hacker news with inline top comments    .. more ..    24 Feb 2016 Ask
home   ask   best   3 years ago   
Tell HN: HN and Slack Office Hours with YC Partners this Friday
31 points by kevin  15 hours ago   7 comments top 2
kevin 15 hours ago 1 reply      
Jared will also be doing open office hours on Slack from 2-4pm PT on Friday (Feb 26). If you'd like help with your startup, but want your questions answered in a private setting, sign up here by end of day on Feb 23:


minimaxir 15 hours ago 1 reply      
"Tell HNs" no longer appear in the HN front page, which seems unintentional given announcements such as these.
Ask HN: Does HN move too fast for 'Ask HN'?
43 points by J-dawg  18 hours ago   9 comments top 6
brudgers 17 hours ago 0 replies      
My understanding is that "Ask HN" questions have a different "gravity" and sink more slowly. That said, I suspect that the average quality of an "Ask HN" question is not much better than the average non-spam submission...maybe worse since meta-discussions are fairly common and lead to dull comments like mine here.

Even non-meta questions can be rather lazy...I mean a couple of throw away sentences that don't provide much context suggest that it's probably not that important.

For example: https://news.ycombinator.com/item?id=11160872

Versus: https://news.ycombinator.com/item?id=11149361

While I don't think of "Ask HN" as StackOverflow, there's something to the response "What <code> have you tried?" and the idea that a two sentence question doesn't necessarily deserve a long detailed comprehensive answer.

27182818284 17 hours ago 0 replies      
The overall quality of Ask HN questions is pretty hit or miss compared with other submissions in the News section. Often times there are Ask HN questions with no context, that border on spam, really aren't asking a question, or would be better served on Stack Overflow.

so I guess what I"m saying is that I'm not particularly surprised by its speed, because a lot of the stories submitted to deserve to decline quickly

monroepe 17 hours ago 1 reply      
While I agree they do get lost quickly, there is an "ask" link in the header. I check there every so often, but maybe I am in the minority.
cremno 13 hours ago 1 reply      
>One solution would be to give them their own separate 'new' page.

It's not exactly that but https://news.ycombinator.com/ask exists.

throwaway21816 18 hours ago 1 reply      
Will this Ask HN become its own self fulfilling prophecy?
beamatronic 18 hours ago 0 replies      
Yes, absolutely 100% yes.
Ask HN: How do you track what you learn?
5 points by pipu  7 hours ago   2 comments top 2
arrmn 2 hours ago 0 replies      
A few weeks ago there was a post[0][1] on hn from a guy who wrote a daily til for a whole year.

I stole his idea[1] and created jekyll blog on Github, I can just create a new .md file and put the things for the til down. With the new upload feature from github you can also just write the md file locally and just drop it in.

I like it so far, just need to get in the habit of writing it down daily.

[0] https://news.ycombinator.com/item?id=11068902[1] https://github.com/jbranchaud/til[2] http://arminmsg.github.io/blog/til/http://arminmsg.github.io/blog/til/

zwetan 7 hours ago 0 replies      
personally I use a local wiki to keep notes, links, research etc.


Ask HN: Dealing with users who share child porn?
10 points by chejazi  14 hours ago   6 comments top 3
NameNickHN 13 hours ago 1 reply      
I run a couple of short URL websites and this kind of short URLs along with links to phishing and spam sites is what you'll get on a very regular basis in this business.

Those short URLs are often being used in mass mailings, guestbooks, comment forms etc. and they'll get reported pretty quickly to URL blacklists. That gives you the chance to disable the shady short URls before too many people come across them.

Here is a list of URL blacklist providers that you should check each URL against, both before accepting it into your database and again before you deliver it to the user:

multi.surbl.org, uribl.swinog.ch, dbl.spamhaus.org, url.rbl.jp, uribl.spameatingmonkey.net, iadb.isipp.com, dnsbl.sorbs.net

You can find out more about this stuff on http://www.surbl.org/

Since I've implemented these checks I only receive complaint emails every other month and no contact from the authorities so far (in contrast to the disposable email services I run).

When you get a complaint about a URL, your software should allow you to disable all the URLs of the reported domain. There are times when the spammers have taken over a forum (or any site really) and created a large amount of spammy content.

Hope this helps.

bifrost 14 hours ago 1 reply      
The EFF may be able to help you.I would prepare a document with the logs/info that you have in addition to a copy of your privacy and data retention policy. You may also want to doublecheck to see if the submitter IP is a Tor node, that'll make everyone's lives easier. I believe the FBI has a special taskforce for this should you contact them.
brudgers 10 hours ago 1 reply      
{Random advice from the internet}

My first thought is to wonder why someone would want to be in a space where an arms race against people devoted to child porn was both necessary and constant. Particularly when that space wasn't providing capital sufficient to retain a lawyer.

My gut tells me that as a matter of will, it's going to be hard to keep this class of activity from reoccurring regardless of how this incident works out and that scaling the service will scale the headaches of monitoring and policing user behavior along with it. Personally, I'd rather deal with users I liked. YMMV.

Good luck.

Ask HN: Is there a free/fremium hash table in the cloud with simple HTTP access?
7 points by THRWAWA20160222  18 hours ago   7 comments top 3
xyzzy123 17 hours ago 2 replies      
I'm not aware of any services with the simple API you're looking for (neat idea), but there are a lot of more complicated solutions.

What are the key/value durability requirements? (OK to drop values now and then, or does it need to keep them until the end of time?). Need backups? Do values expire, or do you have to expire them manually? Since you can't enumerate or search, how do you delete things? Allowed sizes of keys and values, between bytes and terabytes? How far should it scale? Shared namespace, or namespace per user? Do you need a latency guarantee? How low? Are you gonna use it for something important and need an SLA on the availability of the service as a whole?

A couple of "nearby" points in the solution space:

Amazon S3 is a KV store where the keys look like filenames and the values look like files. High durability, good scaling, pretty high latency. You could also obviously paper a KV store on top of ElastiCache or DynamoDB, which are going to have different properties.

Going low-level and implementing your own in say, golang would probably be the most fun though :p

Hard to say if we could use a SAAS KV store at work without a lot more technical detail on the solution. I'm having a hard time thinking of an app where you'd want a KV store, but not need a database or NoSQL store which you could use instead.

bifrost 17 hours ago 0 replies      
I have seen a couple variants, but none of them have stuck around for long since they ended up being CnC for botnets/malware/etc.

I think it would be safe to assume there are also collision problems in unauthenticated ones as well...

mike255x 18 hours ago 1 reply      
You can use any REDIS service on the cloud. An example: https://redislabs.com/. If you are on Heroku there are multiple REDIS plugins.
Ask HN: Does this old horse have a few years of useful work left?
138 points by andywood  2 days ago   107 comments top 31
m0nty 2 days ago 2 replies      
49 here, I'm not enjoying working in IT nowadays, I think it got old about 5 or 6 years ago. So I quit and I'm pursuing my own projects, doing some programming, and trying not to worry too much. I could have ground it out for a few months more in that lucrative contract I had, but just how long can I put up with being that bored?

Personally, if I have to go back to the circus, I'll probably aim for short contracts or part-time work. If you're looking to reskill, I see plenty of sys admin jobs out there. Except you're supposed to call them "Dev Ops" nowadays. Puppet, VMs, Vagrant, Ansible, cloud computing (Linode, Amazon, etc). It's a relatively small domain which is applicable to many different areas of IT, so you get that "good old days" thing where a little effort goes a long way.

Good luck with whatever you do. Don't let the demons of despair take you, make a deliberate effort to be optimistic and cheerful. You're not the only old horse out there wondering when it all became so complicated. OTOH, it's truly an incredible time to be alive, so much stuff going on!

hkmurakami 2 days ago 3 replies      
Have you considered embedded software? What you describe and long for (including all the constraints) seems to match the needs and challenges of embedded development.

Example of places would include TI, Intel, Atmel, etc., and also hardware makers that use their chips.

Firegarden 2 days ago 4 replies      
I am 36 and been contracting full time since I was 22. Really I was only an employee at my first programming job. The concern that you have is of technology stack. The concern you are alluding to is how to stay relevant when being an older person. The first concern is easy. Stick with some fundamentals. JavaScript for example is a perfect choice. By now we should all know JavaScript and another example is the Dom APIs. Those are solid gold. CSS of course and after that your good to go learn some cool framework like ReactJS. Given that you know C then C# is likey to be your best friend. I have stuck with .NET since its release in Feb 2002 and always have been a productive developer. I have used every version of Visual Studio. So after drawing a few boxes around things the world gets smaller. .NET was just ported to linux and renamed Dot Net Core 1.0 with its first release expected soon. So I would say .NET is as safe a bet as any. Of course there is the small challenge that .NET isnt cool in the start-up world. That is mostly due to haters having to hate and not based on merit. So the technology choices get easier and easier if you start to zero in. Dot Net has an MVC framework which is at version 6 but I think maybe renamed to Core 1.0 as well. Your tech stack isnt a problem. Stick with those and you will find something. As for your hourly rate I can tell you from experience the global market is making it very competitive so suck that up. As for getting too old to program that is not actually the question. The question to ask yourself is can you find and follow your excitement. We are in the golden age. There are a few leading edge sources which deal with this. I love Bashar and Abraham-Hicks. To quote Bashar When you understand what excitement is, you'll understand why you don't have to look at every little detail to know what to do.

Your excitement is telling you that's the next thing you need to do. Following your excitement is actually the shortest path to what you want.Act on your joy to the best of your ability. If you look at all your options and realize that taking a walk or driving your car or calling a friend is the most exciting, then THAT is the thing to do. When you can take no more further action on that thing, then look around for the next exciting thing you have the greatest ability to take action on and do it.

Excitement is its own self contained kit and its own driving engine.

rhapsodic 1 day ago 0 replies      
You have one of the most marketable skills in the world (programming), you've been at it for a good while (at least since C jobs were commonplace, apparently) but you're sleeping on couches and only lasted 4 months at your last job? I suspect there's a lot more to this story than you're telling here.
justin_vanw 1 day ago 1 reply      
You are clearly omitting the most important part of your story. Are you an alcoholic? Bipolar? Do you suffer severe depression where you stop showing up for work for weeks at a time? Schizophrenia?

I wish you the best, but it is silly for you to act like you 'just can't deal with it' rather than just admitting the real issue and trying to get help.

spc476 2 days ago 0 replies      
I'm 47 and am currently doing work in C, C++ (as little as possible to tell the truth) and Lua. While I'm in a small department (3 man team excluding our temporary manager [1]) I'm also the youngest one on the team (and even more oddly, the one with the most seniority on the team). So I'm sure you'll be able to find something.

[1] The department I work in is needed in our company, but it doesn't really fit in with the rest of the company [2], so finding a manager has been ... interesting as the only other person in the company that understands what we do is a vice president of the company who is busy with other work.

[2] The company as a whole develops software for Android phones. My department is there to support our software on the call processing side of things, so we get to deal with SS7.

FrankyHollywood 5 hours ago 0 replies      
"but the day-to-day workflow was tedious and torturous". I guess what you describe is something every oldtimer in every discipline recognizes.

How do you think a dentist feels after 30 years of 'could you open your mouth a bit further, tnx, yeah, well let me see, sir do you floss at a daily basis? Especially the back teeth need some more attention...'

Saying you are a 'C' guy makes no sense, sounds like you have forgotten about all the shit you had to take care of in the old days :)

There were tens (or even hundreds?) of C variants with there own compilers, frameworks, platforms, non-compatability, dll-hell.

