1. 58
  1.  

  2. 18

    Wow, this really helped me understand that I have some seriously bad biases against congresspeople’s technical understanding.

    1. 5

      Maybe I’m just too biased, but something about his phrasing made me think that he had these questions given to him, with the intent to sound technical? It’s just an impression, and I don’t know anything really about the person, but nevertheless I’m surprised that I seem to be the only one mentioning this (even if it’s wrong)?

      1. 3

        I’m pretty sure a good campaign manager will find ways to insert topical questions in congressional hearings. They’re one of the few ways a congressperson can get known outside their districts.

        1. 5

          This is not the most hot-button issue, so perhaps it’s better to give him the benefit of the doubt? Sound bites from this hearing are unlikely to make it to the nightly news. The congressman was an intelligence officer for a while, so he may genuinely have that experience.

          1. 5

            It would be fun if the congressman could take part in an AMA or similar so we could learn more

    2. 14

      “Congressman, I don’t have all the answers to your very technical questions…”

      That’s not something you hear everyday. Who is this Riggleman guy?

      1. 7
        1. 2

          It’s interesting because he sounds decently familiar with GitHub. I wonder how many Congresspersons have GitHub accounts, if any?

          1. 5

            Perhaps your expectations of congressman is so low that the ability and initiative to use a website to do research is the more surprising part, because it doesn’t take a lot of familiarity with Github to perform a search. He did sound familiar with programming on more than a surface level, however.

            1. 7

              He was able to talk confidently about nightly toolchain builds though, which takes a fair amount of technical understanding.

              1. 12

                His mention of DoD practice leads me to think he picked this up as an intelligence officer. You don’t have to be an experienced developer to recognize high-level risks. Extrapolating from a single point of experience working for a former I.O. for several years, they have a keen skill for picking through details.

                1. 1

                  He was also an NSA contractor.

                  1. 1

                    I think he did indeed mention he had a background in intelligence.

                2. 4

                  What jgb said. He talked like a programmer or project manager, not someone vaguely familiar with it.

                  1. -5

                    It’s not so much low expectations it’s just the average age of a congressperson is 57, so it’s kind of new to see folks who would be familiar with something like Git.

                    1. 29

                      About half my computer science lecturers at university were older than that, and they were all familiar with git. My dad’s about that age, and he’s familiar with git.

                      57 isn’t actually particularly old. Many of the pioneers of computer science have died of old age at this point. We’re well past the point where programming or computer science is a ‘young man’s game’ in any reasonable sense.

                      1. 5

                        The number of programmers doubled roughly every 5 years for a long period of time. Possibly from the beginning up until recently. This suggests that there are 64 times more 25 years old programmers than there are 55 years old programmers. Yes, all the pioneers are now old. But they were exactly that: few pioneers.

                        Programming has never been a young man’s game, but this exponential growth skews the numbers like crazy, and make it appear like a young man’s game. After all, if the only thing you know about someone is their age, the older they are, the less likely they are to have learned programming.

                        1. 2

                          there was definitely a dip in the rate of CS enrollment after the dotcom bust in 2000, but then numbers of both major and nonmajor CS exposure has seen a massive surge since 2005

                          1. 1

                            Very well explained, thank you!

                          2. 8

                            Linus Torvalds himself turns 50 this year.

                            1. 4

                              57 and working in computer science is different from the average 57 year old who may not have an in-depth exposure to computer science.

                              1. 20

                                I wouldn’t expect that the average 57 year old has a better or worse idea of git than the average 21 year old. People often claim that young people are better with technology. In my experience, they tend to not be at all.

                                1. 4

                                  In my experience, they tend to not be at all.

                                  Young people work for cheap and are more easily taken advantage of.

                                  Why do you think so much of advertising is aimed at people in their twenties? Some disposable income and not as much life experience.

                                  1. 3

                                    Yeah, the average 21 year old also has no exposure to computer science either. I agree it’s a pointless comparison.

                                2. 2

                                  Good point! My bias is showing (growing up where I did, the only people I knew who knew about computers were my age). This makes me hopeful that I can still be programming well into retirement age :)

                          3. -1

                            Yuck

                            1. 1

                              I agree that his tie isn’t the most flattering, but I wouldn’t necessarily say “Yuck”.

                              Care to elaborate?

                              1. 1

                                Lol I didn’t notice the tie. Purely a political yuck. He’s proud of bombing Afghanistan, pro-trump tax cuts, pro-deregulation, and anti-gun control. ¯_(ツ)_/¯ to whether his staffer gave him talking points on rust and javascript.

                        2. 6

                          This means that right now, the people in congress are starting to understand how critical developers are becoming.

                          This also means that we can expect a lot of regulation to kick in over the next decade, which is not necessarily positive.

                          1. 1

                            Because of all the existing federal regulation of construction workers, factory workers, managers, and CEOs?

                            1. 5

                              I was thinking more along the lines of the ethical codes, regulations and disciplinary laws that are already forced upon medical professionals and engineers.

                              1. 5

                                I imagine that medical licensure boards are probably sometimes misguided, ill informed, biased, or even corrupt. But I can’t imagine that I’d rather live in the time of barber-surgeons.

