Hacker News new | past | comments | ask | show | jobs | submit login
Excerpt from ‘Flash Boys’ about Serge Aleynikov and Goldman Sachs (cryptome.org)
335 points by peterbotond on Apr 12, 2014 | hide | past | web | favorite | 200 comments



Continuing the story from his Wiki page:

In March 2011, Aleynikov appealed the conviction, asking the Second Circuit to review the District Court's decision denying his original motion to dismiss the indictment for failure to state a claim.[9]

On February 16, 2012, the United States Court of Appeals for the Second Circuit heard oral argument on his appeal and, later that same day, unanimously ordered his conviction reversed and a judgment of acquittal entered, with opinion to follow.[10] Aleynikov was released from custody the next day.

On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of Appeals, published a unanimous decision in a written opinion[10] stating:

On appeal, Aleynikov argues, inter alia, that his conduct did not constitute an offense under either statute. He argues that: [1] the source code was not a "stolen" "good" within the meaning of the NSPA, and [2] the source code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce” within the meaning of the EEA. We agree, and reverse the judgment of the district court.[9]

In the course of these events, Aleynikov has spent 11 months in prison. Aleynikov has divorced, lost his savings, and his career is ruined.[11]

The government did not seek reconsideration of the Second Circuit's ruling, thus ending federal action against Aleynikov.[12]


And of course, continuing continuing:

On August 9, 2012, Aleynikov was re-arrested and charged by Manhattan District Attorney Cyrus Vance, Jr.[14] on behalf of New York state, with the offenses of "unlawful use of secret scientific material" and "unlawful duplication of computer related material"[15] based on the same conduct. The state prosecution was initiated based on a signed complaint by the same federal agent, McSwain, who led the investigation of the failed federal prosecution.

[..]

[..] and rejected the prosecutors' plea offer of accepting a single count offense and serving no jail time.

--

If that isn't malicious, I don't know what is. Charging someone acquitted for the same conduct, only to then offer him a plea deal of no prison time? What is the point here?


How did he lose the motion to dismiss because of double jeopardy? He's even already served time in prison.


On April 5, 2013, Aleynikov lost his motion to dismiss based on double jeopardy. In rendering the decision, New York State Supreme Court Justice Ronald Zweibel stated that Aleynikov's acquittal in federal court only precluded the federal government from retrying Aleynikov. The state of New York, as a separate sovereign, could continue pursuing charges against Aleynikov.


Ah, I had read that but didn't understand it at first.

That seems wrong (unfair) that the state can go after someone for a crime after the federal government has already acquitted that person of the same crime.


This is actually exactly how it is meant to be. Double jeopardy prevents you from being tried twice by the same sovereign entity. As the state and federal government are separate sovereigns, you aren't being tried twice by the same sovereign.

It would be like being acquitted in russia and then charged in argentina.

See http://en.wikipedia.org/wiki/Double_Jeopardy_Clause#Dual_sov...


Yeah, if Argentina were a Russian state, it would be exactly like being acquitted in Russia and then charged in Argentina.


Give it time...


> It would be like being acquitted in russia and then charged in argentina.

No, "it would be like being acquitted in Russia and then charged in Moscow" or "it would be like being acquitted in Argentina and then charged in Buenos Aires".


Actually, it's precisely not like that because they are not separate sovereign entities, like the states are separate sovereign entities from the federal government.

This is exactly why it is not like being acquitted in russia and then charged in moscow. Being acquitted in russia and then charged in moscow would be double jeopardy.


IANAL but I think the double jeopardy vlause f the fifth amendment had been INCORPORATED against the states in the 80s man

http://en.m.wikipedia.org/wiki/Benton_v._Maryland


The extension of the double jeopardy clause to the states precludes a state from trying a defendant for the same crime twice. It does not prevent two separate sovereigns from trying the defendant for the same crime. The following excerpt is from Constitution: Analysis and Interpretation pages 1490-91:[^1]

  Although the Court had long accepted in dictum the principle that prosecution
  by two governments of the same defendant for the same conduct would not
  constitute double jeopardy, it was not until United States v. Lanza[53]
  that the conviction in federal court of a person previously convicted in a
  state court for performing the same acts was sustained. “We have here two
  sovereignties, deriving power from different sources, capable of dealing with
  the same subject-matter within the same territory. . . . Each government
  in determining what shall be an offense against its peace and dignity is
  exercising its own sovereignty, not that of the other.”[54] The “dual
  sovereignty” doctrine is not only tied into the existence of two sets of laws
  often serving different federal-state purposes and the now overruled principle
  that the Double Jeopardy Clause restricts only the national government and
  not the states,[55] but it also reflects practical considerations that
  undesirable consequences could follow an overruling of the doctrine. Thus, a
  state might preempt federal authority by first prosecuting and providing for a
  lenient sentence (as compared to the possible federal sentence) or acquitting
  defendants who had the sympathy of state authorities as against federal law
  enforcement.[56] The application of the clause to the states has therefore
  worked no change in the “dual sovereign” doctrine.

  53 260 U.S. 377 (1922).
  54 260 U.S. at 382. See also Hebert v. Louisiana, 272 U.S. 312 (1924); Screws
  v. United States, 325 U.S. 91, 108 (1945); Jerome v. United States, 318
  U.S. 101 (1943).
  55 Benton v. Maryland, 395 U.S. 784 (1969), extended the clause to the states.
  56 Reaffirmation of the doctrine against double jeopardy claims as to the
  Federal Government and against due process claims as to the states occurred
  in Abbate v. United States, 359 U.S. 187 (1959), and Bartkus v. Illinois,
  359 U.S. 121 (1959), both cases containing extensive discussion and policy
  analyses. The Justice Department follows a policy of generally not duplicating
  a state prosecution brought and carried out in good faith, see Petite
  v. United States, 361 U.S. 529, 531 (1960); Rinaldi v. United States, 434
  U.S. 22 (1977), and several provisions of federal law forbid a federal
  prosecution following a state prosecution. E.g., 18 U.S.C. §§ 659, 660, 1992,
  2117. The Brown Commission recommended a general statute to this effect,
  preserving discretion in federal authorities to proceed upon certification by
  the Attorney General that a United States interest would be unduly harmed if
  there were no federal prosecution. NATIONAL COMMISSION ON REFORM OF FEDERAL
  CRIMINAL LAWS, FINAL REPORT 707 (1971).

[^1]: http://www.gpo.gov/fdsys/pkg/GPO-CONAN-2013/content-detail.h...


If your are going to downvote a lawyer quoting the law, please provide a refutation.

Also, doenvoters, if you believe that Federal govt tramples your rights and power should be returned to local authorities, consider the consistency of your internal logic.


I consider this philosophy to be quintessentially jeffersonian. A rejection of federalism is not a rejection of state power or an argument for anarchy.


It's not exactly the same crime. The appeals court basically said he didn't violate any Federal statutes. However it's very likely that he violated New York statutes (taking the property of a New York corporation).

IOW: don't try to take the code your employer paid you to write/modify and use it at another job.


> don't try to take the code your employer paid you to write/modify and use it at another job.

What to do about the open source licensing? Presumably some of the stuff was GPL'd.


What about open source licencing? If Goldman Sachs takes GPL software, modifies it and uses it internally without distribution, then they are perfectly compliant with the licence.

It doesn't grant the programmer any ownership of the code, nor any rights to take a copy of what he wrote with him.


But the corporation allegedly removed the GPL license and put /only/ their own license on it. How is this not a Federal copyright offense?


It's only an offense if they distribute it because that is the thing that necessitates having a license to distribute the work.


I think one would leave the source alone and encourage the copyright holder on the GPL'd code to bring a civil suit for violating the terms of the license rather than trying to enforce personally enforce the GPL.


But GS didn't violate the terms of the GPL since they modified code was for internal use and not distributed elsewhere.


