73 comments

[ 0.17 ms ] story [ 146 ms ] thread
I'm sure Ms. Meckfessel is a lovely person, but this is clearly a PR driven piece pumped out of Google for recruitment purposes.

Throughout this entire NSA scandal people lament there's nothing we can do, but these tech companies are vulnerable to talent shortages. A simple action for a conscientious hacker is to simply not work for PRISM collaborators. Apply your talents to companies willing to make privacy assurances.

> PRISM collaborators

You mean companies that comply with US law? So your advice is to work outside of the US?

>You mean companies that comply with US law? So your advice is to work outside of the US?

1. Or work in areas which do not handle data that the US requires by law. You can find software jobs in the US that do not require collaboration with governmental domestic spying. For instance many people choose not to work for companies that build weapons of war for a variety of reasons. These people can still work inside the US.

2. Additionally non-US residents work for Google. Being outside the US doesn't really have much relevance to the discuss.

3. I also reject the notion that Google had no choice. Google may have been able to comply with the letter of the law without giving up user data by using e2e cryptography. One can support or question their actions, but they are not powerless victims in this drama but active agents that can be held responsible for what they do.

> Google may have been able to comply with the letter of the law without giving up user data by using e2e cryptography.

Only at the cost of not providing the service that users want, which includes such things as fast, full-text email search, recovering accounts after passwords (and other security tokens, if any) have been lost. Once Google can extract the unencrypted email for any purpose, the practical consequences of their legal obligations make all cryptography Google provides useless against this sort of attack.

Yes, Google has a choice. But let's be clear on what that choice is: They can choose whether or not to offer a mass-market email service. Once they've decided to offer that service, the practical consequences are inevitable, given the current, relevant legal framework.

I don't think you or I, or even Google knows the total set of their options, but we can sit here and come up with some alternatives.

>Only at the cost of not providing the service that users want, which includes such things as fast, full-text email search,

e2e encryption is completely compatible with fast, full-text email search. There are several companies that currently offer such services, that is webbased, fast searchable email, that is e2e encrypted such that no plaintext arrives on the server side (unfortunately I am under an NDA or I would tell you more but you can read the papers if you like). Stuff like this: http://www.forbes.com/sites/andygreenberg/2011/12/19/an-mit-... It's not just databases it's search engines as well.

I think gmail probably loses some enterprise clients because they don't do this, but I expect "enterprise level" features like this from gmail in ~2-3 years by my guess. Probably sooner due to the nosedive in trust they just took.

Google has a monopoly on new email account creation so they don't need to innovate to get new customers (hell android locks everyone in). It isn't outlandish to suggest that they could have chosen to innovate and done what has been in the research literature for some time now. Secure e2e encrypted cloud email.

>recovering accounts after passwords (and other security tokens, if any) have been lost.

Have you tried to get gmail accounts back because I know people that have lost all their email. Are they better at this now (maybe they are, I hope so)? Even with this as a requirement, it is achievable. The user's client just sends a copy of the key to a foreign key escrow service that will unlock their account if anything happens once they prove they are who they say they are with various forms of ID and proofs of knowledge. Paranoid users can elect not to do this. Or ask people in your circles that you have marked as trusted to attest to your identity. You could do some clever threshold cryptography with your closest family and friends.

They big trick is making money off ads while not learning about the contents of the email. One way could be a bounded leakage strategy whereby the encryption scheme allows some ad matches without giving up more than one or two popular words per email.

All of this is a sideshow though. The NSA wasn't going to throw the Google execs in jail for not towing the line. Google is an extremely powerful company with a strong lobby in Washington. Not to mention that just pressing the charges would be a major embarrassment for the NSA. Twitter fought and won. Likely they just offered Google some nice contracts with the US government.

(comment deleted)
There is something these companies allowed that went beyond others, Twitter is not listed for example. As Snowden pointed out [1], these companies need to make some kind of technical assurances for privacy, otherwise customers (and potential employees) should look elsewhere.

[1] "The [telcom] companies should write enforceable clauses into their terms, guaranteeing their clients that they are not being spied on. And they should include technical guarantees. If you could move even a single company to do such a thing, it would improve the security of global communications. And when this appears to not be feasible, you should consider starting one such company yourself."

