hacker news with inline top comments    .. more ..    11 Aug 2013 Ask
home   ask   best   6 years ago   
Difficulty getting an Annoying Chromium/Chrome Bug Fixed
2 points by alb2550  2 hours ago   2 comments top 2
pdknsk 1 hour ago 0 replies      
You'll be waiting for many years. You only got Priority-3 on this. Try to make a case in #chromium, where many Googlers are. You'll probably be ignored though.


alb2550 1 hour ago 0 replies      
Here's another, longer discussion that's over 3 years old about the same problem:


And whoa, hold on there, here's a topic that was posted just after the issue popped up in 2008:


Ask HN: Advice on secure email system
5 points by sigkill  5 hours ago   4 comments top
Ihmahr 4 hours ago 1 reply      

Notice that the current bitmessage implementation has scalability problems (and they do not seem to care).

Consider a p2p message system like this one:Messages are divided in headers and bodies. Headers are less than 0.1kb and messages can be as large as you want. Headers contain a micro-message or they point to an id of a body or to a url. Like bitmessage, you have to generate a poof of word (POW) in order to send a message. The headers contain a 'to' address field. This can be partially filled out, or left blank.

Strong clients:

Receive everything and hold everything (for a day). They help their peers.

Mobile clients:

They have a 'light' address. They make the first n bits of their address public to their peers. Then they receive only the headers where the to address is partially disclosed and the leading bits match. The more bits of your address you disclose, the 'lighter' your address is. This is also the way to scale for a few billion people. Bodies can be downloaded similarly or even with specific id. Mobile clients never send any content to their peers, nor do they retain other people's messages.


So far this is p2p. But nobody wants to be a peer of a mobile client, or they might want an excellent connection to one peer. This is where more central services come in. They accept payment for a connection and provide high-speed. They also accept the useless mobile/light clients. Also these services could calculate the POW for the light clients.What happens if one or all such services go down? Not much, because the services were just high-speed peers. The network can continue as a normal p2p network.

I have a lot more ideas on how to improve this design.

Ask HN: Key employee probably going to prison. How do we best tell investors?
9 points by thisblows  8 hours ago   8 comments top 3
anigbrowl 6 hours ago 1 reply      
Wow, that does blow. There's a yes/no question I would like to ask you in confidence, if you don't mind sending me an email.

If you have an ongoing relationship with the VC then I would inform that person up front of the basic circumstances and say that you will present a plan of action for moving forward at the meeting. Be circumspect, as you have certain responsibilities towards your employee by law so you shouldn't disclose more than you absolutely need to (so as not to expose yourself to possible employment litigation).

declandewet 7 hours ago 0 replies      
If I were involved in upper management of a VC I would want to know as immediately as the information was found out, but I would also want to know that the founders were competent enough to discuss the matter in full with each other before making a decision.
erichurkman 6 hours ago 1 reply      
Curious: Is there any chance of a work-release type program?
Ask HN: Is anyone still using TiddlyWiki?
7 points by platz  9 hours ago   3 comments top 3
vijucat 22 minutes ago 0 replies      
I moved on to OneNote for personal / confidential notes (trading strategies, mainly) + EverNote for things I would like to sync across all devices.

(A negative answer is probably not what you were looking for, but I thought it may be useful to mention to WHAT I moved on to from TiddlyWiki).

But the idea was very cool, and I truly appreciate the "small is beautiful" design that it embodies.

Casseres 3 hours ago 0 replies      
TiddlyWiki is an awesome experiment in self-editing, cross-platform files. A while back, it led me on search to find the best self-editing, encrypted file to store personal info in, that could be accessible anywhere. I eventually came across Message Vault [0]. It seemed to be abandoned by its creator though. The original domain name for it was available, so I scooped it up for the purpose of hosting the file. I'm not big on crypto, so I don't know how secure it is. It's on my to do list someday to analyze it more carefully.

[0] http://messagevault.org/

rkda 6 hours ago 0 replies      
Still using mine mostly as a link dump. Using tiddlyspace right now :)
Ask HN: An alternative to Uservoice and other feedback systems
2 points by dylz  4 hours ago   discuss
We need an NRA for privacy
214 points by plg  1 day ago   167 comments top 26
rayiner 1 day ago 7 replies      
Privacy advocates need to get their act together and form a single-issue organization. I need to be seeing teenagers coming to my house peddling privacy the way they do for churches and baby seals. The tech industry needs to sack up and realize that their business interests are at stake, and put some serious money in PACs behind the whole effort. It needs to have a focused mission, no getting distracted in related issues (e.g. copyright reform or reform of hacking laws), but be a big tent (don't care what else your other viewpoints are). There needs to be a diversity of messages, targeted at different demographics. There has to be something in it not just for techie yuppies in San Francisco, but also church-going grandmothers in small-town Iowa (any political movement that can't capture at least some old people is dead on arrival). That's a key strength of the NRA: it has vigorous support across a wide diversity of voting demographics.

The EFF and the ACLU are fine for what they are, but they've got too broad of a mandate to have the kind of focused impact you want. You can't be an effective mainstream advocacy organization when you're off defending unsympathetic people for principled purposes. That's an important thing too, but it's a different thing.

For people interested in effecting real political change, I seriously recommend watching this documentary on the Prohibition: http://www.pbs.org/kenburns/prohibition. One group of people got a nation that until (and during and after!) prohibition drank 140 million gallons of liquor a year to outlaw alcohol. The money wasn't on their side (the government made 1/3 of its revenues from liquor taxes and the beer makers had tremendous power), but they accomplished their goal by masterful politicking: http://en.wikipedia.org/wiki/Wayne_Wheeler.

"Under Wheeler's leadership, the League focused entirely on the goal of achieving Prohibition. It organized at the grass-roots level and worked extensively through churches. It supported or opposed candidates based entirely on their position regarding prohibition, completely disregarding political party affiliation or other issues. Unlike other temperance groups, the Anti-Saloon League worked with the two major parties rather than backing the smaller Prohibition Party."

hga 1 day ago 5 replies      
What has made "the NRA"---really, gunowners, the NRA has but a fraction of them as members---so powerful?

Well, first of course there's a lot of us. Even having only a fraction, the NRA now has 5 million members. The EFF? I would be surprised to learn they had more than 50,000 (couldn't find a number in a quick search).

2nd, we vote, and many of us vote first and foremost on this issue. Especially since it's a good general touchstone, not that more than a tiny tiny fraction of national level politicians really give a damn about either issue no matter what they say most of the time.

3rd, there are many major elections where it's clear gunowners were a necessary if not necessarily sufficient part of the winning side. Gun control at the national level mostly disappeared in this century until Newtown after the Democrats suffered a string of catastrophic defeats from losing both houses of the Congress in 1994 to Al Gore losing by a whisker in 2000. That it was even close is telling, especially since Bush isn't much of a conservative or friend to gun owners, e.g. he officially supported renewal of the "assault weapons" ban.

(Note that it's in our cultural DNA to defy being told we can't or shouldn't have something, be it guns or e.g. drugs. But those are tangible, literally put your hands on them things, not like "privacy", the loss of which isn't immediately visible.)

On the side of the Stupid Party, every post-Reagan defeated Presidential candidate was, or appeared to be bad on gun ownership (Romney's actions were good, but his rhetoric was very bad). Again, the very narrow margins by which Bush won in 2000 and 2004 are probably also telling, bad rhetoric and very few good actions.

Now for some historical specifics that made a difference:

The biggest is how extreme gun grabbers are. While businessman Eric Schmidt is notorious for some creepy even if possibly true statements, I'm not aware of any national level politician who's willing to go on record saying we have no right whatsoever to privacy (whatever they actually believe).

Nothing compared to e.g. Dianne Feinstein's "If I could have gotten 51 votes in the Senate of the United States for an outright ban, picking up every one of them . . . Mr. and Mrs. America, turn 'em all in, I would have done it. I could not do that. The votes weren't here.", or Michael Dukakis' "I do not believe in people owning guns. Guns should be owned only by police and military. I am going to do everything I can to disarm this state."

Legislation stripping us of gun rights are much more in your face than e.g. FISA, and have much more concrete results (see below). Privacy is much more a Federal issue, although there have been a number of gun privacy atrocities at the state and local level. Whereas the nation frequently watches some state go crazy and e.g. tell you that you can load only 7 bullets in your 10 round magazines ("clips"), and arrest people on that basis. Plus hypocrisy, there are many many carve outs for the anointed, be they police or politicians, or the frequent discovery that a prominent gun grabber owns guns. And all the politicians with armed bodyguards telling the rest of us we don't deserve that level of protection.

Then there are specific atrocities, cases well known by gun owners of innocents brutalized or killed by abusive organs of the states. This became big a while after the national Gun Control Act of 1968 was passed, when the BATF had to find something to do for its Revenuers after sugar price supports killed the moonshine industry.

Our side can point to kittens killed ("I swear I am not making this up"), pregnant mothers who miscarried, people crippled for life, mothers shot dead while holding a baby (Ruby Ridge, in which the BATF was enlisted to try to force her husband to spy), and many many outright killed (Waco started out as a BATF "ricebowl" operation, they wanted some nice video for their first budget in the Clinton Administration). Plus a constant drumbeat of gun owners ensnared by "flypaper" laws in gun grabbing localities; even NYC has realized it's damaging their tourist industry.

And how could I forget Fast and Furious, just one of several Federal Government gun running operations that sent thousands of guns south of the border, resulting in 350 deaths and counting, just to generate better statistics for gun grabbing propaganda (that reason is now on record and any other explanation suffers an Underpants Gnomes logical error).

The very secrecy of our national security privacy problems makes the latter problematical. Ignoring that the targets of the DEA are seldom ones we can empathize with, that they launder the tips they get from the NSA means that as of now I don't think there's a single specific case we know of.

And one final general point: lots of public figures are willing if not happy to demonize gun owners of almost every sort, and gun organizations (we can see the latter in this discussion). That results in strong push-back from the targeted (again, it's not in our cultural DNA to take that lying down).

lambda 1 day ago 3 replies      
It's called the EFF.

The problem is, it's mostly supported by individuals, not the industry. And there are a lot more individuals interested in gun rights than electronic rights. It has a budget that's a tiny fraction of the NRA's.

jstalin 1 day ago 0 replies      
Go. Right now. Donate all you can to EFF. NOW.


Other ways you can help EFF, like using their Amazon referral link:


k2enemy 1 day ago 2 replies      
The NRA is a powerhouse because millions of Americans (and manufacturers) care enough about guns and the 2nd amendment to be willing to donate and pay fees to the NRA.

Privacy? Not so much. But we do have the EFF. So donate!

oinksoft 1 day ago 8 replies      
There's a reason the NRA can do what they do: Guns are a >$30B/year industry.


jellicle 1 day ago 3 replies      
Currently 59 comments on this post, 2 hours old, I did a ctrl-F "epic" and get no results.

So apparently no one at Hacker News knows about EPIC:


which is, more or less, what the original poster is asking for. They're not militant, I suppose. They don't have the same level of anger that the NRA manages to harness, don't have talk radio hosts promoting them, that sort of thing. But they do exist and are focused on this one issue of electronic privacy, and yet apparently are failing at their job of self-promotion, because no one on HN knows they exist.

Are they failing to do enough outreach? Is a different organization really needed, or does EPIC just need to do a better job of marketing itself?

robg 1 day ago 1 reply      
Privacy isn't explicitly guaranteed in the Constitution. So the Court has tended to side with the Government on matters of National Security vs. Privacy. In fact, the Constitution guarantees searches for the Government, so long as they are reasonable. On matters of national security versus a database, national security readily wins. The Court finds those searches reasonable.