Federalism is a bitch, consider state versus federal interests:

  The “dual sovereignty” doctrine is not only tied into the existence of two    
  sets of laws often serving different federal-state purposes and the now       
  overruled principle that the Double Jeopardy Clause restricts only the        
  national government and not the states,[55] but it also reflects practical    
  considerations that undesirable consequences could follow an overruling       
  of the doctrine. Thus, a state might preempt federal authority by first       
  prosecuting and providing for a lenient sentence (as compared to the possible 
  federal sentence) or acquitting defendants who had the sympathy of state      
  authorities as against federal law enforcement.[56]                           

  55 Benton v. Maryland, 395 U.S. 784 (1969), extended the clause to the states.

  56 Reaffirmation of the doctrine against double jeopardy claims as to the
  Federal Government and against due process claims as to the states occurred
  in Abbate v. United States, 359 U.S. 187 (1959), and Bartkus v. Illinois,
  359 U.S. 121 (1959), both cases containing extensive discussion and policy
  analyses. The Justice Department follows a policy of generally not duplicating
  a state prosecution brought and carried out in good faith, see Petite
  v. United States, 361 U.S. 529, 531 (1960); Rinaldi v. United States, 434
  U.S. 22 (1977), and several provisions of federal law forbid a federal
  prosecution following a state prosecution. E.g., 18 U.S.C. §§ 659, 660, 1992,
  2117. The Brown Commission recommended a general statute to this effect,
  preserving discretion in federal authorities to proceed upon certification by
  the Attorney General that a United States interest would be unduly harmed if
  there were no federal prosecution. NATIONAL COMMISSION ON REFORM OF FEDERAL
  CRIMINAL LAWS, FINAL REPORT 707 (1971).
[^1]: Constitution: Analysis and Interpretation page 1490 - http://www.gpo.gov/fdsys/pkg/GPO-CONAN-2013/content-detail.h...


That's a common legal loophole. Many acts are illegal under BOTH state and Federal law. That gives prosecutors two chances to send you to jail, if they decide they really want to get you. To stay out of jail, you have to get acquitted TWICE (and pay for your own lawyers both times).


What about incorporation of the amendment against the states?


What about double jeopardy and incorporation against the states?


How many times are you going to ask the same question? It seems you are failing to consider the “dual sovereignty” doctrine, double jeopardy is applied per sovereign. I answered in full here:

https://news.ycombinator.com/item?id=7578770


That conviction will probably prevent him from working in finance in the future.


so he doesn't sue for wrongful imprisonment, and it creates a precedence for future cases.


Caveat lector: You should significantly discount legal analysis from an author that confuses precedence and precedent.

To be honest I am even confused about what precedent you are referring to?


Justsignedup is saying that the state is trying to get defendant to plea to a no-punishment conviction, pressuring defendant to agree to their charges, so that he state can win future cases on this precedent.


Wouldn't it only create precedence if he sued and it was dismissed? I can't imagine precedence being created from the lack of a legal decision.


I'm guessing that there isn't any legal recourse (monetary) for him from Goldman Sachs and the FBI ruining his life.

Should there be?

Goldman Sachs had every right to request that he be prosecuted, but no matter how the case turned out, his life would be ruined. I don't know of a good solution to this issue, but it just seems very wrong. I'm sure there have been countless instances of this happening though.

Maybe a good solution would be to lessen the penalties for this type of crime.

Maybe a legal requirement for a public apology and for the prosecutor to have to pay back legal costs? A portion of this restitution should come out of that courts budget or the department that perused the case without doing their due diligence.

Did Sergey sign something saying that he could never remove code from the building or use it in another project? I'm not sure that it simply being company policy is enough, in my opinion.

Has anyone here ever taken code from one employer with the intent of using it again if needed, simply to save time and not having to duplicate research? Should you be considered a criminal for that? Should you have to pay back the time the company paid you to write that code?

It seems like the lessons are:

1) Don't talk to police, even if you did nothing wrong and they tell you they are on your side. Lawyer up.

2) Don't steal code, but if you do then encrypt it and put it on a portable media device. Uploading to a foreign SVN repository using the companies network wasn't very smart, don't do that.

3) Ensure that your employees know the company's policy on removing code from the premises. It seems pretty obvious but I believe that Sergey honestly didn't think he was doing anything wrong.


If there are no consequences to wrongly prosecuting someone just to hassle them then wouldn't that encourage people like Goldman Sachs to use that tool to extract revenge on people?


Yes it would.

If there are no repercussions this will happen again.

I guess he can sue them in civil court but does he have the money for the lawyer? Does he have a chance?


Sergey did technically break the law (or so they reasonably thought) by taking company code with the intention of using it after he left the company.

I think the real issue is whether or not he was acting maliciously, what the damage to Goldman Sachs was (basically none), and whether or not the punishment fit the crime.

Maybe companies should be forced to have an exit interview for programmers with access to information the company deems sensitive and make sure the programmer knows that they are not allowed to take any code with them.


I don't think he broke the law in any meaningful way; he merely did things that powerful people could portray as such.

I seriously doubt Goldman Sachs had any problem with him using/participating in non-secret open source as long as it was part of his work for them. Claiming this was stealing is sophistry - sure, he doesn't sound like a very clever (in the sense of cover-your-ass) guy, but if he'd have been open about what he did, there's no doubt that if he indeed was in anyway important to the company they would have OK's considerably more leeway if it contributed to their bottom line.

As is, they're simply abusing the lack of legal canny of their victim here. Which just goes to show - don't work for Goldman Sachs if you're smart - why take this kind of risk if you can get lots of other opportunities...


It seems GS replaced license headers from files with their own license. Painting with broad brush strokes here, is stealing from a thief still stealing?


After considering that some more, it seems like the court could (and maybe should) have ruled that it was simply a misunderstanding of the open-source code's license.

It seems like a waste of everyone's time to even pursue a case such as this after it's determined that the person didn't have malicious intentions.

Could the owner of the modified code successfully sue Goldman Sachs?


On what grounds? If it was GPL'd code and GS was conforming to the GPL terms, what are they to be sued for?


Should there be recourse for facilitating malicious prosecution? It's a travesty if there isn't.


Travesty it is.


You forgot the biggest takeaway:

0) Don't work for Goldman Sachs. Dance with the sharks, and they'll bite your arm off eventually.


To me the lesson is:

1) Avoid GS like the Satan. Actually avoid the whole financial industry.


IIRC the prosecutor in Durham, NC that went after the Duke lacrosse team was disbarred but I'm not sure what monetary penalties were allowed.


http://en.wikipedia.org/wiki/Duke_lacrosse_case

Yep, but that prosecutor lied just to try to win the case. He was disbarred and sentenced to one day in jail and a $500 fine after attempting to ruin several peoples lives just so that his win/loss stats would be slightly better.

Courts have said that the players can pursue charges against the prosecutor.

http://en.wikipedia.org/wiki/Mike_Nifong

They also didn't bring charges against the woman who falsely accused the lacrosse players of rape. She has since been convicted of several crimes including attempted murder and second-degree murder.

http://en.wikipedia.org/wiki/Crystal_Gail_Mangum#Arrests_sin...


I remember trying to edit those Wikipedia pages. There was a gang of users with names like Duke123 and BlueDevil456 who allowed nothing but biased information in favor of the players or against the prosecutor and alleged victim. All of Wikipedia's standards (NPOV, verifiability, etc.) went right out the window.

I've seen it on other Wikipedia pages about hot issues, but those pages were the worst. I wouldn't trust a thing I read there (or about any hot issue on Wikipedia).


> IIRC the prosecutor in Durham, NC that went after the Duke lacrosse team was disbarred but I'm not sure what monetary penalties were allowed.

But that was the reverse situation. The local prosecutor was representing the weak (a local stripper) against the powerful (the Duke lacrosse players, some of whose parents were powerful inside-the-beltway PR experts). They ran a nationwide media campaign vilifying the alleged victim and the prosecutor; you're a local DA or a stripper and you turn on CNN and see that? What hope do you have to compete? Hire a national PR team? I remember the NY Times coverage (which I usually greatly respect) pretty much repeating the lacrosse players' side point by point.

Think of all the egregious prosecutorial misconduct you've read about; why was this one disbarred? When the United States Attorney General is weighing in on a local rape case and the state bar is threatening you, you know have messed with the wrong people as a prosecutor.

Whatever happened between the lacrosse players and the stripper, the outcome had nothing to do with the facts or justice. They were tried (really she and the prosecutor were) in the press and were successfully prevented from having their day in court, where they are given an equal chance to speak -- it is supposed to be the leveler in our democracy.