> You mean companies that comply with US law? So your advice is to work outside of the US?

What makes you think you don't have to comply with US law if you work outside of the US?

If you're a US citizen living and working abroad, it will quickly become painfully clear exactly how much work you have to do to comply with US law (and how severe the penalties are if you don't). And US citizen or not, you might be surprised at how many non-US companies elect to comply with various aspects of US law for business reasons.

What do you mean by PRISM collaborators? I am genuinely curious because I feel like I missed when/where that was established.

To my understanding, and please correct me if I am wrong, PRISM isn't a system that companies subscribe to, but more of a government portal for requesting information from a number of companies in a legal fashion. Is this not correct? I admit I have not kept up with all of the bits of information released due to the high volume of speculations generated by just about everyone that talks about it.

We still don't really know what PRISM is or how it functions. It does appear that US companies did provide overly broad information to the US government using the following logic.

1. The US government gets massive amounts of information from these companies and can get this information in real time with no oversight,

2. none of these companies seem upset about it, which one imagines they would be if the US government was just stealing it without their permission,

3. and these companies have cooperated with the governments misinformation campaign (denials of "direct access" and such).

If they aren't responsible for initially giving them access, they are now responsible the governments continuing access since they have learned that the government does have access and they have not attempted to prevent the government from maintaining access and furthermore they have aided the government ability to maintain access by stifling public outcry about this access by lying to their users.

Your reasoning is not very convincing. Point one is pretty much the entire question so claiming it as proof seems circular. If you have evidence proving that claim I would be satisfied. Point two is simply wrong as there was a lot of writing from CEO's and engineers that seemed quite upset about the claims. And for point three, uh... what? How are their denials proven to be lies? Or are you implying that companies using the phrase "direct access" is proof?

Honestly your post, combined with a lot of others' on this site, would seem to belong quite nicely in /r/circlejerk. I'm not saying that as an insult but rather how all of these speculations kept alive through echo genuinely come off as.

If you have actual proof please provide a better reasoned argument.

Given the secrecy surrounding PRISM, is there any way to know whether a company has been recently forced to comply with a PRISM-like program? Snowden's data is already stale, and only covered the largest companies.
>...this is clearly a PR driven piece pumped out of Google for recruitment purposes.

Agreed, can someone point me in the direction of some tech writers that aren't afraid of journalism?

The chick in charge of the Internal Tools team? That shit is widely regarded within Google as a dead-end ghetto, devoid of opportunities for promotion and looked down on by the other focus areas.

- 5+ year Ex-Googler

EDIT: I'm done with this fucking site. You won't have weareconvo to kick around anymore.

This is a spiteful and misogynistic comment - you do yourself and this community, a large disservice.
No, it's not. It's the truth.
"chick"

I don't have to go past that word, to have a problem with your comment in this context.

Maybe you should be more open-minded then.
I'm only responding to this because your comment is #1 on the page right now.

The factuality of your comment has nothing to do with it.

Calling her a "chick" is like calling Larry Page a "boy toy" -- the word is used largely in sexual situations ("picking up chicks"), and is incredibly unprofessional and demeaning in a professional context like the workplace, or Hacker News.

And talking about the Internal Tools team as "that shit" is equally unprofessional and demeaning to everyone who works on it.

You should be ashamed of yourself.

>Calling her a "chick" is like calling Larry Page a "boy toy" -- the word is used largely in sexual situations ("picking up chicks"), and is incredibly unprofessional and demeaning in a professional context like the workplace, or Hacker News.

Then why don't you just ask what I meant by "chick" rather than insisting I was being sexist?

> And talking about the Internal Tools team as "that shit" is equally unprofessional and demeaning to everyone who works on it.

More demeaning than the comment itself, in which I actively demean the team by pointing out that everyone else in the company laughs at them?

"And talking about the Internal Tools team as "that shit" is equally unprofessional and demeaning to everyone who works on it."

Really? Did you go around and ask everyone who works there if they feel "it's unprofessional and demeaning"? Or is it just you who feels that way?

Please don't blow this out of proportion.

