hacker news with inline top comments    .. more ..    31 Mar 2016 Ask
home   ask   best   3 years ago   
Ask HN: A spammer is spoofing my email address; what do I do?
40 points by hellofunk  2 hours ago   20 comments top 7
bks 53 minutes ago 1 reply      
This is commonly known as a Joe Job - https://en.wikipedia.org/wiki/Joe_job

Steps to mitigate.

1. Setup SPF immediately. You can validate your records here- http://www.kitterman.com/spf/validate.html

You'll have to know who you send email through and their SPF record, but a quick googling of "provider name SPF" should get you what you need.

Depending on your DNS provider the results may be instant.

2. Filter those bounces keep them out of your inbox - it's going to take while until this clears up.

3. Make sure that YOU are not hacked, check the headers of the bounce back messages here - http://mxtoolbox.com/EmailHeaders.aspx

Ensure that your IP or hostname is not listed there. (This includes web servers that your domain is hosted on, apps that send on your behalf etc)

4. You can check to see if your domain is black listed - http://mxtoolbox.com/blacklists.aspx probably not...but worth a check.

TL;DR - I run one of the largest spam filtering companies in the world. Happens all day to clients...it's one of the reasons people switch to us.

gupi 2 hours ago 3 replies      
There are already mechanisms to prevent the spoofing of legit email addresses. See details below:

DKIM - https://support.google.com/a/answer/174124?hl=en

SPF - https://support.google.com/a/answer/33786?hl=en

Dmarc - https://support.google.com/a/answer/2466580?hl=en

However, implementing needs support from your email/hosting provider.

spdustin 9 minutes ago 0 replies      
Postmark has a free tool to set up and monitor DMARC, which is another policy setting that can be used (if you own your domain) so that major email providers know whether or not to trust an email claiming to be from you. Postmark's tool lets you get digests and nice visuals of these automated ISP reports rather than you figuring out how to parse the XML they'd normally send directly to you.

Disclosure: I'm not at all affiliated with Postmark, I use their free tier transactional emails, and I use their DMARC tool.


kogir 37 minutes ago 1 reply      
I had this problem. Back when I finally took action I was receiving 500+ bounce notifications a day.

If you fully and correctly implement SPF[1], DKIM[2], and DMARC[3], you'll see a massive improvement as much of the SPAM gets dropped completely at recipient MTAs.

To fully solve the problem, you need something to filter the backscatter[4] . At the time I purchased Postini, but now that Google has bought them, Google Apps for Work seems to have this feature built in. There may also be software you can run on your own server, or other proxy services like Postini. I've not looked since I use Google Apps for work. Such filters simply track all outgoing messages you send, and reject bounces from addresses and domains you never emailed.

This has complete solved my problem. Now I only get regular SPAM, a fact of life now.

In practice, all these things together look like this for kogir.com:

 @ IN TXT "v=spf1 redirect=_spf.google.com"_dmarc IN TXT "v=DMARC1; adkim=r; aspf=r; p=reject; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc@kogir.com; ruf=mailto:dmarc@kogir.com; sp=reject;" mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFlfDA1Gpz8BQVpcNsiDkSp6ayVCWKlfeYXhiW0CaCgJJJkBpZj9E9OGMGUSAFFgEhCs8wf/fZCx9jsWkH34joEuylNnBnGt8exPSokLwrtubTQajOZcUgbpUlxwyCkyuE41mbpYUfWkPCOaRTa1VqZVWYs+ZdEkYaKXh9UALYeQIDAQAB"
The sp=reject in the DMARC record is very important, but only works if all valid email from your domain will pass both the SPF and DKIM checks.

[1] http://www.openspf.org/

[2] http://www.dkim.org/

[3] https://dmarc.org/

[4] https://en.wikipedia.org/wiki/Backscatter_(email)

cweagans 1 hour ago 1 reply      
IMO, this is a good reason to use a provider that will let you use your own domain. I recommend Fastmail. I've been using them for a while and have been very happy with them. The chances of some spammer spoofing you@somerandomdomain.com are much smaller than with username@gmail.com.
samwillis 1 hour ago 1 reply      
Do check that no one has hacked your email and is sending from it. You said that its a gmail account; spf will all be allready setup.

It's quite common to see people have their gmail accounts hacked and used for spam.

jontanemobay 2 hours ago 1 reply      
is this a yahoo/gmail or similar , or are you using your own domain. You won't get blacklisted if someone is spoofing your yahoo/gmail because their already are mechanisms to validate spoof'd vs legitimate messages. If you are using your own domain look into setting up SPF , DKIM and DMARC records .
Ask HN: Are you buying a Tesla model 3?
7 points by billconan  2 hours ago   12 comments top 7
lsiunsuex 2 hours ago 1 reply      
I'm actually really considering a Model S for my next lease - my problem is the closest service center is 3 hours away. Getting tires put on, getting breaks changed; no big deal. Battery failure or something worse and that'll be a really expensive tow ride. (I'm in Western NY).

Unfortunately, the model 3 isn't scheduled to come out until end of 2017 (if that holds true) and my lease runs out in March of 2017 so... gonna have to wait until the round after this coming one (generally lease for 3 years at a time).

But if it was coming out sooner and it's visually appealing - yes, I'd have probably put down a deposit tonight. Assuming it's not god awful ugly; which I can't imagine it will be.

cweagans 1 hour ago 1 reply      
I won't be ordering today, mostly because the event doesn't even start for me until 11:30pm. I would not be comfortable dropping that much money on a product that hasn't even been described to me. While unlikely, the thing could have like a 50 mile range or something. I want to know what I'm buying.

I believe in the current gen electric vehicles much more than I believe in current gen internal combustion vehicles, but that could be a side effect of being one of the affected VW TDI owners.

travisby 42 minutes ago 0 replies      
Took a half day from work so I could go and place my deposit early this morning. Waited about an hour in line once the store actually opened up.

It's a refundable reservation so I didn't mind putting money down first, and then seeing specs tonight.

cableshaft 56 minutes ago 0 replies      
No. I couldn't afford one even if I wanted one. Doesn't matter how much I believe in electronic vehicles.
chollida1 1 hour ago 0 replies      
TSLA is now the third most shorted stock in the Russel 1000, just behind Square and GameStop, short interest is up to 26% of the shares outstanding as of last night.

So in a round about manner, the market is betting that many people here won't be buying one, or that TSLA won't be able to deliver on it in a timely manner.

FroshKiller 1 hour ago 1 reply      
I just got back from paying my deposit. I work right down the road from a sales & service center.
joshuamcneese 54 minutes ago 0 replies      
as soon as i can see the specs and trim prices... probably
Ask HN: What is the best way to find Contract work or Remote Part-time work?
4 points by keviv  1 hour ago   7 comments top 4
raviojha 1 hour ago 1 reply      
As dudul has already pointed out, freelancing websites are a completely different game, people bid at way too cheaper rates.

I did some competitions (Design and Development) on TopCoder during undergrad days and was lucky enough to secure a place in top 3 couple of times. Key there is to choose a contest with less number of participations and patience.

Other than that, weworkremotely.com helps, browse some recent whoishiring threads. Might want to have a look at jobcombinator.io as well.

kaolinite 1 hour ago 1 reply      
Try user groups for your languages / technologies of choice. I subscribe to a couple of Ruby user groups in the UK where jobs and contracts are routinely posted - in fact, it's how I found my current contract.
alexkehr 1 hour ago 0 replies      
I really like Upwork. I've been getting surprisingly high paying long-term projects on there (anywhere from $50 to $100 per hour).
dudul 1 hour ago 1 reply      
I would avoid platforms specialized in contract work or freelancing. Like you pointed out, too much competition for too cheap.

There are websites that specialize in WFH work such as weworkremotely.com or wfh.io. Not sure they advertise a lot of contracting position, but it doesn't hurt to apply and specify that you are interested in being a contractor.

Another approach: all this spam you get on linkedin from recruiters/hiring managers. Just start reading them and reply with "I'll do it. Remotely and as a contractor". Most won't be interested, but a few may go for it.

Ask HN: Why use CoreOS and what are its advantages?
5 points by kishansundar  2 hours ago   discuss
Best ways to fight fatigue when coding?
11 points by bpg_92  15 hours ago   14 comments top 7
sudojudo 11 hours ago 1 reply      
First, don't set deadlines that make things difficult. Give yourself time to do the job properly. If the client is too demanding, they're going to be a problem in other aspects of the job as well. Gaining respect first comes from respecting yourself.

Second, get plenty of quality sleep, that means no caffeine/alcohol for 6-8 hours before bed, and allowing yourself at least 8 hours of uninterrupted sleep.

Third, when working, get up and walk around once an hour, for at least five minutes. Have a healthy snack, do some push-ups, walk around the block, anything but sit.

Fourth, exercise! Do something that makes you sweat for at least 30 minutes a day. This one is a must, no excuses.

Fifth, stretch. This can be done during your five minute breaks. If you do nothing else in this list, do wrist flexor and extensor stretches (look them up). Otherwise, your coding career can get cut short (speaking from personal experience). Stretching takes 2-3 minutes and can make a world of difference; do them every time you're feeling stale. It's not possible to stretch too often.

Next, eat right. Keep your diet light, skip the soda and chips; eat fruits, nuts and veggies, drink water. You're already sitting on your ass all day, don't make it worse by fueling yourself with garbage.

Finally, have some hobbies that don't require a screen. Go hiking or biking. Play a sport. Learn an instrument. Bird watch. Build a tree-house. Catalog all of the different bugs in your yard. Whatever, just get away from screens.

All of this is obvious and a no-brainer, right? Well, look at the people who have been in a field for 20-30 years, the ones who stick to the above are easy to spot; they're the fit, happy, healthy people. The others are easy to spot too, because they look like hell. Get into these habits before you need to, you'll be saving your future-self a lot of trouble.

Hope that helps. Time for my workout...

joelg 11 hours ago 1 reply      
I've been experimenting with working away from an Internet connection, and it's been working really well for most things. It has two great features:

- it forces me to focus only on code when I'm coding, since 9gag/Reddit/Facebook aren't available, and

- it forces me to get up and walk around and do physical things when I'm taking a break from coding

I find I am less fatigued and about as efficient, even if it means building a queue of Googleable bugs/questions that I return to when I'm back on the internet.

shanehoban 11 hours ago 0 replies      
In my opinion, you only have about 4 hours maximum of quality coding in you a day - I want to stress the quality part of that.

You can code 12 hours a day, but compare the code in your first 4 hours to your last 4 and see what I mean.

Just stop coding. Do other stuff.

I find that I can extend that quality window by spreading it out more. Don't do 4 hours in a block. Do an hour, or 1.5 hours and break for 30mins. Clear the head again. Then go back, you can do this more - leading to > 4 hours of quality code

tmaly 4 hours ago 0 replies      
Take a break, read something not about coding. Go for a long walk or hike. Clear your head.
hden 12 hours ago 0 replies      
Try coding on a hammock.