It's probably too late for anyone to see this, but notice how even on HN, the parent gets modded down and raising any question about this issue (I don't even pretend to know what happened) is suppressed.


I didn't vote you down. But it wasn't just the stripper who got tried in the press. If you were reading the papers then, reasonable doubt didn't seem to be considered. She did not get her "day in court" because the government dropped the charges. Dropping the charges is responsible on the part of prosecutors, if they consider that a case cannot be proven, let alone if they come to consider that it is false.


0) Don't work for Goldman Sachs.


His career definitely isn't ruined. He's well liked, well respected, and computer literate people generally saw these charges as incoherent.


Just a clarification:

Goldman Sachs didn't "jail" this person. Goldman Sachs is a corporation, and therefore doesn't prosecute nor jail people.

Please leave this nonsense on Reddit.


They didn't jail him, however they provided the impetus to the FBI to arrest him.

Quotes from the book, p.148 (EDIT: These quotes are in the article here also!!):

"What Serge did not yet know was that Goldman has discovered his downloads- of what appeared to be the code they used for their proprietary high speed trading stock market trading- just a few days earlier, even though Serge had sent himself the first batch of code months ago. They'd called the FBI in haste and had put McSwain [FBI agent who arrested Serge] through what amounted to a crash course in high-frequency trading and computer programming. McSwain later concluded that he didn't seek out independent expert advice to study the code that Serge Aleynikov had taken, or seek to find out why he might have taken it. "I relied on statements from Goldman employees", he said. He had no idea himself of the value of the stolen code ("representatives of Goldman told me it was worth a lot of money"),or if any of it was actually all that special ("representatives of Goldman told us there were trade secrets in the code")."

"The FBI's investigation before the arrest consisted of Goldman explaining some extremely complicated stuff to McSwain that he admitted that he didn't fully understand- but trusted that Goldman did. Forty-eight hours after Goldman called the FBI, McSwain arrested Serge."

So effectively Goldman got Serge arrested, using a clueless agent as a pawn. Some of the code was originally open source, none of the code involved trading strategies (the really valuable stuff) and Goldman's word was enough to convince the FBI that Serge was a dangerous criminal and a flight risk, and ruined his life.


>none of the code involved trading strategies (the really valuable stuff)

Wrong. In HFT, the 'strategies' are the least complex part. They are often dead simple. A well written (fast) exchange connection is at least 70% of the game.

He's a thief and he got caught, but the HN community don't like that narrative.


The HFT experts from the book were amazed he didn't walk away with trading strategies, rather "plumbing" code, which is useless outside of Goldman (specific to their network, also his new employer used a different programming language) apart from a memory jogging exercise, like keeping a notepad. It would be much easier to write the new code from scratch rather than reuse the Goldman code.

And he didnt steal code, he backed it up on a subversion repo. There was unlikely any malicious intent, yet you labelled him a thief. If he was so obviously a thief, why would HFT experts be furious what happened to him, once they learned the details? Why were charges dropped? Why use an agent with no clue in the matter as a pawn? What you're saying doesn't make sense.


But the headline says:

"Goldman Sachs Steals Open Source, Jails Coder"

Which is a lie.

It depresses me that even HackerNews upvotes headlines they know are untrue, if it suits the cultural narrative.


The headline is a lie, but the other part - Goldman did not steal open source, because what is being given for free can not be stolen. (Moreover, if they didn't redistribute the code (which I assume they didn't, based on the article), they didn't break the OS licence either.)


It depresses me if people vote on headlines at all. People should be ignoring the headline - which is always flawed - and voting on the article.


It depresses me that you are up/down voting headlines and not the content. And keep in mind that HN has a no title change policy.


Isn't it a felony to make false statements to a federal agent?


So basically there should have been several unbiased experts brought in before he was arrested to determine if the code truly contained any trade secrets?


I think that the government should be liable for all reasonables damages caused by police investigations. Not just here, but in general - it's obvious the police use investigation as a form of blackmail at occasion, and that's just wrong. As part of a conviction, some of those damages might be voided to the degree the damage was necessary and proportional to the crime.

Also, from the point of view of efficiency in society, this is a particularly nasty cost since its borne not by those that cause it (the officers), nor by those hiring them (the government), nor is it ever accounted for as a loss. I think this encourages malpractice. Certainly if you observe how the police go about enforcing the law once they've decided somebody is guilty in their own eyes there doesn't seem to be any kind of restraint whatsoever. To the extent they can, they're single-party judge, jury and enforcement in one, exactly the kind of thing the idea of a justice system is supposed to prevent.


I'm not an expert at all, but sounds like that would've definitely helped.

The author, Michael Lewis, actually conducted an informal trial in a restaurant, with (neutral) HFT experts, who were even more furious than Serge was when they learned how he'd been treated.

I wouldn't be surprised if non-technical executives in Goldman simply saw a Russian leaving for a competitor, and assumed he was stealing valuable secrets without investigating properly.

Worst part is, even after the details become apparent (see other comments here), Goldman or the FBI are completely unable to admit any fuck ups, and continue hounding him.


How the hell does anyone determine that? If someone walked out of Id during Quake III development with Carmacks's inverse square root (http://stackoverflow.com/questions/1349542/john-carmacks-unu...), would that be a trade secret? It's not like an inverse square root is a secret, but what about doing it faster than anyone else?? Writing the best 3D engine was part of their success, and writing the fastest order routing/exchange is a big part of HFT. He took source code from GS to go to a competitor that had offered him a lot of money, it's hard to have much sympathy for the guy.


For those that don't know, Serge is a great Erlang and C++ programmer and he contributes to open source (had some pull requests to Erlang itself).

Here is his Github account:

https://github.com/saleyn

You can find his posts on Erlang's mailing list once a while.

Two of his interesting project I am following:

https://github.com/saleyn/erlexec -- a utility to control OS process from Erlang.

https://github.com/saleyn/eixx/ -- Erlang to C++ interface.


I contributed several pieces of code to erlexec without having any idea of just who he was, only later realizing it when I read the Michael Lewis piece on him.

He's a very friendly guy and was quite willing to work with me on the patches I contributed to erlexec.


This sucks, but seriously never talk to the police. Don't write anything down. Don't say anything. Don't sign anything. Tell them your name and otherwise just stay silent. They are never trying to help you, they're trying to close their case.


while I appreciate this is a US legal case, in the UK the right to silence can be used against a defendant. One thing that puzzles me, though, is how am I supposed to know what I will rely on in court before I am on trial?

The Criminal Justice and Public Order Act 1994 provides statutory rules under which adverse inferences may be drawn from silence.

Adverse inferences may be drawn in certain circumstances where before or on being charged, the accused:

* fails to mention any fact which he later relies upon and which in the circumstances at the time the accused could reasonably be expected to mention;

* fails to give evidence at trial or answer any question;

* fails to account on arrest for objects, substances or marks on his person, clothing or footwear, in his possession, or in the place where he is arrested; or

* fails to account on arrest for his presence at a place.

Where inferences may be drawn from silence, the court must direct the jury as to the limits to the inferences which may properly be drawn from silence. There may be no conviction based wholly on silence. Further it is questionable whether a conviction based mainly on silence would be compatible with the European Convention on Human Rights.


you most certainly have the right to silence in the UK.

> while I appreciate this is a US legal case, in the UK the right to silence can be used against a defendant

as you correctly identified, only inferences in a somewhat defined range of cases can be made.

> One thing that puzzles me, though, is how am I supposed to know what I will rely on in court before I am on trial?

if you fail to answer a question during the investigation, and then later rely on the answer of that question in court. before you get anywhere near a court room, you must know what you have been charged with, arrested, and interviewed, etc. (unless of course you're a terrorist, then, you know, fuck you)

and yes, the ECHR wouldn't be happy with any inferences drawn from silence. i'm sure if a case hinged on these inferences, and the defendant was found guilty, an appeal to them would likely be successful.

although you wont want to hold your breath waiting for it, ~7 years is a long time..


This is true, but inferences from silence are much more problematic when you haven't said anything. If I tell the police a story about what I had been up to that afternoon, and then they say "right so if that's true, why was the victim's blood on your shoes?", and I choose at that point not to answer, it's suspicious, and can be played as such in court.

