There are so many confounding factors that this can't be taken at face value. Immigrants go where jobs are in general and it's demand for workers that causes housing prices to go up. If there was zero immigration there would still be huge housing demand in SF and LA.
You think that a minimum of 35% of demand being artificial isn't a factor that can be seen to increase overall demand?
edit: I say "minimum 35%" because that is just the percentage of immigrant-demand that managed to secure housing. Hard to say exactly how many more immigrants are bidding on SF & LA-County housing but 35% is the absolute floor.
Framing foreign-born residents as "artificial demand" is definitely a thing you can do, but it doesn't align with reality. Some portion of the foreign-born population are naturalized or are family members of US citizens, so it's not like waving your magic racist wand would actually solve the problem.
You also threw a nasty insult at the person, instead of conversing in good faith.
What's artificial about housing demand growth due to immigration is that they arrive into the market as adults. The natural demand growth would in contrast be from births.
The foreign-born population of LA and SF hasn't changed significantly in decades. It was like 27% in LA in the 80s. Housing there is expensive because there's a lot of demand from a lot of people. Immigration is like reason 11 out of 10 for why housing is expensive in those areas.
Canada has pulled American liquor from sales as a tariff retaliation, so Kentucky bourbon sales have dropped considerably. Thus we have the senator from Kentucky trying to kill off domestic competitors for Kentucky liquor.
The same is true of Canada, but to a far greater extent since Toronto/Ottawa/Montreal have a permanent veto on whatever the rest of the country wants. The US political system, for all its other faults, has successfully avoided this problem.
It is not a surprise that region can't find anyone else (in the rest of the economic zone over which it claims dominion) willing to die for its interests, especially when their interests have been revealed to be nothing but "loot the rest of the nation".
Everyone in these threads always points out all sorts of issues with the H1B system, which are mostly true, but it's not like there's a suggestion for a replacement here. This is a de facto shutdown of the program, not a reform. I'd be happy to see a reformed skilled immigration program for the US, but this isn't it.
The US makes up about 4.5% of the global population and it seems silly to think that the FAANG companies and the new AI startups chasing behind them are going to restrict their hiring to this tiny slice of the global talent pool.
The only effect this is going to have is accelerating the offshoring of jobs through more hiring in India, Europe and Canada, which is a net loss for the US.
I myself became a US citizen two years ago after being on a H1B. I was paid the same as all my peers and for all its shortcomings the program worked for me. It stunning to think this has been closed off, killing the main path for skilled immigration into the US.
Some AI recruitments have seen 9-figure contracts. $100K is actually a surprisingly well-considered number and would still see the intake of legitimate talents, obviously contingent on the specific details. Indeed, those people wouldn't have to compete with masses of consultant trash and the whole lottery system could be done away with.
$100K actually seems perfectly coherent with forcing the program to winnow down to actual talents. People truly good enough to get the employer to pony up $100K to pull them in -- presuming there isn't some kickback fraud happening -- will truly be the best of the best.
> The only effect this is going to have is accelerating the offshoring of jobs through more hiring in
Paradoxically the #1 reason H1B employers bring in H1Bs is to bridge offshoring work. Pull in a dozen Indians and they're your bridge to the big Indian office, which is precisely why Infosys, Tata et al are such H1B users.
> Some AI recruitments have seen 9-figure contracts.
These are crazy outliers who would go through a different visa path anyway. US tech companies still need mid-level workers making low-to-mid six figures. Weirdly O1 visa holder spouses will get an O3 which doesn't allow them to work, making it worse than the H1B/H4 visa for some set of people. (H4s allow spouses to work)
They're crazy outliers, and that's fine. The point of H1B is hiring talent outside of the United States, not hiring normal webdevs or commodity software engineers. A fee like that, where a large salary for an exceptional job would make the cost relatively small, brings the program back to its original goal.
If you just need a normal worker, there are plenty of CS grads and unemployed SWEs you can hire in the US right now. If you need a specialized foreign worker because he or she is not available in the US, then chances are you are going to pay a premium anyway; that's the point.
I wasn't aware that we've already reached the end of 'work that needs to be done'.
Does this utopia come with four-day weekends?
Countries become wealthy because people in them work and make stuff. It's incredible to see people actively advocating for making their country poorer. "No, no, we have too many people working..."
An H1B is a three year visa. The new proclamation itself expires after a year unless it's renewed, but it didn't actually adjust any other rules of the visa to my knowledge.
So the one year seems to be the trial policy of the $100K, but it sounds like it's a single payment per visa, then normal visa policy comes into play.