I have had a great time working in a simple application management team, and a horrible time working in a startup with advanced search technology.

My experience is nice coworkers make or break the day. A boring team is killing, even if the project is great.

danieltillett 2 days ago 1 reply      
If you leave a job at a large company when you have no savings then nothing we can say will make any difference. Do whatever your heart wants.
fighne 2 days ago 0 replies      
I'm 51yrs old, and been in the IT 'game' 33yrs.

Programming is programming, one language is not much different from the other. There are jobs for low level coder's ( think; drivers, kernel porting, RT ). Web has diverged 'front end' or 'back end' take your pick. Work remotely is another option. The niche makes it easy for the employment people to pigeon hole you. If you have that need do a couple of CV's tailored to that niche.

Don't believe the startup 'shit' that only a committed programmer can work there and you need to give 60+ hrs a week.If you get that spiel, get up walk out. They will use you and throw you away.

I've seen 60+ hr code, it's; crap, bug ridden, security nightmare. In the 'Agile' short term for a startup it's great for the long term...! Strange how Facebook changed their moto about 'breaking it' didn't they when it got serious.

I still come across young 'coders' who aren't programmers telling me that JavaScript isn't an Object language. Strange how the function is a first class Object!

I got asked in an interview recently if I could name a design pattern. I responded with "ow you mean 'Gang of 4', how about observer" the reply was " No not the old band and that's a newspaper" I laughed got up walked out. Then sent an email to the CIO telling him the reason his IT stank was that he had inexperienced people working for him. Strange that company no longer exists :)

Sometimes you got to 'pony up', do the 9-5 so have a nice hobby. Take the crap, but not for too long otherwise you start believing it.

When you find the right role you'll know. They don't always pay the greatest, the atmosphere is good, and you'll want to get up in the morning to do it.

Strike a life balance, your mind is your tool. Burn it out and abuse it then you'll loose it.

So you'll find me, sat at a cafe or bar along the Med. My laptop isn't the most modern (actually it's a 5yr old MacBook Air ). I'll be unpicking some crap code, putting in comments, and applying some old proven techniques. If you can stand the smell of Gauloise Disque Bleu, I'll buy you a beer.

_rpd 2 days ago 1 reply      
I'll suggest learning a real-time operating system like VxWorks, and then writing code for embedded systems. Lots of challenge, interesting projects (robotics, etc), often safety implications that require a mature attitude towards quality control.
jkot 2 days ago 0 replies      
C and Assembly days are not gone. It is quite well paid and widely used language. Perhaps just change environment?
typhonic 1 day ago 0 replies      
A couple of years ago, right before my 58th birthday, I saw this posted on HN. https://news.ycombinator.com/item?id=6640430 It says more than I can, but I will add one thing. At about that same time my company hired an engineer a year older than me. He's still doing a great job. I'm not in precisely the same business as you, but it's close enough that I still read HN.
fit2rule 2 days ago 0 replies      
> I sure miss the "good old days" when you just focused on writing a single app in C that ran on a well-understood machine, or even a single well-understood OS API.

No, those days are alive and well in the embedded/IoT world. I suggest you look into doing some embedded work, if you want to return to that style of development ..

bonobo3000 2 days ago 0 replies      
It sounds like you like knowing how the whole thing works, end-to-end. At big companies with so much pre-existing code & infra, thats not really possible. Maybe a startup would be a better fit for you? Thats one of the things I loved about working at a ~60 person startup, I had visibility and decision making power over all levels of what I was doing.

Of course it depends on what your definition of end-to-end is, as the rabbit hole can always go deeper.

blfr 2 days ago 2 replies      
Perheps I'm in a bubble but everything seems to be running on stock Ubuntu VMs nowadays, occasionally disguised as Docker images. Either that, or iOS/Android.

As for the game, our very own patio11 and tptacek have developed something a lot like that but with the end goal of getting you a job aside from all the fun: http://starfighters.io/

agentgt 1 day ago 2 replies      
Big picture... things could be far far worse for you.

Its pretty hard to give any sort of advice with such little information. I'll just say you really can't fall in love with the technology but rather you should love solving problems... ie be technology agnostic. There are lots of real world problems still left to be solved.

I also have some doubts that you seriously took advantage of working at Microsoft. I can tell you working from home with my own company you really really miss learning from others. The idea making synergy and excitement of being around other smart people even if its only during lunch break is a huge highly underrated benefit long term.... and now you will be sitting on a couch.

I honestly can't figure out if it is your goal to just program simple little programs with assemble or C? Is that what makes you happy? Did Microsoft not challenge you enough? Again serious lack of information.

raverbashing 2 days ago 3 replies      
You can definitely find work in Asm/C level today, at hardware manufacturers mostly (silicon vendors usually)

Or look into today's C: Go and Rust

g1n016399 2 days ago 0 replies      
How about being a compiler engineer in the UK?


theparanoid 1 day ago 1 reply      
People still get paid for work almost exactly like the TIS-100 game. Notably GPGPU programming. I switched from webdev to playing with h/w chips and mostly haven't looked back.

It's more difficult work.

joefarish 2 days ago 0 replies      
If you were able to get a job at Microsoft, I'd be surprised if you couldn't get a job elsewhere. Maybe look at remote jobs and moving to a low cost of living area if you are broke and sleeping on couches. Perhaps you might find these links useful:



dustingetz 1 day ago 0 replies      
Maintenance programmer at defense contractor? Most of those programs are permanently stuck in the "good old days"
bane 2 days ago 0 replies      
Depending on your background, taking a gig in R&D or a rapid prototyping shop can be very clarifying, and you get to use and bring to play lots of old skills the young folk don't even know about.

You don't have to really worry about framework, just pick one. Or you might end up reworking fundamental data structure code, which can be really fun for an exercise of algorithmic design.

On the other-hand, maybe it's time to go multi-disciplinarian, take a gig connected to, but completely outside of your comfort zone. Nothing put me into a state of panicked "I need to learn from the firehose" mode faster than this. I'm not even talking technical work, go be a manager, or an industry analyst, work on soft skills or liberal arts fields. Your old skills can provide interesting viewpoints nobody else has.

scrrr 2 days ago 2 replies      
Hm, I am not bored yet, but I think I might be bored in the future. So I was wondering if I should go back to university and study something interesting, Physics perhaps, or even pursue a new career, like becoming an airline pilot or so..
andrewstuart 2 days ago 3 replies      
Errr... sounds like you don't want what to do what the job has become these days. Actually sounds like you don't even want to be working. Have you thought about doing something else entirely, try to find something you enjoy?
coldtea 2 days ago 0 replies      
>* I sure miss the "good old days" when you just focused on writing a single app in C that ran on a well-understood machine, or even a single well-understood OS API. But those days are mostly gone. Now it's all distributed, multi-level conglomerates of varied frameworks and languages sort-of working together. I can't decide whether I have any interest in that. I sort of envy the people who can simply state, "I am a Rails dev" or similar.*

Well, there are tons of places that use C developers.

nathan_f77 2 days ago 2 replies      
I don't know if this will help, but I can pick the niche for you. Here are the languages and frameworks you should be learning today:

* JavaScript (ES6), Node.js and Express, React

You should also get a refurbished Mac Mini or Macbook, and start learning Swift for iOS development. Put together a few simple apps. There's a lot of jobs for iOS developers.

A lot of Rails developers seem to be moving on to Elixir and Phoenix. So I'd keep my eye on them, too.

z3t4 2 days ago 0 replies      
Look at companies that make smart devices, such as sensors.
bjornlouser 1 day ago 0 replies      
> So, my most recent stint at Microsoft just didn't work out. The tech was cool, but the day-to-day workflow was tedious and torturous.

This sentiment will typically go unchallenged because we all know that micromanagement is here to stay. Still, please do share the juicy bits that led you to become dispirited.

BinaryIdiot 2 days ago 1 reply      
Perhaps sign up and participate in the Launch Hackathon[1] at the end of the week? Best case scenario you start your own company. Worst case scenario? You have a fun time just sitting there crunching on a problem you're interested in.

[1] http://www.launchhackathon.com/

_pmf_ 1 day ago 0 replies      
You need to look into industrial automation / measurement device manufacturers. Custom Windows software, PC-only, well defined interfaces[0].

[0] Relatively speaking ...

jqm 1 day ago 0 replies      
I live in a small town and used to work with a guy who was Microsoft Windows phone support at one point before they transferred the role to India. He wasn't a programmer. He wasn't an admin. He was phone help support as in "I can't get teh google to come up when I push the power button... pleaz help!".

He has gotten the best job offers in the area including an interview for head of IT for the entire school district. He doesn't even have a college degree. He is good guy and I enjoyed working with him, but at the risk of sounding dismissive I didn't observe him to be very motivated nor a top level problem solver nor see that he possessed much high level knowledge.

Point being... with people who don't know better the word "Microsoft" on a resume is a golden ticket and a guarantee that one is top caliber talent and highly knowledgeable. So there is that in your favor....

Ask HN: What are your thoughts on pair programming?
10 points by aprdm  19 hours ago   9 comments top 8
isaachawley 16 hours ago 0 replies      
I worked at a place that had pairing stations at separate tables in the team area. We were supposed to pair when doing any coding.

In practice we paired when doing difficult stuff. It worked well.


Don't pair at your desk. Use a pairing station.

Pair for a task, short if possible. If not, timebox.

Pair for short periods!

Train yourself to be productive while pairing. Don't relax. A short period of hard work.

Pick a consistent pairing time and make it a habit. Such as after standup, after lunch, whatever. Some times when you would not be productive solo, like after lunch, you can be productive in a pair. Experiment.

Failure modes:

Long, unproductive, exhausting pairing periods. People will quit.

That one guy that nobody wants to pair with. Happens, sorry.

Sitting there twiddling your thumbs while your pair partner writes an email. Only pair for coding / debugging / testing! Don't pair at your desk.

brianwawok 16 hours ago 0 replies      
It is cool for a really hard algo or for bringing up a new guy to speed. To do it 100% of the time? That is torture. I would not work in those conditions.
_RPM 8 hours ago 0 replies      
Some people think pair programming consists of one person sitting with another person at their disk taking over their workstation and having them just watch. This is actually horrible and hurts the body because looking at the screen for a long time in a weird position aches. I had this happen at an internship of mine before. I loathe that experience.
hacknat 11 hours ago 0 replies      
Sure I'll do it...on a white board to solve a problem, or reviewing a spec.

Pair programming glorifies the task of programming as overly difficult. Solving problems can be difficult, programming them shouldn't be. Solving a tough problem in a code editor is not a good idea, IMO.

globba22 18 hours ago 1 reply      
I know a lot of great devs who think very highly of PP, but as for me, it doesn't work well at all.

I just haven't had a great experience with it, though I remain open to trying it again.

cableshaft 14 hours ago 0 replies      
If someone has questions that are hard to answer without having the machine in front of them to point things out, sure, I or they will pull up a chair, and we'll both take a look at it.

But all day pair programming would drive me crazy.

eecks 18 hours ago 0 replies      
I wouldn't like mandated pair programming but I find it always productive to pair up with someone* (informally) when solving a new/difficult problem.