If, on the other hand, I have said nothing other than "I'm not speaking without discussing with my lawyer first", it's much easier for your legal counsel to paint you as just a cautious individual, rather than someone that is trying to cover up a lie.

tldr, "don't talk to the police" is also good advice in Commonwealth countries, not just the US.


Obligatory: "Don't talk to cops" - http://www.youtube.com/watch?v=i8z7NC5sgik


Man, that was some informative video. I was shocked to learn innocent people get convicted because they talked to the cops. It's clear to me that doing such thing cannot do anything positive, it can only do negative.

I'd love to attend that guy's lecture (what school is this? what is his name?), it's informative, he's funny. Makes me want to retake the LSAT.


> I was shocked to learn innocent people get convicted because they talked to the cops.

You should read up on Project Innocence casefiles:

http://www.innocenceproject.org/know/

Dennis Fritz in particular, he volunteered to give hair samples which were used to create circumstantial evidence against him:

http://www.innocenceproject.org/Content/Dennis_Fritz.php

Had he not done that, had he not gone in to talk voluntarily to the police he probably would not have lost 11 years of his life, lost seeing his daughter grow up. All for talking with the police. Do not talk to the police. The cost can be unimaginably high.


shocking. he was just 5 days into being executed by the state. makes me think if execution really does anything, especially when there have been several cases where justice was inappropriately carried out on innocent people.


Read the GPL carefully, very carefully...

An organisation counts the same as an individual, and as long as code stays within the organization that doesn't count as 'distribution', and Goldman Sachs is under no obligation to release the code. They even retain the rights to prevent the code being released.

It's easy to hate on Goldman Sachs for many things, but in this case they didn't violate the GPL, and Aleynikov did commit a crime.


Ah but you cannot change the copyright of source to something else that you want, also I'm pretty sure you cannot distribute it to subsidiaries as I'm sure was done.


What do you mean? Goldman Sachs would have owned the copyright, not the employee. (It gets a little more complicated for contractors.) And even if you distributed to a subsidiary, you can simply provide the code to the subsidiary, too. That's fully within the license terms of the GPL.


You cannot change a copyright notice of a GPL source, GPL allows you to distribute, it even encouridge you, but nothing in the law allows you to change copyright claims. GPL follows copyright laws to the letter, that is it's strength. Forging copyright notices is a form of deceit and if I am right copyright laws will say that it's theft.


I don't know about calling it theft, but some courts have made it into a DMCA violation, though there is disagreement on that point.


The copyright belongs to you as long as you don't convey the program. GS didn't convey it, so it belongs to them.

https://www.gnu.org/copyleft/gpl.html


Nonsense. The copyright belongs to the copyright holder. I know GS like to steal every fucking thing in sight but claiming copyright on a piece of Free Software just because its received a copy is a new low.


Wait I think we are getting confused here. What code are we talking about here.

Copyright of code belongs to the author of the code, or a company that employs him.

If they took say GCC and then replace copyright notices on it, it doesn't become their code, they are using it under a license from the original authors. Replacing a header in a file doesn't magically give you complete control and copyright over it. That would be silly and it would nullify most of the open source software licenses.


How is that you have become sure of these things?


It's not a good idea to remove anyone's copyright notices. See, e.g., http://newmedialaw.proskauer.com/2013/08/05/infringing-copyr...


I didn't say that it was. I'm questioning the GP's statement that he is sure this code was shared with subsidiaries - how is that possible?


Do you think the same people / organization that worked on the code administered the systems the resulting binary ran on? I highly doubt it.


I would think that would seem likely, though I can't see how we could be certain without further data.


Are you thinking of one of the FAQ entries? http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#GP...

A strange exception - somewhat at odds with the GPL's goals, surely? - but it doesn't seem to follow from the text of the GPL itself.


No, I'm talking about the licence.

> Each licensee is addressed as “you”. “Licensees” and “recipients” may be individuals or organizations.

> To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.

> All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program.

> You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force.

https://www.gnu.org/copyleft/gpl.html


Thanks. This text is not in GPL v2 (don't ask me why I wasn't looking at v3, I suppose in my mind that's still "the new one that nobody seems to be using yet").


I remember you. You are the one who was defending Eich and then HFT and now you are defending Goldman Sachs.

You state in your profile that you are a student of philosophy. As a person who studies philosophy too, I am really curious, how would you describe your philosophical views?


I believe that individuals are allowed to hold private opinions (like Eich), and we as a society have decided as much.

As for HFT and Goldman Sachs, people are simply bashing based on jealousy of more successful individuals in a different sector, without actually investigating the topic. Like here, where apparently many don't actually read the GPL.

As for philosophy, that's a topic in itself, but let's just put it this way - I had one foot inside the door of a monastery (figuratively), instead chose a different path. Regardless, in worldly matters I prefer a rational approach to knee jerk sentimentality and sensationalism..


"...simply bashing based on jealousy of more successful individuals in a different sector..."

Or people are tired of getting ripped off by white-collar criminals who never get prosecuted. Goldman Sach's reputation is one they earned. I'm not saying Goldman Sach's is guilty in this particular situation, but their past behavior warrants keeping a close eye on them.


Criminality is for the justice system to decide.

Seriously though, almost all posts about the financial sector here go something like: "They're overpaid, they rip people off, why don't I make as much money since programming is so difficult and requires so much education, etc...".

Yet somehow people on HN forget where funding for start-ups comes from... They benefit from the system yet complain about it all the time.


Isn't Goldman Sachs one of the most controversial financial companies on the Wall Street? What makes you think that GS is being bashed on jealousy and not for their unethical behavior?

I don't understand how is it possible to combine these two statements of yours into a coherent worldview:

> 1. People are simply bashing based on jealousy of more successful individuals in a different sector.

> 2. I prefer a rational approach to knee jerk sentimentality and sensationalism.

Either you have rational arguments that support [1] or your [2] statement is false and [1] is precisely what you claim you don't engage in -- sensationalism.


No, they're really not. HSBC, JPMorgan Chase, SAC and others have been found guilty of much more than Goldman Sachs.


You still didn't provide rational facts that HN users are criticizing GS out of jealousy.

And relative transgressions of GS to other banks doesn't matter at all. The list of controversies surrounding GS is really long: http://en.wikipedia.org/wiki/Goldman_Sachs#Controversies



The programmer types were different from the trader types. The trader types were far more alive to the bigger picture, to their context. They knew their worth in the marketplace down to the last penny. They understood the connection between what they did and how much money was made , and they were good at exaggerating the importance of the link. Serge wasn’t like that. He was a little-picture person, a narrow problem solver. “I think he didn’t know his own value,” says the recruiter.

This infuriates me to no end. These engineers need to be rounded up, and given a serious life lesson on the reality of markets. Knowing your product/service's worth is step 1 of any free market activity.

Engineering is the only profession where the most talented engineers occupy the lowest compensation brackets with respect to their worth. All sorts of bullshit excuses are made up for this (my favorite - they're "Specialists"), but the bottom line is they are not being compensated at anywhere near what they're worth.

This is why startups, and consulting firms, are so key. If the market you're trying to enter is too big for a small operation (like Wall St.), then just consult. Those 20 superstar programmers need to meet up and start a consulting firm. Then, they sell their services to these banks and charge them whatever they want (read: a lot).

They then use this compensation to hire the best engineers from across the world, and keep them out of Wall St's hands. This wouldn't be too difficult, because Wall St would never match salaries because they are traders, and would die before they paid an engineer more than themselves.

To all of HN: please don't underestimate your worth. It hurts everyone, including yourself.


but how do these engineers find out how much to charge if no one will tell them?

and aren't they being underpaid because they are seen as replaceable?


Sounds to me like it was Aleynikov who didn't understand the severity of the crime he committed.

I work in a similar environment and I'm fully aware that if I do something remotely like bringing my code from work home, holy crap I'm committing a very VERY serious crime and my employer would go after me as viciously as they could. Very especially if I were to be going somewhere else where this code would set me up to make a new competing engine.

Pushing stuff to SVN and mailing seem innocuous... but depending on what you are actually passing around they can be extremely serious crimes.


I have also worked in similar environments. The company policies regarding treatment of source code was spelled out very clearly in the employment contract. I imagine Goldman has a very explicit contract.


