@bgurley @martin_casado Ok. Warning, this will be long, and interrupted by a flight. @bgurley @martin_casado 1) Cultural factors: When I was growing up in the 90s, there was significant uncertainty in the labor market, and one way to achieve economic security was seeking a government job. In many European countries, running a limited liability construct into insolvency effectively...

I wish I had more time to chime into the AI doom debate, but here a very quick thread:

1) The one thing all AI doomers seem to assume is that almost all engineering problems can be solved by thinking, vs. experimentation.
2) Humanity has seen multiple individuals of ... ... vastly higher IQ than other humans. We're 8bn people, IQ stddev is 15, there's bound to be a few people of IQ 175-190. None of them have proven to be particularly dangerous. Superhuman AI does not mean infinite AI.

One thing I have learnt over the last years is that - while I am technically pretty solid - I am surprisingly good at *product*. It's a strange thing to realize as a pretty technical mathematician.

This thread describes what I consider "common-sense product design", because ... ... it turns out that common sense is not all that common.

Ok, so you want to design a good product. Here are the steps:

1. Create a target demographic / user and buyer persona. This comes absolutely first.
2. Identify a few people that match this description. Get to know them.

There's a lot of microservices hate, but there are also terrible balls of yarn. It reminds me that many orgs are not good at engineering.

A few rules that have served me well:

1) architect your software, have a diagram.
... 2) centralize responsibilities in the diagram.
3) not every box in that diagram needs to be a service, some boxes should be shared libraries
4) conversely, not every box should be a shared library
...

A thread about family culture and how value systems survive and get transmitted implicitly:

My parents were deeply pacifist, through personal experience of WW2. They were involved in the creation of the German Green party, which had roots in the peace movement.

... At the same time, there was a deep undercurrent of duty, self-sacrifice, serving the state/the greater good, "critical obedience" (kritischer Gehorsam), and holding oneself to extremely (perhaps inhumanely) high standards of personal integrity.

...

After experimenting with stable diffusion a little bit, I was trying to make sense of the things I observed, and spend a few minutes spellunking around in the 12m images that one can explore at laion-aesthetic.datasette.io/laion-aestheti….

Observation thread: 1) I was puzzled why particular artists that are (in my eyes) relatively low profile generate significant improvements in output quality when added to the prompt, while other prominent artists in the prompt generate poor results. The training set explains some of it: The term ...

Looking back at my teens, I was a stupidly ambitious kid. (Extremely) privately religious, I included the wish to become one of the best reverse engineers and one of the best hackers in my evening prayer.

The thing I really did not have in my radar then was that I am prone to... ...dramatic shifts in interests, even though I had already undergone the shift from "I want to be a comic book artist or animator for hand-drawn animation" to the above.

Being humble is nice, but sometimes it's important to acknowledge ones strengths, too:

One thing I've learnt about myself over the last 20 years - from BinDiff/BinNavi/VxClass to Prodfiler: I am pretty good at product if people get out of my way. Secondly: both at zynamics and at optimyze I somehow chanced into working with/attracting an absolutely stellar team.

@tgraf__ @paxteam @_minipli @yuvalavra @_fel1x @spendergrsec So I would love you to understand the problem you're up against, so you don't waste your time (and others time) on non-solutions.

I don't want people to stop working on the problem, but I want people to focus their efforts on the right parts of the problem. @tgraf__ @paxteam @_minipli @yuvalavra @_fel1x @spendergrsec Security always has a Mullah Nasreddin's Ring problem -- people tackling the wrong part of the problem because the wrong part has a relatively simple (but useless) solution.

The issue is: People love tackling problems they can make progress against.

@gamozolabs @gynvael @AdemoyeJohn Now, initially the goal is to get oil out of the ground, but over time an entire village, then a city, and finally a society emerge around the oil well.

While initially the goal was oil production, the structure of society shifts - very soon, the actual thing that keeps that ... @gamozolabs @gynvael @AdemoyeJohn ... society busy is not the production of oil but really the politics of distributing the rewards of the oil well, the entertainment & culture of the surrounding society etc.

While at Google, I did not give Google enough credit for all the things they get stellarly right.