* someone I know and like.. I imagine being paired with a person you disliked would be awful

binarysoul 17 hours ago 0 replies      
I think it is good in scenarios where the problems are sufficiently difficult.
Ask HN: Has Google got rid of apps from Hangouts?
7 points by micheleb  20 hours ago   1 comment top
LordDragonfang 18 hours ago 0 replies      
Google has a somewhat annoying tendency to release "new" interface versions for its various products that are far from feature complete, and only slowly add back the features the old version had - or sometime not add them. Presumably, they'll be added eventually, but only time will tell.
Ask HN: How to get funded or crowdfunded?
3 points by drawesomeuy  16 hours ago   4 comments top 2
tmaly 34 minutes ago 0 replies      
I was down in New York over the weekend just enjoying a day in the park. There were two people with this cool looking desk in the park. I struck up a conversation with them about my food site, and it turns out they run a company that helps people do kickstarters. They were called launchpad.co I am not sure if they can do a campaign for you in the US but it is worth a shot.
austinhulak 10 hours ago 1 reply      
That's not an easy predicament, but I think your best bet is to take on some contract work while your bootstrap your way to some level of revenue generation. I would also consider using the free tiers offered by amazon, heroku, etc. They should be able to get you off the ground.
15-year old bug in Firefox bugtracker
4 points by janesconference  17 hours ago   4 comments top 2
dalke 17 hours ago 1 reply      
It concerns a 2001 proposal to 'support the scrollbar-(blah)-color properties implemented in IE5.5'. More specifically, this comment comes from someone who is one of several who really want that ability.
dmm 15 hours ago 0 replies      
I wonder if there is a trend away from standards. Has the web just become "whatever chrome does"? None of the developers who seem to care so much about this mentions creating a standard for this sort of feature.

 spending millions of man hours) are making "excuses," while Mozilla, who could fix this easily
In any case it seems the web developers complaining on this bug don't appreciate the scale of modern browsers.

Ask HN: Sources for study of intermediate statistics?
2 points by johan_larson  13 hours ago   1 comment top
grisaitis 13 hours ago 0 replies      
I'd recommend Elements of / An Introduction to Statistical Learning. Both books are written well and by experts in the field, and cover relevant topics like linear and non-linear methods of today and yesteryear.
Ask HN: What's the word for 'doing things the same old way with a new tool'?
3 points by fossterer  16 hours ago   2 comments top
dangrossman 15 hours ago 1 reply      
I think you're looking for "skeuomorphic", though it describes form (mimicking the aesthetic of something else) rather than function.
Ask HN: Is Energous' Wireless Charging Legitimate?
3 points by brandoncarl  16 hours ago   3 comments top
gus_massa 14 hours ago 1 reply      
I'm very skeptical bout this whole area. I'm looked at the site. They have "conceptual videos". Do they have a working prototype???

They say that they can focus the energy in the devices... What happens if you are holding the devices in your hand or it is in your pocket?

Small company developer pain points
3 points by ph33t  16 hours ago   4 comments top 3
douche 3 hours ago 0 replies      
Integrations with ticketing/CRM systems. You can hit the high notes, and go for the handful of most common ones, but it's always a temptation to chase a deal and promise another one. Pretty soon, you're spending all your time chasing down things in a half-dozen or more systems, that all have their own idiosyncratic SDKs or APIs, which change at unpredictable rates. Moreover, to do development and testing against those systems, you've got to keep those environments up, and seeded with test data. Some of them are cloud-based, and you can get a free/low cost development instance, but others are big, unwieldy on-premise deployments that require a host of servers to run all their gunk - with costs in server racks, provisioning time, setup time, and non-core expertise in keeping that crap going.
CyberFonic 15 hours ago 1 reply      
I deal a lot with niche business solutions. In my experience, too many managers and staff think that Excel is the Swiss Army Knife of data management. Can't really blame them, it is typically the only app they know. An MS promotes Office as a "universal" solution for SMEs.

Whilst I can't eliminate the pain, I found two strategies that work well:

1. As far as possible, let them develop spreadsheets and treat them as prototypes. Then take control of the critical ones and polish them so that they work correctly (protect fields, audit calculations, write macros, etc).

2. Instead of importing data from Excel, I export from Excel into a database (designed as a receiver for that data). Then I run a collection of scripts on the database to clean up the data and only then import that cleaned up data into the production database(s).

hanniabu 7 hours ago 0 replies      
I can confirm number 2 from an internal developer stand point. I really wanted to move our dataset over to a database when I joined, but all those reasons you started made me just slowly back away.

I've never had a problem with 3a, but I was curious how you went about solving it. Is there an API for that?

Ask HN: How does your team write documentation? What tools do you use?
45 points by brwr  10 hours ago   67 comments top 35
skewart 10 hours ago 1 reply      
I really like these "how do other people do X?" questions on HN. Thanks for asking it!

I work at a small startup with a roughly 10-person eng team.

When we write docs we focus mainly on architecture and processes. The architecture docs often emerge from a "tech spec" that was written for the development of a feature that required a new service, or substantial changes to a new one. We keep everything in Github, in a README or other markdown files.

We also write API docs for HTTP endpoints. These are written with client developers and their concerns in mind. When doing this for a Rails app we use rspec_API_documentation, which is nice, but it can be annoying to have testing and documentation so tightly couples. We've talked about changing how we do this, but we always have more pressing things to do.

We never write docs for classes or modules within an app/service.

azdle 6 hours ago 2 replies      
All of our docs a written in Markdown in a git repo [1]. That then gets built with a custom static site generator that I wrote [2]. Finally the output gets pushed back to gh for hosting on gh-pages [3].

I'm actually pretty proud of the search that I put together for this setup too, it's all done in the browser and the indexes are built at compile time which is then downloaded in full for a search, which sounds silly, but it works surprisingly well [4].

[1] https://github.com/exosite/docs/

[2] https://github.com/exosite/docs/blob/master/gulpfile.js

[3] http://docs.exosite.com

[4] http://docs.exosite.com/search.html?q=subscribe

tvvocold 7 hours ago 0 replies      
We use flatdoc and Swagger UI for building docs, like: https://open.coding.net

flatdoc is a small JavaScript file that fetches Markdown files and renders them as full pages: https://github.com/rstacruz/flatdoc

Swagger UI is a dependency-free collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API. http://swagger.io

imrehg 6 hours ago 1 reply      
Word docs converted into PDF for manuals. Some other are hand-crafted Photoshop tables/text/graphics to create PDF. Sad, sad stuff, IMHO.

Trying to get people onto Sphinx [0], and use it for some non-sanctioned documentation with good success, but unlikely to make it official.

I really think version control is important: what changed, who changed it, provisional changes through branches, and removing the bottleneck of "I updated the docs, please everyone check before release and send me your comments". It should be patches, and only patches.

[0]: http://sphinx-doc.org/

ericclemmons 6 hours ago 1 reply      
Trying something new on this month's project: "developer first experience".

Besides the README.md to get started, the app defaults to a private portal with a component playground (for React), internal docs (for answering "how do I"), and tools for completely removing the need for doc pages at all.

I believe that documentation has to be part of the workflow, so component documentation should be visible while working on the component, tools for workflow should have introductions and helpful hints rather than being just forms and buttons, etc.

So far, this is proving fruitful.

(Side note: wikis are where docs go to die.)

intrasight 7 hours ago 2 replies      
The first software system that I worked on was the operator consoles for a nuclear power plant. A two year long dev project. We used Framemaker (1990, before Adobe purchased them). Was an awesome tool for technical documentation. Our documentation when printed and bound was three feet wide on a shelf. I think I contributed two inches. It's been all downhill since - both in terms of the tools and the quality of the documentation. Now days it's the typical - auto-gen from code plus markdown for narrative.
buremba 6 hours ago 0 replies      
We use Swagger specification (automatically generated using annotations in Java) and generate Slate documentation from Swagger specification for API documentation. (https://api.rakam.io/). We also use markdown for generic (tutorials, technical etc.) documentation and render the markdown files fetched from Github in documentation page using JS. Since everything is dynamic, we don't need to worry about updating the documentation page, we just update README files of repositories, add documents to our documentation repository and the documentation page is always up-to-date. (https://rakam.io/doc/).
douche 6 hours ago 1 reply      
Fucking Word docs. Which are checked into source control, except people (who are nominally developers, or project managers who were supposed to have been developers once) insist on versioning in ye olde rename-and-add-a-number style. With PDFs that are manually generated by exporting said Word documents from Word, and then again checked in, and again checked in in multiple renamed versions. Except sometimes only the PDF is checked in, without the source document...

So we have a doc folder in the repo that is like staring into the maw of Cthulhu and takes up 90% of our build time on the CI server sucking that down mass of garbage for the checkout.

Saner systems have been proposed, but rejected because the powers that be are too averse to change...

NearAP 7 hours ago 1 reply      
We have technical writers who work in conjunction with developers to author the documentation. I don't know what tool they use.However, since you say you want to get better at writing docs, let me offer some perspectives based on a user of documentation.

1) Write to all of your target audience. For example if your product is targeted at both technical and non-technical people, then write the documentation in such a way that non-technical folks can understand it. Don't just write for the technical people.

2) If possible, write documentation around several 'how do I do XYZ task'? My experience has been that people tend to turn to documentation when they want to execute a specific task and they tend to search for those phrases

3) As much as is possible, include examples. This tends to remove ambiguities.

chris_engel 5 hours ago 0 replies      
Because I was not happy with the existing stuff, I've built an opensource project for creating technical online documentations some time ago, named "docEngine". My goals were:

- Easy editing (namely markdown files in folders)- Runs on "cheap" hosting/everywhere (built with PHP)- Supports multiple languages (so you can create docs in english, german, etc.)- Can have editable try-on-your-own demos embedded into the documentation- SEO friendly (clean URLs and navigation structure)- Themeable (themes are separated and run with the Twig templating engine)- Works on mobiles out of the box- Supports Plugins/Modules for custom content/behaviour- Formats reference pages for objects/classes/APIs in a nice way- Supports easy embedding of disqus for user feedback- Other stuff I forgot right now

The system powers the knowledge base of my recent app "InSite" for web developers: https://www.insite-feedback.com/en/help

You can see it also in action working - with a different theme - for my javascript UI library "modoJS": http://docs.modojs.com

That page is a bit more complex. It does _not_ use multiple languages there but it makes great use of the reference pages and has many many editable live-demos. It also has some custom modules like a live build script for the javascript library. At one point it even had a complete user-module with payments but I disabled that when modoJS went opensource.

Another instance of docEngine runs for my pet html5 game engine: http://wearekiss.com/gamekitThis one uses the default theme, has most pages in two languages and again incorporates a couple of live demos.

I host a little documentation about the engine itself here, but its not complete right now: http://wearekiss.com/docEngineYou can also find the github link to the project in the footer of every hosted documentation.

Have fun with it - I give it away for free. Critics and comments welcome!Everything I have linked was built by myself.

someguydave 9 hours ago 1 reply      
Our APIs are documented with comments that Sphinx uses to generate HTML documents. Unfortunately, all of our other documentation is written in Microsoft products because "that's what people use"
Tharkun 5 hours ago 0 replies      
Most of our documentation attention goes towards the user manual and the system operator manual.

We generate the bulk of those manuals based on our object model, which is liberally sprinkled with (text only) descriptions. We've created a simple XML-based authoring framework which allows us to create pretty tidy documentation. Including images, tables, code examples etc.

We convert that XML to Apache FOP. At the end of the process, we're left with a bunch of tidy PDF manuals in a variety of languages.

kenOfYugen 5 hours ago 0 replies      
I enjoy Literate CoffeeScript and that's where I picked up the concept of Literate coding.

I believe that literate style of code writing has many benefits in any language.

Basically mix markdown with the codebase and export the documentation from the same file.

For a very well executed and interactive example check out


gravypod 6 hours ago 0 replies      
The thing that has always guided me right is that you need to a) split up functions, b) document method headers in every case with a short description of what it does, and finally c) come back one month later and rewrite any documentation that does not make sense.