So, in the case of Privacy, you aren't fighting your Representatives who can be bought to change laws. You are fighting the Court. That fight is much more of a long game. And that long game would seem to be better won through broader Civil Rights which are already under attack. Read the First Amendment and think of Snowden and the media. Read the 4th and consider the broadness of "unreasonable" and where it extends to property seizure laws. Heck read the 8th and consider how broadly solitary confinement is used as punishment in our prisons. Or how anti-drug and anti-marriage laws restrict personal choice. To me, protection of our broad Rights against the Leviathan is the issue of our time.

That said, the 2nd Amendment is also an ally in this fight. In contrast to Privacy, the right of gun ownership is explicitly guaranteed and the NRA is a partner in questions of privacy. We just need to help them realize that the national security apparatus could easily be expanded inwards to target gun owners. We need to help them realize that the technology to do so is already trivial for the Big Bad Government.

VandyILL 1 day ago 1 reply      
I don't think it'll work.

The NRA & the gun industry have successfully marketed a product, and the NRA has successfully marketed itself as the means of protecting customer's rights to that product.

Note, the NRA doesn't have to be the one that markets gun ownership as a positive - that can come from any number of sources, inside and outside of the gun industry. The NRA just has to give the image of being the political outlet to protect that right. Thus the media and/or possibly the gun industry can throw gas on the fire to show that guns are a necessity of American life and in turn because of it's perceived credibility on the issue people vote according to what the NRA says.

Now, presently I don't think either the NRA or the industry really has to do much work marketing guns. All they have to do is hold back the tide whenever a tragic event happens and forestall action when the willpower to change is present. Then, when election season rolls around, they just remind their members how to vote.

In the case of privacy there is #1 no product, and #2 no clear "defender" of our right to privacy. Further, given the nature of privacy, I don't think there will ever be a clear product or defender for/of that right. Without that, there's never going to be the approach that markets the product as a necessity or a group people will pay attention to when voting.

Just think about the ACLU - part of their mission is privacy. But yet I'm sure half the people who care about internet privacy don't even like much less trust the ACLU. EFF - majority of the population hasn't heard of them. It's just too sensitive of an issue to have a blanket organization representing everyone's interest.

Finally, as a side note, I think I would pay for an email service like this: free email, with conditional payments. Whenever the service receives and refuses a government request, it charges a very small fee (couple cents or even a penny - will wait till x amount has accrued before charging card). Then in turn, the payment fee goes to the campaign of a pro-privacy candidate or organization like the EFF etc.

protomyth 1 day ago 0 replies      
It comes down to this, Does the EFF scare Senators and Representatives at election time? If the organization that defends your rights doesn't scare the hell out of a campaign (to the point opponents demonize the organization and its members) then they are worthless for advocacy in this era.

The NRA does this and, like the ACLU, knows to defend the extremes. If we want the 4th amendment defended, then we need that type of organization.

danso 1 day ago 0 replies      
The NRA actually does stand up for privacy: of its members, anyway. You've probably heard of those stances being used against the NRA sometimes, for example, when they've fought to prevent the Feds to deny gun rights to people who have been placed on terrorism-related suspicions list (which, by some reports, was as inaccurate as the no-fly lists).

If you hate the NRA, it's easy to paint this political stance as nothing but a move of pure-gun-lust...however, such stances set precedent for other privacy related rights. To put it another way, just because the ACLU defends pornographers, it doesn't mean the ACLU is doing it purely out of love for pornography.

edit: In any case, there will never be a "NRA for Privacy". Pause and think about it. What does the average person experience in terms of privacy invasion? Not too much, and not at a constant clip. Would that average person be able to discern between heavy privacy protections versus some privacy protections, on a daily basis? Not really, you mostly only know your privacy is being invaded when it's too late.

Compare that with how your life as a gun owner changes if, say, conceal and carry is revoked. Or AR15 rifles are banned. You experience that immediately.

Also, good luck getting celebrities on board. They are used to having their privacy violated as a matter of routine. For them to experience a real change in privacy would involve infringing on certain First Amendment rights (look up the difference between public and private figures)

aubergene 1 day ago 1 reply      
Systems like PRISM should be a lobbying issue for the NRA. Background checks and gun ownership registration become moot when the government has copies of all your web browsing history, purchasing activity and correspondence. PRISM is the biggest threat to the second amendment, the NRA needs to wake up to this.
johnny22 1 day ago 2 replies      
it's called the EFF.. DONATE!
wes-exp 1 day ago 0 replies      
Privacy is what economists call an "externality" - i.e., the full cost of harming privacy is not accounted for in conventional business activity (like pollution).

In the past, naturally occurring inefficiencies helped to safeguard privacy. Privacy was free. However, now that the technology to collect, store, analyze, and distribute information is so cheap and readily available, we are seeing a massive loss of privacy.

As an economic externality, privacy can only be protected through deliberate effort. We will not get privacy unless we demand it from society. Therefore, political action is a prerequisite. Pro-privacy organizations will be essential in the years ahead.

tippytop 1 day ago 1 reply      
We need a privacy amendment to the Constitution. It needs to shore up the legalese of the 4th which lawyers have made a runaround.
_pmf_ 1 day ago 0 replies      
The problem is that people really love guns.

People only like privacy as an optional concept; what they really like is sharing their personal information with strangers on the internet.

jbaiter 1 day ago 0 replies      
How about the ACLU and the EFF?
brador 1 day ago 1 reply      
The problem is encryption is useful for many things. Some good, some bad. It's great for underground humanitarian organizations in third world countries...it's also great for kiddy diddlers hiding their stash. But the tech is the same, so we pick both or non. Right now, government is leaning on none.
pcvarmint 1 day ago 0 replies      
The NRA is not the most gun-friendly organization. The JPFO and Gun Owners of America are better. The NRA is a sellout, compromising on principles in order to maintain political power.

Just as the Rutherford Institute is more protective of individual rights than the ACLU is.

But you're right we need an organization for privacy.

The EPIC and EFF are not enough.

tomphoolery 1 day ago 0 replies      
I would join this, and be as militant as the NRA.
jydarche 1 day ago 0 replies      
We can't expect such association when the biggest internet companies in America (Google, Facebook, Yahoo...) clearly don't care about privacy. It's all about money.

Google don't be evil? FAIL

BgSpnnrs 1 day ago 1 reply      
I think the issue of privacy is being intentionally and collusively kept a series of domestic affairs by national state agencies.

We need a global charter for privacy rights.

readme 1 day ago 0 replies      
We already have the EFF.
RRRA 1 day ago 0 replies      
It's called the EFF, and please don't compare it to the NRA :P
mattreaver 1 day ago 0 replies      
dreamdu5t 1 day ago 0 replies      
The problem is there's no big business in protecting privacy, and therefor no lobbying money. The NRA is driven and funded by gun manufacturers.
Ask HN: Is it ever OK to completely unleash on incompetent coworkers?
4 points by ajaxbit  13 hours ago   14 comments top 9
avenger123 4 hours ago 0 replies      
Well, first of all, are you the only one noticing the incompetence? If so, why is that? Why is isn't someone in a position of authority involved? This would be the first step. Let them know and voice your frustration but make it sure it comes across as a concerned voice for the company and not a vendetta against the person.

If you are the only one that believes the person is incompetent but the rest of the team (including supervisors) doesn't believe so, then you've got to let it go. It's not your battle.

If you want to "thunder down" on the individual, go ahead, just don't do it in front of the person. Find a room in your house, and let it out. You'll feel almost the same as if you had done it in person.

People have long term memory for highlights and short term for details. If you "unleash" you could be branded as the person that torn down another colleague (a non team player, hostile, etc..) and the reasons for your outburst (regardless of how legitimate, wouldn't be really remembered). Depending on where the person is on the totem pole in the company you may even be putting yourself in danger of losing your job.

But, based on what you are saying, it almost seems you are talking about design issues with code and approaches on how to solve a problem. If this is the case and you think the person's solutions are sub-par, but they still get the job done, then you just need to chill. We love to think how something is designed/implemented is really important but at the end of the day if the car turns on and drives around, most people just don't give a sh*t that the engine is the best in the world. Keep your part of the code the way you and if it turns out that you end up maintaining/owning the person's work, then you can start refactoring or complaining that the code is subpar.

ghostdiver 2 hours ago 0 replies      
How about finding other job?

I mean, if it is possible for "imbecile" and a "poser" to get this job, there must be something wrong with it, your employer and its recruitment process.

Why waste energy, time and your life for problems like this one?

hannibal5 11 hours ago 1 reply      
The question you should ask yourself is what you are trying to do? Do you just want to express your emotions or is your goal to solve the problem?
clockwork_189 8 hours ago 0 replies      
Short answer...no.How you react to such a situation is what an example you want to be to your fellow employees. In the sense, if you lash out to this person, others might feel the same and do so as well. This would lead to bad culture.

The way I would go about solving this problem is like so:Have a nice private chat with the person. First, ask him if he has any problems with anyone at the office. Then address those. Follow that by relaying your problems with him(in a nice, professional and calm manner). Work out with him how you would approach solving the problems you have with him. It could mean that maybe he might need to take a week off to brush up on whatever the language skills, or even that he might think it is culturally acceptable to lash out like he is.

Basically, work with him to figure out how to make the workplace a better place for both of you. Remember, if you fight fire with fire you only get burned.

dossy 10 hours ago 0 replies      
While it would feel SO good to do so, it's not a good strategy. Compare it to shitting in your own bed out of spite for someone else--you may feel great at the time, but afterwards, it's you who has to sit in the shit ...

Personally, I advocate this strategy: you must periodically get contacted by recruiters, yes? When they ask "do you know anyone who might be interested in this position," pause for a moment, and then supply this cow-orker's name and contact info.

Clearly, despite their incompetence, they managed to get their current job, so they should be able to get another one with the aid of a good recruiter.

Cry lots of fake tears when they announce that they're resigning and heading to another gig. Then, go out for drinks to celebrate once they're gone.

ethanbond 12 hours ago 0 replies      
Your team should have mechanisms to deal with people like this. Use them.
eip 10 hours ago 0 replies      
What's really fun is when the incompetent person on the team is the 'architect'.


belowlightsblue 11 hours ago 0 replies      
Sanity, or the appearance of, is your friend here. If this coworker is lashing out wildly, then the problem of him being bad for the team will become clear to the people who can take care of it. But it sounds like you're spending too much energy being upset by this. it's not your decision, its your manager's...this co-worker is doing enough harm without you harming yourself with resentment
lutusp 12 hours ago 2 replies      
> This persons is clinically afraid to ever admit they are wrong, to the point of attacking anyone that brings a superior implementation to the table.

That's narcissism, not merely annoying behavior, and sometimes dangerous: http://arachnoid.com/ChildrenOfNarcissus

> My patience with the imbecility is at it's end and I'm ready to bring thunder down on this individual but is it ever okay for this to happen?

Confrontations don't work with people like that -- you have to get rid of them.

Why is encryption so hard?
44 points by retube  1 day ago   35 comments top 22
jgrahamc 1 day ago 5 replies      
You can certainly find libraries with interfaces like that. For example, OpenSSL has extensive libraries for all sorts of cryptographic primitives and protocols.

If you take a narrow focus on a particular cryptographic event (such as your encryption of a string with an RSA public key) then you miss the greater story about encryption: it's not just the individual cryptographic primitive that needs to be implemented correctly, it's everything else.

An RSA encryption like that does not stand alone. Keys must be generated, secured and distributed. The RSA library itself must be validated to ensure that it works correctly. The actual primitive must be used correctly (in the case of RSA don't use a stupid exponent as some have done). And the environment within which the encryption is used must be understood and secured (just look at the CRIME and BREACH attacks against TLS to see how something 'secure' can be broken because of something apparently irrelevant, in this case, compression).

