"He was completely not interested in the content of what I am saying. He just kept saying to me, 'If you tell me everything, I'll talk to the judge, and he'll go easy on you.' It appeared they had a very strong bias from the very beginning. They had goals they wanted to fulfill. The goal was to obtain an immediate confession."
Don't talk to police! - https://www.youtube.com/watch?v=6wXkI4t7nuc
Gives them nowhere to go but home.
I rewatch it annually and send out mass emails to all my friends and family when I do reminding them to do so as well.
I think vested stock options not expiring a few months after leaving the company is far more valuable, but no one does that. It would allow you to put no money down and only exercise when the options are actually liquid without being forced to purchase the stock at some point due to circumstances not under your control.
I'm not sure a lot of more libertarian types who advocate for jury-nullification are fully aware that the reason it was suppressed was that it was for decades a mechanism to basically let white guys kills black guys consequence-free.
Jury nullification is a tool, it is not itself racist, though those who have other reasons to oppose it of course paint it as such. With "fuck you" money, much of that sort of slander loses its teeth.
Do it right and it is plainly free speech; if I were to write/publish a book instead of design/rent billboards it would be very unambiguously legal. The entertainment comes in the form of seeing how they would try to stop me.
But yeah, if the government wants to fuck with you, they can surely fuck with you. Your best defense is getting a lawyer asap and not talking to the cops without a lawyer.
EDIT: It seems like Immigration is treated differently from other criminal cases. But it seems like if you're arrested by the typical FBI agent (ie: some sort of crime), you're gonna get Miranda Rights read to you, and the option for a free public lawyer.
All the lawyer probably will say is refuse entry until the cop shows a search warrant, and speak as little as possible.
There are some abusive states out there when it comes to foreigners. Arizona for instance is famous for having abusive laws / cops towards foreigners. (Arizona SB 1070, part of which was struck down as Unconstitutional however). So its important to remember that the law changes from State to State (its only natural in a country that is ~3000 miles wide).
it is when you're arrested. Until arrested - my understanding that one don't have to answer questions. Though personally i found it is really impossible to insist on your rights, i basically just chicken under stress : https://news.ycombinator.com/item?id=6142434
Edit: Hah, wow... ok, so it's a small world. If I'm not mistaken, this is the same Sergey Aleynikov:
I've been interacting with him quite a bit lately regarding his erlexec code. He strikes me as a nice guy.
Edit2: Looks like he's asking for donations to help fund his defense: http://www.aleynikov.org/
So, while I think the often repeated advice about never talking to the police sometimes goes too far (it's probably good to have a friendly relation with the neighborhood cop, and by all means please help in apprehending murderers and burglars if you safely can), it's pretty much dead-on as soon as you step into enforcement la-la land:
- Don't consent to any searches.
- Don't say anything without a lawyer.
- Put great effort into finding a competent lawyer.
- Don't say anything your lawyer hasn't approved.
Beyond refusing help to efforts to prosecute you, such steps will clearly mark you as a non-victim. (Same advice as applies when you have to pass through a mugging-prone area.) This will cause a lot less effort towards pushing through with your case. After all, there are other suckers born every minute.
You can be held for 24 hours than you have to be released. After you are released make sure to find strongly worded complaint that whoever you dealt with overstepped their boundaries. Scan then submit it. Put up a scan on your website and link all relevant resources that have been used to harass you and jail you for that period of time. Add diquis or some other commenting service and roll with it.
Their job is to put away criminals. In the case where there is not really a crime, their training, which is meant to get confessions from actual criminals, ends up pulling seeming confessions to nonexistent crimes from innocent people. After that happens, you are screwed.
Simply refuse to comment.
Programming is esoteric to common folk. Almost like witchcraft. When things go wrong for villagers, they often burn witches.
They didn't burn witches in the old days because of some moral failing that we've outgrown. They burned them because they were unable to understand that "witches" didn't actually cause plagues.
That's how I see job specs from recruiters.
-It's never ok to take proprietary code with you after quitting. I don't know anybody that would have thought that was OK, especially with the amount of money people were making off this IP in 2008. Of course that's true in any industry, but especially in trading.
-That said, you can't just walk out the door of Goldman on Friday and be trading on Monday, even if you had their entire codebase. The infrastructure needed to be a world-class HFT player at Goldman scale is insanely complicated and prohibitively expensive to all but the most well-funded folks these days. You're going to need colo space and power at tens of trading venues, low-latency WAN infrastructure to ship production quotes and data around the world, expensive exchange gateway connectivity, quant research platforms and a giant compute cluster, significant devops and monitoring infrastructure to run and monitor it all, and smart people evolve the stategies, models, and code as it decays while you're setting all this stuff up.