Hammock Driven Developmenthttps://www.youtube.com/watch?v=f84n5oFoZBc

rolfeb 15 hours ago 0 replies      
Back when I used to work a second job in the evenings, I used to get home around 4-5pm in the afternoon and have a nap. No more than 20 mins (set the alarm clock!). Made a huge difference.
angersock 15 hours ago 1 reply      
If you feel like taking a break, just take a break. :)

When you feel better, come back to it--you aren't any worse for doing so!

Ask HN: What to learn with 8-16 weeks of recuperation
6 points by purplejumpycows  9 hours ago   13 comments top 7
elbigbad 6 hours ago 2 replies      
I think that would depend on what I already knew, what I was interested in, and what I hoped to accomplish during this time (whether it be a hobby thing or professional development). Perhaps you could fill us in if you're looking for suggestions?

Personally I would probably sit down and learn the core of javascript, getting as deep as possible working toward a better understanding of what's going on under the hood. This is because in my daily work I really just scratch the surface superficially using it to write programs. I would want to understand it to the point where I could start to write something like Node.js from scratch (right now I don't even know where I would begin with this).

The reason for this is because I know C this way, so every time I write a line of code in C, I instinctively visualize what's going on under the hood.

I would like to be able to visualize this same thing with js.

arnold_palmur 4 hours ago 1 reply      
If you haven't already, build a compiler - it's an enlightening experience and gives you a lot of intuition.
jasonkester 6 hours ago 0 replies      
That's plenty of time to build and launch a new SaaS product and get your first paying customers. You'll learn a lot more doing that than you could from 4 months of reading books.
leojg 5 hours ago 0 replies      
Learn to play an instrument. It will help you on later study sessions.
purplejumpycows 4 hours ago 0 replies      
Thanks for all the replies so far, very interesting. Just to add, I'm just wondering what others on HN would do, I've no idea yet what to do, but from Monday I'll need to do something , or I'll go mad :)
tmaly 4 hours ago 0 replies      
Learn how to tell a good store. See some of Seth Godin's books
AnimalMuppet 3 hours ago 1 reply      
If you want a programming language, learn one that is far away from what you know. If what you know is dynamically typed, interpreted languages, learn a static typed compiled language. If you work with procedural languages, learn a functional one, and vice versa.

Or, as others said, learn something outside of technology. Learn how to play an instrument, or how to write fiction, or how to paint, or how to ballroom dance (if your health permits).

None of my business, but out of curiosity: What kind of illness gives you that long a recuperation time?

Ask HN: How to arrange share splitting in a new 2-people team
4 points by upstarter  9 hours ago   4 comments top 4
alain94040 23 minutes ago 0 replies      
Canonical answer: http://foundrs.com, aka the co-founder equity calculator.

If you have just met 1 month ago, your chances or not making it long-term are above 50%. I'm sure you're aware of that. What most people don't do, to follow-through with that fact, is to require vesting. There has to be a way for such an unstable team to blow-up and break up.

brudgers 4 hours ago 0 replies      
Spolsky recommends even split: https://gist.github.com/isaacsanders/1653078

It should be a legal entity now because equity is under consideration by at least one person now. Anything else creates more issues than it solves. Better to have a hard conversation that ends in a split now than after months of tiptoing around the landmine.

Good luck.

sharemywin 7 hours ago 0 replies      
A more important question is how do you manage disagreements. Specifically, you wholeheartedly believe you should do XYZ and they believe wholeheartedly in doing ABC. You can randomly pick. each do your own thing. let the person with most experience in that area make decision and go against your gut. split up. Ask for advice and trust that advice.
tmaly 1 hour ago 0 replies      
someone has to be the tie breaker 49% 51% should be the split
Ask HN: How do you debug your code?
84 points by s4chin  2 days ago   138 comments top 70
dfan 1 day ago 3 replies      
My techniques probably are somewhat due to having started 30 years ago.

I rarely enter an interactive debugger. I have TONS of logging statements I can toggle. I make program execution as deterministic and reproducible as possible (for example, all random numbers are generated from random number generators that are passed around). When something goes wrong, I turn on (or add) logging and run it again. Look for odd stuff in the log files. If it doesn't make sense, add more logging. Repeat.

I worked on a pretty large videogame in the 90s where /everything/ was reproducible from a "recording" of timestamped input that was automatically generated. The game crashed after half an hour of varied actions? No problem, just play the recording that was automatically saved and attached to the crash report. It was amazing how fast we fixed bugs that might otherwise take weeks to track down.

pmarreck 1 day ago 3 replies      
Data point: The amount of time I've spent doing "debugging work" has gone down VASTLY since I've adopted TDD. Literally, every line of debug code you will ever write (whether it's a println buried in the code or something done in a REPL) is a potential unit test assertion.

What is a debug statement, anyway? You're checking the state at a point in the code. That's exactly what a unit test assertion does... except that a unit test calls a single method/function... meaning the code you're trying to debug needs to be split up and written in a way that is easily unit-testable, with few, if any, dependencies that aren't explicitly given to it... which makes it better code that is easier to reason about (and thus results in fewer bugs).

See where I'm going with this? TDD = say (mostly) goodbye to "debugging"

skylark 2 days ago 4 replies      
Good debugging is a lot like good science. You start with a firm understanding of the system, form a hypothesis about what could be wrong with it, test your hypothesis, and then repeat. The stronger your initial understanding of the system, the faster you can debug things.

As a Python/JS developer a few print/console.log statements are usually all it takes for me to figure out what's wrong with something. For more thorny situations there's always PDB/chrome dev tools.

At the end of the day, the people who are the best at debugging things aren't that way because of the tools they use. They're the best because they can clearly visualize the system, how data is flowing through it, and where potential problems might arise. Intuition from dealing with other similar problems also helps.

svec 1 day ago 2 replies      
Oscilloscope, multimeter, GPIO toggles, logic analyzer, JTAG/SWD-enabled debug hardware. (Hey, I'm an embedded software engineer).

Sometimes debug printfs out a UART or USB if my system lets me, sometimes I'll create a log in memory if I can't printf or if the issue is timing sensitive (which a lot of my work is).

Pen & paper end up being very useful too - often writing out what I'm thinking helps me figure out what's going wrong faster than poking around the code or circuit board.

DonaldFisk 2 days ago 3 replies      
Most of my development is done in my own Lisp dialect, which is quite similar to Common Lisp. I use any of five different methods. (4) is the most interesting, and very useful. Does anyone else use it or something similar?

(1) Just add debug statements near where the bug is happening. These print a string, and the name and value of variables. Printed values in Lisp are human-readable, not just a pointer.

(2) Trace selected functions. This outputs the function name, arguments, and return value on function entry and exit.

(3) Use the virtual machine debugger. I can set breakpoints, display the stack, and trace VM instructions, but it's most useful for printing out disassembled compiled code.

(4) Browse data structures in Firefox. While my Lisp is running, a web browser runs in another thread, and every symbol has its own URL. Data structures are displayed as HTML tables.

(5) Unit tests. I've used these to debug complex algorithms, e.g. for event handling, and type inference.

drinchev 2 days ago 1 reply      
WebStorm has a pretty good debugger. Also if you choose to use other JetBrains product it will feel very familiar.

I've never read about specific methods on how to do this "by the book". I'm usually doing ( for NodeJS ) :

1. Set a breakpoint inside my NodeJS 2-3 lines before the exception that I got.

2. Run debug mode

3. Do what I need in order to reach the breakpoint

4. Analyze the variables inside ( via watch ) or run code in that function ( via console )

Helps a lot more than `console.log(some_var_before_exception);` :D

blendo 2 days ago 0 replies      
I start by asking,Did it used to work?If so, when did it last work? What changed? When?Does it work anywhere else?And most importantly, can you reliably recreate the bug?

Only after I've grappled with these questions will I move onto log analysis, printfs, the debugger, data fuzzing, etc.

calebm 2 days ago 2 replies      
I can typically just add print statements and figure out the problem in less time than it would take to setup and attach a debugger. But occasionally, I will use the PyCharm debugger with Python. And even more occasionally, I'll use an assembly level debugger (especially if I'm interested in the system calls, and it is not convenient to attach a Python debugger).
Alan01252 2 days ago 0 replies      
I'm using debug logging ( that isn't deleted ) more and more as I code. It's useful not only for solving the current problem you're experiencing but also helps the next person understand what the code is/isn't doing, adding to its self documenting nature.

Debuggers are great, but the knowledge gained by using them to solve a problem is completely lost once that close button has been pressed.

Also if I'm having to use a debugger to work out what's going on, usually it's a good sign my code is overly complicated...

przeor 10 hours ago 0 replies      
On frontend I use Redux so redux dev tool.

I'm interested about FalcorJS, does anyone use it ? I found it very interesting, check this out for more at: https://reactjs.co/2016/02/03/what-is-netflix-falcor-and-why...

Kenji 2 days ago 1 reply      
- If I know what's the problem just by looking at the bug, I go fix it.

- If I do not know what's the problem, I do everything in my power to reproduce the bug and maybe write a test (as small as possible) that triggers the bug. I enable logging or write a special log function to track relevant state in case the bug is rare.

- Once I know what triggers the bug, I should know the general direction of where in the code it is. I start printing various variables and parameters in case it's a low-hanging fruit like wrong sign or stuff like that.

- If I do not succeed with that, I comment out half of the code and look if the bug persists. If it does, then I know it's in the other half. If it does not, then I know it's in this half. I proceed with this binary search until I am down to 1 statement, which takes a logarithmic amount of steps. I found the bug. I fix it. (This does not work if the bug is in two places or if the bug is a bad memory operation that triggers a bug later)

- Real debuggers like valgrind are rarely necessary if you're familiar enough with the program. In fact, unless you're dealing with the hairiest of hairy memory problems and heisenbugs, you probably do not need a debugger at all. Debuggers are useful to debug e.g. generated assembly when you write a compiler.

leejo 2 days ago 1 reply      
It depends on the nature of the bug. If it's some behaviour that has changed then i try to isolate it to a test case, if one doesn't already exist. I can then use git to automatically bisect to the offending commit which, nine times out of ten, makes it immediately clear where the bug is. The net result is the bug being fixed and a useful regression test to make sure the bug stays squashed. And i got the vcs to do most of the work for me.

If it's something i think is trivial i'll just use a few print statements. This is 90% of the time.

If i end up with too many print statements then i step into the debugger. Others scoff at debuggers, which is odd because they can be powerful tools. Maybe you only use it once every couple of months, but they can be very helpful. When you're waist deep in the stack, or dealing with action at a distance, trying to fix something in poorly factored code, want to watch a variable, think there's some weird timing issue, need to step down into libraries beyond your control, then debuggers can help.