The overriding reason that encryption is 'hard' is that secure computer systems have enemies and those enemies (attackers) will do _anything_ to attack the system. They will attack it based on timing, compression problems, flaws in the protocol, freezing the RAM to extract a private key, etc. etc. There's really no end to the variety of things you can try to attack a cryptosystem.

So, building a secure system may have encryption as a necessary condition, but it's not sufficient. So much else can and will go horribly wrong.

If you are interested in this hit the books and understand the history of cryptography. For example, look at how Vigenere was broken by Babbage, or the Venona ciphers, or Lorenz. These 'old' ciphers can tell you a lot about how people actually attack things. Then read about modern ciphers and attacks on them. Wikipedia has much. Read about TEMPEST and imagine other attacks possible in that way.

preinheimer 1 day ago 0 replies      
Simply invoking some sort of "encrypt" library is easy, it's everything else that's hard, and you have to get it perfect.

- Simply encrypting your message as indicated will not protect you from replay attacks. Someone could record your message and re-transmit.

- Simply encrypting your message will not assure that the contents haven't been modified, someone could patiently sit in the middle poking bits to see what happens.

- Most encryption schemes will require you to choose a block cypher, doing so requires some knowledge of the options and the data you're sending. Some handle large amounts of data poorly, others fail when you send identical messages.

- Most encryption schemes will require you to initialize them with truly random data, both an early version of Netscape, and Debian messed something up and provided far less entropy than they appeared. Relying on /dev/urandom on a machine that's just booted, or otherwise faulty entropy providers is fatal.

- Attackers can record your data and play with it forever, so even if a mistake or attack isn't revealed for years, they can still go back and decrypt your data. I believe the NSA broke the Russian's use of a One Time Pad because they re-used pages years later.

- Simply encrypting data doesn't provide assurances that you're communicating with the system you think you are, the initial contact is still tricky.

So there's more to it than a single function call.

e12e 1 day ago 1 reply      
Lots of good answers here. NaCl (salt) is one (relatively) recent effort to be just such a library, see eg under the sub-heading "High Level Primitives" on the features page:

  http://nacl.cr.yp.to/features.html   High-level primitives  A typical cryptographic library requires several  steps to authenticate and encrypt a message.  Consider, for example, the following typical  combination of RSA, AES, etc.:  * Generate a random AES key.  * Use the AES key to encrypt the message.  * Hash the encrypted message using SHA-256.  * Read the sender's RSA secret key from    "wire format."  * Use the sender's RSA secret key to sign the    hash.  * Read the recipient's RSA public key from wire format.  * Use the recipient's public key to encrypt the    AES key, hash, and signature.  * Convert the encrypted key, hash, and signature to wire    format.  * Concatenate with the encrypted message.   Sometimes even more steps are required for storage  allocation, error handling, etc.  NaCl provides a simple crypto_box function that  does everything in one step. The function takes the  sender's secret key, the recipient's public  key, and a message, and produces an authenticated  ciphertext. All objects are represented in wire  format, as sequences of bytes suitable for  transmission; the crypto_box function  automatically handles all necessary conversions,  initializations, etc.
Of course, "such libs have bugs" -- it is software after all. But bugs can (and will be) fixed.

Somewhat unique to security and cryptography are the number of subtle bugs possible. There are both problems of actual "normal" bugs (like the Debian entropy bug) and system level design errors (like CRIME).

NaCl/Salt tries to reduce the number of errors possible by using the library wrong (as opposed to eg: openssl that has a very (some say too) rich interface). But you could still end up writing the secret key to swap. Or doing something silly with the plain text. Or expose yourself to a buffer overflow in the part of the code that renders those cute avatar-images for your chat application.

edit: formating

sdevlin 1 day ago 0 replies      
A few reasons.

The overarching problem is that you don't really get any feedback about whether what you're doing is right or wrong. For example, no cryptographer would use RSA like that, but that's not obvious just from studying the wiki article. Or from looking at the function output - it does turn ASCII into gibberish, as advertised, and that's where most developers will call it a day.

The moving parts are also treacherous. You're not just going to encrypt a string - someone is meant to decrypt it. Have you authenticated the ciphertext? Are you exposing a padding oracle? Or timing attacks? Are messages susceptible to replay? In crypto systems, these things are equivalent to locking the front door and leaving the window wide open.

In practice, most insecure crypto constructions aren't due to bugs in the implementation of RSA or AES. They're because of developers choosing inappropriate primitives, gluing them together incorrectly, or inadvertently exposing dangerous side channels.

Fortunately, there are libraries that can help. As mentioned elsewhere, NaCl/Sodium and KeyCzar provide higher-level interfaces that can abstract away many of these issues.

gcv 1 day ago 0 replies      
Lots of good answers on this thread. I think the fundamental underlying reason is that programming is difficult and so poorly understood.

A given: all software has bugs. Usually, that doesn't matter a CRUD app will eventually get debugged enough to the point of usability. (Sometimes even maintainability.) We do not understand enough about programming to guarantee perfect execution in all cases, but no one gains any value by causing an obscure input case to cause a null pointer exception.

Whenever we use crypto, however, we inherently have code which protects something valuable: from forum passwords to credit card numbers to state secrets. This means that all the subtleties which break in ordinary code, but no one cares about, suddenly become important. Every interaction of input to memory to processing to storage (to network) must be scrutinized for places where a crucial piece of data may leak an encryption key, or perhaps just enough known plaintext of known cyphertext to mount an attack.

andrewcooke 1 day ago 0 replies      
To answer the "why is it hard?" question, I tried to collect my own experiences at http://www.acooke.org/cute/WhyandHowW0.html - not sure I did a good job, but the main conclusion was that you underestimate how important experience is in avoiding errors.

To repeat what others have said in answer to your more general question - solutions to "real world" problems include more than a single call to a primitive. So you need to find libraries that provide a higher level API, like parts of NaCL http://nacl.cr.yp.to/, Google's keyczar http://www.keyczar.org/, etc.

Even for simply encrypting a string with a password - https://pypi.python.org/pypi/simple-crypt which is what I talk about in the first link - I needed three things: key strengthening, the encryption itself, and an HMAC. Making those work well together was harder than I expected (at least 5 bugs harder...)

sarbogast 1 day ago 0 replies      
Also, encryption is all about maths, so there are hundreds of ways to do just about anything, different parameters, different algorithms with different tradeoffs about speed, performance, resistance to attacks, data bandwidth, etc. etc.So I don't think a library with the kind of interface you describe would be very useful. But I do think it would be great to have a library that allows us to configure encryption based on requirements instead of technicalities.
Shish2k 1 day ago 0 replies      
AFAIK there's no "encryption for humans" library (at least no widely known, widely used, widely tested one) - they all rely on the developer to specify the right parameters into the function, with no sanity checking asserts.

The results of this is things like the developer who used "1" as the multiplication factor, so to decrypt the data, you need to divide each block by 1...

Zigurd 1 day ago 0 replies      
There are two facts about crypto that often get mixed up in these discussions:

1. For a high value target like Edward Snowden, there is a broad spectrum of attacks, and any operational weakness is fatal. There are many examples of these attacks described on this thread. Unless you know what Snowden knows, odds are you will not get it right.

2. BUT, if everyone had easy encrypted email and real time communication, the mass surveillance machine would be blinded, because the kinds of attacks that are used against high value targets do not scale up well.

pothibo 1 day ago 0 replies      
I guess the main problem is that encryption is foreign to most of us (myself included). It's hard to understand what is safe from what isn't.

It's also very hard to figure out if your encryption is bugged or not. I guess that for most us, once your method returns a hash, you expect that everything is secure.

On a side note, I wonder how many people on HN would claim to know the inside out of encryptions. (Not the difference between SHA1/MD5/bcrypt but the actual math behind derivations and how they work)

nilved 1 day ago 1 reply      
Encryption being painfully and needlessly difficult is one reason why it isn't widespread on both the business end and the consumer end. GPG, which _everybody_ should use for email, has one of the most terrible interfaces conceived. It is absolutely no surprise that people would rather be spied on than spend a week getting that POS working.

There's a massive market for easy-to-use encryption. Easy-to-use does not imply insecure in any way at all.

reaperhulk 1 day ago 0 replies      
Just in your example there's already a problem. If you don't use something like OAEP padding (PKCS1 v1.5 padding has been proven to have issues) then you're vulnerable to attack (see: Bleichenbacher http://www.bell-labs.com/user/bleichen/papers/pkcs.ps).
weavejester 1 day ago 0 replies      
Sometimes crypto libraries have bugs, but it's also easy to use them incorrectly, especially if you don't have an good understanding of cryptography.

For example, a common mistake is to assume that by encrypting something, attackers can no longer change it. Or perhaps you'll use your standard equality operation to check whether a decrypted string matches some value, without thinking about timing attacks. Or maybe you'll just use AES in ECB mode.

bradleyjg 1 day ago 0 replies      

From their homepage:

Crypter crypter = new Crypter("/path/to/your/keys");

String ciphertext = crypter.encrypt("Secret message");

geoffsanders 1 day ago 0 replies      
For anyone interested, we have encryption examples in Python (PyCrypto & M2Crypto library), Ruby (OpenSSL), PHP (phpseclib), Java (Spongy Castle) and Objective-C (CommonCrypto) here: https://launchkey.com/docs/api/encryption

disclosure: I'm a co-founder of LaunchKey

NegativeK 1 day ago 0 replies      
As a different, less technical response: crypto is so hard because it's natural to assume that cryptanalysts are so persistent.

A good crypto library should keep your data safe for decades. We don't make the same demands (no bugs, due to no updates possible) of other software that often.

ra 1 day ago 0 replies      
Encryption is hard because computers are constrained by (but exceptionally good at) discrete maths. All encryption does is slow cryptographic attacks down (a lot).

Also, proper key management is out of reach for most of us.

joshka 1 day ago 0 replies      
There is a crypto challenge that explains many of the flaws in crypto done not exactly right, by giving real examples / puzzles on how to break the crypto.See http://www.matasano.com/articles/crypto-challenges/
skrowl 1 day ago 0 replies      
I know it's cool to hate Microsoft and .NET here on [Y], but .NET framework actually comes with a ton of encryption classes & methods - http://msdn.microsoft.com/en-us/library/system.security.cryp...
falsedan 1 day ago 1 reply      
Encryption is easy, security is hard. Every time you increase the security of a product, you decrease usability.

e.g. easiest to use :: SSH with password <<>> SSH with passphraseless keys <<>> SSH with passphrase-protected keys :: most secure

gamachemarkr 1 day ago 0 replies      
This is exactly what the NSA wants you to think! Encryption is only a tiny part of the problem space, and yet still gets broken in fun ways (padding oracles, bad RNGs, etc). The more difficult mart is key management and distribution. This is where crypto rubs up against the human. Humans suck.
a3n 1 day ago 1 reply      
To step back a bit from the tech problems -- encryption is hard because not everybody uses it.

I think what we need, for email at least, is a completely new protocol that's end to end secure (as hard as that is). The problem though is that I don't think something like this can be done anymore, without "interested" corporations co-opting or talking it to death. The golden age of the internet is gone.

Ask HN: Hacker Resume
5 points by musiic703  20 hours ago   3 comments top 3
yulaow 20 hours ago 0 replies      
Personalized for each job position you are looking for, nicely formatted and well organized, all the main data on the first page (often the big part of recruiters do not even read the other pages), at least one link to something (your github/sourceforge/personal_blog/etc) in which they can see some exemples of your code/coding_style and if you have a list of other jobs you have done in your life please put first a list of those strongly related to the job position you are looking for now, then a second list with all the others.
amccloud 14 hours ago 0 replies      
I've had much success with http://resume.amccloud.com
musiic703 9 hours ago 0 replies      
Great tips. Thank you.
[Apple] All Developer Program Services Are Now Back Online
4 points by wjan  1 day ago   2 comments top 2
nimeshneema 1 day ago 0 replies      
Are you officially posting on behalf of Apple ?Where can we contact you ?
olgeni 21 hours ago 0 replies      
I still cannot "review" my agreements for some reason.

