490d0aff0ee8's comments

Tangent rant.

I'm skimming over some of the code at https://github.com/openai/gpt-2/blob/master/src/model.py and I can't help but feel frustrated at how unreadable this stuff is.

1. Why is it acceptable to have single-letter variable names everywhere?

2. There's little to almost no documentation in the code itself. It's unclear what the parameters of any given function mean.

3. There are magic constants everywhere.

4. Function names are so terse... ("gelu", "attn")

> "You haven't really done OpSec have you? There is very little absolutism in defining who gets access to what data. In fact barring nations that have historically shared data with their governments is exactly one step closer to how you would achieve this."

When was the last time you've contracted for a serious client? When it comes to tech - you don't implement "OpSec" by blanket banning hiring Chinese/Russian individuals. Disregarding your bizarre definition of "OpSec" - plenty of individuals with Chinese/Russian background are working for companies such as Google/Microsoft/Facebook/Uber - making significant contributions and getting paid vast sums of money for it. Those companies actually invest into background checks, have dedicated security teams, are investing into locking networks down and improving monitoring. It appears that Gitlab simply wants the easy way out, or, they can't afford to refuse the aforementioned client's offer.

> "It seems you're almost implying Chinese and Russians are being randomly discriminated against for no reason, as if the kind of thing Gitlab is worried about has never happened before. Specifically with people loyal to those two countries. Yes, it is discrimination, whether it is baseless discrimination is much more debatable."

Do you have concrete numbers that prove Chinese/Russian workers are significantly more likely to act in bad faith against the companies they work in?

To quote Gitlab's chief legal officer, @cciresi:

> "The highest risk countries for hackers are: Romania, Brazil, Taiwan, Russia, Turkey, China and the United States (The US ranks number two in hackers according to ABC news). Surely, we aren't going to start restricting employment on all these countries?"

> "Why not? And Australians, they're explicitly (by law) required to be spies."

How come we don't see Gitlab re-considering hiring Australians then?

> "And your comment suggests as much - why would opsec about consumer / sensitive data be important unless you expect your employees to act in less-than-fair manner (be that for personal gain, a competitor's gain, a national gain, ...)?"

The defense industry will put you through background checks, demand a security clearance, and won't hire you unless you're a citizen - whilst simultaneously employing some of the strictest security measures available today. Security will stay there long after you've stopped hiring Chinese and Russian individuals.

> "Companies don't make decisions based on morality."

So let's just label every employee with a Foreign/Chinese/Russian background as a spy, because a client says so?

> "If you look at the vetting processes in the defence sector they have strict nationality and background checks.

Why should the same not be true for something with a damage multiplier the size of github which is basically carrying a big chunk of commercial IP in private repos?"

I'm all for background checks. Those at-least try to give everyone an equal opportunity - and if you fail them, you'll know why and have a chance to challenge the decision. There is a due process - as opposed to having some random techbro creating "need to get rid of {arbitrary nationality} asap" issues and having a bunch of random employees debating it...

If by having "nationality requirements" you mean "being a US citizen" - then Gitlab will lose 50% of its workforce overnight. The same will be true for many other tech companies. You make it sound like the defense sector is enjoying the strict employment regulations...

It's immoral to discriminate on the basis of fear, prejudice, and rumor.

One client can demand that Gitlab get rid of Chinese and Russian nationals today. Tomorrow, a different client can make similar demands - aimed at the nationals of different countries. This makes no sense whatsoever, and will blow out of control quickly.

Sanction programs are the established legal frameworks for such things: https://www.treasury.gov/resource-center/sanctions/programs/...

It's disappointing to see the promise of some money making the company go full 180 on its hiring and employment procedures - going as-far as potentially rescinding one employee's offer, and flagging another employee's personal choice to live in a different country as a risk.

The due process here is concerning. Some techbro starts by creating a "we need to block all Russian/Chinese" issue - followed by a bunch of echo-chamber "yessir" comments. When a legal advisor steps in - everyone tries to silence her and convince her it's just an "iterative process".

Finally - it actually looks like Gitlab's security practices are truly lacking. That an employee is Chinese/Russian shouldn't be a consideration - the systems should be tight enough to make sure absolutely no-one has access to customer data without consent - and that any actions taken are logged for auditing. Whenever necessary - pass your employees through a background-check. In sensitive (government) scenarios - restrict to employees with government clearance.

Honest question: Is Gitlab now a company not in a position to say "no"? Investors and potential customers need to know.