This is the most important step. If you cannot remember it from a blank slate, then no one can. Keep doing that until you understand the code at first glance. Then your code will be easy for anyone to maintain.

tamersalama 6 hours ago 1 reply      
This question is on my mind too. My clients documentations are usually a mix of MS Word & Visio. Lots of repetition and gunk in between.

Ideally, I'd love to find a mechanism that:

 - provides the OO principles in documents; Encapsulations, Abstraction, Polymorphism, Inheritance . - Accessible & maintainable by non-techies. - Allows scripting (I toyed with PlantUML, but it was a bit rigid).

drygh 7 hours ago 0 replies      
At Ionic, we use Dgeni (https://github.com/angular/dgeni) for API docs. We have a few custom build tasks that allow us to version the API docs.

We also have higher level documentation, which is meant to serve as a sort of conceptual overview of the framework, as well as to show what the framework comes with out of the box. This section is written mostly in kramdown, which gets parsed by jekyll before it's turned into HTML.

nahtnam 8 hours ago 0 replies      
Elixir has a great documentation system built in. I use that.
girzel 4 hours ago 0 replies      
The Texinfo format, using the in-Emacs Info browser. Yes, it means you only read your documentation inside Emacs, but it's hands-down the best doc-browsing experience I've ever had. Hell to write, butter to read.
mixmastamyk 6 hours ago 0 replies      
Sphinx or mkdocs:



Which make it easy to create html, pdf, epub, latex formats, etc.

I like to create a user guide, developer guide, and ops guide for each large project.

afarrell 7 hours ago 1 reply      
Not on a team, but I used mkdocs for this tutorial I built, then added a comment system that I built with react.js : https://amfarrell.com/saltstack-from-scratch/ The advantage of mkdocs is that it is markdown-based so it is super easy to get started.
scottlocklin 6 hours ago 1 reply      
LaTeX. We have academic roots, it works with source control, and the output looks fantastico.
mixedCase 9 hours ago 1 reply      
A mardown-based wiki under version control and code comments. Everything else likely isn't worth docummenting or just merits direct person-to-person communication.
darkFunction 6 hours ago 1 reply      
Bitbucket's wiki on our project page (6-person startup). We document mostly application behaviour for technical users of the app (server team, content writers) and a little bit of architecture if the complexity warrants it.
rusbus 5 hours ago 1 reply      
Shameless plug:I'm working on a documentation solution for dev teams. You can sign up for the beta at http://docily.com/
DannoHung 6 hours ago 2 replies      
Related: what's the right way to extract inline comments regarding function API stuff from source code?

This seems like something that is a really good idea, but is hard to find any projects for it.

acesubido 9 hours ago 1 reply      
Gitbook for Technical Documents, Google Drive for everything else.
mbrock 6 hours ago 1 reply      
We barely have any documentation except some READMEs that are mostly terse and still poorly maintained... If you don't understand something, you ask someone.
quasiben 7 hours ago 0 replies      
All of folks at Continuum Analytics use sphinx and readthedocs
gault8121 7 hours ago 0 replies      
HN, we are writing our high level overviews as Readme MD files. Any ideas on how we could help condense this info for open source contributors?
adnanh 7 hours ago 0 replies      
We wrote our custom documentation generator for Grape (ruby), something like Swagger, but less rigid.
ddasayon 7 hours ago 1 reply      
We write the docs as markdown files and then use Doxygen to compile it to html and LaTeX for the traditional folks who MUST have a printable document. The markdown files are tracked on Git so that we can collaborate and track easily.
arisAlexis 5 hours ago 1 reply      
My boss decided to use Framemaker with DITA in 2016..
zolokar 5 hours ago 0 replies      
A combination of Github Wikis and a Dozuki site.
angersock 6 hours ago 1 reply      
Long ago I learned to love wikis. Mediawiki, Dokuwiki (easy to set up), or Confluence. Hardest part is to keep people from just throwing garbage everywhere--if that happens, people stop referring to the docs, and the system collapses.

The important thing about docs is to keep in mind the audience. This is important because it lets you estimate their mental model and omit things that are redundant: for example, if it's internal documentation for a codebase, there is little need to explicitly list out Doxygen or JSDoc style information, because they have access to the damned source code. External audiences may need certain terms clarified, or some things explained more carefully because they can't just read the source.

I'd say that the biggest thing missing in the documentation efforts I've seen fail is the lack of explanation for the overarching vision/cohesive architecture of the work. This is sometimes because there isn't a single vision, or because the person who has the vision gets distracted snarfing on details that are not helpful without a preexisting schema to hang them on when learning. So, always always always have a high-level document that describes the general engineering problem the project solves, the main business constraints on that solution, and a rough sketch of how the problem is solved.

Ideally, the loss of the codebase should be less of a setback than the loss of the doc.

I will say that, as your documentation improves, you will hate your project more and more--this is the nature of the beast as you drag yourself through the broken shards of your teams engineering.

vacri 6 hours ago 3 replies      
We used to use a Mediawiki wiki, which only I would edit. You kind of have to be comfortable with mediawiki syntax (does the job for everything but tables, which suck). So we moved to Confluence, which has a WYSIWYG editor, to encourage more people to document things, upload documents, so on and so forth. Again, I am the only one editing it... so our documentation is "very occasionally write something down, and store it on your laptop or in your private google drive, then spend ages searching for it when someone asks".

So whenever a new staffer comes along, I get asked to give them wiki access... but I'm the only one here that uses my edits (only ops staffer). Sure, have some wiki access, for all the good it will do you!

I really don't recommend our model :)

Anyway, this is an important point: documentation is not free. It takes time. Even shitty documentation takes time. If you want good documentation, you need to budget time away from other tasks. When I used to work in support, the field repair engineers would budget 30% of their hours for doing paperwork - not documentation specifically, but it clearly shows that 'writing stuff' is not something that springs as a natural/free parallel to other activity.

Ask HN: AI is going to be big. How should we learn?
42 points by truebosko  2 days ago   20 comments top 11
abcampbell 2 days ago 1 reply      
Well, first, I would try to understand what "AI" you are talking about and why you have so much confidence it will be big.

It's a pretty broad category, and a lot of it is (still) very far from commercialization.

It's almost like asking about "the Internet" in 1992.

Here are some categories that may help to dive into...

-Computer Vision

-Natural Language Processing

AClustering vs classification in machine learning

-Neural nets (convolutional, recursive, hyerparameters and optimizTion techniques)

Read "how to create a Mind" by kurtzweil

Related (but distinct topics)

-Understand rise (and fall) of semantic web

-Open/Linked data

-Relational vs NoSql databases

-distributed/parallel processing (MapReduce ->hadoop-> spark)

*edit - typo

CuriouslyC 2 days ago 0 replies      
In terms of gaining a solid understanding of the math and theory underlying most of modern machine learning/AI, the best resource is definitely the book "Information theory, inference and learning algorithms" by David MacKay.

The author is such a stand-up guy, he's made it available for free: http://www.inference.phy.cam.ac.uk/itprnn/book.pdf

p1esk 2 days ago 0 replies      
Learn math. To do any serious work in machine learning, you need to have a solid understanding of calculus, linear algebra, and probability theory.

Note that AI is bigger than machine learning, and there's a chance that the future AI will be heavily modeled after a human brain. So it might be a good idea to take a couple of foundational courses in neuroscience.

aaron695 2 days ago 3 replies      
Knowing AI will be useless, it'll be like knowing and programming assembly language, for high end specialists only.

You'll get a framework/app/api that will deliver you the info programmed by someone really into AI.

It'll be business as usual.

Know API's, frameworks, how to analyse data and tools around this, know people.

AKA Just be a good programmer.

dawson 1 day ago 0 replies      
I found the Deep Learning SIMPLIFIED series really useful https://www.youtube.com/playlist?list=PLjJh1vlSEYgvGod9wWiyd...
HockeyPlayer 1 day ago 0 replies      
The introductory videos from PyCon are very accessible to anyone with a little programming knowledge, no math needed: https://github.com/jakevdp/sklearn_pycon2015
tim333 2 days ago 1 reply      
From a personal point of view as someone also interested in learning a bit I think building something is often a good way to go. I kind of have a plan one day to hack together the neural network from


with some personally selected stock market data to see if it can kick out profitable buy/sells.

(There is some how to stuff in the article under 'Source Code')

exolymph 2 days ago 1 reply      
haxpor 2 days ago 0 replies      
I would go for "Programming Game AI by example" by Matt Buckland. Also great resource is aigamedev.com.
mindcrime 2 days ago 0 replies      
Assuming that you consider Machine Learning to be either a subset of AI (as I do) or a sibling field, and want to learn aspects of ML, then consider Andrew Ng's Machine Learning course on Coursera. It's a great introduction and doesn't require a ton in terms of prerequisites. You'll see some multi-variable calculus and linear algebra, but he does the calculus derivations for you, and there's a pretty adequate review of the relevant parts of Linear Algebra.

In addition, if you don't already have a background in Calculus and Linear Algebra, then supplement the Ng course with the Khan Academy stuff on Calculus and Linear Algebra, or other courses you can pick up on Coursera or Edx or whatever.

If you get really interested in neural networks (which are all the rage these days) after the Ng class, there's a freely available book on Neural Network design that you could look at. It doesn't cover all the very latest techniques, but it would help you build the foundation of understanding.


There's also a MOOC around the Learning From Data book that you could check out.



OTOH, if you're making a sharp distinction between "Classic AI" and "Machine Learning" and you really care mainly about the classical stuff, then you might want to start with the Berkeley CS188 class. You can take it through EdX (https://www.edx.org/course/artificial-intelligence-uc-berkel...) or just watch the videos and download the notes and stuff from http://ai.berkeley.edu/home.html

And if you just want to dive into reading some classic papers and stuff, check out:




Another good resource is


mikeskim 2 days ago 0 replies      
compete at www.kaggle.comdefeat is the best teacher.
Ask HN: What are the best practices for web authorization at the moment?
75 points by keth  1 day ago   56 comments top 25
olalonde 1 day ago 4 replies      
I smell over-engineering. It sounds like you would like to keep your authorisation logic nicely decoupled from your code, stored away in a database. As you are starting to notice, you can only get so far with that approach and as you try to make your configuration more powerful to handle more and more edge cases, you will inevitably end up with some sort of Turing complete configuration system. My advice is to stick with something simple and just hard code the edge cases in your code. It may feel dirty but at least you won't end up with a monster like AWS IAM in your side project.
jph 1 day ago 0 replies      
I do authentication in terms of operations a.k.a. claims a.k.a. attributes, such as "Can Create User".

These are simple, easy to understand, and provide good flexibility.

If you enjoy using roles that's fine too: for example you can create an "Admin" role that grants permissions to do many operations. In other words the Admin role has many claims.

In your authorization code, you check the operation, not the user nor the role.

In your database or ORM, you can create these tables: users, users-roles, roles, roles-operations, operations.

We have a detailed writeup here: https://github.com/SixArm/sixarm_ruby_rbac

ejcx 1 day ago 3 replies      
I think most people answered your question without reading it. They must be mind-readers.

In my opinion there's only one way to do this. Admins who are all powerful, and non-admins. None of this complexity of super-admins, etc.

Admins have access to everything.Groups have access to things given to them. Users in more than one group have access to the set of all things their groups have access to.Users without a group are really just users in a group of 1. They have access to things given to them.

People who ask for more complicated permissions than this are asking for foot shooting abilities, where people have access to things they don't mean to.

