That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.
I'm pretty happy with ProtonMail in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access (and can be time-deleted).
Of course, it's not Google Inbox in terms of features, but it gets the job done. You can always do full PGP with any service, but you have to know what you are doing.
Until things get insanely simple, in this day and age, you've got to learn, and do what you can for your right to privacy.
If you go to a conference that is part of an active community, the biggest benefit IMHO is the human networking. Get to mingle with people who share your interests, values and ideas, and learn from others, teach what you know, and just get to have interesting discussions that can influence the direction of the project.
In my 29 years in the industry, I've attended many, many conferences. They all have their peak years and peak value, until they don't. Some communities just grow too large and become too broad. Networld+InterOp was one of my favorites to attend back in the 90s, but they grew too much and became too dominated by vendors. Sadly, the same has been going on with the OpenStack community in recent years, with the additional annoyance of petty fights about direction.
The folks at the Cloud Foundry Foundation keep their conferences deliberately small and targeted to the core audience, which makes them much more enjoyable, although it becomes harder to get talks accepted.
And let's face it, some conferences (particularly vendor conferences) are not very valuable, but they throw great parties, with lots of swag, free booze and just plain fun with single-serving friends. Those also have their niche, and there is nothing wrong with that either.
Just be clear what do you (or your employer) want to get out of the conference and go from there.
There has been quite a bit of innovation in turbines in recent years to try to mitigate this. I personally find the Vortex bladeless technology to be the most interesting new development in this field, and has the potential to eliminate the problem altogether.
It never ceases to amaze me how prevalent and commonly accepted are UFOs in the Chilean collective psyche. You can even do a general search in the news for UFO-related articles and come back with a bunch (in Spanish). In virtually all cases, the generally accepted belief is that they have an extraterrestrial origin.
An overwhelming 85% of Chileans believe in the phenomenon, compared to a 48% of Americans, and the topic can easily come up in any colloquial conversation among regular people as something totally accepted.
Coincidentally, Chile is also fertile ground for "spiritual movements" that very regularly include UFO elements. As a Chilean myself, and as someone who was attracted to those movements in my 20s, I struggle to come up with a clear explanation of why Chile in particular seems to be so captivated by beliefs in the supernatural. Michael Shermer does a good job explaining generically why people believe weird things, but doesn't explain why certain specific cultures or countries seem to be more susceptible than others.
I, for one, believe the reason is the lack of formal teaching of Critical Thinking as a subject, throughout the school curriculum. In the US, critical thinking is virtually part of all subjects in the new Common Core standards, from K to 12. They were even part of the old standards, at least in all science classes. Although things may be different in Chile now (I graduated high school in 85), I don't recall to have ever been taught critical thinking skills. That's something I discovered years later when I moved to the US. That in spite of having gone through a rigorous degree in Computer Science at the University of Santiago. University careers, at least back in my day, were very technical in nature, and focused very narrowly on deep subjects, without concern to create a more rounded individual. That was an exercise left to each student.
Both are fine options indeed. But you don't really need the routing core to deem the system secure. You only need to see the source of the clients to determine if you can guarantee end-to-end encryption. How the messages get routed is another story altogether, and your only concern would be metadata collection (which you should always assume it's happening anyways). I, for one, would love to see WhatsApp Erlang routing core and how do they do it, but it's more for my personal curiosity than true security.
IMHO, in the ideal situation, every WiFi access point should include by default a second SSID mapped to a VLAN that can allow complete traffic isolation between the personal network and the guest network. The guest network should be IEEE 802.11s-enabled to allow roaming and mesh networking, and 802.11u for interworking and authentication. In that way, emergency responders can have access to a network while protecting individual's privacy. Even nicer would be an emergency responder's network only available to them with CJDNS over those mesh networks. In that way, members can trust they are who they say the are, and all communication is encrypted.
Since I don't use Facebook, my number should be irrelevant to them to serve me advertisement in their platform. Furthermore, I use the anti-social plugins for browsing so they don't get my browsing history either.
If this really bothers you, Signal is a perfectly good alternative to WhatsApp, which is completely open source and with almost identical functionality. Another surprisingly good and also open source alternative is Wire, which doesn't rely on phone numbers, and it's completely multiplatform.
If you can't vote with your dollars, vote with your feet.
