It's a really great logo, definitely "with the times" with the bold, sharp lines and flat colors. I'm not sure I'll be putting it on any websites, since I don't think most users care or understand markup versioning, but grats to w3c for doing something that doesn't look like it came out of a committee of phds and marketroids.
Not yet. W3C introduced this logo in January 2011 with the goal of building community support. W3C has not yet taken it up in any official capacity. If, as W3C hopes, the community embraces the logo, W3C will adopt it as its own official logo for HTML5 in the first quarter of 2011."
It doesn't look like something someone hired from outside did, and the HTML5 logo looks like the header on a Tutsplus vector tutorial.
Most of the different icons have very poor symbolic value, and look really unintelligible.
They could do a lot worse, so that's always something.
Think about its purpose; it needs to work with a huge range of styles, each of which will have specific and varied audiences.
The choices made (collegiate typeface / bright orange) are quite bold; I don't think it lends itself to sympathetically supporting a broad range of differing styles of design.
Also, when this is used, it's likely to be quite small - the gap between the tail of the '5' and its upper curve is slight. I think it will have a tendency to resemble a '6' at smaller resolutions.
Maybe I'm being too negative, but on top of all this I don't think it looks visually appealing or balanced. I don't think the proportions (forced perspective / surrounding gap vs. typeface weight) are pleasing to look at.
But then again, maybe once we see it everywhere, it's ubiquity will create new associations and familiarity will win out.
Is this a declaration of solidarity against the evil forces of the Flashicons?
Do people put icons in their iOS apps advertising the use of CoreAnimation? Do they put some kind of Silverlight or Flash badge on their web sites done with those technologies?
It's just a set of useful technologies. Why all the branding hoo-hah?
I could also question the need of... 2^8 variations of the same logo (the "build a logo" thingy).
EDIT: fixed typo
Sort of like dog whistle politics but used for good :)
One of the many reasons I love Hoefler & Frere Jones.
Gotham + Mercury + Knockout, all from @h_fj, make the HTML-5 logo. http://www.w3.org/html/logo/ #next #stop, #webfontshttp://twitter.com/H_FJ/status/27369279905071104
The logo treatments and website seem like a contrived effort design a logo to whatever the designers believe is the "HTML5 Design Aesthetic." Sure, rich content and all, but HTML5 (and related technologies, like this logo is supposed to imply) shouldn't be represented by over contemporary design.
Interestingly, the logo is not the "official" logo. On paper, it's just the community logo - and it will only officially be adopted if it gets enough grassroots support.
Is this W3C's "official" logo for HTML5?
Not yet. W3C introduced this logo in January 2011 with the goal of building community support. W3C has not yet taken it up in any official capacity. If, as W3C hopes, the community embraces the logo, W3C will adopt it as its own official logo for HTML5 in the first quarter of 2011.
It reminds me of the "Netscape Now!" button campaign from the early web. The logo and badges looks nice tough.
Interesting. Nowhere near as bad as I had expected, a little too alter-ego for my tastes though.
I think we can expect full compliance.
That, and learning that Netflix on the PS3 is a HTML5/WebKit implementation. I'm sold.
As long as you wear a XL or smaller.
Once GPS gets sub-meter accuracy, then we should start worrying.
Make a structure of actual use, like a tiny bridge across a moat that could hold people. The magnets have got to go.
Let's imagine they get the machines scaled to the point when they could build an actual habitable structure, and that they sort the power concerns that I suspect would make it insurmountably uneconomic.
Now, imagine a squad of sufficiently large and powerful helicopters buzzing away all day next to your office. How many people are going to be OK with that?
There are many complex processes being performed at construction sites. Many steps take highly optimized machines to perform robotically but that a single human can do just by changing tools.
Because of these processes, automating the entire construction process would be very expensive to do right at the site.
All parts would have be modularized so they could be snapped together. Or robots will have to be able to change tools. Or parts will have to be moved from robot to robot, with as much work being done before parts are actually brought to the site.
Either way, it will be interesting to see how it works out.
They'd need two batteries in a drone to do that of course, or perhaps some other robot could execute the battery swap.
I went into the feature request thread to see if anyone had requested the ability to turn this off, but gave up on looking after rapid-fire clicking "More" 25+ times. Content more than a page or two back might as well not exist.
Several times yesterday I found myself opening a seemingly interesting discussion, reading the comments, then wondering why so few people were talking about it.
The link that says "Hey, there's actually more discussion that we're hiding. Click here to see it" is tiny (and unexpected) so I just plain missed it. I even missed it on this thread until I read a comment talking about other comments that had scrolled off the 1st page, thus demonstrating that there must indeed be a 2nd page and that I should look harder for a way to find it.
Had I been able to find (and therefore read) the whole discussion on those topics yesterday, I might have had interesting things to add. So might all the other people who missed them for the same reason. I suspect that the overall quality of discussion has taken a dip since this feature went live.
Thus my comment is technically mis-placed, but guaranteed to be on the first page of replies and discussion.
There has to be a better solution to the problem of load. It depends on the cause, of course, but in the absence of profiling information (always the first step) I would investigate more cacheing to make the system less dynamic.
ADDED IN EDIT: I love the way this comment has attracted down-votes - I've been watching it bounce up and down for a bit now. It's clearly alright to discuss the merits and otherwise, but for some people, clearly not alright to demonstrate the effect. On a forum for hackers, I find that delightful!
I agree with OP; the current system is suboptimal, to say the least.
I'd be fine with it, if the More returned the rest of the comments, not the x next comments.
I don't really see the point of this either; it can hardly be that big of a resource hog on either ends.
Here's a better way to reduce load: make commenting not require a reload. Same for editing comments, deleting them, etc.
Recently, I've found the HN site has become pretty unresponsive at times - I imagine limiting the number of comments on each page is going to reduce the burden on the server.
I've counted at least four instances. (I'm even a part of one of the branches, as oblivious as I was to the new system and similar discussions.)
I wonder if this comment will show above or below the fold. Flip a coin, I guess.
Maybe because of the community growth. When I began to hang out around here, 6 months before I created an account I believe, 40 upvotes was a huge amount for a post or a comment.
Today it's common to see posts with more than 100 in the front page and comments receiving 60 or so.
EDIT: The number of comments in each posts also exploded, 20 comments in a thread used to make it very active.
EDIT 2: For clarification.
I didn't even notice the pages were paginated thanks to the extension (it auto appends page 2... page 3... to the bottom of paginated content)
 - http://autopagerize.net/
Ironic that PG's definitive reply is now below the fold:
- Jeff Skilling, former president of Enron
Contrast that with the Facebook approach:
"Resourcing for projects is purely voluntary.-a PM lobbies group of engineers, tries to get them excited about their ideas.
-Engineers decide which ones sound interesting to work on.
-Engineer talks to their manager, says ‚ÄúI'd like to work on these 5 things this week.‚ÄĚ
-Engineering Manager mostly leaves engineers' preferences alone, may sometimes ask that certain tasks get done first.
Good god. Does this strike anyone else as disturbing? Surely every single piece of work being taken on should have the USERS needs and concerns as top priority and not sexy stuff that can attract sufficient engineering interest?
What if there's important problems that are really bothering lots of users and a PM can't get anybody interested (or no-one decides to take on the problem?)
Here's a complaint from a guy about maintaining a personal page and fan page:
Some quotes from that piece:
"As a programmer myself, I can't fathom that it would take much technical and design effort to address these issues, and Facebook is flooded with complaints from users begging them to fix these headaches. From my perspective as a Facebook user with a very active personal page and fan page, I can't help but get the impression that Facebook deliberately wants to make some basic admin tasks (like blocking spammers) difficult or impossible in order to compel you to spend more time on the site. There doesn't seem to be any other logical reason for these glaring design flaws that I can comprehend, other than pure incompetence, and based on their success in other areas, it seems more likely that these choices are deliberate."
"Surely someone on their team is aware of all the complaints and requests to fix the broken elements. So why do they seem to ignore what appear to be such glaring (and fixable) problems?"
"I thought that Facebook would be an interesting place to share inspirational messages and build more community around growth-oriented people. But the current implementation of Facebook can't handle the way I've been trying to use it without creating more headaches than it's worth, and their momentum appears to be headed in the wrong direction for me to expect that these problems would be fixed anytime soon."
"So I've crossed the threshold where Facebook's value isn't worth the hassle to use it. I concluded that the best choice was to simply drop the service altogether and invest my time elsewhere."
Who will take on these issues?
Again from the Malcom Gladwell article linked above:
"You might expect a C.E.O. to say that if a business unit can't attract customers very easily that's a good sign it's a business the company shouldn't be in. A company's business is supposed to be shaped in the direction that its managers find most profitable. But at Enron the needs of the customers and the shareholders were secondary to the needs of its stars."
Facebook should wake up in my opinion. They did really well to reach 600m users (or whatever the figure is now) but if they want to stay there they should get their priorities straight.
Part of the reason I never made a real FB account was my general feeling in 2005 that securing a MySQL/PHP site against internal abuse takes incredible effort, and they wouldn't ever bother to do it. According to this article, that's likely true. And the "everybody can modify anything anytime" philosophy with little QA explains why, after 6 years, FB is still a gaping maw of security holes.
I have a hard time believing many aren't abusing this, just out of human nature ("did she mention me to any of her friends?").
We also have very small QA team. They work to make sure that the buttons that make us money aren't screwed up.
The key to this sort of uber-agile development is that you have very, very talented engineers, a release process flexible enough to deal with errors, and a management that buys into moving so fast that mistakes will happen.
I have to say that it is simultaneously exhilarating, humbling and a little terrifying to work like this. Luckily, mostly the first two.
Bull. Shit. This one line makes me think that this entire post is completely hear-say. A 500 person engineering team that writes bug-free code on a system as a large as facebook? Give me a break.
Scary, even for a developer like myself.
>I'm fascinated by the way Facebook operates. It's a very unique environment, not easily replicated (nor would their system work for all companies, even if they tried). These are notes gathered from talking with many friends at Facebook about how the company develops and release software.
So I'd take whatever is written here with a grain of salt. My communication with friends working at Facebook yielded similar thoughts but nothing that comes to what's written that implies a callous recklessness. I know for a fact that they have some code-review tools and blocking tests.
Anyway, my point is that the author doesn't seem to be embedded too deeply in the engineering at Facebook and his notes are, while not outright false, definitely misleading.
Hasn't everyone read, "Microsoft Secrets" ~ http://www.amazon.com/MICROSOFT-SECRETS-Powerful-Software-Te...
...because what the author describes is pretty much the MS dev process (cf CH4 Defining products and development processes). Reading JOS, "How to be a program manager" also shows how MS PM's worked in conjunction with developers ~ http://www.joelonsoftware.com/items/2009/03/09.html MS sure knows/knew a thing or two about organising large groups of people to produce software & output product in a corporate setting.
re: surprise at lack of QA or automated unit tests ‚Ä" ‚Äúmost engineers are capable of writing bug-free code. it's just that they don't have an incentive to do so at most companies. when there's a QA department, it's easy to just throw it over to them to find the errors.‚ÄĚ
It does explain how facebook ships with bad documentation etc. -- well, now we have enough knowledge to know how to compete with it :)
Kasparov often remarked how a good process is more important than the actual participants. An average human and pretty good computer with a great system won the championship against great computers and against great grandmasters.
Google believes in this, and their products are very well engineered, with full documentation, videos etc. (although admittedly, many haven't taken off). Yahoo definitely understands this. But these are the same companies that are losing to facebook because of social.
If google and yahoo understood the dynamics of social, we would all be better off.
"resourcing for projects is purely voluntary."