The rest is up to UX. Notify other admins when one behaves badly. Confirm admins really did mean to remove themselves from the admin group.

tboyd47 1 day ago 0 replies      
One thing you could do is to keep things as simple as possible inside the application but code "confirmation pages" into every restricted flow. So the confirmation page (or controller/Form object/Service/what have you) is what contains the authorization logic, not the main action flow. So every time you have a particularly sensitive action, you just give that action another step, in which you store your messy authorization code.

A fun benefit to doing it this way is that you can 1) if they have permission, you can make the extra step totally transparent to the user with redirects and 2) if they don't, it also gives you the chance to explain fully why they can't do the thing they wanted to do in a whole nother page.

Try to avoid having a big authorization control center as long as possible. Really when enterprise people request these things, they're trying to account for very specific edge cases in their previous apps that they got burned on. They don't really want to experiment and play with every possible combination of roles and permissions.

If they absolutely insist on having an Excel-like spreadsheet of users and permissions to play with, then just import an Excel spreadsheet and enforce any sort of arbitrary format on them you want.

Just two cents, not bulletproof advice by any means.

chejazi 1 day ago 1 reply      
You can stuff the logic of "who can do what" somewhere else. eg:

var permissions = { "Superadmin": ["selfdestruct",...], "Admin": ["ban",...], "Plebe": ["post",...]};

function roleCanDo(action, role) { return permissions[role].indexOf(action) > -1;}

Your check would look like: if (roleCanDo("someaction", user.getRole()))

Sorry if JS isn't your thing.

opmac 1 day ago 1 reply      
Attribute/Claims based access control seem to be the most recommended these days. Legacy apps will tend to stick with the role based approach.
Osiris 1 day ago 1 reply      
In my application I do this using tables in the database. The database has a roles table, a permissions table, a roles_permissions table and a roles_users table. When a user it looked up, a JOIN is done to pull in all the permissions assigned to all the roles, then there's a configuration that specifies with permission is required to access each API call.

This allows us the flexibility of adding additional roles and permission combinations without making any code changes.

lucaspiller 1 day ago 1 reply      
Where I'm currently working we have quite complicated roles which are based upon the position a member of staff holds. Positions may change, and the permissions follows the position not an individual user. We have many applications, and each is free to implement their own roles but we have an open source gem which forms the basis of it:


At an application level there is a simple DSL that lets us define abilities on a resource (e.g. a document can be viewed, edited, approved and deleted) and roles (e.g. editor, reviewer, auditor), and to link those two.

On the actor (a user / member of staff) we define a set of designators such as what department they belong to, what position they hold in that department, what projects they are responsible for, etc.

When we then create resources, we link the actor and the designator which is ACL definition. For example, to say everyone that is a manager of department 5 can review a given document we do this:

 document.grant :reviewer, :department_manager, 5
Permissions can be added and removed to the resource's ACL on the fly - so for example we could grant temporary access to a member of staff to review a document, then revoke their access once they've given the ok.

It's easy to check if a user can perform a given action on a single resource, but we also want to see what actions a user can perform against a collection of resources, for example to present a list of Documents they have access to. The ACL is stored using PostgreSQLs JSONB columns, which can be efficiently queried against:

 { "department_manager:5" => :reviewer, "department:3" => :editor } SELECT * FROM documents WHERE documents.acl ?| array['department_manager:5']

thruflo22 1 day ago 0 replies      
Pyramid has a very flexible security system http://docs.pylonsproject.org/projects/pyramid/en/latest/nar...

You can define access control policies on a resource by resource basis. These can, where necessary, allow or deny permissions to individuals or roles based on the resource and request data.

There's a nice demo / walk through of capabilities here https://github.com/mmerickel/pyramid_auth_demo

swalsh 1 day ago 2 replies      
This is not a programming problem, this is a Roles design problem. Admin is not a role, its a type of user. You might call it a container if you want... but roles are more fine grained, and should be a hierarchy.

You can put a hierarchy of Roles in a database, but the actual role check can (and I think should) be hard-coded.

In your API you might have a method "public void NewProduct()" That individual method should have the ProductWrite permission (role), and you can give that permission to higher level "containers" or "roles". So Admin has ProductWrite, and ContentManager might also have ProductWrite. In your code it's just one check has("ProductWrite").

Does that make sense?

ShirsenduK 1 day ago 1 reply      
Cancancan is one best tools to do this in Ruby. Maybe its DSL-like syntax will give you better ideas.


agentgt 1 day ago 0 replies      
You can model most security requirements with either decision matrixes and/or decision trees. These matrices and/or trees can be retrieved or calculated dynamically avoiding you from having code like: user.hasRole("Superadmin") || snip...

The two primary models are Access Control Lists or Role based security. You can google lots of info on these two security models.

In the past for enterprise/b2b I usually build ACL security with a Role based security on top (that is the RBAC underneath is ACLs). Obviously for consumer based products this is massive overkill.

zekenie 1 day ago 0 replies      
I'm working on an open source MEAN stack permissions framework that does some of what you're talking about. Its not fully baked yet, but feel free to give it a look: https://github.com/zekenie/dmv

It let's you say, "Moderators can delete posts", "Users can create posts", etc

arihant 1 day ago 0 replies      
One way you can do that is by architecting something like chmod. Basically a point based system. 7 gives all, 1 gives read. You can then have your actual implementation compiled away, but can change points for a user as and when you like. The code that checks won't need to be recompiled.
tony-allan 1 day ago 1 reply      
The last part of your question looks more like business rules for the management of users.

A complex scheme such as AWS IAM policies increases the chance of definition errors.

The business rules don't seem like they would change much over time so coding them in your user management module might be a good compromise.

LukeB42 1 day ago 0 replies      
As one of the contributors to Microauth[1] I have to say file-based auth using a dedicated auth server behind the scenes.

1. https://github.com/LukeB42/Microauth

ynniv 1 day ago 0 replies      
Users have roles, roles provide permissions, some permissions are parameterized: http://shiro.apache.org/permissions.html
Dowwie 1 day ago 0 replies      
You implemented what is known as a flat Role Based Access Control (RBAC) model. It is the simplest form of RBAC, which gets much more complex and powerful from there!
jlhim 1 day ago 1 reply      
Claims based authentication and authorization is all the rage.
HugoDF 1 day ago 0 replies      
Can't you do some simple inheritance stuff instead? Like User has_one Admin has_one SuperAdmin. Then join across your models.
bearfrieze 1 day ago 2 replies      
Defining authorisation rules as part of your application sounds fine to me. Aim for making compilation and deployment of your application trivial.

Sounds like you want a linear hierarchy of roles. Attaching a number to each role and making rules based on that number might be all you need. For example:

 Superadmin : 100 Admin : 90 Manager : 80 if (a.number > b.number) a can delete b

JoachimSchipper 1 day ago 0 replies      
If you're really looking to overengineer this, look at SAML. ;-)
rdegges 1 day ago 2 replies      
The way we allow developers to model this sort of thing out at Stormpath (https://stormpath.com/) is via Applications, Organizations, Directories, Groups, Accounts, and CustomData.

Those are the top-level resources we make available for 'modeling' authorization stuff.

Here's how it works (you can replicate this sort of setup in your own systems if you want):

A Directory is a 'bucket' of Accounts, that is unique by email / username. This way, you can segment users into Directories however you wish. If you were running 3 sites with entirely separate user bases, for instance, you might have 3 separate Directories, one for each underlying website. This way each site has its own unique group of users.

An Application is a collection of mapped Resources. So, let's say you have an Application for each website you run. You could choose to:

* Map a single Directory to each Application. This way, when a user authenticates against your Application, their credentials will be checked against a single Directory of Accounts.

* Map multiple Directories to each Application. This way, when a user authenticates against your Application, their credentials will be checked against multiple Directories of Accounts.

* Map other resources Directly (Groups / Organizations).

You've also got the Organization Resource, which is basically a 'Tenant' -- used for designing multi-tenant systems. Each Organization can have multiple Directories / Groups mapped to it directly, and Authentication / Authorization checks can be done against the Organization endpoint directly to control behaviors.

Then, you've got the Group Resource. This basically is a label that you can use to form Many-to-Many relationships between Accounts and Directories.

So, let's say you have a Directory with all your website users inside of it. You could create the Groups:

* Admins

* Super-Admins

* Developers

And assign Accounts to those Groups as needed. When a user is retrieved, you can then pull from their Groups, or vice-versa, to control Group-level information.

Finally -- you've got this big blob of JSON we call 'CustomData'. This is a Resource that is attached to every other Resource in Stormpath.

In CustomData, you can store things like claims / permissions. For instance, if you have an Account object, you might store some permissions like so in your Account's CustomData store:

{ "can_read": true, "can_write": false, "can_delete": false}

By doing a union of CustomData, Groups, Accounts, Directories, and Organizations (each of which have their own CustomData), you can essentially model out very complicated User Authorization patterns across your code base in a pretty dynamic way.

If you'd like to chat about this at all, or would like to just email me some suggestions or whatever, I'm totally open to feedback! randall@stormapth.com

levelist_com 1 day ago 0 replies      
Over the years I have tried many implementations, first using a binary system

0 - guest(0)1 - user(1)10 - moderator(2)...10000000000 - admin (1024)...1000000000000000 - superadmin (32768)

basically, a new role had the highest order bit set to 1, then the rest zeros. To add a user to moderator and user (11), or admin & moderator (10000000010), for example, you would do something like this. At the method level I could either do bitwise operations to check for certain bits being set to 1 or I could just check that the decimal was >= a specific decimal value (but this could allow users I may not want having access). The limitations being many, not least of which: what should I set superadmin/superuser to b/c this determines the max amount of future roles that can be added without going through the code and refactoring.

I then moved to a system of roles and user permissions, meaning I had permissions at the group/role level and permissions at the user level. I would merge these permissions together when user is authenticated. At the user level I could remove a role from a user belonging to a group by adding the same permission as found in the group but with an integer -1, or i could add a permission to a specific user with an integer value of 1. I was still checking for role and permission at the user level. This was better in the sense that I could add as many roles as I wanted, as many permissions as I wanted. Merging permissions was a bit of a pain but once it was all worked out it worked pretty good. I was still checking for roles/group membership and permissions at the method level and well this causes a lot refactoring when you want to change what permissions and groups can execute a particular method. I had always felt this was a pain and this system was a bit of overkill but it did exactly what was needed at the time.

I then came across an old article, pretty sure it was this one - https://lostechies.com/derickbailey/2011/05/24/dont-do-role-... - and it led me to the path, right or wrong, that I do now. I create a table for permissions, users, groups. I then create a pivot/join table between groups and permissions, and a pivot/join table between users and permissions. This is so I can give group level and user level permissions. an example permission might look like this: user.create, user.delete, user.update, user.block, user.suspend, etc.. At a user group level a user may have all those permissions but user.suspend, but I may want a specific user to have user.suspend capabilities but not the other capabilities that come at the next level, say moderator, so I keep the user in the user group but give them user.suspend permissions at the user perm level.

Now when those two permission groups are merged (group, users) this makes up the permissions available to a given user.

At the method level I just check for a specific permission ... so at the method to create a user, I check for the permission user.create. At a user update method I may check for user.update permission and maybe the user id (dont want a user updating someone else's profile). The point is that by looking for a specific permission rather than group(s)/role(s) I cut down the amount of refactoring I need to do. Every scenario I've outlined has pros and cons. For instance, what happens if I have a user that can update anyone's profile but i'snt a superadmin or admin?? Maybe create a new permission that give global.user.update and check for both of those. Who knows?!

Hope this gives you some ideas.

hellbanner 1 day ago 2 replies      
Definitely checkout https://en.wikipedia.org/wiki/Two-factor_authentication .

