The Turks in Austria today find themselves at the short end of the stick. As immigrants and members of visible minority in a host culture known for harboring a certain degree of racism, they're at a distinct social disadvantage. But the situation for Turks in Austria is exceptionally uncomfortable because Austria withstood 150 years of war with the Ottoman Empire.

The Viennese, in particular, are never going to let the Turks forget it. Take a walk through the city sometime and check out the newspaper vendors on the street corners. It's nobody's idea of a great career move, and the worst of it is that they have to wear these wretched demeaning monkey suits. And notice, they're all Turks. It's not an overstatement to say that they live in a state of public humiliation. It's not subtle. It's almost the first thing you notice as a tourist.

Never mind the right and wrong of it. Some of these people - the ones who aren't completely subjugated - are bound to kick up a fuss once in a while, and not always in a rational, measured way. I expect that's what's happening here with the protest against Lego.

I find it charming that E.E. "Doc" Smith wrote about this very subject (designing advanced materials based on the study of microcrystalline properties found in natural organisms) in his science-fiction novel "Spacehounds of IPC".

In 1931.

I hope, and expect, that the petition will be denied. What it means is that any entity with sufficient knowledge and resources (individual or corporation) would be permitted to flood the net with DDoS packets.

If such activity were legalized, by the same principle so would automatically-generated petitions. So would spam. So would noise pollution. It sets an extremely toxic precedent.

Yes, precisely. "Anyone" is professional shorthand for "any qualified person."

See? You learn something every day. Of course definitions vary as to what constitutes a qualified person, and so it may seem that the point I was making is based on an arbitrary measure, but not so.

Consider a normal curve which models expertise across a population of developers. The concavity of a normal curve inverts one standard deviation to either side of the mean. Obviously it's harder to find candidates as you move above mean expertise, but what's significant is that beyond one standard deviation, your efforts begin delivering less than linear gain. And it becomes worse the further you go. If you really must go out three sigmas for someone who is sufficiently qualified to do the work, you're trying to correctly pick one or two resumes out of a thousand.

Can you settle for two sigmas? Then, for that fractional concession, your chances improve better than tenfold of being able to find the person you need with the resources you can afford. The optimal point is not arbitrary, because the function is not linear.

Dude, you've just perfectly described my work! And with a compelling metaphor at that. May I borrow it? (With credit to you, if you'd like.)

What he's suggesting is having multiple certificates corresponding to one private key.

Ah, interesting. Having generated the key pair, you submit the public key as a cert signing request to multiple CAs. Then you would have a hot spare if one of the certs was revoked. It seems like a worthwhile idea.

But that's not what he's suggesting. You will end up with multiple server certs all right, but there is no way for a client to know that, so it can't undertake to validate all of them, which is specifically what he's suggesting would be a useful safeguard for the client. He requires an and operation and you're proposing an or. Nor is it useful to add some capability to assert multiple certs. If one of the certs is compromised, that's the one which a rogue server will assert is the only one. His proposal requires integrity of a single cert with respect to multiple signers, and X.509 doesn't provide for that.

It's not impossible in principle. Given a sufficiently large key pair, you could split the public key into pieces and have each CA sign one of them. Only if all certs validate will the client concatenate the complete public key and use it perform a handshake with the server. But it's not X.509 and I think we still have the problem of how the client is supposed to know to do this.

Late in my career, I find myself surrounded by genius developers. That's rare. Mostly the better developers I have met are fast and smart, but somewhat conceited and not particularly careful. I run across someone with real talent maybe once every five years, if I'm lucky. And by talent I mean that they write consistently beautiful, correct, modular, extensible, exemplary code. Okay, maybe once every ten years would be more accurate.

The people I'm working with now, well, I'm still making up my mind. They really are geniuses, by which I mean that they're exceedingly smart, blindingly fast, and exceptionally careful in their work. It's hard to fault them, though it's not easy to understand them. And, apart from feeling totally outclassed, mostly I'm in heaven.

There's just one missing piece, and you touch on it in your comment. The best possible code is the most maintainable code. If it takes a genius to maintain it, then you need a reliable supply of geniuses. These, by definition, are in short supply. If the code is unpleasant as well as difficult to maintain, you will have difficulty motivating and retaining those geniuses. All of this serves only to magnify business risk. You would be far better off with genius code that anyone could maintain. But that takes real talent.

X.509 doesn't have this capability. The certificate has exactly one issuer.

