In spite of the district court's merciful sentence, he has committed an aggravated felony in the eyes of immigration law and so is barred from ever entering the US again. For life.
> he has committed an aggravated felony in the eyes of immigration law and so is barred from ever entering the US again. For life.
IANAL but it sounds like he may be able to appeal based on a recent SCOTUS ruling[0].
> The result is that people convicted of certain crimes -- such as the California crime of burglary -- that are not by definition necessarily violent, may not be deportable.
> IANAL but it sounds like he may be able to appeal based on a recent SCOTUS ruling[0].
For entry into the US on visa-waiver (ESTA) or visas (without a green card), you generally can't appeal to the courts, and court rulings about deportation aren't really relevant.
It is up to the discretion of CBP (and also the State Department for visa issuance). They can decide to disregard a criminal conviction - they are more likely to do that if it is relatively minor, if there are some unusual/special circumstances, if it is from many years ago, if a person shows evidence of being of good character since then. But it is totally up to their discretion.
If they rule against you, there is no formal right of appeal. You can talk to your own country's government, ask them to make diplomatic representations. If your own government decides to do so (they are under no obligation to do so), there is some chance they might change the US government's mind, but no guarantee.
I have no idea how exactly those kinds of decisions are made, but I feel like the "evidence of good character since then" clause has a decent chance to work here. The whole domain redirection thing he did definitely saved quite a lot of pain for people and businesses worldwide.
He said on Twitter earlier that a big part of the judge's decision to sentence him to time served was the character letters that a ton of people from the infosec industry that know him sent.
That kind of thing could definitely be relevant for showing good character since his bygone days as a malware creator rather than researcher.
Good character letters sometimes backfire. The judge in the Ross Ulbricht case said that she sentenced him so harshly partly because she got many letters attesting to his good character, so she decided she needed to set a very public example.
I think the difference is probably that in the eyes of the American government, everything Ulbricht did was bad. Whereas Hutchins did some good at some point that could be weighed against the crimes he committed. Character letters don't mean anything if the acts that gave that person their standing in the community are seen as wrong by the court.
Anyone can file a lawsuit at any time. The question is, what is the odds of success? Non-greencard holders who are refused visas for the US, or refused entry to the US, have a very low likelihood of success, given which most immigration attorneys will advise that (absent some special circumstances) filing such lawsuits is a waste of time.
(If you can make the case that the visa/entry refusal was due to some improper reason, such as racial or religious discrimination, political vendetta, government corruption, etc., then you might have some chance, but even then the odds are not that great. But if your case is simply "they won't let me in due to my prior felony conviction in a US federal court but I don't think that's fair", then your odds of success are almost exactly zero.)
Are you saying the article I’ve linked, published by immigration attorneys, is wrong? They’ve quite clearly stated the opposite of your claims, that there is legal recourse available.
I don't see a disagreement about whether your article is correct. Your article talks about which crimes are deportable, not which crimes may result in a later visa application to the US being denied.
Exactly. Deportation proceedings are a separate issue from visa issuance and entry. Courts show far greater deference to the executive on visa issuance and entry decisions to non-residents (and temporary residents) than they do in deportation.
I've looked into this an the USA is uniquely strict in their standards amongst western nations. Most countries give people a second chance in cases except for very serious crimes.
Canada is seemingly uniquely strict about people with a DUI, which is generally not a felony in the states, I know several people who are basically barred from Canada because of this.
Please don't post flamebait to HN. We ban accounts that do that. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and posting in the spirit of the site from now on, we'd appreciate it.
Yes, as mentioned in the blog post, we worked with Security Innovation to do a week long security assessment with full access to source code, design documents and endpoints.
We also have a long term consulting arrangement with a widely respected security architect, and they helped review our design and implementation.
Additionally, BuzzFeed has a bug bounty program on hackerone (https://hackerone.com/buzzfeed), and have invited partipating researchers to report on any issues found. We’ve paid out bounties for a number of minor issues, which were addressed prior to open-sourcing.
> In preparation for open sourcing we also engaged with Security Innovation, a widely respected agency who count Microsoft, Symantec, and Amazon as clients, to do a more in-depth, week long assessment, with full access to source code and design documents. This found no major issues, which gives us the confidence to open source sso today.
That is understood, and is always why we engaged with some of the top researchers who contribute to our bug bounty program, from the start with this project.
For example offering increased bounties during certain windows, or providing early access to the source code.
We highly value our bug bounty program, and find it to be a very effective mechanism for continuous security validation.
I'll write a tech blog post in the near future about how we facilitate our program.
> we have made sso a priority target for penetration testing by researchers on our bug bounty program — we’ve paid bounties for a number of reported issues!
While that makes it clear that they cared about penetration testing, it isn't what the person was asking to that you replied to -- they asked if they had contracted with an independent company to do testing. This did not seem to be answered by the article, and seems like a reasonable question to ask.
Now I'm not sure if the thing contains a bunch of question marks (in two different fonts, no less) or if somewhere (the original poster, the blog, your OS, hacker news, my browser, my OS) the character encoding got dorked up.
The fact that there are unicode "Fullwidth Question Mark"s as well as what appear to be normal question marks make me thing there still is an encoding issue.
Azure does have sovereign clouds, for instance its Germany cloud. [1] In this case data is handled by a German company and not Microsoft and so is subject to EU law.
My favorite tool is a Microsoft internal tool called CodeFlow. If you don't want to work for them just to have a great code review experience, I recommend https://reviewable.io . Very nice!
