Mid-engineer is someone who can accomplish all tasks with occasional design-level guidance. Senior is someone who can accomplish complex tasks without any guidance.
Not sure Qi Lu is the best person for this position.
Though Qi was born in China, he almost spent his all career time in the US. Probably the time he worked in China is less than one year. You can't expect this person knows China market, Chinese young people, Chinese companies well, and has connections with people in China gov.
And he worked for big companies only (Yahoo, Microsoft, Baidu). He never worked in startups. Can he find and invest good startups? I don't know.
Anyway, YC entering China is a good thing. Hope Google search will come back to China soon.
I don't want to get involved in politics. But I have to point out "Taiwan is literally the Republic of China." is 100% correct. The official name of Taiwan is Republic of China (ROC). On the cover of Taiwan passport, you can only see Republic of China. The interesting thing is the claimed territory of Republic of China includes the China mainland and Mongolia, not just Taiwan island. The official name of China mainland is People's Republic of China (PRC), literally same to Republic of China (ROC). It's too complex for western people to understand. Just refer them as China and Taiwan.
I am from China mainland, having friends and colleagues from Taiwan. Don't want to see wars happen between PRC and ROC.
Great article. I started iOS programming in late 2009 and had solid experience of native mobile programming (iOS/Android) and web frontend/backend (RoR/Node.js/React/Go) before I started to use React Native in late 2016. I totally agree with the auther on what work well and what don't work well about React Native. Sad to see Airbnb sunsetting React Native.
In my opinion, 2 of the reasons Airbnb had more and more issues with React Native are:
1. They don’t adopt type checking for JavaScript.
“We explored adopting flow but cryptic error messages led to a frustrating developer experience. We also explored TypeScript but integrating it into our existing infrastructure such as babel and metro bundler proved to be problematic.”
“A side-effect of JavaScript being untyped is that refactoring was extremely difficult and error-prone.”
This is absolutely not just "a side-effect". In a real project, many developers modify the same code base, and the interfaces (Classes, function paramenters, props, etc) are changed frequently. I think type checking system, e.g. Flow, is a must for writing JavaScript code for either backend or frontend. My team is using Flow, and I ask my team members to adopt type checking as much as possible. When I see something like this funcA(a, b), I always ask the developer to change it to funcA(a: TypeA, b: TypeB): TypeC. It is really very helpful, especailly when we need to change code.
2. They don’t ask engineers to keep most code in JavaScript.
“Often times, it is not clear whether code should be written in native or React Native. Naturally, an engineer will often choose the platform that they are more comfortable which can lead to unideal code.”
All logic and UI should be written in JavaScript. Native code should only be used when we cannot do in JavaScript or the performance is very bad.
When I am using React Native, I do miss the simplicity of writing and debugging native code. But when you need to support both iOS and Android, it's great to just keep one code base in JavaScript. Again, espeically when you need to change the code frequently, you don't need to do the some thing twice. (One for iOS, the other for Android.)
In late 2015 (maybe early 2016), I was interviewed by the engineering manager of a 20-to-50-person tech company for a iOS engineer role in Hong Kong. I answered all tech questions well. But when I heard his last question, I knew I would not get this job. The last question is "how old are you?". I hesitated but still told him "35". He did not say anything. I know it is illegal in the US. But I was not in the US.
Only slightly related...well OT as heck: VP of Sales at a tech company in San Jose was interviewing me for a field technical management job. The final question he asked was "Do you play golf?" I answered truthfully "No" and thought to myself, that is illegal as hell but it looks like I'm not getting the job. He replied "Learn!".
Under US labor law, facially non-discriminatory policies can be the basis of a discrimination suit if they have a disparate impact on protected classes. If there is a disparate impact, the employer must show a valid business reason for the requirement.
That's the rub about the seemingly innocent golf question. What if someone has a physical handicap that prevents them from playing golf but in no way affects their ability to perform the duties of the job they are interviewing for?
Many startups are exempt from even that. The Federal Age Discrimination in Employment Act applies to companies with 20 or more employees. Some states have stricter rules (5 employees or more for the California Fair Employment and Housing Act).
Companies here are so litigation-averse that they’d never fire someone outright for being too old. They have an entire department (HR) to help build a solid, believable paper trail for firing them for “performance issues”.
> The Age Discrimination in Employment Act of 1967 (ADEA) protects certain applicants and employees 40 years of age and older from discrimination on the basis of age in hiring, promotion, discharge, compensation, or terms, conditions or privileges of employment.
Are you maybe referring to a different federal law?
Granted, but put quite simply, I have residency in HK but still need a visa to visit mainland China.
Also the capital controls are entirely different. It's naive to say they are the same country when they are demonstrably different in terms of culture and laws - despite their many similarities.
