hacker news with inline top comments    .. more ..    11 Jun 2013 Ask
home   ask   best   6 years ago   
1
Can we please move on?
10 points by moelleren  50 minutes ago   5 comments top 3
1
mindcrime 39 minutes ago 0 replies      
It's getting a bit tiresome to read the same stories over and over about PRISM. Can we please move on and start sharing about entrepreneurship, strategy and business again?

Personally, I am somewhat heartened by the fact that this is remaining such a hot topic. I honestly thought it would have already faded as the "topic of the day" at HN by now, and to the public-at-large as well. But it's remaining in the news both here and in the general press, which suggests that more people do care about these issues than maybe my cynical side expected.

Alternatively it would be nice to see someone take action against PRISM. Less talking. More action.

Suggestions?

For my part, I donated $100.00 to the EFF a couple of days ago, and I just registered tricrypto.com, which I intend to use as the website for a new "Triangle Crypto" group here in the Raleigh / Durham (NC) area. The goal will be to engage in promotion, advocacy and education around the use of strong cryptography and related technologies, including Tor, I2P, GPG, SSL/TLS, etc.

Edit: For more information on "Triangle Crypto", see:

https://twitter.com/TriangleCrypto

2
adventured 39 minutes ago 1 reply      
Can we please move on after four or five days? One of the greatest violations of liberty in American history, that depends on the very technology we discuss here every day, utilizing our data, and using some of the most important companies in the tech sector. I don't think we should move on from that any time soon. Not to mention, the story is going to keep going and revealing more details. The discussion about encryption and privacy related to PRISM (and in general) is going to keep going, and it should, perpetually.
3
cryptoz 44 minutes ago 1 reply      
You have posted exactly nothing at all but complaints about PRISM. If you want to change the topic of discussion, do it. Start a new conversation.

No, I won't stop talking about PRISM. It, and all the recent and likely future revelations, impact entrepreneurship more than the vast majority of other news events today.

2
Ask HN: Can we have a discussion about Tor?
9 points by eof  1 hour ago   6 comments top 4
1
drostie 1 hour ago 1 reply      
You could potentially affiliate with social networks in such a way as to leave a clear fingerprint; that is, you could be, both in your 'anonymous' and 'real' life, the only person who connects 20 different social groups together. This could be as simple as quoting song lyrics. If you tried to deliberately avoid this, then you could potentially be identified simply based on that -- "these two people have too similar interests to not know each other" or so.

Your very manner of speaking can reveal a lot about you. I vaguely remember hearing a cold reader say something like, "the first thing I get to know about someone is their hands." Similarly, your word and spelling choices can inform others about your country of origin, and can potentially do much more than that.

Tor could have security issues, especially if you don't keep it up-to-date. Even if it doesn't have security issues, you could accidentally choose an entrance and exit node which are in cahoots and can thereby de-anonymize you. This applies less to hidden services, but still does apply. That is, the government could have compromised the hidden server, and thus might be able to correlate your activity.

Speaking of that, the times of day that you're active can already narrow down what countries you may live in, and may reveal roughly when you go to work and when you come back. So, for example, if you're using IRC over Tor, people could probably get a lot of information about you. Supposing that law enforcement has narrowed your real-life persona as a likely target, for example, they might just see if you join and part only when you're home.

If you were, say, browsing Hacker News or some other site, this could possibly be identified simply by looking at the size of the chunks of incoming traffic. This would be more and more common for larger and larger files -- I would not recommend downloading large videos over Tor, and images could probably offer a similar fingerprint.

You could use an insecure application over Tor -- sending BitTorrent tracker requests over Tor (while downloading in the clear) is one of the most common. So, if you tried to start up your IRC client before the Tor proxy was up, and your client happened to detect that its proxy wasn't working and tried to connect without one, that could compromise your identity pretty fast. For that matter, someone could potentially use an exploit against an out-of-date browser or operating system to turn on your webcam and take some pictures. For that matter, someone could hide a camera right behind you. You might consider only using Tor from within a bedsheet fort if you're suitably paranoid.

More realistically, the fact that you're using a bootable live distro could potentially be used to identify you; there aren't so many people doing that and your Referer string might well be unique. For that matter, the fonts installed on your machine might be probed and unique. It's worth checking this with EFF's Panopticlick. If your use of Tor hidden services reveals "he's a Welsh male Debian and Tor user who likes this obscure band," you might be identifiable solely based on that, and it's hard to be 100% sure that you have masked the fact that you are Welsh or male.

2
Tombar 1 hour ago 0 replies      
From http://grugq.github.io/blog/2013/06/10/good-luck-with-that/

The publicly available tools for making yourself anonymous and free from surveillance are woefully ineffective when faced with a nationstate adversary. We dont even know how flawed our mental model is, let alone what our counter-surveillance actions actually achieve. As an example, the Tor network has only 3000 nodes, of which 1000 are exit nodes. Over a 24hr time period a connection will use approximately 10% of those exit nodes (under the default settings). If I were a gambling man, Id wager money that there are at least 100 malicious Tor exit nodes doing passive monitoring. A nation state could double the number of Tor exit nodes for less than the cost of a smart bomb. A nation state can compromise enough ISPs to have monitoring capability over the majority of Tor entrance and exit nodes.

Other solutions are just as fragile, if not more so.

Basically, all I am trying to say is that the surveillance capability of the adversary (if you pick a nationstate for an adversary) exceeds the evasion capability of the existing public tools. And we dont even know what we should be doing to evade their surveillance.

3
bifrost 1 hour ago 0 replies      
Tor doesn't really help you a ton, but its useful for avoiding local surveilance. It doesn't help you a ton if you go to a known endpoint a lot. All you need to do is go to the known endpoint while not on Tor and you're revealed.

As for VPN providers, there are YC companies who do security so they're known and ideally trustable. Rather -> The chain of trust is easily verifiable.

4
mkautzm 1 hour ago 1 reply      
A lot of Tor is filed deeply in 'Internet Black Magic" for me, but my understanding of it is such that if someone who wants to identify you happens to have access to the exit node you are connected to, you can be identified.

That is about the best I can do.

I'm actually curious as to what others say about this as well though!