If a password is compromised, data is protected.

EXRequester:Elixir library to quickly create API clients using module attributes
3 points by omarsubhi  1 day ago   discuss
Ask HN: How to find freelance computer vision experts?
6 points by manglav  1 day ago   7 comments top 7
kennyfrc 1 day ago 0 replies      
Finding experts is indeed tough -- I remember trawling around freelance boards with very bad results. It got a lot better when I discovered premium job boards + done for you services online.

Specifically for you, I think this might help: https://www.codementor.io/computer-vision-experts

In general, here's how I usually do my googling:- Initial search: "<keyword> + Done for You Service" || "<keyword> + Consultancy"- Second Search Run (if technical): "site:codementor.io <keyword>"- Third Search Run: Go to Clarity.fm and ask some of the folks there for referrals to someone

davismwfl 1 day ago 0 replies      
I have done some recent computer vision work as a consultant and helped get a couple of different algorithms from patent stage to commercially viable products. Shoot me an email (in my profile), if nothing else if I don't know/can't help maybe I can give you some more names/ideas to try.

btw -- I don't label myself an expert in computer vision, but I have done a number of implementations of different algorithms and real time processing.

Also, have you checked some of the more domain focused forums, like the opencv and nvidia gpu forums? A lot of times people from there will help out or will consult or know of someone who can etc. Last idea is find a local employer that does computer vision work, like a lot of the defense contractors and use your network to find someone that might work there to help you. I have a number of those in my area and used that technique to get a little help on a few issues that I just got stuck on.

SyneRyder 1 day ago 0 replies      
You could perhaps try Peter Kovesi, he was my Computer Vision professor at the University of Western Australia. His website says he's available for occasional consulting:



staticautomatic 1 day ago 0 replies      
Email the team at shelfie. They rolled their own very complex OCR engine. I bet they know someone.

I've had reasonable luck on upwork, but probably not people at the level you need.

wprapido 16 hours ago 0 replies      
www.toptal.com is the place where you can hire developers capable of doing more than CRUD web apps
wingerlang 1 day ago 0 replies      
Maybe you should send a request to the "magic" service.
yarper 1 day ago 0 replies      
Tools like imagemagick and gimp probably have huge image processing followings, bit of a crossover to vision I know but some subset will be interested in the two.
Ask HN: File format for declarative language?
5 points by mchahn  1 day ago   5 comments top 4
brudgers 20 hours ago 0 replies      
One way to look at it is as a domain specific language and the choice as between an embedded DSL or a stand alone DSL. The advantage of an embedded DSL is that a lot of existing tooling can be leveraged and the entire host language can be leveraged. On the other hand, debugging in the new language may wind up requiring deep knowledge of the host. JVM languages often have that drawback.

But at a higher level, the new language should be designed around it's use case. If it's always used in a JavaScript context, the JSON might make more sense. If it's for *nix hackers then YAML might be better. If it's for phlembotomists then perhaps something altogether new.

Good luck.

twangist 1 day ago 0 replies      
If you opt for making your declarative language a subset of JSON or YAML, presumably it will be a proper subset, with some further expectations and constraints. It makes total sense to use a custom file extension say, `.mdl`, "my declarative language", for the sake of discussion. Users will be able to easily find their files written in your language without having to wade through all possible files of the superset format. A `.mdl` file really is its own thing, it's not just a .json or .yml file. It may be the case that a `.mdl` file is a just `.json` or `.yml` file, but the converse will not be true.

The only advantage I can think of that accrues from using the more common extension is editor support: a user's favorite editor may well provide syntax highlighting and checking, auto-indenting, etc. for `.json` or `.yml` files, but not for `.mdl` files out of the box. You might want to develop `.mdl` profiles (sic) for popular editors.

Any decent parser for the 'true' format will accept either a string or a full filename (including extension) and shouldn't expect a fixed file extension.

Regrettably I can't think of a single example right now, but I know I've encountered many programs that use custom file extensions which have turned out to be just some familiar format after all.

That said, it's another question whether either JSON or YAML is a great choice. I agree with your reservations about both. In fact I've had the very same problem in a couple of development projects, one recently. JSON is friendlier than XML, true, but it's not really a language to think in, even declaratively too much clutter. YAML is certainly versatile enough, but it provides probably more than you need, and it is... yes, obtuse. Of course, it depends on your intended users; I found it was too "programmerly" for mine. I ended up developing a custom parser for a language with more syntactic sugar than YAML, which has its advantages and disadvantages.

mchahn 18 hours ago 1 reply      
Thanks everyone. You've given me more to think about. Unfortunately I'm still on the fence. Usually I'm a lot more decisive. I guess it shouldn't matter in the long run. But you know how it is, I want my new language to be perfect.
twunde 1 day ago 0 replies      
1)There are a couple alternatives. There's TOML, axon.

2)It can be whatever you want. It's your language. If you are reusing a current format it will be easier for devs and sysadmins to keep the current syntax

Ask HN: Where are 150k to 200k salary job in Silicon Valley?
42 points by ugenetics  4 days ago   30 comments top 10
bbcbasic 4 days ago 0 replies      
Ways to earn more money where I come from but probably applicable to SV. Some ideas:

1. Get a job where people report to you

2. Get a job with company with bigger budgets e.g. Google

3. Get a job where you are closer to the money making e.g. sales, finance industry jobs

4. Do something else where you control the flow of money rather than just get a paycheck. I am thinking real estate development or renovations, for example.

5. Live somewhere where the cost of living is cheaper but earn the same money. You could get a remote job in SV then go move away. I don't know US that well but isn't Oakland cheaper? Or if you are remote working just go live in some dead town somewhere.

6. Get a job contracting using some arcane skill that no-one wants to work with so it pays more. E.g. Microsoft SharePoint.

7. Become a business analyst / project manager etc.

8. Become a corporate C*O.

9. Get a 9-5 tech job (literally) and then get a second job.

10. Get a 9-5 tech job (literally) and do a side project money making.

czhiddy 4 days ago 1 reply      
For software engineering at least, any of the big companies here (FB/GOOG/AAPL/LNKD/TWTR/etc) will easily pay $150k+ for someone with 9 years of experience. If you perform well the first year or two, your yearly RSU package will easily equal the salary.

Just apply and be firm during negotiations.

8873872782 4 days ago 2 replies      
Join Hired or Indeed Prime, you will be able to see salaries of job offers.

And not to be condescending, but if you have no network after 9 years of experience, you might want to think about what it is about you that is causing that.

ap22213 4 days ago 0 replies      
Also, the Bay Area isn't your only option, if you're willing to move. DC area salaries are up a lot this year. I've had six recruiters in the last two weeks sell me on jobs in the 175-200k range. Plus, Northern Virginia is relatively cheap compared to the bay, and the startup scene has been building up for years while government, defense, and intel work has remained flat. I'm biased though because I want it to grow even more.
peace011 3 days ago 0 replies      
Just having a LinkedIn profile won't work. You actually have to use the thing! Connect with old and current co-workers and congratulate them on their new gigs, follow interesting companies, join LinkedIn and other online groups, write articles about your expertise so people will notice you, contribute to open-source projects, and build a killer portfolio. Those are some of the things I try to do, which seem to work - and I don't even have a proper high-school diploma (barely passed my GED).
goddammath 4 days ago 1 reply      
"I have no network" can be an important issue. I have similar problems, and don't know where to start. It's easy to give tips like that, but how in practice you'd build the network? You don't want results 20-30 years from now.

I got into most places by reference. That doesn't mean success - no high salaries, no good prospects, just barely managing to find the next place. I wouldn't say I'm too bad socially; young nerdish traits waned enough already. But with growing age finding Bay Area-adequate salary - kids, you know - is harder, not easier, even though experience and skills grow.

It's a real problem. Would be thankful for a good advice.

rgovind 3 days ago 0 replies      
No need to do networking and all that. Just apply to every public company in the valley and interview with who ever calls you for interview. If you pass the interview, they will hire your as Senior Software engineer or as staff engineer. These jobs will fetch $150K+

Of course, you can apply to startups also...but I am not aware of how much they pay.

s3nnyy 4 days ago 1 reply      
Talk to technical recruiters, who do have a network. If you want to stay in the Bay area, talk to Aline Lerner (http://blog.alinelerner.com/posts/) or if you want to move to Switzerland, talk to me.
Vadoff 4 days ago 1 reply      
Tons of startups offer 150k+, not just unicorns.
d4rkph1b3r 4 days ago 0 replies      
You haven't heard of Glassdoor?
Tell HN: I'm making free websites for nonprofits
28 points by grimmfang  3 days ago   15 comments top 8
boulos 3 days ago 1 reply      
Having done this for friends and others in the past, you'll want to be cognizant of how to leave the nonprofit with something they can update. CMSes like Wordpress are okay, but come with pretty high "update pain" if you tell them "I'll just install this on a Digital Ocean droplet for you". While this is less true now that WordPress has auto updates, you've still got the security hassle of needing to update the Linux box (and the occasional "hey the server is dead").

If you can swing it, most nonprofits could get by with a simple App Engine based app and never have enough traffic to go beyond the free tier. There's at least no OS updates.

If the nonprofit just needs a static site though, something like hosting it on Github Pages, S3, or GCS is even better. But, again, then they can't update the content of they're not familiar with how to have done this themselves in the first place.

Disclaimer: I work for Google on Compute Engine (not App Engine).

godzillabrennus 3 days ago 1 reply      
First, awesome! Non profits need all the help they can get!

Second, since you are intent on helping others is there any chance you would be willing to mentor junior coders who want experience? I know two young Women who are venturing down the path of becoming developers. One frontend and one backend. They would love mentorship.

Hit me up hn.mentor at strapr dot com if you are interested!

grimmfang 1 day ago 0 replies      
Hey everyone, I've gotten some great feedback already, but it would be awesome if a few more nonprofits were interested.

If you know of any organizations that are making a impact but could use an improved website please pass along my contact info to them!

I've created a Google Forms form where you can send me information directly. http://goo.gl/forms/EK08ILOhzv

Have a great day!

PhaseMage 2 days ago 1 reply      
For the past 20 months I've been designing a new mesh network protocol in my spare time, and I'm planning to incorporate (obviously as a non-profit) eventually, but haven't pulled the trigger because I haven't needed to solicit donations. I already have a WordPress site up and I know how to maintain it, but my web/graphic design skills are seriously lacking (I'm a systems guy).

The site (and my proposed Protocol Stack Spec) is at isogrid.org. If you find the cause righteous, I'd love the help!

Raed667 3 days ago 1 reply      
Been there, done that. (As a student) I wanted to more experience so I did what you're doing for a while.

Here are some pieces of advice I can give you:

- Shared hosting is always a good option (cheap, auto-updates, no hassle, and everything via a web-panel (typically c-panel)

- Make sure all the hosting and domain names are always in their name. (You don't want to be bothered a year later to renew something)

- WordPress is the way to go.

- Make sure you have an exit strategy for every project (When do you get off) most NGOs will try to get you working as long as possible as IT support, it can take a lot of your time.

To take you up on your offer, just one question : Do they have to be US based or anywhere in the world ?

wprapido 2 days ago 1 reply      
hit me up if you need webhosting for nonprofits
codyb 3 days ago 0 replies      
Neat! Great way to volunteer and learn for yourself as well. Hope you get some bites.
chirau 3 days ago 1 reply      
My project is not yet making any profit, does it count?
Ask HN: Why are comment trees not collapsible yet?
59 points by joslin01  6 days ago   31 comments top 12
minionslave 6 days ago 4 replies      
My guess is that they don't want it to be like reddit. Same reason why there are no comment notifications.