As someone who works for an online gambling company where we are not even allowed to use the product we are building (legal/trust issues i guess), it would _rock_ to be able to have this kind of impact on features
Or it is labeled "unsexy" to work on it.
This sounds like Mark Zuckerberg living his 'revenge of the nerds' dream in his Facebook nirvana! It certainly doesn't sound like good management practice!
As someone who develops on top of the Facebook Platform, I'm not surprised. Huge, obvious bugs that affect many applications are released far too often.
I really like this part. Many new staffs prefer to come in and do the "sexy" enhancements instead of the "mundane" support. This leads to their lack of understanding of the system and poor design. I had always believe that new starters should do support work for a while to gain an understanding of the overall system.
Oh my other comment was just meant in jest. But thanks for downvoting it and killing all the worthless and meaningless HN karma points i had accrued!
The damage will be in PR. He's an almost unrivalled corporate showman, and few companies are as associated with their CEO as Apple. Whoever gives keynotes in the future would be wise to develop their own style rather than copy his. There may also be collateral damage in ruthlessness and vision - we constantly hear how he drives new products, and kills off "failures" early. However, the more I read recent interviews with anonymous Apple employees, the more I see he seems to have reformed the company in his image. It's impossible to gauge how much actual presence he's had over the last few years, and it seems quite likely the press have over-egged his effect. As long as his successor is not a radical corporate reformer, and is willing for a few years to be seen as an "Heir to Jobs", it seems likely to me things will roll on quite successfully.
I suspect Jobs will "retire" either this or next year. When they replace him, if they don't promote from within, then any CEO should: absolutely not engage in a massive expansion/race to the bottom; introduce change slowly rather than play with Apple like a new toy and; rely on the corporate team that's been built until they deeply understand what's working and what's not.
In many ways, Job's eventual departure (hopefully based on choice, rather than necessity) could be good for Apple. I firmly believe a little of his control freak nature could be sanded off the company to their advantage. They should drop the "Control for control's sake" direction they've been taking recently, and stay focused on the core corporate ethics that have bought them success - a high degree of perfectionism, technical risk taking, user focused design through everything, and a great marketing team. It won't be exactly the Apple of today, but given some of the‚Ä¶hostile decisions over the last 3 years, it might actually be an improvement.
"In the meantime, my family and I would deeply appreciate respect for our privacy."
On the other hand, generational turnover is very, very important. Maybe at some point, even a terrific figure like Jobs may be as bad as it is good for Apple. For instance, how much big role he played in the culture of closure of Apple?
So it is even possible that an Apple without Jobs could be, all in all, a better company.
It's safe to assume that he's going to conquer this one as well.
It takes a lot of drive to do that kind of work while having such major medical troubles. I really believe that what drives him is the desire to give the next great thing to users, and to take Apple to new heights. Money can't be the motivator - he's got plenty, and it's probably not at the top of his list anyway, during such life and death struggles.
Speaking for myself - I recently had some surgery which was nowhere near as complicated and life-threatening as what he went through - I know I wouldn't have the drive and commitment to return to work in such a big way, especially if my family was already taken care of financially. So - thanks to Steve Jobs and best wishes for his health, and no, I don't think it's right to wish for him to return to work soon - he will decide how to spend his energy, and he's already spent more of it at Apple than anybody had the right to ask.
Hopefully he will return because without him Apple really is not the same company, despite their ability to succesfully execute on their planned projects. A visionary has to plan for the future, and Steve Jobs isn't just the CEO of Apple, but kind of a new type of media mogul. He seat on Disneys board surely holds sway, and Apple is going to need his influence to further it's push into TV, movies and publications - he is the man, for example, Murdoch or Igor are going to want to speak to.
I do wish him a speedy recovery.
On a more personal note, good luck, Steve!
Maybe this is not the best place to ask, but does anyone know about Steve's eating habits? I know he was a frutarian at a certain point and then changed to fish/vegan (particularly sushi), but would really like to know more.
The reason is that I am in need of drastic personal changes regarding diet/exercise and thus trying to incorporate a vegan/vegetarian diet, which has been very difficult for me. I know that cancer is a multi-factorial disease, but it still scares me that some apparently very healthy individuals (such as Jobs or Linda McCartney) have such tough health problems. I feel very well when I manage to stick to a vegan diet, but would like to know more about longterm effects.
Anyway, I wish him well.
I think he embodies a unique ability to see the heart of a new technology or aspect of technology and to focus in on the critical part or parts, ruthlessly getting to what he sees. It's not just a design sense (like Ive), nor a good sense of what consumers really "want." And there are plenty of downsides to this unique gift. (We can all cite plenty of examples.)
I don't think we've seen that from anyone else, even at Apple, over the years, so there's no real replacement possible.
I think it's even spilled over to Pixar's success, which is pretty amazing.
(Maybe Alan Kay rivals it, in a different world.)
Best of luck to him and his family.
v = (SteveJobs = immortal || TechCrunch = journalism); print v $> FALSE
I, for one, want Google to be all Orwellian on me because it will mean better search results. I had a scenario like this a few days ago when I googled for "fabric" -- Being a Python developer I was looking for http://fabfile.org and it shows up as the second result while logged in. If I'm not, it won't show up.
This may be the outlier state of mind on HN, but I think in general, as-in billboard advertising, it's not an issue. Am I wrong?
Matt Cutts stole the comment show on this one: http://news.ycombinator.com/item?id=2063619
The worst thing about this is how blindly news about DDG gets upvoted around here.
Edit: To my down-voters: It doesn't make what I said not true anymore.
I genuinely wonder what DDG would do if Google simply addressed all of their referrer privacy issues. Then what, exactly? Would DDG simply pack up and go home?
It's a fair question.
Anyone care to comment on their experiences with billboard ads?
- is DDG profitable right now?
- is it going to be profitable if their user base grows by 10x? 1000x?
- do they ever expect a need to be profitable?
- if required to be profitable, do they have or foresee a solid business plan that doesn't involve de facto "tracking"?
2. Don't assume everyone cares about things you do. No one gives a hoot if a website they click on knows what page they came from.
I've been using it for years.
I have a feeling Google might be keen to hold onto their duck.com domain a little longer :)
> While... but...
Is there a copy editor at Wired?
It isn't just the OS itself-- several of Google's own apps are getting buggier and buggier. Voice worked fine when I first got my Droid a year or so ago, but has had a lot of bugs-- including dialing random numbers instead of the one I wanted. (Just yesterday, I tried to send a text message to XXX-XXXX and it truncated the last digit of the first group and complained that it couldn't send a text to XX-XXXX. Nothing I did could stop it from doing this except using the web-based version). Google Listen has stopped refreshing for huge numbers of people, and my wife's new Galaxy S won't even accept subscriptions. Not a word from Google on either issue, even though both show up in searches for the problem.
I had to install Launcher Pro to get any kind of performance out of my Droid, and even then it occasionally locks up on the home screen. Sometimes calls come in and the touch interface freezes, which means that I can't answer the phone. The Droid also will occasionally decide that there is no data connection when it has full 3G service according to the indicators.
I don't use it, but the stock SMS app has apparently has its own problems too-- at least Google has acknowledged those and is working on a fix, but as a whole, Android has gone from less technologically interesting (no wi-fi hotspots, etc) and stable to exciting and really buggy. Combine that with this kind of politicking, and I'm getting less and less enthusiastic about Android every day.
Naturally people are going to compare it to iOS, where updates are free and rapidly disseminated. The difference there is that there definitely is something in it for Apple -- they're getting a cut of every app you buy, every song you download, etc. They're a middleman, so it's just a cost of doing business.
I wish we could get to a point where Android updates cost money. I would happily pay $30 or whatever for each major update if it motivated the vendor to have an interest in keeping it up to date.
When both carrier and manufacturer neglect to offer explanation or consideration for their collective failure to deliver, they must collectively be held responsible. This means switching carriers when possible and buying from different handset manufacturers. This approach has teeth, but only in large numbers. That's why it's so important to set this silliness aside and focus on real and tangible things the average consumer can do. Focusing on fantastical stories of employees clandestinely posting anonomyous accounts of shady contract terms makes for great drama, but still leaves us without resolution. And quite honestly if it took this story to urge you to action then you weren't all that disappointed in AT&T and Samsung's failure in the first place.
This makes it seem like they're hiring Marketers and MBAs who think the best plan is to try to squeeze as much as they can out of their contract customers (the cell carriers) rather than put as much Samsung awesomeness as possible into the hands of actual happy users. Short-term thinking never gets old.
Maybe it's time to look at HTC.
Samsung released Froyo in November, and you can install it on any Galaxy S phone bought here. The update isn't over the air though; you have to connect your phone to your pc, and which auto-updates it. In any case, the carriers have nothing to do with this update so any delays are purely Samsung's fault.
So, iOS 4 has 90 percent share amongst iOS device owners. What about Android 2.3? 0.4 percent, as of a couple weeks ago. Yes, that's zero point four percent.
But for the sake of this being slightly more fair, let's compare iOS 4 to Android 2.2 ‚Ä" an OS which came out well before iOS 4. The adoption rate there? 51.8 percent. That's still pretty pathetic.
Although I'm sure Samsung has every right to charge however much they want, perhaps Google could step in and remind them that if they Samsung wants to be greedy they can always use Bada
At least until I decide to crack it and do the upgrade myself. As soon as I find a 1.6+ or 2.x image that pleases me.
Also judging by the updates trickling in, there is still a lot of work being put in by Samsung to makes these ROMs stable. Almost every leaked ROM has issues. lag fixes and gps fixes on XDA seem to be the norm to work around them
I don't know about the other lectures listed but the 1986 lectures are worth a watch, they are quite motivating since both authors exhibit an infectious enthusiasm.
Can anyone here who's read it/is familiar to it comment on it?
This was my order of execution in learning Scheme: Schemer series -> HTDP -> SICP
It's an easy way to keep track of your work and collaborate with other people.
I'm determined to learn Lisp now just so I can buy myself a cape and a fez.
I love what Eli Bendersky did here to track his progess as he was going through the book: http://eli.thegreenplace.net/category/programming/lisp/sicp/
For someone who does not know programming at all, I'd recommend SICP first. The text is dense, no doubt there; but, IMHO, not dense enough to deter reading.
Of course, I'm more of a "learn-it-the-hard-way" person; mileage may differ for more easygoing people.
(This is just one semester, you can find materials for almost every semester for the past few years with-some Google-fu)
One suggestion I have is to never skip any of exercises. They extend the discussions and are often very thought provoking.
If there are like minded people in your city, it is a good idea to meet regularly and discuss solutions after working through them.
I may have misunderstood but it sounds like you have MzScheme facing the open internet? Try putting nginx (or another epoll/kqueue based server) in front of MzScheme. It will handle the thousands of connections you have that are waiting for IO with very little incremental CPU load and with a single thread. Then when nginx reverse proxies to MzScheme each request happens very fast because it's local which means you need much fewer threads for your app server. That means less memory and less of the other overhead that you get with a high thread count.
An additional advantage is that you can enable keepalive again (right now you have it disabled it looks like) which makes things a faster for first-time visitors. It also makes it slightly faster for us regulars because the conditional gets we do for the gif's and css won't have to reestablish connections. Less connections established means you give your OS a break too with fewer syn/syn-ack/ack TCP handshakes.
Someone mentioned below that reverse proxies won't work for HN. They mean that caching won't work - but a reverse proxy like nginx that doesn't cache but handles high concurrency efficiently should give you a huge perf improvement.
PS: I'd love to help implement this free. I run a 600 req/sec site using nginx reverse proxying to apache.