Agreed. Even if it's true, I hope that the HN community can all agree that comments like this reflect poorly on us -- lets certainly not reward them.
Or let's just not put words in my fucking mouth by declaring what connotation I had in mind by my use of the word "chick".
Words have connotations whether you mean them or not. It is hard to see how you could not foresee a negative reaction to calling a woman being featured in a professional context a "chick".
Surprisingly, nobody jumped on "crazygringo" when he attacked my usage of a word with a negative connotation.

By the way, if anyone's inclined to fucking ASK why I used that word at any point in the next century, I use words like "dude", "chick", and "radical" because I enjoy the delightful throwback. Such idioms are definitely in my wheelhouse.

Just curious, how offensive is "chick"? I catch myself accidentally using it every once in a while (a vestige of shitty, all-boys Catholic high schooling). Should I be mildly embarrassed or mortified?
Probably older, probably more experienced, subject of a news story, in a fairly professional context? Kind of offensive (IMO).

I think outside of common terms like "chick flick", this is just like using "girls" to refer to adult women - think to yourself, if you replaced the term with something like "boy" or "dude" how would you sound?

I don't really go on crusades about these particular uses of words because I feel there are better fights to fight, but I would never refer to a man in this particular context as a dude. Maybe I'm overly politically correct, but I try to be respectful to everyone.

It depends. If you're using it in a negative statement, it tends to connote a woman who isn't very smart. If you're making a positive statement, I think it would be roughly equivalent in formality to calling someone a "babe," without the connotation of being pretty. So still don't use it to talk about someone in a professional context.
If you're a PC douchebag who actively seeks out opportunities to be offended by things, then, sure. Otherwise, I wouldn't recommend it.
Absolutely depends. Some people find "chick" just about as offensive as "nigger", while some people don't care in the slightest. I've known a number of women who freely use "chick" to refer to themselves or their friends.
About as offensive as "geezer" or "cracker".
In this context it reads as highly dismissive.
I doubt you would have said the same thing if the post started with "that dude" or "that guy".
Maybe because neither of those words connote vapidity?
What's the feminine alternative to "dude"?
None that occur to me off the top of my head, at least not when speaking about someone negatively. You could always go full-ninja-turtles and call her a dudette. Chick certainly isn't it, though.
(comment deleted)
How is it misogynistic?
Calm down a second. You're obviously taking offense of the phrase "The chick in charge of the Internal Tools team?". While the word is often used in the fairly female hostile line of "I'm off to pick up chicks", it also has a very common usage for an (attractive) young woman in certain demographics.

As far as I can tell, the OP is not trying to make a misogynistic comment on purpose and biting his head off and shouting at him is not going to help the community, or the OP, or your point. If this was an actual misogynistic comments - "A girl in Google? Fire her!" - then the outrage would be well placed. A very commonly used colloquial term, however, at most deserves a polite request to use better language in future.

I understand your point, but even according to your second definition ("an attractive young woman"), it comes across as misogynistic.

Because simply referring to her as "the chick who..." basically implies that she is principally a "chick" -- not a smart woman, not a capable professional, but just a "chick". Outside of professional contexts, it can sometimes be fine, but in commenting on a professional article, it absolutely is demeaning and there is no place for it.

Thank you for the benefit of the doubt. Admittedly, if I cared about being taken seriously, I would've chosen my words more carefully. However, I just felt like dashing off a quick comment to let people know that the core tone of the article is at odds with reality.
Once upon a time the word "misogynistic" actually had real meaning.

But, thanks to mostly people like you, that word has been hugely trivialized to mean not much more well... than anything really.

Let's not burn the OP at the stake just because he used a word that you think is somehow improper. That's something you have to deal with all on your own.

yep, i've seen too many times how such things happen at various places to imagine that it can go any differently:

"... she brought a “product perspective” to Google’s developer tools, insisting that, although they were only used inside the company, they should be treated like like products used by the world at large. “She bootstrapped a new charter for the team,” he says. “We had to think of these as products used by other Google engineers — and she brought that attitude. We had to think of them as cohesive things, to give them a nice presentation. That had not been the focus before.”"

focus, perspective, think of as product, bootstrap, charter, cohesive, team... 7 large ones in BS-bingo.