Stuck waiting for more "magical" design.

Let us help ubuntu Edge, its only 12 days left
4 points by rohu1990  1 day ago   6 comments top 3
tagabek 14 hours ago 0 replies      
They still need to sell about 32,000 more smartphones.

The problem is that they are selling a PROMISE to eventually send you a smartphone, and not enough people either know about the offer or are willing to pay $700 up front.

That said, this phone looks fantastic, so I hope that they are able to pull it off.

digipaper 23 hours ago 1 reply      

I'd love this phone and would buy it but not before it is actually made.

zergling 1 day ago 1 reply      
Just curious rohu1990, did you pledge for a phone?
Ask HN: Want a feature where users with showdead could revive hellbanned users?
2 points by readme  21 hours ago   discuss
Ask HN: How to deal with inappropriate interview questions?
8 points by kobot  2 days ago   4 comments top 3
dandrews 2 days ago 0 replies      
Your interviewer just sounds inexperienced to me. I'd deflect it: "That sounds like an off-prem kinda question. Maybe one of these days we can meet for a beer after work and swap stories."
throwaway420 2 days ago 0 replies      
It all depends on the level of inappropriateness, how it benefits you, and your personal comfort level with it. If you're applying for a super great job, it might be in your self-interest to casually accept a few probing questions like that if you think that it gives you a better opportunity to get the job.

If you're the litigious or confrontational type, you might be able to spin this type of incident into a lawsuit or threaten them in some sly way to guarantee the job. I wouldn't do it that way or recommend doing that, but that's certainly an option for aggressive personality types.

dnm 2 days ago 1 reply      
"Relationship status" is flat out illegal.

The personal family stuff is just wierd.


Tesla - we may not see the forest for the trees
6 points by cjbenedikt  2 days ago   4 comments top 4
rst 1 day ago 0 replies      
FYI, this might have gotten more eyes as a comment on one of the (fairly numerous) Tesla-related submissions here. A submission needs several upvotes within a half hour or so of submission to make the front page, or it sinks without a trace. And text submissions, IIRC, take more --- the front-page ranking algorithm isn't fully disclosed, in part to make things harder for the people who keep trying to game it, but I believe text submissions do get a penalty compared to those that are just a plain URL.
lifeisstillgood 1 day ago 0 replies      
And I would guess he would avoid the interstates and start on Route 66. Interstates are boring, and have chains of gas stations. You might be able to piggy back the deliveries onto chain-gas-stations more easily but you lose control.

Smaller towns along a world famous route, harkening back to American self-mythology, plus Independant stores who will be glad of the extra income and attention.

There you could own the industry.

jared314 1 day ago 0 replies      
I think the car is the primary point of discussion, because it is currently the only thing that can be questioned on technical merits. I already share your observation, as with most people I have actually spoken to, about the future prospects of Tesla, and I am patiently waiting for charing stations near me before I buy one. But, most Tesla supporters don't need to comment on a forum, because they have already shown their support by actually investing in the company, either through purchasing a car, buying stock, or both. But, for the rest of the world, being pedantic is an easy way to be heard, and everyone wants to be heard.

Also, they did not create the electric car market, they only revived it. (See previous point.)

nicholas73 1 day ago 0 replies      
This is a wildly optimistic prediction. Listing some risks off the top of my head: 1) Viability of stations - cost to build/maintain stations, technical challenges for battery swap, customer acceptance of swap 2) Widespread adoption of EVs - so far they are only economical for luxury cars and with tax credits 3) Probability of competitive charging stations 4) Actual need for charging stations - really, only needed to do long trips. 5) Whether adoption of Tesla standards actually cedes any advantage.

I think control of the EV market is unlikely.

What advice would you give your 16 year old self?
18 points by Princeps  8 hours ago   62 comments top 40
milesf 7 hours ago 2 replies      
I'm 44 now, and I know without any doubt whatsoever that my 16 year old self wouldn't listen to anything I had to say.

But you're smarter than I [am|was], so my advice to you is don't listen to others who don't build stuff. Or in a more positive way, only listen to people who actually build stuff themselves. Why the Lucky Stiff said it best:

  When you dont create things, you become defined by  your tastes rather than ability. Your tastes only  narrow & exclude people. So create.

Almaviva 7 hours ago 1 reply      
"It will just happen" is advice for normal people, not you. Nothing will ever happen, not a single thing, that you don't work for. You have a chance to experiment and make mistakes socializing with girls and it's acceptable to even be rather crazy, and everyone will grow up and forget. Above literally all things, don't waste this chance. Going to a school program that has more men than women is a colossal failure of the kind of intelligence that actually matters. A relationship is the single biggest determinant of human happiness for you, weight it accordingly. Your window for finding one will end much sooner than you'd like so don't take for granted any little experience you ever have with a woman, because they will get rarer tending to zero.
ChuckMcM 6 hours ago 1 reply      
I agree with miles, build stuff. But perhaps more importantly do stuff. It is highly unlikely you've discovered even a tenth of the things that you could be passionate about.

Also don't drive by looking backwards. When I learned to sail my Dad told me that you could tell a good sailor from a bad one by the straightness of the wake left by the boat. I kept looking at the wake and trying to correct for the various wobbles in it, and that made it more wobbly. I got frustrated and told him it was impossible.

He took the tiller and proceeded to zoom straight across the lake we were on. He explained that the only way your wake would be straight is if you kept you eyes on your destination. When I asked how you could know your wake was straight if you weren't looking at it, he said "People with you can see it and will complement you on it."

It wasn't until I was much older (like 25) when it dawned on me he wasn't talking about sailing.

cperciva 6 hours ago 0 replies      
Publish, even if you don't think your work is ready. Better to publish five papers which all have loose ends in need of tying up than to publish a single work of undoubted genius. Other people will tie up the loose ends, and everybody will remember you as having the original ideas.

When I was 15, I did my first significant research, discovering a novel (and significantly faster) algorithm for computing GCDs of polynomials over algebraic number fields; but I was never fully satisfied with it, since it was only applicable to fields spanned by low-degree algebraics. My supervisor encouraged me to publish it nonetheless, and in hindsight I should have done so -- if nothing else, so that the two Master's students who extended it over the following years would have had something to cite.

In your case, you're interested in programming rather than mathematics or computer science, but the same principle applies: Don't hesitate to release something because it's "not quite perfect". If you've built something cool, release it -- you can always improve it further and do another release later.

Oh, and I'd give my 16 year old self one other piece of advice: Where girls are concerned, don't waste your time. Wait until your friends are partnered and decide they want to help you. It's much easier once you have a circle of friends who can offer help and advice and encouragement.

gosu 6 hours ago 0 replies      
1) Math is way more than calculus. Writing proofs is the best way to train the general skills that will get you recognized as smart.

2) Stop being a coward. Always push yourself to do embarrassing, uncomfortable, or hard things, or you'll still be 16 when you're 21.

3) Gaming and computing is addictive. Don't waste precious life on it.

4) You're an idiot, and your unexamined decisions make you a bad person, though you don't intend to harm anyone. Find values to believe in, and use them to make hard or painful decisions with dignity. Foremost of those should be: treat your people well, even at your own expense.

5) Examine, accept, and embrace your feelings and your past, for better and worse.

6) Read more fiction to learn more about life.

7) You're a social animal. You'll never grow as much, or be as happy, as when you're surrounded by people.

8) Don't stop doubting yourself.

Very little of this has to do with programming or careers. But I don't regret not knowing C at 16 nearly as much as I regret all of the above. Learning to live well is so much more important.

jacques_chester 7 hours ago 1 reply      
Dear Jacques,

Herewith some remarks:

1. You have ADHD and are prone to clinical depression. Both are treatable. Spending decades suffering pointlessly isn't necessary to discover either of the former or the latter.

2. Go find someone who can teach you Olympic weightlifting. You love it and wish you'd started much earlier. It will teach you important lessons about persistence. Plus you are one of those lucky blokes who can gain weight by frowning at a barbell, might as well take advantage.

3. Don't go straight to university. Take some time to grow up a little first.

Yours &c &c


Funnily enough, none of these are about a laundry list of technologies. When I was 16, people wrote web apps in mod_perl and DHTML was looked on as something you resorted to only occasionally.

rweba 6 hours ago 1 reply      
(1) Exercise everyday

(2) Try to get enough sleep

(3) Make a very conscious effort to get out of your comfort zone and try unfamiliar things, even if you only try them briefly.

(4) Understand and accept that sometimes it takes years before a project gives any substantial results, so don't get discouraged if a project seems impossibly hard and going nowhere at first.

gmuslera 34 minutes ago 0 replies      
Many of the advices that i would give to myself i'm giving them to my nieces, is good to have internet to back up some of them.

* be aware of its own cognitive bias (there is a nice listing in wikipedia)

* studying is not a waste of time, is forming a culture to better communicate with others and gaining a toolchain that will prove useful. And is not something passive, teachers guide, but is your responsibility to learn in a way or another.

* the boring math proofs worth at the very least as a training for better, more rigorous thinking, no matter if you ever see math again.

Regarding programming, recommended them to play with Scratch when were younger, and probably would recommend them to play with python as the next step, if they were interested in programming, at least.

But if I really could had given something to my younger self, probably would be the Grays Sport Almanac 1950-2000

spc476 6 hours ago 0 replies      
Advice to me at 16? Forget [girl A], and instead, go for [girl B] or even [girl C]. Do whatever it takes to convince your parents/grandparents to buy, in your name, 100 shares of Microsoft stock and never sell it (because by the time they start paying dividends, you'll never have to work).

For a 16 year old, now, interested in programming computers, learn assembly language, even if it's just for a 6502 or Z80 [1]. It will give you a feeling for how the computer works.

Also, learn how to learn. What you learn now will change drastically over the next twenty years (when I started college, Fortran was still taught, you had actual multiuser systems, and there was no such thing as a "webmaster," and Perl had just been released into the wild).

Another thing to keep in mind---there really is nothing new under the sun. Arguments about writing an application in Python over C++? Old hat (C vs. assembly). Languages targeting a virtual machine? Old hat (UCSD Pascal, and before that, various IBM computers from the 60s and 70s). It just takes new forms, which need to be learned (see previous lesson).

And one lesson that might be unorthodox---never cut-n-paste code. Take the time to type it out. That's how an entire generation of programmers who grew up in the late 70s/80s learned---by typing programs in (from books and magazines) by hand. It's hard to see how this helps, but it does. It forces you to look at a program as you type it in, to see how it's constructed. No, really. In fact, if you read up on successful authors, you'll find a good portion of them actually copied (long hand, or typewriter, or computer) entire books by authors they liked.

Never be afraid of trying something out. It may not work, but now, you'll know a way of not doing something. Or why a certain approach won't work. Or will. You might surprise yourself. Don't let your lack of knowledge keep you from trying something, because you might in fact do something that so call experts said couldn't be done.

Oh, and keep this quote from H. L. Mencken in mind: "No one in this world, so far as I know-and I have searched the record for years, and employed agents to help me-has ever lost money by underestimating the intelligence of the great masses of the plain people."

That's all I have for now.

[1] Personally, I'd lean towards CPUs made by Motorola, as they're a bit more sane in the assembly language department, but really, any CPU assembly language will help. Well, maybe not the Intel 80x86 family. The 8086, 80186, 80286, 80386, 80486, Pentium ... it's just an insane family of CPUs.

lutusp 2 hours ago 0 replies      
> What advice would you give your 16 year old self?