I write time-critical applications in Clojure and JVM's -XX:+UseConcMarkSweepGC flag is a lifesaver. We no longer get those multi-second pauses when full GC occurs.
 http://ycombinator.com/images/hntraffic-17jan11.png http://news.ycombinator.com/item?id=2090191
Pretty whizzy, definitely helped server scaling.
We started shipping in 2001; the dot-com bust more or less canceled any interest in the product, and canceled the company, too . . .
Also if I understand correctly you use flat files that are loaded into memory at startup. It seems like that switching to Redis could be an interesting idea in theory, as it is more or less the implementation of this concept in an efficient and networked way.
Probably with such changes you can go from 20 to a few hundreds requests per second without problems.
What is this the 1990s?
(Like I suggested in 2009...)
They've never heard of select()? </snark>
But really, is there some reason that it's hard to collect up all the fds at once or something?
I have no idea what MzScheme is but I am curious about why is HN running threads in user space in 2011? The OS kernel knows best what thread to pick to run and that is a very well tuned, O(1) operation for Linux and Solaris.
Serving static content via Apache was a first step ;-)
Don't reinvent the wheel!
After 4 levels of back and forth (Joe says "...", Tim replies, then Joe replies once more, then Tim replies again), freeze that branch, hide it from the general public, and turn the branch into a settlement: both Tim and Joe are allowed one final comment each, that they both approve. Only once they have posted this compromise, is it shown in-place, where the original sub-thread used to be.
Simple. Prevents endless arguments. Good for everyone.
I wouldn't call it a hack, but a feature ;-)
# Buffer a HTTP request in the kernel # until it's completely read. apache22_http_accept_enable="yes"
Anyone know if they're referring to "accept filters" here? FreeBSD folks can "man accf_http" if they're curious, which does prevent a request from being handed off to the application until the complete (and valid?) request has been made. Certainly not a "hack" but a feature of the OS itself.
Or they could use a proxy. All this "fuck me I'm famous" attitude is stupid.
Thanks for the work and it sure seems to be a lot more responsive.
> In 7 seconds, a hundred or more connections accumulate. So > the server ends up with hundreds of threads, most of them > probably waiting for input
I understand if you are in tech you might not know figures in history or literature... but these guys?
Every time you login to a UNIX/Linux system you use the passwd file and related setup - authored at least in part by Rtm's father.
Rtm has done lots in his own right as the wikipdia pages show.
But seriously - if you don't know who these people are you really should.
and maybe ESR's writings and that online anthology of the early Apple days and old issues of 2600, etc, etc
I am sorry - but it is really irritating to me that someone would be on this site and really not be aware of the deeper history and culture. It is not that deep - 1950s to present (to cover Lisp).
As Jay-Z (whom you probably know) says - "Go read a book you illiterate son of a bitch and step up your vocab ..."
Perhaps, to people who program in higher languages this is not evident, but old assembly programmers know this stuff well. Even for the newer ASM programmers, we had Fravia+ (may he rest in peace) to teach us the ropes on reverse engineering and unprotecting 'nasty' code.
And those students of Fravia+ know something well: if it is viewable, executable, listenable on a device you own, you can do anything to it. He recommends taking what you would have put in for protections and make your program better by that much. Or prepare to protect the hell out of it (and release every day, munging the exe).
It wouldn't be any more responsible/ethical/useful of me to post a "I Can Crack Your Non-Mac App With Just A Copy Of IDA Pro and HexRays" tutorial. I could show you how I can press 'F5' and decompile your code back to surprisingly readable pseudo-C, but that's not going to help you secure your application, it's just patting myself on the back and showing you how cool I am.
On top of that, the author is still flogging the PT_DENY_ATTACH horse, despite the fact that it's been documented over, and over, and over again as trivial to bypass. PT_DENY_ATTACH was added to meet the minimal contractual requirements Apple had to movie studios and record companies by preventing users from attaching a debugger to DVD Player and iTunes. It's not a real security solution. There's a simple open source kext (that was first implemented for Mac OS X 10.3!) that simply disables it across the board:
Another fan of your writings. I like the occasional quote you throw in there. However:
I don't agree with the way you phrased your headings. Verging on linkbait, even.
RCE is a hobby of mine and I crack all sorts of shit; it's fun and challenging. I know quite a few people who do.
This is the first time I have read such a blunt "I can crack your..."/"How to stop me" approach. It sounded very arrogant at first. No one else that I know bothers with this direct attitude. I am sure Mac devs are more than aware (Anticipating an article on this as a followup to your post).
"[...] but implementing a bare minimum of security will weed out 99% of amateurs. [...]"
I am not sure where you pulled that number from but it's false. RCE is not as difficult as you make it out to be, and amateurs can overcome the usual barriers quickly. Communities thrive on teaching amateurs the art, and they pick up these skills very quickly. I taught a few.
ptrace(PT_DENY_ATTACH, 0, 0, 0);
I really have a hard time taking advice on copy protection from someone who doesn't known about ifndef.
Furthermore, PT_DENY_ATTACH won't help because any cracker worth is salt will just open the binary with an hex editor and remove the call to ptrace(). The other two tips to prevent cracking are, at best, as useless as this one.
And just in case you're wondering, those three methods are equally useless on iOS.
Edit: Actually, they're not very good at it, but this still won't slow them down much.
$ DYLD_INSERT_LIBRARIES=/path/to/your/Subclassedlibrary.dylib arch -i386 /Applications/OriginalApp.app/Contents/MacOS/OriginalApp &
And on a sidenote, I thought it was funny to see him refer to something as 'badly spelt' - I thought that 'rye' remark was a bit 'corny' (rimshot :-)
But the people on the other side feel the same way, there are more of them, and in reality, they're not actually hurting your business as badly as your delusions tell you they are - none of them were ever going to buy your shit anyway.
Add features, improve your design, fix bugs, or tweak your shitty description and screen shots in the app store (which, in my experience, will affect sales for most apps more than the first three factors put together). Literally any time that you devote to copy protection is wasted, unless you're Angry Birds (and even then I'm not sure) you're not reaching anywhere near a high enough percentage of the people that would happily pay for your product to worry about the ones that would rather just take it.
People will buy from the App Store because they want the protection it provides and the convenience. They know when they download your app from the app store that it's not a virus, the install will be one click simple, and Apple has hand reviewed and approved the app.
I think the Mac App Store protection is designed to be just enough to stop Average Joe from copying it onto a usb stick and giving it to his friend. In the end that's really what you want.
Next time you buy a DRM-ed book from Amazon.com, or watch a film you can not make a copy of, you can contemplate that the protection there is much better than in some Mac app.
Would that make you happier as a user ?
The way to solve this problem is to spend more time on adding more features into the frequently released newer versions of software. Cracking all the same basic reg code would get boring for a few-dollar app.
But seriously - this was interesting in and of itself, for those who don't know the tools. The whole concept of copy protection and registration is a war that can't be won. Denying unregistered people proper updates seems to me, form experience,to be the most effective deterrent - I don't like to apply updates if I'm not sure if it will cripple my app because I used a weird serial # - and nobody likes to run a "keygen" these days because who knows what it does.
In the end - all software is piratable, and usually by those who won't pay for it anyway.
With the declining price of software and mass-markets like the app-store, more people will pay. (I like a certain piece of SSH terminal software for windows - but I don't use it, because I'll be damned if I'm going to pay over a hundred bucks a seat for it - it's not THAT much better than the free alternatives. If they brought that price down to something reasonable, I'd use it all over)
One is it just builds the binary, runs it through SHA1 (or whatever), and stores that digest somewhere in the installation directory. But what's stopping attackers from just changing the digest? They have access to the application, so they can know exactly how to generate the digest; all they have to do is run the bundled digest function in gdb, copy the output, and then search for it in the installation. Even if the author tried some sort of obfustication (xor, deflate, reverse, etc), such attempts would show up in the binary and could be trivially duplicated.
A second is that the digest is somehow pre-computed for a binary before it's built, then included in the binary itself. But I don't see how this is possible with secure digests. And if the method is simple enough that it's worth using for typical iOS applications, what prevents an attacker from pre-computing a digest for the cracked version?
And moreover, we have a link on our home page that says if you email us, we will give you our apps for free. Some people take advantage of this offer, but the vast majority of users do not.
Specifically, the PT_DENY_ATTACH thing should be possible to be, itself, denied with labrea (though in practice, I've run into runtime linker problems with that exact call that I haven't quite figured out, but I haven't put much work into it).
Of course, such an app could still be cracked -- as could any app... because all you have to do is
1) purchase a legitimate copy and enter a fake name2) take a snapshot of a working, unlocked app3) remove all the code that cripples that state
The only way to really prevent cracking of apps that run locally is either challenge-response dongles or requiring people to provide a strongly verified identity in order to unlock the app (that way the cracker can't distribute the app without compromising the identity of the original buyer). And that is just too inconvenient for the actual buyers. Once again, security at the price of convenience.
Not really necessary - https://github.com/mxcl/homebrew/wiki/installation#sudo
That price usually is between $0.99 and $9.99 and thank Apple for showing us that lesson.
From a standard point about good parenting, nearly all the girls with good parenting had mommies who were happy being mommies.
For more, I draw from
E. Fromm, 'The Art of Loving'.
Deborah Tannen, 'You Just Don't Understand: Women and Men in Conversation'.
So, I continue:
Way before age 5, the little girls realize that they are small versions of Mommy and NOT Daddy. They know in absolute terms that they are a GIRL and NOT a BOY.
Since their mommy was happy being a mommy, the little girls want to be like Mommy and on the 'mommy track'.
By about age 18 months, little girls are already masters at eliciting positive emotions from adults, MUCH better than boys. The girls are also MUCH better at reading emotions than boys. Facial expressions and eye contact are part of how the girls read and elicit emotions; other ways are to 'act' (they are MUCH better at acting than the boys) cute, meek, and sweet and to be pretty. Since being pretty lets them do better eliciting positive emotions, they love pretty dresses with ruffles and ribbons. So, they are in a 'virtuous circle': They act sweet, elicit positive emotions in an adult, e.g., father, grandfather, uncle, get a gift of a pretty dress, wear the dress, elicit even more positive emotions, get even more pretty dresses, white bedroom furniture, patent leather shoes, cute stuffed animals, etc.
Having to act like a boy or be treated like a boy, instead of like a girl, would be terrifying to them.
So, in their first years, such little girls, to be on the 'mommy track' want to play with dolls and not Erector sets, want to work at being pretty and not how to hot rod a car, want to learn how to bake a cake and not how to plug together a SATA RAID array.
Give such a girl a toy truck and she will know instantly that the toy is 'for boys' and will avoid it as a big threat.
Generally, from a little after birth and for nearly all their lives, human females are MUCH more emotional than human males. So, they pay a LOT of attention to emotions, both theirs and others'.
One of a human female's strongest emotions is to get security from membership in, and praise, acceptance, and approval from, groups, especially groups of females about their own age. That is, they are 'herd animals'. Gossip? It's how they make connections with others in the herd. Why do they like cell phones so much? For more gossip. Why pay so much attention to fashion? To 'fit in' with the herd.
In such a herd, in most respects the females try hard to be like the 'average' of the herd and not to stand out or look different. [An exception is when a female wants to lead her herd, e.g., go to Clicker, follow the biographies, get the one for the Astors, and look at Ms. Astor and her herd of 400.] Well, as long as human females with good parenting are on the 'mommy track', and the human race will be nearly dead otherwise, the 'average' of the herd will emphasize the 'mommy track', dolls, looking pretty, cakes, and clothes and not Erector sets, hot rodding cars, or building RAID arrays.