Don't think of the debugger as a debugger, think of it as a REPL. You just happen to be using the REPL with buggy code.

gravypod 2 days ago 0 replies      
I use my eyes.

If I can narrow it down to what line, or even file, is throwing an error I just take a few minutes, read all the code and all the code of branching methods, and then can narrow it down to a single line.

From there it is actually developing a fix. As you mess around with more and more languages, you will notice that most compilers lend something far from a helping hand.

This only works, and I will stress this, for programs under 1 million lines. Past that mark, you need to do some extra steps.

When I debug one million line projects, I narrow it down to a file. I pull out the code from the file, and I mock all of the methods that file calls (This gets REALLY hard with networked code. Trust me). From this small subset, I slowly break the functionality of the external method until I resemble the error being made in the main project. From that I now know the method(s) that are actually causing the problem.

But, there is one thing that this makes an assumption about: your compiler is working.

Put blatantly, they're crap.

Usually they won't show you the correct file causing the error or they will not generate a helpful error. Runtime errors are even worse.

The best thing to do is avoid making the tricky errors. Make unit tests, using fuzzing tests, and well made documentation.

Documentation alone, that details all of the possible output and input states of the function will save you days on some bugs.

In Java, the @Nullable tag is a godsend. Use these features, they WILL help.

If you do tests, fuzzing, and documentation.

Using your brain and some things to make your brain's job easier will make you faster at debugging then any debugger like your buds GDB/DDD setup.

jtr1 1 day ago 0 replies      
If all goes well, I work through a process like this. I reach for this tool when the bug in question seems to have its source in faulty logic, as opposed to say, resource consumption.

1. Reproduce the bug as consistently as possible.

2. Find a pivot for the bug. Whether this is a previous commit where the bug did not occur, or a piece of code that can be commented out to clear the bug, I need to find some kind of on/off switch for the behavior.

3. I comment out code / insert break points / use git bisect to flip the switch on and off, performing a kind of binary search to narrow the scope of the issue until I have it down to one line or method.

4. Once the source is found, read the surrounding source code to gain context for the error and reason toward a solution.

Of course, this works best if the bug originates from a single source. Sometimes this is not case and there are multiple variables interacting to create the undesirable behavior. Thats when things get really fun :)

stcredzero 2 days ago 0 replies      
I've done most of my debugging on dynamic languages, where you have a lot of power in the runtime, so my style is based on that. You can perform superpowered feats of uber debugging this way. These are generally also available on other environments, but the tools are less flexible, so they are much harder to pull off, much less inventing a new debugging method on the fly.

So imagine doing things like narrowing down execution to just before and just after your error, then taking snapshots of the runtime memory and diffing the objects. Or a conditional breakpoint that changes the class of a particular instance to a special debug class.

You can do many of the same things in compiled languages, I've since discovered, if you have a decent incremental compile set up, and you use some tactical thinking. But the environment always seems like it's trying to get in your way. (As opposed to a good dynamic environment, which seems more like an eager golden retriever wanting to play more fetch.)

pcwalton 1 day ago 0 replies      
In Rust, which I mainly work in these days: Either println using the Debug trait to pretty-print data structures or LLDB. Which is easier kind of depends on the situation, at least for me.
epynonymous 1 day ago 1 reply      
depends mostly on the type of issue, i don't believe that there's a one size fits all sort of solution. for timing sensitive issues or core dumps, it's typically low level things like gdb, trace, etc. for memory issues, obviously tools like valgrind, etc help.

in the olden days when i used ide's like visual studio or netbeans, i'd often times leverage their native debuggers to set watchpoints and step through code. but those days are over, now i mostly use interpreted languages like python, ruby, and compiled languages like golang (highly recommended). print statements are the way to go, especially if you're writing server side code (restful apis, websockets, etc), you'll want the log information as you won't be able to attach a debugger to a production system.

just a random thought based on this topic, if debug/log/print statements were detailed enough, one could actually take a log file and write some code to parse that and transform into test cases in your favorite test framework, that may have some effect on saving time writing test cases. for production bugs, you could take the log output as the reproducer steps to generate test cases to cover this.

and i really liked the comment about tdd and more importantly unit testing, it's critical and helps developers better organize their code.

joeld42 2 days ago 0 replies      
I still use a lot of printfs, but I make heavy use of the debugger. In general, my strategy for difficult bugs is to find a point A where you know the code is working correctly, find point B where you know it's broken and can catch it in the debugger or log, and step forwards from A and backwards from B until you find the bug in the middle.

When debugging difficult, intermittent problems (e.g. non-repro crashes) my strategy is to keep a log of when it occurs, add lots of diagnostics and asserts around where I think the problem is, until hopefully I can catch it in the debugger or notice a pattern.

90% of the work of debugging is creating a quickly reproducible test case. Once you have that you can usually solve it.

yekim 1 day ago 0 replies      
Depends on what you're debugging.

Desktop apps w/ C/C++ -- IDE based debugger (Visual Studio, GDB w/ a front end, ADB) print / logging statements

Embedded C -- IDE Debugger (Green Hills, ARM DS-5, IAR, Eclipse w/ remote GDB, etc) GPIO ports, logic analyzers, oscilloscopes, etc)

Apps -- ADT / ADB, print / logging statements

Python, bash, sh, .bat scripts -- print / logging statements

As many others have mentioned, having a consistent bug reproduction methodology is vital, a strong mental model of the SW and its various components is important, and a willingness to dive deep and question assumptions is critical. Ie don't always expect your compilers or various OSes to be infallible.

xkcd-sucks 1 day ago 0 replies      
I copy-paste something different from stackexchange. If that doesn't work in the first 10-20 tries I post a question describing my problem as abstractly as possible
halpme 2 days ago 0 replies      
As a Java developer I rely heavily on using the debugger in Eclipse and using grep to search through files. I first try to have a solid understanding of what the program is supposed to do, reproduce the bug, and then step through the code with a debugger to understand why the bug is happening. Other times I just try to find where the bug is happening, and working backwards to the root of the cause of the problem just be reading the code. This works most of the time, but as a junior developer most of the issues I have to debug are not too complex.
gedrap 2 days ago 1 reply      
Don't see the top comments mentioning that, so I will chip in: I always, whenever possible, try to reproduce the bug in tests first, before launching debugger / adding some statements, etc.

Being able to quickly reproduce the bug time and time again makes a big difference. Some permanent verification that it's actually fixed (at least in the given case) at the end of the session is also nice and adds a lot when doing a major refactoring or something similar. Especially for bugs related to the domain specific requirements, rather than the technical ones.

physcab 2 days ago 1 reply      
One very important "soft skill" aspect to debugging code is time and ego management. There are times when all I want to do is "solve the problem" and if it means losing 4 hours of sleep over it, my obsession will let it happen. But I'm starting to learn there should be thresholds before letting the problem go and asking for help. Sometimes the fastest way to solving a problem isn't brute forcing it, but getting away from the problem, letting it simmer, or asking someone more experienced.
Gibbon1 1 day ago 0 replies      
I have a couple of things I do depending on the code I'm working on. With the firmware I work in debugging is tricky because normally stopping the world with gdb messes up the delicate dance going on. Also the processor only has two hardware break points which isn't enough frankly.

However I do use gdb from the command line on occasion. Code I write is pretty heavy on global variable and with gdb you can poke about and see what they are. You can also use gdb to look at internal processor modules.

To get around the limits of not being able to use break points I have a command line interface built into the firmware, which I use to poke and prod for debugging. I'm dimly aware that almost no one else does this, but can't for the life of me figure out how people get by without it.

I also have a critical error handler that can save information off to a no init section of memory and then reset, recover and then log the error via the serial port on startup and via the radio. This is useful because for instance I have that hooked into the bus fault interrupt, so I can pull the offending instructions address off the call stack. The binutils program addr2line.exe rats out the offending line of code about 99% of the time.

For timing related stuff I make heavy use of toggling port pins and watching what happens with an oscilloscope.

For networking stuff sometimes I use wireshark.

For C#/.net development I use Visual Studio and logging either to a window or to a file. However I've noticed that when other programmers work on my code they immediately delete that stuff and switch to printing to 'stderror'.

anarchy8 2 days ago 0 replies      
I work with mainly Javascript. I like to log everything, so I rarely need to use debuggers. When I have to, the Chrome developer is all you need. You can even use it to debug Node stuff
forgotmypassw 2 days ago 1 reply      
GDB and some fprintf calls cut it most of the time. The worst kind of bug is when the program segfaults into oblivion and works fine under GDB but in 99% of the cases that's related to uninitialized memory, which might be a bit hard to find but is quite simple to fix (it's the worst because it sometimes takes a while to figure out where you forgot to initialize variables when it's unrelated to a new change and happened to just not occur during previous changes).
cyphar 1 day ago 0 replies      
Obviously the first step is to create a reproducible test case. But after that it becomes a bit more involved.

For most bugs I look at, I usually wish that Linux had DTrace. I can't tell you how many weird bugs I've found where finding the solution would've been debugged in 20 minutes of DTracing. For example, I'm currently investigating a weird memory leak in Docker that actually appears to be a reference leak in the Go runtime. It took me several days to figure out it was a bug in the runtime (if I had DTrace I could've found symptoms of the issue much faster).

But in general, most of the bugs I find can be debugged with some print statements if I can correctly make an educated guess where the bug lies. For other sorts of issues, unit tests or creating minimal test cases works pretty well and for everything else I'll jump into a debugger if it's really necessary.

andreastt 1 day ago 0 replies      
This is a great question! I tend to find my debugging practice differs depending on the language Im using and the array of problems, but the recurring common denominator is printf.

In Python I mostly rely on print(f) debugging, especially when working on multiprocessing programs, which I do rather frequently. With multiprocessed Python, pdb is useless. pdb is great, but not for a multi-process program. Most of my issues are related to sub-optimal API documentation that fails to point out argument types, and find I do a lot of trial-and-error programming, for which printfs are great. Occasionally I drop into `import pdb; pdb.set_trace()` to inspect objects or the REPL to try out ideas.

JavaScript is an interesting beast where, next to console.log, I find myself using linters a great deal. A linter isnt as sophisticated as compile-time checks, but does a frightfully good job at most trivial mistakes that are hard to debug in runtime. I often find myself running the linter under watch(1) so it updates when I make changes.

In Perl and shell, which I use ever more infrequently, the equivalent of the printf debugging is the norm. The only language I have found the debugger to be the first choice has been Java.

With Rust, I find myself resorting to a debugger surprisingly seldom. Its type system and the safety checks in the compiler catches most of the mistakes I make.

