1. 128
  1.  

  2. 23

    In many ways, starting my own company has given me the sort of freedom which academics aspire to.

    The older I get, the more I value economic independence. Securing enough money to cover your cost of living in the face of ever-greater obstacles great expands your freedom of action. Money isn’t just about sustenance, toys or power - it’s about your ability to make real choices.

    1. 13

      I’ve come to this point in the last few years with my own business but also realized that some constraints are independent of money. Family often make choices for you: where to live, vacation plans, etc.

      I want to live in a big city, my wife wants to live in the best school district. Guess where we live? With COVID, I wonder if it matters.

      1. 4

        Totally agree. This is a truth some of us take a while to come to.

      2. 23

        To be honest I find the whole idea of someone adjudicating the worth of another human’s life work to be morally questionable and even perhaps likely to come from a place of extreme privilege.

        Most of my family spent their entire lives slaving over plastic molding machines or doing even more menial labor like digging ditches.

        They were good people who provided for their family and were generally speaking happy to do so. Were their lives not well spent?

        This topic really resonates with me since my choice of employer has resulted in a TON of negative feedback both from randoms on the internet and people I generally admire and aspire to emulate.

        1. 11

          I don’t think anyone is adjudicating the worth of another person’s life here. Even the least charitable interpretation of the comment this article is responding to would be that Percival could have solved more challenging problems than he has. The worst way of reading it would be that he could have done more valuable work, not that his life has any less worth as a result of his career choice.

          And I think the real point isn’t even that. It’s a question of whether the economic conditions we live under discourage optimal allocation of human capital. While Percival seems to respond with “no”, at least in his particular case, I think it’s still a 100% valid question to ask. While the point that the academia has its share of problems and limits on intellectual freedom is fair, it seems almost hard to argue that there aren’t a significant number of promising computer scientists, mathematicians, psychologists, etc. that spend their careers facilitating selling ads or products that the world would probably be better off without. We don’t need to say anything about the worth of these people to say that an economic system that makes the best interests of many highly trained scientists and mathematicians mildly harmful to the public at large has some issues.

          1. 6

            And I think the real point isn’t even that. It’s a question of whether the economic conditions we live under discourage optimal allocation of human capital. While Percival seems to respond with “no”, at least in his particular case, I think it’s still a 100% valid question to ask.

            This is a really excellent point and a hard question I find myself chewing on often in other contexts.

            Capitalism definitely has some really ugly by-products, and I often wonder what society would look like if scarcity wasn’t a thing and the raison d’etre for money eroded entirely.

            I’d LIKE to think it’d be like Ian Banks Culture novels (My #1 voted future I’d love to live in BTW) but I don’t think anyone can know.

          2. 5

            To be honest I find the whole idea of someone adjudicating the worth of another human’s life work to be morally questionable and even perhaps likely to come from a place of extreme privilege.

            You criticise judging somebody, while poisoning the well with a judgement at the same time.

            1. 3

              If this is the “judging judgemental people is also judgemental” paradox, the tie-breaker is easy. Whoever was first to be judgemental deserves to be judged for being judgemental. Fighting fire with fire is good.

              1. 3

                You criticise judging somebody, while poisoning the well with a judgement at the same time.

                A fair point. I suppose that if I zoom out past my own personal hangups around people casting aspersions at my own choices there’s nothing wrong with having the discussion.

            2. 9

              These kinds of stories matter to people who are making career choices. Someone who wants to be useful to the world or to pursue a particular interest probably thinks about grad school, startups or a bigco research lab. The idea that you can have an impact by being self-employed with a small business is not part of the prevailing set of memes. It needs to be talked about more often.

              I listed a bunch more examples at https://scattered-thoughts.net/writing/small-tech/

              1. 2

                that’s a great collection! you should totally submit it as its own post.

              2. 5

                I didn’t know anything about Colin Percival or Tarsnap before I read this article and now I want to read more about him and I badly want to start using Tarsnap :)

                1. 4

                  Wow… I knew kivaloo since I’ve been looking for a fast storage engine for years, and it was part of the candidates.

                  But I had no clue about spiped… This looks amazing… Especially the ssh use case.

                  1. 2

                    But I had no clue about spiped… This looks amazing… Especially the ssh use case.

                    The ssh use case seems very odd to me… using this you can be protected even if a security bug is found in the ssh server… but not if a security bug is found in the (much less watched) spiped server? Seems like a backwards tradeoff.