When you have a new comment notification, you are more likely to respond. People are more confrontational on reddit because of this reason. Whereas on HN, you tend to write a thoughtful answer and leave it at that. Threads are shorter on average, so the conversation is less likely to get out of topic.

Collapsed comments are usually ignored, because people are too lazy to dig that deep, that means some really good conversation might get buried.

I kinda like HN comments style better, I hope they keep it like that.

Casseres 6 days ago 3 replies      
I would like the ability to collapse comment trees at my own discretion (not have it already auto-collapsed based on votes like others suggest or as seen on Reddit).

If the top comment is about a sub-topic that I'm not interested in, and there are 100 nested comments, it's a pain to scroll through them on mobile and not accidentally scroll past the next parent comment.

justhw 6 days ago 2 replies      
We've asked the HN folks for it but they may not see it as a priority for now. However if you use chrome there's a simple extension that does only that. Take a look next to the usernames on this pic.



lobster_johnson 6 days ago 1 reply      
I'm using this extension (Safari and Chrome) to get this and more: http://hckrnews.com/about.html#extensions.
douglance 6 days ago 1 reply      
If you're on Chrome, you can use the HackerNews enhancement suite: https://chrome.google.com/webstore/detail/hacker-news-enhanc...
shortlived 5 days ago 0 replies      
Dear HN admins:

Any chance of changing the table background color from #f6f6ef to something that has sharper contrast with the white page background? I look at comment distance with this border to find new top level comments, but it's hard when one is white and one is light grey.

cwkoss 6 days ago 0 replies      
I would use this so much. Alternatively 'scroll to next top level comment' and 'scroll to next same-level comment' buttons would be similarly useful.
wingerlang 6 days ago 0 replies      
I've used a chrome extension for so long that I was confused that one time when it didn't apply. It really makes it easier to read the comments when you can collapse a tree so that you can see the 'next' reply and still keep the parent in the view.
pdkl95 6 days ago 0 replies      
I wrote a userscript a while ago that does this:


brandonmenc 6 days ago 0 replies      
Please don't change a thing.

There's a reason why I had better conversations on BBSes in the 90s than I typically do online these days - the tech forcing you to slow down and be (somewhat) thoughtful.

fortyseven 4 days ago 0 replies      
While reading this on my tablet, using Yarn, I collapsed a bunch of these comment threads. It's useful. Implement it.
yasky 6 days ago 0 replies      
The comment page is basically broken without this feature. I rarely get to the even the 3rd comment when the first comment has many responses. Please allow collapsable comment trees.
Tell HN: Man, I quit
38 points by jorgecurio  3 days ago   18 comments top 17
poof131 2 days ago 0 replies      
Congratulations. You built an end-to-end product that you sold for money. This is probably more than 99% of programmers have ever done. In many ways you are succeeding.

Be flexible. Your determination, focus, and drive allowed you to power through on a project that you are now recognizing in hindsight might not have been the best option. Changing targets isnt quitting, its counter-attacking.

You are only 30. So many opportunities to keep swinging. All it takes is one hit. Be adaptable. Let yourself recharge. Figure out how you can take more swings in shorter periods of time. Figure out how each swing can work together to push you further towards your goal. As much as your work seems a failure now, there is a ton of learning in what you did. It will come with time. An incredibly successful entrepreneur I know said his break through happened on his 12th try. Thats a lot of projects.

Get away from the HN/SV bubble awhile. Its like Facebook in that you only see the successes. The struggles are mostly manufactured fluff and dont compare to what you put yourself through for 6 years. Most startups are built by people who took very little actual risk. Taking a year off your career at Google to go to YC isnt a real risk, thats like calling HBS a risk.

Dont let people say maybe starting a business isnt your thing. If a soldier got wounded on the battlefield, would you say maybe war isnt your thing and that we should only celebrate those who didnt take a hit? Of course not.

Youve proven that you are an entrepreneur. You have the determination. You need to rest, recharge, and figure out what other skills need work and how you are going to counter attack. Whether its starting a business or doing whatever else you want to do in life. Seriously, building shit is hard and clearly you have the aptitude for it. Good luck in your journeys and know that you did something.

karterk 2 days ago 0 replies      
I want to give you an alternate perspective. Sometimes it's far more liberating to accept and move on. There is this book called "Dip" by Seth Godin. I recommend that you read it (it's just 70 odd pages). In that book, Seth talks about how, when you are in a dip, it's important to realize whether to persist and succeed, or to quit. When things just drag on there is an opportunity cost associated with that. Unfortunately, only you are the best person to decide whether you should ride through this trough or to move on.

My first 3-4 side projects were abject, miserable failures. It took me 5+ years of waking up to failures before I had something going that really gained traction. If I had just stuck with my first project, I am sure I would have gotten nowhere. So, have the guts to pull the plug on the project if you think it's the end of the road. It's okay - take a break, and you will bounce back even stronger.

s_q_b 3 days ago 0 replies      
This sounds like a panic attack. Relax, breathe slowly, and get medical attention. At the very least they can rule out some more dangerous conditions.

They can probably also give you a long term prescription for a generic (but still good) long-term anxiolytic agent and a short course of benzodiazepines to knock out the acute anxiety.

Finally, some personal advice.

You will get through this.

You're 30. You could get a whole entirely different degree and career before even age 35. Your options are wide open.

Last part. I've been there. That feeling of impending doom, as if the universe is waiting to thwart my every move. The truth is that the universe doesn't seem to give a damn one way or another. Those feelings come from deep-seated anxiety.

The source of that anxiety, for me, was too closely personally identifying with my start up.

Your work does not define who you are. And who you are has intrinsic value beyond the ability to code. What helped me was to repeat this like a mantra, "I am not my company. I am not my company."

We all need some help from time to time. Thank you for reaching out to us, and I would encourage you to do the same toward others.

As for your first startup, that isn't failure. It's the best damn business education money can buy.

sklogic 3 days ago 0 replies      
> I've sacrificed so much for so little in gain

Learn to avoid measuring gain in $s. Think of all the stuff you've learned.

Nothing advanced my career better than a failed startup.

mindcrime 3 days ago 0 replies      
You are not defined by what happened in your past. Every single day of your life, you get to choose your course. You can wallow in self pity and tell yourself "I'm a loser and I suck" or you can gird your loins, suck your gut in and attack something else. That doesn't mean you have to jump into another startup right away (as a founder anyway), but you can choose to apply yourself, make a plan and work on establishing the life you want to live.

And remember the old saying... "In business, you only have to be right once".

So this shot didn't work out. Big deal, you're still pretty young. If you want it, you'll have more chances to take a stab at making it big with your own company. Take some time off if you want, regroup, rebuild you savings, whatever. But just think of it as a setback, not something permanent.

So what if you failed once. Bill Belichick, arguably the best head coach in the NFL and a certain first-ballot Hall of Fame'r failed miserably as head coach of the Cleveland Browns. Gary Kubiak, the coach who just won the Super Bowl, was fired by the Houston Texans just prior to the end of the 2013 season. Remember - "Success is never permanent, failure is never final".

And just think of how much you learned in the process. If you try again, you'll be better equipped next time, exactly because you've already failed once.

AznHisoka 2 days ago 0 replies      
You could perhaps just let that huge burden and pressure go, and just not work so hard. Maybe not even care about so many things in the world. Stop sacrificing and take some time to pamper yourself. Even if you have no money, just go out with a few buddies and party. Or save up some money, and go on a road trip. I know it's good to have "goals" in life, and aim high, but sometimes that mindset can be unhealthy if things don't work out. Sometimes you just gotta shrug, and say 'screw it', I'm going to start having fun in this life, and forget about goals.
willstepp 1 day ago 0 replies      
Taoism has good advice for this kind of situation. You have to come to the realization that you can never control the outcomes of what you do in life. If you base your happiness on outcomes alone then you are setting yourself up to be disappointed in the long run. Find value in doing good work for its own sake, learning skills to be applied in other endeavors, things like that. 30 is young, despite what you may think.

Fill your bowl to the brimand it will spill.Keep sharpening your knifeand it will blunt.Chase after money and securityand your heart will never unclench.Care about people's approvaland you will be their prisoner.

Do your work, then let go.The only path to serenity.

Walkman 3 days ago 0 replies      
I suggest to stop worrying about the past, you can do nothing about it, just accept the fact. Then you can focus on your brighter future. I'm pretty sure there are a lot of things you learned from this journey, concentrate on those. Also, this might make no sense right now, but you became much stronger by trying for so long and from your story you seem like not a quitter at all, but a hard worker.

My example: I started learning programming at 30, and never been happier since then.

You can have a bright and happy future, even if you think your past sucked.

tmaly 1 day ago 0 replies      
Congrats on building something to completion. It takes a lot more effort than people know.

If your willing to give it another go, I would learn how to build a sales funnel if I were you. Check out the book Ask and the OReilly book on Bandit Algorithms.

edoceo 2 days ago 0 replies      
That's close to what my first fail felt like. Its been 15 years since but I remember it well. Let go. Park at a regular job for a year or two with no "side" projects to let your mind clear up. Maybe starting/running a business is not your thing - but evaluate that later, with a fresh mind.
DrScump 2 days ago 0 replies      
Given that this is the poster's seventh "Ask HN" in the past month, perhaps he should be broadening his search for resources.
hentrep 2 days ago 0 replies      
I've recently gone through a similar situation/realization. The panic and desperation is normal and ephemeral. A short, unplugged break from everything can be a godsend (I spent a week road tripping through Northern California). If you're in the Bay Area, I'll gladly buy you a couple of beers and we can trade war stories.
rokhayakebe 2 days ago 0 replies      

Take some time off and explore other ideas on paper, discuss it with people you think can give you feedback via email/live/phone etc...

Preferably spend time discussing with people outside of tech about their work, their companies, what they do in general.

When ready get back at it and be ready to fail again until you don't.

mrits 2 days ago 0 replies      
Most people here have restartitis. We can't stay on the same project for very long. You did something very impressive. You'll be back. Try to take a break. A new idea will come and you will be better prepared and have a new sense of excitement that you might have no had for a decade.
lovelearning 3 days ago 1 reply      
Try selling off your SaaS through something like Flippa. Somebody may be interested in buying it.
markyc 2 days ago 0 replies      
i think a change of pace would help. this doesn't have to be an "all or nothing" deal. you can take a comfortable job or freelance, and still do side-projects all you want, without so much pressure.

also, the fact that you have a saas that sells is fantastic, you are way ahead of the curve!

there's a bunch of stuff you can do on that front too: lower the price and put it on more of an auto-pilot, make it free and use it as leads to your next product, etc

failure is necessary, but maybe work on failing faster. just don't neglect your life for your saas. it doesn't have to be like that

mapster 2 days ago 0 replies      
How many times did you pivot? If not, what kept you from pivoting along the way?
Tell HN: HN and Slack Office Hours with Jared and Trevor next Friday
17 points by katm  4 days ago   2 comments top 2
masudhossain 2 days ago 0 replies      
Can't wait!
thenomad 4 days ago 0 replies      
Thanks for the heads-up!
Ask HN: Is this recruitment tactic shady?
8 points by mercury_craze  1 day ago   5 comments top 4
dozzie 1 day ago 0 replies      
For me it's totally understandable that you dislike what the recruiter did. He(she?) was trying to sell you (with all the details you posted on the jobboard) as a candidate. Without your consent or even knowledge.