Yes it's already a part of China. However like Taiwan, the culture is different. While HK shares a lot of traits with the mainland, it's culturally still closer to the West. That said things change over time.
> I too have been approached by non-technical people who wanted to form a team, but rely on me to come up with both the idea and the product. I don't trust people who can only talk.
I like these words, especially "I don't trust people who can only talk."
If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only.
Update: One solution of 'make sure' is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.
PS. Downvoting my post doesn't solve any problem. If you have any better idea, welcome to post it out. Thanks
> Of course, we need to make sure it is used for anti-terrorism only.
See that's the problem everyone is talking about. The thing, is, turns out you can't. That's was the ENTIRE point of the Snowden revelations.
No sane person is okay with terrorism, but at what point are you going to stop relinquishing your rights?
First, texts with Whatsapp. Then your phone calls. Then your bags and notes when you go through airport security. Then bugs in your house. All of these will help curb terrorism. But where will you stop? Will you lose all your private life in the name of law?
... and everybody who uses a different software not approved by state will be flagged as a criminal. This will make the job of police and spooks easier, we know there was order and security in East Germany or other countries of the Soviet block.
Now consider the cost of such 'solution'. Free speech gets redefined, most of the people get divided into informants,opportunists, naive state suckers and silent fragmented opposition. Is that kind of security and police state an acceptable cost? For preventing small number of violent deaths each year?
There are much bigger problems in Western societies than a bunch of lunatics killing small number of people, but those can't be used so easily to make a power grab.
How do you ensure that what was the reviewed source is what is actually being used? Also, how do you encode in source code who is the correct target to use this against, for now and in the future?
I actually didn't suggest a complete solution. You seem to judge the proposition without any further questions.
I said the monitoring software having access to the data was a solution. But you're probably thinking of a case where there is a master encryption key which we just hand to the government. But have you thought of a solution where we can be sure of the access that the software will have?
Something like a infallible way we can choose only the software can view the data. Sure, you're quick to dismiss it because it doesn't exist. That's why I said it didn't exist
There needn't be centralized way of communication you're thinking of now. It can be public software that people can choose to run.
> Assuming these experts are perfect and infallible
Well, you can have the same skepticism for the end-to-end encrypted software you use. How can you assume that it isn't broken?
Nobody is saying you did. You yourself said "that is a perfect solution actually" in response to vinceyuan, who had a one-liner comment about "the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts."
Maybe we are interpreting this in different ways.
How do you envision this "solution" working? It is a bit vaguely specified.
Who is doing the monitoring? What or who is being monitored? For example are we talking about monitoring the authorities to see if their access is done properly? Or are we talking about something / someone monitoring communications, on behalf of the authorities? Not sure what you had in mind. Can you explain how what you called "perfect" might work, were it to be developed at some point in the future?
I'll say up front that I'm skeptical, but let's see if we are even talking about the same thing. As long as you're being super vague, you don't have a solution at all.
And if you're just saying: there's no solution now but maybe one can be developed, fine (I believe you're wrong) but please clarify how you think it might work.
> That means there are still problems for you and me to solve.
This was my last sentence. With which I tried to say that we have to still solve the problem and come up with the solution. My comment "that's a perfect solution" was about the answer "software that can effectively monitor communications with proper privacy" to the question about properly reconciling privacy and security, in a situation where the people are okay with their communications being monitored.
But are you are expecting a answer to the question, "How will the software work?" from me.
I have no clue as so how it'll exactly work. But since you're so interested, I'll take a stab:
> Who is doing the monitoring?
The software. No humans will ever see the raw communications which haven't been flagged. Now this is obviously the tricky part. This is not a backdoored system with a magic decryption key. What I had in mind was a software possibly in-built with the communications protocol, which will, with near perfect accuracy flag suspicious communications. This is will need a leap of tech in Machine learning with NLP.
> What or who is being monitored?
All the communications (through the node) are being monitored.
> For example are we talking about monitoring the authorities to see if their access is done properly?
'They' have no access. Only the software does. How that is done is up to the "engineers/experts" to figure out. This will obviously need a change in communications architecture. When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
> As long as you're being super vague, you don't have a solution at all.
See my first line in this comment. I don't have a solution, but I do believe that a solution exists to a problem. They're very different things.
As an analogy, in mathematics, that's similar to me saying the problem is solvable, but you're talking about the actual solution.
And sure, this is a 'perfect' solution where monitoring communications is even a possibility. I don't even support that possibility. The first comment I replied to does, which said:
"If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only."
So in the first place, monitoring is something that will be done. Now in that scenario, there's a solution (In retrospect, I don't think I should've said perfect).