                                I for one support the idea that the practice of computer science should be regulated in some manner. I’m not convinced that mainstream academia is up to the task–I’ve met too many bright young CS grads that have heads full of algorithms but can’t open a command prompt. It seems to me that they forget all those algorithms by the time they complete their second education via industry, because I’ve met industry vets who don’t use all that fancy CS background at all in practice.

                                Make no mistake, what I propose would probably end my career, if it were to be instituted overnight. That would be a travesty.. I’ve got at least 43,000 hours of keyboard time under my belt–other than that, I only have a high school diploma. (Yeah, I count my time on the C64, don’t you? It’s a minor fraction..) But, I have made some seriously bad mistakes that affected people and organizations and I am free to do it again. I have no license to lose.

                                That said… it won’t be instituted over night, and I’m learning more formal methods every day. And I’ve done a lot of good, too. I’d be nervous in front of a hypothetical board, but not hopeless.

                                1. 1

                                  Quite off topic:

                                  Hm. Apparently I don’t use the same method of counting hours that these famous people use.

                                  Crap, or I really do put more hours in per year than they do and I’m simply not as bright as they are. Gotta be a combination thereof, right? ;)

                                  Still, it would appear that Knuth did not have the opportunity to start studying operational computer systems at 11 years old, as I did. (I’d sooner exclude my college years than those years… One simply could not argue that I wasn’t carrying out focused, deliberate study at that time.) Anyway, moving on.

                                  1. 1

                                    I for one support the idea that the practice of computer science should be regulated in some manner. I’m not convinced that mainstream academia is up to the task–I’ve met too many bright young CS grads that have heads full of algorithms but can’t open a command prompt. It seems to me that they forget all those algorithms by the time they complete their second education via industry, because I’ve met industry vets who don’t use all that fancy CS background at all in practice.

                                    Exactly. One of the biggest mistakes I see that many CS students make, is that they don’t get their “field experience” while they are receiving their education.

                                    But there is also another downside to this, because main players in the industry can take up dominant positions that enhance their grip on the market to increase their market share.

                                    Make no mistake, what I propose would probably end my career, if it were to be instituted overnight. That would be a travesty.. I’ve got at least 43,000 hours of keyboard time under my belt–other than that, I only have a high school diploma. (Yeah, I count my time on the C64, don’t you? It’s a minor fraction..) But, I have made some seriously bad mistakes that affected people and organizations and I am free to do it again. I have no license to lose.

                                    That was the whole idea of the medical bar exam right? If you pass it, you’re considered competent and allowed to practice medicine, no matter where you came from or how youv’e obtained that knowledge.

                                    However I did receive a, more recent, formal education. Send me a PM if you want a list of books I worked through or something like it.

                                      1. 3

                                        Is this list good? http://matt.might.net/articles/what-cs-majors-should-know/

                                        Yes it seems to be pretty good actually, but I have obtained my knowledge from almost a completely different set of books. So I can’t vouch for the quality of those materials. While the knowledge is certainly useful, I sincerely doubt you need to know everything on this list.

                                        However I am still missing five key points on that list:

                                        First:

                                        Systems design and analysis. This almost drifts into the area of an software architect, but you want to know which system you should use for which operations. For example: It is often beneficial to push as much of the application logic as possible into SQL stored procedures, because it simplifies the overall application. UML is also one of these things you’ll see here.

                                        Second:

                                        Geometric algorithms are missing on that list.

                                        Third:

                                        A detailed look into meta-heuristics and search-algorithms is missing. Both are fundamental building blocks for a lot of AI.

                                        Fourth:

                                        The ability to reason about systems without building them.

                                        This is best illustrated with an example question that I use as a competence test, which most CS-students and even some professors fail to answer:

                                        Suppose you’ve been handed a database which contains a table with about 4,2 billion data points and I’m asking you to provide me with an indexing strategy and an estimate about the time on the wall-clock you strategy would approximately take for each lookup in practice.

                                        You’re not allowed to use a calculator. You can assume that the system is never under a load up to a point where queuing factors have a meaningful impact on performance. You are allowed to use pen and paper, but you can easily do without. You can assume your entire index is disk-based (In reality, part of your index will probably be in main memory).

                                        Sounds hard? It’s not, once you know the tricks and the maths behind them. What I want to see is that the other person is reasoning along this way:

                                        1. 4,2 Billion is about 2^32.
                                        2. The average seek time of an HDD nowadays is about 9 ms to 12 ms, for an SSD it’s about 3 ms to 7 ms.
                                        3. The average sector size of a HDD/SSD is 512 bytes.
                                        4. The pointer size of my machine is probably 64 bits at this point, and therefore 8 bytes
                                        5. My indexing structure will probably be some variant of a b-tree or b+tree.
                                        6. 512 = 2^9 and 8 = 2^3 so I can fit about 2^6 = 64 pointer fields in one block on the disk.
                                        7. We can use about half of those due to the nature of our datastructure, so our branching factor is 32, which is 2^5.
                                        8. So we can now estimate the amount of IO-operations: We need with ln(2^32)/ln(2^5) which is 32/5 which is 6,4. I would accept for “something between 6 and 7” as an answer, because the goal here is a (very) good estimate, but that also means that I won’t need the precession of decimal numbers.
                                        9. We can now state that if we make a conservative estimate, the the HDD will take about 12ms6ops=72ms to 12ms7ops=84ms per lookup, while the SSD will take 7ms6ops=42 to 7ms7ops=49ms per lookup.