This is why we have laws about personally identifiable information in EU.

anon987 1 day ago 0 replies      
Scraping and saving resumes is a common tactic. I know recruiters from Companies You've Heard Of and even their big, well known company scrapes daily.

As for selling the information later, that's a different issue (and one that I agree is not ethical).

DanBC 1 day ago 1 reply      
dudul 1 day ago 0 replies      
> What it looks like is that a recruiter has paid a third party service to retrieve my CV it scraped from Monster in 2014 and get my contact details. Contact details that shouldn't exist in the open.

In 2014 your profile was public, so your contact information did exist in the open. May not be legal for a company to crawl Monster to store information though, you would have to look at Monster's terms of service (for example LinkedIn doesn't allow apps to store LinkedIn data, only to retrieve them via the API).

>I understand that placing my personal details on a job board would have resulted in everyone and their mother being able to read and save it, but I didn't really think that my CV and personal contact details would have been archived and continued to be used by recruiters long after I disabled my account.

Everything you put on the Internet is available to everybody until the end of times. Internalize that and you'll be fine :)

> I disabled my account as an indication that I was no longer looking for work, contacting me in this way is fairly blatantly ignoring this preference.

Recruiters don't give a damn about your preferences. Just blacklist this guy.

Ask HN: What's your favourite typeface?
12 points by NSHippie  4 days ago   16 comments top 15
lauritz 3 days ago 0 replies      
Adobe Garamond [0] is really nice to look at, I think, especially for long passages of text.

With Akzidenz-Grotesk [1] as a runner-up (and for headlines etc.). Font fun fact: This was actually the font Massimo Vignelli originally used on the NYC subway system, before the MTA changed it to Helvetica (which is a fine choice, too, though I personally think Akzidenz (on which Helvetica is partly based) is prettier) [2].

[0]: https://en.wikipedia.org/wiki/Garamond#Adobe_Garamond

[1]: https://en.wikipedia.org/wiki/Akzidenz-Grotesk

[2]: http://www.helveticasubway.com

J-dawg 3 days ago 1 reply      
Fun typeface fact: Stanley Kubrick's favourite was Futura Extra Bold, it was used on the posters for Eyes Wide Shut and 2001

Source: (http://www.theguardian.com/film/2004/mar/27/features.weekend)

The Nike logo is also from the Futura family (https://www.quora.com/What-font-is-used-for-the-Nike-logo)

kleer001 3 days ago 0 replies      

For fun, for nostalgia, for distinctiveness, for boldness, for my heart and my soul.


Susan Kare, its prolific designer:


starshadowx2 2 days ago 0 replies      
Neue Haas Grotesk [0], the original name and style of Helvetica.

[0] http://www.fontbureau.com/nhg/

charlieegan3 4 days ago 0 replies      
Anything I don't need to extra pay for!

Lato is nice - it's on Google Fonts.

tptacek 2 days ago 0 replies      
Raed667 4 days ago 0 replies      
I enjoy using "Duru Sans" whenever I need to write some paragraphs.

For headings and titles I like a clean "DejaVu Sans"

rooundio 4 days ago 0 replies      
Gotham by Tobias Frere-Jones. A very similar open source alternative is Montserrat by Julieta Ulanovsky
BjoernKW 4 days ago 0 replies      
Is there such a thing? Sounds a bit like 'favourite colour'.

Anyway, that said, Fira Sans is very nice.

Tomte 4 days ago 0 replies      
Bembo. Impractical as it may be sometimes, I just adore the capital R.
kp25 4 days ago 0 replies      
I just enjoy writing code using "Monospace".
brudgers 3 days ago 0 replies      
Depends on why I am selecting a typeface.
mnort9 2 days ago 0 replies      
Open Sans
gjvc 4 days ago 0 replies      
consolas 11pt
ivebencrazy 2 days ago 0 replies      
I'm a huge fan of Freight Text Pro for serifs (https://typekit.com/fonts/freight-text-pro). It's like... just rounded enough to be soft and kind, but still be professional. I'm talking mostly about the medium weight, but the whole series is nice.
Ask HN: C++ programmers, what dialect of the language do you use at work?
11 points by danbolt  3 days ago   17 comments top 8
davismwfl 1 day ago 0 replies      
For C++, I follow whatever is the standard for the code base, or the latest I can support on each planned environment -- which of course is not always the latest C++ standard out. I think that is a standard practice for most people.

Overall, I really like both languages and have bounced back and forth quite a bit. I'd say they both have good and bad things, in different ways, and their overall purposes are different. I'd also say that people who compare the two languages aren't really comparing apples to apples. For the simple reason you cannot remove the .NET eco system from C#, but C++ does stand on its own. The .NET ecosystem is what provides for the majority of productivity and other gains that C# affords. That isn't a knock against either, but I just don't see them as equivalents. To me it is like comparing a race car to an every day driver, both will do the job of getting you to and from the store, your more likely to kill yourself or others in the race car and don't have all the built in conveniences, but both can get you to and from.

UnoriginalGuy 3 days ago 3 replies      
> As a recovering C# programmer

As someone who knows C# and C++ and has worked with both professionally; C# is a much better designed language than ANY version of C++. C/C++ isn't going anywhere, but you could do much worse than to have developed in C#.

I think these types of remarks are reminiscent of the 1980-1990s where people declared one language or framework more "1337" than another, however the ironic thing is that they often poked fun at C++ for being less "serious" than ASM or C.

I stopped caring about which language made me feel more hackery a long time ago, because it became apparent that I didn't envy people who could write better assembler than me, it is people who are more productive and produce really cool stuff.

Right now I'd happily give up everything I knew about C++ to become a AngularJS expert because that's where the money is, and that's somewhere I could be extremely productive. C++ is still in the royal family for high performance, but who is recruiting for that? Where is the exciting C++ development going on? When was the last time you ran across a C++ project that made you envious?

PS - In answer to your question: I always work in the version of C++ that the codebase is written in, or the latest for new projects. C++ has received too many incredible improvements to ignore later versions of the language.

chrisbennet 3 days ago 0 replies      
I've been using Microsoft's C++ for decades so I wasn't able to use the cool C++ 11 features until recently. I'm like a kid in a candy shop with the new features. I've got a lot of C# experience so I was familiar with things like lambdas already.

I only work on greenfield projects so I'm free to use what I want. So far I've only taken advantage of lambdas and atomics and some of the new threading stuff.

osullivj 1 day ago 0 replies      
C++ MFC in Visual Studio 2003. No STL, no Boost, no templates. Like mid 90s C++ in fact, because the codebase dates back to the mid 90s. It's a contract gig on a legacy mortgage system.
Marqin 2 days ago 1 reply      
Here I'm using C++14 with Filesystem TS ( provided by G++ 5.3+ ). Ah, and we must not use boost.
archietcture 2 days ago 0 replies      
I am working in C# language .By Anaya,http://www.3d-architectural-rendering.com
archietcture 2 days ago 0 replies      
I am using C# language.By Anaya,http://www.3d-architectural-rendering.com
partisan 3 days ago 2 replies      
Just curious what you appreciate about C++ over C#.
Canadian customs installed spyware app on my iPhone?
13 points by pcmaffey  3 days ago   23 comments top 8
tptacek 2 days ago 3 replies      
Yes, I think you're being paranoid. It's hard to blame you given the last few news cycles. Canada did not backdoor your phone.

Having worked for a couple years for a Canadian company, I will confirm for you: Canada is super-unfriendly about people entering the country to work undisclosed jobs. Canadian customs often seems to start from the presumption that your visit is surreptitiously commercial.

If you give customs a sort of "half-commercial" answer, like "visiting a client" or "giving a talk", it can get worse. I was often given the advice of simply claiming I was there to visit a friend, even when what I was going for was otherwise legit. I've had friends in that same situation turned back at the border.

orionblastar 3 days ago 1 reply      

Apparently the NSA has a backdoor named DROPOUTJEEP but needs physical access to the iPhone first. Possible Canada is using a backdoor like it as well.

Apple is not cooperating with this backdoor it uses an exploit to install.

codeonfire 3 days ago 0 replies      
They took my iPhone as well and demanded the code a while back for no reason except that I was traveling alone. I imagine they wanted to dig for info on my employer because that's the question they strangely asked at the highway booth before flagging me in. Or maybe they just thought I was going to pick up drugs or something. Even pretended to check me for guns like any criminal would be that stupid. I remember a weird app like that but I thought at the time maybe it was due to messing around with xcode. It's not installed now.
RizlaPleaseLa 3 days ago 0 replies      
Oh buddy, when you lose physical access to your device, it's not your device any more. I imagine you got a full rootkit with forever-active wiretapping. Degauss and destroy I say!
ApolloRising 3 days ago 0 replies      
Can't remember exactly but it could just be instagram storage. Try the link below and see if that helps you figure it out.


rakadityas 3 days ago 0 replies      
Its nothing. I also has that. I think thats a corrupted app
atmosx 3 days ago 1 reply      
This might be an app that was not upgrade properly or something, nothing I haven't seen before.
coralreef 3 days ago 1 reply      
Are you an iOS developer by chance?
Ask HN: How do you organize your list of bookmarks to read later?
5 points by alexkon  2 days ago   10 comments top 10
mertnesvat 2 days ago 0 replies      
I'm using Kifi (https://www.kifi.com). It's like a bookmarks. Moreover its not just a read later for links also clustering links organize to different topics etc.
kek918 23 hours ago 0 replies      
I also tend to bookmark a lot of articles, but very rarely go through my list. I tried Pocket after Firefox forced it upon me, but after throwing a couple articles in there I realised I might as well throw it in /dev/null - that's not Pockets fault though, it's mine for not having enough time or <insert a reason here>.

However, I've noticed a benefit of just throwing articles into my bookmarks. Whenever I search for a specific issue, Firefox[0] will show auto-complete suggestions from my bookmarks. I keep a list of useful posts from StackOverflow etc and it saves me a couple of clicks here and there.

It's like my own little search archive before I press Enter and let Google do its magic.

[0]: I guess other browsers do this as well, I just use Firefox as my primary browser. You can verify this in about:config (browser.urlbar.suggest.bookmark)

tmaly 1 day ago 0 replies      
I used delicio.us back in the day before yahoo dumped it. I moved to Google bookmarks. Its a horrible interface, but it lets me store the bookmarks. Finding them again is next to impossible. Pocket I tried but the read it later feature would mess up articles that had code in them.

I had this idea at one point to make a system that auto organized the bookmark added by 2 or 3 concepts and you would choose the best one out of the suggested. It would be like having your closet organize itself.

brudgers 1 day ago 0 replies      
To a first approximation, everything I have ever book marked to read later has never been read. I'd guess the rate is probably around 1:400 over 20 years of web browsing.

I still bookmark stuff anyway. I just don't worry about reading it.

orky56 1 day ago 0 replies      
Tags in Evernote via the Evernote Clipper Chrome Extension. It's just as important for me to read something later as it is to organize which category it should go into. Tagging allows me to do both independently.
hoof_marks 2 days ago 0 replies      
i'm using papaly.com. its a bookmarking app. Categories within topics and then the link. The link allows you to add a note also. best is the developers take in all feedback and come out with better options.

But i rely on the chrome bookmarks also. And organize folders as and how my work or line of thinking moves.

But i guess many of us want much better bookmarking services than perhaps available presently.

kasey_junk 1 day ago 0 replies      
swah 1 day ago 0 replies      
Use pinboard's Read Later or Save to Pocket and forget it forever.
ericzawo 1 day ago 0 replies      
I swear by Pocket.
riyadhworks 1 day ago 0 replies      
I am using browser bookmark to read webpage later
       cached 24 February 2016 13:05:03 GMT