> People truly good enough to get the employer to pony up $100K to pull them in -- presuming there isn't some kickback fraud happening -- will truly be the best of the best.
And what stops those people, best of the best, working somewhere else, with much better living standard(EU) ?
In the past, it's because of salary, but now, the 100k/year will either make company to lower their package, or try to extract much more from the employee.
> The only effect this is going to have is accelerating the offshoring of jobs through more hiring in India, Europe and Canada, which is a net loss for the US.
Offshoring can, and ought to be, heavily tariffed.
The tariffs are illegal and void. Even if it's implemented, how do you rise tariffs on intangible works? For the planned tariff, US consumers are the ones to bear the brunt of the costs.
> Even if it's implemented, how do you rise tariffs on intangible works?
If you are an American company (or a subsidiary thereof), and you have an employee resident in another country who does IT work, then you pay a tax to the US Treasury on that employee's salary. This tax can be varied depending on the country of the employee's residence.
Alternatively, if you pay OutsourceCo or whomever to provide you with IT services, then, depending on OutsourceCo's incorporated location, either you pay a tax on the services you buy from OutsourceCo, or OutsourceCo pays the tax on salaries just described.
All this can be avoided by hiring American workers, of whom there are many currently looking for work (mainly because of offshoring and immigration).
In this supposed competition with China, Trump is deeply dedicated to giving China every advantage possible.
From defunding science, fining the biggest universities, defunding green energy, making hiring ambitious foreign workers economically unfeasible, replacing technocratic administrators with incompetent lackies with quite literally zero experience, imposing inordinate tariffs ... It's just win after win for the CCP.
Sad that we're doing this. The United States couldn't compete and was a poor country with minimal scientific achievement until the H-1B visa was created in 1990.
Yes, but all these things will have bad long-term effects. The short-term effect would be payment into the federal budget and increase in local employment.
Even with tariffs, the initial effect was to increase purchases before the tariffs hit. Later the companies started eating from their margins instead of increasing prices right away. So it all resulted in increased economic activity and then increased tax payments into the federal government. However, because this is tax on consumption, it will eventually reduce business profits and personal wealth of the consumers. Meanwhile, Trump can claim that the economy is booming and he is collecting huge tax revenues without any negative effects.
Is it? $100k per hire isn't much of a cost to pay for large companies. Smaller companies may -- may -- end up having some trouble with this, but consider that $100k often amounts to less than a yearly base salary (and will pretty much always be less than a year of total comp/total employee cost), not to mention the costs of legal staff that they're already paying to deal with this stuff.
What this may do is cause some of the "body shop" consultancies to drop some of their "low end" business, so they'll focus more on targeting positions with higher salaries. That's... probably a good thing.
And yeah, we may see some higher rates of offshoring, but I don't think that will be significant. And I'm not even really convinced: offshoring is already possible, and in strict dollar terms is already cheaper than going through the H-1B process to bring someone to the US. If companies preferred offshoring, they'd be doing it; clearly the already-higher-cost H-1B program is still their preference.
I agree that this isn't going to fix the H-1B visa system, and is not a reform or even a particularly positive step toward a reform, but I think you're overestimating the negative impact. I really don't think this will change things much at all.
That's almost as much as the media H1B salary. It's a huge cost overhead. I don't understand how you can be dismissive of a number almost as high as hiring another engineer.
$100k for a startup is a no-go from the onset. This makes foreigners basically unhireable for startups, and probably shuts down founding startups as well?
That is, at most, less than half a million people in the field and the majority of those jobs aren't the ones looking for overseas hires anyway. If we take CompTIA's number of roughly 5M tech workers it's 140,000 people, not "literally millions."
Out of curiosity, why do you believe that's the case?
I think there are certainly abuses of the system, but we should be focusing on stamping out that abuse, not just generally "slowing it down". A $100k price tag is not going to affect abuse all that much; yes, it will make it less profitable, but probably not to the point where it will fix anything.
As a US-born citizen working in the US, I would rather work with a smart, motivated person from another country than a mediocre person from the US. The problem is that there are a lot of non-exceptional people being brought in on these visas, so let's focus on stopping that as much as we can. And while there are plenty of exceptional people who are US citizens, there are also many more who are mediocre or worse; we should be importing talent in order to raise that average.
I have personally witnessed it myself. I have countless Indian friend who are candid with me. They are biased against whole communities. Blacks, Muslims, etc.
> I have personally witnessed it myself. I have countless Indian friend who are candid with me. They are biased against whole communities. Blacks, Muslims, etc.