3
Ask HN: Is iOS 7 Beta reliable and stable enough to use on your primary phone?
5 points by awwstn  1 hour ago   4 comments top 4
1
alexgaribay 19 minutes ago 0 replies      
It has been working pretty well for me. I had an issue during install where I couldn't activate my phone. I had to restore back to iOS 6 and then "restore" from iTunes by selecting an upgrade file. It was a pain but it turned out okay.

As for bugs and such, I haven't encountered any that would stop me from using the beta or are frustrating. The only app I have right now that crashes on my is Google+.

2
martingordon 1 hour ago 0 replies      
I installed it on my old iPhone 4S. Battery life is atrocious (even with WiFi-only Airplane Mode enabled) and everything is choppy. I've had the phone reboot on me a few times. I've also read that Apple's Podcasts app doesn't work.

I can deal with all the other issues, but terrible battery life is a dealbreaker. I'll hold off putting it on my primary phone until it improves.

3
lsiunsuex 1 hour ago 0 replies      
Airdrop didn't work for me last night (to a new Macbook Pro) BUT I haven't installed the latest OS X update so maybe that was it. Weather app (built in) crashed on me. And the wife says eBay's app crashes on her.
4
glisom 1 hour ago 0 replies      
Minus a few apps, yes
4
Ask HN: Quis custodiet ipsos custodes? Who is at the top of the NSA's programs?
3 points by pkfrank  1 hour ago   discuss
5
Ask HN: Should there be a Hippocratic oath for Programmers?
13 points by martingoodson  6 hours ago   9 comments top 8
1
brudgers 5 hours ago 0 replies      
So logically we have a function:

  f(oath)-->Binding
Such that

  f(privacyOath)-->privacyOathBinding
And

  f(loyaltyOath)-->loyaltyOathBinding
Maybe I am just not sold on the whole oath thing. Doctors are regulated not by oaths but through licensure. Licensing of computer programmers is a possible future state of affairs with more likelihood than might currently be obvious without looking at historical precedent - e.g. local governments often license all businesses, other professions become licensed as they mature, and as PRISM shows, governments have an interest in the products of programming. The future may inherit more from North Korea than we wish to consider.

2
HeyLaughingBoy 26 minutes ago 0 replies      
ACM (Association for Computing Machinery) has had a Code of Ethics for a long time. http://www.computer.org/portal/web/certification/resources/c...
3
dragonwriter 3 hours ago 0 replies      
Professional organizations and codes of professional standards (including ethical standards, standards for continuing education, etc.) may be valuable.

An analog to the Hippocratic oath (an oath which is not taken generally in any consistent form [1], which has no binding force, and the form of which that is administered is generally maintained and decided on by individual educational institutions rather than the practicing community), probably not useful.

[1] http://en.wikipedia.org/wiki/Hippocratic_Oath#Modern_use_and...

4
w_t_payne 4 hours ago 0 replies      
Given the evident political power granted by technology, I can see (a somewhat sinister) argument for restricting access to technical knowledge and capabilities. Perhaps a government license required to use a compiler or interpreter? A professional body to restrict access to the profession and bump up salaries for programmers? (And also control them at the same time). Programmers would become a lot like lawyers - privileged, but essentially trapped and under the control of the state (similar personality types & skill-sets required anyway).
5
marquis 5 hours ago 0 replies      
Doctors take the oath generally upon graduation from medical school. There isn't any regulatory body - unless you make it mandatory to pay EFF dues there is no body to regulate the oath-taking.
6
terrykohla 5 hours ago 1 reply      
"an ethical oath"??? I don't think there is such a thing. What may appear unethical to you may seem ethical to another.

Everybody will find justification for their actions as unethical as they may seem to you.

7
kevinchau 6 hours ago 0 replies      
With how connected we are and how empowered developers and programmers are today. I see many reasons that point to yes.
8
Ziomislaw 4 hours ago 0 replies      
you don't need an oath for that, being a decent human being already covers it.
6
Ask HN: Have the terrorists won?
12 points by l33tbro  15 hours ago   5 comments top 4
1
fexl 15 hours ago 0 replies      
It amazes me that an attack which cost only a few hundred thousand dollars could provoke a decade of mass paranoia, a widely applauded loss of freedom, trillions of dollars in wasted wealth, billions of hours of wasted time, and many thousands of deaths.

So, yes to more freedom, and please refuse to be terrorized https://www.schneier.com/essay-124.html . Freedom is the absence of coercion, and that is all the security I care to have. The chance of being murdered by a politically motivated hot-head is so low that it doesn't even register on my list of concerns.

2
sixQuarks 2 hours ago 0 replies      
Yes, absolutely the terrorists are winning. This was their plan all along. As Dan Carlin (common sense, hardcore history podcasts) says, the terrorists are trying to be like annoying fleas on a dog. They want the dog to bite itself to pieces. Their plan is working flawlessly - and so quickly, it's scary.

There are nearly 40,000 drunk driving deaths per year. If we are willing to give up privacy for security, why aren't there DUI checks on every onramp? Drunk driving kills more people than terrorism by orders of magnitude.

3
crispycret 15 hours ago 1 reply      
"You heretic of the great states of America, you doubt our leaders? The very men that lead our children through education, a no child left behind policy. Or the war to protect our freedom from Iraq an Afghanistan how can these men terrorize America, and to say they surrender to Al-Qada, how dare you!" - A likely response from about 70% of America(a guess based off no statistics)

Too bad the statement above confuses me!That's the exact reason why they commit domestic terrorism... ahh the irony!

It will make for a good story in the future called "The Fall of Advance Humans". It shall be a mere legend as near primitive people will wonder, how this advanced world could destroy itself.

Then 1000 years later, history would have been repeated, and there will be a legend called "The Fall of the Advanced Humans, That Once Wondered How an Advanced World could destroy itself... They found the answer"... etc.

sorry for the rambling. I like your post though I agree 100% that PRISM is an act of terrorism on our freedoms.

They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin

4
stray 12 hours ago 0 replies      
The terrorists had won the moment the "PATRIOT" act came onto being.
7
Keep the NSA out of WebRTC
236 points by nullc  3 days ago   16 comments top 7
1
nullc 3 days ago 1 reply      
Sorry for the wall of text. I think this is a place where the people on Hacker News can actually _do something_ about the surveillance.

But bringing in a bunch of unformed yelling people into the IETF won't help. Bringing in a bunch of concerned but informed people _can_ make a difference. But like most things that make a difference it will take a bit more of your time than just clicking a form.

2
comex 3 days ago 1 reply      
This is silly and trying to tie it into the recent NSA revelations is disingenuous. SDES:

(a) will not be enabled by default; the developer would have to enable it explicitly?* ;

(b) is mainly intended for compatibility with existing SIP systems rather than new applications, and

(c) is no worse against an attack with even a slight level of detectability, where the server can do whatever kind of interception it wants by modifying the page JavaScript. (The exception is browser extensions.)

* I am not sure if this is actually true; the SDES draft's statement that users of SDES "can be informed of the necessary precautions" suggests that it is, but the problems draft suggests a downgrade attack, and both are somewhat confusing. I would try to figure it out for myself, but WebRTC is one of the most complicated standards I have ever even begun to understand. In any case, if it's possible for a webapp to end up using SDES without explicitly enabling it, that is a bug and should be fixed. There would probably be more productive ways to go about this than posting on HN about the NSA taking over WebRTC.

3
jokoon 3 days ago 2 replies      
I never thought some technology standard could be lobbied by something like the NSA.

I mean most devs right now are doing web apps in JS, so obviously if you manage to restraint browsers from being able to do simple simple, raw p2p, you've won another battle against the making of a tech like bittorrent.

I so wish bittorrent inc could pick up on that... The web is not secure, but p2p networks are much more. Someone really have to make p2p networks more accessible and more functional for tech unsavvy people. Bittorrent sync already makes a great job at that, but that's not really enough, it's just files, not discussion groups or private messages.

Why not starting with just a anonymous p2p discussion system, without moderation or identification ? 4chan works that way, and they manage it pretty well, doesn't seem to bother many people. I emphasis on the without moderation or identification, because I guess there will be security flaws allowing to thwart messages.

Any reflexion on such systems ?

4
rdl 3 days ago 1 reply      
I'm like 19033349x more concerned about CALEA in WebRTC than anything with the NSA. My concern would be WebRTC configured in a way to be construed as an "interconnected voice system".

If you're ruled to need to comply with CALEA, and don't, you're shut down.

5
st3fan 3 days ago 1 reply      
"With DTLS-SRTP content interception will always be _possible_ to detect (e.g. by comparing session IDs) and when coupled with something like Persona (BrowserID) MITM becomes infesable."

I don't think this is correct.

1) interception is usually about passively recording something. It is totally possible for some party to intercept a DTLD-SRTP session without being noticed. The session would just be encrypted. So it depends on how much CPU power or knowledge about crypto or protocol vulnerabilities the attacker has to turn that intercepted encrypted session into something useable.

2) Persona does not prevent against MITM. It operates at a completely different level. At is basics it is just a mechanism to get a verified email address from a user.

You are correct about SDES and signaling servers. Unfortunately you always need someone in the middle because even in 2013 probably 99.9% of 'things' on the internet are behind NAT.

There are probably secure options to encrypt the SDES before it goes via the signaling server but nobody has really explored that fully.

6
erbbysam 3 days ago 0 replies      
Probably limited to webrtc datachannel only, but as a developer, you could add in a JS OTR implementation - https://github.com/arlolra/otr
8
Ask HN: Post PRISM - Any companies considering moving their data overseas?
10 points by tamersalama  1 day ago   4 comments top 4
1
lawnchair_larry 1 day ago 0 replies      
To where? Anything overseas is stated as fair game for the NSA. They at least pretend to not watch American activity. Any other country will cave to US pressure if they want your data, and of the countries that don't like the US and still have a decent internet connection, they'll probably do worse spying of their own.
2
marquis 1 day ago 0 replies      
The main issue is latency and cost. Try browsing the internet from New Zealand or Australia for a few weeks: you really notice the difference of being another 150-200ms away from servers in the U.S. If you'd like to host in those countries directly you'll be subject to higher bandwidth costs.
3
jayfuerstenberg 1 day ago 0 replies      
I've always been surprised so many companies have their servers based in the USA.

Iceland seems a safer place to me from a democracy standpoint.

4
bifrost 1 day ago 0 replies      
I work with companies that do this pretty regularly due to other regulatory issues. The problem involves how poor data privacy laws are in other countries, in some places data is more illegal than others, and then how its accessed from the US. Sometimes you're not better off in other countries anyways.

Right now the problem is "the cloud" not the country for the US anyways...

9
Ask HN: Alternatives to HN
186 points by klrr  5 days ago   167 comments top 4
1
mindcrime 5 days ago 4 replies      
Slashdot, if you don't mind a heavy dose of Internet Meme along with your Interesting Discussion.

There are also sites which focus more on specific topics... if you're into server-side Java stuff, there's http://theserverside.com, if you're into programming language research, there's http://lambda-the-ultimate.org, etc., etc.

And a lot of the more niche subreddits are actually pretty good. Stay away from /r/funny, /r/politics and the other "big" ones and check out /r/machinelearning, /r/compsci, /r/systems, /r/math, or /r/compscipapers, etc.

2
mmahemoff 5 days ago 1 reply      
The Google Plus Hacker News community is a good supplement, which has 55K members. (I'm a moderator.)https://plus.google.com/communities/104388679763490357266

There are some other worthwhile tech communities on G+ - just visit https://plus.google.com/communities and do some searches, e.g. for your favorite programming language, platform, or framework.

3
jacquesm 5 days ago 6 replies      
http://www.reddit.com/r/programming/

And many other subreddits besides.

4
tezza 5 days ago  replies      
https://lobste.rs/ - I am not a member, but it looks very similar
10
Ask HN: Coders:Do you create your own graphics/icons, and how did you learn?
5 points by marcosscriven  1 day ago   6 comments top 4
1
krapp 1 day ago 0 replies      
I had an art degree and a bit of work designing logos for various projects before I got into coding, so at least for me, the process was reversed.

I'd suggest doing some tutorials on http://psd.tutsplus.com/ maybe, though I don't like how hard they're pushing premium content now, and I more or less deleted my own account in disgust after their passwords were dumped, I found them to be a pretty good resource.

2
jhacks 1 day ago 1 reply      
I personally do. However, I haven't been coding for decades. I learned just for my startup and mainly deal with frontend with my co-founder on backend. Still, it wasn't necessary for me to create icons. It is nice to know though. Plus, I enjoy design. I would DL inkscape (unless you have adobe illustrator) and get svg files of icons you like. See how they have done it. Most icons are very simple shapes. I personally think they are more effective when bare and simple. Its as simple as just drawing and connecting lines. Smoothing edges. And most of it is actually fairly precise / logical and.less artistic (I.e. no need to learn to draw). With time you'll get better. And you can create cooler and more complex icons, logos, and so on.
3
xauronx 1 day ago 1 reply      
I used to try to do that stuff, but it really is truly the definition of a waste your time. I mean, doing it once to get appreciation for the experts, and to justify the value of those things is worth it. But continuing to blast your head against the wall ends up being pretty worthless.

With the availability of Glyphicons, or FontAwesome, or the numerous cheap assets you can buy it doesn't make much sense to spend your time on an area you're not proficient in. (Unless you want to become a designer?)

4
ScottWhigham 1 day ago 0 replies      
Yeah, I do all of that stuff. I started doing it initially because I couldn't really afford to pay someone to do all of it. Bought a book, got a copy of PS, and away we go. I'm not a good designer - very poor actually. I make up for it by going to Shutterstock 1x every 3-4 years, buying a monthly membership, and downloading 400-600 stock illustrations and graphics. I then take those and convert them to my needs. It's not great but it works "good enough".
11
Ask HN: How can I see top HN posts Not about NSA/PRISM?
37 points by porker  2 days ago   7 comments top 5
1
aaronbrethorst 2 days ago 0 replies      
Here's a Safari extension for blocking Bitcoin articles. You can easily modify it to block your keywords of choice. There's also a link in there to a similar Chrome extension.

https://github.com/aaronbrethorst/NoBitcoin

2
raquo 2 days ago 2 replies      
Pardon the UI, it's one of my old projects, but it's useful in this case http://hnapp.com/filter/bb4abe7a00d09a35b95c6763f09c0cfb

If you want to edit the filter 1) change parameters, 2) click preview to see new filtered results, 3) click save to get a link to the new filter.

3
seiji 2 days ago 0 replies      
I've got a handy HN filter site: http://diff.biz/?remove=(nsa|prism|privacy|crunch)&only-show...

Update the removal list in the URL as necessary (or go to http://diff.biz for an old default removal list).

My site has been dead for a while (I think crawlers are crawling my site causing it to hit HN, but then HN blocks me due to over requesting), but I unblocked it today. We'll see how long it lasts.

4
CodeFoo 2 days ago 0 replies      
Here's a bookmarklet I wrote real quick to filter/highlight keyword-based articles:https://news.ycombinator.com/item?id=5846934
5
ishener 2 days ago 0 replies      
couldn't agree more...
12
Ask HN: What's the best N/USA-free computing setup?
6 points by freedomback  1 day ago   2 comments top 2
1
UnoriginalGuy 1 day ago 0 replies      
No such thing.

You connect to the internet you're going through the USA even if the company you're dealing with is based in some other place. For example, I just ran a tracert on a connection to a college located in the same city I am in, it goes through New York State before hitting a data centre in the UK.

You can install Ubuntu, use AOSP on your phone, and use Firefox for your browser. But as soon as you connect to any service, including Hacker News, there is a good chance you're being spied upon.

If you want to avoid the dragnet then I'd stick to obscure sites and services (i.e. smaller providers) since the NSA likely hasn't taken the time to spy on each and every one. Also online game's interplay chat might be somewhat spy free (relative to other IM services anyway).

2
halfpipe 1 day ago 0 replies      
I'd guess it'd be an idea to never publish yours or a family members name, address or any other personal information to any website or sign up form. Ever.

Then use some form of anonymous payment for anything you buy.

Ensure all of your browsing is done through Tor and/or a VPN.

Don't cache anything, just in case you get raided.

Also, always use a PC in the dark. It works. Trust me.

13
Ask HN: Backdoors everywhere?
2 points by EFruit  18 hours ago   discuss
14
Ask HN: Can we still trust SHA-1 and SHA-2 created by NSA?
6 points by theboywho  1 day ago   11 comments top 7
1
lmm 1 day ago 0 replies      
Yes (at least, as much as we could before; SHA1 in particular has been showing weaknesses). They are still the hash functions that have had the most attention from the academic community, and so far no workable attacks have been found.
2
venomsnake 1 day ago 0 replies      
As much as you could trust them 5 days ago.

While SHA-1 should not be trusted too much because it has shown possible theoretical attacks SHA-2 still holds. Also these kind of things are IP - there are a lot of eyeballs and scrutiny going on.

There is much bigger chance of fraked up implementation that will make it insecure than the theory - there are a lot of independent researchers that have scrutinized them quite a bit. And while I am sure NSA employs a lot of very capable people they do not hold monopoly on world class cryptographers.

3
tptacek 1 day ago 0 replies      
Yes, but you shouldn't anyways; SHA-2 is inferior to SHA-3.

SHA-3 is the product of a peer-reviewed cryptographic contest.

4
ig1 1 day ago 1 reply      
SHA-1 should be assumed to be broken in any case.

The Flame malware was distributed using a fake certificate that was generated via a brand new (publicly unknown) chosen prefix collision technique against SHA-1.

5
EthanHeilman 1 day ago 0 replies      
Why not use Keccak/SHA-3 instead, it was developed in an open competition run by NIST with some NSA involvement.

http://en.wikipedia.org/wiki/SHA-3

6
jayfuerstenberg 1 day ago 1 reply      
BCrypt is superior to the SHA family of hash algorithms.

That should be reason enough not to use SHA.

7
isaacb 1 day ago 0 replies      
These aren't closed algorithms. They are well understood and explored in-depth by the academic community.
15
Ask HN: Useful services for static websites
6 points by dsirijus  2 days ago   4 comments top 3
1
gee_totes 2 days ago 0 replies      
Maybe outsourcing forums to http://moot.it?
2
rgbrgb 2 days ago 1 reply      
I don't think you'd want to host your static website on a low cost VPS. S3/CloudFlare will be cheaper and more reliable.
3
rsamvit 2 days ago 0 replies      
You can get some pretty cool stuff done with firebase. Its not really providing a service though.off the top of my head I've used Disqus, Facebook pages, and all kinds of social buttons
16
Ask HN: Good design critiquing sites?
5 points by jmduke  2 days ago   3 comments top 3
1
diggan 2 days ago 0 replies      
Behance is a portfolio/showcase-site where you can show your work and other people can comment on the things you post

http://www.behance.net/

2
17
Ask HN: what projects are you working on?
29 points by basdevries  5 days ago   37 comments top 25
1
zedw 45 minutes ago 0 replies      
I am working on a P2P network based around Kademlia. I have not got very far mostly due to lack of time and knowledge, but I keep going with it when I can.

https://github.com/zwerfvogel/Mimosa

2
stevekemp 5 days ago 1 reply      
I'm working on a modal, console-based, email-client. It's developed in C++ and has fully integrated scripting provided via lua.

http://lumail.org/

https://github.com/skx/lumail/

It is pretty different from the existing mail clients for the console (pine, alpine, mutt, sup, notmuch), partly for being modal, and partly because it only handles Maildirs. No IMAP or POP3 support at all.

In terms of functionality it is usable for sending, processing, and receiving emails. But there is still missing support for attachments.

3
neilxdsouza 4 days ago 0 replies      
I am working on a survey programming and cross tabulation engine. It's open source hosted here:http://sourceforge.net/projects/xtcc

There are 2 versions of the Survey compiler, one in production use and a newer version in advanced prototype targeted at tablets etc. The production use compiler is targeted at India and the Middle East and anywhere else where you do Market Research using Pen and Paper format. It can generate outputs for IBM SPSS-Quantum (a specialised software for data processing) and SPSS and and my own cross tabulation engine, described below. Our current offering to clients is a potential 70% speedup in data processing using our system for Pen and Paper data entry.

The cross tabulation engine is on similar lines to IBM SPSS-Quantum but removes many limitations and is potentially much faster. I tested it on 1 million records - each record had about 64000 conditions, it was able to process the data in 20 seconds (I tried this after seeing Evan Miller's post on HN and someone asked about how fast his software was on 10 million records). I compile the input programs to simple C++ fixed size arrays and data is stored on disk as a flat file, fixed length per record. I have been experimenting with sse instructions - there is a lot of potential for further speed improvement.

This is a git repository, active branches are:nc - this is a stable version of the compiler, but uses ncurses and

web-questionnaire-2: this is the new survey compiler

   Active GUIs/Framewors we can compile to are :   1. gtk   2. wxWidgets   3. webtoolkit   I have also separated out the runtime environment so that we can compile with emscripten   Using this, we can compile with     1. Dojo, ExtJs    2. DojoMobile - I could not get Sench Touch to work.
web-randomizer: this is a branch for a randomization grammar

rdg: this is a branch for a Random Data generator. This was used to generate the 1 million records for my testing. I was able to get it to go at a speed of about 170 records a second.

If anyone is interested in playing with it, please write to me - my email should be all over the source code. We are also looking to make a business out of this (I have 2 friends and family investors).

4
goo 5 days ago 0 replies      
Working on Zoomforth, helping companies collect, manage and display video from their employees and partners.

https://zoomforth.com

5
helen842000 5 days ago 2 replies      
I've been working on http://www.postalcandy.co.uk - it was an MVP test for two weeks. It has been an idea I kept coming back to for a while now. I really want to sell a fun product.

While it's just basic technically, I've learned a lot about A/B testing & driving traffic.

Have taken the first few orders which is proof of concept! Currently working on the next version, integrating more product images & branding too.

Also I work on http://foundcamera.com - it gets quite a bit of natural traffic & submissions are backing up. Could do with some php help if anyone needs a weekend gig!

6
mast 5 days ago 1 reply      
I made a tool (http://complex-area-calculator.appspot.com) for calculating areas of polygons. Initially, it was really just cobbled together and there are a lot of problems with the code. I'm currently in the process of a re-write, but by blog (http://foodconstrued.com) also takes up a lot of my time.
7
hbien 5 days ago 1 reply      
I've been working on a console Pomodoro timer: http://thymerb.com

There were already a few around, this was for fun and I wanted one with easy pre/post hooks.

8
wturner 5 days ago 0 replies      
I'm working on a very simple and inane tool that block diagrams my code with cables so I can write programs visually. It doesn't compile or run any of it, it's just a visual tool. It's a mashup of two JQuery libraries: JsPlumb and Jquery TE. I also have an idea for a very large meteor.js/Web Audio API project that I am gradually piecing my way towards with small one-off do-dads like this: http://helpknow.com/portfolio/drumapp/
9
danielhughes 4 days ago 0 replies      
Just launched http://www.babelmatch.com. It's a crowd-sourced alternative to language-learning programs like Rosetta Stone.
10
pkinsky 5 days ago 0 replies      
I've built a tool to create arbitrary rigid 3D surfaces and support structures from laser-cut-and-perforated folded tyvek panels. It's probably never going to be commercialized, but it is fun to tinker with.

The use case is 3d shapes where the volume makes 3d printing cost-prohibitive, for example this 4 foot long tyvek dolphin: https://plus.google.com/u/0/photos/102064314320177820526/alb...

If you're in boston, stop by the collision19 show for a look: http://collisioncollective.org/show/collision19

11
bjoerns 5 days ago 1 reply      
I'm working on a revision control system for spreadsheets (http://www.spreadgit.com) so people can sort out their Excel mess, ie. track changes, diff and eventually merge versions like you'd do with code.
12
kkoppenhaver 4 days ago 0 replies      
Just launched subtleshade.com to help my learn about all this cool new HTML/CSS stuff I keep hearing about! Design and cross-browser support is sketchy at the moment, but it's a v1.0.

EDIT: Should probably provide some more information. It's a easy way to add colors to the patterns provided on subtlepatterns.com without having to dive into Photoshop.

13
yen223 5 days ago 0 replies      
I'm currently trying to teach myself web development by building a simple wedding organizing app. Still in its early stages though, nothing to show for it yet.
14
jamesjguthrie 5 days ago 0 replies      
I'm working on a few things:

A 32 channel data logger, driver communication and information aid for motorsport and automotive testing

A kids education app with a Scottish 'teacher' character - this will hopefully be uploaded for App Store approval this weekend

and I have a few client projects on the go

15
ThaiWood 4 days ago 0 replies      
I'm currently writing Ruby For System Administrators at http://ruby.elevatedintel.com A book that helps SysAdmins become more productive and repeat themselves less using Ruby.
16
joshcrowder 5 days ago 1 reply      
Nice idea for a thread!

I'm working on a new project management tool called Matterhorn.io its for companies who are design led and follow agile for development.

There are a million and one project management apps but none of them are a fit for us, we like basecamp but need a scrumboard, we like jira but find its too complicated. We are building a happy medium

17
jlengrand 5 days ago 0 replies      
I am currently working on a simple way to share spotify tracks so that anyone can listen to them (and not only spotify users). The core is finished for a while, but I struggle with the design! Man it's hard to make something look nice
18
huseyinyilmaz 5 days ago 0 replies      
https://github.com/huseyinyilmaz/talkybee . I haven't work on it lately due to a class I am taking on coursera. But I will finish is as soon as I am done with the class I am taking.
19
phdtree 4 days ago 0 replies      
http://phdtree.org is a Wiki site that allows users to create & edit their academic family tree.
20
stuglaser 4 days ago 0 replies      
I'm reimplementing Go-style channels in Python, including multiplexing:

https://github.com/stuglaser/pychan

21
markwillis82 5 days ago 1 reply      
My pet project at the moment is programmatic battleships. Write your own client - play against other users running automatic games and see how we'll your client fairs up in the leaderboard
22
stevoo 5 days ago 0 replies      
I am currently working on creating a p0rn site ( there are some money there, but it is hard to implement ) as well as a photographer site
23
flipcoder 5 days ago 1 reply      
p2p file transfer tool w/ some cool features like auto-accept rules, tag-based (semantic fs) syncing

http://deployanything.com (win,mac,lin + pi)

Tech: C++11, Qt, node.js

:)

24
boulem 5 days ago 0 replies      
personally i work on making a little java ide using javafx
25
dmitripopov_com 5 days ago 0 replies      
I am working on my own help authoring tool "with blackjack and hookers" :) It has a cool name: Helpinator.
18
Ask HN: Best progressive way to learn web development
11 points by hiteshtr  5 days ago   9 comments top 4
1
brianchu 5 days ago 2 replies      
For each step build 1-2 basic apps. (Basic app = 1-3 days of work).

Basic HTML + CSS (don't spend too much time here) + skim the Bootstrap docs (you should use Bootstrap for everything after this).

Basic JS. Go deeply into JS (inheritance, etc) if you want to do rich client-side front-end JS or Node.js (more on that choice later); otherwise that is unnecessary.

jQuery. Also learn to use AJAX with jQuery (and learn about REST/HTTP).

Basic SQL and setting up your own schemas (set up tables in the command line interface for MySQL/PostgreSQL/SQLite). I recommend Postgres.

Now pick one of 3 web backend ecosystems: Ruby, Python, or Node; and learn the language. Pick Ruby or Python if you already know one of them. Pick Node if you want to make real-time and concurrent apps or don't want to learn another language (I'm talking true realtime - i.e. collaboration tools, chat, dispatch systems, etc). Pick Python if you want to integrate machine learning/data analysis/natural language processing into your app. Otherwise, pick Ruby (best job prospects, biggest web development ecosystem).

For Ruby, start with Sinatra. For Python, Flask. For Node, use raw Node, and then use Express. Use raw SQL, then try an ORM (ActiveRecord, SQLAlchemy, Sequelize).

Optional: Rails, Django, or Meteor. (Meteor is not really comparable. It's very immature/bleeding edge and has a different use case. I put it there because it's the most popular full-stack big JS framework). I say optional because there are essentially two models for web development: server-centric (everything rendered on server and served), or api-client-side-centric (server = API, browser/mobile app = rich client side). For server-centric development you'll want to learn Rails/Django. For rich client you can stick with Sinatra/Flask (Meteor would be rich client, though).

If you do go the rich-client route, do a little Backbone. I personally never liked Backbone; if you also dislike Backbone, consider AngularJS or Ember (AngularJS is what I'm using now).

With this broad foundation, start with a longer-term project idea and build out its entire stack.

Some topics to explore after you've gotten a foundation: MongoDB/NoSQL, regular expressions, advanced CSS3, advanced HTML5 features, dev ops, socket.io (for Node), promises/fibers (for Node), CSS pre-processors, CoffeScript, d3 (front-end JS).

EDIT:

REST and ORM are merely concepts. You will learn what an ORM is by the process of first learning SQL, and comparing that to your experience with using ActiveRecord/Sequelize/SQLAlchemy. You can simply google "What is REST?", or "REST API tutorial."

As to your questions about Foundation and Go: what I've proscribed here is a foundation. Not a definite, set-in-stone path. There is certainly a lot of buzz around Go. Yet the question is not whether you should learn Go. The question is whether you, as a beginner, should learn Go now. Go is bleeding-edge and highly immature (in terms of the ecosystem). It is not something you should tackle first. As for the Foundation vs. Bootstrap debate, the reason I mention Bootstrap is because it is more or less the de-facto standard HTML/CSS framework. But ultimately it doesn't matter which you pick. I've never used Foundation but I could read the docs in an hour. This is the least of your worries. Just pick one and go with it. Baby steps.

2
porter 5 days ago 1 reply      
Come up with an idea for a web app and struggle to build it. You'll learn what you need to know as you go along, plus a lot more.
3
tmandarano 5 days ago 1 reply      
Treehouse, Codecademy, and Coursera are great tools to teach fundamentals. Books can be good. There are screencasts that can be helpful as well.

Disclosure: I work at Code Fellows.

4
equilibrium 5 days ago 0 replies      
here's a good list of resources http://prework.flatironschool.com/
19
Ask HN: The government has been exposed now what?
12 points by esalazar  4 days ago   19 comments top 4
1
kunai 4 days ago 1 reply      
We cannot. Ultimately, it boils down to the sheer audacity of the government and the fearful (and sometimes, falsely patriotic) apathy of our fellow citizens. We here on Hacker News are progessives who believe in liberty, freedom, choice, and equality for everyone.

Unfortunately, outside of our little bubble here online, the rest of the world is not the same. There are still millions of citizens, blissfully unaware, perhaps due to either ignorance or fear. Our job now is to educate these people and teach them that the government is an entity to be trusted no longer. No longer will elections entail cheering on corrupt candidates who break promises regardless of the political side they take. No longer will our citizens stand helpless as the entrenchment of totalitarianism continues perpetually. No longer will we be a slave to the whims and fancies of our government.

It's time the government worked for us. I think the bozos in command have all but forgotten that they are nothing but LOWLY SERVANTS, not saints who can deliver promises and change set upon a lie. We need to change that. Call your senator. Email your legislature. Tell them your utter dissatisfaction with this issue. Tell your relatives. If they say they don't care, follow them around everything they do and ask if they like that. If they don't, tell them this is what the government is secretly doing. If they still don't, repeat.

Tell your friends, your relatives, your brothers and sisters, to stand up to the oppressive government. Don't be hotheaded; now is not the time for mercurial emotion. Now is the time for reason. If your congresspeople cooperate, good. If they brush you off, say "fuck you" and hang up (I'm being blunt here), and vote for a third-party candidate the next time round.

We can make a difference. We will defeat the Empire, the evil, dark Empire founded by a father whose progeny has gone to the dark side.

Let's do this shit.

2
tokenadult 4 days ago 0 replies      
There is a model for people winning freedom when they never had it before. It has been applied in some countries. It takes courage and solidarity, but people power can gain freedom. The most thoughtful writer on the model that works is Gene Glass of the Albert Einstein Institute. The institute has several different publications available for free download in multiple languages,

http://www.aeinstein.org/organizationsde07.html

among which I especially recommend From Dictatorship to Democracy: A Conceptual Framework for Liberation

http://www.aeinstein.org/organizations/org/FDTD.pdf

as a how-to guide for gaining freedom even when the dictators are willing to torture and kill to limit freedom. (I have seen one country make a successful transition from dictatorship to democracy largely by following this conceptual framework.)

3
joonix 4 days ago 0 replies      
What most people are missing here is that the average American a) doesn't care b) doesn't actually know what their rights are c) is happy to allow this in the name of "anti-terrorism."

Seriously, step away from the internet/reddit/HN/blogs and go out on the street and talk to an average Joe/Jane about where this ranks on their priorities.

People who think there will be a "revolution" over something like this are seriously misguided. Revolutions happen when people are hungry. The average American is not starving and will never be rioting in the streets over phone records.

4
Duhveed 4 days ago 0 replies      
They've got the will and the power to do these things and frankly there's probably not much we can do about it. The key thing to do is to realize that the Constitution was the mistake that gave them their power. When they collapse under their own weight, remember the lesson and start listening to the folks with the ideas about how to provide services to the community (roads, security, etc.) without a government to manage it and without waiving your property rights in the process.
20
If spying on citizens was a business
3 points by clubhi  3 days ago   1 comment top
1
cheeseprocedure 2 days ago 0 replies      
Sadly, it is a business, and it's become an entrenched part of the political landscape. It's hard to read "Top Secret America" [1] and not come to that conclusion.

A lack of transparency for intelligence operations means their outcomes are difficult to measure, which in turn means the bang-for-the-buck efficacy of those operations is probably not a significant deciding factor in the funding they receive.

[1] http://projects.washingtonpost.com/top-secret-america/

21
Ask HN: Am I missing something?
11 points by leejw00t354  6 days ago   15 comments top 10
1
cup 6 days ago 1 reply      
I guess it depends on what you're looking for out of all this. If you're just trying to create a product so that you can offload it down the line then maybe you should question your initial intentions, there are other ways of making money after all.

If on the other hand you want to change society or improve the lives of people and you have recognised a way of doing so then don't give up. Treat your choiec as a journey or adventure. You're going to have set backs and failures and spend many nights thinking about quitting but you will overcome them and the struggles will make you a better person in tthe long run.

Just because you don't get to the summit of everest doesn't mean you haven't achieved anything and it doesn't mean you haven't improved as an individual and it doesn't mean the next time you try to climb you'll fail again either.

Edit: Also, update your blog, its long overdue!

2
lacker 6 days ago 1 reply      
Yeah, I felt like that before I started Parse. This isn't like X-Factor. You will never really know if you have what it takes, until either you succeed, or you give up. That's just how this works.
3
benologist 6 days ago 0 replies      
Almost every startup fails and almost every founder is a failure almost all of the time.

It might help to remember that.

4
orangethirty 6 days ago 0 replies      
I had my first business at 14. Now 34 (20 (?!) years later. gosh...). Have never knocked one out of the park, but have have some good base hits, and a few doubles. Its all about the game, and how you play it.
5
palidanx 6 days ago 0 replies      
I'm about three years into the start-up world (I'm 31 now), and I sometimes ask myself the same question.

What I'm doing a little bit different now is really getting out there trying to sell the mvp after it is built. I get burned more often, but at the very least I know a little bit more on what my customer wants.

Hang in there'

6
xauronx 6 days ago 0 replies      
I try to see it as more of a hobby. Some people try to perfect their free throws, wood carving, guitar playing, etc. A lot of the time they're going to "fail", or see flaws in what they've produced. It's just a matter of keeping at it, being good enough until you've succeeded in some way.

The other thing you need to be careful of is getting blind to your small successes. There are probably 10 things a day that I do that people new to programming would be confused by, or wish they could do. They're so commonplace to me that I just do them with no appreciation that I did something someone else would find difficult.

7
timmm 6 days ago 0 replies      
Don't make success a binary thing, imagine it as continuous and incremental.

If you've had no levels of success yet then change your approach. Forget networking or pitching or X factor that shit is almost irrelevant. Find a way to make a profit albeit however small it may be and build from there.

Don't start with an idea that requires critical mass or a community just start with a simple product that you can sell.

8
ScottWhigham 6 days ago 0 replies      
Another old-timer here... It's all in how you define success. Various definitions of success might be:

- Someone that Crunchbase wants to interview for every late-breaking tech news story

- Someone who runs a single person company that makes $60,000 profit after taxes

- Someone who has earned FU money by building their own company(s)

- Someone who has over $1m in the bank in cash

- Someone who has built a recurring revenue stream from just an idea

- Someone whose business hasn't failed yet

- Someone who built a company from an idea and that business sustains them

- Someone who built a company that has employees

- Someone who was able to buy a company and turn that company into a better, more profitable company/outcome

- etc

There's not just one definition. So what is "a successful startup" to you? Your definition of success goes a long way to defining your happiness, I think.

9
meerita 6 days ago 0 replies      
I want to think I failed from the moment I have the idea to starting something. I failed so I have nothing to lose but I want to believe I can revert that by making the stuff and finishing it.
10
thoughtcriminal 6 days ago 0 replies      
If you believe you have what it takes, keep going.
22
Ask HN: AOL owns a domain name I could really use. How to get it?
3 points by cjbarber  1 hour ago   3 comments top 3
1
username111 1 hour ago 0 replies      
You'll probably never get it without an exorbitant amount of money.

Try looking for a similar name plenty of people use search engines and bookmarks so a domain like thexxxx.com or getxxxx.com isn't that ridiculous.

2
Casseres 43 minutes ago 0 replies      
http://www.fourhourworkweek.com/blog/2009/02/27/how-to-buy-d...

See item 4d in the list. James Siminoff tells how he pleaded for and was given the domain Noble.com for free.

3
beat 51 minutes ago 0 replies      
What makes the domain name valuable? People stopped looking for services by domain name about ten seconds after Google was invented. Unless it's a brand name and trademark-sensitive, there's not much you can do.

If you have a viable money-making idea, build it without the magical domain name, get rich, buy the domain.

23
Ask HN: Anyone have ideas for an honours thesis project?
6 points by khay  3 hours ago   1 comment top
1
becauseracecar 18 minutes ago 0 replies      
It looks like you have some familiarity with a variety of different technologies which is fantastic.

The most important thing is just to pick a direction and get started. It doesn't have to bee anything more specific than "I want to build something using Raspberry Pi".

Once you pick a direction you can start working through some basic tutorials and learning the ropes. At this point after understanding what's possible you might get some ideas about what you might want to do.

If you don't have ideas yet that's ok, but now you're pretty well equipped to research what other people have been doing with your platform. You could build somewhat different alternatives to existing projects, or work on trying to contribute an extension to an existing project.

If just looking at projects doesn't spark any ideas start talking to people. Start with people who might know something about your topic at your university, or reach out to individuals in the community.

The key to a research project is just getting interested in one idea or question. Once you develop a little curiosity about on little thing it's like pulling on a thread that's connected to a much larger tapestry. Maybe your original idea has already been done but you find something else that's closely related that hasn't been done. You'll quickly be able to follow this tiny thread to a much larger world that will be of great depth and in general can be very interesting. If you have the diligence to carefully review existing work it's not hard to steer yourself to a totally uncharted area (this is probably a lot of work for a senior thesis but if you find it fun then go for it).

Also don't worry too much about originality. Re-creating something that already exists is a good learning experience, and might lead to other interesting ideas, like taking an existing thing and using it for a slightly different purpose. Just make sure to give credit where it's due. This isn't a PHD thesis and I don't think you'll be knocked for not making some brilliant original discovery. The key thing is to get started and follow your curiosity.

24
Ask HN: how to verify users identity (background check)?
2 points by rush-tea  1 hour ago   1 comment top
1
lifeguard 1 hour ago 0 replies      
One trick I have seen online merchants use is to credit a prospective customer's account a small sum of money, like $1.16. Then call the customer and ask them to tell merchant the amount that was added. If the customer has full access to the account, customer can answer the question. If the credit card is stolen, the customer will not know the amount merchant credited.
25
The NSA, CALEA, and the hardware backdoors built into routers (required by law)
28 points by j2d3  20 hours ago   4 comments top 2
1
j2d3 19 hours ago 1 reply      
PS - an interesting post from slashdot 2010 about this topic:

http://hardware.slashdot.org/story/10/10/29/1456242/hiding-b...

quartertime writes"Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

2
chris_dcosta 12 hours ago 0 replies      
I guess any customer using US Equipment in any part of the world is also accessible, even without a local law supporting it?

Interestingly I managed to discover a Huawei trojan that installed itself without me granting permission via a hotel router. It wasn't particularly well built back in the day which made it easy-ish to identify.

Makes me wonder where China is going with all the deals Huawei is making with Govts across the world too.

26
Ask HN: Question Regarding Recent Events
2 points by vxxzy  6 hours ago   discuss
27
Ask: what are the biggest problems being solved by companies in the valley?
6 points by lukejduncan  18 hours ago   2 comments top 2
1
jmathai 14 hours ago 0 replies      
Off the top of my head....Watsi, Kahn Academy, Wikipedia.

It depends on what type of problems interest you.

2
joshAg 18 hours ago 0 replies      
Riverbed's doing some cool stuff with wan optimization.
28
What are the chances of Lastpass being backdoored?
3 points by chashaz  13 hours ago   2 comments top
1
macarthy12 11 hours ago 1 reply      
Read / Listen to this for a complete answer.

http://www.grc.com/sn/sn-256.htm

29
Have you ever had to comply with a secret government request?
4 points by brohoolio  19 hours ago   2 comments top 2
1
kjs3 18 hours ago 0 replies      
It is entirely likely that you wouldn't know. Such requests usually come through your legal department, are handled by a very small subset of folks in the IT dept, and don't necessarily look any different than other requests for disclosure or discovery that legal makes. It's not like some guy in a black trenchcoat shows us and says "now keep your mouth shut...this is a GOVERNMENT SECRET".

That said...I worked for a telco for a number of years, so it's a safe bet I did.

2
stray 19 hours ago 0 replies      
Nice try, Verizon.
30
Ask HN: Any impact to your saas biz because of this NSA/PRISM scandal?
6 points by unlimit  1 day ago   2 comments top
1
bdfh42 1 day ago 1 reply      
We are still building the MVP but do wonder how we should counter customer partner and potential investor worries about this issue.

SaaS still looks like the best way to deliver our software but I suppose now we will have to load the whole thing with even greater data encryption to help customers feel comfortable. Now just where do we put those encryption keys?

       cached 11 June 2013 20:05:01 GMT