Mod parent up. I've seen *exactly* the same you point to virtually everywhere. But one thing I'd like to add is the perspective of the "startup", not only the large companies. They are great in luring you with big promises and massive amounts of stock options while offering crappy salaries. This also unfavorably caters to the young who can afford the gamble, and who are too naive to understand the downsides. They are not necessarily in the H1B game, but their way to keep you "at bay" is with their "at will" contracts, where a CEO can just fire you for no reason. HR is a third party outsourced company.
The IoT market is indeed insanely hot and competitive, and time-to-market can make or break a product's success. This means that the MVP version (minimum viable product), that is supposed to be just the first step in an iteration, many times ends up becoming the version that gets shipped.
It's very rare that security is considered in an MVP. Some simpler types of IoT devices (typically send-only), that rely more on the cloud back-end, may have better luck by improving the security of the cloud-based components over time, but if the device accepts input and network commands, all bets are off.
Not this time. I think this is an acknowledgment that they need to rethink what's important, and it's not the OS anymore. It's the Cloud (both, IaaS and PaaS), where AWS is the biggest competitor and the one to beat, reason why Azure is so strategic for Microsoft. They need to have expertise and business solutions whatever underlying OS the customer may choose. If Linux, they need to have an outstanding support for it in Azure and across all their offerings.
We may think this is the same old Microsoft, but I believe they are going through one of their biggest reinventions to date.
Mod parent up. I feel more ashamed that it's actually MY congresswoman, and I will write her a note, because this is absolutely non-sensical as many have already pointed out. It will stop nothing.
I can get any low-end Android phone, put it in airplane mode and never sign up with a carrier, connect to any public WiFi network, and use a SIP client with ZRTP to connect to a server paid with Bitcoin to do my anonymous calls.
This is classic government reactive approach with no input from subject matter experts, always 10 steps behind.
May be I'm just getting old but I cannot wrap my head around these kinds of deals. Paying 100M for bullshit like that, when I can enumerate dozens of startups with amazing technology and real innovations in cloud, back-end services, automation, platform, security, etc, that can barely get a couple of millions to continue their development. The industry is ran by teens now.
Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?
If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. They achieve this using a modified version of the Xen hypervisor with lightweight VMs with a common hardened X-based interface.
These folks don't release very often, and this update has been coming for a long time, and it's very welcome. Particularly the UEFI boot support, that has blocked me to be able to install it on my private laptop.
For years, many voices in tech have been screaming about lax security and privacy controls in most devices and online services. Well, this argument may end up being a Straisand Effect of sorts, by encouraging the tech community to finally rally together and develop the kind of systems where this will be a non-issue: zero knowledge, end-to-end encrypted, ephemeral IDs when we need it, plus validated, immutable, blockchain-based distributed trust systems when we choose to. Heck, right before this story in Slashdot you have the one on the release of Wire. We'll see more and more of this. The government has no idea of what they've unleashed.
What broke down here is the threat assessment model. Was there a competent team of interdisciplinary experts who reviewed the threat and concluded it was reasonably credible? then no need for a CYA, since you are doing your job.
But if this was based on the consensus of a few local folks you know, that may or may not have a respectable background to advice you, then it's on you.
First of all, if they would have a semi decent IT Security expert as part of their threat assessment team, they wouldn't even have reported that "the IP address was from Germany" since they'd know it's largely irrelevant, being most likely a Tor exit node or a VPN end point, if it didn't match a well-known origin. Instead, they'd focus on the language, plot details and other things that can reveal if this is indeed credible or not. Then they'd probably correlate with similar chatter in other places (like NY), and on and on.
I'm not sure if every major city should have one of such teams on stand-by, but at least a "service" should exist for these kinds of things so someone like a School Superintendent or a Mall Manager can tap into.
CI/CD systems will automate the heck out of everything, and there will be less and less visibility into what's running where and how.
"Cloud Native" applications designed around microservices with well-defined interfaces and running in some PaaS "somewhere" will become the norm. I sadly foresee that developers themselves will be expected to become microservices, basically expected to do one thing only, and one thing well, and forbidden to look beyond their immediate horizon of the ever rolling Agile backlog. There will be less space for creativity at the individual level, and massive invisible machine learning software running in the back-end of the datacenters will automatically generate "facts" for the suits in charge, and possibly even stories on a backlog based on those facts. In 20 years, they'll generate their own code.
This could be easily solved by having a single place (a web site and an app) where the scientific community at large shares with the public what's the current consensus, explained in the simplest terms possible, with links to credible resources to second level and third level of depth.