I dont do much C programming anymore, but if I did, I would be interested in using rr (http://rr-project.org/), which allows you to record a run of the program and replay it _exactly_ as it was the first time, essentially letting you reproduce and fix race conditions.

tgreenhaw 2 days ago 0 replies      
Debugging anything starts with the concept of repeatedly splitting the failing system in two. You check that the input is good and verify the output is bad. Then split the process in two. If things look good in the middle, split the second half and check. If things look bad in the middle, split the first half and check. Repeat this process until you have isolated the bad portion of the process to an indivisible step.
joegaudet 2 days ago 1 reply      
IntelliJ has great debugging integration with JS / PHP / Scala (the tools I use currently).

Set a breakpoint in the code, refresh the browser, and all the variables in the scope will be annotated with their value at break time.

This is really what you're after when you're println debugging - it has the advantage of showing you everything in a minimally intrusive way which is helpful when you don't know what you're looking for exactly.

insanebits 2 days ago 0 replies      
As I mostly work on PHP and JS will try to explain how my debugging session usually goes. Most of the bugs are easily reprodusable so for them I just go straight for the file and setup xdebug via PhpStorm. And that almost always gets fixed quickly since I have a good idea what went wrong.

But not all the bugs are easy to solve. The worst kind of bugs are hard/impossible to reproduce. For them my approach is to suspected places where it could occur and add logging, and just wait until it occurs again(sometimes it takes weeks or even months). So I am trying to log how the data flows through the system by isolating the direction to look for.

For example: I'm yet to find cause of the mystery of the MS Word and TinyMCE, where sometimes it will not strip out microsoft's formatting. It only occurs about once a month. I wrote a simple alert script which sends me an email when this happens and I can get to the person in seconds(most of the users are in the same office), and try to reproduce the exact moment when it occured on users computer.

My fix was just show an error asking users to repaste exact same text which then works as expected.

jaequery 2 days ago 0 replies      
Doesn't have to be rocket science really, (unless that is what you are doing). For web development, it's code, refresh browser, repeat. With a tail -f on the application/server logs usually does the trick.

But I think IDE's can't beat real-time debuggers, like console.log or Ruby's bettererrors gem, having full real-time access to application logic/code at the spot, you can't beat that.

raviojha 2 days ago 0 replies      
It always helps if you can see the code run line by line. For instance in Django, I use ipdb (import ipdb; ipdb.set_trace()) to check the state of variables and check where they are not what they were supposed to be. Similarly in JS, by adding break points. For compiled languages it has been a tough job, however its more or less the same.
wmichelin 2 days ago 0 replies      
For PHP: xdebug.For JavaScript: Chrome debug tools.

Logging doesn't give you anywhere near the power the a good debugger does.

mikestew 1 day ago 0 replies      
I think you've asked your question poorly, because it will very much depend on what it is you're debugging. Obj-C for an iOS project? Xcode and its usable visual debugger. Good luck using that if you're writing for embedded, though, or if you're writing for a "Made for iPhone" accessory that uses your one-and-only USB debugging port, in which case you'll want to hit the man pages for printf.

JavaScript? I dunno, do they even make debuggers for JS? (I'm being facetious; I rarely work with JS.) Whatever is used, I'll bet it will involve something about a browser and a dev console.

Statically-typed language? Dynamic? Makes a difference.

Point is, 90% of whatever answers you receive here will not be well-suited to your particular situation.

onetimePete 1 day ago 0 replies      
Bisect and binary search.If the Module has been found that produces the error, I go to the fault-lines. These are:Data-Input and Filtering.States outside of the Set of accepted States (Anticipation-Error - the reason why every time you write else/default for anything else then a error- that's a error).Those points inside the code, where you switch between two brain language-models (arithmetic/data-handling) (procedural/object-orientated), (relational/ list-think), (value/state-handling) etc.

If you do that right, you can skip the reading and go right for the beef. Breakpoint.

Last but not least - good architecture, worst heisenbug wont cost you as much as the smallest architecture error.

howeyc 2 days ago 0 replies      
Print statements, or logging. Using a debugger is an extremely rare occurance, once a year at most.
chewxy 1 day ago 0 replies      
I use a lot of Golang. I write a logf() and a recoverFrom() function that only has a body in debug builds. Then I pepper the code that I want to debug with panic()s and logf()s. After it's done, it goes into a test file.

I also output my code to .dot format to visualize the flow of data quite a bit. This is extremely useful in statemachine like stuff - I basically can create animated gifs (well, not really, it's more of me pressing right on my image viewer) to watch how my programs execute.

Why not Delve? I do actually use Delve. Just not as much as logf()s and panic()s.

Hmm.. in retrospect, I also dump a lot of data (neural network weights for example) into csv for debugging

HankB99 2 days ago 0 replies      
Relentless application of logic.

Probably says something about my coding practices that I've gotten good at it.

SyneRyder 2 days ago 0 replies      
Like most of the other comments, I generally use printf / MessageBox statements for most things.

But since I work on consumer desktop software, occasionally a customer will encounter a problem that I can't replicate on my dev machine, and their bug description doesn't help me locate the problem. In that case, I try to duplicate the customer's system as much as possible: I have Parallels Desktop & VM images of almost every version of Windows, and I can configure the amount of RAM. Sometimes it's easier to ask the customer to run a special Debug build, but if they're not very tech savvy, Parallels can often help me reproduce the bug myself.

andr 2 days ago 1 reply      
Python's pudb is extremely useful if you don't use a full blown IDE. It gives you an ncurses-based GUI debugger inside any Python app.

Snapshot debuggers like Google Cloud Debugger are probably the way forward. Alas it doesn't support Python 3 yet.

shruubi 1 day ago 1 reply      
I've always found debugging primarily via logging statements strange, we have interactive debuggers which allow us to pause execution, analyze the current stack and monitor your variables to ensure correct values and people still feel that writing stuff to the console is the best way to debug?

That being said, I'm not trying to take anything away from log-based debugging, there have been many times when log-based debugging has saved my bacon, but it feels strange that there is almost an attitude of interactive debuggers being "lesser" in these comments.

raquo 1 day ago 1 reply      
For particularly bad problems, after exhausting standard methods, I start writing a stackoverflow question or a help request to someone on my team. I barely ever have to send it, this just forces me to spell out an exhaustive list of things that I've tried (or forgot to try). Eventually I figure out what I've missed, and if not, I have a help request all ready to go!
alkonaut 1 day ago 0 replies      
I try to figure out the error condition "parent is null" or "order is placed but item count is zero" or whatever the error condition might be.

Then just put a conditional breakpoint and wait for it to confirm the error and break. Once there I can probably reason backwards to an earlier state that led to the error condition such as "an item must have been removed from a placed order" so again a conditional breakpoint in the remove method with the condition that the order is already placed. Rinse repeat.

danieltillett 1 day ago 1 reply      
Most bugs are pretty easy to find - what I would love to hear of is unusual ways of finding hard to reproduce bugs. The sort of bug that only shows up non-deterministically after the program has been running for 48 hours, bugs that come from third party closed source libraries, bugs that only occur on remote customer machines.

One thing I have found helpful is to compile the code using different compilers and on different platforms. A bug that is hard to reproduce on one OS can become deterministic on another OS.

tmaly 2 days ago 0 replies      
I use vim as my editor, so I tend to use print statements.

I do use the perl debugger though when I am writing perl and when there is a need. The benefit to this debugger is that it comes built into the language.

krapp 2 days ago 0 replies      
At the moment, I'm teaching myself Hack and how to use Vagrant, and I'm debugging through nano. It's tedious and frustrating, but on the upside, it forces me to write extremely simple code just so I can keep debugging time (and the size of the errors) to a minimum.

I've also gotten into the habit of building SDL projects in Visual Studio to use the console so I can just dump whatever I want into it.

I'm probably an example of what not to do in many cases, but still get the job done.

coherentpony 1 day ago 0 replies      
I use gdb if I'm on linux, and I use

 std::cout << "got here" << std::endl;
if I'm on OS X.

gdb on OS X is such a horror show.

twphonebillsoon 2 days ago 0 replies      
For C++: Logging, gdb and valgrind
random_coder 1 day ago 0 replies      
I mostly write C++ code on Linux systems. I use ddd for interactive debugging in bigger projects. For throwaway code(C++ & Python), I just use print statements.
heywire 2 days ago 0 replies      
I work on a Windows-based point-of-sale product, so my time is spent inside Visual Studio. Most of the time I use the remote debugger attached to a virtual machine. For reproducing issues from production, good logging is key. From our logging we can easily retrace the steps that caused the issue. I also occasionally use memory dumps and network captures to help track down production issues.
sn9 1 day ago 0 replies      
Udacity has a course on [Software Debugging](https://www.udacity.com/course/software-debugging--cs259) taught by Andreas Zeller, the original author of DDD.

Anyone who'd like to learn a more systematic debugging process should take it.

callesgg 2 days ago 0 replies      
I look at the error message and the Traceback if there is one, then i go to the code line in question.

If there is no Exception and there is som kind of logic bug.I search my way to the logic code with the issue by greping and reading.

When i have found the approximate location of the issue i will probably set up some var_dump's or log.Println in the code to get a better understanding of what is happening.

After that it is usually a done deal.

kstenerud 1 day ago 0 replies      
I use whatever tools I can get my hands on. Debuggers, disassemblers, tracers, file snoopers, memory snoopers, datacomm snoopers, code isolation, in-circuit emulators, soft emulators, print statements, lamp toggles, jtag, breakout boards, even sound. If it'll speed up my debugging session, I'll use it.
larrik 2 days ago 0 replies      
As a python dev, I either debug it in PyCharm, or I run it in the shell (especially if its a situation only in production).
japhyr 1 day ago 0 replies      
I'm a hobbyist who's slowly making the transition to professional work. Almost all of my work has been solo, and I've gotten away with using print statements for almost all of my debugging work. I work mostly in Python, and I'm going to start using the logging module in my next project.
oxplot 1 day ago 0 replies      
I follow the data. If a network/USB/Bluetooth program, I fire up wireshark. Text/binary outputting programs, hexdump. Looking at a single piece of invalid output gives me a lot more insight into the problems a lot faster.
radicalbyte 2 days ago 0 replies      
Web: chrome dev tools.

Windows during development: Visual Studio.

Windows prod: DebugDiag to get the dumps, combo of VS, DebugDiag and the various native debuggers for analysis. Dumps created by the user or the system are also input.

Windows event tracing is also absolutely fantastic IF you have it.

catwell 1 day ago 0 replies      
Print statements and assertions. I rarely use a debugger, except coupled with something like Valgrind ("drop me into GDB if I use uninitialised memory") or to examine a core dump generated by a failed assertion.
tragic 1 day ago 0 replies      
Cowboy-style - puts/print/console.log all over the place.

I feel no shame.

cyberpunk 1 day ago 0 replies      
As an operations dude (or, at least, a recovering one) I've spent much of my professional life fighting post-deploy issues at the coal face, which almost always involves (when it's an app issue) digging into the code; even when we do that though, an important bit is observing what the boxes are doing in real time (we're not all dumb "INSTALL RPM AND RESTART" guys!) so we can explain impact and mitigate.