Remind me to never work for an institution like that.


Well, if they pay you high 6 figures it's not so you can take the work that you made for them (which is not yours) and use it to set up a competing product and fuck them over.

It's really not that difficult to comprehend. And it's really not as bad as it sounds, if you want to work in your projects for fun, you do it in your own time. And you can still leave, it's just that if they catch you doing shit like this, it's not going to go down well.


There's more to it than the fact the code is written on behalf of your company. You have written or modified the code, so now it's part of your history. And to some extent, even a part of you.

What we are isn't limited to what's inside our body and brain. The objects we interact with also count to an extent. (Being a cellist, makes me acutely aware of that.) What counts the most is any information stored in those objects, especially information you can't retrieve elsewhere —notes, journal, and other such personal data. Losing that information is like losing a memory. Being stored in a hard drive, a paper book, or a human brain doesn't make much of a difference.[1]

So, when I write some code for a company, I have the right to remember it, and I will exercise that right. That's basic human dignity. If our current power structure (err, "legal system") says otherwise, then it should be reformed.

On the other hand, I can restrain myself, and avoid to disclose all those memories, say, in a public SVN repository. I don't like to keep secrets, but let's face it, I already do, and it doesn't bother me too much. So, I treat corporate copyright as a form of non-disclosure agreement: I won't tell anyone.

But I will remember.

---

[1] looong footnote:

Really it doesn't. One day, it may even make no difference at all. We don't have the technology yet, but imagine having a computer wired to our nervous system. It could act as a pair of Google glasses 5.0, or augment our intellect more directly: more working memory, more and more accurate term memories on silicon, even perfect recall.

Now you can't even make the difference between neuron memories and silicon memories. They're both equally a part of you. Heck, your whole brain could be turned into silicon, it probably wouldn't make any difference. (I happen to believe in "mind uploading". I won't justify why here.)

Now let an employer ask you to delete whatever copy of the code you may still hold. Now it is quite literally asking you to erase part of your memories. What exactly should you erase, anyway? Just enough to disable perfect recall? Keep whatever happens to be stored in neurons, and erase whatever is in the silicon part? What if you have stored everything about that company in silicon? (You may well have, if perfect recall makes you more productive, and requires silicon memory.)

If we had the technical means right now, I believe Goldman Sachs would have us forget everything we learned while working within their walls, if not more —like in the Paycheck movie (2003). I think we can all agree it wouldn't be acceptable.


I think there's a distinction between accruing and applying generic skills in a particular discipline and using intellectual property from one employer to benefit another. If you have agreed to protect the trade secrets of your (former) employer, you need to exercise your professional judgement to draw the line between contributions that stem from your experience in the field and those that are informed by work that you or others did for hire at your former employer.

Within that framework, plenty of things are clearly out of bounds, like copied source code. I would argue that re-implementing chunks of code that you know to be economically valuable and unique to your former employer from memory is just as problematic.

Now, by out of bounds, I mean breach of a civil contract. I don't see the criminal aspect.

Basically, there's no need to erase your memory, you just need to distinguish exchanging your time for money from exchanging your former employer's IP for money.


I've been working for a number of years on a product of similar nature.

If I switched companies to make a new system from scratch, it would take me a non-trivial amount of time to replicate a full system, and I probably wouldn't do it the same way. Even if I did it the same way, it would be hard work. During years of work one encounters many little problems, glitches, and even random ideas that don't come to mind so easily.

Obviously the previous experience helps a lot but having your old code basically bootstraps you. And the reason that coders in this sector are paid well, is that obviously the expertise is worth more than the code itself looking into the future. But still, if you do something really stupid like giving them an excuse to lock you up when you're going to a competitor, then you're screwed. I'm pretty sure Aleynikov would agree with me that he fucked up massively by taking his code home. If not, then he'd be out of touch with reality. The very thought of trying to do what he did makes me anxious. Big corporations are powerful and can fuck your life up.


Yo that's all fine and dandy. If you don't accept these conditions, don't take that job in the first place.

Otherwise, if they catch you violating trade secrets you'll get your arse in jail just like Aleynikov.

I doubt there will be a day when there are no secrets and no trade secrets. But in any case, that isn't the case right now. There's a part of the industry that can afford to work fully within Free Open Source, but it doesn't pay anywhere near as well as financial & banking (generally speaking). You can choose to make less money and not surrender completely your work done during office time to your company. Life is full of choices.


> If you don't accept these conditions, don't take that job in the first place.

Indeed, this article convinced me not to work for Goldman Sachs. Really, the way the story was depicted, it looked like they had the freaking Feds in their pocket. Less powerful firms however wouldn't be nearly as dangerous.

Also, don't confuse keeping a secret vs forgetting the secret altogether. When I take some source code home, I don't spill the secret, I merely remember it. The trade secret has not been violated yet. Though I reckon that putting it in a public svn repository would. So, when G.S. is asking me to not copy anything I have written at work home, it is asking me to forget.

I'll need a whole heap of money before I accept such scandalous terms.

> Life is full of choices.

For now. Depends what becomes the norm later. And I must say, I am genuinely afraid of the sci-fi scenario I have depicted above. One day, we will have these direct brain-computer interfaces, and corporations, if they still exist, will try and have you genuinely forget about the work you have done for them upon departure. It will be like working for 5 years at a firm, going out, and not being more experienced than you were before. This cyberpunk outcome is a very real possibility, and in some ways, it has already began.

But let's speak about right now. We're supposed to have rights we can't waive. Like many forms of freedom: you can't enslave yourself, no matter how much they pay you or your family. 'Cause you know, if it were possible, people would enslave themselves. You'd have to be a die-hard right-wing libertarian to believe it's an acceptable downside for the additional freedom to enslave oneself.

Likewise, I believe the right to remember should not be revocable. Our memories are part of our identity. When we lose them, we lose ourselves. To the extent we can lose them, we must do so freely. Doing it for money is not doing it freely (there are similar arguments against prostitution).


> Indeed, this article convinced me not to work for Goldman Sachs. Really, the way the story was depicted, it looked like they had the freaking Feds in their pocket. Less powerful firms however wouldn't be nearly as dangerous.

It's not just Goldman Sachs. Even a company like EA or Activision, which make videogames, would crack down hard on you if you took source code produced during company time and brought it home or to your next employer.

> Also, don't confuse keeping a secret vs forgetting the secret altogether. When I take some source code home, I don't spill the secret, I merely remember it. The trade secret has not been violated yet. Though I reckon that putting it in a public svn repository would. So, when G.S. is asking me to not copy anything I have written at work home, it is asking me to forget.

Nobody can reproduce an exact piece of software of high complexity from memory. Nobody. Re-doing it implies some redevelopment and it's accepted that you can do that. Same for the reuse of expertise gained during your stay in the company. These are legally different things and a distinction between these can be made in court.

> I'll need a whole heap of money before I accept such scandalous terms.

These terms are absolutely logical in the environment of that work. If you were the employer in that situation you would do the same. If you take what is essentially a competitive betting bot and take it to the competition, you immediately destroyed a massive amount of future wealth for your ex-employer. This is why these terms are agreed in the contract, because your work would be worth a fuck-ton less under the premises that it won't be useful in the very near future.

HFT Markets are a bit like a game of team poker. If a member of the team violates your pact and goes around explaining your exact strategy and giving away your cards, he's actively damaging your bottom line. And he's doing so against contract and law, without which life would be a lawless nightmarish jungle.

> We're supposed to have rights we can't waive. Like many forms of freedom: you can't enslave yourself, no matter how much they pay you or your family. 'Cause you know, if it were possible, people would enslave themselves. You'd have to be a die-hard right-wing libertarian to believe it's an acceptable downside for the additional freedom to enslave oneself.

Working is typically surrendering part of your life and your freedom for money, so you can have more time and more freedom without having to worry about things like having a roof above you to sleep and eating every day (slaveries we're born with). And generally satisfying your needs and wishes.

> Likewise, I believe the right to remember should not be revocable. Our memories are part of our identity. When we lose them, we lose ourselves. To the extent we can lose them, we must do so freely. Doing it for money is not doing it freely (there are similar arguments against prostitution).

