Hacker News new | ask | show | jobs
by azet 3697 days ago
Some of this is certainly my own fault (context: I'm the rude guy in the thread). There were two comments made by myself that were considered "rude": one early on, where I actually didn't even mean to be. And my last reply was bascially a rage-quit.

But I put all relevant information, academic and engineering-wise in the thread to try to convince Ruby-core to change their opinion. I replied to false assumptions and comments as best as I could.

I'm also only a human and since this bug has been open for 2 years, I've used SecureRandom extensively in the past, this was a very frustrating experience for myself and all the commenters involved. I certainly do not have the most "diplomatic" approach (as a friend put it). I know that. But I'm not really sorry about that either, it's just who I am. I'm a nice guy IRL people tell me, but I can get obnoxious when people don't listen to severe security issues and always refer to upstream, have been so in quite a few projects and standards processes.

I'll work on that, promise ;)

Aaron
1 comments
kangar00 3697 days ago
Every interaction I've had with the Ruby core team has involved rudeness on their part.

I understand that Japanese culture is really different and that as a country they've really had horrible things done to them over the last hundred years that are inexcusable to say the absolute very least.

But just like any country, there are people with great people skills and people with no people skills. The Ruby core team lacks people skills. Whether it is a result of cultural problems that are a result of terrible things happening there, I can't say, but it really does Ruby a disservice.

All they need to do is listen and consider, but they don't, really.

link
azet 3697 days ago
I don't think it's a culture thing at all. Japanese people are usually extremely polite and sincere. I also don't think this has anything to do with their history.

If you look at replies I got from Ruby-core: some people would consider them to be rude as well; I'm constantly told I do not understand what I'm doing, and I've been in engineering for more than 12 years, into crypto for more than five (and been reading cypherpunk lists since I was 15). I'm certainly not an academic cryptographer nor among the best engineers in the field, but I think I know a fair bit about the topic by now. I've contributed to many security projects, academic publications and standards processes -- this was certainly among the worst experiences I've had so far (you'd think IETF is worse, no. heated discussions all the time, but people stay focused and technical, listen to comments made by domain experts et cetera and act on them).

The Ruby community even has their own acronym for being nice to other developers: MINASWAN (https://en.wikipedia.org/wiki/Yukihiro_Matsumoto). I'm puzzled by the outcome of this discussion, but am assured by other security engineers and cryptographers that bugs they opened were treated equally badly, often ignored, even if they were non-disclosed, heavy security issues.

No idea. I'm not part of Ruby-core, neither Japanese. In my travels I've encountered many cultures and peoples, Japanese are amongst the most polite and friendly people I've met. Often very shy in that regard, like many asians (this is indeed a culture thing & certainly not a bad one). Some are xenophobic, but I wouldn't say that they all are, that's just false, I've met so many open-minded Japanese that I'd never generalise in that regard.

Aaron

link
nabla9 3697 days ago
>I'm puzzled by the outcome of this discussion, but am assured by other security engineers and cryptographers that bugs they opened were treated equally badly, often ignored, even if they were non-disclosed, heavy security issues.

If you have organization with strict good manners policy and problems arise, this kind of passive-aggressive behavior is exactly what you should expect. "company policy" and PC rules can't make people better persons.

NOTE: This is not my opinion about Ruby-core team. I just want to point out that being polite does not mean that you interact well with others.

link
kijin 3697 days ago
Insofar as Japanese culture has anything to do with the way these people replied to you, I suspect that it might be a combination of (1) deference to authority and (2) relative isolation from the Western CS scene.

Absolute deference to man pages and insistence on getting things fixed upstream are textbook examples of, well, following the textbook. And they won't accept blog posts and presentations as authoritative because they are not familiar with the authors and presenters. Had they been even a casual reader of HN, they wouldn't dismiss names like tptacek so easily. They simply have no idea who the heck he is, so they stick to TFM as they were taught to do.

So it's neither malice nor xenophobia. I think they're just following rules, and maybe a little annoyed that everyone is telling them to ignore their rules.

link
tptacek 3697 days ago
This debate has virtually nothing to do with me. If you want to put names to it, use Thomas Pornin and Daniel J. Bernstein.
link
shevy 3697 days ago
Precisely.

"The Ruby community even has their own acronym for being nice to other developers: MINASWAN"

No, that is not true. That was coined, if I remember correctly, by the pickaxe.

Matz is nice, but how does this translate to any other bad suggestion out there? I don't understand that logic.

It's also not as if it is ... impossible to make suggestions to ruby core that are accepted?

Like hundreds other people manage? Why does the dude above fail?

Here is the issue tracker:

https://bugs.ruby-lang.org/projects/ruby-trunk/issues?set_fi...

You'll see a lot of assignee's done to matz, nobu, koichi etc... I mean they don't have 50 arms each and infinite time so they have to prioritize on what they work.

"Some are xenophobic"

That is so totally rubbish.

Just go to the japanese bboy scene. They are not xenophobic AT ALL.

https://www.youtube.com/watch?v=f5Y75Rjl6UU

They are people like YOU AND ME. Assuming that there is a huge, insurmountable cultural difference is just c-r-a-p.

Or do you think that every japanese loves video games? Or loves ninjas and samurai? Or knows karate?

link
azet 3697 days ago
I'd usually not even consider replying to such a post as you clearly have neither read nor tried to understand my comment.

I replied to a post made above, and expressed deepest sympathy for the Japanese people. While I was born in central Europe, I'd rather not be a citizen of any nation. I spend more time abroad than in the country I was born in. Speaking of which: central Europe currently has a huge resurgence of facist ideologies and xenophobia due to migrants from war-torn countries. Something which is utterly inconceivable to most people able to read a history book, given Europe's not so distant past with genocide. Unfortunately, xenophobia and right-wing sentiment is something that every democracy and thus nation faces, Japan isn't exempt from that [0] [1] [2].

(I currently live in Asia and spend a lot of time in Arabic countries, you may reconsider educating me on the subject with references to the bboy scene.)

Aaron

[0] https://en.wikipedia.org/wiki/Category:Far-right_politics_in...

[1] https://en.wikipedia.org/wiki/Political_extremism_in_Japan#R...

[2] https://en.wikipedia.org/wiki/Uyoku_dantai

link