So are Americans. People are going to bring their biases. If you are serious about this, start vetting all immigrants about thier biases or racism. Are you saying Cubans or Latinos don't bring their own racism? Or other Europeans didn't do it? Why is this cherry-picking going on?
Isn't it the default human behavior? Pretty much everyone will be biased to hire from the same ethnicity, within same group, just because it's easy to communicate because of shared background.
As humans, Indian people are as great as any other humans. In my experience, though, first generation families from India and China practically tend to be quite insular socially. They hang out amongst themselves. Which, like, I don’t blame them for, if I were them I’d probably do it too, but it has a strongly detrimental impact on the social environment for people who aren’t in those groups. When a house goes to one of those groups, it feels as if it disappears from the neighborhood. If the flow is slow enough then they are in theory functionally forced to integrate socially with the existing inhabitants, but the flow is not slow.
And by the way, what reality do we live in that your local megacorp can decide to radically alter your population demographic and people support the megacorps ability to do that? There was no vote for the existing inhabitants about whether they wanted to take the trade off, the decision was made for them by businessmen. It’s pretty weird when you think about it.
American immigration has functioned this way for years. Where do you think Little Italy or the Greek sections of town originated? This is how immigrants have behaved for centuries, it's not exclusively a phenomenon among people of color. European immigrants did the same thing and continue to do so. If you mention a street name in NYC to some longtime New Yorkers, they can tell you which community or immigrant group is known to live in that area.
What ultimately matters is whether immigrants are law-abiding and contribute to the local economy. Indians rarely appear in crime statistics and generally comprise part of the highest-earning immigrant demographics.
You are essentially saying “this has been a problem for other people in the past also, so we cannot consider it a problem when it happens today”. That does not seem like a strong argument to me…
No I am basically saying it's human nature - sticking to their own group, having biases, being racist. You were trying to make it some kind of Indian trait. We can always try to fight against all the creeping racism and biases, legally and lawfully, without targeting certain group.
Suddenly every immigrant has to be this pristine model minority which has never been the case. That's why I gave those examples. People will find ways to target immigrants no matter what. This kind of narrative I see popping up everywhere where people don't like immigrants. This isn't even US specific.
The goalpost keeps shifting from legal, law-abiding immigrants to they better assimilate, say nothing bad or we are going to create policies which actively target some group based on how a particular government feels about them.
How was I trying to make it some kind of Indian thing? The topic is H1Bs, and this instance of the problem, which as you point out is general, involves Indians. It’s not as if I singled out Indians artificially.
I do separately think there is a risk that what worked reasonably well when combining all Europeans may not work when combining all humans. There is no historical example to look at to go “oh yeah that does work fine in the long run”. At a completely abstract level, what we have been doing since the ‘60s is an experiment (combine all humans) that is different from the one we started with on this continent (combine all Europeans). Just because the first one worked doesn’t mean the second one will, right? Even if we ran the first one again from scratch, maybe we got lucky the first time, for all we know maybe that scenario only succeeds 10% of the time. Should we be at all cautious here, or is this just terrible evil heresy talk?
Hahahaha. No, it's not weird. Good lord. It's not your town to decide.
I'm white as heck and have worked with plenty of first-generation Indians, and if you can't manage to make friends with at least one of them, it's a skill issue. The problem is you.
>The only effect this is going to have is accelerating the offshoring of jobs through more hiring in India
Such offshoring was possible before and after today.
Put another way, if all the H-1B jobs really can be offshored quickly and easily the way so many Indians and anti-Trump people here and elsewhere confidently predict, *that would have happened already*.
No, this is just another tariff. If it costs $200k/yr to employee an H1B Software Engineer, and you expect them to work for you for 3 years, it raises the cost of employment from $200k/yr to $233k/yr. It'll discourage people from applying on the margins, which will bring the application rate down and acceptance rate up.
> The only effect this is going to have is accelerating the offshoring of jobs through more hiring in India, Europe and Canada, which is a net loss for the US.
I’m honestly tired of hearing the argument “if we do X then business will move to another state or out of US”.
Good riddance to the companies that flee from jurisdictions enforcing workers rights, don’t allow exploitation, etc.
The most important thing is protecting people, not fearing the cries of money-making machines.
Particularly in tech, where the network effects and first mover advantages are so strong.
California could introduce a million dollar minimum wage for software engineers, ban electricity on Thursdays, raise corporate taxes to 60% and still probably have more new unicorns founded in the subsequent year than Europe.