I don't think you are going to be happy with this solution. I don't expect everyone to be. I probably will be, because while I want privacy, I'm amenable to a solution I can trust in a situation where there has to be some kind of monitoring.
Since we live in a democracy (I hope you don't live in an oppressive monarchy), it can happen when the majority of the people (senators, actually, because it is a Republic) agree with a situation when monitoring is okay.
Your opinion or my opinion is not enough to change everyone else's opinions. So we might have to learn to live with it.
We live in a world, not a democracy. There are many different countries, with many different systems.
Any proposed solution has to deal with that reality, not with the little bubble of one democracy which may arguably in the questionable opinions of some subset of people have a good government.
The reality includes police states where the police are truly evil.
It also includes police states where the software is written by truly evil people, to do evil things, with evil experts overseeing it all and approving evil behavior in the software they are checking.
Please tell me how you can be confident that there can be a solution that addresses this reality while protecting the privacy of users. Sometimes all the user wants to do is send a message to their boyfriend, without getting thrown off a building, burned, flogged, or killed, possibly having several generations of your family killed as well (see North Korea).
The system has to work for this reality. I'm pretty sure that simply drawing a line and fully protecting the privacy of users' messages, full stop, is a better solution than whatever you and your senators will come up with.
And yes, the security of a crypto system can be verified. If it's designed to be secure. Not if it's designed to be monitored. Even if the experts are perfect angels and absolutely competent, if there is a way to monitor, hackers will find a way to get access to it.
>When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
You're dreaming. Remember, the authorities will have full power over that system, and even in countries where the authorities are not evil, the authorities as a rule are inevitably corruptible if not corrupt. This isn't just cynicism, it's reality. Look around.
> And yes, the security of a crypto system can be verified. If it's designed to be secure.
Theoretical security and actual security are two very different things. Once is mathematical which can be verified by equations. Other deals with software and imperfect developers. Software can't be verified for perfect security in a deterministic way, no matter how hard you try. Vulnerabilities pop up all the time. Your expectation that theoretical security translates to real world security is something I believe you need to think about again.
>Not if it's designed to be monitored. Even if the experts are perfect angels and absolutely competent, if there is a way to monitor, hackers will find a way to get access to it.
You seem to miss the part where I said a new protocol, not something which is modified, or backdoored. I'm surprised at you being so sure about the failure of a non-existent protocol. Do you have anything to back up your claim that any such protocol wouldn't work? Remember, it doesn't exist yet.
I honestly didn't find most of your post very coherent. There is no avenue for free speech in North Korea and other authoritarian regimes so it is a waste of time talking about working around the existing government for privacy and free speech rights. The only place where the masses can bring about change is in a democracy.
>not with the little bubble of one democracy
Last time I checked, most countries are democratic. Please show me the case where democratic countries vastly differ in how their government is organized.
> The reality includes police states where the police are truly evil.
Again, I talked about a democracy since we really can't do anything to help them with encryption and code. If there are no rights, strong encryption doesn't really matter. Look up rubber-hose cryptanalysis.
> The system has to work for this reality. I'm pretty sure that simply drawing a line and fully protecting the privacy of users' messages, full stop, is a better solution than whatever you and your senators will come up with.
It is of course is a better solution for individual privacy, I thought I talked about this at the end of my last comment. I don't have much control over my senators.
>>>When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
>You're dreaming. Remember, the authorities will have full power over that system, and even in countries where the authorities are not evil, the authorities as a rule are inevitably corruptible if not corrupt. This isn't just cynicism, it's reality. Look around.
Full power? I don't believe you have understood what I said.
At this point it feels like you're arguing for the sake of an argument.
Freedom and openness comes at a cost; this applies just as much to individuals as it does to countries. So then the ends of the spectrum are "I can take anything that comes at me, let the chips fall where they may"; and "Mummy make the bad man go away".
Unfortunately maths doesn't work that way, there is not much in the way of a spectrum when it comes to encryption, there is a very steep cliff from secure to insecure.
So then you are faced with a very stark contrast; the security afforded by a surveillance state, or freedom with the possibility of terrorism. Personally I prefer the latter.
The trick is there is no spoon, just like there is no control; only influence.
The better idea is to achieve security by encouraging people of different cultures to get along with each other. So, don't give free housing and support to people who fight against harmony and promote anger.
Two questions for you.
>One solution of 'make sure' is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.
What does that help with? (Because trusted expert aren't perfect, right?)
And second question, what if the police and government are evil, then how does your plan help?
> if it can reduce terrorism
It can't. If these supposed hoards of terrorists have half a brain cell between them, they'd simply communicate using something else.
> Of course, we need to make sure it is used for anti-terrorism only
Hah, not likely in the UK - if sweeping powers exist, there will be a creeping escalation of their use by different government bodies, and for purposes not related to terrorism.