The site needs to be authoritative, and widely known as the single source from the community, so if anyone ever has a doubt, they know where to go to understand what the scientific community really think about a certain issue.
This does not mean by any means the absence of debate, or the constant change in views and information, but a place where the bulk of the community put their minor differences aside for the benefit of the common good and their own, by helping closing those gaps.
First, SSNs themselves should not be "stored" in any database. They should be used dynamically for initial patient validation and stored as a salted hash. For that matter, you can do the same with DOB and other key identifiers that are not required for anything but for validation. Use an internal patient number as index for everything else. Second, use MAC (Mandatory Access Controls) for any app or microservice attempting to access specific portions of data. Any unauthorized attempt to access a record should be logged, and if you really want to catch the bad guys, do a transparent session forward to a honeypot with a fake database. Third, use 2 factor authentication for any remote access to the data. Fourth, all internal systems should run virtualized and accessed over VDI, no data on laptops, ever. Is it really that hard?
I was on a business trip once going from Lima, Peru, to Arica in Chile on a 727 when the pilot announced that the navigation system in the plane was basically dead. Instead of freaking out, he lowered the altitude and he visually followed the Iquitos river and other landmarks, piloting the plane the old fashion way, taking us to the destination safely.
In a windowless cockpit that would have been a non-starter. I for one, want to keep an "analog backup" as an option. Thank you.
I *want* to pay for a service like that. I'm eager to pay to watch what I like when I want it. But with decisions like that, they leave people like me NO choice but using "alternative" methods like Sickbeard + SABnzbd, forcing me into the underground. These guys are so far behind the times it's like watching a 1950s movie. Term limits!
H1B visas serve only to drive down wages for US employees. Additionally, they end up training foreign talent that are later kicked out of the country (after 3 or 6 years, depending upon whether the visa is renewed).
Not necessarily. They system may be corrupted now, but I doubt that's the only reason why we created this program. I came to Silicon Valley 14 years ago specifically because I had skill sets that were required by my company at the time and were simply not available (like speaking specific languages and understand local cultures in specific countries, in additional to specific technical skills), so for all intents and purposes, it was completely legit. I was also very naive at the time and I openly discussed salaries with my co-workers (something pretty common where I come from) so I realized I was NOT being paid less than them. In some cases I was being paid more.
I didn't consider I was being "trained" either. In fact, I was doing most of the training, and when the time came to look at other opportunities outside the company, almost every potential employer that contacted me already knew they'd have to renew my H1-B in order to get me, and that wasn't considered an issue, just an annoyance.
A while after I met my wife and I became a citizen through marriage, but at least my experience was very different from what other people is discussing in this thread.
Completely agree. Unfortunately, it's a normal part of the growth and maturity of a new industry. We tend to forget how new all this stuff is. Adjustments, consolidations and failures will occur, but they will collectively contribute to a more robust ecosystem down the road. Like with any technology, early adopters tend to get screwed, the difference is that people were treated as "consenting" early adopters when in reality they thought they were relying on a "permanent" service.
What I do find interesting though, it's the desire from Canonical to release the source code. That can be very beneficial for all of us and new services can be spawned from there. It will be good to see what did they use underneath (Csync2 may be?) and it will be good to have alternatives to ownCloud and other services.
The real issue here is what's actually going on in SF. If you don't live here you probably don't know, but there has been a lot of soft aggression against tech workers regardless of the company all over the city, simply because more and more are moving in, driving up the prices of housing and attracting more higher-end businesses, effectively changing the nature of traditionally "working class" neighborhoods. Classic gentrification.
This bar in particular is more of a punk-type place, located exactly in one of those areas under rapid changing, so the presence of someone with GG was probably an in-your-face reminder (no pun intended) of the situation many of the locals are experiencing.
I can personally understand both sides, but I tend to side with history: everything changes over time and different forces will produce different changes. You can fight it only to a certain degree, but change is inexorable, and you can't forever cling to "the way things were before".
Reason why I left the programming world a long time ago and became a pre-sales engineer. Harder to outsource if the product being sold is highly technical, and it pays substantially better than a pure programming/engineering/IT/back-end job. I'm not saying it's impossible to outsource, but if you choose the segment right and you are good at it, chances are you can retire before you see these type of jobs getting pushed overseas as well.
Slashdot Mirror
That's why you always choose a zero knowledge provider. Someone that provides you a service but doesn't have access to read the content.