Usually, my goal then is to either:

1) Find a configuration / infra issue we can solve (best outcome for everyone)2) Give the most info to dev to enable a code fix, and roll back/mitigate in the interim.

In the last few years, people have paid me lots of money to build these really cool ELK or Splunk log chewing systems for them, which I have to admit, are utterly useless to me. There are really great monitoring tools which give me historical graphs of stuff I usually don't care about too.. but... I, and most of the folks I run with don't really reach for these tools when we hit a prod issue as the first resort.

Lets say, hypothetically, a customer of mine has an issue where some users are getting timeouts out on some API or another. We got alerted through some monitoring or whatever, and so we start taking a look.

First step, for me is always login a webserver at random (or all of them) and look at the obvious. Logs. Errors. dmesg. IO. Mem. Processes. The pretty graph ELK tools can tell me this info, but what I want to look at next is easier to jump to when I'm already there, than trying to locate IOWAIT in something like splunk.

All looks good on the web servers. Ok. Lets check out the dbs in one term and the apps in another. You follow the request though the infra. Splunk or ELK can tell me one of my apps is eating 25,000 FDs but then what? I need to login anyway. Next on the list are tools like strace/truss, iostat, netstat and so on which will immediately tell you if it's an infra/load/config issue, and we go from there. Down into the rabbit hole.

The point I'm trying to make is; for me at least, the tools we're deploying and being paid well to deploy now like dataloop, newrelic, splunk and so on are actually useless for solving real-time prod issues (for me personally, and my crew, at least) because they only expose a very small amount of info, and almost regardless of the issue I'll need to be on the box looking at something unique to the problem to either explain the impact of it or to mitigate it.

As I said though, I'm a recovering ops person and I'm doing dev these days. I still tend to use print statements when I hit a bug; although since I'm now mostly doing Erlang, bugs are rare and usually trivial to track down.

aerovistae 2 days ago 2 replies      
Like the other commenter, I mainly use JS. The Chrome Development Tools are all I need. Breakpoints, conditional breakpoints, and walking through the call stack are the main tools. Adding watch expressions is pretty handy sometimes so I can quickly run through a loop with a breakpoint, just hitting continue repeatedly, and watch the values change while just hitting F8.

Next most important thing is the network requests tab-- seeing what data is coming back from the server, if any, is indispensable.

If I'm debugging minified code that we haven't set up source maps for yet, I'll find a string literal in the source to match up the minified code to unminified code so I can see what I'm doing anyway by looking back and forth.

When I have to reproduce a bug, I often use the FormFiller extension for Chrome to quickly navigate our forms without having to fill them out.

I use EditThisCookie (another Chrome extension) to modify or view the cookie as I work, or to delete it to start a session from scratch. I don't like Incognito mode because I don't have my extensions and it doesn't maintain breakpoints when the tab is closed and reopened.

With regards to the call stack, being able to black-box certain scripts is awesome. You can right click a script in the sources explorer on the left side of the DevTools and black-box it, which will stop it showing up in the call stack. No more jQuery / Angular / Underscore calls cluttering my callstack!

What else...whenever I'm debugging CSS I always just do it in DevTools so I can see changes on the fly to figure out the problem.

I also used to use the handy "debugger" statement now and then, although I use it less and less these days since it's the same as a breakpoint but takes slightly more effort. Mostly only use it when I already have the code open in my editor and don't feel like manually finding that point in execution in the DevTools....it's kind of like "go-to this line."

Ctrl+P in sources of DevTools allows fuzzy search among files. Which is awesome.

There have been times I've used the XHR breakpoints, Event Listener breakpoints, and DOM breakpoints, but it's really rare for me. Definitely though there are cases where I'm not sure where an event is originating from and these have very much come in handy at those times. Underneath those on the right of the sources you can also see a total list of all active event listeners, which is also nice.

I'll add more thoughts if I think of anything else...I guess I'm mostly talking about my tools here. With regards to my thought process, that's more complex...hmm. I guess I try to figure out what the desired behavior is, try to see what the actual behavior is and how consistent it is, then see if I can find the code that controls that part of the application. If I don't already know, I Inspect Element on the page, find an element id or something, then look it up in our code and follow the trail to whatever's controlling the page and relevant behavior. From there it's just careful examination of the logic to find the flaw, using all the tools above.

emartinelli 2 days ago 0 replies      
IntelliJ debugger for Java, VS debugger for C#, print for Python and Perl, and console.log and Chrome Dev Tools for JS.
tbking 2 days ago 0 replies      
console.log and dev tools all the way!
namuol 1 day ago 0 replies      
The only advice I have regarding debugging:

Interrogate every assumption you make.

pcestrada 1 day ago 0 replies      
Log the hell out of the code.
eecks 2 days ago 0 replies      
For Java, eclipse
Mizza 1 day ago 0 replies      
import pdb; pdb.set_trace()

Or the equivalent for whatever language I'm using.

lirinawi 2 days ago 0 replies      
Thank you
lcfcjs 2 days ago 0 replies      
This is a great question and I am curious as to how others do it as well. I primarily code in nodejs and usually I just add console logs to give me visibility, however I feel like this is primitive and time consuming.

I have played around with node-inspector, but I have found that it's awfully slow, particularly with really large arrays or objects. So I eventually just abandoned it. It seems like a good idea, and might be worth revisiting in the future.

Ask HN: Advice on selecting programming languages for a new web product?
3 points by vpj  10 hours ago   7 comments top 5
brudgers 4 hours ago 0 replies      
Random advice from the internet:

Does it really need to be able to handle a very high volume of small requests right now? When there's no code, no customers and no use, yet, there's no profile showing evidence of a performance bottle neck.

To put it another way, the first order problem isn't technology, it's product market fit and finding customers. That means getting a "conversation starter" up and running is a task on the critical path and "what infrastructure might be necessary if Facebook signs up" is not.

So if the person can build a conversation starter in Java and iterate on it more quickly than they can learn node.js then the answer is pretty obvious -- assuming the question is "how do I build an enterprise product?" It's less obvious if the real question is "what should I learn?"

I'll add that in terms of tooling [such as the aforementioned profiler] and scaling infrastructure, Java is vastly more mature in the enterprise market: even if Atwood's law predicts that we will get node.js for IBM's Z/OS mainframes [if we haven't already], Java is already on big iron. Which is to say it scales both up and out.

But again "best" really comes down to the relative value of "it's time to earn" versus "it's time to learn".

Good luck.

FlopV 5 hours ago 1 reply      
This is what I use anytime I need to pick a language. http://www.wfplsiu.com/
makufiru 9 hours ago 0 replies      
Java would do fine, and much better than Node for this case.

Even if it wasn't better, the best language to use on a project is the one you already know. So still Java

tmaly 4 hours ago 0 replies      
If your not doing a native phone app, your front end is going to be Javascript. For a backend, choose what ever your most comfortable with.
meric 6 hours ago 1 reply      
>> very high volume of small requests

I recommend something with non-blocking IO. I suggest Lua-Resty on Nginx.

Ask HN: Which IoT gadgets do you use in your AirBNB rentals?
8 points by baus  19 hours ago   3 comments top
win_ini 16 hours ago 2 replies      
Cabin in Tahoe, about 3 hours from my full time home, so I have interest in automating. It is off utilities network - septic well... Even needed a cell booster to get a cell signal indoors.

Some devices I've tried:

Sensi thermostatWink spotter (no longer available)Dahua security cam

Lockitron was hopefully going to be used for access, but it didn't work out.

I've considered adding a tablet for guests to lookup instructions for the house.

I have an "EKM metering" (ekmmetering.com) gas meter that can (at some point) be connected to a pulse counter - they have a device that can tie your electric, water, and gas usage into a graph on the net (and they have an API).

Tried a wemo light switch - it sucks.

I have an Ambient Weather station that feeds current weather stats to weather underground.

Ask HN: Which personal investing tools do you use?
84 points by umitakcn  1 day ago   34 comments top 20
chatmasta 1 hour ago 0 replies      
I read hacker news and invest in companies that are clearly leading in the engineering space but wall street buffoons are too stupid to notice. I target companies with upcoming earnings releases, skim the top few "analyst reports," and invest in the ones with gaping holes in the analyses (indicative of stupid investors).

For example, AMZN is frequently undervalued. If you read analyst reports, there are scarce mentions of EC2, almost as if the 23 year old bankers writing the reports don't even realize Amazon has a cloud business. All the reports of "competition" are focused on Amazon retail competition, no mention of google cloud, microsoft, etc..

And yet EC2 is absurdly profitable, with margins far higher than Amazon's retail business. But you wouldn't know that if you just listened to the hot air coming from "analysts," which is exactly what institutional investors listen to.

I've had pretty good returns just trusting my own gut and only investing in tech companies where I am confident I know more than the bankers. If you read the analyst reports, it will usually be pretty clear whether they're making an accurate assessment of value.

lewisl9029 1 day ago 4 replies      
I use Quantopian to paper trade a simple algorithm I developed and tweaked over the years, and then check daily and manually execute the trades with with my own broker (Questrade in Canada, which isn't supported by Quantopian's live trading platform).

Quantopian is literally the single most disruptive product in personal finance that I know of: https://www.quantopian.com/

(Not affiliated in any way. Just a really happy user.)

zck 1 day ago 0 replies      
Betterment. (https://www.betterment.com/). It's passive investing done in the tech world. It sets up your portfolio for you with low-cost investments^1 and low management fees^2. You get automatic rebalancing with intelligent tax minimization^3 when your account gets too unbalanced, and every time you auto-deposit cash, it rebalances your account.

If you're looking to pick specific stocks, this isn't the tool for you. But I want something that gives me control at a high level (how much risk are you willing to take?), but takes care of the details for me^4. And Betterment gives me that. It's really a "set it and forget it" solution.

(Note: I interviewed at Betterment, but didn't get an offer. My friend's brother is employed there on the financial side. I have no financial stake in Betterment other than the money I've invested there.)

[1] The fund with highest fees I have is Vanguard Emerging Markets Government Bond ETF, at a 0.34% fund fees. One other fund is 0.25%; everything else is below 0.20%. These expensive funds are at low percentages of my portfolio.

[2] The most you'll pay is 0.35%: https://www.betterment.com/pricing/. If you have at least $10k, you'll pay 0.25%.

[3] http://support.betterment.com/customer/portal/articles/98745... see "Sell/Buy Rebalancing".

[4] You tell Betterment what your risk tolerance is, and it picks funds for you, and target levels of these funds. It will automatically purchase these funds in the right amounts.

jeremysalwen 1 day ago 1 reply      
I use http://investor.vanguard.com to invest in very low cost index funds.
blabla_blublu 1 day ago 0 replies      
Just started with Betterment - pretty simple to use and acts as a blanket over investing. I experimented previously with individual stocks in the market, had reasonably good response. However, I cannot spend time on reading up and making informed decisions.