It's hard to get promoted at Google unless you launch things, and the Internal Tools team never launched shit. So they just latch onto any excuse to launch whatever they can, even if it makes no fucking sense. You'll see this a lot with other Google products too, Gmail being one of the worst offenders (totally unnecessary UI changes that piss everyone off, changing Gtalk into Hangouts just to have a chance to launch a new app, etc).

The Gtalk one is particularly ridiculous if you buy into their disingenuous arguments about combining disparate forms of messaging, especially given the spectacular failure of Wave, which tried to do the exact same thing. But if you view it through the lens of "Gtalk hadn't launched anything in a while, and their engineers wanted to launch something" it makes perfect sense.

You can make the point about tools being a dead end (which I have no particular insight about, so I'll take your word for it) without being unnecessarily dismissive of the individual as a "chick".
As another year ex-Googler, I'd say this is BS. Everything that superseded the "gconfig" days was pretty amazing, and IIRC the team behind it in NY did quite well for themselves. Steve Yegge wrote GROK, which is an internal tool, and I'm pretty sure no one around here looks down on him: http://www.youtube.com/watch?v=KTJs-0EInW8
I think the fact that I worked there for over 5 and a half years should afford my opinion a bit more weight, but as I despise the Argument By Authority fallacy, I'll concede that any other Xoogler should be able to chime in and contradict me here.
Current Googler here. When did you leave? A previous comment of yours says that it was before Go was released, which was in 2009.

Internal tools & developer infrastructure have gotten noticeably better since 2011, which was when Ms. Meckfessel took over. As engineers, we routinely use tools that were dismissed as impossible when I joined in 2009. If you're thinking about the gconfig/mk-debug days, the developer experience is orders of magnitude better now.

Steve Yegge is probably a better example, but another that comes to mind is that Guido wrote the code review system there. He left for dropbox, but he was at Google for years, so clearly something was worth the 50% or whatever of his time left over from python dictatorship duties.

In an earlier comment, OP mentions leaving Google before Go was released, which was quite a while ago now, so not sure why he felt the need to chime in. He just sounds like he wanted to be an asshole, honestly.

I don't get this. You mentioned in a subsequent comment that it's hard to be promoted inside google unless you "release", then go on to trash others by saying that Tools has unnecessary releases.

So is this something problematic about Tools, or about Google's culture in general? It sounds like you're criticizing the idea of using "releases" as a benchmark when inappropriate, yet you are disparaging someone else's work (what would you do?) because they have to adapt to the (dysfunctional?) corporate culture… Seems like making the best of a bad situation.

As far as relative status goes, "hackers" need to care a little bit less about other people's accomplishments or lack thereof. I've heard this kind of trash talk before (both direct and indirect) too many times in tech circles, and no matter how justified you may think it is… it just reflects badly on the person saying it.

I'm mocking the situation:

- Promotion is largely driven by launches

- Erego, people launch unnecessary shit

- That's ridiculous

- ???

- The New Hangouts

I would gladly give half my karma to downvote this comment into oblivion. I wouldn't have thought that this kind of dismissive misogyny would stand on HN.
Although it's from the distance past (1995) this article sheds a bit of light on the word "chick"

http://community.seattletimes.nwsource.com/archive/?date=199...

And several people and sexes are well represented with their very individualized take on the meaning of the word.

In my experience in Southern California "chick" is more or less synonymous with "dood" when referring to a third-party casually.

However it was probably a poor word choice to comment on an article that many seem to interpret as a gender discussion piece.

...any comments about the actual content of my post, or are we just going to talk about my odd use of SoCal surfer idioms for a while?
If you didn't mix your acidity into the content, this issue would never have come up. Hopefully this can be some kind of teachable moment for you and others who feel that extreme bluntness or rudeness have no effect on the bandwidth of a conversation. In fact, they are noise, and if you've read anything about signals processing, you know what effect this has.
>EDIT: I'm done with this fucking site. You won't have weareconvo to kick around anymore.

com'n, man! From high moral ground these lemmings here tar-n-feathered Swartz, and you're getting emotional over their inability to hear word "chick" without getting their heartbeat racing and palpitation.