.. man this sounds like some mafia.
Every company has its own policy, but I would bet GS wasn't cool with putting their code on personal machines.
At one point, when I was splitting some hairs and discussing the meaning of some small details from the evidence, one of the other jurors got impatient and reached for the coroner's photo of the victim. "Someone died here, you realize."
Some of its probably the difference between murder and arson without personal injury in the mix, some of it is probably the luck of the draw in the jury pool. How a jury worked and how juries work aren't really the same thing.
The defendant was a gang member and a participant in an armed robbery, and when things got ugly (the victims fought back) one of the gang members shot one of the victims.
It was not proved to us that the defendant was the shooter, but -- as I was shocked to learn -- California law put him on the hook for the murder.
Possibly whoever actually shot the victim is still at large. The shooting took place at night, outdoors, the eyewitnesses were all drunk, and their testimony made it clear that, under the circumstances, they could barely tell one black man from another.
EDIT: Actually, this is the one I should have linked to:
assumes that people never lie or are unreliable witnesses, even though the movie presents clear evidence to the contrary (and this is well known in the real world),
assumes that the police conduct a thorough investigation instead of railroading a suspect who fits their prejudicial profile,
and assumes things (like the knife) are uncommon because they are foreign to himself, though they may be quite popular in other social circles.
That's exactly the point of the movie, and the author completely missed it.
The next problem is that prosecutors systematically reinforce confirmation bias in presenting their case. The probability that someone has brown eyes and is 5'7" tall and lives in New York and knows the victim and has a motive etc. etc. would seem to be strong evidence (especially if you're assuming them all to be independent, which they're not), but that only works if you're taking an unbiased sample of the possible characteristics of the perpetrator, which the prosecutor explicitly does the opposite of. If there is no apparent motive, or the knife used to kill the victim isn't a match for the one the defendant is known to have, or the perpetrator was wearing a suit and the defendant isn't known to own a suit, you won't hear any of that from the prosecution. And if you only consider the things that match, using the article's flawed method, all additional evidence can only ever increase the probability of guilt, since any evidence to the contrary doesn't make it into the calculation. All you have to do is keep collecting evidence and excluding anything that doesn't comport with the prosecution's theory of the crime and soon you have a seemingly insurmountable case.
Then you have the "DNA database" problem with statistics. Take a 1 in 10,000 chance and it sounds like solid proof ("99.99%") but if the population you're testing against is 6,000,000,000 people then you still have a pool of suspects containing 600,000 people. You can't then just pick one of those people arbitrarily and claim a 99.99% chance that that was the perpetrator, the probability that a person is the actual perpetrator if chosen at random from the group of individuals whose DNA would match is only ~0.000167%. It isn't good enough to prove that a defendant is statistically in the top thousand people in the city as far as probability to have been the perpetrator of a particular crime. You still have to exclude all the others or you'll convict the wrong man.
EDIT: should always read on before commenting:
"He married a girl and manages to have three kids with her before he figures out he doesn’t really know her."
It's pretty obvious he didn't have any malicious or illegal intent, but he definitely followed the checklist of 'things not to do when leaving a job'. Emailing yourself code? Seriously?
The whole thing is a travesty, but he walked right into it.
At a company like that where IP is highly valuable and you are paid handsomely, you know right off the bat that every character of code you right belongs to the company before even seeing employment and/or confidentiality agreements.
Dating another woman or stuffing a large object in your trunk late at night right after your wife dies, does not look good. You may very well be innocent, but it doesn't look good.
"He didn’t fully understand how Goldman could think it was O.K. to benefit so greatly from the work of others and then behave so selfishly toward them."
I don't think he understands Wall Street.
Now, was Goldman reasonable here? No, we can probably all agree that Goldman and the government overstepped a lot of bounds chasing this guy down. That said, I don't think some form of prosecution was unreasonable.
> They’d followed his case in the newspapers and noted the shiver it had sent down the spines of Wall Street’s software developers. Until Serge was sent to jail for doing it, Wall Street programmers routinely took code they had worked on when they left for new jobs. “A guy got put in jail for taking something no one understood,” as one of them put it. “Every tech programmer out there got the message: Take code and you could go to jail. It was huge.”
By both the letter of what you agree to and industry standard it's not really ethical to dump your employer's code into Dropbox or whatever. They go a long way to block it, blocking sharing sites, USB ports, etc. I'm not saying it doesn't happen all the time, just like brokers taking their client lists. People justify it by saying 'really, I'm supposed to look these people up in the phone book?' or 'really, I'm supposed to re-implement this simple function?'