I'm 68 and I know exactly what I would tell my 16-year-old self:

1. Learn more math and science, and don't delay -- the longer you put them off, the harder they are to absorb. Math and science are the real deal -- nearly everything else is contentless opinion, much more heat than light.

2. Try to minimize time and energy spent on dating and sexual behaviors -- they're the most overrated waste of energy ever invented.

3. Learn how compound interest works, and avoid as many discretionary purchases as possible. "Compound interest is the eighth wonder of the world. He who understands it, earns it ... he who doesn't ... pays it." -- Albert Einstein

I literally spent decades recovering from bad decisions made when I was young, all having to do with the above points. If I were able to confront my 16-year-old self today, I would kick myself down the stairs.

mkautzm 7 hours ago 1 reply      
Actually do something.

I talked about writing code more than I wrote code and that was a dumb mistake.

Also, if I could do it all over again, I'd make it a point to really work with C/C++. I feel like moving to any other imperative language is pretty easy if you have a firm grasp of that language.

I would also not learn Objective-C, but that's more of an opinion than anything.

fusiongyro 7 hours ago 0 replies      
The most important attribute that young programmers lack is empathy. All of the weird-sounding miscellaneous advice you get really flows from it. Commenting the "why" rather than the how, documentation, adhering to coding conventions, these are all just manifestations of being kind to the maintenance programmer, which is empathy. Making the user interface attractive and usable, providing helpful support and performing rigorous testing are just manifestations of being kind to the user, which is empathy. Cultivating articulate expression, in code, speech and writing, is empathy for those who must start from scratch to understand you and what you've done. Egoless programming is empathy for your coworkers. So you can throw away almost all of the specific advice I have mentioned and instead focus on being empathetic, and you won't go astray.
cup 7 hours ago 1 reply      
Listen to dad. Hes right about everything, you'll realise when you're older. Be kind to mum, you owe everything to her.
zachlatta 7 hours ago 0 replies      
I'm a bit younger than you, but the biggest hurdle for me was just starting. Don't teach yourself Objective-C. Make an app.

I'd love it if you'd shoot me an email at zchlatta (at) gmail.com. I'm always interested to talk to other passionate people.

ethanbond 8 hours ago 0 replies      
I'm just a few years past you (18) and I can tell you the most significant periods of growth I've had were when I jumped in WAY over my head.

I did design, got offered a front-end dev job, and learned HTML/CSS within 1 week after failing for 2 years.

Then I did HTML/CSS, went to a hackathon and had to dive into Rails to finish on time, and I didn't "learn Rails" but I learned a TON (and won 2nd place!)

Took up a job doing more traditional ColdFusion and XSLT sites - learned a ton in 3 days. I was also forced into learning SASS/SCSS - learned a ton within like 2 weeks.

Keep going. Get in over your head. Take on the projects that you're not sure you can finish, understand it's okay to walk away from them (jobs, too), but try your hardest not to.

Also, take CS101 at your local college ASAP. It'll get you off your feet wicked quick.

regis 7 hours ago 0 replies      
I would tell myself to not be afraid of publicly failing. I had, and sometimes still do have, a really hard time putting myself out there. So, do not be afraid of the judgment of others; if you are proud of what you're doing then that's all that matters.
marquis 7 hours ago 1 reply      
Never, ever drop out of advanced math class. You will live to rue the day.
lifeisstillgood 3 hours ago 0 replies      
1. Do a hard degree at a good school

2. Sleep around more

3. Try new stuff, but it's ok to say no to somethings

4. Make enough money that you have 6 mths savings and a few months lying around to invest - when an opportunity arises it will hit you that day and its great to just say yes.

5. Don't worry if you can't do all this now - time your life in decades not weeks.

6. Sleep around more. Seriously. Don't be a jerk about it but just have fun.

7. See 6. :-)

gdubs 6 hours ago 0 replies      
Really try to finish projects when you start them. It will be tempting to drop what you're working on when you get a new idea, or things aren't turning out the way you saw them in your mind; keep a journal for those new ideas. Keep things simple. Keep working the broad strokes before getting too wrapped up in the details. Do things in drafts, and refine in subsequent passes. Try to find like-minded people to collaborate with.
subsection1h 4 hours ago 0 replies      
I would advise myself to use search engines[1] when they're available so my younger self could find relevant information[2].

EDIT: dmunoz beat me to it.

[1] https://www.hnsearch.com/

[2] https://news.ycombinator.com/item?id=6153368

chrismealy 7 hours ago 0 replies      
It's okay to quit things you don't like.
Jach 6 hours ago 0 replies      
Don't put anything on the shelf for "later". Do as much as you can now, even if it means less than perfect grades. Beware of psychological burnout if you're feeling discomfort with doing stuff. Don't go to college if you're having any doubts about its utility, but look at the course sequence for a candidate school and degree and acquire the books used for the core classes. Look for free lectures online too. If you don't have any, make at least one friend whom you can talk technical with anytime. Consider going to interesting Meetup.com meetups in your area -- especially when you're looking for a job.
michaelpinto 7 hours ago 0 replies      
1. Broaden your interests as much as you can. When I was 16 the filed of information architecture and usability didn't exist, so as time goes on tech will be less about code.

2. Actually play with putting together hardware. The era of building your own PC is coming to an end and you should experience that before it's gone.

3. Life advice: Treasure your older relatives while they're still alive and tell them that you love them. Try to capture as much family history as you can and write it down.

anigbrowl 6 hours ago 0 replies      
Go to college anyway even if some of the material seems boring or irrelevant. Always own at least one musical instrument. Money is quite useful but is ultimately an instrumentality. Learn enough about law and economics to appreciate the limitations of formal systems and statistical methods. Subscribe to The Economist. Don't smoke tobacco, but do brush your teeth regularly. Find some physical activity you enjoy a lot, which will save you from having to exercise. Don't be afraid to admit you don't know, but don't underplay your ability to find out either. Employ adjectives sparingly. Read books that you find difficult to understand.
plessthanpt05 7 hours ago 0 replies      
Study (& enjoy) math ...that's what I'd tell my 16 year old self.
teamonkey 6 hours ago 0 replies      
1) Don't worry too much about your future, follow your interests.

2) Don't panic about needing to learn everything at once. Take your time.

3) Learn how to finish things, even if that means taking on smaller tasks than you'd like.

threeseed 7 hours ago 0 replies      
Work in as many different countries as possible.

IT is one of the few jobs where you can travel/work easily. So do it.

chrisrickard 3 hours ago 0 replies      
"You can do it".

Sounds super lame, but I've always suffered from from self-doubt and anxiety - especially as a young dude. If I knew at 16 that I was just about to fall in love with computers, get into university, travel the world, have a string of great jobs, then become my own boss, AND marry an amazing girl... I would be pretty fricking happy.

datalus 7 hours ago 0 replies      
Don't try to be someone you're not. I spent a lot of time in my mid to late teens trying to be what I thought others wanted me to be.
Claudus 7 hours ago 1 reply      
Don't waste time in grad school unless you want to be a professor.

Work out a little, girls like muscles.

dmunoz 7 hours ago 0 replies      
This exact question was recently asked. Many comments from seven days ago [0].

[0] https://news.ycombinator.com/item?id=6153368

treme 7 hours ago 0 replies      
Learn to learn. Find out and become aware of how your focus & energy level shifts through out the day and allocating those time in well spent manner.

Deciding on what experience will likely increase % of you working with high quality people on hopefully, meaningful work. Check out one of gazillion on going opensource projects that interest you.

Read books, learn to find good books, repeat

and of course do allow some balance in life, not everything should be about being 100% productive man.


bdreadz 7 hours ago 0 replies      
Tell myself to finish a lot of the ideas I had started. That they were excellent ideas. It's what actually drives me a lot now when I have ideas and at points doubt what I'm doing.
sebastianavina 7 hours ago 0 replies      
get more friends and leave the computer alone from time to time
hardwaresofton 5 hours ago 0 replies      
1. Get involved with open source software.

2. DO something with your skill

3. Be well mannered.

4. Be very careful what you put on the Internet. When I was young, I barely put my real first/last name anywhere, and the word 'avatar' meant 'cool picture of something I like, because there is no way I would put a picture of my face on the internet'.

andrewgjohnson 7 hours ago 1 reply      
Actively pursue girls and recreational drugs more than you are.
lsh123 5 hours ago 0 replies      
Invest in some kind of fruit company
rooshdi 7 hours ago 0 replies      
Launch cheap, build value.
lvturner 7 hours ago 0 replies      
keefe 7 hours ago 1 reply      
join the army after college
Ask HN: has NSA given commercially sensitive info to US companies
2 points by lifeisstillgood  13 hours ago   4 comments top 3
daviddumenil 12 hours ago 0 replies      
They're reported to have fed back to Boeing details of an Airbus bid:http://news.bbc.co.uk/1/hi/world/europe/820758.stm
laxk 8 hours ago 1 reply      
>The estimates of 35bn loss to cloud companies

Where did you get this info?

bleke 13 hours ago 0 replies      
I think we should wait for Snowden leak, 99% I guarantee there are this type evidence. I am more interested in that, is there evidence when stolen secrets by NSA are patented by US company and then sued original creator.
Ask HN: Find a PR person for our press release
3 points by sytse  18 hours ago   4 comments top
jkaykin 17 hours ago 2 replies      
I would love to help you with PR. Can you give me an email address so I can contact you directly?
Ask HN: Who do you follow on Twitter?
5 points by lmartel  1 day ago   9 comments top 9
sdfjkl 2 minutes ago 0 replies      
I don't Tweeter myself, but I do subscribe (via the now removed, but still functional RSS feeds) to a few accounts, all of which are status updates. That's the one useful thing about Twitter for me - providing status updates to customers via a third-party site, so they can be accessed even when your domain is gone or your datacenter flooded.
pandemicsyn 12 hours ago 0 replies      
I try to stick to around 200 people (anymore and I have a hard time keeping up). While a big chunk of who I follow is coworkers or people related to my work, theres also people/accounts like:

@pycoders @jessenoller for python related stuff, and @zeeg for python and startup insights (he's behind getsentry.com)

@nntaleb @neiltyson for my daily dose of awesome science/math/logic.

@wilw @pvbrett @deadmau5 for some celebrity/author/music nerd fixes. @deadmau5 is worth following alone for the pictures of his awesome studio setup.

A pretty good tactic i've found is to find someone who's interest's align with your own and see who they are following.

samweinberg 1 day ago 0 replies      
Personally, I follow way too many people to get any actual enjoyment out of Twitter. I would really like to slim down, but it would take a considerable amount of time to do so.

But if you're interested in web development and design, check out http://uptodate.frontendrescue.org/ for some good pointers on who to follow.

wikwocket 16 hours ago 0 replies      
I follow the always-relevant and useful @PicardTips and @HackerNewsOnion.

I also get less entertaining, but more actionable, advice from @patio11 and @orangethirty (both regular HNers). Patrick also periodically retweets the posts of others you may wish to follow.

cdvonstinkpot 1 day ago 0 replies      
I'm in a similar boat- I just started using my Twitter account after creating it years ago & never following anyone.

So far I follow 4 people: Barack Obama, who tends to say the same thing over & over. Kim Dotcom, who talks about privacy issues & retweets interesting stuff on that. My email provider who almost never tweets. And a guy from my local hackerspace who barely ever tweets, too.

At one point I followed @TheWhiteHouse, but it was just BS, so I stopped.

I'll be interested in seeing where this thread goes, since I'm also interested in finding interesting people to follow- thanks for asking.

dotmariusz 1 day ago 0 replies      
I'm mostly following people who I met at conferences / meetups / work as well as people who usually have something interesting to say in matters I'm interested in, like people from W3C, Opera, Google, popular UX speakers and such.
RedJohn 1 day ago 0 replies      
I follow around 900 people, most of whom are reporters/bloggers/actors/actresses/attractive ladys/friends.