                    1. 7

                      We have seen OpenSSH bugs, even bad ones, and OpenSSH is basically a single point of failure(SPOF). If an remote code exploit(RCE) happens with OpenSSH, the world will get very bad for a long time, as we all race desperately to fix it up. It’s not a simple code base by any means. I’m not saying OpenSSH isn’t awesome, it absolutely is, but it’s not a simple piece of software, so we can be sure there are more bugs in it, we just hope and pray there aren’t any severe security bugs(and they do a lot of work to ensure even if there is, it won’t be disastrous, thankfully).

                      That said, here is cpercival’s comment about spiped:

                      “The simplicity of the code — about 6000 lines of C code in total, of which under 2000 are specific to spiped (the rest is library code originating from kivaloo and Tarsnap) — makes it unlikely that spiped has any security vulnerabilities. “ from: https://www.tarsnap.com/spiped.html

                      cpercival is a security expert and was the FreeBSD security officer for quite a while.

                      It or VPN’s like wireguard are a great strategy for highly important systems as a matter of defence in depth and extra protection. It’s not about saying OpenSSH is bad, it isn’t, but it’s a highly lucrative target for bad actors.

                      1. 2

                        Oh, yeah, I wasn’t trying to say spiped is somehow more vulnerable. If it is less vulnerable is a bit of an interesting question, and maybe you’re right there. I was more talking about this:

                        If an remote code exploit(RCE) happens with OpenSSH, the world will get very bad for a long time, as we all race desperately to fix it up.

                        That’s why I would trust OpenSSH. If spiped has a bug, I might get exploited first. If OpenSSH has a bug probably it will be found on someone more important’s servers (because everyone is using it) and fixed before I even hear about it.

                        Of course, maybe spiped is less likely to get exploited because fewer bad actors are looking at it too.

                        So, I guess I’m not saying spiped is bad or even that the SSH use case with it is bad, but I’m not convinced it would improve the security of my SSH server. It might. I think it’s probably a wash for most people.

                        1. 2

                          case 1: OpenSSH exposed publicly, an attacker needs 1 exploit, or 1 password(assuming user/pass auth is turned on) to get a shell. From there all bets are off.

                          case 2: spiped in front of OpenSSH. to get a shell, they have to accomplish 2 things:

                          1. get through spiped, by stealing a key, an exploit, etc.
                          2. get through OpenSSH as above in case 1.

                          I think it’s pretty clear that case 2 is more secure, since we have defence in depth. 2 things to break instead of 1.

                          Of course for case 2, you could replace spiped with a VPN, etc. It’s obviously not limited to spiped. And if you have to support windows users, then spiped probably wouldn’t work very well(I’m pretty sure it doesn’t support Windows, though I could be pleasantly surprised)

                          The downside to case 2, is it’s more complex. So for machines with very important data, maybe worth it? For a static content webserver it’s probably not worth it.

                          All that said, I totally agree, OpenSSH has WAY more eyeballs on it, and patches, as we have seen in the past, tend to come very quickly.

                          1. 2

                            Oh, yeah, the kind of exploit matters a lot I guess.

                            An RCE (what I was thinking of) in spiped would be one step to get in. But just an auth bug would work as you say, so there could be a layer effect with thay kind of bug that I did not consider, good point.

                            1. 2

                              agreed!

                              Since all spiped is is just a TCP proxy it’s not like we as an industry don’t have loads of experience hardening TCP proxies. So even an RCE would be hard to get past, though they might be able to see someone elses traffic, but since it’s SSH underneath, it’s also encrypted, and wouldn’t buy you much.

                              Though I’m sure there is someone out there thinking, hey lets put spiped in front of TELNET, cause telnet is AWESOME …. or something.. :)

                      2. 4

                        spiped wouldn’t be running as root.

                    2. 4

                      I definitley agree that doing work is going to get one further than a dead-end like academia.

                      This question does interest me a lot, though. Analysis paralysis is super real. Trying to decide the best thing I could be doing is basically impossible…

                      1. 4

                        academic institutions systemically promote exactly the sort of short-term optimization of which, ironically, the private sector is often accused. Is entrepreneurship a trap? No; right now, it’s one of the only ways to avoid being trapped.

                        Short-term optimizations in the private sector typically happens in publicly traded companies, particularly when shareholder activism is involved. Anecdotally I have seen this happen in private companies that use a lot of internal metrics. I guess the author intends his company to be a counterexample. The criticism is probably still true for many companies. Presumably there are some entrepreneurial companies, like the author’s, that this isn’t true for.

                        So he claims that entrepreneurship is not a trap, with the evidence that he was able to produce useful things while being an entrepreneur. But most entrepreneurs fail. Perhaps a more accurate statement would have been “entrepreneurship is a trap for most people, but it wasn’t for me.”