Remembering is one thing, keeping verbatim copies of your work (and its interactions that imply the work of others, but even leaving that aside) is a very different thing.

It takes a massive sense of entitlement to violate your extremely generous contract in such a way.

My company pays me well, takes no more than 37-40 hours a week of my time and gives me full weekends and around 30 days a year that I can choose to my heart's content. The amount of freedom that this affords me, I honestly don't think I could get it elsewhere. If I thought otherwise I would be doing that instead. I do what I want most of the time. If I was, say, in the African savannah worried for my life day and night, I'd be extremely less free that I am now. Same for a work that paid me so little that I had to be worrying about my basic needs being covered in the near future, or forcing me to make many choices in basic things like food or living space. Freedom is not an absolute and it's always a matter of compromise.

I suspect Aleynikov's case wasn't too different. Just because sometimes work is boring and you have to deal with a codebase that is not like you'd dream to have, it doesn't entitle you to do what he did, which is being a massive twat, on top of a criminal. I think he's likely a great guy, but he fucked up. He seems to trivialise what he did and he may think it's not severe enough to go to prison. He's (or was) wrong. Hopefully he learnt the lesson.

If I pay good money for a painting, the author can, generally speaking, freely paint the same again or even an improved version of my painting. But he cannot come and pick my painting claiming that I cannot keep his memories because they're part of his life or some bullshit of that sort. With software that competes in the market based on its trade secrets, it's similar. By copying it and making it available to others you are subtracting value from the original rendering it basically worthless (especially so in the case of an HFT engine). Not all duplication of encoded information is the same.

In anglo-saxon cultures crimes against property are very, very serious. And they're so for very good reason. Property is money and money is basically everything. Money is what buys you freedom, even life. Denying this reality is self destructive both in the individual and the societal level.


There is not much disagreement left. Just some remarks:

> Nobody can reproduce an exact piece of software […] from memory. […] Re-doing it implies some redevelopment […]. Same for the reuse of expertise […]. These are legally different things […].

I agree 100%. But I'm not debating the facts, nor their legality. I'm questioning the law itself. I'm saying the distinction is somewhat arbitrary to begin with. Speaking of which:

> Remembering is one thing, keeping verbatim copies of your work […] is a very different thing.

This we disagree about. As I said in my first comment above, it is not so different. In a few decades, it may even become utterly meaningless (I mentioned perfect recall enabled by brain-computer interfaces). I welcome any further counter-argument. In the meantime, I will just add this quote from Gwern http://www.gwern.net/Spaced%20repetition

> I’ve had to say many times that I don’t know what I think about something, but whatever that is, it’s on my website. (A more extreme form of the Evernote/Mnemosyne neuroprosthetic.) A commenter once wrote that reading gwern.net felt like he was crawling around in my head. He was more right than he realized.

More generally, where is the limit between you and the outside world? In my opinion, the answer is not as obvious as it looks, especially when considering transhumanist ideas.

> HFT Markets are a bit like a game of team poker.

Yeah, that bothers me: it looks like a zero sum game, with very little benefits for the world as a whole (actually, I have seen argument saying it's bad for the world —mini krashes and such). I mean, is it even fun?

> If I pay good money for a painting, the author can, generally speaking, freely paint the same again or even an improved version of my painting. But he cannot come and pick my painting claiming that I cannot keep his memories because they're part of his life or some bullshit of that sort. With software that competes in the market based on its trade secrets, it's similar.

While I see the similarity, I cannot help but notice the difference. Your enjoying a painting doesn't rely on others not having a perfect copy. (Unless you must be "the one" or something.) The value of your trading software however does rely on the ignorance of others. Your right to keep it secret suspiciously looks like a right to take advantage of others.

I have another problem: competition is the zero-sum part of the game. By itself it is useless. The idea is to get positive externalities, such as plain better products on the market. Keeping your algorithms to yourself doesn't sound a good way to foster these positive externalities. Especially when the whole game is a big, complicated variant of rock paper scissors.

Overall, I distrust entities that rely on secrecy.

> My company pays me well, […] The amount of freedom that this affords me, I honestly don't think I could get it elsewhere.

Looks like you have made the right selfish choice. Others aren't so lucky. Many are overworked, and many others are unemployed. The sheer numbers suggest it can't be all their fault. It would be like feeding 100 dogs with 95 pieces of meat, then scolding the 5 starving dogs for not being competitive enough. There is a case for collective action. There is a case for changing society. More specifically, there is a case for a 4 day work-week: it would grant many people more freedom, including you.

> In anglo-saxon cultures crimes against property are very, very serious. And they're so for very good reason.

Again, I agree.

I will note however that the so called "intellectual property" you hint at have very little to do with actual property. It is a misleading term, with inaccurate connotations. Both "intellectual exclusivity" and "intellectual monopoly" would be more accurate.

So, when you take source code back home, you're not violating property. You're potentially violating secrecy. Which may or may not be just as serious. Nevertheless, we have a case of conflicting rights: the right to remember on the one hand, and the right to secrecy on the other hand. Since companies are not persons (except legally), I would tend to give the priority to the humans' right to remember. That said, I'll do my best not to harm my former employers: last time I saw him, my boss was still human —I worked at a small company where the two CEOs own most of the stock.

> money is basically everything. […] Denying this reality is self destructive both in the individual and the societal level.

Couldn't agree more. Which I why I'm so scared of the fact so few people have a say in our monetary policy. Those who control money have far more power over us than any politician ever had. (Except dictators. Maybe.)


> He deleted his bash history— the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password . If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system.

Wait, what?


$> some_command --username myusername --password mypassword

$> history

...

12345 some_command --username myusername --password mypassword

This comes up fairly often with poorly designed CLI's. Wiping your bash history after running the command isn't an unreasaonble hack.

Edit/Addendum: Although there are other (perhaps better) ways to achieve the same effect, the main point is that doing a "history -c" should be considered no more suspicious than e.g. closing a document to clear your "undo" history.


Fair enough. Though,

    read -p "Password: " -s password; some_command --username myusername --password "$password"


Although this avoid a .bash_history entry, this will still make the password visible to "ps ax" on most multi-user systems.


A space before the command stops it from going in your history, though.


is that only for certain distro's because that isnt true on debian:

115 history

116 history (1 space)

117 history (2 spaces)

118 man passwd

119 passwd -a (1 space)

120 history

121 passwd -a (2 spaces)

122 history


You can control this with the HISTCONTROL and HISTIGNORE environment variables: http://askubuntu.com/questions/15926/how-to-avoid-duplicate-...


Thank you for providing something of technical value in this conversation.


Much to my dismay this is not true. By default debian is configured to `ignoreboth` ie dupes and spaces. Like you I also change the debian default for HISTCONTROL. Lines 11-13 of /etc/skel/.bashrc:[^1]

  # don't put duplicate lines or lines starting with space in the history.
  # See bash(1) for more options
  HISTCONTROL=ignoreboth

[^1]: https://bazaar.launchpad.net/~doko/+junk/pkg-bash-debian/vie...

Provenance for /etc/skel/.bashrc:

  dfc@ronin:~$ dlocate /etc/skel/
  bash: /etc/skel/.bash_logout
  bash: /etc/skel/.bashrc
  bash: /etc/skel/.profile
  dfc@ronin:~$ apt-cache showsrc bash |grep ^Vcs-
  Vcs-Browser: https://code.launchpad.net/~doko/+junk/pkg-bash-debian
  Vcs-Bzr: http://bazaar.launchpad.net/~doko/+junk/pkg-bash-debian


It's controlled by the HISTCONTROL variable in bash. If it contains 'ignorespace' (or 'ignoreboth' to ignore duplicates as well). Check the man page for more details.


Anyone know why this incredible hack was introduced in hr first place? In my entire career this "feature" had only caused annoyance after copy-pasting a command.

Why not have a shell command called 'nohist' to wrap a command line?


Exactly my feeling, this just doesn't make sense, if he was so paranoid about his password being stolen it's unreasonable to rely on something like "remember to remove the shell history on logout". Then he also uploads the code to some random SVN server...


Old story. Definitely sucks for him, but mailing yourself proprietary code of a very secretive and ruthless bank is not exactly the smartest thing to do.