How unethical sort of depends on how much of an edge you take, it's one thing if it's stuff you did yourself that would be inconvenient to recreate, the equivalent of your spiral notebook, something else if it's what other people did that would have been impossible to recreate.
But I think Serge demonstrates ignorance and naivete by thinking that was normal practice, and both Serge and Lewis demonstrate an ethical blind spot.
Did he deserve to be made an example of? I have no idea if he did or why that happened. Maybe there was stuff in there that was viewed as very proprietary. Maybe it was clever, or they just had an inflated sense of its value. Maybe what seemed trivial to Serge seemed extremely valuable and proprietary to GS. Or maybe he just pissed off the wrong guy. Or maybe they were getting poached a lot and decided to take a stand. I don't think we'll ever know. Certainly not based on this article.
It is really up to the license, Goldman either selected licenses where they could legally avoid sending upstream changes or planned to violate the law in secrecy. If they did the latter on just one license, then he should qualify as a whistle blower.
GPL requires you to make source code available to anyone who you distribute the program to. If you're just putting code on servers, there's no obligation. Even if you distribute internally, you usually are technically distributing to the company for installation on their computers.
Even the AGPL, designed to be viral for web applications, requires the operator of the server to make the code available to users of the server. Assuming all users were Goldman Sachs employees, I don't see any legal obligation for them to contribute back to the community.
Pretty much all other licenses are less copyleft than GPL and AGPL and would be even less likely to trigger source code distribution requirements.
Given that GS is a multi-billion global behemoth which runs a bewildering array of computerized services with an even larger array of customers, I'd be pretty shocked if they didn't have some API or client functionality which would trigger the AGPL if they included AGPL'd code in it.
This is a huge grey area, well maybe not so grey right now.
Often you can't seperate quants from their excel sheet( or R models) and they will keep these models as they move to new firms.
As far as programmers keeping the code they wrote, This is the first time I've ever heard of a programmer, and I'm one, leaving a shop and bringing their code with them.
Let's just say, there is no ambiguity what-so-ever about how employers feel about this in the finance industry.
If there's nothing proprietary (i.e. trade secrets) you're really better off making it open source. Many employers seem to think that every line of code their developers write is 100% proprietary but they're really doing themselves a disservice with this attitude.
That widget library your developers wrote? It is probably less than 1% of your code base and even less of a priority for them. Wouldn't it be better to just put it on the web under an open source license and hope for the best? If your competitors get their hands on it then... What, exactly? They might improve it for you?
Secondly: Being fired is not what happened to this guy. He was prosecuted and sent to prison. Not even remotely the same thing.
Being sentenced to 8 years in prison based on wildly ill-informed testimony is clearly not a reasonable response.
Unfortunately, engineers fail to account for the fact that image and credibility matter far more than substance. This is a case of a man who really had no intention to do anything wrong, but almost certainly did break the law in a pattern that's a notorious bugbear in finance.
I could see theft of property, possibly, but the furthest I could see it going is breaking an employment agreement, which is a contract between two private parties and doesn't bring criminal charges for violations.
the The Computer Fraud and Abuse Act (as amended 1994 and 1996) seem to indicate that financial institutions are protected computers
"intentionally accesses a computer without authorization or exceeds authorized access" which this guy did.
And given his re-arrest on what appear to be spurious charges (1st set were thrown out on appeal), I can't help but agree with this comment on VF: "When Goldman says 'jump', the gov't says: 'How high?'"
We desperately need more politicians, bureaucrats and law enforcement who at least have some basic technical knowledge.
Empathy is the only way to prevent stuff like this.
Politics is a "soft" game of imperfections, where as technical knowledge is the opposite. Cold, hard, objective.
What incentive is there for technically-equipped folk to deal with the imperfections and heartache of interacting with non-technical folk than to take a white collar job amongst other technically-minded folk?
Maybe it should be more incumbent on politicians and law enforcement to learn more about technology and incorporate more private citizens as opposed to just big corporations in the dialogue.
It's frustrating, I think everyone realizes that technology is going to become a greater and greater part of every day life in government and yet there hasn't been much of a push for elected officials to give a shit to do anything but fundraise with it.
Life isn't that black or white. Companies run on soft games, the world, your product succeeds not because of "cold, hard, objective" amazing technical design but due to soft irrational people. I'd argue that there are enough people in tech well versed in the soft game for money to be made.
Technical knowledge would merely give them Google level efficiency at shafting their victims.
Lewis goes on to explain, later in the article, that subversion repositories are commonly used and aren't evil. He could have explicitly spelled out that the term subversion relates to version control, but I think he explained it adequately enough given the intended audience.