Relax and hang around. Those complaining are most likely poseur male-feminists. They might as well protest in 'chick-lit' sections of bookstores.
really, a story about a prominent female engineer, and the first paragraph is about how she dresses? I'm hardly a feminist, but this is kind of rediculous.
In context, it's actually pretty relevant. The anecdote, like the piece itself, is about how she deals with being a woman in a very male dominated world. Dress is one of the most direct and tangible differences between men and women.
I'd disagree. But even if it is the "most direct", whatever that means, you don't think that there are more serious gender-assumption transgressions in the tech world? It's a little annoying to me that the first anecdote is the most superficial one.

I give the writer a pass, if Melody herself insists that that's the most important issue, or if that was, chronologically the first thing that Melody brought up.

It's not so much a story about an engineer who happens to be female, as it is a story about female engineers, the gender gap, and general lack of diversity in engineering. Considering dress is one of the most important gender expressions in our society, why shouldn't it be mentioned in an article about gender differences?

By the way, if I were Melody Meckfessel, I'd be more concerned that the WIRED editors managed to misspell my name twice in one article.

>The other key thing, according to Meckfessel, is that the system compiles code with unusual speed. In typical Google fashion, it spreads compilation tasks across vast array of servers, rather than generating the executable software on the developer’s local workstation.

I hope she has more than this to focus on as Go usage is picking up within Google. And with Go, just the local workstation can do it. :)

That's only because the amount of Go code is small. Google builds all transitive dependencies from source in HEAD, so if there were 10 million lines of Go sitting in the repository, your local workstation won't cut it.

It's not even the build times which are the most pressing issue these days, but the time for tests to run.

One of the major design goals for Go was that incremental compiles should not require a rebuild of all dependencies. I believe they bake interface information into the library files for this reason. If you don't change a file, you shouldn't need to rebuild it.

If you sync to a later CL, you might need to rebuild what's changed, but even then all this should be cacheable across the company. Go was designed as a language to avoid a lot of the mess that the build tools have to deal with for C++.

In theory the same applies to Java, if I have a java_library, and none of the inputs have changed, I shouldn't have to rebuild anything. But the theory often doesn't match up to the reality with respect to objfs caching of dependencies in my experience.

Also, any non-trivial app at Google is going to touch non-Go dependencies.

I like Go, but I always thought that was a ridiculous selling point. Just look at your own comment: if Googlers are picking up Go, it must have been for other reasons than build speed, considering they have a compile farm at their disposal that can build millions of lines of C++ code (before or after preprocessing, I wonder?) in mere seconds.

I have a suspicion that if you ask people who used Go why they chose that language over the many other available options, almost none will say "because the compiler is fast!"

I agree. I was approaching from the angle of being amused that they obviously put a lot of work into making C++ compile reasonably fast when they created a language that, amongst other things, addresses that issue by addressing the actual causes of slowness (as opposed to some giant cluster). I agree that for very few people compilation speed is "their" winning Go feature. (Although it is handy for situations were you want to use Go like a scripting language using go run)
I always thought of the Go team as mostly outsiders coming from Plan 9 who were being sponsored by Google, but otherwise aren't really an integral part of the company (but then again, I don't know much about Google's internal organization).

> Although it is handy for situations were you want to use Go like a scripting language using go run

`go run` isn't that fast, really. A simple "hello world" takes 320ms on my system, while the equivalent in C takes 40ms, and C++ takes 270ms. Honestly I can't of a single use case where I think Go's compiler speed matters. And again: that's coming from someone who likes Go for basically every other reason.

>I always thought of the Go team as mostly outsiders coming from Plan 9 who were being sponsored by Google, but otherwise aren't really an integral part of the company (but then again, I don't know much about Google's internal organization).

Well Rob and Ken are from Bell/Plan 9, but Robert is from Java HotSpot. My understanding is they were allowed to take what was their "20%" side project and Go full-time once it showed promise for addressing Google's language problems.

>`go run` isn't that fast, really. A simple "hello world" takes 320ms on my system, while the equivalent in C takes 40ms, and C++ takes 270ms.

Shouldn't you be comparing Go to Python, Perl or PHP in the context of "go run"? Also, benchmarking "Hello World" programs is not usually a very meaningful activity in any context.

> And again: that's coming from someone who likes Go for basically every other reason.

I like Go too and I think we agree that the compile speed, while nice, is just gravy when it comes to what Go has to offer.