I'm pretty happy with ProtonMail in that area. They are not only located in Switzerland, with much stronger privacy laws, but also, they encrypt end-to-end, and therefore, have no access to the content. Mail between users in ProtonMail are automatically encrypted, while mail to someone outside the system can be sent as a URL the receiver has to have a password to access (and can be time-deleted).
Of course, it's not Google Inbox in terms of features, but it gets the job done. You can always do full PGP with any service, but you have to know what you are doing.
Until things get insanely simple, in this day and age, you've got to learn, and do what you can for your right to privacy.
If you go to a conference that is part of an active community, the biggest benefit IMHO is the human networking. Get to mingle with people who share your interests, values and ideas, and learn from others, teach what you know, and just get to have interesting discussions that can influence the direction of the project.
In my 29 years in the industry, I've attended many, many conferences. They all have their peak years and peak value, until they don't. Some communities just grow too large and become too broad. Networld+InterOp was one of my favorites to attend back in the 90s, but they grew too much and became too dominated by vendors. Sadly, the same has been going on with the OpenStack community in recent years, with the additional annoyance of petty fights about direction.
The folks at the Cloud Foundry Foundation keep their conferences deliberately small and targeted to the core audience, which makes them much more enjoyable, although it becomes harder to get talks accepted.
And let's face it, some conferences (particularly vendor conferences) are not very valuable, but they throw great parties, with lots of swag, free booze and just plain fun with single-serving friends. Those also have their niche, and there is nothing wrong with that either.
Just be clear what do you (or your employer) want to get out of the conference and go from there.
There has been quite a bit of innovation in turbines in recent years to try to mitigate this. I personally find the Vortex bladeless technology to be the most interesting new development in this field, and has the potential to eliminate the problem altogether.
It never ceases to amaze me how prevalent and commonly accepted are UFOs in the Chilean collective psyche. You can even do a general search in the news for UFO-related articles and come back with a bunch (in Spanish). In virtually all cases, the generally accepted belief is that they have an extraterrestrial origin.
An overwhelming 85% of Chileans believe in the phenomenon, compared to a 48% of Americans, and the topic can easily come up in any colloquial conversation among regular people as something totally accepted.
Coincidentally, Chile is also fertile ground for "spiritual movements" that very regularly include UFO elements. As a Chilean myself, and as someone who was attracted to those movements in my 20s, I struggle to come up with a clear explanation of why Chile in particular seems to be so captivated by beliefs in the supernatural. Michael Shermer does a good job explaining generically why people believe weird things, but doesn't explain why certain specific cultures or countries seem to be more susceptible than others.
I, for one, believe the reason is the lack of formal teaching of Critical Thinking as a subject, throughout the school curriculum. In the US, critical thinking is virtually part of all subjects in the new Common Core standards, from K to 12. They were even part of the old standards, at least in all science classes. Although things may be different in Chile now (I graduated high school in 85), I don't recall to have ever been taught critical thinking skills. That's something I discovered years later when I moved to the US. That in spite of having gone through a rigorous degree in Computer Science at the University of Santiago. University careers, at least back in my day, were very technical in nature, and focused very narrowly on deep subjects, without concern to create a more rounded individual. That was an exercise left to each student.
Both are fine options indeed. But you don't really need the routing core to deem the system secure. You only need to see the source of the clients to determine if you can guarantee end-to-end encryption. How the messages get routed is another story altogether, and your only concern would be metadata collection (which you should always assume it's happening anyways). I, for one, would love to see WhatsApp Erlang routing core and how do they do it, but it's more for my personal curiosity than true security.
IMHO, in the ideal situation, every WiFi access point should include by default a second SSID mapped to a VLAN that can allow complete traffic isolation between the personal network and the guest network. The guest network should be IEEE 802.11s-enabled to allow roaming and mesh networking, and 802.11u for interworking and authentication. In that way, emergency responders can have access to a network while protecting individual's privacy. Even nicer would be an emergency responder's network only available to them with CJDNS over those mesh networks. In that way, members can trust they are who they say the are, and all communication is encrypted.
Since I don't use Facebook, my number should be irrelevant to them to serve me advertisement in their platform. Furthermore, I use the anti-social plugins for browsing so they don't get my browsing history either.
If this really bothers you, Signal is a perfectly good alternative to WhatsApp, which is completely open source and with almost identical functionality. Another surprisingly good and also open source alternative is Wire, which doesn't rely on phone numbers, and it's completely multiplatform.
If you can't vote with your dollars, vote with your feet.