When it comes to a college major, any human female 18 months or older will recognize in a milli, micro, nano second that her herd believes that mathematics, physical science, engineering, and computer science are subjects for boys and NOT girls. Instead the girl subjects are English literature, French, music, acting, 'communications', sociology, psychology, nursing, maybe accounting, and K-12 education. By college the girls have been working 24 x 7 for about 16 years to fit in with the herd of girls, and their chances of leaving the herd in college to major in computer science are slim to none.
Don't expect this situation to change easily or soon: Mother Nature was there LONG before computer science, and, as we know, "It's not nice to try to fool Mother Nature.". Or, to get girls to major in computer science, "You are dealing with forces you cannot possibly understand.". Having women pursuing computer careers give girls in middle school lectures on computer careers will stick like water on a duck's back -- not a chance. Nearly all the girls will just conclude that at most such careers are for girls who are not doing well fitting into the herd of girls, are not very good socially, don't get invited to the more desirable parties, don't get the good dates, are not very pretty, and are not in line to be good as wives and mommies. By middle school, the girls have already received oceans of influences about 'female roles', and changing the directions these girls have selected and pursued so strongly for so long is hopeless.
Besides, 'middle school' is an especially hopeless time: The girls have just recently entered puberty, just got reminded in overwhelmingly strong and unambiguous terms that they are now young women, have received a lot of plain talk from their mothers, grandmothers, aunts, and older sisters about the birds and the bees, in their gossip with their herd members have been discussing the birds and bees with great intensity, already have a good woman's figure or nearly so, really, are well on their way to, in another year or so, being the most attractive physically they will ever be and know it, notice men of their age up to age 80 or so looking at them as women, and are in no mood to consider being 'more like boys'. Middle school is about the worst possible time to try to get the girls to fight Mother Nature. Suggestions of such lectures are 'clueless' in grand terms.
So, a typical scenario is a boy in middle school who is really excited because he just understood how an automobile differential (TCP part of TCP/IP, binary search, virtual memory, etc.) works and with great excitement tries to explain it to a girl his age at, say, lunch, and we have a strict dichotomy: The boy is totally clueless that the girl couldn't be less interested. The girl sees right away that she couldn't be less interested, not to offend the boy unduly pretends to be a little interested, and sees in clear terms that the boy is totally clueless at perceiving her lack of interest. She concludes that he is so clueless he is really easy to manipulate (a fact she suspects could be useful and saves for later). The boy doesn't understand the girl, and the girl regards the boy, and soon, all boys less then 2-6 years older than she, as at least 'socially' immature and, really, just immature. She wants nothing to do with such 'children' (she already understands that a woman needs a strong man) and will concentrate on boys 2-6, maybe 8 or 10, years older than she is. She has a point: She was likely more mature socially at age six than he will be at age 16.
Look, it's WAY too easy to fail to understand: So, we can just assume a simplistic 'rational' model. In this model, sure, we can teach 2 + 3 = 5 and (2 / 3) / ( 5 / 4 ) = 8 / 15, and both the boys and the girls can learn, although typically the girls will do better on tests in such things than the boys. So, we entertain that the boys and girls can exercise all their 'rational' abilities and, thus, can learn and do well with anything their rational abilities permit. Nonsense. Naive, clueless nonsense. Instead, Mother Nature says that in addition to rational abilities are emotions and commonly has the emotions overwhelm the rational abilities.
Net, such a simplistic rational model is clueless, even dangerous, nonsense. Give a girl of 4 a toy truck and take away her dolls in pretty dresses, and she will cry, and the crying will be heartrending to any adults around who will quickly swap back the truck and the dolls. It's no different at age 13 in middle school or 18 in college.
Actually, there can be a reason for a girl in college to take some courses in computer science: Look for a husband!
It may be that in college girls of Asian descent are more willing to pursue math, physical science, etc. than are girls of Western European descent.
Not all the people I socialize with are into computers. Most aren't. You can't make all your friends in your own industry. I don't care if a person is a man or a woman, unless there are seriously extenuating circumstance I won't work or socialize with them if their assholes. The problem is that in geek circles there is a heavy social penalty of advocating that someone be ostracized for behaving like an asshole, everyone has to be included no matter how much no one else wants to hang out with them.
There are a lot of anti-social retards in tech regardless of gender. I'm quite happy with it as there are lots of people willing to hire devs who are willing to not be condescending and have some semblance of adherence to social norms. As the OP pointed out quite accurately in their post 'I realized he was just an asshole who probably wouldn't get too far in life anyways.'
Many people are hardwired to respect the opinion of anyone who forcefully and confidently expresses it. It's a two way street though, want people to think you know software engineering or any other topic? Just say something reasonably intelligent in a forceful and confident way, also if someone else has said it that they respect mention that person as having saying it. Most of the debates in software engineering are subjective in nature as much as everyone involved in the decision likes to claim otherwise.
If you know your rhetoric you'll have no problem intellectually disarming most people in CS. CS geeks think they only pay attention to logos but realistically there are a lot of CS decisions made based on ethos and pathos. I'll probably be down modded for saying this but the appeal of open source is based largely in ethos and pathos, and not logos.
I'd settle for more people in tech who can write working code with out being an asshole regardless of gender.
In addition to being totally messed up politically, it's really harmful to your self-esteem if you think that you are being given special treatment to satisfy someone else's political correctness quota. Not to mention that eager men (with the best of intentions, no doubt) over-compensating can lead to "othering", that feeling that everyone is going overboard making you so welcomed that you kind of want to barf.
My current speculation is that for most girls, it's actually their parents that instill a nagging sense of doubt regarding what they are "supposed" to consider good career options. Therefore, I think the key is to reach young minds.
Girl coders: go speak at public schools or high schools today!
The key to getting more females in CS is to expose them to programming in middle school or earlier.
Jean put her finger on why recruiting females for CS at the college level is so difficult: if they are starting programming in college (or even high school) when most of the class has been programming for years, they are way behind on the learning curve and have a daunting task to catch up.
At his confirmation hearing, when Greenspan was asked why Townsend-Greenspan employed so many women (> 50%, compared to about 5% in finance at the time), he replied that since he valued women as much as men, but other firms didn't, he could get better work for the same money by hiring women. Are there any software companies doing the same thing today, and if not, why not?
That is a problem for perhaps 90%+ of Googlers, regardless of their gender.
The women on the panel, who were all Westerners, couldn't even comment on that. They were just plain speechless, and rightly so, because most of their arguments involving bullying boys, mother nature, and other standard points were pretty much refuted by the simple fact that there already exist places in the world where this topic is not even an issue. And it's not the ones you would usually relate to human progress.
They can say something so simple as "Oh don't you know that command?" but in an inadvertently condescending voice that makes you feel like you're the only person who doesn't know it. As someone just testing out the CS waters, that type of experience in every class can be very daunting.
In general, computer science tends to be a major where people go into college with a lot of prior-knowledge and I have seen this discourage many people from majoring in it.
One day, a top male student came into the lab. A female student was writing some code.
Guy: "What are you working on."
Girl: "Code for the new project."
Guy: "What are you writing it in."
Guy: "Perl!? (long pause) now that's a man's language."
Girl: "Rolls her eyes... shut-up dumb ass."
That's an example of the banter. The girls wrote just as much code and did all the things the guys did. The only major difference was numbers. There were 6 guys for every 1 girl.
I wonder how much of the gender discrepancy in CS can be objectively attributed to personality differences. Populations who participate in certain logical activities have rare personality traits (http://news.ycombinator.com/item?id=946249, http://www.teamliquid.net/forum/viewmessage.php?topic_id=112...) which are far more common in men than women.
If this is the case, is it possible that direct attempts to "increase the number of women in CS" are misguided?
CS / software engineering is an underpaid ghetto, and as outsourcing continues, will remain so.
Perhaps I should have pointed out Philip Greenspun's take: http://philip.greenspun.com/careers/acm-women-in-computing
Funnily none of the guys getting B's or C's had that psychological problem.
At Clojure Conj I think there were 0 women (other than guardians of minors) out of 200 people. On programming mailing lists I almost never see female names.
I think CS graduation rates might be much higher for a number of reasons. I think females have higher college graduation rates overall in the US, they may be more likely to switch fields and pursue a graduate degree, to switch out of programming after graduating, and in a field like programming where many are self-taught they may be less likely to learn programming out of the classroom.
They can say something so simple as "Oh don't you know that command?" but in an inadvertently condescending voice
"Condescending voice" is a matter of perception.It's quite possible that these engineers were totally ok that she did not know some stuff.
Still it's possible that females are more sensitive to [imaginary] condescending tone, so they shy away from the field.
The thing is the uber-geeks do this to each other too, the difference is to them it's water off a duck's back.
3 years out of school and already a big ego :)
On her point about being at a disadvantage compared to the other students since she had low experience with computer science (having only taken classes in high school). In my point of view, I think she had sufficient exposure to compsci. I didn't get into computer science, or even know of its existence, until my 2nd year in university.
I definitely do think personality has an effect on the experience. The author of the article, I think, took comments and retorts too seriously or negatively. In addition, I think she uses her gender as a weakness but rather it has no effect on her ability at all. Though at least she recognized the asshole soon after his outburst.
In my experience, I don't see a decline of females in computer science, rather it is a increase. I have passed by the portraits of graduated students in my hallways and definitely there are way more females than in the previous years. Matter of fact, it was almost a 1:5 ratio of females:males (may not be super accurate).
I. discriminatory or abusive behavior towards members of the opposite sexII. prejudice or discrimination based on sex; especially: discrimination against womenIII. attitudes or behavior based on traditional stereotypes of sexual rolesIV. Attitudes, conditions, or behaviors that promote stereotyping of social roles based on gender.
The sexist remark in II is quite common. In some dictionaries the word "sexism" is itself defined in sexist terms: "sexist - a man with a chauvinistic belief in the inferiority of women". It may be warranted by the attitude's prevalence; it is sexist nonetheless because it promotes stereotyping.
Definition IV is probably the most enlightening of the bunch. One valid yet unpopular answer to the question "why so few female software engineers" is that most parents provide a sexist (IV) upbringing. Given the standard attitudes (gender identification), conditions (girl's toy collection), and behaviors (mom's occupation), the odds are stacked against a female becoming a software engineer even before she enters the first grade. These things change but it takes generations.
Inspecting my own behavior as a male software engineer, I would find myself guilty of several of the attitudes and behaviors mentioned in the article. My first hope is that I do not discriminate by gender (I'm a jerk to men and women equally) and my second hope is that I can be less of a jerk to everyone.
0. This guy looks orders of magnitude less looney than the usual P=NP prover. I hope someone who knows this material well steps in soon.
1. This guy has implemented his algorithm. This is a very good sign -- most garbage "algorithms" are exposed to be broken when people try to implement them.
2. Most 3SAT problems are "easy". Being able to solve a particular problem doesn't mean that the algorithm works in general. He would have done better to demonstrate his algorithm on "known hard" problems.
3. He states a running time of O(n^4 m), but his experimental results don't scale quite like this; perhaps his analysis is wrong, or perhaps there's just a monster hiding behind the big-O.
4. If he is correct, and his algorithm is optimal, we probably don't need to worry very much about cryptography yet: It looks like this algorithm is far too slow to be a practical attack on existing cryptosystems.
(EDIT: Oops, in the time it took me to write that, 18 other people posted comments. Well, so much for getting the discussion started...)
I've implemented a SAT solver and read the literature extensively. This paper is not up the standards of clarity imposed by that literature, see, eg, "Efficient Conflict Driven Learning in a Boolean Satisfiability Solver" (Zhang, available for free online). There is a world of difference in the clarity of presentation between these two papers. There might be an English language barrier problem operating, I don't know.