The business must go where the talent pool is if the talent can't be brought to the money. This H1B change is intended to remove a sizable portion of the talent pool from the US, so companies will have to follow (and spend US investor money on wages abroad).
Google became a monopoly in search, advertising and various other things. It uses all of those to extract money from everyone, especially the advertisers with absolutely no accountability. All the large and small businesses have to jack up prices to make up for the money that Google extracts from them through those monopolies, and then reflect that expense on the consumer. Just go to reddits like r/ppc or r/googleads. Google became a company that single handedly amplifies inflation during its endless extraction of profit.
I think your phrase choice is also quite funny. Obviously a fact isn't physically stolen, it has been surveilled and sold to the highest bidder. Every fair chance a competitor had to offer you something better was taken from you, it just wasn't done in front of your face. And that data is becoming more and more valuable as we speak as all this AI data race heats up.
Google Adwords is quite literally using the data they have harvested from you and selling ad placements based on it to the highest bidder in its ad auction system. There was zero hyperbole in that statement.
Can you please be specific what I changed? I meant every single word exactly in the first post as in the second. Both are completely accurate. What exactly did I change with any substance?
You said the fact was sold to the highest bidder, which implies that they sell your data. Which is something that most people believe because people use language like you have. But it isn’t true.
The second time you were much more accurate. You wouldn’t have even had to restate it differently if the first time had been accurate.
"Oh, a company knows literally everything about me and clandestinely sells that information to the highest bidder in order to target every facet of my existence so that multinational conglomerations can extract every erg of value from every heartbeat of my existence, but that's cool because I also know that information"
It's basically a language quibble, that copying data is never "stealing", also in the copyright-violation context. I suppose they'd be happy with a rewording.
The PATH is great as Toronto has pretty variable weather and on a snowy or rainy day it sure beats being outside. One thing this article doesn't note is that post-pandemic half of it is empty. So many empty retail storefronts. There's still the assortment of Shoppers and various food courts and a handful of actual store under TD Place. But compared to a decade ago, it's so empty.
Stanford is skimming the absolute top students from around the world into its programs. There's more than enough capacity in US schools for the top 10% of US grad students and then the US gets the benefit of also getting the top 10% of other countries' grad students.
The explanation I've seen before is that it doesn't really matter for websites that don't _want_ anything from you. No credentials, no login forms, no text entry fields.
> The explanation I've seen before is that it doesn't really matter for websites that don't _want_ anything from you. No credentials, no login forms, no text entry fields.
Still worth creating a bit of a shield between you and the site to make it just hat much harder for anybody in the middle to inject anything / change anything.
Back before Lets Encrypt made it inexcusable to not have https, it was a common-ish prank to MITM all the HTTP traffic you could see and do something harmless like rotate images 180 degrees.
If the argument is that Lets Encrypt make its "inexcusable" to not have HTTPS, then Lets Encrypt effectively controls most of the domains on the internet
I am not sure what leads you to answer this way, but I assure you that HTTP, like any other unencrypted network traffic, does inherently allow undetected tampering by any middleman.
While it's highly unlikely that threat actors would be lurking in trusted networks and devices on such a network path, they definitely don't need to use shared WiFi or ARP spoofing if they have control of a core router or transmission line. That's the very essence of MITM attacks.
What leads people such as yourself to start a response this way? "I'll respond to you but first I'm going to feign ignorance of how you could even say that in a way that adds absolutely nothing to the discussion." I perceive this as exceptionally rude. Am I alone in that?
> does inherently allow undetected tampering by any middleman.
Yes. And did I describe methods by which you can hijack connections to /become/ the middleman? Perhaps you missed the subtle detail.
> That's the very essence of MITM attacks.
The popularized attacks you're describing became popular because they were done with the techniques I described in places like Starbucks and other businesses with open Wifi networks. Here it is, literally:
Well, I interpreted your reply as implying that the only vectors possible were shared WiFi or ARP spoofing. If you merely intended to offer two examples, then it makes more sense. But I am still not sure why your answers are so irrelevant!
So, I am still unsure that you are clued in here, because the article you have linked to has nothing at all to do with tampering in-flight TCP streams, only sniffing them. Perhaps you do not understand how these principles differ. This shared WiFi scenario certainly permits eavesdropping on unencrypted channels, and that’s a danger that’s distinct from actual MITM.
You claim we’re describing the same thing but we are not.
> did I describe methods
No, actually you didn’t — you named one vector and one mostly unrelated LAN attack. ARP spoofing may be a stepping stone, but not really central.