Especially if you are thinking (later in the article, quoting the programmer), 'they wouldn't like it', 'it was like speeding, in a stolen car'.
> 'Then he explained what he knew, or thought he knew:...'
During my 2 years consulting in global investment banks in NYC, it was standard practice for all employees, internal or external, with access to sensitive data or IP to undergo comprehensive IP compliance training and execution of IP agreements. This had to be performed within a month or so of engagement or your badge and account would be deactivated. Every year at a particular client required the training to be repeated.
It was inculcated that violations of such policy had a high likelihood of being caught and would carry very significant penalties. In my experience, they successfully established very taboo cultures around transmitting IP out of their systems.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
That makes it sound like ripping the license out and replacing it with a proprietary one, even for purely internal use, is probably a bad idea. I don't know who'd be able to sue them for that, though, if the original copyright "owners" aren't supposed to have seen it in the first place.
Article II of the GPL has a specific exception for transferring GPL-ed software to employees to work on without letting them spread it beyond that, but I don't know how much of this that would cover.
It was written decades ago, and is still relevant today. Sadly, I think programmers should begin reading it, as prison seems to be growing into a larger threat for us.
> The fourth, and final, rule was by far the most important: Don’t say a word to government officials. “The reason you don’t,” he says, “is that, if you do, they can place an agent on a witness stand and he can say anything.”
Aren't you allowed to have a lawyer present in conversations with agents?
Basically he'd written a backup program which was specifically designed to compress both his home directory and propriety code from elsewhere on the system into a file (which it would do depended on parameters passed).
On his last day of employment he ran it several times with different parameters which including copying propriety code. He then encrypted the file and then uploaded it to a SVN hosting service before deleting the encryption program and his bash history. Because it was encrypted it bypassed GS's automated scanners.
He then downloaded the source files to both his laptop and external flash drive and took them to work at his new employer.
Given the (undisputed) facts, he clearly broke several laws, the question is whether he was doing it innocently and just being stupid or if he did it with serious criminal intent.
What is way more troubling to me is how apparently easy it is for Goldman to get the highest levels of government involved and throw the criminal book at someone over what is typically a civil matter.
I agree its pretty obvious that this was a deliberate action
He deleted his bash history (AFAICT) because it had passwords in it.
if you are entering passwords on the command line such that it lands in your history, then you "delete it at the end of the day", you're not securing anything.
you can turn off history for one command. That's better than deleting bash_history (well, I don't know what an auditor would say about that).
But you should be storing your passwords in secure files, not entering them on the command line.
As I develop I frequently change parameters/calling conventions on the applications I'm writing. While scanning the history I don't want bad commands to still be there.
Bash history was never meant to be an audit trail and treating manipulating it as some form of security violation is idiotic.
He deleted his bash history, which many programmers do every day, indeed, that's what the justice department used as evidence that he "deleted the audit trail"
Once you look at the details of this case--in fact, even just the details as recited in the public documents filed by the Justice Department--a completely different story emerges. A few facts just for context:
the person arrested and later set free by a Federal Appeals Court, Sergei Alienikov, is an accomplished programmer with a long history of open source contribution, for instance, he is the author of the (original?) ZeroMQ Erlang bindings. (http://zeromq.github.io/erlzmq/)
The code that Goldman claims that Alienikov "stole" was code that he had written while employed by them; indeed, according to Goldman SA was hired to build their HFT rig, which he did. According to the Justice Dept documents, he only took a small portion of the total codebase (~ 2%) and he took that on the last day, six weeks after he had resigned from Goldman.
SA claimed that code comprised his revisions to an open source library he used to build Goldman's HFT system. Combined with the fact that he took that on his last day in the office (he had resigned six weeks before (at Goldman's request, he stayed an additional month) and was open about his plans to work for a competitor, (and which his employment agreement did not forbid). Clearly a smart guy, but a pretty dumb criminal, which pretty strongly suggests he's no criminal at all. If his plan was to steal this codebase (the one he had in fact spent the previous two years writing) he would have, to begin with, actually taken all of it, not just a small fraction, and second he would not wait until his last day. These circumstances were relevant in that case because SA was on trial for committing a felony, and to prove guilt requires proving some criminal state of mind ("intent to steal", the complaint calls it.)
What's more, Goldman had absolutely no evidence that SA used any of this code or gave it to anyone. The government's complaint is astonishingly frank about that. My understanding is that trade secret theft requires some unlawful use to actually constitute an IP theft.
The VF story addressed that (page 4, near the bottom). According to Aleynikov, GS cared not a bit for the terms of the Open Source license and considered anything that ever made it into their systems as GS proprietary code.