Curious how betterment will do against WealthFront. On the longer run, I am thinking about splitting the money two ways and put in a bit with both Betterment/Wealth Front as a strategy, possibly.

keywonc 1 day ago 2 replies      
Hellomoney: JSFiddle for backtesting investment portfolios. http://hellomoney.co/

You can design portfolios from 24,000+ stocks and funds, and backtest it as you build it. Helps you understand how input (each holding) affects the output (historical performances) in a "build-to-think" way.

If you frequent finance/investing related parts of Reddit, you might have seen it. It's the official tool of /r/portfolios now.

* Full disclosure: I designed this tool.

lorenzomark4 1 day ago 0 replies      
Check this article from Product Hunt team, there are bunch of tools which can be useful for savings and investmenthttps://medium.com/@producthunt/the-7-best-personal-finance-...
YJwhyjey 1 day ago 0 replies      
http://seekingalpha.com/ Good news source

https://stockcharts.com/ Great chart to guide you in reading technical analyses.

adarsh_thampy 10 hours ago 0 replies      
For me, I use Scripbox for my mutual fund investments. There is no customized portfolio like betterment or wealthfront. Scripbox believes in a one-set-of-funds approach coupled with annual review and rebalancing for long term investing. It's available for Indian users.

Full disclosure: I used to work here.

Ab91821 1 day ago 1 reply      
I do massive amount of self due diligence before investing in a company or in a fund.

* Research: Yahoo/Google Finance

* Stock Screen: finviz.com/screener.ashx https://stockflare.com/landing

* Portfolio Visualization(Handy):http://hellomoney.co/

* Portfolio Optimization: https://www.portfoliovisualizer.com/backtest-asset-class-all...

baccredited 1 day ago 0 replies      
https://www.mint.com/ - track your net worth

https://lab.madfientist.com/ - track your FIRE date - Financial Independence Retire Early, otherwise known as FU money (my date is Dec 2022)

http://www.mrmoneymustache.com/ - learn how to save and invest. And no, you dont have to be as frugal as Mr Money Mustache.

https://www.reddit.com/r/financialindependence/ - read the sidebar resources and ask questions here if they arent answered

estelleschmitz6 1 day ago 0 replies      
When I try to research a company or an industry, I have a lot of trouble keeping track of my research. It would be great if there is a service that I can document and record ideas as well as track key data. My kind of edge that I have is only the ability to read a balance sheet.
kleer001 1 day ago 0 replies      
A news paper, a legal pad, a pen, a calculator, and my broker's phone number. Well, google news, my computer, and schwab. Mostly same same anyways.
lethitit 1 day ago 0 replies      
I use r/investing a lot. You can find many tools and experiences. https://www.reddit.com/r/investing/.
o_nate 1 day ago 0 replies      
I use greaterthanzero.com to calculate returns of my portfolio over different time periods and compare against a few simple benchmarks.
guiness_croquet 1 day ago 1 reply      
Is there a simple tool to estimate returns? I may find it useful.
myroon5 1 day ago 1 reply      
lavezzi 1 day ago 0 replies      
phyalow 1 day ago 0 replies      
Bloomberg Anywhere.
roodh 1 day ago 0 replies      
Como hackeua instagram ?
Ask HN: How can Airbnb automatically update your expiration date?
5 points by rgovind  17 hours ago   5 comments top
mcpherrinm 16 hours ago 2 replies      
There are API providers that offer this as a service: you can get notifications when your customers get a new card, and the updated info.

Your bank does give them the data.

Ask HN: Do you have experience working as a programmer in the Caymen Islands?
6 points by eecks  1 day ago   1 comment top
tmaly 4 hours ago 0 replies      
I do not. I have been to other islands, and I have to say island life is relaxing. If I had the chance to work on an island, I would probably take it.
Ask HN: Can I use a Pokemon's name as my product name?
3 points by alaskageneva  7 hours ago   7 comments top 4
patio11 7 hours ago 1 reply      
That's a poor idea, because they're trademarked, Nintendo is notoriously litigious, and you will forever have your business confused with a Pokemon.
kazinator 5 hours ago 1 reply      
Depending on which name it is, you may simply be able to use the name, without any association with Pokmon. Don't ever reveal you got it from a list of Pokmon names. If asked, insist that you just made it up and that it is a coincidence.

The explicit association between your product an Pokmon may be worse than the actual name clash itself.

For instance, suppose I manufacture mini submarines and I name one of them Seaking. Well, guess what, that is a Pokmon character name. It's plausible that this is a complete coincidence and I can get away with that claim even if I did in fact get that from the Pokmon name. If I broadcast the Pokmon association, then that could get the attention of someone at Nintendo; they could come to the conclusion that I'm trying to use their business to promote mine somehow.

Just consider the name carefully and how plausible it is that you came up with it independently, considering factors like: how weird is the name? Are you known to others to be a big Pokmon fan? Have you blogged or tweeted anything about Pokmon, and especially that Pokmon?

rabidonrails 5 hours ago 0 replies      
There's just no reason to do this. There seems to be very high risk and very little reward.

Also, assuming that your product isn't directly related to video games, people are going to ask how you came up with the name. Are you ready to explain that your company is named after a teleporting cat that can be found in the woods and has super powers?

darrelld 6 hours ago 0 replies      
I am not a lawyer but the answer to this is no, you cannot use a Pokemon's name as your product name.
Ask HN: Are specializations at udacity, coursera etc worth it?
19 points by vijayr  2 days ago   9 comments top 6
kiloreux 2 days ago 2 replies      
Before i tell you my opinion, I want you to know that I spend most of my day learning (still student) and when I'm not in university, I am learning from MOOCS, and to take this a bit further, I have done more than 100 MOOCs on all the three platforms Coursera Edx Udacity, each of these has its own PROs and CONs, learning in itself is awesome, it has made me in more knowledgeable more than most my peers, but one thing to note, is that while the content might be amazing, the certificates or whatever you get from it are mostly not recognized and doesn't really have value in the industry, what I can suggest you to do, is to use your knowledge from these courses to build cool projects that can show future employers how skilled you are and your mastery to that specific domain, That's my experience, I wish you good luck learning.
basicscholar 2 days ago 0 replies      
Udacity nano degrees are industry recognized. A lot of people has been hired by AT&T and others. Besides, Udacity is changing the hiring process by eliminating interviews. So now we can rely on porfolios built in those nano degrees and rest assured that psychological factors from recruiters and interviewers will be eliminated. It is great, and congratulations on those 100 MOOCs! Maybe you can apply your skills and build something for the advance of human species.
zhte415 2 days ago 0 replies      
I was asked a similar question during a recent interview. "What certifications [more traditional PMP/CFA style] from XXX do you have?"

My reply was something along the lines of "I don't pursue certifications, but learning that I can benefit from, you can, and can benefit the organization. 90%+ of people with such certifications can't demonstrate 10% of what was in the syllabus, and you know this is true."

This question was general, but I directed it towards a Learning Managment System which I implemented in a past company. There are props for implementing an LMS in one's org too. This was quite special (video, interactive, nice UI), but anything at a basic level will get you noticed as a 'strategic thinker'. Do it if you're (the figurative reader) doesn't have one already.

"Does the system offer certification?"

"Of course it does, but it also implements a development plan for anyone on any course, for their management to rate their implementation of skills learned." Closing the loop in performance assessment; a bit harder.


Demonstrate learning, don't just brag about it. MOOCs are fantastic, and to take part as a contributor (to a larger, fee paid, internal, or open MOOC) is to release years of learning and understanding you may have, that others don't, and as a participator, to harvest that cerebral mass of others and yourself.

Use it, implement it, criticize it, grow it. People are sharing, share back by whatever means, and demonstrate you do so; that principal is priceless and makes certification at whatever cost worthless. Though by doing so, monetary return is not denied.

halpme 1 day ago 0 replies      
I'm taking several classes via Coursera to brush up on algorithms/data structures for fun and personal interest, but find it really hard to stay focused on the video lectures. I much prefer to read textbooks when learning any new information. But that's beside the point. I've conducted an interview and the candidate had taken multiple MOOC's on Coursera and Udacity and that really impressed me. Showed that the candidate actually cared about learning and deepening their knowledge in some areas.
snehesht 21 hours ago 0 replies      
If you are looking to learn about something new, Cousera, edX... are great. I tried them before but I'm not sure if their certificates are worth anything.
tryitnow 2 days ago 0 replies      
I'm currently finishing up the Data Science course and whether or not it's worth it totally depends on your goals.

These courses are not going toake you into professional in the field, you'll need more than just one certificate for that. But they're a good way to explore what you'll be doing in a given field and they're a great adjunct to any formal education you may have.

How do you reverse burnout?
16 points by randomnumber314  2 days ago   28 comments top 15
nunez 1 day ago 0 replies      
This thread is useful. I think I'm in this state myself. Between work (which there is a LOT of), learning new things, commuting (which I often spend learning new things or working) and working out at the gym (which isn't relaxing), I feel like I spend most of my day being "on". It's been difficult for me to think or sleep. Constructing sentences outside of making first impressions is difficult for me. I often feel like I "don't have time" or that I'm in some sort of "crunch mode."

I don't know what to do. I think I'm either burning out or burnt out some time ago but just don't know it. Either way, this thread is very enlightening.

a3n 2 days ago 0 replies      
Do something different.

You're working too much, and some of it is under your control. Stop working on your personal projects for a bit. This gives you time to rest, and think clearly.

Do different work. If that means taking a job, as you mention, then fine, do that for awhile. A compromise would be to work for a contracting agency; there are full-timish yet time-limited jobs, so you can let someone else tell you what to code, yet can still leave the job without any social disapproval. Or just work for a company for awhile.

When you're in a rut, get out of the rut. Do something different, whatever that means to you.

zippy786 1 day ago 2 replies      
Quit whatever you are doing. No work for couple of months (may be even a year), only fun stuff like movies, sports, exercise, good food and may be even light non-work research if you are into it.

I'm actually in the same boat as you are and am planning to quit my job and do nothing, starting next month. Just gaze at stars from high altitude and realize that this world is big. Job and stress are small things that should not matter in one's life. Then one day you might wake up and find motivation to work less, earn more. At least I hope to do the same.

tostitos1979 21 hours ago 0 replies      
Reversing burn out is not easy. I was working crazy hours in my last job and managed to get a far better gig. I thought 2-4 weeks off would do the trick and help me reset. It took a lot longer. Stuff I did that helped:

1) Play mindless video games into the night. I kept having nagging guilt in my mind and had to force myself to ignore it.

2) Buy some books. I have them sitting on my desk. Just haven't been able to will myself to read any fiction (feel guilty about indulging myself). I did manage to read a few non-fiction books that I was interested in. So, baby steps.