Mod parent up. I've seen *exactly* the same you point to virtually everywhere. But one thing I'd like to add is the perspective of the "startup", not only the large companies. They are great in luring you with big promises and massive amounts of stock options while offering crappy salaries. This also unfavorably caters to the young who can afford the gamble, and who are too naive to understand the downsides. They are not necessarily in the H1B game, but their way to keep you "at bay" is with their "at will" contracts, where a CEO can just fire you for no reason. HR is a third party outsourced company.
The IoT market is indeed insanely hot and competitive, and time-to-market can make or break a product's success. This means that the MVP version (minimum viable product), that is supposed to be just the first step in an iteration, many times ends up becoming the version that gets shipped.
It's very rare that security is considered in an MVP. Some simpler types of IoT devices (typically send-only), that rely more on the cloud back-end, may have better luck by improving the security of the cloud-based components over time, but if the device accepts input and network commands, all bets are off.
Not this time. I think this is an acknowledgment that they need to rethink what's important, and it's not the OS anymore. It's the Cloud (both, IaaS and PaaS), where AWS is the biggest competitor and the one to beat, reason why Azure is so strategic for Microsoft. They need to have expertise and business solutions whatever underlying OS the customer may choose. If Linux, they need to have an outstanding support for it in Azure and across all their offerings.
We may think this is the same old Microsoft, but I believe they are going through one of their biggest reinventions to date.
Mod parent up. I feel more ashamed that it's actually MY congresswoman, and I will write her a note, because this is absolutely non-sensical as many have already pointed out. It will stop nothing.
I can get any low-end Android phone, put it in airplane mode and never sign up with a carrier, connect to any public WiFi network, and use a SIP client with ZRTP to connect to a server paid with Bitcoin to do my anonymous calls.
This is classic government reactive approach with no input from subject matter experts, always 10 steps behind.
May be I'm just getting old but I cannot wrap my head around these kinds of deals. Paying 100M for bullshit like that, when I can enumerate dozens of startups with amazing technology and real innovations in cloud, back-end services, automation, platform, security, etc, that can barely get a couple of millions to continue their development. The industry is ran by teens now.
Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?
If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. They achieve this using a modified version of the Xen hypervisor with lightweight VMs with a common hardened X-based interface.
These folks don't release very often, and this update has been coming for a long time, and it's very welcome. Particularly the UEFI boot support, that has blocked me to be able to install it on my private laptop.
For years, many voices in tech have been screaming about lax security and privacy controls in most devices and online services. Well, this argument may end up being a Straisand Effect of sorts, by encouraging the tech community to finally rally together and develop the kind of systems where this will be a non-issue: zero knowledge, end-to-end encrypted, ephemeral IDs when we need it, plus validated, immutable, blockchain-based distributed trust systems when we choose to. Heck, right before this story in Slashdot you have the one on the release of Wire. We'll see more and more of this. The government has no idea of what they've unleashed.
What broke down here is the threat assessment model. Was there a competent team of interdisciplinary experts who reviewed the threat and concluded it was reasonably credible? then no need for a CYA, since you are doing your job.
But if this was based on the consensus of a few local folks you know, that may or may not have a respectable background to advice you, then it's on you.
First of all, if they would have a semi decent IT Security expert as part of their threat assessment team, they wouldn't even have reported that "the IP address was from Germany" since they'd know it's largely irrelevant, being most likely a Tor exit node or a VPN end point, if it didn't match a well-known origin. Instead, they'd focus on the language, plot details and other things that can reveal if this is indeed credible or not. Then they'd probably correlate with similar chatter in other places (like NY), and on and on.
I'm not sure if every major city should have one of such teams on stand-by, but at least a "service" should exist for these kinds of things so someone like a School Superintendent or a Mall Manager can tap into.
CI/CD systems will automate the heck out of everything, and there will be less and less visibility into what's running where and how.
"Cloud Native" applications designed around microservices with well-defined interfaces and running in some PaaS "somewhere" will become the norm. I sadly foresee that developers themselves will be expected to become microservices, basically expected to do one thing only, and one thing well, and forbidden to look beyond their immediate horizon of the ever rolling Agile backlog. There will be less space for creativity at the individual level, and massive invisible machine learning software running in the back-end of the datacenters will automatically generate "facts" for the suits in charge, and possibly even stories on a backlog based on those facts. In 20 years, they'll generate their own code.