If the author did some work to polish his presentation and state definitions more clearly, as well as submit his SAT solver to well know competitions, (http://www.satcompetition.org/2011/), I'm sure he could get some attention from the relevant people. Given how clear it looks right now, I'm too busy with my own research to try and pull out the hidden conflict-driven algorithm that I suspect exists in this paper, as it would be very time-consuming for little expected gain on my end.
If his algorithm beats the pants off all the others in SAT 2011, well, then I'd get right down to work.
Homework for someone who has some time: download his code and make it run on SAT 2010. Compare to other algorithms from that competition. Not, of course, a definitive test, but it it performs even in the middle of the pack, then you'll know it is worth a closer look.
It sounds like what they are saying is equivalent to the following:If S1 intersect S2 has a solution, and S1 intersect S3 has a solution, then the system S1 intersect S2 intersect S3 has a solution.
But this is evidently false. Consider the case where the CTS included each of the following rows, and were empty everywhere else (after re-ordering the columns so the same-name columns were in the same final column):
(1) 000 (2) 001 (3) 0 00
I suspect the problem they set up the induction for might not perfectly align with the theorem, but it needs more careful examination.
My bid/ask is 0% / 0.02%
I think I'd wager at most a 1% chance that P = NP, and, I'll be generous and put the odds that this particular person cracked it first at 2% of 1% (I know he has code posted, but think of all the smart people who failed, and within my 1% is the case where P=NP but no human ever proves it). Would anyone offer better odds than 1 in 5,000, or make a bid?
My knowledge is limited to taking Sipser's intro class in school; but as a programmer, I always find subset-sum to be the most tangible and convincing example that NP-hard feels pretty tough.
I love these announcements though; I am always humbled and fascinated by the resulting discussion.
1. For a fixed permutation construct a Viterbi-like search on the triplet assignments - if it fails it is not satisfiable. However, if it doesn't fail right away, there is still no guarantee there is an assignment. Call this structure compact triplet (CTF) or whatever.
2. Constuct a small set of permutation (at most m) for whichevery clause in the original CNF failing to satisfy will mean that at least one of these permutations CTFs will fail to satisfy.
3. Efficiently? combine the structures.
I didn't really read it deeply but that from what I understood that seems to be the top level strategy. I'm not 100% certain about it.
Recently someone claimed a polynomial-time graph coloring algorithm. I generated hard instances, their "solver" blew up. Claim debunked. It should be simple enough to do the same for this (for some definition of simple).
The key lies in generating hard instances. As cperciva has said in http://news.ycombinator.com/item?id=2121837 - most instances of most NPC problems are "easy."
The algorithm uses an algorithm similar to the well-known '3-consistency', which has been shown to solve quite a lot of classes of problems, in particular some that are solved very poorly by the normal learning-based systems used in most SAT solvers.
The paper aims to strengthen 3-consistency slightly, using permutations. However, while that is a reasonable strategy, it is entirely unclear to me, and unclear in the paper, while that gives poly-time solving time.
A list of articles published on the P=NP debate is here http://www.win.tue.nl/~gwoegi/P-versus-NP.htm
Looks like someone thinks they've solved the problem every month or so :)
Someone should really verify his algorithm on various SAT sets. But I have to say that his approach is very good and humble... he suggests he may have solved the problem -- but it is up to us to verify! I'd like to follow this further, so I bookmarked it via an upvote.
CTR mode turns AES into a stream cipher, meaning it can encrypt a byte at a time instead of 16 bytes at a time. It does this by using the block cipher core to encrypt counters, which produces a "keystream" that you can XOR against plaintext to use as a stream cipher.
For this to be secure, as with any stream cipher, it is crucial that the keystream never repeat. If you encrypt two plaintexts under the same keystream, you can XOR them together to cryptanalyze them; even easier, if you know the contents of one of the plaintexts, you can XOR the known plaintext against the ciphertext to recover the keystream!
To avoid repeating keystreams, CTR mode uses a nonce, which is a long cryptographically secure random number concatented to the counter before encrypting.
To avoid that catastrophic security bug, CTR mode users have to make sure the nonce never repeats (and also that the counter never repeats, e.g. by wrapping). We have found both bugs multiple times in shipping products, and now Colin found it in his product.
And so I come to the moral of my story: Colin is clearly a gifted crypto dev. He can talk lucidly and at length about the best ways to design crypto-secured protocols. He has found crypto flaws in major systems before. He is as expert as you could expect anyone to be on any product.
And Colin didn't get it right; what's more, the manner in which he got it wrong was devastating (in cryptographic terms).
Colin handled this well, largely due to the fact that he's an expert and knows how to handle it.
How likely is it that anyone less capable than Colin could have handled it so well? Moreover, if Colin can make a devastating mistake with his crypto code, how many worse mistakes would a non-expert make?
You should avoid writing crypto code if at all possible. Nate Lawson is fond of saying, "you should budget 10 times as much to verification as you do for construction of cryptosystems"; I would amend that only to add a price floor to it, because you cannot get real validation of a cryptosystem for less than many tens of thousands of dollars --- if your system is simple.
(not that I know anything about crypto)
Which is easier to miss?
aes_ctr(&encr_aes->key, encr_aes->nonce++, buf, len, filebuf + CRYPTO_FILE_HLEN);
aes_ctr(&encr_aes->key, encr_aes->nonce, buf, len, filebuf + CRYPTO_FILE_HLEN);
ncr_aes->nonce += 1;
Edit: To be clear, this isn't aimed at Colin but meant to point out that if he still occasionally gets it wrong there's a pretty good chance that your fancy custom encryption method does too.
I meant to say this in an email, but big props to Colin for being transparent about this and responding to the issue the way he did. I'm sure it wasn't an easy weekend.
All that, plus explaining how to delete and offering a refund will probably cost only a small number of picodollars, and is worth a lot more to tarsnap's credibility.
That part is very important. Compress then encrypt. Here you see competent crypto applications playing safe covering for unexpected problems. I say well done Colin! Full disclosure and best practices.
At AltDrive, we use a nonce generated w/ secure random and that is used for encrypting an entire file in CTR (EAX) mode. The issue with 64k chunks does not apply. The mature and well-respected BouncyCastle AES-256 libraries are used from the low level API. Usage of the API was independently reviewed by the BouncyCastle organization. I can share that on the AltDrive blog if anyone is interested. http://altdrive.com
I felt strange doing anything on it because I felt people were judging me. It was like I had developed this persona of an educated and successful and fun person when I was on it because I hadn't made any new "friends" since beginning grad school and I was so stressed out, miserable and broke that I was never brave enough to admit it on my own.
After surfing through the countless photos of my friend's girlfriend or my ex gf, I honestly used to feel guilty with the voyeurism. I use to feel hurt seeing my ex gf happy, lonely seeing old friends enjoying themselves, smirk seeing my friend do something stupid. I hated when people tagged me for the same reasons.
I wasted tons of time friending people I would not even wish birthday. I spent countless awkward chat conversations that never went beyond "I had a great day". I spent useless time tweaking my photos and wall so that my family wouldn't see the language that I or my friends were using. I tried to post Go's result on my wall. It became less of enjoying the game than to acquire certain points so that I could post them on my wall.
I logged into Facebook when I didnt have anything to do, which happened a lot. I used to open Facebook like I opened my email and reddit. After a while I just felt too shitty.
I deleted the account. I share photos through Flickr. Not all my friends are there but those who are have taught me a lot about taking photographs. I joined Blip.fm. Not all my friends are there but those who are truly share the passion I have for music. I deleted all my contacts in the messenger and added only those that I truly feel comfortable talking to.
My girlfriend calls me anti social. But she too has come to accept that Facebook is prone to our weakest traits as humans. We love attentions. We love to think of ourselves as something we want to be. We trade our true feelings to be included. We want to be popular. We want our taste in music and art to be value. We crave for external success. It was like high school all over again.
I have a lot of friends that I don't see more than once every year or two, but I will be close to them until the day I die. I like seeing their status updates, their vacation photos, their kids, etc. Facebook makes our connection stronger, not weaker. It doesn't replace the need to see them and talk to them; it makes those infrequent visits/conversations better when they happen because it feels like we haven't really been out of touch for so long.
My takeaway is this - Facebook is the first web application that showed us how easy it is to connect to the people we love, as well as those we know, but do not care about.
Facebook is the mere beginning of the way we will communicate in the future. It has its gripes, and people are starting to get bored with it ("ok so I friended her, now what?").
Nothing happens on Facebook.
Facebook, in my opinion, will eventually fade, and make room for new models of human communication, ones which do give us an added benefit instead of poking and secretly stalking our ex-girlfriend.
Saying that facebook connects people only in ways limited by the imagination if its creators is true. But still, it CONNECTS PEOPLE. By deleting facebook without finding a replacement that is better than facebook, you are losing this new way of connecting people. Stuff like skype works for connecting with a relatively small social circle. Facebook allows a looser but also much larger circle. Presumably a better means of communication will come along sooner or later. The telephone replaced the telegraph, myspace replaced friendster, but until it comes along facebook(twitter?) is still the best means for this new large scale high volume asynchronous communication that we have.
Her insights and arguments really needs to be read by everyone of our generation in full, and I mean that in all sincerity. It articulates all the misgivings and worries I have about this phenomenon that has always left a slightly bad taste in my mouth and felt vaguely repellent.
In addendum: I pray for the day I can convert my thoughts into words as judiciously and compellingly, verily I would sell my soul for that knack.
Facebook has something valuable... we've already logged in, so there's no barrier to making a comment that is voiced from our own identity. Fewer clicks, no barriers, and boom - the comment is public.
But Hacker News does that for me, since I have a long-lasting cookie that I don't clear... hence this comment... and nothing "social" happening on that blog. Interesting.
We can write to hacker news with our articles, bitching and moaning about facebook, or quietly build an alternative social network with the values we want.
Friend #1: Happy Birthday!
Friend #2: HAPPY BIRTHDAY DUDE!!
Friend #3: happy b-day!
Friend #4: Have a wonderful birthday!
And it goes on and on down the list. Some unfortunate people feel the need to individually reply to each and every birthday wish. Each day it's like this for a different person, until once a year when it's your birthday and then everyone's doing it to you.
It's really, really stupid. And I wish there was just a way for me to automatically generate and deliver my friends a birthday wish on the right date. But the Facebook API prevents you from being able to post to your friends wall.
Tear down those garden walls Mr. Zuckerberg!!
I find that I regularly check Facebook and am regularly disappointed with what I encounter there both as it relates to the activities of my friends and their responses to my activities. I tend to want deeper feedback and discussion which clearly isn't the model for Facebook. Whereas I know plenty of extrovert friends who love Facebook, are constantly checking in and because they have hundreds of friends, are constantly validated.
Certainly this is all anecdotal and biased given that I'm strongly introverted but every time I see someone say they are giving up Facebook or are disappointed in it (including myself), it seems to me that person is most likely introverted and thus not well served by the end goals of Facebook.
This article amounts to a wisp of air amongst a wind of change. It's a tad late, but better late than never. Some users of Facebook will never quit. It's a realization that permeated Facebook's offices for a long time and these are the users that just don't care period. With blinders on, they will obey the rules, and let their online privacy erode.
What's more important, and the conversation that we should be having: where to go next? What's our collective need that an online network can fulfill ? Maybe it's not online and in fact, going backwards is the new cool. Who knows?
In 2005-2006 (I just started at McGill) when it was still within campuses it was like wild fire and when I watched the movie , I completely related and recalled sitting down with room-mates and class-mates browsing dozens of girls in the school. There were no games just mainly wall posts and photos. You cannot relate that to now ... it is just not equivalent. Privacy was the same back then as it is now... people are just more aware of it or they grew older and understood the effects it wil have with their jobs, lives etc.