See http://tools.ietf.org/html/rfc5280#page-20

We need to be clear about what EV is. It's not about SSL, it's about X.509. It doesn't solve a technical problem because EV identifies no technical problem with X.509 certificates. EV promises a procedural solution to a procedural problem, namely the failure by Certificate Authorities to take reasonable care to check the real-world credentials of certificate requestors in order to determine that they are who they claim to be. In effect, the CAs are saying, "Yeah, well, we were a bit negligent the last time around, but we promise to do a better job next time if you just pay us more money."

So I share your misgivings about whether EV has improved security, but for rather different reasons. And there's nothing saying that we both can't be right.

No big deal? You don't know what you're talking about.

Times may have changed since I used to play with Lego, but let me tell you what it was like. I didn't get an allowance until I was a teenager and even then it was only 25 cents a week. Mowing a lawn in those days was worth $1. Paper routes paid better, but the point is that none of this was available to an eight-year-old child whose creative imagination had exceeded what he could do with a small shoebox half full of bricks. When the smallest box of Lego bricks cost three bucks, any progress on that front entailed a lot of saving and self-denial in other areas.

My friends and I used to pool our collections, of course. Our ambitions weren't entirely frustrated. And we would often get them as gifts, which is how we had any sort of collection to begin with. But no matter how hard we tried, we never had enough to really do anything. So did we, at age eight, understand the value of a dollar? Oh yeah, you bet we did.

The world sucks. The code is in it.

Nicely said. It's true that code shares characteristics of the world at large because it exists to model that world.

Though I can't verify your premise that the world sucks, I can still enjoy it as rhetoric. Certainly the world is complex, and so our efforts to reduce that complexity to something more tractable will meet with varying success. Here are a couple of examples that go against the claims in TFA:

• When I was an undergrad, computer science was just starting to take off as a distinct discipline. Some excellent work had been done in theory of computation - because there is a strong meritocracy operating in the field of mathematics - but no such meritocracy had yet been established for the art and science of writing software. I saw a lot of code on the blackboard and in textbooks that, even to my inexperienced eye, was obviously flawed. The presentation was aesthetically unpleasant and stylistically not even self-consistent. Most of it wouldn't compile, much less produce the expected results. Even then I could do better. I met exactly one prof during those years who actually tested his code before presenting it to the class. So it's not automatically the case that "nearly every sample program in every textbook is a perfect and well-thought-out specimen." I'm sure the situation has improved, because our experience and culture and expectations have changed. I'm sure that it still falls short of perfection, because I can still find occasional errors in CS texts. Not every academic is a great programmer. Some of them are pretty dreadful.
• As concerns "software in the wild", I have the good fortune at the moment to be working at a stellar software development company. It blows my mind how good these guys are. That's not to say their code is perfect, but as something which is actively involving, it's well on the way to being perfect. As far as I'm concerned, it's as readable and engaging as a good novel. Programming idioms are gracefully executed and nothing seems out of place. It's cognitively consonant. I think it's an amazing human achievement that, in just one generation, we have become conversant to such a degree in this new medium of expression that the medium no longer gets in the way but lets the underlying ideas shine through.

If nature provided practically unlimited general computing power really easily, code would be frickin beautiful.

Ah, but it does. What is DNA if not code for operating a certain broad class of 3D printers? But as to whether the code is beautiful, who can say? We can only observe that it produces functional results for the most part. The very fact of its existence in such compact and enduring complexity is a sort of beauty, but is the code itself elegant, efficient, pretty, readable?

We know that most of the gene in a given strand of DNA are turned off. Does that mean that the code is inefficient, or are these sequences like the methods of an enormous class library, written by the brutal evolutionary hand of trial and error, now dormant but having the potential to be activated should appropriate conditions develop? Sure, we don't need gills today, but sea levels are rising.

If every Canadian threatened with legal action over Hurt Locker pirating were to tell the lawyers "I'll see you in court" they would go bankrupt in a hurry

The good news in this is that Canadians already have fair confidence that the courts will safeguard them against this kind of harrassment. The FUD program was never able to gain traction here before, and it's certainly not going anywhere now.

I can say from having worked in both private and public sectors that government is predictably not a first adopter of emerging technology. There may be occasional small bursts of innovation here and there, but overnment culture is highly conservative by nature.

You don't get points for taking risk with taxpayers' money. You do, however, get points for showing an abundance of caution which typically leads to endless meetings, signoffs, prototypes that nobody can be bothered to evaluate and reams of documentation that nobody will ever read. And so, taxpayers' money is still wasted, but you see, it's being wasted accountably. And in some sense this is preferable to simply going off the rails because of insufficient oversight.