Depending what you're interested in, some favourites of mine are: @SciencePorn, @GaryVee, @TheStalwart, @AntonKreil, @GSElevator, @DavidBrent, @Cmdr_Hadfield, @FootyGif, @Digg, @GaryLineker

I always say how Twitter gets much better after following more people.

Youtube Easter Egg - One for the Geeks
50 points by webdisrupt  2 days ago   25 comments top 9
UnoriginalGuy 2 days ago 0 replies      
It is nice that Google still allows Easter Eggs. Many other companies (e.g. Microsoft) have outright banned them.
jpswade 2 days ago 4 replies      
Type 1337, view the comments.
Joeboy 2 days ago 1 reply      
I find it amusing that London's buses are plastered with Geek Week publicity, but until now I've not seen any actual geeks mention it.
FridayWithJohn 2 days ago 0 replies      
Awesome stuff... although my boss wouldn't think so ;-)
klimeryk 1 day ago 0 replies      
If you right click on a video, it will show a "Stats for nerds" option (showing the usual stats, but nice touch nevertheless).
NKCSS 1 day ago 0 replies      
Haha, so awesome
caxton 1 day ago 0 replies      
Now this is awesome. My favourite part was "Video destroyed. Game over". Lol
scottlinux 1 day ago 0 replies      
Another one: type Alt-F4 during a video.
Tell HN: thank you (+ a 50% discount during 3 months on my new SaaS)
10 points by thibaut_barrere  1 day ago   10 comments top 4
bjourne 1 day ago 1 reply      
HN readers aren't dumb. Your post is a thinly veiled attempt to market your site, not to thank anyone and you know it. Not that there's anything wrong with self-promotion, but at least be honest about it!
pearjuice 20 hours ago 2 replies      
Your 11th birthday and you were here since 2009? Kids these days!
thibaut_barrere 1 day ago 0 replies      
AznHisoka 1 day ago 2 replies      
Why would you target a market (freelancers) that is starved for cash, and want to do almost everything themselves? Your product is almost doomed to fail.
Alternatives to Lavabit, with no physical ties to the United States?
6 points by caberus  1 day ago   4 comments top 2
replax 1 day ago 1 reply      
hosted in Germany, you might want to look at


caberus 1 day ago 1 reply      
it looks countermail.com is a good alternative, has an interesting feature: Diskless web server and some other "unique features".
Ask HN: Are we complicit in the NSA dragnet?
7 points by econner  1 day ago   2 comments top 2
andrewcooke 17 hours ago 0 replies      
[thanks for asking this. i had always wondered how those physicists felt / could have done what they did. and now i read your question and understand them much better.]
adultSwim 1 day ago 0 replies      
With the decrease in employment, how do graduates find jobs?
4 points by Apane  1 day ago   5 comments top 5
EllaMentry 4 hours ago 0 replies      
There are no shortage of jobs for talented people (especially in Canada! Companies are bringing in thousands of immigrants every year because they literally can't employ enough Canadians!). If you have a degree in Maths, Biology, Physics, Computer Science, Chemistry or any other hard science discipline or Engineering (Electrical, Chemical etc.) and can't find a job then you are not looking in the right places.

You shouldn't have a problem in Ontario, but don't be afraid to look further out (Vancouver, Alberta) for those kind of jobs.

I just looked down to see you took a Science and Business course...as someone looking at CV's I literally have no idea what that means...what can you bring to an organization? What can you produce or create?

You say you consider yourself a junior rails developer, what have you built? How do you plan to utilise your course in your future work?

jared314 1 day ago 0 replies      
Without knowing your skills, interests, or background, any advice is going to be very generic.

1. Attend, and present at, local meetup / groups.

2. Find a "buddy" and collaborate on side projects. Keep them open source, and publicly visible, on both your github accounts

3. Contribute to open source projects

4. Blog about your adventures in ( tech or sector specific task )

5. Apply to consulting companies (they are usually hanging around the local meetup groups)

6. Attend sector specific or technology specific conferences

7. Work Pro bono (as long as you can show the result to others)

Most of this has more to do with building a portfolio, and a personal brand, than actually finding a job. But, that part usually pays off like investing.

creature 21 hours ago 0 replies      
Seth Godin has some advice on what you could do: http://sethgodin.typepad.com/seths_blog/2009/06/graduate-sch...

I think the other thing that can help is to understand that the world has changed. There's now two paths to a sure job: be world-class excellent at one thing, or be pretty good at 2-3 things. The first one almost certainly isn't going to happen; by definition, you're more likely to be in the 99.99% than the 0.01% of graphic designers. But what if you're a better-than-average graphic designer, can speak fluent German, and are pretty good at online marketing? Now you're some company's ideal employee.

Apane 1 day ago 0 replies      
I would consider myself a junior rails developer :)

and took the Science and Business course at Waterloo/

dllthomas 1 day ago 0 replies      
What are your skills?
PGP key as Facebook profile photo
7 points by plg  1 day ago   5 comments top 4
runjake 1 day ago 0 replies      
Because current interfaces to PGP/GPG are not grandma/soccer mom friendly.

It's better that they don't use encryption than it is for them to use it incorrectly (insecurely) and give them a false sense of security.

This "idea" comes up year after year after year after year. Occasionally, someone says they'll build a better mousetrap. Always, nothing comes of it.

PS: Zuck does not care about your privacy in the least. You are not his customer, you are his product. Advertisers are his customers.

borplk 1 day ago 0 replies      
The difficulty of interface isn't even the biggest challenge here.

The biggest challenge is to get grandma / soccer mom and the girl next door to care the tiniest bit about encryption and privacy.

It's the cold hard truth, the overwhelming majority simply don't care. They don't understand why they should care and they don't care enough to learn why they should care.

With things like this, the average person continues ignoring it, until he feels directly threatened in the near future. Anything more than that and they start to think "meh...who cares...maybe another time"

Imagine in 1990 someone told you "in 20 years time people are going to be spying on themselves on a daily basis and providing detailed information about their lives to their government, they will login to a computer system and will enter what's on their mind, what they've been thinking about, who their family is, where they work, with whom they've had relationships with, what they like, where they have been, what events they have attended, their gender, sexuality, birthday, religious and political views and albums and albums of photos of themselves and those who refuse to spy on themselves will be rather alone, disconnected and viewed as rather weird for not participating in these wonderful activities".

Who would've believed that? To an spying/intelligence agency that sounds so good that wouldn't even be capable of imagining ever seeing it as a reality.

Yet here we are, 23 years later, and it sounds all too easy "Facebook", "Twitter", "LinkedIn", "Social Media". The population has been brain-washed to accept, adopt and love these tools with their cute names and logos and seemingly innocent appearance.

Before NSA and PRISM revelations you could call me a delusional, overly-negative, cynic, techophobe or conspiracy theorist. But not today. Today we know for a fact what is happening, and we know that's just the tip of the iceberg that we know about, and just like pre-PRISM times, there's probably a lot of nasty crap that we are not aware of until the next Snowden reveals it.

It all makes sense now.

growt 1 day ago 0 replies      
It's a nice idea, maybe the QR code could contain a link with the key itself, relevant information and links to pgp software.

I wouldn't count on Zuck though, he kind of lives from facebook being unencrypted.

sorennielsen 1 day ago 1 reply      
Agree somewhat except "don't know, click here to generate one"... I personally don't want Facebook to generate key-pairs. That is even worse then not having privacy.

The private key should never leave the users machine and should definitely not find it's way to one of the worlds biggest eavesdroppers.

Ask HN: What do you do with your dead projects?
5 points by bert2002  1 day ago   5 comments top 5
hashtree 1 day ago 0 replies      
If I can't properly develop and support them, they go to that big hard drive in the sky. I take the approach of failing as fast as possible. If code is in this state, it is now failing. It's time to move on to bigger and better things and not waste mental cycles (even minimal) or resources maintaining.
masukomi 1 day ago 0 replies      
They tend to rot on my system. The problem is that no-one really wants to pick up someone else's half-finished work unless they know the person really well and believe in the project, which is unlikely since they'd already be working on it and it wouldn't be dead if that were the case.
NonEUCitizen 1 day ago 0 replies      
I keep them. Some of them I revive a few years later (possibly on a different OS). Some others that don't get revived may still have useful pieces of sample code.
dschwartz88 1 day ago 0 replies      
They go on my GitHub. Most as public, some as private. The only ones that stay private are the ones that have some code I worked on for weeks solving a very specific problem that I may use at some point in the future for a business.
Ask HN: I'm a chronic procrastinator how do I break it?
322 points by procastatron  9 days ago   292 comments top 11
mduerksen 9 days ago 3 replies      
> it's starting to really gnaw at me


One concrete suggestion:

Develop the following habit. Whenever you are confronted with an unpleasant task X, there is a moment where your mind starts searching for other, more pleasant things to do. This is the moment where you have to implant the habit of asking - not yourself, but an imaginary judge:

"If I defer task X, will it become easier later?".

For some tasks, this may be true (e.g. taking out the trash is easier when you're heading outside for work anyway). For most, it's not.Use this question as an arbiter and follow its verdict.

And when you completed an annoying task, rejoice in the feeling of relief and accomplishment (maybe not the task itself was hard, but overcoming the unpleasantry was), and remind yourself of this feeling the next time.Rinse and repeat.

One more abstract suggestion:

You have probably heard it a thousand times from your teachers, parents etc. - "You could accomplish so MUCH, if just you would STRIVE for it..."You believe it yourself, talking about your "full capacity".

But it's not true. Or at least it's the wrong perspective, allowing for wishful thinking.

The current state you are in - that is your full capacity. More you do not know, because more you have never tried. Or, more drastically: More you do not have, because more you have never proved.

Maybe that's even the reason you are not improving your chore-handling abilities after all (if you allow me this unfounded speculation): You are afraid of hitting your limit (a.k.a. failing) to soon, realizing that you're not that capable after all.

Luckily, there is no such thing as a fixed, inate capacity. Your capacity will definitely improve when you start taking yourself seriously and stop generously sparing yourself the chores. Prove it to yourself what you really can do.

It always risky to advise a person you never met, so take this with a grain of salt. Hopefully it's useful to you.

nsxwolf 9 days ago 5 replies      
If you believe the stats on worker productivity that get tossed around here, 3 hours a day of solid work isn't terrible.

I have one piece of advice - one technique that I got from a cognitive behavioral therapist that helped me. It's pretty simple:

Pick a task you don't feel like doing. Set a timer. 10 or 15 minutes. Work on the task. Do not worry about the end result, or getting to a "good stopping point" or anything. When the timer stops, stop working on the task. Play another game or watch another YouTube video or something. When you feel like it, set the timer again and repeat.

The trick is that if you aren't worried about finishing the task you want to do, you can do the work without that feeling of discomfort and dread that makes you want to stop and distract yourself with something else.

The first time I did this technique, it was actually with dirty dishes and not work. I used to let them pile up because I just couldn't deal with it. I set a timer for 5 minutes and washed the dishes. It was a carefree experience. I walked away at the end, but then something funny happened - I soon wanted to go back for another 5 minutes. Pretty soon I finished the whole load of dishes and it wasn't unpleasant at all.

tehwalrus 9 days ago 3 replies      
Willpower is a muscle, which uses the same resource as brain tasks (programming, arguing)[1] - let's call it "cognitive energy".

1) don't waste cognitive energy on silly tasks (games, arguing in comment threads, etc.)

2) practice exercising willpower - it's a muscle, you can train it to be better. Start by forcing yourself to complete a routine every morning (the trick with habit forming is to not give up after you miss a day.) examples of habits to form below.