The only exception of any size is the Affero GPL but even that only applies if you use the code in an external customer facing service.
set +o history
set -o history
The second case for sending secrets is closer to legit. But only because if you send secrets out at all, if you didn't have permission, it could be illegal.
The REAL issue is font work for asshats that don't play nice. Alternately, accept that as a programmer mixing hobby Open Source projects with your Employment projects is a recipe for trouble.. Take their money and be a sucky leacher.. Or post your fixes to maintainers from home, reengineered solely at home with no files from work.
As somebody who does admin work, its a great excuse just to not take work home at all unless its on my company laptop.
Is that true?
(the rest of the paragraph was interesting, and worth repeating for anyone who read the whole article):
Serge thought he knew why: they had been forced to learn programming without the luxury of endless computer time. “In Russia, time on the computer was measured in minutes,” he says. “When you write a program, you are given a tiny time slot to make it work. Consequently we learned to write the code in a way that minimized the amount of debugging. And so you had to think about it a lot before you committed it to paper. . . . The ready availability of computer time creates this mode of working where you just have an idea and type it and maybe erase it 10 times. Good Russian programmers, they tend to have had that one experience at some time in the past: the experience of limited access to computer time.”
edit: added quote from court record below.
"...because of the way this software interfaces with the various markets and exchanges, the bank has raised a possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways."
See page 8 http://www.scribd.com/doc/17191934/USAvSergeyAleynikov-7409-...
Now how does one do that? :) And he shouldn't have had to used the Pythagorean theorem on just a one dimensional line...
Sigh. Just thought it was funny, since the article was about how programming/technical jargon goes over the heads of jurors, the FBI, etc. but seems like the article writer isn't immune to it either :)
Also, how else would you determine the distance between two coordinates in a plane without using the Pythagorean theorem ? It's not like he could use a measuring tape in an imaginary, unfolded room.
EDIT: I reread your post and see that you are pointing out a typo. The phrase "one-dimensional surface" was obviously meant to be "two-dimensional surface." A one-dimensional surface is non-sense.
But originally jury of ones peers was a right of (so called noble) Englishmen to be judged by other lords, and not by commoners. Sadly, it does not give intellectual people the right to be judged by others with above room temperature IQ (what is it they say, a jury consists of 12 people not smart enough to get out jury duty?).
The closest English precedent for that was not the "jury of one's peers" but the "benefit of clergy".
"Most were surprised by how little he had taken in relation to the whole: eight megabytes in a platform that consisted of an estimated one gigabyte of code. "
Really? One gigabyte of code? Or one gigabyte of third party binaries, precompiled libraries, documentation etc.? All you need are the source files, and those language keywords compress nicely. Exactly how much plain text do you think they have?
' "But that’s the secret sauce, if there is one,” said the juror. “If you’re going to take something, take the strats.” '
Rubbish. The strats are the easy (or at least easier) bit in the high frequency space. That's like taking a dump of the html from facebook/twitter and thinking you've stolen their site. It's the scalable, distributed infrastructure that drives large websites, and it's the fastest possible infrastructure that drives HFT. One thing Lewis got right is the Coke/Pepsi analogy, and it really is that simple. A straight up race.
" “It’s way easier to start from scratch.” "
It is, and it isn't. In even the worst codebase there will be nuggets of usefulness that will accelerate the process. Isolated parts of the system that you've perfected. Exchange message decoders for example (ITCH, FIX/FAST, etc.). This is especially true when you, the genius who will be starting from scratch, has worked on it for a few years. I assume he was doing something useful in his time at Goldman.
I'm not buying the innocent act.
The new system was going to be written in a different language than what Goldman uses.
Any headline asking if Goldman Sachs committed malfeasance can be answered with "yes."
I agree; this was my point. Its frustrating to trot out a trite middlebrow dismissal for when we don't like something and to pretend it doesn't exist otherwise.
Additionally, while private people can suggest charges or report crimes, ultimately they have zero say one way or the other if charges actually get filed.
See also: Apple/DoJ/Gawker, ATT/Apple/DoJ/weev, JSTOR/MIT/aaronsw
That's almost universally true, but some states still do in fact have the right of private prosecution. E.g. New Jersey allows you to swear out a criminal complaint directly to a magistrate, and there isn't a damn thing the police or a prosecutor can do about it.
Private prosecutions used to be the norm. It's actually a very powerful force against police corruption, and I wish it hadn't gone away in so many states.
Also, in cases like this, the prosecutors will generally defer to the desires of the victim, especially when the victim is one of the world's most powerful corporations.