, often), but I can usually see the rationale behind them and the market realities that are driving them to those decisions.
Those decisions don't always go my way - I had 3 projects canceled within a span of 6 months in late 2010, and I just had my year-long research project canceled when 2 weeks before I'd been led to believe it was a long-term investment - but when I take a step back and look at the organizational forces, I can usually see how those really were the best decisions for the organization. Sometimes you can have a technically awesome solution that when you try to scale up to a team and bring to the real world, just doesn't work.
It sounds like you have a good manager, so we have different experiences.
Let me explain my Google manager. His MO was, about 1-2 months in, to use fake performance problems to get people to disclose health problems, then use knowledge of their health issues to toy with them. I have tons of evidence for a pattern of this with him. I also have (verbally) that HR knows it to be a long-standing problem, but does nothing because if a manager has a reputation for "delivering", that's carte blanche to treat reports however one wishes.
HR's job is to step in and right things when managers fail, and at Google, they refuse to do that. They see their job as to protect managers. I know that most companies are this way, but it's disgusting.
There are a lot of abuses of power by management at Google, and HR does nothing about it. The going ideology is that if a manager is "delivering", his word is gold. Combine this with a Kafkaesque nightmare of closed allocation, and you get a lot of ugliness.
I have nothing but respect for the vast majority of the engineers I met at Google. But I cannot respect a management structure that thinks closed allocation is appropriate for a tech company, or that making political-success reviews part of the transfer process is morally acceptable. Google's performance review system is a play-for-play copy of Enron's. This has completely fucked up what should otherwise be an awesome technology company.
I would actually support a class-action suit by Google's shareholders against the managers who instituted closed allocation and calibration scores (breach of fiduciary duty). Those assholes are guilty of destroying several billion dollars worth of value, and justice should be sought against them. Employees who were burned by that horrible system should also be plaintiffs in this suit, because that shit fucks up peoples' careers, too. It's just all-around wrong.
HR's job is to step in and right things when managers fail, and at Google, they refuse to do that.
No, that's a labor union's job. HR's job is to protect the company by mitigating risk from L&I related lawsuits. Period.
Programming can be considered a trade, and I think 99% of the shit you complain about could be solved by programmers unionizing. But of course, that would bring its own new set of problems.
Sure, a strong professional association might be better than a labor union then. Point is, though, if you're looking to HR to represent your rights and interests, you're barking up the wrong tree.
HR's job, I would say, is to keep employment relationships in a state that maximizes shareholder value.
That includes recruiting, compensation fairness, firing of negative-impact personnel, and legal risk reduction. It doesn't align them always with employees, or always with management.
It also means that good employees (who would deliver high value to the company if in a better managerial context) should be protected against bad managers. That's something HR rarely has the courage to do in most companies, but at Google, they don't even try.
Welcome to HN. I'd rate that troll 2/10, as it was a pretty obvious troll for a community of smart people. Hopefully nobody here would bite on something so obvious; that might have worked better on Reddit.
That accomplishment is even more notable because while Canada has a space agency, most of the world wouldn't consider Canada "spacefaring" in the broad sense (also not a dig at Canada). That a man challenged himself in his career to become an astronaut without a clear path to orbit, then reached a position where he can bring space travel to YouTube, Reddit, schools, and countless young minds in a new generation with the light touch required to "make it stick" is an accomplishment worthy of immense praise. Maybe a Nobel.
EDIT: Holy cow, this got flagged off the front page in the time it took me to get coffee.