But you can see why something like IPv6 is not getting fast-tracked by government. Hey, I was the only one among some thirty Network Administrators in my group to have actually done any actual network engineering. Most of my colleagues wouldn't be able to tell you the difference between an IPv4 and an IPv6 address. That's no exaggeration, I assure you. It's not that they're not earnest and hard-working. They're pretty good people. But not given to pushing the envelope, I'd have to say.

Here's a corner case that might help to define the space of possibility for people who want to maintain a durable technological career.

This is my 42nd year of writing software. After about five years of that, and halfway through an honors degree in CS, I had gotten seriously into systems programming, because it was cooler, deeper, more sophisticated, more interesting, and because in those days there was a such a painful lack of good development tools that to do anything else struck me as a waste of time.

In such a long career, I've gotten to try my hand at all kinds of wonderful things. I've designed global networks and programming languages. I've covered the range from architecture to operations, I've instrumented kernel code, written device drivers, and directed supercomputer facilities. I've worked in research, industry, and government. I've worked in several countries.

And I'm not particularly smart. This is the main point I want to make. I have a lot of breadth and depth to draw upon, but no brilliance. I reason carefully and explicitly rather than relying on brilliant leaps of intuition. I write beautiful code that's a pleasure to read and maintain. Very rarely is it clever or hard to understand, because among other things I'm committed to clear documentation, and there's nothing quite like trying to document a flawed design to make you want to go back and fix the design. So I think I represent an edge case for a certain kind of excellence that challenges the prevailing - and false - dichotomy between rockstar leadership and rockstar development. There is a middle way, and I bet that a lot of you are travelling on that way. But because it's not about drama, it doesn't call attention to itself.

This year, I'm working at a very cool place that's deeply committed to open source, and is rapidly making a name for itself in private PaaS. Compared to every other career experience I've had, the level of intelligence at this place is fucking off the scale. In this group, I'm nowhere near the smartest guy in the room. Yet, in their wisdom, the management here somehow picked me from among all the other hopefuls for this senior position.

So, here I am, surrounded by all this amazing talent, trying to keep up. To put a whole PaaS stack together is not a trivial undertaking, especially with evolving goals and such fierce competition in the industry. This in itself definitely constitutes another edge case. There's a need for real genius here, no question. We have to move forward very fast on several intersecting fronts, as fast as we can possibly go, and not trip each other up.

Somewhere near the intersection of these two edges is a zone of exceptional performance in which an abundance of genius is, I hope, tempered with something more reflective and methodical. Decades ago, I used to tell the young hotshots that it's no good designing something that nobody else can maintain. The group I'm in with today doesn't need to be told anything so obvious as that. They already get it. But still, their habits of thought cause them to be impatient, to miss details, to speed impulsively from one shiny new thing to another without regard for the turbulence left in their wake. I think this is probably a necessary cost for the kind of work we're doing. It may be necessary but it's not sufficient. You also want to keep everyone tuned harmoniously, make sure that the core areas are being solidly filled in, that reasoning is explicit, that risks are identified and mitigated, that we can sustain what we're doing and not become spread too thin.

I find that it's been hard to earn credibility in this group, particularly among the younger people, when you are not actively advocating for some sexy new thing. That's what they like to hear about, perhaps to a fault. And so, in my first couple of months, I was sniped at quite a bit more than I regard as proper to reasoned debate among professionals. What's interesting is that the situation is turning around. I'm winning these arguments. Why? Because, having no genius to defend, my ego is not at stake. I have superior social skills, so I meet the occasional little pissing contest with better grace (having already made my full share of mistakes in the past.) Now I'm only interested in getting at the truth, and that requires not much more than careful, methodical reasoning along with a certain measure of kindness.

And finally, some of the projects that I'm working on are finally spinning up in production. That's a fair test, isn't it? I think people were skeptical at first because I didn't dash off a quick and brilliant prototype as they would have done, but approached the design with quite a bit of forethought. I don't hear many "it will never work" assertions any more, given that everything is integrated, documented, and working perfectly.

Thank you for pointing out a flaw in my argument.

What I should have said was that your claim was akin to choosing at random from the original class population. What are the chances that you will pick a competent surgeon from among them, knowing that only 10% will graduate?

It's still not the case that this population is somehow more competent for being larger. But this seems to be exactly what you're claiming, that from a large school you'll pick any graduate, but from a smaller school only provided it had higher graduating standards.

Don't you see that, no matter how you slice it, the size of the graduating population doesn't matter? It could be a huge class or a tiny one, you're still going to be picking at random. This is the basis of statistical sampling.