                                        This is somewhat similar to a Fermi-estimation and it is something I’ve picked up during my mechanical engineering study (which I terminated after 2 years and switched to CS) and I’ve found this to be an extremely useful tool that often provides me with a certain amount of foresight about the viability of new technologies, software, products and even projects. It also has made pushing back on unreasonable deadlines a breeze.

                                        This kind of thinking can also be applied to entire parts of programs if you cast it like “How many states can my machine take on if I let it run this piece of code” or “How many expansions do I have to do if I tackle this problem in this manner?” In fact, it is really nothing more than complexity theory applied in practice. But it takes a lot of practice and thinking before you are capable of juggling these numbers ad hoc and intuitively.

                                        It also provides you with a lot of insights before you write your program and it also serves as good “guidance” for where you should focus most of your testing efforts on, because the parts that are harder to analyse like this, are usually where the bugs are.

                                        Fifth:

                                        Lineair programming, as this is a fundamental building block for any type of good scheduling application.

                                        And well there is probably lots and lots more that I am forgetting about now…..

                                        1. 2

                                          I’m also missing set and/or group theory.

                                          You can get up to a level where it doesn’t matter which programming language you are using if you can think like this:

                                          • A class C = (V,F) where V is a set of variables and F is a set of functions that can operate on V, is a description of the structure of some piece of memory (instance of that class) and the operations you can perform on it.
                                          • For every f in F: f is a function that takes V and some other parameters as input and “returns” a V and some other tuple (in many langauges a singleton) of variables.
                                          • Class extension provides you with the (set theoretic) union of all variables and functions (or methods if you prefer that name) of all classes in the union.
                                          • Implementing interfaces correspond to taking the set-theoretic intersection of all classes that are a member of this interface.
                                          • And so on…..

                                          Once you understand and can reason like this, it doesn’t matter any more which programming paradigm you are using, because they all are essentially a method of grouping variables, relations and functions in a certain way that makes things more convenient.

                            2. 9

                              on the broad view, this is cool and i’m glad to have informed people in congress.

                              on the other hand, this guy is behaving one of those sorry people who ask super-technical details after a talk in order to show how smart they are, and l don’t think he added anything to the discussion at all.

                              1. 22

                                He added one bloody important point: they are using Rust nightly. This is a fairly unstable dependency, and more importantly, this is a dependency that accepts outside contributions in a way that may not be as controlled as the core Libra codebase.

                                It would be a freaking security risk if they pushed that to production. They are using Rust nightly now, but they probably should move to stable before they go to production, or at least freeze to a particular commit until the Libra association actually reviews the newer commits.

                                I was actually disappointed that the Libra guy didn’t have an answer.

                                1. 8

                                  I strongly disagree that nightly rust in and of itself is a security risk. Using a conservative set of #![feature] flags and pinned version of nightly I think it’s honestly more stable than many languages.

                                  All stable is is a mutually agreed upon pinned version of nightly with no feature flags.

                                  1. 5

                                    I strongly disagree that nightly rust in and of itself is a security risk.

                                    Understand where the congressman is coming from: Libra is (will be) a currency. Depending on adoption, it can get quite strategic, on par with weapons and the electric grid. The possibility of malicious contributions to the code base itself or its dependencies should indeed be investigated. Such malicious contribution have happened before: remember that NPM package that was stealing wallet private keys from the projects that uses it? (Or maybe it was mining?) It went unnoticed for months.

                                    Rust is one such dependency. Rust nightly is the least reviewed part of Rust (besides experimental branches). Of course this makes some people nervous. Even if nightly Rust is as you say not a security risk, how it is not a security risk should be explained to those nervous people.

                                    1. 1
                                      • “No feature flags” is a big deal, since un-flagged operations are supposed to be frozen.

                                      • Stable also goes through the Beta period, when new features aren’t allowed in but regression fixes are.

                                      1. 1

                                        Not quite. Bug fix point releases are not uncommon.

                                      2. 4

                                        He was also concerned that one of the top committers for one of the Libra projects was from Nigeria. I think we assume good intent and don’t discriminate based on where one lives. But since he’s coming from a “national security” background, I can understand why he might be more suspicious (justified or not) of “foreign” contributors.

                                      3. 2

                                        I think its good to remember that Congresspeople’s offices do followup for written details of what couldn’t be covered in these televised hearings. I hope his office does followup and gets the answers he seeks.

                                      4. 3

                                        It so heartwarming to see a congressman understanding details about what he talks about, and not playing the FearUncertaintyDoubt game or other politician strategy of who will make the most striking arrogant empty rhethoric slogan playing on sheer emotion only.

                                        As a developer I am touched. I mean it.

                                        1. 2

                                          Current banking system works quite poorly for those with less assets. Some real competition sounds like a good thing.