3) look into mindfullness meditation[2] - this can help you identify distracting thoughts as they arrive and practice ignoring them.

Meditating is a good habit to form as practice, and it will also help you get better at habits. You could also exercise on a schedule (and record when you do, including how heavy you lifted/how fast you were running). Eventually, with a stronger willpower-muscle, you'll be able to choose the fruit salad over the cake, even when you've just spent your 7.5 hours a day coding.

I've not found pomodoro to work for me as an easily-distracted person, it's better when you're prioritising work tasks (e.g. 25 code vs 5 email) and even then, 25 mins is too short for good programming "flow".

This is a hard problem, everyone has trouble with it. Good luck!

[1] http://seriouspony.com/blog/2013/7/24/your-app-makes-me-fat (HN discussion: https://news.ycombinator.com/item?id=6124462 )

[2] http://www.amazon.co.uk/Mindfulness-practical-guide-finding-... (US edition: http://www.amazon.com/Mindfulness-practical-guide-finding-fr... )

hello_newman 9 days ago 2 replies      
This is just my two cents, take it with a grain of salt as I am simply a humble observer peering into your life, with the little information you have given me.

I dont think you are lazy; I think you are afraid to fail.

Thus far in your life, you've had it easy. SAT's, Valedictorian, probably started programming when you were 12. You have seen your peers struggle to no end with this stuff, yet you've always been able to skate by, and still be better than most. At 21, to be making 130k a year is god damn impressive, not so much for the "money", but for what the money represents; knowledge and your skill level of your chosen craft.

The problem is, again from my perspective observing from the outside, you don't start something because you are afraid you are going to fail. You are afraid, that for once in your life where things have always just come naturally to you, that you will try something new and just fail miserably at it.

I don't think this is a matter of laziness; I think that you just think it is laziness, so you casually write it off as such without really examining the root of your problem.

I could be wrong, but I have seen this before. My sister sounds a lot like you; the oldest child (already the family favorite from that fact alone), perfect grades her whole life, captain of the cheerleading team (I shit you not), Valedictorian, great SAT's, accepted into some art school. She is very smart, makes 40k a year as a copywriter for some mucky-muck agency in LA. She talked to my mom about starting her own (my mom's suggestion) and her response was (surprise, surprise!) she doesn't want to be a failure because she knows most businesses fail.

Then, on the other hand, you have me. I am the only boy in my family (3 sisters), ADD, suffered from bad grades while being surround by 3 straight-A sisters, arrested at 17 for making a drug deal (long story), in some ways, the "black sheep" of my family.

I started an eBay business in high school, which made some money. Started a business in college selling hempseed oil skin care products, flipped inventory, invested the money into a side project/start up. Outsourced the development. Got interest from Nordstrom's, Whole Foods, Landry's, and Black Angus Corporate (I think a PE firm owns them) etc. Realized I loved this so much, told them I had to put it on hold, dropped out of school, and enrolled in General Assembly WDI in Santa Monica (was accepted into Dev Bootcamp, my mom got cancer, stayed closer to home, long story) and will resume operations once I can build the site from scratch myself. It's a B2B site .

What I am trying to say, is don't be like my sister. Your "perfectionist complex" seems to be the problem. I have failed, been called every name under the sun from my own family, and everything else in between, yet I keep going.

Failing is not that big of a deal; in our industry it is a badge of honor if done correctly. Don't be that guy, who in 20 years, regrets the things he has not done, instead of the things you have done.

My advice for this; fail. Fail hard. Go out and pop your "success cherry", and get the fuck out of your comfort zone. Stay humble, stay hungry, keep hacking and go change the fucking world man. Stop feeling sorry for yourself and just go do it. I mean really....what do you have to lose?

zwegner 9 days ago 0 replies      
> I know that I've been given a gift and that I'm a fucking idiot for wasting it, but I've just become a chronic procrastinator and it sucks.

As someone in a rather similar position (my life has been fucked up in so many ways from procrastination), one tip I can give you is to get rid of this mindset.

I feel horrible whenever I waste lots of time, looking back on how I spent my day, thinking "what the hell is wrong with me?" But the thing is, that attitude feeds much of the procrastination. I am an odd mix of being a total perfectionist, and really lazy, so it turns out that whenever I'm faced with a task that I don't really want to do, I'm quite adept at rationalizing ways to avoid doing the task. I think about possible roadblocks, or pretty much anything that would keep me from attaining my sought-ought perfection, and knowing that I'll have the same strong negative reaction later on that I always do, I just won't do it.

If you beat yourself up over procrastination, you're just subconsciously teaching yourself to not even think about whether you're procrastinating or not. Whenever you try and shift from unproductive tasks to work, it's much easier to just stay with the short-term dopamine kick of reading the internet or whatever, rather than dealing with harder decisions about what you need to do in the long term to be happy. Yes, this is backwards. Your subconscious is not very rational...

So, from my point of view, just do everything you can to recondition yourself to not hate working, and to not hate procrastination either. Just try to feel the bit of fulfillment you can get from writing code or whatever, basically just getting your shit done. Have patience with yourself, infinite patience, and know that it takes lots of work to get where you want to be, but it's worth it. You're the only one that can do this.

BTW, if you're like me, a perfectionist to the core, consider that this comes from a deep-seated insecurity, a part of your brain that tells you that you'll never be good enough. At least, that's the way it is for me, and it's been that way since my childhood, as far back as I can remember. On this front, I'd just try to evaluate your emotional well-being in the most balanced and unattached way possible. Get help if you feel like it. As others have mentioned, meditation can be amazingly helpful here, and exercise too. Unfortunately, they're both quite prone to being procrastinated on.

Good luck...

netcan 8 days ago 1 reply      
Me too.

Paraphrasing pg, going in to work and wasting 90% of your time is like getting uncontrollably drunk at lunch. It's very bad habit/behavior/addiction. So first of all, take it seriously.

Here's some things that work/have worked for me, in no particular order. They all interact and work best in bunches. None have cured me. All have helped.

1. meditation - many meditation practices develop your ability to prevent your mind from wandering. Letting your mind wander is a big part of procrastination. It also helps with patience which is also important.

2. Recognize the impulse and address it - This is very complimentary to meditation. You sit down to do a task, then your mind looks for some sort of procrastination (reading, games). Recognize that feeling and feel it. Don't fight it, just experience it for a few seconds. Then place your hands flat on your desk. Your feet flat on the ground. Straighten your back. Breath deep 5 times. The impulse should pass. Tweak this as you like as long as you recognize the impulse, experience it & have a little ritual (sitting straight, breathing, etc.)

This sounds like hippy dippy bullshit said out loud, but it doesn't feel half as lame when you do it. It is very effective.

3. Collaboration - If two people are at a computer, procrastination does not go on for hours. More generally, try to seek out work less procrastination-inducing.

4. Do work in small batches - Take 5 minute breaks every hour. etc. This increases the feedback to you that you are procrastinating.

5. Talk about it.

6. Accountability mechanisms - Your ability to hide is an enabler. Try timed screenshots sent to a friend. Twice daily 2 minute confessional phone call to a friend. Mirror your screen someplace it can be seen by everyone. Coaching sessions. Lots of options. Quirky is ok.

7. Drugs - ADD medication (eg ritalin) can help.

8. Sleep - Less Sleep = More Procrastination. Maybe you need more sleep. Maybe you need 10 hours. everyone is different. Try getting 10 hours for one week and see if it helps.

artagnon 9 days ago 1 reply      
I'll give you a no BS version.

Don't delude yourself into thinking that you're "talented" or "gifted". You're a product of your history: if you spent a significant portion of your life playing DOTA, you're a DOTA-head. In your case, you seem to have spent it trying to get people to view you in favorable light. It's as simple as that.

You're missing the big picture: if you spend 3 hours writing code, and 8 hours playing games, which activity do you enjoy more? Why is that? If you pick up saw and find that you're absolutely terrible at sawing wood and cut yourself multiple times, would you enjoy that activity? OTOH, if you go out and play football (or something you've been practising for years), and manage to score many goals for your team leading to victory, would you enjoy the activity?

Your discontentment arises from a simple mismatch between what you want to do and what you are actually doing. You apparently wanted the $130k job with 3 hours of boring work, and to get by in life (or did some alien drop you into this world while you were unconscious?). What is this sudden crisis about not "changing the world"?

I have nothing to say of any significance, and the only "answers" I have are tautologies. Maybe you can try attending some inspirational talks, reading self-help books? No, I don't mean that with any condescension whatsoever; figure out where you want to invest your time and invest it there.

panic 9 days ago 1 reply      
Although, I wonder if I really fucked my brain/habits up so much that I'll never reach my full capacity.

There's no such thing as your "full capacity". What you're doing right now, that is your full capacity. Either accept that you're at your limit or actually do something to prove you're not.

kstenerud 9 days ago 2 replies      
I had the same problem. The standard school program was easy enough to just coast through, as were my first few jobs. At one point I was working on Monday and goofing off the rest of the week.

What changed it? Probably some of it was age. Your outlook on life and what's important changes as you get older. I spent a fair bit of time talking to people 10, 20, 30, and 40 years older than me, and while I usually didn't agree with them, I did remember their words. After 10 years I was rather shocked at how my outlook had changed. Now it's coming up to 20 and I've definitely changed yet again. How do you achieve the wisdom of age without actually having to spend years aging? Beats me! But I sure learned to appreciate it regardless.

Another thing that happened is I started taking on harder and harder things. It didn't matter what, so long as it was difficult enough that it would take me years to master. Boxing, welding, classical guitar, open source projects, running a business. I just kept adding things on until I didn't have enough time to even breathe. Then I somehow managed to find the time to get all these things done. And then I piled on more, until I finally reached the point where I literally did not have enough hours in the day to get everything done. Then I dropped some stuff until I felt comfortable again.

Now I no longer have time for video games or TV (except for the odd time when I'm taking a sanity break, which is maybe once a week for a couple of hours). I have shit to do and a daily routine that gets it done. I had to organize my life because I had too much stuff to do! Now I deliberately carve out time to be with friends or do something crazy. Otherwise I'm busy at work, practicing one of my hobbies, or I'm at home on a Sunday, deliberately doing nothing all day because I've scheduled a "do nothing" day.

So my advice to tackle procrastination would be: Fill your life with so much stuff that you can't afford to procrastinate (It's even better to get into a few things you can't get out of easily). You'll figure out how to organize yourself. Then you back off a bit to get some balance back into your life.

ja27 23 hours ago 0 replies      
Sounds very familiar. You've trained your whole life for working slightly hard for short periods of time and getting enough done to keep up. The only way I've seen to fight that is to do things that can't be mastered quickly: chess, playing music, sports, etc.

There are also certain lines of work that would work better. You're probably never going to fit into a software developer role if you're expected to spend 1-3 week sprints delivering chunks of functioning code. You would probably excel at a top-tier customer support role where you dug into hard problems and diagnosed other people's code.

One thing that's helped me is to keep a very visual record of progress and become a widget-cranking machine. Break everything into discrete tasks that are either done or not done and put them on PostIts or index cards and plaster them all over the wall where you can see them. Mark up the completed ones and keep them around and visible.

Another thing that helps me a lot is to get away from electronics. When I have a document I need to review, I print it and go somewhere without my laptop or even my phone. I'll also pull out a Moleskine or even some printer paper and go somewhere electronic-free to try to dump all of the things I'm thinking about. Sometimes I'll even write out a bit of a journal entry just to clear the junk from my head.

You could listen to Merlin Mann's podcasts and read his writings, but he's got the same problem with no real solution. Some of his talks with David Allen (Getting Things Done) and his 'To Have Done' talk helped me a bit: http://www.43folders.com/2005/10/16/43f-podcast-the-to-have-...