This could be easily solved by having a single place (a web site and an app) where the scientific community at large shares with the public what's the current consensus, explained in the simplest terms possible, with links to credible resources to second level and third level of depth.
The site needs to be authoritative, and widely known as the single source from the community, so if anyone ever has a doubt, they know where to go to understand what the scientific community really think about a certain issue.
This does not mean by any means the absence of debate, or the constant change in views and information, but a place where the bulk of the community put their minor differences aside for the benefit of the common good and their own, by helping closing those gaps.
First, SSNs themselves should not be "stored" in any database. They should be used dynamically for initial patient validation and stored as a salted hash. For that matter, you can do the same with DOB and other key identifiers that are not required for anything but for validation. Use an internal patient number as index for everything else. Second, use MAC (Mandatory Access Controls) for any app or microservice attempting to access specific portions of data. Any unauthorized attempt to access a record should be logged, and if you really want to catch the bad guys, do a transparent session forward to a honeypot with a fake database. Third, use 2 factor authentication for any remote access to the data. Fourth, all internal systems should run virtualized and accessed over VDI, no data on laptops, ever. Is it really that hard?
I was on a business trip once going from Lima, Peru, to Arica in Chile on a 727 when the pilot announced that the navigation system in the plane was basically dead. Instead of freaking out, he lowered the altitude and he visually followed the Iquitos river and other landmarks, piloting the plane the old fashion way, taking us to the destination safely. In a windowless cockpit that would have been a non-starter. I for one, want to keep an "analog backup" as an option. Thank you.
I *want* to pay for a service like that. I'm eager to pay to watch what I like when I want it. But with decisions like that, they leave people like me NO choice but using "alternative" methods like Sickbeard + SABnzbd, forcing me into the underground. These guys are so far behind the times it's like watching a 1950s movie. Term limits!
I use the ReiserFS, you insensitive clod...
H1B visas serve only to drive down wages for US employees. Additionally, they end up training foreign talent that are later kicked out of the country (after 3 or 6 years, depending upon whether the visa is renewed).
Not necessarily. They system may be corrupted now, but I doubt that's the only reason why we created this program. I came to Silicon Valley 14 years ago specifically because I had skill sets that were required by my company at the time and were simply not available (like speaking specific languages and understand local cultures in specific countries, in additional to specific technical skills), so for all intents and purposes, it was completely legit. I was also very naive at the time and I openly discussed salaries with my co-workers (something pretty common where I come from) so I realized I was NOT being paid less than them. In some cases I was being paid more.
I didn't consider I was being "trained" either. In fact, I was doing most of the training, and when the time came to look at other opportunities outside the company, almost every potential employer that contacted me already knew they'd have to renew my H1-B in order to get me, and that wasn't considered an issue, just an annoyance.
A while after I met my wife and I became a citizen through marriage, but at least my experience was very different from what other people is discussing in this thread.
Completely agree. Unfortunately, it's a normal part of the growth and maturity of a new industry. We tend to forget how new all this stuff is. Adjustments, consolidations and failures will occur, but they will collectively contribute to a more robust ecosystem down the road. Like with any technology, early adopters tend to get screwed, the difference is that people were treated as "consenting" early adopters when in reality they thought they were relying on a "permanent" service.
What I do find interesting though, it's the desire from Canonical to release the source code. That can be very beneficial for all of us and new services can be spawned from there. It will be good to see what did they use underneath (Csync2 may be?) and it will be good to have alternatives to ownCloud and other services.
The real issue here is what's actually going on in SF. If you don't live here you probably don't know, but there has been a lot of soft aggression against tech workers regardless of the company all over the city, simply because more and more are moving in, driving up the prices of housing and attracting more higher-end businesses, effectively changing the nature of traditionally "working class" neighborhoods. Classic gentrification.
This bar in particular is more of a punk-type place, located exactly in one of those areas under rapid changing, so the presence of someone with GG was probably an in-your-face reminder (no pun intended) of the situation many of the locals are experiencing.
I can personally understand both sides, but I tend to side with history: everything changes over time and different forces will produce different changes. You can fight it only to a certain degree, but change is inexorable, and you can't forever cling to "the way things were before".
Reason why I left the programming world a long time ago and became a pre-sales engineer. Harder to outsource if the product being sold is highly technical, and it pays substantially better than a pure programming/engineering/IT/back-end job. I'm not saying it's impossible to outsource, but if you choose the segment right and you are good at it, chances are you can retire before you see these type of jobs getting pushed overseas as well.