The attack you describe happens at the application layer, in fact. It doesn’t even need to use TCP. You’re simply stealing someone’s credentials and reusing them in a new browser session. There’s really no way to legitimately describe this as “MITM” — or “tampering” at all. [Your Wikipedia article does not use these terms.]
And in a typical Starbucks installation, nobody would realistically attempt to tamper with in-flight TCP streams. Because that attack would involve some elaborate setup, presenting a higher challenge than the Firesheep attack. I am sure you could explain and describe the former, if you understand the underlying principles.
No, the classic MITM attacks on http do involve neither WiFi nor ARP, but simply interposing malicious code somewhere else on-path. [Actually it is not necessarily malicious, because NAT gateways work by modifying TCP streams too!] That’s why a newer name is called “on-path attack”. And you seem to have omitted that scenario from your comments.
Yeah, I don't think it was people snooping on Facebook posts that caused the adoption of TLS at a widespread level. It was the fact that companies realized the NSA & their competitors would use it to attack them at every level.
You don't need ARP spoofing or anything like that to intercept a plaintext communication when you control the ISP
Yes, the IETF and Mozilla really put NSA in their place with SSL, but the publicized, primary reason for adoption was eCommerce.
As the NSF handed control of the backbone to Sprint and commerce was finally permitted, the vendors campaigned to secure http lest the consumer’s personal data and credit card details were snooped and scooped while in-flight.
The Internet was incubated in a high-trust environment and every collegiate sysadmin was secretly employed by the NSA (except for Chris Siebenmann who is a North Korean sleeper agent). Once they were able to receive paychecks from Jeff Bezos instead, they began installing malware on routers to replace porn with videos of dancing babies and kittens being totes adorbs.
SSL kept our credit cards safe from the NSA and our porn is no longer sponsored by the ASPCA. Whew.
Without TLS, sometimes still referred to as SSL, a webite's content can be modified by anyone controlling the network path. This includes ISPs and WiFi operators.
Sure, your website may have unimportant stuff on it that nobody relies on, but do you want visitors to see ads in your content that you didn't put there?
> Maybe there are edge cases associated with this?
Plenty. There are a lot of information-only websites where you might want to keep your visit to yourself.
To give an obvious example: some parts of the United States are trying very hard to make abortion impossible. The state government could mandate that ISPs MitM your traffic, and alert the police when you visit a website giving you information about the legal abortion clinics in a neighboring state. Guess you'll be getting a home visit...
The same is going to apply with looking up info on LGBT subjects, civil rights, Tiananmen Square, a religion not explicitly allowed by the state, whether Eurasia has always been at war with Oceania, and so on. Heck, even a seemingly innocent website visit could theoretically come back to haunt you years later. Just some bored scrolling on Wikipedia? Nope, you were planning a crime - why else were you reading pages about chemical warfare during WW I? That neighbor who died due to mixing bleach and ammonia was obviously murdered by you.
If it's unencrypted, you should assume it's being logged by someone nefarious. Are you still okay with it?
To be fair, TLS doesn't stop the authorities from performing dragnet searches. Just supeona Google for search keywords, mobile service providers for geofence data, DNS logs, IP logs from ISPs, etc. If that gives them enough for a warrant, they can get emails, SMS, browser history, account data, and detailed location logs. Not to mention license plate readers, surveillance cam footage and financial transactions.
It's honestly surprising that anyone gets away with any significant crimes, given just how much potential evidence is recorded.
Without TLS, people (service providers and intermediaries) can tell what pages I'm reading on your site. They can make the kind of inferences from these that get people convicted at trial.
TLS is more important on sites that are just serving information. It's easy to reconstruct your train of thought as you click around.
Librarians have fought (and lost) to defend our privacy to read.
In addition to what everyone else has said, having everything be encrypted means encryption isn't "special", there's no metadata that indicates that the communication contains secret data due to encryption. If people don't encrypt non-sensitive traffic, then sensitive traffic stands out. So there's a sort of civic duty element to enabling TLS (or using encrypted messaging, etc.).
The website might not be designed to have credentials or login forms, but now you have allowed attackers to place fake login forms on your website. And given the prevalence of password reuse for the general population, attackers can easily harvest real passwords this way.
Not to mention injected ads which used to be very common in the late 2000s.
I used to think that, but at this point the Internet is sufficiently hostile that it's everyone's responsibility to encrypt everything all the time to reduce the utility to bad actors to zero.
It's a little bit like using Tor for some of your ordinary browsing (which I do) so that spy agencies can't infer everyone using Tor is doing something wrong.