3) Hang out with friends/spouse. Realize it is okay to do NOTHING for a bit.

I'm lucky this time. My passion has come back and I can code better than ever. But I am taking this experience as an important lesson. Need to be careful to not get burned out in the future.

Edit: I also let my online learning subscription (won't name it since I have nothing bad against their product) expire on purpose.

kdamken 1 day ago 0 replies      
Sleep. Make sure to get at least 8-8.5 hours, every night. You'll start seeing the benefits very quickly.

You may feel more rested and be tempted to stay up later. Don't do that. Get your 8 hours, every night.

code777777 2 days ago 2 replies      
It sounds like your body and mind need a rest. IDK about you, but even though I'm healthy and in pretty good shape for my age, my legs, glutes, lower back, shoulders, etc. get really tight from sitting all day and into the night (I work similar amounts and have for years).

I have a couple of techniques that work for me.

- Taking breaks. Sometimes it's reading HN, other times it's preparing a small meal, or just walking around, or whatever.

- Mental time off. When I have something stressful with a client or there is some big meeting set for a few days from now I prepare and that's it. When I'm comfortable or even if I'm anxious I just tell myself, "I'm not thinking about this again until such and such day or time." It's really empowering and works. Probably the best thing I do.

- Yoga, just a little to loosen up, I like Tara Stile's videos on YouTube, they are for all ability levels.

- Mobility work. One good example is the Limber 11. Learn about your body. A foam roller, a ball, and some light aerobic work get your blood flowing and endorphins going. It just feels good. Also a little time at the gym you get to see other humans and it can be mentally relaxing since your body is doing the work instead of your brain.

- Skydiving. It's a sport that I really enjoy. I know it sounds odd but as soon as you step on a plane the rest of the world just goes on hold. You're focused on that jump and what the objective is (4-way, competition, whatever) that nothing else really matters. It's a common theme with skydivers. Perhaps you can find something similar in your life.

- Learning. I enjoy learning about new things and it's a mental break.

Just take it easy, do what you do well, learn how to turn focus on and off. It a skill that you just have to work on like anything else.

jenkstom 1 day ago 0 replies      
I survived triplets and a wife with a brain tumor - all within a couple of years. Stress does damage to your brain. Permanent damage. It may take you years to reverse the damage.

I would consult a professional (starting with a psychiatrist to get your chemicals back in balance) and consider some sort of meditative activity. Like Tai Chi, or playing guitar, or whatever. Or even meditation.

Sleep, eating well, exercise, taking the right medications, avoiding stressful situations and finding ways to destress - you hear these all of the time, and they are things that people still don't do anyway. If you don't, now would be the time to start.

chatmasta 1 day ago 0 replies      
Stop all your obligations, inform anyone who matters that you will be back in three weeks, and leave the country. Do not take your laptop. Go to the beach. Come back when you're ready. You'll be amazed.
phunkystuff 1 day ago 0 replies      
ITT - you need money to reverse burnout
PaulHoule 2 days ago 0 replies      
Get aerobic execise, enough to make you sweat, at least half an hour a day, ideally more like two hours. If you like to bike, run or something like that, great, otherwise use the cardio at the gym.

If you are feeling unexplained pains, consider starting an SNRI antidepressant such as Effexor, otherwise consider a plain SSRI. This provides an armoring effect against stress without interfering with the natural process of maturation.

Take a vacation.

Put your side projects on the shelf for a while or hire somebody else to do them while you bring your current engagement to an honorable conclusion if that is at all possible.

roddux 2 days ago 1 reply      
Communicate with your client and tell them that your 50+ hour weeks have to become 9-5, or you won't be able to support them as a client any longer.

It boils down to a choice between saving your sanity and continuing to work in the field, or burning out and quitting-- losing a major income stream in the process.

Is this one client worth that much?

percept 2 days ago 0 replies      
Agreed with the other poster: take a vacation. Go someplace.

If you're like me, sometimes that requires a self-applied kick to the posterior, but it's usually followed by "Why didn't I do this sooner?" and its sibling, "Why go home?"

zerr 2 days ago 1 reply      
Charge more and work less. Get rid of 9-5[+] stigma.
tmaly 2 days ago 1 reply      
take a break. Go for long walks/hikes and clear your head.

If you can, go on vacation to a remote island with little communications.

yolesaber 2 days ago 2 replies      
Smoke a ton of weed, get lost in music / art / film / your own non-coding creative projects.

Works for me.

Ask HN: Password Gorilla last commit 3 years give up on open source pwd mgr?
21 points by banku_brougham  2 days ago   13 comments top 7
mpettitt 2 days ago 1 reply      
Did you see that Keepass introduced fixes to the issues raised in that paper before it was released, thanks to the responsible disclosure by the authors? http://keepass.info/help/kb/db_headerauth_upg.html
drostie 23 hours ago 0 replies      
I actually wrote a JS-based encryption container which passes these requirements (and does not even have PasswordSafeV3's key-reuse problem!) for these very reasons about 2 years ago, and one of its example applications in the repository, 'tagaloop', can function as a password storage container:


Tagaloop does not time-out or re-authenticate for you, and since I'm not selling the service I can't offer 2FA, but of course if you wanted to build a company out of this stuff it's open-source. In addition nermal makes the deliberate decision to not support "seek" operations, so it does not e.g. store a header field which could then be scanned in advance to index a bunch of concatenated binary strings -- this is not bad for password storage where the metadata outnumbers the data by a factor of 2 or 3 so there's no point, but other applications like storing an encrypted archive of files might suffer.

cakes 2 days ago 0 replies      
I used password gorilla for years until 2015, when I switched to keepassx.

I had similar concerns about how it felt that password gorilla remained unchanged for periods of time, regardless of whether I would know if there was a vulnerability or not. It was more...it felt stable (which was fine) but not "this will be here forever!" to me. I recognize I could've forked it (or something similar) but I don't (yet) know tcl/tk and don't feel comfortable "owning" my own password manager for security-related stuff.

I can recommend keepassx/family (I had, long ago, chosen password gorilla for Windows & Linux support) but, at this point if you are moving, find something you are comfortable with (that's updated!).

clishem 2 days ago 1 reply      
carussell 2 days ago 1 reply      
How many passwords are you storing currently? And are you using password managers for the convenience of not having to commit secure passwords to memory, or for the ease of automatic password entry?

Sticky notes are a hallmark of bad security, but that doesn't mean a pen-and-paper approach has to be ruled out entirely. Depending on how you answered the last two questions, a small notebook containing the passwords written out in some format other than plain text could be a surprisingly viable contender for any software password manager.

tomw1808 2 days ago 1 reply      
Interesting. I am not really into PWGorilla, but some friends are. They are constantly recommending it to me, although we are kind-of forced from the company to use a closed source pw manager (1pass).

Is there anything particularly security related that is concerning you regarding pw-gorilla vulnerabilities?

So far I can recommend 1pass, though its not for free. If you have any particular concerns with 1pass security wise I would be interested too (except its closed source).


suraj 2 days ago 0 replies      
You can compile pwsafe QT GUI for OS X very easily. However, the GUI feels out of place because of QT.
Ask HN: Who here would be interested in a burnout center?
8 points by RikNieu  2 days ago   5 comments top
AznHisoka 2 days ago 2 replies      
Not trying to be snarky, but perhaps the reason for your burnout is the constant desire to implement/think up of solutions rather than to relax and not think so much?
Ask HN: How do startups find their product-market fit?
4 points by theforceawakens  1 day ago   8 comments top 5
palidanx 28 minutes ago 0 replies      
At least for b2b, my 2 cents is that charge for your product upfront. Putting that paywall in front of your product can help you immediately assess how interested they are.
JacobAldridge 9 hours ago 3 replies      
Talk to potential customers. Then talk to more of them. Ask "Would you buy this?"

I reference patio11 on this topic a lot: You'll generally get one of 3 responses when you ask.

1) 'No'. This is useful - why not? What would need to change?2) 'Yes'. This is the most dangerous response. It's impossible to tell a polite response from a promising prospect. Plenty of new businesses chase the wrong product development strategy because "people said they would buy this". What people say and what people do, especially when it comes to money, are different things.3) "Can I buy this from you right now? How much?" This is the only 'good' response for the state of your current product. If people don't want to buy it now (sign up, whatever) then you haven't found the fit yet.

I'm going through this again with a new business. Lots of the second response - not enough of the third, so much as I'd love to ramp up the marketing I know the product and how I'm explaining it just aren't ready yet.

jewelblute 13 hours ago 0 replies      
Product/market fit means being in a good market with a product that can satisfy that market.

You can always feel when product/market fit isnt happening. The customers arent quite getting value out of the product, word of mouth isnt spreading, usage isnt growing that fast, press reviews are kind of blah, the sales cycle takes too long, and lots of deals never close.

And you can always feel product/market fit when its happening. The customers are buying the product just as fast as you can make it or usage is growing just as fast as you can add more servers. Money from customers is piling up in your company checking account. Youre hiring sales and customer support staff as fast as you can. Reporters are calling because theyve heard about your hot new thing and they want to talk to you about it. You start getting entrepreneur of the year awards from Harvard Business School. Investment bankers are staking out your house. You could eat free for a year at Bucks.

I am also a part of a startup and owned by a website http://resumeplus.us. I think this answer helped you and I wish all the success for your bright future.

relaunched 1 day ago 0 replies      
Put your product in the hands of users and watch what happens. Product / Market fit is that magical moment when users get the intended experience out of your product, and not only keep coming back for more, but also help you grow your userbase.
Ask HN: What are the best books on startups that discuss failure?
12 points by weston  2 days ago   10 comments top 6
sgdread 2 days ago 2 replies      
I really liked Ben Horowitz's "The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers" [1]

The book is not focused on failures, but it's full of really good advices on what to do when a company is moving into disaster.

[1] http://www.amazon.com/The-Hard-Thing-About-Things/dp/0062273...

mgolanbari 1 day ago 0 replies      
I highly recommend all of the following:

- 'DEC is Dead, Long Live DEC' (one of the best books I've read on the failure of a tech firm)

- 'Dealers of Lightning: Xerox PARC and the dawn of the computer age'

- 'The Supermen: The Story of Seymour Cray and the Technical Wizards Behind the Supercomputer'

- 'When Smart People Fail' by Carole Hyatt and Linda Gottlieb (I have the 1986 edition, I believe a later edition is also available; this book is well written but it is so good, complex, and mature that I had to read it several times to fully understand it, and I still try to read it at least once every year to refresh my memory)

- 'The Anxious Organization' by Jeffrey A. Miller

- 'The Soul of a New Machine' by Tracy Kidder

- 'How to Get Rich' by Felix Dennis. (The title is misleading, this is not one of those books containing superficial, useless advice -- the book offers highly useful, in-depth, practical advice on entrepreneurship, including a brutally honest discussion of Dennis's many business failures [as well as his personal failures], and even a list of the most important business mistakes that entrepreneurs, including Dennis, typically make, and how to avoid them.)

- 'Starting Something: An Entrepreneur's Tale of Corporate Culture' by Wayne McVicker. A little-known book, but absolutely excellent.

- It appears that another user (bhamguy) has suggested 'Startup: A Silicon Valley Adventure' by Jerry Kaplan. Good choice, I support that selection, definitely one of the best books I've ever read on startup failure.

jcr 2 days ago 1 reply      
It's an interesting question, but I don't know of any books thatspecialize on the mistakes of founders/projects, save for the MythicalMan Month [1] by Fred Brooks. HN does get a lot of "X is closing down"submissions, and some of them give interesting reasons for why thecompany didn't make it.

On a general level, there are usually more ways to make fatal mistakesthan there are ways to make things successful.


Gustomaximus 21 hours ago 0 replies      
In Search of Stupidity: Over Twenty Years of High Tech Marketing Disasters


payne92 2 days ago 1 reply      
"The hard thing about hard things", by Ben Horowitz, best by far.
bhamguy 1 day ago 0 replies      
Startup: A Silicon Valley Adventure
Ask HN: Most successful SaaS pricing structure you've found?
13 points by bookjunkie13  2 days ago   9 comments top 3
jasonkester 2 days ago 2 replies      
My lesson is that you need to A/B test everything, since the thing that works is never what you think will work.

For example, this terrible wall-of-text absolutely destroyed a pretty 37 Signals-esque 3-column pricing chart in A/B testing:


I didn't believe it, so I tweaked it and ran the test again. Exactly the same result. So those paragraphs stay, with the same unordered order, goofy typography and everything else. Nobody touch anything! It's perfectly balanced at its local maxima.

petervandijck 1 day ago 1 reply      

- 79$ (solve a business problem and its worth it. There's no difference between 29 or 39 or 79 for a business user with a credit card.)

- $399 (basically max to buy without approval if you're a manager, anything below 500$.)

- enterprise (aka call us, you'll need approval for this internally.) You could add a 799 plan here, or a 1999 plan, etc.

You want to stay away from 9$ and such unless you're selling to consumers, not businesses, in very high quantities (eg. you're netflix).

narrowrail 1 day ago 1 reply      
In the B2B space, it really bothers me when pricing is listed for a service where the expectation is to be a long-term customer, but pricing is listed per month. It's doubly aggravating when the price isn't rounded to the nearest $10 (e.g. don't price the iPhone SE as $399 b/c that's $400). Cloudflare, while far from the only perpetrator, is the my most recent experience with this crap. If I'm evaluating CDNs, it's not like I want to switch such a service monthly.

I have to believe we are all trying to please the bean-counters w/in our own orgs, but it is almost insulting.

Ask HN: Thoughts/feedbacks on CryFS
2 points by DaWeasel  1 day ago   2 comments top
brudgers 1 day ago 1 reply      
The page contains the call to action:

 Let us notify you when CryFS is stable!
And labels the software "Beta". On the other hand if the specific problems it is intended to address relative to file size are relevant then the tradeoffs might be worth it.

Good luck.

What problems does React Native solve?
4 points by darilldrems  1 day ago   4 comments top 3
auganov 1 day ago 0 replies      
Vs pure native: let's you avoid ad-hoc mutating the UI, makes state more manageable and predictable - the same thing that got React popular in the Web space, albeit with more competition. Not super-familiar with Objective C and Java-Android libraries so references to native equivalents would be appreciated.

Now compared to other js-based solutions is solves many of the problems they generate, such as poor java/objc interop, blocking javascript operations etc. But you'd have to compare them ad-hoc. The Titanium framework IMO was the state of the art before React Native, javascript-wise it solved perhaps all of the same problems.

jarcane 1 day ago 0 replies      
Startup nerds not being able to write desktop apps in JavaScript.
innocentpixel 1 day ago 1 reply      
@jarcaneJust ... no.

Desktop : https://github.com/atom/electron Mobile : https://cordova.apache.org/

Ask HN: How many startups fail because their MVP is too minimal?
14 points by hooliganpete  2 days ago   9 comments top 4
nostrademons 1 day ago 0 replies      
If it's too minimal, you just build out more until you have something that's viable.

A bigger risk is failing because you've built the wrong features. It's harder to change or remove features than it is to build them, and you also don't get the time back for misplaced features. Hence the bias toward starting small.

felisml 2 days ago 1 reply      
> How many startups fail because their MVP is too minimal?


They fail because they didn't talk to customers, didn't do sales, didn't do marketing, or failed to find a viable service model after all that.

MVP is shorthand for "do the least work customers will pay you for." Customers are shorthand for "people you can find who will pay you."

MVP is quite often abused to mean "here's a thing I made." If you don't have customers, and you can't find customers ... then it's not viable yet, is it?

Here's a thing you can do:

You have a hypothesis that [service you can provide] will be valuable to [people you can find]. Okay, so go check that you can actually find those people. Then talk to them about what they do.

You are not allowed to sell, or ask "would you buy this." Facebook surveys are also right out. You need targeted customers, not a bunch of random people with few common characteristics besides being bored enough to respond to Facebook surveys.

Your objective is to learn about these people. How do you find them? How do they talk about the problem? How do you tell them apart from people who really don't give a shit about the problem?

Once you've got a target customer validated at the talking-to-people level, then you can try building stuff. Start with the least work that you think will get people to pay you. It's probably much smaller than you think, and may involve no code.

You don't need to solve everything that anyone told you about the problem, you just need to do enough to make their corner of the world a little better.

Then, go back and try to do sales. Face-to-face sales is the highest conversion rate condition you're ever going to have access to. It doesn't have to scale to infinity million dollars of revenue. It's validation. (Although it's also quite possible to get to stability on boot sales alone, if you charge enough. Which is the only time I ever want to hear that "with no marketing" meme.)

If you can't sell when the deck is stacked in your favor, you don't understand your customers, or you're working on something they don't actually care about.

Treat stuff as a hypothesis. Then test it. Don't just throw code at the wall either. Code without a customer is not a product, it's just some thing you made. Figure out who the customers are and aren't. Then try to find them & talk to them. Learn about them. Then build.

Nobody failed because their MVP was too minimal. They failed because they didn't have customers & didn't do the work to fix their understanding of the world.

GFK_of_xmaspast 2 days ago 0 replies      
By definition, if it's too M it's not V.
basiclaser 2 days ago 0 replies      
also curious +1
Ask HN: Is Famous dead?
6 points by laex  1 day ago   4 comments top 2
jcr 1 day ago 0 replies      
This article from Nov 2015 mentions the pivot:


argonaut 1 day ago 1 reply      
Look at the famo.us website. Yes.
Ask HN: Trademark infringement for rejected / awaiting response trademark
4 points by CX4048  2 days ago   1 comment top
dangrossman 1 day ago 0 replies      
Trademarks need not be on the federal register to exist, or to be enforced successfully. Consult a lawyer.


Ask HN: Who works in (mobile) robotics on HN?
10 points by ibnroberttuta  2 days ago   1 comment top
mattivc 1 day ago 0 replies      
I am still just a undergrad student, but i am hoping for a career in robotics research or R&D.

I am however one of the founders of my university aerial robotics team, we are planning the attend the IARC (http://www.aerialroboticscompetition.org/) competition this summer.

One of the big unsolved problems in aerial robotics is high-resolution localization without external sensors. Al the drone acrobatics videos out there use a external tracking system. The current IARC mission aims to push this by requiring complex interaction between flying and ground robots without any external sensors. We are currently trying to solve this by using camera and LIDAR sensors. You can read more on our progress here: http://www.ascendntnu.no/blog/

I would love some sort of email group, i have been looking for something like that for some time. Pleas sign me up if you end up creating one: mattivc[at]gmail.com

Ask HN: Is MongoDB still an open source company?
7 points by ossfan1234  2 days ago   4 comments top 4
vorg 1 day ago 0 replies      
> My prediction is that very soon there will be a high profile open source fork of mongodb driven by an Apache style board and community

That won't solve any of the problems. The symptoms you describe also happen in the Apache Groovy "community", if you can call it that. Although they joined Apache's incubator in April last year (2015) and were promoted to a full project in November, the project manager "chair" privately owns the groovy-lang.org DNS name and if you click on most links for Groovy at Apache, they redirect to groovy-lang.org without any warning. He also keeps a private mailing list of groovy users which he collected by running a weekly newsletter for a year which he no longer maintains, and hasn't merged them with the Apache Groovy users mailing list. They run a separate build system for Groovy treating the Apache process as an add-on process, all against Apache guidelines. He refuses to refer to Groovy as "Apache Groovy" on first use which is what the ASF requires of project managers.

Joining Apache is just another distribution strategy for them, despite the talk in Groovy circles a year ago about getting a proper governance structure. It didn't solve Groovy's problems, and it won't solve MongoDB's.

bliti 2 days ago 0 replies      
JSON support in postgresql will slowly kill mongo. I moved to it from mongo and it's sooooooo much better.
eip 2 days ago 0 replies      
Why not just switch to an entirely different database?
ddorian43 2 days ago 0 replies      
I think mongodb was always like that.
Ask HN: Best use case writeups of SOA?
2 points by tmaly  2 days ago   2 comments top 2
austingunter 2 days ago 0 replies      
This is a post to my corporate site, but I created a list of case studies / blog posts of folks discussing how they've moved over: datawire.io/microservices-stories.

I have a bigger list that I haven't had time to put on the site. If you'd like them, I'm happy to create an open google sheet for you.

theworstshill 2 days ago 0 replies      
Good? Pretty much none.

Try searching on developerWorks.

Ask HN: Why would www.economist.com block the Lynx UA?
4 points by theSage  2 days ago   6 comments top 3
SyneRyder 9 hours ago 1 reply      
I have blocked a version of Lynx on my own site - there was a scraper tool using Lynx as the User Agent, presumably as a way of requesting the most scraper friendly version of the site. Somehow I traced it back to a pirate/cracking group using the scraper to monitor my site for software updates, so they had the best chance of releasing 0-day cracks of my software. (Should've been easy for them to work around, but I guess I'm small enough that it wasn't worth their time.)

Lynx itself is awesome though, I used to use it a lot in my University days.

rahimnathwani 2 days ago 1 reply      
Lynx is great for rendering text (99% of The Economist's content) but not so great for displaying images (100% of The Economist's ads).

There's probably a simpler explanation involving no malice.

tedmiston 20 hours ago 1 reply      
Sometimes I use Lynx on text-heavy pages for readability (monospace feels easier on the eyes) and just to have a fully keyboard-driven browser, especially with the arrow keys. Just curious if that's your use case too?
       cached 31 March 2016 20:05:02 GMT