Amazing how naive in some regards a very smart person can be. You don't send yourself source code, and you definitely don't talk to police without a lawyer, or invite them into your house.


Seems to me here, the biggest lesson one can learn from this story is don't work for companies like Goldman Sachs. if they don't want to get with the times and understand how the world they don't understand works then they deserve to be technically behind. So on top of not understanding your work as a developer instead of learning how things work, they choose to abuse the law. Worse part is the law is like a big spider web where it traps the small guys while the tigers and elephants walk right through, there is no justice here no matter how many sections you quote or how many laws you read. Best thing is to just be smart and not get involved. There are many opportunities out there for talented developers.


I don't understand this bit about the DNI:

  US master  spy Clapper says  spies steal open source,  then immediately
  claims ownership and  classifies it, and prosecutes if  the material is
  disclosed, like Goldman Sachs.
What did Clapper do?


flash boys also talks about the FBI's suspicion when they heard Aleynikov was using software called 'subversion', and assuming he was thus doing something 'subversive'

that cracked me up!


Moral of the story: If you don't want to be thrown in jail for stealing something you didn't steal, don't sign a confession...

In fact it sounds as if the defendant actually phrased most of the confession himself...


I'll take it one step further: don't talk to the police at all. Had he said nothing and asked for a lawyer who knows what the outcome would have been?

Obligatory: http://www.youtube.com/watch?v=6wXkI4t7nuc


So, he emailed source code to himself (yes that was illegal and violated his employment contract,) deleted the bash history (there are plenty of other ways to prevent your password from showing up in history,) waived his right to a lawyer, talked endlessly with an FBI agent and was surprised (?!) that the agent was not a computer expert, then signed a confession.

Sorry if I fail to have much sympathy. If you play in the big leagues, you should at least have some sense of self preservation.


His federal conviction was overturned then they later recharged him for the same incident in state court. Also Congressman Lamar Smith, who sponsored SOPA, amended the Economic Espionage Act of 1996 with the Theft of Trade Secrets Clarification Act of 2012 specifically related to this case.

Sergey's Legal Defense Fund - http://www.aleynikov.org/


I wonder how much this cost Goldman from a talent perspective.


Probably nothing. The checklist goes:

1. Do I want to make unbelievable amounts of money?

2. Can I do so without running afoul of the law?


> 1. Do I want to make unbelievable amounts of money?

It's worth noting Aleynikov had over a decade of very relevant work experience prior to joining Goldman with a starting salary of $260k.

Yes, that's a good salary. However, it's not like top 1% developers with 10+ years of experience will have a tough time matching that outside of the financial sector.


Do you mean coders refusing to work for GS?


It would certainly make me think twice. I mean why risk jail time over a bit of petty cash?


Depending on who you are, half a million dollars a year is not necessarily 'petty' cash. Also, people risk jail time over petty cash constantly in all walks of life.


It's petty in the sense that you're likely to be able to get sufficient fraction of that not to need to worry about money.

At that point if you're motivated by more cash rather than not being seriously screwed, well, you don't sounds rational to me. That cash just doesn't have much value to you, and the risk does have cost to you.


Half a million - plus bonuses, which can often be 5-10 times your salary.


You risk jail time stealing code from any company.

The penalty here was disproportionate to the crime, sure, but Serge clearly took code owned by GS and uploaded it, without permission, to a 3rd party. Pretty cut and dry case of corporate theft here...


Not really. He worked in a culture that by the sounds of it encourages individual action and initiative. It sounds like the code he shared was utility code, i.e. typically the kind of thing that would be fine to share if it were allowed since it doesn't undermine the companies position.

He was stupid. He should have made his intentions clear from the start, and he might well have simply gotten permission. As is, what he stole may well have been more akin to a using company laptop solely for personal use - certainly some kind of fraud, but probably also the kind of activity that the company might well have condoned if he'd only have asked.

Of course, without knowing what that code was and to what extent it was written on company dime, it's hard to say whether this was more like a bureaucratic oversight, a minor but intentional infraction, or a serious bit of fraud.

Regardless, it definitely sounds like Goldman really abused this guy. Keeping people in the dark about their true worth as negotiating strategy, and encouraging single-person whatever-works-goes work ethics (which may well be a form of intentional plausible deniability given the firms history) sounds to me like they treat their employees like exploitable resources.

So sure, I'd hope everyone would think twice before accepting a job offer there - because they clearly will stab you in the back when it serves them to do so.

In other words


> On the night of his arrest, Serge waived his right to call a lawyer. [...] Then he sat down and politely tried to clear up the confusion of this FBI agent who had arrested him without an arrest warrant.

These are things no sane person should do, especially if they're innocent.


the problem I have with the article is that FOSS/OSS used internally and modified for that use and not distributed would mean under normal copyright and work rules that yes GS did own the changes to OSS/FOSS used internally but never distributed.


Trying to sympathize with the guy, but signing a confession?....just doesn't make sense


There is a simple solution to this. When you publish open source software, make sure that in your license it says that Goldman Sachs is not allowed to use this code for any purpose whatsoever.


Rule #5 of an Open Source license: "The license must not discriminate against any person or group of persons."

http://opensource.org/osd-annotated


There's nothing that stops you from actually putting that clause in your license, just don't call it the GPL or MIT or whatever.

"My code is freely licensed open source, Based on GPL, with the addendum that Goldman Sachs can go stick their head in a pig"

As I understand it, there is nothing preventing this from happening.


Sure, you can do it. Once you do, though, your code is not open source.


>Sure, you can do it. Once you do, though, your code is not open source.

It is surely open source. It's just not Open Source. An important difference because of the capitalization.


If you don't want to deliberately confuse people, you would say "the source code is available" or something like that, because most people take open source to mean this:

http://opensource.org/osd

So that even if they're speaking out loud, where one can't see capitalization, everyone knows what they mean.


I am pretty sure this is a violation of one of the four freedoms, namely freedom 0:

   The freedom to run the program, for any purpose (freedom 0).


I wonder if they'd care. Sounds like they don't particularly care about the licenses on the open source code they use, and I doubt you'd find out that they're violating your license.


Why not throw in a lot of other "evil" entities too. Soon, we'll have jslint's license!


What repeatedly stands out every time I read of this account is the relative ineptitude of the federal agents handling the investigation.

There appears to be every indication that agent McSwain did everything short of taking explicit marching orders from GS.

The FBI either lacked the will or ability to understand the crimes they were tasked with investigating. I find that disturbing.


(I'm sorry if I do this incorrectly; first time posting plus I'm on an app)

"Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. “The way he did it seemed nefarious,” the FBI agent would later testify." Whom is the FBI agent referring to, McSwain or Serge?


I don't normally bring this up but in this case the site formatting is essentially unreadable for someone with poor eyesight who needs to expand the text and make the container narrow to avoid constant left/right scrolling.


The original link didn't mention this was an excerpt from Flash Boys so I had no clues Michael Lewis wrote it. I've never read any of his books. Now I want to because he actually writes pretty well.


That is the problem with invention vs. "intellectual property". Inventions belong to the inventor -- property belongs to the owner.


I thought the policy here was to use the actual title of the article, not to edit it. Why did the moderators change it?


The guidelines say to use the original title unless it is misleading or linkbait.


Flagged because article completely misunderstands how GPL works. GPL doesn't apply if you modify source-code to use internally, it only applies if you distribute it externally to third party users.

[GPL not mentioned in article; my recollection from the original court documents is that the code was largely LGPL and GPL code]


I believe the article didn't imply steal in the legal sense, but rather in the moral sense of not contributing changes back and assuming ownership.

I also see no mention of the GPL, only open source. So the license could've been BSD or MPL etc.

Also this part might be illegal:

>Later, at his trial, his lawyer flashed two pages of computer code: the original, with its open source license on top, and a replica, with the open source license stripped off and replaced by the Goldman Sachs license.


The latter is obviously illegal, but I am an advocate of the GPL and don't take issue with someone extending GPLed code for internal use and not releasing their changes. The point is to maintain user freedom of software, and if the users are the company itself modifying it and never distributing it to someone without source access, even if they never make it publicly available, that is still ethical.

I'd like them to share the information they create, but I think it steps on others rights if you start trying to force disclosure of information creation.


