Readit News> The only thing relevant for the US re risking starting this niche is brain drain and talent.
That's unlikely due to extremely high taxes in the EU for individuals. People who know their stuff tend to migrate where they get more in return for their talents.
I migrated from the EU to the US, but then realised that once everything was factored in (medical, car, housing, cost of living) the taxes were actually worth it, so I moved back to the EU.
> good foresight
I'd call it luck.
I doubt that in the planning stages they could anticipate the auto industry order-then-Pandemic-cancel-then-order-again wave that messed up the logistics of the semiconductor industry.
you don't have to predict that exact scenario to know that domestic semiconductor manufacturing is a good idea.
> Yes, healthcare and the cost of living are more expensive in the US
I feel Europeans looking in on the US from the outside consistently have a misleading view on healthcare. I'm saying this as a European in the US working in big tech.
My plan's maximum out-of-pocket in a year is ~$3k, which I can pay pre-tax thanks to an HSA. It is less than 2% of my total comp in the worst case (in 2020 I spent less than $300 on healthcare). In return I get coverage that is generally better than the free public healthcare back in Europe.
I think CoL is similar, but not as clear cut. One thing CoL discussions often miss is that many expenses are independent of the local CoL; for example, a Macbook Pro costs the same in every US city. If your salary adjusts exactly for CoL, you're actually doing better because of this.
This is fine while you're employed, but what if you lose your position or decide to take a couple years off? Then it becomes a different equation.
Spread out over time, in the places I lived outside of the US that was not really a concern. Same with most other "social care" situations. In the US, it all felt a lot more tenuous which was a source of constant low-key anxiety.
lstoll commented on Towards Sequoia OpenPGP v1.0 sequoia-pgp.org/blog/2020... · Posted by u/nwalfield
Having an alternative implementation to GnuPG is a pretty important. Although many would argue against the use of PGP encryption for many use cases such as email, there are other use cases where PGP's ideas have no replacement.
For a specific example take signing git commits. Even fossil scm delegates this task to pgp. Personally keybase is the only project that may provide some form of alternative, but they do so by supporting pgp.
I definitely agree that PGP was and is no longer the correct tool for every use case as it sort out to be, but I find there are still pockets where PGP has no alternative. I'd be interested what HN's thoughts are on PGP for this specific use case and if there could be an alternative.
Git also supports S/MIME, and GitHub provides a tool to sign commits with this directly https://github.blog/changelog/2018-09-10-smime-signature-ver...
Deleted Comment
lstoll commented on Benchmarking GitHub Enterprise githubengineering.com/ben... · Posted by u/dbussink
Got it. What's the overhead of using RubyEncoder or some sort of code obfuscation/loader protection technology? I'm interested to know how much it costs compared to straight up MRI/JRuby.
It used to use RubyEncoder, now it uses something custom. The overhead is very minimal, and it's only when the source is read off disk.
Deleted Comment
lstoll commented on Experimental Dependency Vendoring in Go 1.5 groups.google.com/forum/#... · Posted by u/NateDad
How do you handle a custom GOPATH like that when the current repository needs to be in there too? We've tried manually symlinking the repo dir into the custom '$GOPATH/src/github.com/user/repo' dir, but it feels really hacky.
We just keep all our go code in one repo.
For signing SSH certificates, we run a small service (prototype code dump at https://github.com/pardot/sshsigner) that uses this key to sign short lived certificates. Auth to the service is via OIDC issued ID tokens.
On the client side we have a custom SSH agent that uses an ephemeral in-memory private key. The agent manages the OIDC web flow and calling out to the service for signing on demand. This lets us keep the cert duration small and scoped, and allows us to force re-auth for sudo etc. via the web flow.
We also do a similar thing for host keys, IAM auth the instances and sign certificates.
Altogether works well, provides a nice user experience, and keeps long-lived/leakable creds out of out environment.