A quick thread:

1) Google internally is great at building sensible abstractions that allow developers to do really heavy lifting. Tech infra often bragged that the primary ... ... reason for ppl to boomerang back to Google is because they were missing that infrastructure.

Having a good container orchestrator (Borg).

Having a number of specialized storage systems. Colossus as base layer. Bigtable. Later spanner. Most of them run as a fully ...

The ransomware epidemic is interesting, as it turns latent vulnerability into concrete economic cost.

This may actually be good for improving security in the long run.

One of the problems with cybersecurity is that many players are incentivized to incur latent risk - e.g. ... ... gamble on not being a target, or on their products not being targeted.

A few years ago, the only "APTs" were government hackers; criminal hacking existed but was largely on the margins when it came to scale/sophistication. Their non-detection goal meant that it was ...

So @RikeFranke's article struck a nerve, and I feel like I should add some personal thoughts in a quick thread.

My personal experience is that of a German Xennial ('81) that at age 18 was catapulted into the realities of geopolitics, intelligence, and military power as ... ... part of power projection by working in cybersecurity. Growing up in a pacifist family (both parents shaped by childhood experience in WW2, albeit on at least one side with an extended family tradition of military service), I found myself teaching .mil and intel folks, and ...

A ranty thread about the security architecture we're going for, and the pains of getting to SOC2. Our product is a profiling agent, which has to run privileged on the underlying machines in production. This would of course create a potential risk for users. We are hence taking many steps to mitigate the risk:

A lot of software folks underestimate the importance of efficiency and performant code. In the same way that Steve Jobs quipped "design isn't how it looks, design is how it works", there are qualitative leaps that come with quantitative speedups. So counterintuitively, doing something 100x faster often means that - while you're just doing the same thing faster - you can now do *different stuff* with it.

There is a world of a difference between paying $1000 in computing to perform a task, and paying $100k.

Ok, I know this is a contentious topic, but: Could someone clearly articulate the threat model under which service-to-service TLS is the best solution? The scenarios I considered are: 1) Traffic integrity/confidentiality to protect against Mallory on the wire. Host-to-host affords this at much better cost, less duplication of code, and even less attack surface (unless the TLS is provided by a single sidecar).

When thinking about science and also history, it is good to remind oneself of Hammings observation that they are biased estimators: History assumes people in the past knew nothing unless there is incontrovertible proof they did; science assumes null hypotheses until they fail. This can lead to structural biases in beliefs: Historical societies likely knew more than we give them credit for, and things are likely true that we have difficulty generating incontrovertible evidence for.

"No proof that masks work" would be one such case.

A thread with a thought about Google and the frequent bad news they generate: One of the big strengths in recruiting that early Google had was the near-boundless idealism and ambition. It was a great asset, and to some extent a "children of the 90s/end of history" thing. Google had the ambition to not be like other companies (Sergey & Larry had contemplated it as a nonprofit even). The self-perception of Googlers was that Google was like a Golden Retriever: Fundamentally good-natured. The internal vibe was university-ish.

A thread about my feelings as an immigrant to Switzerland, watching the handling of COVID right now:

It feels like watching a slow-motion bus crash from inside the bus.

A few numbers: Switzerland is running at 10k+ new confirmed cases per day, at a test positivity rate of 27%. For comparison: Germany, a country with 10x the population, is running at 17k cases per day and a test positivity rate of 6%.

It is safe to assume that the true number of cases in Switzerland are at least factor 2 higher than what is reported.

I am unreasonably excited about our technical interview process. One of the benefits of small companies is: You can experiment with things that you think went wrong in previous (larger) companies. The interview process on our end is a result of that. So how does one interview for a fully-distributed, fully-remote team?

In our case, we decided that the entire interview are take-home exercises with async feedback. We also want to check a variety of traits:

1) Ability to communicate clearly in writing
2) Software design
...

One thing I find interesting about the NewYorker FB piece is how the replies of executives to difficult questions from their workforce are always of the form:

"Thank you. I hear what you say. I will inform somebody else."

It's interesting that this passes for leadership. IMO this sort of noncommittal, pseudo-empathetic evasion is actually enraging for most employees.

Better leadership could be: