Is there anything particularly special about his age to make such a big fuss about it? Sure, this thing is worth an article like that, but it's not the age that makes it remarkable. People this age can just be perfectly capable to do stuff like that. What would have changed in perception of this article if he was not 22, but 32 years old? Would it still be mentioned in the title?
Cybersecurity requires a level of expertise that is unexpected of a 22 year old.
Even if we imagine that 22 year olds are just as capable as 32 year olds, his young age would be statistically remarkable - considering the number of people over 22 working in cybersecurity, against the number of people under 22.
> Even if we imagine that 22 year olds are just as capable as 32 year olds
They might be as capable but 32 year olds have a 10-year head-start of academic and industry experience to from where to draw. Achieving something that others with all that additional academic and professional experience haven't is a huge feat.
I agree, but counterpoint is the younger will have fresh perspectives and fresh knowledge. It shouldn't be discounted how biases or not staying current (plus all the additional responsibilities/distractions in general acquired in those extra 10 years) can hinder creativity and freedom necessary for this accomplishment.
I know what you mean, but I subconsciously compare his achievements and obvious talent at that age to myself when I was his age - and he's light years ahead of where I was. Hence, I find it impressive full stop, but also impressive at his age when compared to myself.
Being young is often an advantage when finding something really elusive that is obvious with hindsight - I think Meltdown and at least Spectre 1 fall in this category. When you're older, you get influenced more by how things are meant to work, whereas when you're younger (or just new to an area), you make fewer assumptions. You ask the questions no-one else thought were worth asking, because the answer couldn't possibly be true - but then it is after all.
There's a pretty clear confirmation bias here though. The persons asking the questions no one else thinks worth asking which don't lead to major breakthroughs are just "stupid" or "lack experience".
We (as a collective society) seem to find excellence in youth 'staggering'.
I'm not sure if it's because we have a general perception that youth is when you should learn a thing, you then get a bit older and get good at it, then get a bit older and do great things with that ability, then sort of forget it all and be too old to be useful.
Experience and Chance.
Most people are still in college at that age and don't have years of experience in some particular field.
Also the older you are the more time you have had to discover something. Even if it's just by random luck you would have just had more time for it to happen.
22 is a golden age. Your brain is fully developed. You have probably 8-10 years experience already. And you have a lot of time. Then comes work, house, and kids, and you'll have to wait until you're 50 before getting productive again.
I find a lot of misplaced amazement here at numbers in general. He started by reading the manual, which was ONE THOUSAND PAGES!!! And found a vulnerability that affects a BEEELLION COMPUTERS!! And he's only TWENTY TWO YEARS OLD!!!
Reminds me of the TV news, where any time a number is mentioned, they emphasize the hell out of it like I'm supposed to be amazed!!!!! Do they train 'em in journalism school to do that?
Here I see a story of how someone with at least the minimum level of interest and thinking skills goes and RTFM, then thinks about how to exploit this one design feature (a decision essentially made once per chip design, not a beeeellion times), and finally through experimentation and persistence figures out how to do it.
Horn wasn’t looking to discover a major vulnerability in the world’s computer chips
Maybe that's why he was the first to find it. He was looking where nobody else had thought to look, and he just so happened to have the combination of knowledge and resources (edit: and talent) to find a flaw there.
>>"he just so happened to have the combination of knowledge"
He had found security glitches in his school's computers network as a kid. Also, he was hired by a security research firm while he was still an undergrad.
In addition to knowledge and resources, he also had the knack.
That's right, when you do that in the US in any school the on-site cops come and arrest you. Initiative, competence and creativity are as a rule not prized in American education, conformity and athletic prowess are.
In High school I discovered the admin's secret account password was "god". (1995 maybe? I was 15)
In college (1997? I was 17) I downloaded the source code of the unix client for back orifice. I read some of the source because I was interested in socket programming and reading Unix Network Programming. I compiled it, and deleted it without running it.
They were on edge because "god" from high school called to warn them about me.
It doesn't even have to be bad. I was very nearly kicked out of my middle school just for booting from (!) my own live Linux USB drive on a school computer.
In typical hackernews fashion, most of the comment (even the top comment) is someone downplaying someone else's brilliance.
Why cant you just be happy for the kid?
Some people are just plain better than you. And its OKAY. Most of us here are average, and will probably never see our own success story published like this. Kid has done and contributed so much at a young age. He's clearly way above average, judging from the reaction of his peers in the netsec community. His skills has benefited us all. His achievement should be celebrated, not met with bitterness.
He's brilliant; but it's not about the age. I'm in a similar position to him (working on a very senior position in a big enterprise even though I'm in my very early twenties, I'm even younger than him) and I can assure you people like us don't like others pointing out our age. Focus on our achievements, our knowledge and our experience.
I miss all the time I used to have to screw around with random things in my teens and early twenties. There's way too much adulting getting in the way as you get older...
> When a fellow researcher asked him about another possible aspect of processor design that might be vulnerable to attack, Horn said, with a brief-but-telling smile: "I’ve been wondering about it but I have not looked into it."
Anyone who was at RWC2018 who can tell us what this item was? Presumably it's too technical for bloomberg's readership and not secret.