As a fellow Microsoft employee, my blood boils a bit thinking of CodeFlow. My team has an "interesting" code review process that is 1/2 git diffs (via VSO Pull Requests) and 1/2 CodeFlow through TFS. However, I'd take PRs over CodeFlow for a few reasons:
1) All accessible via a browser instead of Desktop App.
2) PRs are all queued up nicely and easily searchable in said browser instead of littered all over a folder in my email
3) PRs can have rules that don't allow merging without reviewers having accepted the change. CodeFlow seems to ignore this in my experience and 'required' reviewers are more just suggestions and people just check in their code whenever anyways.
It's entirely possible my team, myself included, don't understand how to properly use CodeFlow though so take my opinion with boat load of salt. Similarly, I'm sure my third issue could be fixed by improving our review process as well, rather than switching tooling.
It's also logically crap. Often it's people (as in this case) doing things outside the normal. Things as hackers we should celebrate.
It's also often people in extreme poverty just trying to make a living, aka the fucking sick part that we as rich educated people make fun of cause we don't have to do dirty things like recycle metal from unexploded ordnances cause rich.
Hey, tell me about it. There was a tragic accident at my school, when a structure collapsed and killed several students, because it had insufficient engineering oversight. But, eh, Darwin Awards had to make a joke, so they collectively gave it to all the victims, who were getting up at the crack of dawn to volunteer on a group project, and following all the safety rules they were given.
That's weird because it directly contradicts most rules of Darwin Awards, that the people must be mature (well I don't know what kind of school it was), that they must be the ones responsible for their death (from what you say, the engineering is what killed students later) and that it must be because of "extraordinary misjudgment" on the part of the people both responsible and victims (who are supposed to be the same).
Can you link to your story on their website in order to contact them and withdraw the award since it breaks the rules?
I dug into it a bit further, and apparently the story is that the Darwin Awards used to be more crowd-sourced, but as a direct result of the incident I'm referring to, they instituted heavy moderation and apologized for any distress caused by their seeming approval of a tasteless article. So it's a little more forgivable than I realized. My opinion gelled back when the story was still in progress, but I didn't hear about the conclusion.
If you want to read the details, just google "aggie bonfire", or "darwin award aggie bonfire".
Probable drunkard, not criminal (I also once made a ethernet ladder, yes it does not work well, no I didnt use it at a deadly height)
Not criminal, a bit silly. Funny because racism. I'd guess alcohol related.
Not criminal, probably alcohol involved, just a vehicular accident.
1 and 3 I'd also say involved mental illness. True if you want to be harsh we don't want the mentally ill or those susceptible to drug abuse to breed. I kinda think killing them off is not great why not just sterilize them?
Larry Walters who this story would have been inspired by (Not sure why people are saying the movie Up) also got a honorary Darwin award. He killed himself eventually. So he had issues I guess. But he was a legend as far as I'm concerned I'd prefer a world full of him over people making fun over people dying.
I agree we should respect people and no mock them for making mistakes that they pay the ultimate price for. It doesn't matter that they're doing it for fun instead of some desperate survival need. Early aviators gave us aeroplanes and balloons by taking foolish risks and many died, but we glorify a few survivors because of their important contributions.
For some reason, many kinds of deaths are protected from mockery by society, but not adventure accidents. Those are fair game and bring out the cruel uncaring side of otherwise seemingly nice people.
If the Darwin awards included death from alcoholism or suicide, any mention of them would be blotted out from the "polite" internet like HN. Somebody will probably complain about me linking mental illness to accident deaths just to enforce the social more that we must not disrespect certain arbitrary groups of people but other groups are fair game.
The problem is that some people are engaging in needlessly risky activities, they then put the people that rescue them at risk. For example, in the UK we regularly have people rescued from mountains who are woefully ill equipped, like this guy:
Yet properly equipped mountaineers can get unlucky and die anyway. The difference between death by hypothermia because you climbed a mountain in only your underpants and being well equipped but getting hit by an avalanche?
In the first case the coroner has a verdict of "death by misadventure" because you took unnecessary risks.
It's become a sort of joke in croatia, tourists in flip-flops trying to hike into mountains (famous stereotype is of czech tourists), and currently the rescue by HGSS (mountain rescue) is free of charge, and they often have to deploy a military helicopter (they don't have their own), which is costing the tax payers a pretty penny. The rescuers are mostly volunteers.
And they don't check their sources. Several of the most popular "awards" from the early years were fake, e.g. the "JATO rocket strapped to pickup" thing.
I believe the adage is, 'Play stupid games, win stupid prizes.' The Internet is full of terrible things. There's a site that keeps track of spree killing totals and celebrates new high scores. Well, there was. I'm not sure it exists anymore and I'm too lazy to Google.
Hmm...I guess I was assuming they had fixed all the potential vulnerabilities allowed by running a virus scanner as root, not just the specific vulnerability described in the example exploit.
Online regex testers are nice but nothing beats RegexBuddy [1] IMO. I have fond memories of me using it while on high school to naively parse HTML using regular expressions only. Good times.
Came here to promote RegexBuddy myself. It's the one thing I truly miss in my transition from Windows to Mac. I run it in WineBottler[1] now and it works well enough but I'd pay good money for a native Mac version.
i love regexbuddy. I made a similar app (regexpixie.com, windows exe) that also uses the blue-yellow coloring to differentiate between matches.
The biggest difference is that RegexPixie has really good support for named groups. Frankly, it's beyond me why people don't use named groups for regex documentation.
Or gets convicted of the first-degree murder of his wife.