The analogy is if you suspect someone of stealing your wallet, you are allowed to break into their house, search through it to find and take back your wallet, destroy a few things here and there to prevent them from pickpocketing in the future, and then call in the police to arrest the guy.

Oh, but if you made a mistake and destroyed some random person's stuff, well, you were still acting within the law.

Isn't associating non-Google app and web site activity with Google information sort of necessary in order for Google Now and Google Home to work properly?

House of Cards distribution rights are not solely owned by Netflix. Wikipedia indicates distribution is jointly owned by Netflix and Sony. Compare to Daredevil or Luke Cage, which I think was launched simultaneously everywhere, where Netflix is listed as the only distributor.

What happened to all the /. posts about how there is an excess of qualified U.S. candidates and companies asking to raise the H1-B cap are just trying to pay people less?

Anyway, OP's problem is one I think is very common when you're actually looking for someone really good. Even if crypto or security is not the primary job, a senior architect/developer/designer will be able to do a much better job knowing about crypto and security for the same reasons such a person would do a much better job knowing about multi-threading or cache behaviors. Knowledge and skill in those areas will ensure the design and code starts out in a better state than otherwise. In today's increasingly security-conscious world even the most basic of applications and devices need team and project leads to consider security as a fundamental aspect of development.

A lot of answers to this post are basically stating security considerations are not important to the job or the questions are too specific. I disagree with that. (Although I do think it would be OK for people to make a few mistakes around details in an interview as long as they demonstrated proper understanding.)

Maybe a candidate does know how to set up a web site to use HTTPS instead of HTTP. Does that same candidate know why certain cipher suites should not be used? And that really only secures the public network communication. What ensures user passwords are not easily accessed while in use and not just while at rest? How do you protect sensitive keys, symmetric or private, like the one used to encrypt user data?

If you're putting together something super simple and turnkey like a personal blog then maybe you can get by just following examples you read online. But if you're actually developing a new application or device then your solutions will need to be customized to your needs and capabilities. And that's not something you can copy/paste out of a Google search.

I had tried using GnuTLS for a while in one of my builds (with libcurl, I think), but found it didn't always work right while OpenSSL did. I'm not sure if that is because I had to do something different with GnuTLS, but it just wasn't happy as a drop-in replacement.

Anyway, I don't think "trust should be earned" works. If you visit a banking or shopping web site, in what way are they supposed to earn your trust before you do business with that web site? I can't think of a particularly good way (scalable, understandable, and convenient) other than the "I trust X and X trusts Y so I can trust Y" approach we are using today.

The New Yorker published an article named The Open-Office Trap a couple weeks ago about open offices as well, and included research data that showed open offices are a net negative to productivity. Feeling good about doing something didn't actually make that thing good. :)

That was my point. I didn't say that this unionized employee who saved the company $5M or increased revenue 10% got rewarded. My expectation is that he wouldn't, precisely because his compensation (i.e. reward) is constrained by a preset formula. Which is great for treating everyone equally, but people are not all equal. A competitor that recognizes this would come in and grab that exceptional unionized employee in a heartbeat, and reward exceptional work appropriately.

IMO, Buffer is not going to attract any amazing talent. Just okay talent. Unless they have some other sort of bonus equity policy in place to reward exceptional contributions.

Anyway, I hope you left that job and went somewhere better that would recognize and reward your abilities.

That was my point. When compensation is tied to a specific formula (be it a union-designed formula or just one the company came up with) you will run into trouble when it makes sense to reward exceptions. All people are not equal, nor do people or their ideas all fit into nice little compensation buckets. In such an event, the people with equity or who are not constrained by those buckets are the only ones who can benefit.

Instead, that exceptional employee is probably best off taking a competitor's job offer because that competitor is willing to recognize and reward being exceptional.

There are ways you can figure that out without having to know your coworkers' salaries. For example you could interview at other places or read salary data online. If a company is afraid of losing you, they'll do what they can to keep you. If you're worth more than your current employer will acknowledge, then changing jobs would be a good idea. This tends to be why the average tech job these days is a few years instead of a lifetime like it used to be--employees started embracing the free market. If it turns out you're not actually worth as much as you think you are, the free market will end up letting you know (most likely) although learning that might be a tough lesson.

You can get information your employer doesn't have, such as what other companies are willing to offer you to jump ship and work for them. You can also do research online to see what salary surveys have to say. And finally, if you're willing to, you can also pay for the knowledge of payroll information by geo, title, responsibilities, etc.

Comparing yourself to your coworkers can be difficult, for the very reason that you're not as likely to know what they're doing or how well they're doing their jobs as well as your employer (i.e. managers) knows.

Of course, you can also talk to your coworkers to share information. Such as what reasons were given for such and such during salary reviews. Without getting into hard numbers.

It's bad for exactly the example you gave (and seem to embody). Everyone thinks they work harder and better than they really do, and doesn't really know what other people do or thinks that other people's work is easy or worth less. It happens between couples at home (e.g. housework) who are in love with each other and spend a ton of time together and know each other very well. Of course it's going to happen in the work place.

Unless a person's work is only measured in the number of non-defective widgets made per hour, human nature gets in the way. (Plus, the quality of a lot of non-robot work is a subjective measurement.)

I'm sure that's true. But do any of the unionized employees produce or create at a much higher level of quality or quantity than others? Most businesses desire that, and humans tend to desire recognition of some sort. A shout-out is good enough for some, but if any employee realizes that they could be earning twice as much and/or receiving much more tangible recognition continuing to do what they love only for a different company, many will do so.

Let's say one of your unionized coworkers came up with and lead the implementation of an idea that would save your company $5M or increase revenues by 10% over the next year. What would their expected reward be? If a different company saw that result (or potential) in that same coworker, what might they be willing to extend in terms of a job offer to that person?

By similar argument, it would make sense for Apple, Google, Facebook, etc. to pay employees along shared bands (why limit it to within a single company?). But that's actually illegal. Tech companies that do pay that way (e.g. IBM) are not attracting the top talent these days.

The Xbox 360 red ring of death (RRoD) fiasco had a very high failure rate (relatively speaking) at a very high cost to Microsoft ($1B USD) and they originally denied any manufacturing/design flaw. The 3 year replacement program was only established about 1.5 years after release, when they finally acknowledged the problem.

You are perhaps an unlucky outlier of hardware failures (perhaps you should be checking your gaming environment) but attempting to paint the Xbox 360 failure rate as comparable to the failure rate of other consoles is ignorance, and Microsoft's "better" service of those failures is a direct result of the high failure rate coupled with a massive PR hit.

That's a pretty ignorant extension of trust, in my opinion. (Which you've qualified with 'most'.) But I am pretty sure you understand some other issues well enough to evaluate candidates such as their positions on abortion, terrorism, same-sex marriage, etc.

In addition to social issues, hard science doesn't cover economic issues very easily. I don't think it is responsible at all to ignore issues just because you can't fully understand them. You should make an effort to understand. A President who throws a bunch of money at NASA and the NSF but can't figure out the economic feasibility of health care reform or conversely believes the death penalty should be applied to all felonies because it makes economic sense isn't going to be so great.

Yeah, Stars In My Pocket Like Grains Of Sand is excellent but was the hardest for me to get through, out of the works I've read. The combinations of Babel-17 and Empire Star are great and I would recommend them. Dahlgren is his most popular work but a little harder to get through.