You could find a way to move into working for yourself and build product, not service, business. Then nobody except you will notice or care if you work 3 days a month.

skue 8 days ago  replies      
The fact that this has been going on for years, and that you feel the procrastination is holding you back from your full potential does sound like it could be ADHD, as others have mentioned. Also, ADHD tends to run in families. So if your dad is the same way...

Most people associate ADHD with kids who struggle in school. But highly intelligent people can have it too. It still holds them back from reaching their potential, it's just that their potential is much greater.

Here are some things to ask yourself:

* Do you also procrastinate non-work things such as buying gifts, paying bills, calling people back?

* What is your home like: Do you have a lot of half-finished projects, "piles", or chores that never get finished?

* Are you always running late because you are busy doing other things, or underestimate what you need to do to get out the door and get to your destination?

* Do people tell you that you frequently interrupt others when they are talking?

* Would you describe yourself as a risk taker and more prone to high adrenaline activities? How the friends you keep?

* Are you only able to focus with the help of caffeine, guarana (eg, Vitamin Water Energy), or other energy drinks?

* Do you use nicotine to relax or be more focused? (If so, please stop and see a doctor.)

* Do you use alcohol, not to get drunk or for the drink itself, but as a way to unwind or slow down at the end of the day?

This is a good book: http://www.amazon.com/Driven-Distraction-Revised-Recognizing..., which reminds me of another question:

* Do you buy/start a lot of books, but rarely seem to finish them?

Read enough of the book to see if this resonates with you. If it does, the next step would be to talk to (a) your doctor if you have one, or (b) find a psychiatrist in your area who specializes in ADHD. The book can help you find resources.

Edit: Just to be clear, this list is NOT meant to be diagnostic. Although I happen to have an MD, I am NOT a practicing physician no one should assume they have ADHD based on any list like this. I would only say that if many of these things hold overwhelmingly true for the OP, then it might be worth learning more about ADHD and finding a professional to begin a conversation.

Yes, ADHD and meds sparks a lot of cynicism in some people. However, one reason I recommended that book is that the authors present a balanced approach to meds. One of the authors has ADHD, but doesn't find that meds make much of a difference for him (they reportedly are ineffective for 25% of adults with ADHD). But they have helped many of his patients and his own son.

Show HN: TrueVault.io | A HIPPA compliant backend for your healthcare app
11 points by jason_wang  2 days ago   6 comments top 5
count 13 hours ago 0 replies      
A couple of notes:

Knowing that YOU audit things is nice, but I also want you to be audited by a 3rd party in some formal context (SSAE, ISO27000, whatever).

You guys are apparently really early, but if I'm going to build a HIPAA app, and you're the ones holding my data, we're going to have to sign a legally binding flowdown agreement: that's not usually compatible with 'click to sign up' style stuff. Have you had a legal team look at how that process is supposed to work?

Are you actually hosted on AWS (I know the marketing page is Heroku, but I understand that doesn't mean the actual app is)? Have you signed a business associate agreement with your cloud provider, if you're using one?

In fact, there's no mention of legal anything anywhere on your site (SLA, ToS, etc.) I assume some of this is behind the customer signup link? It really needs to be out front - anybody doing HIPAA has (as you should know!) pretty intense legal/regulatory issues to make sure are contractually guaranteed.

And, beyond all that, and this might just be me:I have no fucking clue what your system provides? It looks like it's an HTTP data store, but that could mean a million things. Is it more like S3 or something like Redis?

That said, the site is good looking! If you want to put out 'rapid start' type stuff, you should probably have significantly more api and other information out on the public page (assuming it's behind the signup link).

brudgers 2 days ago 0 replies      
phony1 2 days ago 0 replies      
* On my 1920px wide screen, your banner message stretches to the edges. It makes it really hard to read.

* The spinning gear for 'Rapid Setup' really distracts me. Animation is good when used well (perhaps to direct people to the sign up form?) but this looks like it is not well thought out.

* The features panels have blank space underneath them. It looks weird and incomplete. You should make their heights consistent and the height should be set to that of the tallest panel.

* The scrolling threshold for the menu banner appearing is too high - it feels unnatural. I think it should appear earlier. Is there another site that uses the concept that feels more natural, so you can copy their timing?

Sorry, no comments on the actual product as I'm not in your target market.

skram 2 days ago 1 reply      
Very interesting. Been seeing a need for something like this for quite a while, both as a developer in the health IT space as well as someone who has had to sign BAA's and work within HIPAA guidelines in large organizations, often rendering them inflexible with modern technology.

I signed up and am really interested in hearing more such as what the time line looks like. In short, my company is a group of clinicians + developers.

www.aqua.io may or may not be doing the same thing.

kohanz 1 day ago 0 replies      
clickable link: http://www.truevault.io
Ask HN: Best options for an alternative online MBA?
2 points by b2hack  23 hours ago   3 comments top 2
keiferski 17 hours ago 0 replies      
Well the main draw of an MBA program is the network. The information itself isn't really that hard to come by (The Personal MBA is pretty good.)

So, honestly, if you can't do a top MBA, or even a MBA in person period, don't bother. You'd be better off reading a bunch of books and networking at a ton of local events.

mazeway 22 hours ago 1 reply      
Read Personal MBA, then join/start a startup.
Ask HN: can I visit your Berlin office?
5 points by FiloSottile  1 day ago   2 comments top 2
reiz 1 day ago 0 replies      
You are welcome to visit the VersionEye office at Brunnenstrasse 181 in Berlin Mitte, close to St.Oberholz. We share a big office with 3 other StartUps. We are 3 people in the office working every day on http://www.versioneye.com. I am currently not in Berlin but you can use my desk anyway. @timgluz on twitter can let you in. Just contact him.
timgluz 1 day ago 0 replies      
I used to hack @St.Oberholz on weekends. And sure we can talk about startupping, Clojure, d3.js - just lookup laptop with VersionEye and Datanerd stickers.
What Linux Distro is the best for a developer on a laptop?
10 points by mrt0mat0  2 days ago   25 comments top 15
chao- 2 days ago 0 replies      
There is no "best". There is only "best for your needs". I'd recommend changing the title, lest people take it wrong and derail the thread.

If by "works" you mean "has a familiar and mostly-polished interface", then I would agree. If you like Mint so far, go with that. To give a comparison on the "other end" of the user experience spectrum, try Crunchbang. It is the same underlying ecosystem as Mint (Debian), but builds itself out of a handful of more minimal components. It's my go-to dev distro because it's just enough to get work done in, and nothing more.

If you've tried "the big common ones", then you've hit 90% of the mainstream options. If you need something special, unique or custom beyond those, you definitely would have identified those needs in your post.

sehrope 2 days ago 1 reply      
I use Linux exclusively on my desktop and have had a bunch of laptops over the years with Linux installed (mainly Debian based). It's never been quite pleasant though. I work primarily off my desktop so I wouldn't mind it that much but it was never good enough for me to be happy when roaming.

I recently got a Macbook Air (the new 2013 one) and it's working out pretty well. Rather than deal with a desktop Linux OS I've got everything running in VMs and either work through them or cloud based remote servers.

For casual computer use (web browsing, email, etc) I use native apps. For software dev I use a combination of SSH to VMs/remote servers and native text editors accessing shared filesystems (mainly sshfs).

I still much prefer my desktop (a real keyboard is always way better) but at this point my laptop is tolerable enough that I can roam around and actually get work done.

angersock 2 days ago 1 reply      
I've greatly enjoyed #! (Crunchbang):


It's Debian based with minimal extra bullshit, has a super-friendly config script right out of the box on first boot, and uses OpenBox as the WM. Very snappy and minimalist distro.

a3n 2 days ago 0 replies      
Since you're on Mint you're in the apt-* world. One of the Mint variants is probably best for a combination of minimal configuration and latest-ish packages in the repository. Debian itself (the final stop upstream from Mint) would be good if you want to be involved with your own system's configuration for whatever reason; its packages will be somewhat more out of date, possibly more stable.

If you're selling into an enterprise that requires RedHat, Oracle etc, then possibly CentOs for cheaper development costs as compared to developing on RedHat itself. Those are in the RPM world.

So many other ways to slice this pie, depending on what you need and how involved you want to be with your disto as opposed to whatever it is you're doing.

LarryMade2 2 days ago 0 replies      
I've been using Ubuntu for almost ten years now. What got me here:

- Package management: DEBs were sooo much easier to deal with than RPMs.

- Hardware support - usually everything just seemed to work or there was a forum discussion with a solution on what to do about it.

- Good variety of included packages.

- Excellent support forums, even if you are doing non base Ubuntu stuff there's probably a discussion a 'google' away that covers whatever issue you have.So, even tough Canonical does not-so-pleasant things to the UX, you can easily find ways to fix your experience and back to developing.

If you have similar positive experiences with Mint, why switch? Figure out what you are missing or looking for first.

LoneWolf 2 days ago 1 reply      
There is no best, there is a specific distro you will like using and find a better fit for your needs.

Take this example, some years ago I tried Debian, SuSe, Mandrake, and a few others, ended up using Gentoo and it is still my distro of choice, I won't say it's the best for everyone, but so far has been the best for my needs.

CyberFonic 2 days ago 1 reply      
I prefer Debian based OS, e.g Ubuntu, Mint, et al.

Then all the windows managers are a mere apt-get install ... away.

The only thing that irks me is the driver support for laptop peripherals. Still can't get MBP to run as cool and for as long on battery with Linux as with OS X. I've given up on VmWare as it seems to churn the CPU even doing very little.

grumps 1 day ago 0 replies      
I'm more of hobbyist developer, although I could probably switch to professional but I'd have to pick PHP... and I'm not so crazy about that.

Anyway at work I run Ubuntu 12.04. Mostly because I find it to be a little more forgiving than Debian out of the box.

At home a run Debian Sid. I ran Wheezey for almost a year and when it was released as stable I switched to Sid. My only real issue is the lack of the full Firefox.. Right now I'm pretty sure I have the one installed from a mint repo. Ice Weasel just isn't the same. For example when using outlook it would set my spell check to Bolivia Spanish. Despite the default being English.

ericcoleman 2 days ago 1 reply      
It's really just up to what your personal preferences are, mostly related to packaging and setup.

I've been using ArchLinux for a while, but have been slowly moving to stock debian.

baconhigh 2 days ago 0 replies      
IMO the "best" is the one that requires the least amount of futzing from you to get your job/work done.

You don't want to waste time setting up X.. resolving dependencies.. making things 'work' that should 'just work'.

So, whatever solves that?

Personally, I've gone for the latest available release of Ubuntu where possible, although recently i've started using OS X and shelling into a linux machine to do any necessary work that requires it. I find OS X provides a decent *nix underneath and with the addition of http://brew.sh/ - makes it a viable choice for me over a Linux set up.

codemonkeymike 1 day ago 1 reply      
When it comes to compatibility you should think of a debian kernel based distro. Ubuntu, Mint(What I am currently using), or Debian(Stable, Testing, Unstable etc etc). If its your first time using Linux I would stick with something that is familiar to a Windows user, Mint.
cyberviewer 1 day ago 0 replies      
My suggestion is crunchbang ;) try and you will understand ;) http://www.crunchbang.org/
asenna 2 days ago 0 replies      
I started off with Ubuntu but moved onto Mint. I love Mint 14 and I don't feel the need to use anything else. For some of my clients working in the Microsoft environment, I use windows in a VM with a shared folder. Works great.
mtgx 2 days ago 0 replies      
The best for what? If you want something easy and like Windows 7 UI-wise, then try Zorin OS.


dsschnau 1 day ago 0 replies      
fwiw i run Fedora 19 on my Asus Zenbook and I love it.
       cached 11 August 2013 12:05:01 GMT