> What we actually want to do is the bare minimum, just like any nineteen-year-old college boy who'd rather be doing something else, or nothing.
Yes Zadie Smith is right ... this was never meant for the old folks (no offense), when it started those are the only people there were 18-22 year old college students looking for the bare minimum.
Times are changing though and these kids start to grow up, thus changes to try to satisfy all. But to me it seems harder and harder to define.
Russia has Vkontakte Japan has Mixi
So hopefully the author finds what he is looking for. I would start by just picking up the phone and calling someone. That is my Dad's way of keeping up with his social network. After he finishes work everyday, he has a 5-10 convo with his old friends and co-workers. Sometimes he even visits... (It is a no-brainer but somehow these days people find this hard to do)
> 500 million sentient people entrapped in the recent careless thoughts of a Harvard sophomore
Is a 26 year old billionaire in charge of a 500 M network something someone would want to fail ? Are the 2000 or so employees that work there doing it for the vision of Zuckerburg? Is jealousy that strong ? I dont want it to fail. I want to be some percentage of whatever he is when I reach 26 not by personality but achievement. Why should I wait for maturity to achieve things, I want to fall, get back up, fall and fall some more if it means I reach closer to what he did (no matter how simple the idea was). It is as if he is not allowed to mature or people are still looking at him as a sophomore that sent those sms messages. He does get assistance from his COO Sheryl Sandberg http://www.nytimes.com/2010/10/03/business/03face.html so maybe back in creation the site was a reflection of the immature sophomore but now it is something different.
I was on vacation in DC with friends, and I walked right past a girl I was certain was a friend of mine from college. I found her number on Facebook, sent her a text, and found out that it was her. We met up for drinks the next evening. Do we chat regularly as a result of having met up? No, but we enjoyed reminiscing and sharing our stories.
I'm not a Facebook fan, but I don't know that is does worse than most technology at being humane.
My wife, on the other hand, liked Zuck less by the end of the movie, even though she knew it was mostly sensationalized. It still hasn't changed her FB behavior.
It is this concept of entertainment that makes Facebook what it is today. A single source of entertainment, and a place to peak deeper into the lives of those around you with or without participating in those lives. As with many different forms of entertainment if you indulge too deeply you are consumed by your indulgence.
For the time being Facebook has a place on the internet. Will it be a main stay for years to come? Well that is very hard to predict. I truly believe Facebook's biggest internet value add will come in the form of an online digital pass. I feel those leading Facebook's directions also believe that too. If they can satisfy the majority of its users basic desire for entertainment, continue to build out the graph API, and keep giving more reasons for businesses to utilize the graph API then soon enough Facebook will will realize what Microsoft never was able to with the Microsoft Passport from the Internets early days.
Biggest takeaway for me from the article is that enormous amount of time, thought spent on yet another communication medium in evolving world. I have to wonder how scared people were when they first saw email!!
If you get enough value out of Facebook, it is worth the risk, otherwise it is quickly discarded.
One day, my friend Bryan was charged with the daunting task of getting Ellie, one of the older and more difficult students, to read out of a children's book for a distinct and measurable amount of time.
But a few minutes in, Ellie decides he's done reading for the day. And for one reason or another, he jumps up out of the bench seat, pointing an accusatory finger at his tutor. His English wasn't super clear, and he wasn't being very loud (thank god), but I did catch "touch" and "special area."
The two of us are frozen in horror. What can you say but "I... b... no..."? Ellie maintains this outrage long enough to really get some good satisfaction out of the looks on our faces, and then he relents and just starts laughing at us.
What if someone walking by had heard? We were in a partially exposed church basement kind of area, so it's not unheard of for random people to be walking by - and the cry of abuse stirs the indignation better than most anything else - so there was a really good chance that something really awful was about to happen.
But it didn't.
So the question was, what do you do now? We tried to impress upon him never to do something like that again, but he clearly didn't grasp the full potential force of his actions. We were like 20 at the time, and ill-equipped to deal with children on this level, so we probably should have relayed the event to an adult of some sort, but we were too worried about how it would be perceived, so we just moved on.
Neither of us stopped volunteering because of the incident, but I'll never forget the sinking dread of that instant, that's for sure.
I spoke with the director and we both agreed that children spend too much time with women in school and day care. One of the reasons many young boys don't click with school is that they don't get male role models. Children who don't have a "man in the house" might get all the way to high school before they meet any male role models at all.
a). More women in tech b). More men in childcare/teaching
Great to finally see an article like this one.
Also, she caused quite a stir a few years ago for letting her 9 year old kid ride the subway alone. Her story about it is here: http://www.nysun.com/news/why-i-let-my-9-year-old-ride-subwa...
Meanwhile, children are far more likely to be physically or sexually abused or kidnapped by close relatives. But that story is less compelling from a media perspective so the public is less exposed to it.
Hence all the bizarre attitudes like the one described in this article.
As a parent, I'm of the opinion that the media blows kidnappings and the like way out of proportion. Even then, it's difficult to look at the data objectively, because it's your children.
If a man is furiously yelling and striking a woman in public the police will be called on the man. If a woman is yelling and furiously slapping a man, the police will be called on the man.
Consider that:1. Men receive stiffer sentences for the same crime.
2. Men are routinely ruined by family court, because of the instant trump card that an abuse accusation brings. Additionally they have few options when they are the victim of abuse.
Anyway, I was an education major and one my male professors would always stress to the males in the class that they should be extremely cautious when dealing with children (don't hold their hands, etc):
The professor started out teaching first grade, and one time, a boy in his class came out of the bathroom with his pants down because he couldn't get them back up. Before the boy could even ask for help, the professor ran down the hallway to the nearest classroom with a female teacher to have her pull up the boys pants.
I'm not offended by the way it is though. Like how at the Iowa daycare center where the one male aide can't even be in the room while diapers are being changed. I was taught to stay far away from those types of situations and to be honest, if it makes someone feel better that I'm not in there - that's fine by me.
Of course it's stupid to label all men as possible predators, but there's another side to it: when a single pedophile can damage literally hundreds of children, who wouldn't have cause for concern?
The challenge is to find the level of concern that is reasonable and warranted, but this article can't be bothered with gray areas.
I'm a scout leader in Australia, where Scouts is non-denominational, non-discriminatory and mixed gender. I'm a Venturer leader, the 14 - 18 year olds, and I'm gay.
These things ARE linked. I'm a Venturer leader because it was this or being a Joey leader, which is the under 10's, and I just CBF dealing with that noise, because I'm also gay, which makes parents immediately suspicious. 'Cause, you know, once a little bit of a pervert, NATURALLY a complete monster. Just like how litterbugs all become worse then Pol Pot.
So, on the one hand I avoided one sort of leadership. On the other, I'm wanted because I'm a male, I can relate to the younger dudes. At camps we have a leader of both sexes not because there are touching fears, but because kids need someone of either gender to talk too if they need it, to make them comfortable.
It was pretty annoying but the parents got over it when they saw that their kids loved having me there. This is in part because I always seem to end up discussing Star Wars or video games with the boys for at least part of the time.
What's funny (and sad) is that this attitude spills over into family life. My brother won't kiss my oldest daughter on the lips despite her insistence that he do so (she has some pretty strong opinions). His response was that "I don't do that with kids."
The case is extreme both in scope, gravity of the offenses, duration and in the position of trust the perpetrators were in and it will take a long long time for that to blow over again.
'Eek A Male' is very much a response heard around daycare centers here.
I used to assist teaching a Saturday morning martial arts class for kids. The change-rooms were communal; nothing unusual and I never thought anything of it. Then I was told that it made the parents uncomfortable and I had to change in the office. Suddenly I felt embarrassed and shameful.
Then I was shocked that I had felt such feelings. I don't experience much, if any, discrimination in my life. I really empathize with those who do. It's terrible.
What has AWS done in the past? They've introduced a new product, then over time:
1) Made it easier to manage2) Made it more automated3) Added additional bits of functionality
Why would we not expect them to do the same with Beanstalk?
From what I'm reading, Beanstalk changes this and clearly puts AWS in the category they've long claimed to be in. Not that their service wasn't great/unique before. This just puts them that much further ahead.
It's along the lines of what Heroku does with their routing mesh layer (as far as I understand it).
More importantly, that loses some of the simplicity, meaning that you still have to think about infrastructure to a degree.
Heroku is git push to deploy, and if you have a standard Rails app, that's it.
Whereas to deploy a standard Rails app, after you package up your app as a .war with JRuby (and deal with possible gem incompatibilities), you have to spin up an RDS instance too. And change the config in your Rails app so that it knows how to talk to the RDS instance. And if your RDS instance crashes, they backed it up for you, but you still have to manually restore from the backup.
And once you're already thinking about infrastructure to that degree, you've lost a lot of the benefit of a PaaS.
The specialized services will be less work to maintain for developers, and will offer unique additional features that Amazon will have a hard time keeping up with if they try to spread themselves too thin.
1. Can my database auto-scale?
2. Can my JVM heap auto-scale beyond 2 GB without GC pauses?
I think smaller developers stand to reap huge productivity benefits from easier to use and more feature-rich platforms such as Heroku.
I shook his hand and he introduced himself as getting an interview slot too. Naturally we conferred and compared notes. Mine was something weird, a scheduling software--we haven't decided yet. His was a photo blog. Well like a photo blog, but easier, the kicker is you only manage it through email.
Oh, I said. That sounds... interesting. Since I was young that was go-to answer for any pitch. The less he explained the more compelling it was. Blogging for your grandma, blogging that anyone can do, blogging that's accessible. I remember asking how long he's been working on it, he said for a few months. I smiled and said he's probably going to get funded.
I didn't, it was my fifth try and became my last.
Throughout the years Posterous' engineering skills, design skills, and marketing skills have made the platform really awesome. Reading his blog, learning his thought process, and seeing the passion he puts into his work, it's inspiring. Very inspiring.
Blogging for grandmas is such a good idea, it's carved a great niche amongst giants WordPress, Blogger, and Tubmlr, and it's growing as a company.
Our career paths took really drastic divergence but seeing what you've done in the past three years is one of the examples of the immense potential working in our little crazy world.
Congrats and good luck.
I feel like a band i really like was in the studio working on a new album, and a songwriter just left.
I guess i was waiting for another shoe to drop in terms of the realization of the Posterous vision.
Anyway... congrats to Garry. I saw his TWIST interview a while ago, and thought he seemed really nice and had really interesting ideas.
See also Jason Putorti's gig (now over) at Bessemer:
Y-C's gonna be awesome for you, but I really can't wait to see what comes next. =)
I was also surprised at how quickly I got a response via a customer service request. Nice.
Congrats to Garry Tan - I always equated him to Posterous since I saw him on This Week in Startups. Hope to hear more about his newest endeavors.
I'm glad you'll be able to provide high impact work to many startups.
The fact of the matter is that Flash is an entrenched, defacto standard and isn't going away any time soon. HTML5 isn't anywhere close to completely replacing Flash even if it were to disappear in a puff of logic right this moment.
HTML5 <video> is in its infancy, and isn't being perpetuated by sheer momentum like Flash. Further, H.264 was a complete non-starter for Mozilla, and Firefox holds nearly 20% of the market. Using H.264 for HTML5 <video> would have guaranteed market segmentation and hurt the chances of a truly open future.
This argument about dropping H.264 propagating Flash in the short term is just insanity to me. Flash is already here for the short term. We need to focus on our long-term options for moving to something more open, and the whining about this decision strikes me as totally myopic at best and blind fanboyism at worst.
> We applaud Google for this change; it's a positive step for free software
Except that it further entrenches Flash in the short to medium term, possibly longer.
> Most of it is delivered with Flash, which is proprietary, nonstandard software.
Exactly. H.264 isn't going away anytime soon so having a Web browser without Flash gets that much harder. With no native support for H.264 in Firefox or (soon) Chrome, bizarrely the most Flash-unencumbered browsers are Safari and Internet Explorer.
Consider that for a moment: Internet Explorer.
> Free software alternatives like GNU Gnash are available, but the user experience isn't always as seamless as it ought to be.
This is a key point but not in the way the author intended and it's worth parsing this statement. The FSF is driven by philosophy here but most users aren't. If you want to attract a plurality of users a necessary precondition is to have the experience be as good if not better than what you're contesting.
There is a cost to switching: finding new tools, learning a new process and so on. Users need a reason to switch and ephemeral arguments about "openness" of video on the Web just don't cut it for the majority, at least not while such a choice comes with a subpar experience.
> In order to make sure the Web stays free for everyone, we need a free codec to prevail as the de facto standard with HTML5.
Like most future specters I believe this one is overblown too. Everyone points to the GIF fiasco. The net result? PNG was born. If the screws are ever put to us on H.264, you'll see exactly the same thing, only quicker. Computing power being what it is today, the effort of re-encoding every video that exists on the Web is actually not that hard of a problem, and is certainly in the realm of what Google can do today, let alone 5-10 years from now.
> WebM can be that codec: Google provides a patent license with the standard that is compatible with free software licenses
But it should be noted, there is no indemnity against H.264 patent infringement. I'm not saying WebM violates H.264 patents. The reverse may even be true (or both). But the point is that it is a risk.
> We can only be free if we reject data formats that are restricted by patents.
The elephant in the room here is that the fundamental problem is software patents. They need to be completely abolished.
> But the issue's not settled yet.
No but it's a bit like iPad vs the rest of the tablets. The issue isn't settled yet, but the iPad has a whopping lead and the smart money is on it for some time to come. H.264, like it or not, is more mature and has more hardware and software support than WebM, which is far less mature.
The only thing that could achieve such a thing would be a device with iOS levels of popularity that a) doesn't support h.264 b) doesn't support Flash. Who is going to make such a device? A: Nobody, because it won't support any web video at all apart from maybe YouTube.
You can grouse about open principles all you want, but the big video producers don't care; they will not be a factor. Audience demand is the only thing that matters, and they won't demand WebM when h.264 is already working "fine".
I'm glad somebody finally figured out how to accurately describe webm. All this hand-waving talk of 'openness' and 'open standards' was debate poison.
Someday it will be replaced, but it will take a technically better standard. WebM is not technically better. Take a time machine and send WebM back about 10 years, and it has a shot. Without a time machine, it is too late.
The problem Google and the FSF face is that very few really care about having everything be free in the FSF's sense of free. Heck, even among Linux users, who you'd expect would be the most receptive of wanting everything to be free, very few run the truly free distributions, with no non-free modules or drivers. The vast majority are not even on Linux. They are on Windows and Mac, and so have no qualms about using non-free stuff.
To convince people they need to switch to something that is technically inferior, they need to be shown a problem that actually affects them. H.264 being subject to patent licensing in those countries that recognize software or codec patents is not a problem that can be shown to affect most web users or most web video producers, at least in a way they care about. The royalty free license for distributing free video on the web, and the high thresholds before license fees kick in for video producers, ensure that the vast majority of us never do anything that requires coughing up any money, and that takes the problem off most people's radar.
From my experience building a HTML5 video playback portfolio for a client, playing high quality webm/ogg is just not doable yet, even via Amazons CDN.
And what i don't get, on a very basic level, are these companies that own these file formats really ever going to cash in on all those files out there? I mean GIF, JPG, PNG are all patented formats, and they are everywhere.
Why doesn't Google announce for example that they will also stop supporting JPG/PNG/GI in favor of their open source WebP format? If they were really drawing bold lines they should be honest about it.
They simply sound so naive when they say "Today, we're also urging Web site operators to distribute videos in the WebM format, and abandon H.264". What they should be saying is "Prepare your web sites to transition to WebM".
They've had offered us to bundle their 'nice' toolbar inside the VLC installer so that every install of VLC would have install this thing...
And they proposed a very high value for each install...
I suspect the mystery of the changed homepage and new toolbar is, to many users, alongside the mystery of why the printer sometimes doesn't work or my cell phone drops out when I'm still in the living room. 'It's technology. It happens. Nothing I can do about it.'
Which I guess means Zugo [Edit - actually, Make-my-baby.com] is manipulating the uneducated (in a tech sense). Borderline business behaviour, though a well thought out and executed strategy.
Yes, I completely agree. I have several non-technical friends on Facebook who have been tricked into installing browser helpers (BHO) and it's disgusting. Every so often they post some kind of ridiculous advertisement in their status bar -- only it's not them, it's their browser doing it. It's like some hi-tech version of Tourrette's Syndrome.
But, playing devil's advocate -- and I love devil's advocate because when it's done well it makes you think -- there's nothing wrong with trading a cute interactive session of making a baby with setting the user's home page, or changing their browser, or selling them stocks, or taking all their money from their bank account, as long as the user knows the trade-offs they are making. People do all sorts of stupid things for ten minutes of entertainment. It's the trickery part that makes it a scam.
So the next obvious question for me has to be: what do these guys need to do in order not to be a scam? Make the text bigger? Bold? Have a flashing sign? Since a BHO can do all sorts of nastiness -- including things they are not currently designed to do -- how do you adequately inform the user of what kind of trade they are making?
Chrome has a nice way of doing this where you approve of the types of information you are allowing the helper to have. Still, even then there have been many times when installing something in Chrome that I've thought "Do I really want this particular widget having this kind of access? How do I know that the developers won't change what it does with my information on some future version?"
I am concerned that many of these articles sound like "See the witch! Burn the witch!" -- mindless mob thinking. I know it's much easier to sell salacious articles by pumping yourself up and being the superhero speaking out for truth and justice and all, but from a logical standpoint I'm much more interested in what specifically is wrong with a particular practice and what steps need to be taken to make it better. Demonizing these guys -- even if they are total assholes and are out to trick and cheat and steal everybody they find -- doesn't do much as far as advancing the discussion along for the rest of us. A little bit more analysis and information, a little bit less emotion, please.
They are noting in the comments that 1.75 million ad impressions would probably only cost the advertiser a few hundred dollars, which would make it difficult for that to be the third largest advertiser considering advertising brought in a $1.86billion. I don't know anything about the cost of advertising, but do those numbers seem right?
It would be interesting to know whether their ad targeting algorithm has me as in the unlikely to be interested in baby pictures demographic or in the people that have previously reported scammy ads demographic...
To be fair, hijacking ad click revenue seems a lot less underhand than some of the "Scamville" advertisers...
There is precious little in the story save what is already provided by Matt Cutts and there is this little gem towards the end:
"Is no one minding the store? Or are they just minding the cash register and turning away from what the customers are up to?"
That entire sentence could very well turn out to be true, but for the time being it is just opinion, which, after enough people repeat it, becomes a fact.
I wonder if he would have said anything if it was the switching default search provider to Google.
He now gets help with the business and support side of running a company but only one of the developers he hired is working on the game with him together. The other developer is getting their next game up and running.
What's also interesting is that Notch does not want to run the business, at least not at the scale at which it is now. He hired people to do that for him.
Eh, I would not say that. Minecraft is not seriously competing with AAA big-budget titles like God of War. They have completely different audiences. Yes, GoW is extraordinarily expensive to create, but it offers a gameplay experience that Minecraft doesn't and never will. Or at least, by the time minecraft can procedurally generate an experience like GoW, the big-budget AAA franchises will have moved on to something flashier.
And certain franchise titles are attractive because of the licensing, eg the NFL. That is unfortunate but not something the gaming industry can do much about immediately.
However, one huge warning: The learning curve is 100 times harder than Minecrafts, and the base art for he game is asci!(although you can upgrade it with user made graphic packs) It will also take all of your processing power.
"Because I want to avoid us just focusing on reaching release, I suggested that we should dedicate 50% of the development time in Minecraft towards adding fun new stuff. Basically, any developer working on the game (two people at the moment) can just come up with something they'd want to add on a day-to-day basis, as long as the rest of the team thinks it's a decent idea. If it ends up being fun, it gets added." 
 - http://notch.tumblr.com/post/2687176736/information-dump-inc...
"Braid and Minecraft are both examples of how a few good ideas, executed in an accessible and affordable way, will outsell franchises by orders of magnitude."
> Why it matters
> Sounds interesting, you say, but why should I care that a few guys have put together a cool little indie game? The reason you should care is because a team of four or five people using free libraries and cross-platform tools have just made a mockery of the last five years of franchise-oriented, $50 million budget, yearly-release, AAA game development. And it's not just a fluke. The Humble Indie Bundle, World of Goo, Braid, and a number of other extremely low-budget titles have electrified the gaming community, while games with millions in marketing budget like APB and Kane & Lynch fall flat on their face critically and commercially. Gamer discontent with these barren blockbusters is palpable, and Minecraft is the new poster boy for it.
Oh, they've "electrified the gaming community", have they? But how well are they doing financially?
Apple's App Store has enough successful apps to give developers hope, but the PC videogame scene needs more data points, before I'll start considering going "indie", as the kids call it.
How well does Minecraft do in terms of protection against piracy? I haven't heard a lot about it, and considering games like the aforementioned World of Goo's problems with it.
This is like saying that the success of Audiosurf on Steam ushered in a new era that developers would now be able to repeat. Steam has definitely made a big different, but everyone, calm down and take a deep breath for a second.
Notch is a friggin' wizard, and as much as people will try to reverse engineer its success, don't try to create a trend graph with one data point. I think it'd be devastating to give aspiring developers the impression that the road to success has been paved. Notch has found a way, but he hasn't paved it for the rest of us.
I find myself thinking only of Half Life and Portal. Half Life, in which people were crazy about Gordon Freeman (and he fit the part) and Portal, which did not do this in the slightest.
Has it become conspicuously common? I've fallen a bit out of touch with modern games.
And when we look at the quality from that time period - A little over a decade ago - games like Diablo, Starcraft, Quake (2) and Unreal were the ones with the best quality. With a bit of effort, indie developers and startups these days can easily beat the quality they had.
If this continues, what will we see in 2020? As the quality a game can achieve converges towards some limit (At least I'm assuming so), will indie games be more and more common and actually manage to make games that will challenge big-budget franchises?
Moreover, the incredibly high cost of production of many modern games limits the sorts of games that get made. Minecraft level sales are barely enough to cover the costs of making a game at a company like EA or Activision.
Hopefully Notch's success will lead to the development of Minecraft as a highly modable platform for roughly similar games and also to the development of new low-cost game systems that produce no less enthralling experiences.
All Java haters should watch the video of Notch coding away in Eclipse.
In a while i'll show HN my project relating to this. :)
HOWEVER, their entry-pricing is incredibly irritating. For $228/year you can't add any more than 5 invoices or reconcile more than 20 lines of bank statement per month. For the entire price of quickbooks every single year you should be able to at least use your accounting system.
I'm planning to build an email subscription feature for swombat.com soon, and was looking at options like SendGrid, but I just can't justify the cost. When you send people a sign-up confirmation email, they expect it right now. If it's not there in a couple of minutes, in my experience, even the least tech-savvy have learned that they need to check their spam folder.
That is the most underwhelming endorsement of salesforce.com I've ever seen.
They both solve a problem that is otherwise quite complicated and boring to solve, in a very simple, hassle-free way.
The killer feature for me is a very low false positive rate. Very few legitimate emails get blocked, based on the way they are filtered.