I've wondered about this. Doesn't your non-disclosure and nob compete contract with your employees conflict with your organization's "distribution" of open source code to the employees? They should be able to do WHATEVER THEY WANT with it under the license. Or does GPL somehow handle "internally" vs "externally"?


The GPL specifically states that using code within an organization is not distributing it. Further, if employees (or even contractors) are paid to modify the code, the organization retains all rights to it, not the employees nor contractors. It's even within Goldman Sach's rights to prevent the release of the code, as they didn't distribute it to 3rd parties.


Where does it say that? What is the relevant quote and exegesis?


Read the definitions part at the top. What constitutes an individual and what constitutes distribution.

And what your rights and obligations are throughout the rest of the licence.


You don't distribute the GPL'ed code to your employees, in the same way that you don't 'distribute' your internal code, your MS Windows licences, and your computers,desks and everything else. All of those tools still belong to the organization, and employees are using them on behalf of it - they're not 'given' any of those items in the legal sense.


No conflict. You own your changes to GPL code unless you distribute that software to others. Only then do you need to distribute the source of your changes.


But you the individual shouldnt be able to force another individual - a contractor, say - to restrict their freedom in using this free software, even though they are working for you. Right?


Depends on exactly what you mean.

Let's say that I'm employing you to write a trading platform. You research the field, find some OSS that can serve as a base to work from and modify it to my specs. I own the modified code and can report you to the DA if you take it and try to sell it somewhere else.

Now if instead, you just take the original OSS you found, and the knowledge you gained working from me and go somewhere else to build a trading platform based on that original source, I have no case against you (assuming you aren't using my trade secrets) since you haven't taken anything I own.

Does that help?


> I own the modified code and can report you to the DA if you take it and try to sell it somewhere else.

How does this work with the original copyrighted code? If I take 10k lines of an open source project, tack on an echo or a comment or some nonsense, do I suddenly get to claim ownership of the rest of the code? It would make sense that you could own the delta, but you should only own your delta, not the original code.


The point of GPL is that you own the entirety of the source with your changes. Remove your changes and you're back to the original source which everyone "owns."

"Owns" in quotes because that's not ownership, it's a license to use, modify and distribute the code within certain limitations. I've been dealing with IP lawyers recently over exactly this issue and they're being sticklers over the difference.


If a piece of code has parts created/owned by different entities, in order to copy them you need permission from everyone of them. You copy that resulting 10k line program but don't have permission for my delta that's a single comment? You're violating copyright.


That's not inherently true of open source and I didn't see where the article singled out a specific license. There are several variants of GPL the AGPL has clauses that say you still have to provide source in cases short of distribution of the software itself.


Yes but AGPL is rarely used, the vast majority of FOSS uses GPL or a less restrictive license...


According to the article Goldman deleted the existing license and replaced it with their own. Probably a violation of most licenses.


If the application or source code is distributed then sometimes removing the license would be a violation. But most open source licenses allow you to make private forks that you keep private. If that is your desire then changing out the license disclaimer to say "Some or all of this code is the property of X, do not distribute under any circumstance" actually makes a lot of sense. If the original license was left in place it would be easy to think that the files in the private fork where publicly distributed. Obviously they don't have permission to change the actual license on the originally public content.


It seems like a very bad idea to remove a copyright notice from a file. Suppose the next developer to see the file doesn't know its origin, then incorporates it into a product that is distributed.


"Aleynikov was employed for two years, from May 2007 to June 2009, at Goldman at a salary of $400,000.[1] He left Goldman to join Teza Technologies, a competing trading firm which offered to triple his pay.[5]"

jeez, those banks pay a pretty penny.


This is probably the most important bit of information, in regards to Goldman Sachs' motivation. I think it is very likely that they simply did not want him working for competitors. They then searched high and low for ways to remove him form the market.

The actions this guy was sued over are likely all things that he had done before.


Goldman is a nest of parasites and vultures, do we really expect anything more from them?


They are criminal co-conspirators in the capital theft of $10 billion (that we know of) from US citizens. Goldman repaid TARP loans using money given to them by the Fed by selling $11 billion of failed mortgage securities to the Fed to balance their books. We now know that more than $100 billion in MBS was purchased from Goldman by the Fed.


probably OT...but Cryptome posting an excerpt from a Michael Lewis book? that's a bit out of character...


Why?


My understanding is the guy that runs the site bills himself as someone who posts top secret documents, usually government or corporate, from secret or anonymous sources. Kind of like a wikileaks before wikileaks came around. For him to post an excerpt from a book you can buy on Amazon is a bit, well, anticlimactic.


You make john young sound so tacky when you say "he bills himself as..." I remember downloading things from him over my modem. He has archived tons of things over the years.


I'm not denying sometimes he has interesting and even important documents on there...just sometimes it seems a little over the top or vengeful. I would say at times, I'm glad he's doing what he's doing; at other times I get a little worried. Admittedly sometimes, it's not his fault but those of his contributors - I suppose he often puts things up unedited and verbatim and there are some that are very conspiricacy-theorist


so effectively Goldman Sacks killed the potential competing high performance trading platform


Lesson learned, don't ever work for Wall Street.


This is batshit insane. Wall Street is fucking insane. I hope Serge wins a huge lawsuit.


Okay, so.

* misleading title. Goldman Sachs stole nothing.

* This guy steals code from Goldman Sachs.

* Covers his tracks. There is almost no reason why your password ever ends up in your bash history. If it does, you edit out only the password. Or you put a space before the command you run. At any rate, this guy should have known how to prevent his password from getting in the shell history and had no reason to delete his history.

* The guy talks to the cops

* Waves his rights to a lawyer

* Signs a confession

* Lets cops into his house without a search warrant.

* Doesn't testify at this trial.

This guy fully deserved what was coming to him. Goldman Sachs did nothing wrong here.


You're being totally unreasonable. Being naive (waiving rights, signing a "confession") doesn't mean you deserve to be abused. That's just barbaric.

As to clearing bash history, this isn't criminal, it's just a wise security measure. I've certainly cleared various log files when I knew they contained exploitable credentials. Why the heck would you waste time editing out specific statements? It's not like a bash history is valuable in any normal circumstance.

By the sound of it, he certainly didn't think he was doing anything wrong, otherwise he wouldn't have been helped the FBI so thoroughly.

Sounds to me like nothing he did would have been a problem if he'd have been upfront about it. Basically, Goldman encouraged an atmosphere where people went it alone, implicitly (but not formally) giving them permission to do what they want as long as it gets the job done. Now, after the job got done, they change the rules and screw their employee, who by all accounts did get the job done.

Frankly, if somebody needs to go to jail, it's his boss, by the sound of it.


Bottom-line: "history -c" should never be interpreted as "covering your tracks". No one should be treating .history as a log file!

* First and most importantly, if you want a true log of history this can and should be achieved using a different mechanism (not effected by history -c).

* There exist bad CLI's which require entering the password on the command line. See the conversation below -- it took six posts on HN before the correct solution (make sure certain env vars are set to the right values) came out. So, hardly common knowledge.

- In fact, you space trick doesn't always work. Can I fire you for negligence if someone finds your .history since everyone should obviously know everything about bash history?

* If you run "man history", the very first thing you see is the -c option. Therefore, if you want to clear a password from your history file, this is mostly likely how you'll do it. You're effectively attributing criminal intent to anyone who's not sufficiently unix savvy.

* If you're treating .history is a log file, then you're being pretty damn close to criminally negligent with your logging practices (equivalent of providing an editor for apache's access.log on your homepage).

* Bash history files are not backed up, except perhaps accidentally with the rest of ~.

* History files rotate out after X commands. There is no way of guaranteeing that temporally-defined backup policies snapshot ~ before X commands are run.

Bash history is a "log file" in the same sense as the stack used for Word's "undo" mechanism is a "log file".


>There is almost no reason why your password ever ends up in your bash history. If it does, you edit out only the password. Or you put a space before the command you run.

http://stackoverflow.com/questions/6475524/making-sure-comma...

TIL! Good tip!


That's like saying if you walk down a dark alley you deserve to be mugged. It may well have been a mistake to walk down the alley, but that doesn't mean you deserved what was coming to you or that the mugger did nothing wrong.



Did you even read it? It's about him.


Probably because that is who this is about.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: