hacker news with inline top comments    .. more ..    25 Jul 2013 Ask
home   ask   best   4 years ago   
1
Show HN: A Search Engine for Developers, Marketers, Web Designers, and Hackers
46 points by nerdydata  6 hours ago   36 comments top 19
1
jwarkentin 4 hours ago 3 replies      
I thought it would be really cool until I realized the whole credit thing. It often takes many permutations of a search to find the results you're looking for. If each attempt costs money and the whole thing might be a waste in the end then it's hardly worthwhile.

I've always been annoyed that Google won't search for symbols. As a programmer that makes searching for certain things anywhere from difficult to impossible. I was hopeful that this would be a search engine I could use to search for code snippets or queries that involve symbols.

Let's say, for example, that I was browsing through some PHP code and saw a double dollar sign ($$) and wanted to know what it was used for (yes, I already know, it's just an example). I might try searching for something like 'PHP $$'. This search engine is useless for that. That's the real problem I need a search engine to solve.

2
michaelmior 5 hours ago 0 replies      
Looks pretty cool. I really dig the design. I was a little annoyed that I seem to have 10 credits without noticing and used them up just messing around. (I can't really tell because clicking on the credits doesn't do anything). It would be nice to make this more obvious up front. Anyway, I can see this being a pretty useful tool in some scenarios.

Also note that "Locater" is spelled "Locator" (sidebar on the left)

3
ollerac 4 hours ago 1 reply      
I don't get how to use the seo search. How do I search for all websites that have a certain name in their title for example?

    <title>name</title>
Just returns the exact match.

And how do I search meta descriptions and meta keywords?

4
brbcoding 4 hours ago 0 replies      
Whoa... Searches must be based on IP. Shared with a co-worker and they can see all of my searches, and I can see theirs.
5
bapi 2 hours ago 0 replies      
Search terms like consumer_secret ou api_secret and you'll find lot of things... :(https://search.nerdydata.com/search/#!/searchTerm=consumer_s...

With great power, comes great responsibility.

6
aram 6 hours ago 0 replies      
Very interesting service. At first it didn't occur to me why would I want to search the source code, but your examples were good.

What is the logic behind the search criteria? I entered `<div id="main">`[1] and the first result is LinkedIn with `<div id="main-wrapper">` highlighted, which shouldn't match my query directly as I entered a closed tag. Some of the other results also didn't contain exactly what I was searching for - e.g. `<div id="main" class="main">`, `<div id="main" class="clear">` etc. A technical explanation on this would be great.

Also, one minor note - David's photo in the front page footer is broken [1]

[1] https://search.nerdydata.com/search/#!/searchTerm=<div id="main">/searchPage=1/sort=pop

[2] http://www.arc.losrios.edu/Images/Images-arc/Foreign_Lang_De...

7
jwcrux 3 hours ago 1 reply      
Just a small request - it would be way cool to have a "site:" filter like in Google searches. A lot of the results found are irrelevant to me as it is.

Cool site - great work!

8
adamnemecek 1 hour ago 0 replies      
Honestly, I'm not a fan of the name.
9
013 5 hours ago 1 reply      
Is there any content filtering?When I went on to Image Locator, then "See an example" it will search for imgur.com.The first page of results shows 'thebiglistofporn.com', 'entensity.com'(Not sure if it's NSFW, but it looks it from the thumbnail.)

I know it's not too much of a big deal, but porn thumbnails wasn't something I was expecting to see on a websites example page.

10
ErikAugust 5 hours ago 0 replies      
Do results sort based on mozRank, Alexa, PageRank? Or something proprietary?
11
nerdydata 2 hours ago 1 reply      
Did we mention our "Basic" account is free and gives you 200 credits to use? https://search.nerdydata.com/pricing?hackerNews
12
snake_plissken 4 hours ago 0 replies      
Good god, my attention span just reached terminal velocity. I like. Very cool and original.
13
kyle_martin1 4 hours ago 1 reply      
This would be a very good tool to find XSS vulnerable websites.
14
ScottWhigham 5 hours ago 1 reply      
Love it - great idea and great presentation. I only tried a few cursory searches but it was definitely bookmark-worthy. Kudos :)

I'd love to hear you guys talk about the risks of searching for "dicey"/risky characters/terms and how you protect your data/server from malicious searches.

15
kevrone 4 hours ago 2 replies      
This is awesome. Especially for finding use cases and implementation examples of front-end libraries.
16
ScottWhigham 4 hours ago 0 replies      
Anyone tried comparing to http://searchcode.com/ ? I haven't - just ran across it right now doing an unrelated search.
17
jayzalowitz 5 hours ago 1 reply      
First off Stony Brook! Second, open crawl? Third, what's your stack?
18
ilikehunny 5 hours ago 3 replies      
19
nerdydata 6 hours ago 0 replies      
Clickable link: http://nerdydata.com
2
RocketCloud - Like DigitalOcean but outside US legal jurisdiction
2 points by RocketCloud  37 minutes ago   2 comments top
1
Fizzadar 33 minutes ago 1 reply      
I wouldn't be so sure - if anything the UK is more monitored by our own agencies than the NSA monitoring America. We just don't know about it so much. I guess the only difference is the lack of 'backdoors', but I highly doubt Digital Ocean has such a 'backdoor' as well.

Assuming this is the case it is likely both services will be under as much surveillance as each other.

3
Ask HN: How do acquisition taxes work?
5 points by lquist  2 hours ago   1 comment top
1
patio11 2 hours ago 0 replies      
Mostly, capital gains taxes. Long term or short term depending on how long you've held the asset. You may be assessed these by both the US federal government and your state of residence. (The situation is more complicated internationally... as always.) In the United States, you almost always want things structure such that income is classified as capital gains rather than ordinary income, because your effective tax rate will almost certainly be lower that way. (This is, again, almost certainly what will happen as a result of your exit. That's not totally guaranteed, though -- just like we geeks are pretty good about getting integers to behave like strings when we need them to, a good lawyer or accountant can often propose a way to structure a transaction such that it has desirable properties.)

Talk to an accountant before you found a company (goes for you and for everybody else) and talk to them again before and after the sale; there are some subtleties.

Ask about "qualified small business stock" if you're pretty sure this is not your last rodeo and you've been doing your startup for 5+ years.

An example of a good reason to talk to accountants prior to doing things: I invested a very small amount of money in a tech startup. My accountant suggested that I consider investing through a self-directed Roth IRA, which would (if the company IPOed) let me avoid paying any capital gains taxes on it or any investments made subsequently with that money (if I were willing to wait until retirement to touch the funds). In the event that retirement wasn't an option, there's a plan B: the magic words are "substantially equal periodic payments" and your accountant can explain the calculation to you.

4
Ask HN: What are the best marketing resources as a developer running a Startup?
4 points by cnivolle  2 hours ago   1 comment top
1
smit 50 minutes ago 0 replies      
Every startup is different so it's hard to point to resources without knowing what customer acquisition channels work for you.
5
Ask HN: What happened to Steve Yegge after 'quitting'
66 points by topherjaynes  6 hours ago   21 comments top 8
1
losvedir 5 hours ago 1 reply      
He didn't quit. See his post:

http://steve-yegge.blogspot.com/2011/07/hacker-news-fires-st...

"Hacker News Fires Steve Yegge" which is about how everyone misinterpreted what he said.

2
incision 5 hours ago 1 reply      
>"Or have you had any success setting aside set time to work on side projects or just to learn something?"

Yes.

Several months ago I decided to get serious about re-aligning my career and the pursuit of a degree.

Creating a structured plan with a schedule and specific goals has been the most important part. Setting aside time is part of that.

I think treating my development more formally has been a huge help.

3
topherjaynes 6 hours ago 0 replies      
[video] http://www.youtube.com/watch?v=vKmQW_Nkfk8 13:50 is the Study Hall
4
has207 5 hours ago 0 replies      
The next blog post he posted a few months later was all about how he spent the last few months playing this video game. Well, not entirely, there was a dig at google+ in there as well. But I'm guessing the study hall didn't happen...

Too bad too, because I also felt very inspired by his "I quit" speech and was looking forward to a follow up.

5
ngd 4 hours ago 0 replies      
He did a talk about Project Grok, a piece of internal Google infrastructure he created, back in April at an Emacs conference: http://www.youtube.com/watch?v=uRO3dNJx5Dw
6
damontal 5 hours ago 1 reply      
So he actually quit his job at Google in that speech, and not just some cat-picture project?
7
_pmf_ 5 hours ago 1 reply      
As soon as his leaked piece on Google+ appeared, it was pretty much to be expected that he will be terminated (use whatever softer sounding euphemism you like). You can't just throw feces at your coworkers in public view and expect to be kept in the company.
8
varelse 4 hours ago 6 replies      
Steve Yegge is 100% talk and no action. He wants to go cure cancer? Well then dive right in and join the fight! I'm sure he has Google lucky megabucks so what he does with his remaining time on Earth is entirely up to his whims.

Those whims seem to be telling him to stay in his Google glass menagerie and enjoy what his keepers feed him and taking time to play and extensively critique _Borderlands_. And that's a fine and understandable hacker hedonist strategy, but please, STFU about "curing cancer" etc. (unless he's going to get in the ring(tm), which I seriously doubt he ever will).

But to be fair, I've seen this happen to a few of my friends who hit it big, and I think it explains why there are so few Elon Musks and James Camerons among us. Once Maslov's hierarchy has been topped off, it's like the insatiable drive to achieve that made that possible just evaporates.

6
Ask HN: hey data scientists, have they invented a better mousetrap than CSV?
2 points by seamusabshere  1 hour ago   2 comments top 2
1
bockris 1 hour ago 0 replies      
tab separated values
2
mjhea0 45 minutes ago 0 replies      
JSON
7
Ask HN: This company links my home IP address to my employer. How?
4 points by porker  7 hours ago   2 comments top
1
caw 5 hours ago 1 reply      
I think there's actually analytics available where their pitch is "use us on your website, and we can help identify users."

They'll track you around multiple sites until you finally drop an email address in or fill out a form. Then all of the other sites you visited get the same information (that's the incentive to use their tracking system).

Can't remember the name of the analytics company and my google-fu is failing me right now.

8
Ask HN: Given ChromeCast, how can we now kill hollywood?
3 points by jayzalowitz  5 hours ago   4 comments top 3
1
dragonwriter 5 hours ago 0 replies      
> Given that, HN, how can we now kill hollywood/use live video in a new way/make journalism new again?

Is Chromecast even relevant to all of those?

1. Hollywood: Chromecast doesn't change the production costs of high-end movies, so doesn't seem relevant to the main function of Hollywood. There's already vast hordes of lower-end video content produced outside the Hollywood studio system and its foreign equivalents.2. Use live video in a new way: Chromecast might be relevant here, in that it might extend the potential reach of internet-based video apps into the living room. So I see some potential there.3. Make journalism new again: video is demonstrated to be a less effective medium (and, in many studies I've seen, a medium of negative impact) for actually informing and conveying understanding of journalistic content -- and Chromecast doesn't really do much to increase the reach of textual content, which is the more effective medium.

2
johnmurch 5 hours ago 0 replies      
The first thought would be to A) aggregate and priorities content that is online. Dare I saw a digg/reddit version of videos (youtube,vimeo,etc.) that would allow you to get the content and push it to your chromecast. This would work on video that is online, but this device doesn't address live sports/news events that are being broadcast to cable box and/or via antenna.

B) Sharing is care - another thought I had was more of integrating a raspberry pi or device to hook into your NAS or external hard drives that have videos/content from DVDs/Music/whatever - which you would want to stream. So maybe a raspberry pi to hard drives (usb) device that allows you to have all your content in 1 location but leverage some p2p secure protocol to allow for others to stream/request the content to their box before pushing to the chrome cast

Just some thoughts!

3
terrykohla 4 hours ago 1 reply      
Isn't Chromecast accomplishing similar functions as Apple TV?

I don't think this is revolutionary.

9
Ask HN: Best way to anonymize connection from a browser extension?
3 points by karli  5 hours ago   discuss
10
Ask HN: Starting company w/ non dev. How to divide profit/revenue/shares?
2 points by rfnslyr  4 hours ago   4 comments top 2
1
rdouble 1 hour ago 1 reply      
Well, signing the clients is actually the most important part.
2
dylandrop 3 hours ago 1 reply      
Could you expand on the idea of the company?

If it's just a freelance web dev company there's no reason he should be getting 50% of the profit. There's no way he's spending as much time as you searching for clients as you would be building the site. You could easy replace him with PeoplePerHour.

11
Ask HN: Why Ubuntu Edge?
2 points by gschiller  4 hours ago   2 comments top 2
1
Piskvorrr 4 hours ago 0 replies      
I'd say the (promised) ability to be used both as a phone _and_ a desktop computer, depending on what you plug into it. Sounds pretty good to me: take your Android-ish phone (of reasonable size and weight) anywhere, connect it to a full-size keyboard and screen - voila, a full-featured, not-underpowered-like-a-netbook computer running Ubuntu!

I have yet to see this in any other device on the market; this alone would be sufficient for me.

2
godsboy7777 3 hours ago 0 replies      
What is Ubuntu hehe
12
Ruby jobs in New Zealand for foreigners
3 points by thifm  5 hours ago   2 comments top 2
1
Peroni 4 hours ago 0 replies      
The NZ governments info page on visas is genuinely useful - http://www.immigration.govt.nz/migrant/stream/work/

Also, given it's just past 3AM in NZ, the likelihood of a Kiwi answering your question is quite slim!

2
ankitml 5 hours ago 0 replies      
me too. thanks :D
13
Ask HN: How can I learn to architect a production web app?
14 points by rman666  17 hours ago   6 comments top 5
1
shailesh 14 hours ago 0 replies      
Assuming that you've found an interesting business problem to solve:

1. Write a list of desired features. Next, prioritize those features.

2. Write brief functional specifications for features of highest priority.

3. Decide on how you want to use the software stacks for different tiers, e.g.

   Browser - Bootstrap or Zurb, AngularJS   Server stack - node.js, Ruby, Python   Database - MySQL, Postgres   These examples are sketchy, just to give a feel of things.
4. Research any libraries that automatically handle common functional units, such as authentication and authorization, analytics et al.

5. Some functional units might be implemented more easily by gluing together services. E.g. using New Relic for deep application monitoring, Twilio for cloud communications.

6. Design and implement all functional units.

7. Profit!

8. Write a Thank you HN note, :)

One should do this exercise for a "toy" application like "To Do List" first. It helps remarkably when we go about building serious stuff.

Books:1. Code Complete by Steve McConnell - worth at least skimming it.

2. Design Patterns by Erich Gamma et al http://www.c2.com/cgi/wiki?DesignPatterns

Also, definitely have a look at Peter Norvig's slides: http://norvig.com/design-patterns

3. About Face 3: The Essentials of Interaction Design by Alan Cooper

4. Writing Effective Use Cases by Alistair Cockburn

Websites:1. Obviously, HN, :)

2. http://highscalability.com/

It may look like a huge undertaking, but it really isn't. A quote from Michael Abrash seems appropriate here, "Winning a hard race prepares us for the next harder one."

This is just top of the mind; hope this helps.

Good luck.

Edit: formatting.

2
lishy 7 hours ago 0 replies      
Although I don't have a solution to your immediate requirement, I am working on a startup aimed at solving just this kind of problem. In other words, how to go from understanding the basics of a language to using it in an enterprise environment?

The idea is that a user uploads a real working application, then provides a series of guides through the different aspects of the project; configuration, security, mvc, testing, persistence etc

For exmple, using the same application, this guide explains how to configure MVC http://www.lishman.com/project/5#card/278/file/82 and this one how to configure JPA persistence http://www.lishman.com/project/5#card/73/file/103

Unfortunately these examples use Java and Spring, but if by some miracle I can get someone to donate a ruby on rails example, you will be the first to know.

3
LarryMade2 16 hours ago 0 replies      
There are frameworks out there geared for rapid production development, that will get you quite far on your way to that. Some may also have tutorials on how to do production ready stuff with their framework.

If you can't find a book or tutorial; next I would suggest take something that's small and meets your idea of "production" capable, and dissect it. Better is to build a similar concept app to the sample source and try to employ that code and ask questions as you go along.

4
s3b 12 hours ago 0 replies      
A good book on the topic is "Web Operations: Keeping the Data On Time"
5
pastaking 15 hours ago 1 reply      
I'd like to know as well. Specifically, other than the actual web app, what proven tools do people use to monitor their service & manage their organization?
14
Ask HN: Take down my reverse-engineered Snapchat lib because they asked?
180 points by tlack  3 days ago   133 comments top 54
1
peterkelly 3 days ago 0 replies      
One important distinction that I see missed here is that of an API vs. a service.

Snapchat provide a service, which I mentioned in another comment here that they have every right to enforce terms of service on, and restrict or allow usage as they see fit.

Snapchat also provide an API (which, in this scenario can also be considered a network protocol). This API can be used to access this service.

Now that I've had a look at the code, I've noticed that it includes the API keys which grant programs using this library the appropriate access permissions for the service. I think this is wrong, and that these keys should not be included in an open source library. The rest of the code however, is fine, as it simply implements a protocol.

If I were to develop something like this, I would leave out the API keys and have the user of the library fill them in. In principle, and as someone else has mentioned here, it would be possible to develop and operate your own service which uses this protocol/API. And I see nothing wrong with that.

Well, except of course that the whole notion of an app which presents information for a set period of time after which the user can no longer view it is inherently flawed, since eventually someone's going to figure out how to not erase/hide the information.

2
peterkelly 3 days ago 5 replies      
I've just forked it on Github, as have 25 others (as I write this).

As with file formats, the notion that network protocols & APIs should ever be granted any type of protection and that no-one other than the creators should be able to write software that conforms to these protocols is ridiculous.

Snapchat, in my view, have every right to restrict who uses their service and in what manner - via standard mechanisms like API keys and login credentials. But preventing third-party implementations of protocols or APIs is so 90s. Oracle had a bit of trouble with this recently.

One problem I'm personally trying to remedy is the proliferation of various APIs and protocols for accessing various online storage services (Dropbox, Google Drive, Box etc) by developing an SDK that supports all of them. We need more of this kind of these kinds of projects, not less.

Micah Schaffer, if you're reading this, you're welcome to send me a takedown request and discuss the issue with me. My email address is in my profile.

EDIT: It's at 62 now. I wouldn't be surprised if even Barbra Streisand has forked it.

3
untog 3 days ago 4 replies      
Ignore 99% of the responses in this thread, particularly any that say "I think...", "It seems fair...", and so on. You're in a legal situation here, if you are worried, contact a lawyer.
4
DannyBee 3 days ago 0 replies      
Can't give you legal advice, since you aren't my client and i can't ethically represent you.

In general, though, not taking it down will be a tough path for you.

If you really want to go down that path, get a lawyer (i'm happy to make recommendations for you), say nothing else here (or anywhere) about your motivations/goals/whatever, and go that way.

If you don't want to spend the time or the money, take it down .

5
angersock 3 days ago 0 replies      
I considered forking this, but how about doing the bastards one better?

You've already got a client library written--why not go ahead and post up a conforming backend as well? If you want, shoot me an email with your doc'ed API, and I'll shoot you back (gimme a week--things on fire right now) a simple Sinatra mockup.

Clean room all the things!

EDIT:

For an idea of a quick hack of this variety, see my work from last week -- https://news.ycombinator.com/item?id=6065652

6
cjbprime 3 days ago 2 replies      
There's no "fair use" defense because they aren't asserting a plain copyright violation -- they're asserting that using their API is a DMCA violation. I'm not a lawyer, but this seems laugh-out-loud crazy of them, and I'm not aware of anyone trying that claim before.

So if you want to resist, you could start there: by finding out (possibly by asking a lawyer to talk to them) how they think your tool is acting to "descramble a scrambled work, decrypt an encrypted work, (or equivalent actions)". If you want to do this, you might consider reaching out to the EFF for help.

Morally, I think you're in the clear for the reason you already gave.

7
tptacek 3 days ago 1 reply      
I would take it down, not because of ethics or legalisms, but because you'll lose technically. They're making it clear that they don't want interoperable implementations. All you're doing is poking them in the eye with a stick. You probably don't have the resources (especially given your lack of interest) to keep your implementation working; they certainly have the resources to break your implementation. Why bother?
8
venomsnake 3 days ago 0 replies      
You have created a good Streisand effect here. I approve :) Even if a lawyer advises you to take it down it will be cloned more than enough times for the IP to be preserved.
9
milesokeefe 3 days ago 0 replies      
A few weeks ago I was halfway through the process of reverse engineering the Snapchat API myself, when I found your library. I just wanted to say thanks for saving me so much trouble.
10
simonster 3 days ago 0 replies      
At this point, I would just remove it. Since this is on the front page of HN, there's no way Snapchat can make the code disappear anyway.

If you need legal advice, I recommend seeing if SFLC (http://www.softwarefreedom.org/) will help you. In the past, I worked on a free software project where we willfully ignored a cease and desist notice and got sued by a large multinational corporation, and they were awesome.

11
late2part 3 days ago 2 replies      
A lot of times when you use a product, you're required to agree to an EULA wherein you promise/commit to not reverse engineer a product or its protocols. If you did use snapchat as a registered user, this issue could affect you negatively.

Another alternative is to mail them back and ask them for clarification. Why do they consider it an infringement?

The law clearly states the following:

  (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that  (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;  (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or  (C) is marketed by that person or another acting in concert with that person with that persons knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
The way I interpret this is that if one is overcoming some encryption or authentication scheme, it may be disallowed under the law. If one is simply observing a protocol online, then one may be doing something bad as this says.

12
venomsnake 3 days ago 4 replies      
I hate to play devil's advocate here (especially since I already have a post here) but I had a thought. For Snapchat some of the biggest selling points are the self destruct abilities of the media sent. So an unauthorized client puts a stake trough the heart of that claim (and the company). I see why they may be worried, but I think that they should have communicated their concerns more clearly and pleading, and not intimidating.
13
mattmaroon 3 days ago 0 replies      
Here's what I'd do if I were you.

First, I'd ask myself how much I care about this. Do I care enough to pay legal fees to defend myself if Snapchat decides to come after me? If yes, consult an attorney and find out what you're looking at. Ignore any legal advice you get here. Unless it's from an actual attorney on your payroll (and attorneys you aren't paying won't give you much beyond an initial consultation)

If no, you've got an easy choice: take it down.

14
dragonwriter 3 days ago 0 replies      
> I am under the impression that reverse engineering is still protected under fair use doctrines. Is this the case?

Not insofar as the reverse engineering is used to produce an anti-circumvention device under the DMCA (that is, the reverse engineering itself is still just as protected as it used to be, but that protection does not extend to making the anti-circumvention device available.)

Note that there is still the issue of whether what you've actually is an anti-circumvention device.

> How should I respond, if at all?

If the project is worth the cost of consulting a lawyer, you very likely should do that so you understand better what your exposure here is and can make a more informed decision than you would be able to make based on lay advice you might get from HN. If its not, you should probably take it down.

15
kposehn 3 days ago 2 replies      
Morally, I would take it down.

It is all well and good to write these sorts of things as a demo, but distribution is something where I would defer to the actual owner of the API in question.

After all, how many of us would want someone creating an unauthorized library to a private API that we don't wish to have public?

16
ams6110 3 days ago 0 replies      
"Written" as in sent you a registered letter? Or was this an email?

I don't know anything about the Snapchat API but if it's simply undocumented I don't see how that would be a "technological measure" of "effective control."

If you had to sniff or crack an API key of some sort, maybe that does.

In any event, it seems like a friendly enough request, maybe take it down as a courtesy pending their clarifying exactly what "technological measure" of "effective control" they think it "circumvents." Depending on their response and how much you think you want to push it, you can then decide what to do.

17
kevincrane 2 days ago 1 reply      
This is completely off-topic, but I'm curious. How does one go about "reverse engineering" a protocol like what Snapchat uses? Do you just listen in on the bits that the phone sends (say, with Wireshark) and kind of guess and poke at it to see what each part does?

Edit: after some research (like reading TFRepo), I found some links mentioned that give some info in case anyone else is curious too.

http://adamcaudill.com/2012/06/16/snapchat-api-and-security/

https://github.com/tlack/snaphax#motivation-and-development-...

18
jrochkind1 2 days ago 0 replies      
If you want to keep it up, you should contact a lawyer.

It _may_ indeed be illegal under the DMCA to distribute. Or it may be legal, as there are some exceptions for reverse engineering etc.

Nobody here knows. Heck, even a lawyer might not know, but a laywer will know your level of legal risk and possible expense.

19
Shank 3 days ago 0 replies      
If they really had any standing, wouldn't they have sent the DMCA takedown request to github instead? Or are they just afraid it would be negative on their part to be permanently in https://github.com/github/dmca?
20
stevekemp 3 days ago 0 replies      
I'd consider it good-faith reverse engineering for the purposes of interoperability.

I'd ignore it. If they want to go hard-ball they'll threaten to sue/actually sue. Until then keep silent.

21
rhizome 3 days ago 0 replies      
17 U.S.C. 1201(a)(1) claim is BS. Terms of Service and/or "Company Policy" is not a copyright protection mechanism.
22
josephlord 3 days ago 0 replies      
Not a lawyer or in US.

If you reverse engineered rather than copied from Docs or header files I don't believe it should be copyright infringement. Note that the Google Oracle case currently being appealed seems wrong to me as I think copyright on complicated API's are reasonable (many disagree with me) although fair use and antitrust arguments should in many cases allow reimplementation. Anyway in statutory terms I don't see a problem. However...

It is likely that you agreed to Snapchat's terms of service at some point and it is also likely (I haven't read them) that they contain clauses forbidding permission to reverse engineer and/or access the service without using official clients. This opens up possibilities for breach of contract legal action and more worryingly computer crimes prosecution for unauthorized access. This conversion of minor contract breaches into computer hacking crimes is horrible law but it seems to be current reality. Be careful.

I don't know if you are in a better or worse position if you use the software without agreeing to the terms and conditions.

23
osth 2 days ago 1 reply      
Schaffer: "... we consider Snaphax to be unlawful circumvention device under ..."

Lackner: Mr. Schaffer, are you a lawyer? Please elaborate on why you consider Snaphax to be unlawful circumvention. I will assess the merits of your argument and then make a decision.

While people in this thread all give the customary knee-jerk "get a lawyer" response, consider that:

1. The request did not come from Snapchat's lawyers, if they have any retained for the purpose of DMCA claims. Surely they must, right?

2. It does not state what happens if Lackner does not comply. There's no threat of legal action. It just asks Lackner to remove the code from Github.

As such, there's no reason not to ask Schaffer to clarify why he thinks there is a problem.

If lawyers are not involved yet, then asking questions is free.

If this was a clear DMCA violation, then why didn't Schaffer send this to Snapchat's lawyers to handle?

Maybe because he might not get the answer he wanted: that it's a clear DMCA violation and an easy win for Snapchat.

Any lawyer can be asked to send a threatening DMCA violation letter. They will almost always say, "Yes, we can do that for you."

But sending a threatening letter does not mean it's a slam dunk win if the recipient does not comply with the demands in the letter. Sometimes threats are hollow. The sender may have no intention of pursuing litigation any further than sending demand letters. It simply might not be worth the money to pursue litigation over something like Snaphax. If this bit of PHP was that big of a deal to Snapchat, why didn't the request to remove it from Github come from Snapchat's lawyers? Where's the line about purusing all legal remedies?

Not to mention that by sending a threatening letter with no details on why the sender thinks the code at issue is a DMCA violation, there's a risk that the recipient might post a link to the code on HN and set off a "Github fork bomb". Ouch.

24
jwcrux 3 days ago 0 replies      
Like many others have said, it would be best to consult an attorney if you're concerned.

However, while you may not be able to distribute software which uses the API, I think many people would enjoy/benefit from a post describing how you reversed it and what steps you took to create the library.

25
antitrust 3 days ago 0 replies      
http://www.law.cornell.edu/uscode/text/17/1201

There's the statute, for you armchair quarterback-lawyers out there.

26
jgv 3 days ago 0 replies      
Sounds like the streisand effect for these guys http://en.wikipedia.org/wiki/Streisand_effect
27
Splendor 3 days ago 1 reply      
Whatever you decide to do, don't make posts like this that could potentially be used against you.
28
zacman85 3 days ago 1 reply      
I highly doubt this has anything to do with stifling innovation. Given Snapchat's popularity, it would make a lot more sense that they are trying to restrict 3rd party access to cut down on spam. Nothing will be more destructive to their service than bots churning out huge amounts of spam, undermining the trust they have built with their users.
29
dumbfounder 2 days ago 0 replies      
I don't see your moral high ground here. Snapchat never opened their service and then closed it on you leaving you stranded. They have a service that you reverse engineered knowing it was a closed service and they sent you a pretty nice letter asking you to stop. Should they have made their service more secure? Yes. Does that give you the moral high ground? Hell no.

But, I personally wouldn't worry about it. If they really felt strongly they would send something to GitHub asking to have your project removed. If GitHub takes it down that means they are either being douchey and covering their butts, or they believe the request has legal merit.

30
dspillett 3 days ago 3 replies      
It very much depends where you are and what you can afford in legal fees.

When you signed up you will have agreed not to do this sort of thing in the terms and conditions - whether that is legally enforceable or not could be expensive to prove either way. Though the worst they can do you for here is breach of contract.

With regard to "copyright circumvention": un-rot13 has been classed as an encryption circumvention device before now, so don't bank on the law having any common sense here.

My advice:

1. If it is just a weekend project it isn't worth the hassle, drop it as requested.

2. If you really care about it, lawyer up and prepare to fight.

In either case post to HN and as many other places as you can that are relevant to make sure their status as litigious wankers is recorded as far and wide as possible ;-)

31
willaaye 3 days ago 0 replies      
Book a session for today with Lior on LiveNinja. He specializes in this kind of stuff and can help you out for sure: https://www.liveninja.com/liorleser/
32
scotty79 2 days ago 0 replies      
Why creative people don't leave US? There's a whole world out there where you could respond to such message with simple obscenity and never think of it again.
33
drdaeman 3 days ago 2 replies      
IMNAL, but if they aren't filing off a DMCA notice (but asserting it's a DMCA violation), why care?

I persume they can't file a lawsuit without filing DMCA takedown notice first?

If so, when they'll file the notice, GitHub'll take it down (as they usually do). Then you may consider filing counter-notice (if you can afford legal action) or, I guess (IMNAL!) ignore the whole affair.

Anyway, you'd better consult a lawyer.

34
dmuth 3 days ago 0 replies      
One thing I'd like to note is this line from Snapchat's email:

> Please confirm that it has been removed by end of day Monday, July 22nd.

Essentially, they're giving the poster less than a full day to act on this. That strikes me as a high pressure tactic on Snapchat's part designed to get the poster into pulling that library before taking the time to consult with an attorney.

130 forks and counting.

35
pyalot2 3 days ago 0 replies      
Streisand effect
36
CoryG89 3 days ago 0 replies      
And...... cloned. Sure go ahead and take it down XD.
37
wilfra 3 days ago 0 replies      
I got the 100th fork!
38
mikhailt 3 days ago 0 replies      
They give you less than 12 hours to respond? Really?

I would seek a lawyer if you can afford one and if not, then you can't afford a lawsuit either, so in this case, pull it offline. If you do the latter, you should post the results of your research somewhere, this can't be taken down as it is sharing information and not an API tool.

39
equity 2 days ago 0 replies      
I would seriously question whether 17 U.S.C. 1201(a)(1) is relevant at all. This law is specifically for "Circumvention of copyright protection systems". Does Snapchat own the copyright of pictures distributed using its software? or rather do the users own the copyright? I suspect the answer to this is the latter -- that users own the copyright to the works distributed, and this would render the law irrelevant. Moreover, I would argue that the software protections put in place by Snapchat are for reasons of privacy not for reasons to enforce copyright.
40
jessaustin 2 days ago 0 replies      
Where's Snapchat? Don't they read HN? What do they have to say for themselves? Have they finally spoken with an attorney?
41
frasierman 3 days ago 0 replies      
Just spitballing here, but couldn't you just remove the hardcoded URLs and let users paste in the Snapchat URL so they'd be breaking the TOS, not you?

Technically, it wouldn't be utilizing their API, it would just be a PHP library for accessing APIs that happen to use their exact API call structure.

I know it's a long shot, and it may not hold up, but I think it's better than just taking it down.

42
jbrooksuk 3 days ago 0 replies      
I've duplicated it into a private repository. Reference, if you will.
43
orcasauce 3 days ago 1 reply      
While this does technically violate 17 U.S.C. section 1201 (a)(1) according to other case law, I feel the responsibility is upon Snapchat, Inc. to make sufficient attempts to prevent such subversion. RE is always a sticky area, and because it appears you needed to pull some form of cryptographic keys out of that process, you are likely in an unenforceable region of a DMCA violation.
44
lewisflude 3 days ago 0 replies      
I'd take it down if I were you. It's not worth it. If you do feel really strongly about keeping it up for moral reasons, then contact a lawyer.
45
ada1981 3 days ago 0 replies      
It looks like the law is written to prevent people from writing code to decrypt or descrambler signals (like cable TV or payperview). But I'm not a lawyer. Is there a place someone could post the code anonymously? My guess is this is a threat which wouldn't hold up / but they also have cash and lawyers, which is most of the legal game anyway. Good luck.
46
ed56 2 days ago 0 replies      
I wouldn't recommend going toe to toe with a technology company when there is nothing worthwhile to gain (If there is something worthwhile, then see a lawyer). Morally I think the project should be able to stay up. However, I would avoid the legal system at all costs. The stress isn't worth it.
47
tesla22 2 days ago 0 replies      
I used Snaphax to make a website of mine,SnapSave.me! You did a great job. Please don't take Snaphax offline. There's no other library on the internet like it. I don't know what the legal ramifications are but your work is making a difference.
48
MorningInfidel 3 days ago 0 replies      
...aaaaand cloned :)
49
cliveowen 3 days ago 0 replies      
The request might be unfair, but I wouldn't risk it.
50
aetch 3 days ago 0 replies      
Quick, everyone fork.
51
bholzer 2 days ago 0 replies      
I spent the last couple of hours making a ruby clone if anyone is interested in taking a look or wants to help. For some reason, The decryption has stopped working in the past half hour. They couldn't have changed they key or anything, so I'm not sure what went wrong.

https://github.com/bholzer/RubySnap/blob/master/rubysnap.rb

52
mmgutz 3 days ago 0 replies      
Forked and I don't even like PHP :) United we stand.
53
macinjosh 2 days ago 0 replies      
fork snapchat, I'm forking this repo.
54
fascinated 3 days ago 0 replies      
The outcry! The injustice! Sigh
15
Ask HN: Is there evidence that artificial sweetener is bad for you?
7 points by BookPage  16 hours ago   8 comments top 6
1
ricardobeat 1 hour ago 0 replies      
Recent and past research has linked sweeteners to obesity, diabetes, and even heart disease. Some studies show it results in larger weight gain than consuming sugar.

In addition to those, substances like sodium cyclamate and aspartame have been linked to cancer after being considered 'safe' for decades. Who knows when they'll declare the same for neotame and other new sweeteners? If only xilitol made from bark was cheaper...

I think the conclusion is that there is no magic formula for eating sweets without the consequences, avoiding refined sugar, high-fructose and similar stuff is the way to keep healthy and out of trouble.

ps: stevia is probably safe, but I find it has too much of a bitter aftertaste.

2
davak 8 hours ago 0 replies      
MD (but not an endocrinologist) here.

My family and I have been on a low carb diet for years now. I frequently do literature searches on the topic, and the scientific evidence remains less than perfect for just about anything nutrition related.

In talking to metabolism people over the years, the bad artificial sweeteners theories go something like this. When you taste something sweet, your body prepares itself for true sugar. When you don't input the sugar to the body, you become hungry faster. Additionally, when you repeatedly use artificial sugars, you may decrease your sensitivity to the actual sweet taste. Thus, once again, subconsciously you end up eating more sweet things (and thus more calories) to make things taste better.

Anecdotally, I believe I see this. When I drink a diet beverage, I end up getting very hungry soon afterwards. Additionally, when I drop all diet beverages for a while, I notice that things such as veggies taste sweeter. But you asked for empirical evidence. Here are the latest articles that I've noticed...

Diet beverages increased risk of diabetes in middle-aged men. http://www.ncbi.nlm.nih.gov/pubmed/23575771

fMRI shows the process of taste is altered in chronic diet soda drinkers. http://www.ncbi.nlm.nih.gov/pubmed/22583859

Sugar and diet sodas associated with stroke. http://www.ncbi.nlm.nih.gov/pubmed/22492378

3
LarryMade2 5 hours ago 0 replies      
There's the documentary Sweet Misery, that goes into some first hand accounts and history of aspertaime's effects and shady approval... http://www.youtube.com/watch?v=owtF2nt2VX4

I can say for myself I had felt the bad effects of diet soda and now keep clear of it. Maybe it varies based on different folk's physiology? I know people who chug the stuff at work and seem to do well. But it's good to be aware of the symptoms in case you start feeling sick.

4
dylanhassinger 15 hours ago 0 replies      
I've looked into it and couldn't find any hard evidence linking artificial sweetener to cancer, alzeimers, or other problems. Sure there may be side effects, but so far they are undocumented.

Sugar, on the other hand, is one of the most toxic substances we know, with proven links to diabetes, alzheimers, and other ailments. I'll take my chances with Aspartame!

5
flavmartins 16 hours ago 1 reply      
There.

Is THERE evidence...

Yes, there is lots of evidence. Both against artificial sweetener and also regular sugar for the body.

6
shail 7 hours ago 1 reply      
Stevia?
16
Apple Developer Website Update
275 points by danielsiders  3 days ago   210 comments top 51
1
Lightbody 3 days ago 3 replies      
Here's my semi-educated guess for how the attack started: from casual observation (view source, URLs ending with .action, etc) a good chunk of the ADC is written in Java and uses WebWork/Struts2, a framework I helped create years ago.

Late last week a security advisory came out that allows for executing malicious code[1]. Atlassian, which uses similar technology, also issued announcements around the same time[2]. My wild speculation is this was the attack vector.

Sadly, I feel some responsibility for this pretty major security hole. There have been a few like this and they are all rooted in the fact that almost 9 years ago I made the (bad) decision to use OGNL as WebWork's expression language. I did so because it was "powerful" but it opened up all sorts of extra binding trickery I never intended. I haven't been contributing to the project in 5+ years, but this is a good reminder how technology choices tend to stick around a lot longer than you ever imagine :)

[1] http://struts.apache.org/release/2.3.x/docs/s2-016.html[2] https://confluence.atlassian.com/display/BAMBOO/Bamboo+Secur...

2
jpdoctor 3 days ago 6 replies      
> Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers names, mailing addresses, and/or email addresses may have been accessed.

So they can't rule out the possibility that sensitive personal information, which cannot be accessed, has been accessed. Got it.

Apparently our intelligence, which cannot be insulted, has been insulted.

3
tcas 3 days ago 1 reply      
I downloaded the CRL for developer certificates [1] and quickly looked at it using grep:

  grep -E "Revocation Date: Jul 17 .{8} 2013" wwdrccrl.txt | wc -l      3065  grep -E "Revocation Date: Jul 18 .{8} 2013" wwdrccrl.txt | wc -l      2289  grep -E "Revocation Date: Jul 19 .{8} 2013" wwdrccrl.txt | wc -l         2  grep -E "Revocation Date: Jul 20 .{8} 2013" wwdrccrl.txt | wc -l         0  grep -E "Revocation Date: Jul 21 .{8} 2013" wwdrccrl.txt | wc -l         0
These are the two certificates that were revoked on the 19th

  grep -A 3 -B 1 -E "Revocation Date: Jul 19 .{8} 2013" wwdrccrl.txt      Serial Number: 2628C7F90970D227          Revocation Date: Jul 19 03:14:04 2013 GMT          CRL entry extensions:              X509v3 CRL Reason Code:                   Key Compromise  --      Serial Number: 1A51ABFA4844BD45          Revocation Date: Jul 19 03:24:03 2013 GMT          CRL entry extensions:              X509v3 CRL Reason Code:                   Key Compromise
To generate the wwdrccrl.txt file I used:

  openssl crl -inform DER -text -noout -in wwdrca.crl > wwdrccrl.txt
Just to be clear -- every entry there I see lists the reason as Key Compromise, just interesting that they usually seem to revoke at least 2000 certificates a day but suddenly stopped on the 19th with just revoking 2.

[1]http://www.apple.com/certificateauthority/

4
dakrisht 3 days ago 0 replies      
"Completely overhauling our developer systems, updating our server software, and rebuilding our entire database."

That does not sound like an intruder "attempt" by any means.

They got hacked, and they got hacked bad if they're rebuilding databases and overhauling entire enterprise-class systems over there.

Transparent my ass. They're deep in the gutter, 3-days and counting no fix, engineers are probably working 24 hours a day and the entire site is still down. This isn't a small time breach folks. They had to go public considering it will probably be down for a few more days...

5
kyro 3 days ago 2 replies      
No reason to be up in arms, folks. They've got the marketing team working on this too.
6
tsm 3 days ago 3 replies      
These details are befuddling. "Personal information was encrypted and cannot be accessed". It can't be accessed because it's somehow stored elsewhere, or it can't be accessed because of the encryption? That is, does the intruder currently own my encrypted data?

I'm also disappointed that it took them 72 hours to tell us anything, and that the update doesn't even have a timeline for when the site may be back. "Soon" is meaningless.

7
johansch 3 days ago 1 reply      
There is an interesting comment at techcrunch:

http://fyre.it/tjlVmC.4

"[...] One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.

4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this.. [...] "

8
peterkelly 3 days ago 0 replies      
I understand everyone's frustrations with this, and the fact that Apple haven't been immediately clear on exactly what happened. As a developer, I too am alarmed by what has happened.

But these things are complex, and it takes time (i.e. a few days) to fully and properly evaluate what has happened and what information leaks/security breaches have occurred.

Let's give this a reasonable amount of time, and only then pass judgement on their handling of the case.

I don't want to appear like an Apple apologist - and maybe it is a serious fault on their side. But in fairness I do think it's reasonable we give them time to evaluate & respond appropriately.

9
pdknsk 3 days ago 3 replies      
Hmm so it only takes a few days to "completely overhaul" their developer systems? Not sure I believe this is what they're actually doing. And why haven't they updated their server software before? I know mistakes can never be completely avoided, but this seems slightly amateurish for a company with so much cash.
10
peterkelly 3 days ago 3 replies      
Good to see some transparency on Apple's part here.

I understand this must be a very challenging situation for them to deal with, and I appreciate the notification. As I'm sure many developers feel, I'd like to know more details, but I'm sure these will come in due course.

11
sarreph 3 days ago 0 replies      
A little more info from TC:http://techcrunch.com/2013/07/21/apple-confirms-that-the-dev...

Update Just got off the phone with an Apple rep, who confirmed a bit more:

- The hack only affected developer accounts; standard iTunes accounts were not compromised

- Credit card data was not compromised

- They waited three days to alert developers because they were trying to figure out exactly what data was exposed

- There is no time table yet for when the Dev Center will return

12
ChuckMcM 3 days ago 0 replies      
I got this email about an hour ago. I feel sorry for the folks who are "updating our server software, and rebuilding our entire database". Songs will be sung in the opsen bars about about this battle.

From the sound of the email it suggests they have records of some data (perhaps not sensitive data :-) being compromised but no root cause on how it was compromised, so they are re-building systems from the ground up validating, configuring, and then moving to the next step.There are times where this is faster than spending time trying to root cause the exploit.

That said, this is where privacy and security collide. Since logs going back months of what everyone has done on every system really helps reconstruct things, but of course if you have those logs it means that someone else can abuse them.

13
nwh 3 days ago 2 replies      
Uh, how does this "encryption" work?

For the website to show these details (and it does, in part, use these details in the interface) it must be able to decrypt these on the web applications side. Ergo the keys for decryption must also be on the server or derived from the users passwords, both of which make the use of encryption a fairly worthless venture.

ED: As another commenter mentioned in an earlier thread, lots of other AppleID facing applications are gone as well ( https://ecommerce.apple.com/ ), so it would be interesting to find out how far this all goes. The websites don't seem that far disconnected from the information in iCloud.

14
jchimney 3 days ago 0 replies      
I read the comments dismissing apples handling of this. What would you have expected them to do? There is a LOT of forensics going on probably even now trying to get a handle on this. A massive corp isn't going to make an announcement until they have some idea what they're talking about. In my books 4 days is a very quick first announcement from a company of this size.
15
kalleboo 3 days ago 1 reply      
Any idea what "rebuilding our database" means? Reticulating the splines? I hear those go out of alignment sometimes.
16
yapcguy 3 days ago 1 reply      
> "In the spirit of transparency, we want to inform you of the issue."

Ha, what a joke, I can't help laughing at that.

With so many third-party Apple developers drinking the kool-aid, and dreaming of becoming rich, I'm not surprised Apple treat them like fools.

Just yesterday on Twitter, some developers were speculating that the site was taken down to be updated with new SDKs for exciting new features and product lines.

17
jhspaybar 3 days ago 1 reply      
For what it's worth, Wednesday morning at 4am I had an email account associated with my developer account compromised(they both stupidly used the same password). This account was used for almost nothing but accessing my developer accounts at Apple. At the time, I thought my Apple accounts might be in trouble and I immediately changed all my Apple related passwords as well as regained control of my email account. I'm now wondering if the breach might have gone the other direction...
18
blinkingled 3 days ago 0 replies      
> In order to prevent a security threat like this from happening again, were completely overhauling our developer systems, updating our server software, and rebuilding our entire database.

I am wondering what was the thought process behind this gem. I think this looks like a knee jerk reaction and it's particularly lacking polish coming from Apple. I mean clearly Apple knows that "overhauling" systems and updating software is no guarantee for future security. It's not a one time fix - it's an ongoing process. And rebuilding entire database - that's just crazy talk! This is especially inexcusable because the target of this update are developers!

Security is hard - you've got legacy crap, 3rd party/unsupported code, you've got open source code and then you have your own code that has evolved to be a Frankenstein. I don't have a problem with Apple getting it wrong once - but the statement does nothing to make developers confident that Apple will finally get web services right.

19
thepumpkin1979 3 days ago 1 reply      
`rebuilding our entire database`. So the database was... destroyed...?
20
coldcode 3 days ago 1 reply      
Jeez people, a company identifies a hack attempt, stops it, and makes sure it never happens again. How often do you hear that one? Most companies don't even tell you anything happened and if they are forced to, they don't even admit anything bad happened (we only exposed 80,000,000 credit cards, no biggie).

If my employer suffered this I doubt they'd even tell the employees.

What do all of us do when we find a security issue?

21
tlongren 3 days ago 1 reply      
"In the spirit of transparency". Right, Apple.
22
tater 3 days ago 1 reply      
Theres a security researcher commenting on techcrunch claiming he's responsible for the breach here http://fyre.it/tjlVmC.4

His proof uploaded to youtube: http://www.youtube.com/watch?v=q000_EOWy80

23
0x0 3 days ago 1 reply      
I wonder if the hackers managed to get code signing keys out? Ultimate jailbreak?
24
sampk 3 days ago 1 reply      
> intruder attempted to secure personal information

haha "secure". Am so using that word next time my site gets hacked.

25
GR8K 3 days ago 0 replies      
26
jamesjyu 3 days ago 1 reply      
Yep, I can confirm I just got this as well.
27
yulaow 3 days ago 0 replies      
Can it be related to the similar attack on the ubuntu forum? Maybe it was a single group of hackers targeting the servers in which they know a lot of developers have an account
28
0x0 3 days ago 1 reply      
Imagine what you could do here:- break into facebook or twitter or any other high profile dev account- reissue new code signing keys- crack the latest public app and patch in a backdoor- code sign with new keys and submit as an app update
29
plasma 3 days ago 0 replies      
Is the encryption not good enough (and I mean in general when sites get bcrypt'd passwords stolen, etc) when owners are worried the encrypted data is in the hands of intruders?

As a developer I'd still be concerned if I lost such data when encrypted - so I understand - but what measures can be put in place so that as a developer/site owner you're without uncertainty that the encrypted data will never be encrypted by the attacker (eg, would take trillions of years).

30
0x0 3 days ago 1 reply      
Well at least it was "only" the dev center, and not iCloud and iMessage!
31
djvu9 3 days ago 0 replies      
Could it be related to CVE-2013-2251 which was released on 07/20? The URL developer.apple.com/devcenter/ios/index.action seems struts alike..
32
michaelxia 3 days ago 1 reply      
Thanks Apple! This email was super helpful, now I know exactly whats going on.
33
general_failure 3 days ago 1 reply      
If anyone thinks this is the complete truth, well be prepared to be fooled many times more. I mean the thing is down for 3 days now. This must be a huge breach.
34
dphase 3 days ago 1 reply      
This may explain some strange occurrences I had yesterday.

Starting at 7am, I received an Apple ID password reset request every 4 hours and 19 minutes, ending last night at midnight.

This Apple ID is also the login for my personal developer account (several years old). My developers IDs used for work never received a password reset request.

35
rimantas 3 days ago 0 replies      
I got a feeling that the most outraged never used Apple developer portal in their life.
36
GR8K 3 days ago 1 reply      
Manage your Apple ID/password/security questions here: https://appleid.apple.com
37
tszming 3 days ago 0 replies      
>> and rebuilding our entire database.

maybe someone dropped or polluted the database after hacking it, so they need to rebuild the entire database from other sources?

38
tater 3 days ago 0 replies      
I bet Forstall did it.
39
diminoten 3 days ago 4 replies      
Is there any other source that this actually happened besides from a guy posting some text on HN?
40
rogerchucker 3 days ago 0 replies      
How is a developer's mailing address not a sensitive information for that developer? How does a tech company get away making a blanket assumption like that?
41
stephen_gareth 3 days ago 0 replies      
I'm more interested in the identity of the intruder for some reason. Who/what are they? Presumably there are easier targets to steal credit card numbers from, for example.
42
noja 3 days ago 0 replies      
> Sensitive personal information was encrypted

sigh Tell us exactly what was and what wasn't encrypted.

43
zztop 3 days ago 0 replies      
I can't feel too bad for Apple. They use WW/Struts but when was the last time they contributed to the project? They never have. Open source volunteers do their best but unless big corporations want to spend their own money, and do their own security assessments, and contribute back anything they find, what do you expect? It's great when you get things for free, but when you're sitting on billions, send some back to the community you're using code from.
44
rogerchucker 3 days ago 0 replies      
Is there a database of intrusion attempts (and successful ones too) made at tech companies?
45
vmarsy 3 days ago 2 replies      
If the intruder is a patent troll-er, getting developers names and mailing addresses can be pretty harmful.
46
jamin 3 days ago 0 replies      
Thanks Apple. Now what really happened?
47
soheil 3 days ago 0 replies      
wow if they're "overhauling" everything that means Apple knows that hackers got some or all developers' info so it's not just that they can't "rule it out" they just don't want to publicly announce it.
48
jlebrech 3 days ago 0 replies      
glad that i use a password manager and disable no-paste from firebug in order to login.
49
foobarme 3 days ago 0 replies      
Apple jargon for "oh "
50
smallsharptools 3 days ago 5 replies      
Until I see an email from Apple myself I will not see this info as credible.
51
dano414 3 days ago 0 replies      
I got kicked out of an Apple store. I questioned a Managersmanagatorial expertise. I took his angry picture at the door(Eric in Corte Madera). I am tempted to post it on youtube, but feel punishment enough is working there?Oh yea, the reason he was furious at me, is because I didn't like the way he was treating my salesman. I've never understood people who let a title go to their head?Off topic, just venting.
17
What cheap PaaS do you use to host nodejs/Meteor applications?
2 points by cfcf  7 hours ago   1 comment top
1
barylen 2 hours ago 0 replies      
What is the context? Is this for production? Is there a ton of bandwidth to be used?
18
Ask HN: Should I learn a few different languages or become a master of one?
7 points by danielrakh  20 hours ago   12 comments top 8
1
cafard 6 hours ago 0 replies      
Both.

There are very few professional or top-notch amateur musicians who know exactly one instrument. All (I believe) have one best instrument, but for most it's violin and guitar or cello and piano.

You will presently find useful tasks that don't fit into the App world comfortably. Take them as the opportunity to branch out.

2
readme 18 hours ago 1 reply      
Learn at least a server side language for now, and a web framework.

You don't need to learn every single thing about JS (for example, you don't need to know about the DOM and events, unless you decide to build apps with Cordova or something), but if you want to be a good independent mobile developer, having a server side language will enable you to work on your own backends. You'll want to know SQL inside and out, too.

If you don't know ruby or JS yet, I'd recommend just learning JS and using node for your backends with express.js. Node is pretty easy/awesome, don't listen to the neckbeards.

Don't waste your time learning brainfuck or whatever if you want to work in industry building applications. Although things like that are cool, it's never going to have a higher priority than the million other important things you need to learn right now. It's best left to bored CS students who don't want to rake in the cash to learn things like that.

3
wikwocket 15 hours ago 0 replies      
There is nothing quite like working with a platform/language that you know inside and out, where you rarely have to stop and look something up, where you know the best way to do everything. It feels like flying a jet fighter, screaming along at Mach 3.

On the other hand, although it can be frustrating puttering along with a new language/technology, googling some basic question every 10 minutes, that's how you learn, and sometimes you need language XX to accomplish task YY.

Ultimately there is value to both, and as others have said, it depends on your goals. There will be times that call for learning a new stack and getting it done (even if it's coded badly), and times that call for expert application of masters-level deep magic.

4
memracom 13 hours ago 1 reply      
There is no such thing as mastering a language. You can master a style of programming and you can master a set of libraries, but not a language.

Two things flow from this. The first is that once you have mastered the Java libraries or .NET libraries, you can easily add a couple more languages to your repertoire with different programming styles. But the other thing is, that learning a set of libraries is a lot like saying "I can code without using Google!". Is that really an achievement? It's like saying that you don't carry a mobile phone or that you only use human powered transport. Now that Google exists, why would you bother learning a set of libraries inside out.

Far better to learn how to do great work using different programming styles, object oriented, functional, domain driven design, actor systems with a supervisor tree, and so on. That takes practice and cannot be googled.

5
s12chung 19 hours ago 1 reply      
Depends on your goals.

If you have a product in mind, another platform might be more suited for the product, so it may be better to learn that.

If you have fun learning new platforms, why not go for it?

From the standpoint of generating the max amount of "code value", I'd stick to one platform. By maximizing "code value", I mean the max amount of features you can create and the cleanliness of that code given a platform. Note that this does not necessarily translate to business value or value to the consumer. Technology changes so fast, that the value of your knowledge depreciates proportional to every platform you go into. It's like for every basket you put eggs into, you lose more eggs.

In terms of happiness, you might choose a platform based on various characteristics. Do you like UI? Do you like being on the app store? Do you like the intricacies of code? Etc, etc.

For me, I like utilitarian code. It isn't flashy UI-wise or techwise, but it's clean, saves me from headaches and gets the stuff done.

In summary, if you have no goals, choose a platform and stick to it. Each platform has it's own pros and cons, it's up to you to decide what's important.

6
zachlatta 19 hours ago 0 replies      
You seem like you want to try other things, so go for it! I like to think that the best developers are T-shaped. The top of the T is a vast beginner/intermediate understanding of many things. The rest of the T represented a very deep understanding of a select few topics.
7
sker 19 hours ago 0 replies      
Both. There are plenty of resources in the brain to master one language and be competent with many others.
8
waqasx 10 hours ago 0 replies      
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who has practiced one kick 10,000 times."- Bruce Lee
19
Ask HN: How do you hack this hot weather?
3 points by shire  16 hours ago   7 comments top 5
1
geuis 12 hours ago 2 replies      
Satirical answer: move to San Francisco. Most nights this summer have been jacket or sweater weather. I made the escape from the southeast 6+ years ago.

Serious: Close the blinds/curtains. This helps reflect light back out rather than staying inside and heating up the space. Stay low. Heat rises, cool air sinks. If possible, give the hot air somewhere to escape to up high and back outside.

2
27182818284 5 hours ago 0 replies      
I am pretty old fashioned in that I carry a handkerchief and try to have more iced drinks. It works out for me well.

With my AC running all the time and a box fan my electric bill was still only $70ish dollars because our electricity here is dirt cheap. (Partially nuclear)

3
gablebarber 12 hours ago 0 replies      
Being a south Texas native, I live by cold showers several times per day in the summer, even if just for a few minutes, and especially before I go to sleep.
4
groundCode 7 hours ago 0 replies      
mouthwash made with some high quality peppermint essential oil. The menthol in mint plants apparently tricks your brain into thinking you are cooler than you are......
5
andrewhillman 13 hours ago 0 replies      
Fire up the AC, put it by your desk and have a Popsicle! It's Summer, maybe go outside.
20
Show HN and looking for designer for a kids-friendly project
4 points by wanghq  18 hours ago   7 comments top 5
1
gadders 3 hours ago 0 replies      
Sounds like a cool idea. I think there are few other apps (at least on Android) that do a similar thing, and Zoodles is in this space as well.

It is definitely needed though. My daughter loves looking at videos of, say, kittens but you never know what she will stumble upon.

2
waster 14 hours ago 0 replies      
I don't think your design is that awful, actually; and I kind of love that it's pretty gender-neutral.
3
dylancole 10 hours ago 1 reply      
I'm a designer and I'm interested.

Email me: dylancole101@gmail.com

4
wanghq 18 hours ago 0 replies      
5
plexapp 13 hours ago 1 reply      
find me (aster1sk) at riboflav.in (irc) - I'm a dad and have considered developing this exact same thing.

EDIT : mention how you found me - otherwise I'll lolwut

21
Hackernews clone examples
4 points by no_keeptalking  23 hours ago   11 comments top 6
1
conroy 23 hours ago 1 reply      
I'm familiar with three, but they're new or sparsely populated (which may be what you're looking for).

LamerNews http://lamernews.com/ - Created by antirez to showcase a forum backed entirely by Redis.

Lobste.rs https://lobste.rs/ Created by jcs after he was hellbanned from HN

Monocle.io http://monocle.io Created by alex maccaw very recently.

2
unimpressive 20 hours ago 0 replies      
There was one where it had no domain name, just an IP address, all the users were called operators and it had a light brown background.

Can't remember the IP though.

(Not having a domain name to stop certain demographics of people from visiting is a stroke of genius IMO.)

3
codegeek 20 hours ago 0 replies      
5
devonbarrett 21 hours ago 1 reply      
http://telesc.pe - Built in Meteor JS by Sacha Greif & Tom Coleman
6
krapp 17 hours ago 1 reply      
i'm still working on mine...
22
Ask HN: Review my startup, lishman.com
6 points by lishy  1 day ago   6 comments top 3
1
pdx 1 day ago 1 reply      
Clickable...

Introduces the concept.http://www.lishman.com/project/185#card/451

Provides an example of how it can be used.http://www.lishman.com/project/185#card/454/file/7997

Some more information about the application.http://blog.lishman.com

2
kohanz 1 day ago 1 reply      
I like the concept. This would be especially useful for documenting ramp-up guides for new developers.

I didn't see this feature, although I'm sure you've thought of it, but it would be nice to be able to point to and highlight specific lines of code, with arrows and color, to lead the reader from the annotation on the right to the code on the left.

3
wanghq 18 hours ago 1 reply      
I am not sure if you have provided, but could imagine the integration with github should be very useful.

If you or your users could document some popular open source projects, and prove that that's an efficient way to learn something, that will help the adoption.

23
Ask HN: Me(dev) and a marketer want to go 50/50 on a business. Is this fair?
3 points by rfnslyr  21 hours ago   8 comments top 6
1
pyoung 14 hours ago 0 replies      
If you are doing freelance and consulting work, and not product development, then you should set up some type of hourly billing system, or consider setting up some type of'finders fee' for the work he brings in. It should be noted, that most freelancers/consultancies do not need a full time bizdev guy until they have at least a handful of employees and are working on a few projects concurrently. With that said, if he can bring in enough work, it may be worth it (and it should be noted that you will need a lot more than $3000 to keep you both afloat).

Also worth noting, equity in freelance/consulting companies is relatively worthless. Billable hours do not scale, so your revenue will be directly tied to the number of hours you and your employees can work. Because of this, you need to focus on making sure you get a decent salary/hourly wage as soon as possible.

2
ameister14 20 hours ago 0 replies      
Are marketing and sales equal to engineering? Yes.

Should you jump into this without a prior relationship, particularly a business relationship? No.

3
gesman 20 hours ago 0 replies      
Start with going with 50/50 on business he brings to the table. This way you can work with 10 guys like him and evolve accordingly.

If he insists on 50/50 legal contract upfront (which is not unreasonable if he's the star), add the minimal yearly dollar amount clause of the business he brings in.

4
livestyle 21 hours ago 1 reply      
Before you go down that road.. why don't you do a couple of jobs together as a trial?
5
dylancole 10 hours ago 0 replies      
I'm a designer and I'm looking to collaborate with a developer.I have an idea which can outcome to a monthly income regardless clients.

Would you be interested? Email me: dylancole101@gmail.com

6
snaveint 20 hours ago 0 replies      
"I'm okay with it if he truly does bring in work and isn't just dicking around all day"

I think if that is the attitude you're taking going into this, partnering is a bad idea. You will constantly be judging & nit picking his every action.

24
The biggest dongle of them all: the internet
2 points by justintocci  15 hours ago   3 comments top
1
noonespecial 15 hours ago 2 replies      
There's a great big whopping difference between the Adobe example and Facebook. One of them (facebook) the product is the network. It is inherently uncopyable. The other (Adobe) the "network" is bodged on to try to extract just the "uncopyable" attribute without providing any value and, in fact, causing a great deal of value to be lost by invalidating many use cases of the product (archival, offline, etc).

Its not about copy protection vs not, its about how much of your customers' resources and goodwill you are prepared to burn and how much value you are prepared to subtract from your product in order add that "uncopyable" attribute.

Copy protection isn't free. If you choose it, its likely to end up being your most expensive feature to add and support while simultaneously making your product less valuable to your customers.

25
We need help: New Zealand Government About To Legalize Spying On NZ Citizens
11 points by owenwil  1 day ago   2 comments top 2
1
RRWagner 18 hours ago 0 replies      
I didn't know that NZ had such a pressing security threat that would necessitate these actions. A shame really. Such a beautiful place with wonderful people.
2
icu 1 day ago 0 replies      
I've passed your post on to KEA (http://www.keanewzealand.com/) via email info(at)keanewzealand.com.

Lets hope they can post it to the "more than 100,000 talented Kiwis and 'Friends of New Zealand' around the world."

26
Ask HN: Most comfortable keyboard?
10 points by quantumpotato_  2 days ago   21 comments top 18
1
kps 2 days ago 1 reply      
I'm a fan of the Kinesis contoured keyboards, which I've been using for 15 years now.

The two major keyboard fora, which you can use to help research and discuss what would suit you, are http://deskthority.net/ and http://geekhack.org/

2
pasbesoin 2 days ago 0 replies      
For me, not layout but key force and travel became problems. I've ended up with a Kensington keyboard... Ci73 that has a "low profile" and "laptop-type" keys/keyswitches. Much better...

The 73 is wired. They also make a wireless model; however, wireless keyboards have had security issues, particularly at the time I settled on the Kensington, and so I avoided wireless.

I have it adjusted to the "right height" behind a 3M gel wristpad model that, unfortunately, is no longer made.

Amongst the choices in this category, note that IBM and now Lenovo make a ThinkPad style external keyboard. The last I checked, there were two revisions. I think the former had an integrated trackpad while the latter did not. Opinions varied as to which was better.

YMMV. But for some, it may be worth considering key action and travel, particularly if you've ever found yourself favoring a laptop keyboard (perhaps before so many of them went "chiclet") over a desktop/external keyboard.

3
jfb 2 days ago 0 replies      
It depends. I've used a lot in the ~20 years or so I've been programming; and I've come over the last decade or so to rely on the Kinesis Advantage. The big reason I chose it when I did is because it doesn't force your wrists into a positive angle, which always causes me pain.

I used to use a Model M or one of its derivatives; I also spent a lot of time on the old Sun keyboards. I never found the key action to be as important to my continued health as the physical design; I also don't use a custom layout. I'm happy with my choices, although occasionally I try something new.

4
iron_ball 2 days ago 0 replies      
The Microsoft Natural is my pick. Split enough for ergonomics, good key response, not very expensive.

http://www.amazon.com/Microsoft-A11-00337-Natural-Keyboard-E...

5
Terretta 2 days ago 0 replies      
Goldtouch two axis adjustable ergo keyboard for Mac (and PC):

http://www.goldtouch.com/p-2-goldtouch-v2-adjustable-comfort...

6
digisth 2 days ago 0 replies      
I've been using the Kinesis Maxim for years, and I highly recommend it. It's split, adjustable (both width and height), has great keying, and is very sturdy:

http://www.kinesis-ergo.com/max-spec.htm

7
meerita 1 day ago 0 replies      
A mechanical one, for sure. Then, what it would matter it's the type of the switches. I use black ones, because I like gaming and it's what its for but i code a lot with it. It depends on your taste.

Probably the most comfortable but expensive ones are the Topre's capacitive switches, used on Happy Hacking keyboards, they're a mix of best quality, comfort and healthy keyboards you can acquire.

For coding, writing, experts recommend blue or brown switches, but in the end, it is our own taste what it will matter.

8
codereflection 2 days ago 0 replies      
I've been a fan of the Kinesis Freestyle keyboards for years http://www.kinesis-ergo.com/freestyle2.htm.

They're a little more expensive than most, but totally worth the price. I never could get used to the MS Ergo keyboards, same experience, the keys take too much effort. Bonus, all of my wrist pain as disappeared since switching to the Freestyle.

9
rfnslyr 2 days ago 0 replies      
This keyboard is extremely good. I've been using it for years and I've never gone back to anything other than this.

http://www.logitech.com/en-us/support/illuminated-keyboard?o...

10
Sealy 1 day ago 0 replies      
I actually prefer the feel of laptop style keys so the apple keyboards get my vote. I find the low travel and light weight touch is easier on RSI.
11
GoNB 2 days ago 0 replies      
I have a Noppoo Choc Mini. It's on the quieter side of mechanical keyboards (Cherry Reds). It's more of a typing/gaming keyboard, but I can still type 110+ WPM consistently and without pain. http://www.amazon.com/gp/product/B0091QOCNA/ref=wms_ohs_prod...

If you're looking to reduce RSI/wrist pain, I found that far more important than a keyboard is your posture and arm position. More or less: http://www.egodevelopment.com/wp-content/uploads/2008/03/4.j... I would actually have my monitor a tad higher than in that picture)

12
swayvil 1 day ago 0 replies      
Deck 82 key. Glowing yellow symbols on black keys. Smooth action. Built like a tank. It's perfect.

http://www.deckkeyboards.com/product_info.php?products_id=30

13
mushrew 2 days ago 1 reply      
http://ergodox.org/ you can get more info at http://deskthority.net/workshop-f7/split-ergonomic-keyboard-... or geekhack.org/index.php?topic=22780.0;nowap

It's open source, but I purchased my own DIY kit a few months ago from massdrop.com

14
talles 2 days ago 0 replies      
I always wanted a HHK (happy hacking keyboard, http://www.pfusystems.com/embedded-keyboard/hhkb/index.html), but it seems impossible to get one around here (Brazil).

At home I use a razer cyclosa (not mechanical, but feels really good though).At work I use a dell keyboard (with a huge spacebar, I love it).

15
c54 2 days ago 0 replies      
Having mechanical switches is a mandatory keyboard feature for me (and I'm sure it wouldn't be hard to find others who agree)

If you want to go all out get one of these http://www.trulyergonomic.com/ (ergonomic, kinda different keyboard layout, mechanical switches). There'd be a definite learning curve.

16
deadfall 2 days ago 0 replies      
I had a coworker swear by the Das Keyboard. Very pricey but was nice on the fingers and reduce typing noise. I have had this on my list of things to buy. I use a cheap HP SK-2880 keyboard meow but it is pretty comfortable.

http://www.daskeyboard.com/model-s-ultimate/

17
ScottWhigham 2 days ago 0 replies      
I liked the MS Ergo but, due to an office change, needed a wireless keyboard. I switched to the Logitech wireless keyboard and have absolutely hated it. The keys are too small and I make so many mistakes while coding, and that's after a year with it. Whatever you buy, check the size against the MSFT keyboard so that you don't do what I did: get stuck with a keyboard that's too small for you.
18
mrexroad 2 days ago 0 replies      
work: Kinesis Advantagehome: IBM Model M (from my first computer)

the kinesis advantage has been a huge improvement for my wrists and elbows. the large space between where my hands are positioned has probably been the greatest factor.

27
Apple Developer System Status Update
4 points by jpttsn  20 hours ago   1 comment top
1
bennyg 19 hours ago 0 replies      
28
Ask HN: What is your Node.js & MongoDB development setup & procedures?
7 points by tsenkov  1 day ago   7 comments top 2
1
tsenkov 1 day ago 1 reply      
To kickstart a discussion:

Does anyone use the MEAN stack: mongoDB, ExpressJS, AngularJS and NodeJS?

http://blog.mongodb.org/post/49262866911/the-mean-stack-mong...

I am starting a project and currently I am leaning towards NodeJS with Express and MongoDB on the server-side and RequireJS(or WireJS) and Knockout on the client side.I intend to use QUnit for the client app's testing, but have no idea what should I use for Node testing (unit and load/stress).Since it will be just me, I will probably setup Jenkins on my own machine for a build server.I am currently using appfog for staging/testing.

That's pretty much it. (My project includes a mobile part as well, but I guess this is outside of the scope of this discussion, so I wont get into that.)

2
smanuel 1 day ago 1 reply      
Hosting everything on Linode.

nginx as a load balancer (running 4 node processes on different ports as upstart scripts with respawn) and for serving static files.

Express + Jade (but I do most of the things on the client - calling REST API)

redis as a session store: https://github.com/visionmedia/connect-redis

DB - MongoDb (I also use Mongoose: http://mongoosejs.com/)

I also host most of the static resources on S3 and they are served through CloudFront CDN.At first I used this module (for easier deploying the resources to S3):https://github.com/niftylettuce/express-cdnbut later I had to rewrite most of the things to handle my specific requirements (using knox).

Tests (client and server side): Mocha + sinon + chai

CSS: Less + less-middleware

JS: UglifyJS + express-uglify

I'm also running a worker process and a scheduler process. For communication between the worker, web and scheduler processes - RabbitMQ.

Deploying everything with git push in master (custom github post push hook).No build server. Have nothing to build.

Client side: jQuery (of course) + AngularJS + custom code for bootstrapping the SPA.

KnockoutJS - Naaw.

Hope this info helps.

P.S. Authentication: http://passportjs.org/

29
Ask HN: Share your top 10 linux commands
7 points by giis  1 day ago   15 comments top 15
1
tluyben2 1 day ago 0 replies      

     1237  23.7%  ls     2119  11.9%  cd     391   9.1%   vim     468   6.8%   screen     545   4.5%   exit     640   4%     more     740   4%     grep     831   3.1%   top     925   2.5%   ps    1018   1.8%   df
Seems weird that these would be my most used commands. Although screen contains stuff which is not the history outside screen. And I spend by far the most time in screen. So let's see what the screens have:

cross compiling for ARM screen:

     1  160  26.9815%   ls     2  102  17.2007%   make     3  79   13.3221%   cd     4  51   8.60034%   find     5  47   7.9258%    vim     6  39   6.57673%   more     7  10   1.68634%   git     8  9    1.51771%   grep     9  4    0.674536%  tar    10  4    0.674536%  rm
web dev screen:

     146  20.8145%   vim     231  14.0271%   ls     321  9.50226%   git     420  9.04977%   supervisor     512  5.42986%   more     66   2.71493%   ssh     76   2.71493%   cd     85   2.26244%   nano     94   1.80995%   ps    103   1.35747%   sudo
Haskell dev screen (painful day today fighting with cabal):

     180  16%    cabal     264  12.8%  nano     363  12.6%  ls     422  4.4%   more     521  4.2%   cd     621  4.2%   apt-get     720  4%     supervisor     818  3.6%   git     915  3%     ghc    1012  2.4%   find

2
akavi 22 hours ago 0 replies      
On my work computer (I'm a webdev):

     1101  20.2%  vim     264   12.8%  gs     356   11.2%  cd     449   9.8%   git     540   8%     ls     630   6%     ga     720   4%     grep     820   4%     gcm     920   4%     brake    1014   2.8%   gpso
`git` actually is a much higher percentage, since `gs`, `ga`, `gcm`, and `gpso` are aliases for various git commands.

3
S4M 10 hours ago 0 replies      
At work:

     1121     24.2%  ls     283      16.6%  svn     340      8%     cd     438      7.6%   cat     531      6.2%   sudo     621      4.2%   scp     720      4%     zip     818      3.6%   mysql     915      3%     xrandr    1014      2.8%   ssh

4
ja27 1 day ago 0 replies      
On my MacBook:

     1110  22%    ls     299   19.8%  cd     344   8.8%   top     439   7.8%   vi     523   4.6%   pwd     623   4.6%   crashoff     716   3.2%   rm     814   2.8%   du     912   2.4%   crashon    1011   2.2%   ssh
(crashon / crashoff are scripts to start and stop CrashPlan)

Raspberry Pi:

     185  26.3158%   ls     253  16.4087%   sudo     320  6.19195%   pwd     420  6.19195%   cd     519  5.88235%   exit     617  5.26316%   crontab     712  3.71517%   df     811  3.40557%   streamripper     910  3.09598%   ps    109   2.78638%   date
(was setting up a streamripper cronjob recently, so it's skewed)

5
dllthomas 1 day ago 0 replies      
My results vary pretty dramatically depending on which of my history files I point it at, as expected (I separate them by context).

It seems like this'll be warped by a couple things, though. It only sees the first command in a pipeline (I don't see a good general solution to this...) and loops just see the loop, blocks just see the { or (, etc. It's also going to be missing hidden lines (HISTCONTROL=ignoredups, etc).

Interesting, nonetheless.

6
LarryMade2 1 day ago 0 replies      

     1116  39.4558%   sudo     237   12.585%    cd     329   9.86395%   ls     45    1.70068%   traceroute     55    1.70068%   nautilus     65    1.70068%   ifconfig     75    1.70068%   chmod     84    1.36054%   ssh     93    1.02041%   x64    103    1.02041%   ping
Nothing too exciting, use Ubuntu desktop mostly, most of the sudo stuff is likely apt-get and other non-repository installation stuff. Network debugging, Nautilus was when I was trying out desktop managers managers... Glad to see VICE C64 emulator on the list.

7
gee_totes 1 day ago 0 replies      

     1182  18.2%  git     2151  15.1%  ls     3125  12.5%  cd     451   5.1%   rake     546   4.6%   cat     643   4.3%   vi     736   3.6%   tail     833   3.3%   casperjs     932   3.2%   rails    1029   2.9%   tubesio
Lol, I use cat more than vim (not really, I just have one vim session open and navigate files with :e)

8
anderspetersson 19 hours ago 0 replies      

     183  16.6%  django-admin.py     273  14.6%  git     356  11.2%  fab     442  8.4%   ls     540  8%     cd     639  7.8%   ssh     724  4.8%   knife     816  3.2%   python     914  2.8%   pip    1013  2.6%   ping

9
zachlatta 1 day ago 0 replies      

     11743  35.0493%    git     2726   14.5988%    ls     3385   7.74181%    cd     4314   6.3141%     rvm     5307   6.17334%    vim     6197   3.96139%    rake     798    1.97064%    tmux     897    1.95053%    ..     986    1.72934%    ag    1072    1.44782%    rspec
Not too surprising. I'm surprised how high rvm is on the list.

10
caw 1 day ago 0 replies      
Mostly sysadmin stuff, because that's what I do.

     1  177  19.2601%   ls     2  113  12.296%    vim     3  101  10.9902%   cd     4  95   10.3373%   ssh     7  25   2.72035%   rm     8  18   1.95865%   grep    10  13   1.41458%   df

11
beigeotter 20 hours ago 0 replies      
On my macbook:

   190  18%    cd     286  17.2%  rails     364  12.8%  ls     444  8.8%   ssh     537  7.4%   rake     634  6.8%   ping     724  4.8%   git     821  4.2%   dig     911  2.2%   cat    109   1.8%   whois

12
plexapp 13 hours ago 0 replies      
On desktop :

     1124  12.4%  ls     2115  11.5%  ssh     396   9.6%   cd     491   9.1%   git     589   8.9%   vi     672   7.2%   sudo     736   3.6%   rm     824   2.4%   vagrant     918   1.8%   adb    1017   1.7%   cat

13
plexapp 13 hours ago 0 replies      
On dev box :

     1213  21.3%  vi     2172  17.2%  git     3161  16.1%  ls     4135  13.5%  cd     537   3.7%   python     636   3.6%   screen     732   3.2%   rm     821   2.1%   wget     918   1.8%   mv    1015   1.5%   cat

14
adampresley 1 day ago 0 replies      

     1331  33.1%  git     2170  17%    cd     376   7.6%   exit     471   7.1%   ll     553   5.3%   make     649   4.9%   ls     741   4.1%   fab     832   3.2%   find     930   3%     sudo    1016   1.6%   rm

15
giis 1 day ago 0 replies      
interesting to see 'git' commonly used more like regular bash commands :
30
Ask HN: Developing Web Apps around SQL tables that have millions of rows
11 points by mihok  2 days ago   11 comments top 6
1
tixocloud 2 days ago 1 reply      
TLDR; Split databases, split tables, prefetch queries with cron jobs or database functions, use separate servers, don't collect redundant data

As a BI developer, I'd also like to second the idea of being able to split the table up and changing your architecture. Ideally, you would leave your production database untouched and have a replicated database to work with. The replicated database will of course still probably be really massive, so you will want to create tables specifically for querying (attempts to simulate a data mart) where you only grab the data that you need for querying. Another idea would be to have cron jobs pre-query at say midnight so when your users hit the database, they are fetching pre-fetched data.

Also, if it's rising exponentially, I would have a look to see if all that data is really what you need. It's great to collect every single piece of data if you can but if you can't cover the costs to do that and there's no added value to all that data, it doesn't make sense to keep everything.

2
hashtree 2 days ago 1 reply      
What type of data makes up the rows? Relational databases fit many data persistance problems, however there are other types of databases which might be more applicable to your problem. Essentially, use the right tool for the job.

Relational, key/value, document, columnar, graph. Within each of those types there are specific implmentations (mysql, postgres, oracle, redis, riak, neo4j, titan, cassandra, mongodb, couchdb, etc), each with their own pros/cons.

Within the relational database realm, make sure you understand: when and when not to normalize/denormalize, clustered/non-clustered indexes, btree/rtree/hash indexes, schema design, storage engines, partitioning, master/slave, replication, caching strategies, execution plan optimization, etc..

3
txutxu 2 days ago 1 reply      
You have get already very good tips. I could add this ones for completion:

Review your backups and contingency plans (and measure your restore times).

Usually you will want a mysql.conf for production mode, and a different one for full restore (with different parameters). A full restore of a so big database with the mysql defaults, can take looooooooong.

As an anecdote, in the most big mysql system I've ever touched, there was a "performance problem", when I got the credentials and started to review, 3 different sysadmins, had scheduled 3 different full backups daily, using dumps. Some of them at office hours.

Yes, this is just plainly stupid, but it's an example of real life.

On a big database system, backups (and restores) is something who is convenient to design with care, to monitor, and to measure/adapt periodically.

If you go to master/slave(s) usually you can make backups from some slave, without disrupt the master operations.

Also, you maybe interested in play with things like mysqlproxy to split reads/writes, so you can have writes going to master, but reads spread across multiple slaves.

I assume you're already using 64bits, and that you know already about mysql tuning variables.

4
ScottWhigham 2 days ago 1 reply      
If you're growing at that pace, you can't do just one thing; you've got to attack it on multiple fronts. I approach things like this doing something like this:

1) Optimize data type usage

2) Optimize indexing - removing redundant indexes, adding new indexes, changing existing indexes

3) Optimize storage - get your SAN/disks in order

4) Partition the data in such a way that you serve queries and users quickly

If you do the above, you should easily be able to scale any decent hardware into 10x where you are now. That will buy you some time to then build a data warehouse and backend support/reporting systems. At some point you're going to be in a spot where you either have to invest $5m+ in hardware to keep serving your current data, or you're going to have to start archiving some of this data to a data warehouse.

5
dpcx 2 days ago 0 replies      
Make sure you're storing your data optimally, and look in to sharding your data if possible.
6
devonbarrett 2 days ago 1 reply      
Drop Apache use Ngix and make sure your cacheing what you can.
       cached 25 July 2013 20:05:01 GMT