1. Relying on willpower for long-term change
- Imagine willpower doesn't exist.
2. Attempting big leaps instead of baby steps
- Seek tiny successes, one after another
3. Ignoring how environment shapes behaviors
- Change your life and change your context
4. Trying to stop old behaviors instead of creating new ones
- Focus on action, not avoidance
5. Blaming failures of lack of motivation
- Make the behavior easier to do
6. Underestimating the power of triggers
- No behavior happens without a trigger
7. Believing information leads to action
- We humans aren't so rational
8. Focusing on abstract goals more than concrete behaviors
- Abstract: Get in shape. Concrete: Walk 15 min. today
9. Seeking to changea behavior forever, not for a short time
- A fixed period works better than "forever"
10. Assuming that behavior change is difficult.
- Behavior change is not so hard when you have the right process
Can anyone expand on what they mean by 3 and 6?
#11: Not realizing you can't imagine your future accurately.
Some changes you make are so significant it's like you are playing a whole new game. If you don't realize this, then you will not be a good judge of whether to make the change.
For example, let's say you enjoy playing basketball. Someone comes up holding a football and invites you to play football. You don't realize that he's talking about a new game with new rules and a new environment. You look at his oddly-shaped ball and imagine yourself trying to dribble that ball down the court. You conclude that you wouldn't enjoy football.
I've made numerous significant life changes, among them becoming vegan and going car-free. Both of those decisions are game-changing and so it's really hard to imagine yourself making those changes; you really have to just try it for a while before making up your mind.
For veganism, I often hear people say "I could never give up X" or "What do you eat?". They imagine themselves no longer eating their favorite foods, not realizing that after adjusting to veganism their palate will change and they'll have different favorite foods. And they also don't realize the abundance of vegan foods out there because they've never had an incentive to look, so they just assume they'd be eating salads all the time.
Ditching my car was another game-changer. I wouldn't recommend doing this unless you are in a well-designed city. I moved from Norfolk, Virginia to Boston, Massachusetts and ditched my car in the process. If I had imagined myself in the environment of Norfolk without a car, I would have never been tempted to do so. But I had visited Boston and also had lived for a while in Germany without a car and so I knew what it was like to live in a well-designed city without a car. Even so, I was pleasantly surprised by the amount of cost and inconvenience I was getting rid of by not having a car: no more gas-filling eating away my time and money, no more large key fobs filling up my pockets, no more having to ask my friends if they know a good mechanic, no more driving around forever looking for a parking space, etc. etc. All the inconveniences of owning a car were somewhat invisible beforehand and they didn't become quite so apparent until after actually ditching the car.
tl;dr: if you're making a significant life change, you can't accurately imagine what your new situation will be like by extrapolating from your past experiences.
But I think this list leaves out the important detail of understanding/addressing root causes.
It really makes you think about behavior change in a much clearer way.
A better argument would be that Facebook's valuations are being driven by large amounts of investor money injected into the Zynga symbiote, who throws nine figures a year at Facebook to continue identifying new pieces of brain matter to feed to their mad cows. I don't think that is a great argument, both because Ponzi schemes are not the kind of racketeering one should be worried about if one is worried about there, and because I think that Zynga is probably sustainable. They may be the only business on Facebook whose advertising is sustainable... but that would, by itself, justify a gigantic valuation for Facebook. (Perhaps not any particular valuation.)
Err -- television ads also just serve to get in the way and annoy users, when they want to sit and relax and do something completely different from hunting-for-stuff-to-buy.
But last time I checked, most TV channels are still running ads, 50+ years on.
* They could compete with Groupon (Or buy them). Groupon is an inherently social business, and Facebook can enjoy it.* They could compete with Skype and other VOIP service. Perhaps replacing telephony. Almost everyone has facebook, and you already have you friends inside, seems like a pretty direct step (After all, people come to facebook to communicate).* They could replace photo sharing websites (Flickr, Picasa...) if they just improved their photo's app (e.g. being able to view high resolution images).* They have the potential to become the internet ID for everyone, so that you could log in to almost any site with facebook.
I can probably come up with many more... I think the real question is whether Facebook can execute or not.
I can't figure out how Facebook will monetize, long-term, just as I couldn't figure out in the 1990s how AOL would monetize, long-term. AOL has been a dying property for a long time, but it was the platform on which a lot of free riders formed lasting friendships that have turned into real-life, face-to-face friendships. I'm perfectly content to be a free rider on Facebook on the same terms. Monetizing Facebook is a problem for Facebook's investors--it is not my problem. When Facebook eventually dies, as it surely must unless it comes up with an appealing way to monetize, I will move on with hundreds of good friends to the next new Internet thing.
Our startup has had a large amount of success with Facebook ads. Their segmentation makes it easy. In fact, Facebook ads are so successful it's becoming a danger. To some extent, we are reliant on them as a lead source and that's a really bad situation to be in.
But yeah, post a sensational title, reinforce that title 4 times in the first two paragraphs and then at the end say something like this:
>> Yet, their value and growth continues because they can use that money to grow their user-base more and assert profitability (in this sense it's not quite entirely a ponzi scheme, but there is no closer idea). It's possible that they do not even realize that they are like a Ponzi scheme.
What? It's not quite entirely a ponzi scheme?
There's a difference between an ad platform that doesn't fit your customer acquisition model and a ponzi scheme.
Nobody pays Facebook advertisers anything. They only pay Facebook. Its a pyramid scheme, but thats a horse of a different color.
People go to Facebook to interact with their friends. It is fundamentally different from the ad platform that is Google. People go to Google to find something they need, possibly ready to buy, which a good percentage of the time can in fact be solved by someone's ad.
He immediately understood that I meant Facebook and after chuckling he actually paused thoughtfully.
Fingers-crossed, but I think his current fund is too conservative for that sort of thing.
If you don't like a company, don't invest in it, and don't use it's products. But it's not your duty to scare other people away, especially not by reading tea leaves.
First, any ad buy is a gamble. Perhaps investing $100 in ads on Facebook can result in $1000 in sales. But the payoff here has everything to do with your own business, and nothing to do with the Facebook platform. Literally: mind your own business.
Second, I am interested in the thoughts of long term Facebook/Twitter/etc employees. These are people with actual knowledge of the roadmap, revenue, and vibe inside a company. Everyone I personally know at Facebook is extremely happy and bullish about their career there. Ask a friend that works there if it is a Ponzi scheme and watch his reaction.
I am interested in constructive advice about how you are building a successful startup.
I an not interested in these hit pieces from casual observers. I think the small portion of bloggers, commenters, etc. that try to knock Facebook down are having sour grapes. Are you really more confident in your own business acumen than Zuckerberg's? Is your business model perfect, with bubble free growth unto eternity?
But ultimately, there's nothing constructive here. What am I supposed to take away from this article?
The PG Yahoo article is a totally different beast. He was inside the machine and is offering his intimate business knowledge. This article is useless. Yet HN eats it up for some reason...
Disclaimer - I am not at all affiliated with Facebook but I was at the YC at FB event last week and it was fun.
He makes a case that they are not like Google's ad platform and then goes on to only account for a small subset of Google's ad platform (the part that is on Google.com search). Facebook ads are really much closer to Google's ad platform on (for instance) gmail.com or any non-google website, but he ignores these.
Most of his post could have replaced "Facebook" with "Billboard" or "radio ad" and be written in 1920.
As an aside, I have clicked on Facebook ads. Mopeds are listed as one of my interests, and two months ago there was an ad from Honda for the new Elite 110cc. I had no idea that they brought the Elite back. Targeted Facebook ads actually informed me of that.
It goes without much saying that the vast majority of ads are never clicked on or even noticed. But that's the case with Facebook, adwords, billboards, and so on.
In other words: not a Ponzi scheme, just an ad platform that is ineffective for some kinds of campaigns.
What you might not know is that demand generation spending is 10X demand fulfillment. You should definitely take that into account when assessing facebook.
Also, the reasons users like facebook is unrelated to their ad platform. I would say that alone makes it not a ponzi scheme.
On my site the bounce rate from Facebook clicks is 25% lower than the site average, and the the average user visits 4 pages per visit.
And I'm targeting software developers. A group more likely to be ad-resistant than many other groups.
You have to know how to optimize a Facebook campaign in-order to be able to make an effective one. Facebook's problem is that they make it easy to run an ad campaign, but not easy to run a good campaign.
It's rather limiting to think Facebook as an advertiser like Google. The real potential of Facebook is way beyond this. Facebook is not just connecting people to their friends. It is a middleman - a platform that connects customers to vendors, fans to artists, and gamers to game developers, and there could be much more than these. Think iOS as a platform that connects mobile users and app developers and how it has worked out - and would have worked out even it was a standalone company. Maybe someone will develop an Amway-style direct selling platform on Facebook. Maybe someone could develop a CRM and compete with salesforce.com for SMB. Or maybe a Priceline clone with social features would emerge. And good thing is Facebook does not need to do all these. It just need to inspire a developer community around it and evolve its platform to support new possibilities.
It's gold rush again, and like last time - it wasn't the gold miners that get rich; it was the people who sold the miners and other gold rush followers the tools and supplies they needed.
But it's certainly a completely useless advertising medium, from my limited experience with them for a few months. We spent hundreds of dollars of advertising on an iPhone app, and I don't think even moved the needle once.
Honestly it may be interesting news to hackers, but that's a lot of bandwidth that could be spent talking about startups. Just sayin'.
As it stands right now, sure, Facebook ads suck. They're all the way to the right, and they're tiny and unremarkable.
But right now FB is focused on growing their platform. Why wouldn't they be? It's not like they're beholden to any public shareholders. Once that changes, and those shareholders begin to pressure them, FB will turn their attention to ads. How could any sane business owner ignore that?
EDIT: Deleted my sub-response to Tom b/c it wasn't phrased well. I'm not interested in the author's contention, because whatever point he's making assumes that FB won't improve their ads. He even says:
"Mark Zuckerberg might have a fit of brilliance and then announce a revolutionary ad platform that somehow actually works on social networks. My guess is not."
FB is a company with 1000 bright engineers and a strong data team. I'd be shocked if they didn't know how poorly their ads are performing, and I'd also be shocked if they weren't working on a better ad platform right now. Dismissing a company with FB's user base, funding, and engineering team with a ridiculous quote like above isn't a compelling argument.
While I am by no means an expert in the field, they need to remember what they are and focus on that. Far more promising a prospect is the revenue sharing they do with companies such as Zynga. This model exploits all that Facebook does well: high retention to the site, and a high return rate. They need to stop focusing on ads as a form of revenue and monetize their social aspect creatively.
Soon Facebook will know more names and email addresses than gmail and unlike Google it has no problems selling them to advertisers.
I'm not sure it would be altogether brilliant for Facebook to improve their advertising to be action-oriented as opposed to passive. People use Facebook for events and will soon use it more for Q&A and eventually "what ___ should I buy?". I think it would be common sense at that point to have ads targeted to a user's planned action, just as in the past ads have been targeted to very specific demographics.
There are plenty of people who drop $1k on Google ads and end up with nothing to show for it too. Just because it doesn't work for some people doesn't mean it doesn't work for others.
iPhone is a platform for mobile applications.
Facebook is a platform for social applications.
Why would the latter not be marketable?
The Facebook Credits virtual currency stuff also has huge potential but I just don't think Facebook has found their "AdSense" yet.
They have already started getting their code onto other people sites with the Like button and all the share buttons; the next logical step is a Facebook ad platform like Ad Sense that can target specific demographics. This will make lots of money.
Do not make a mistake in thinking the same model or whatever you define as a social network will function the same in the future.
Facebook will do everything it can to preserve large cash stable and market leverage so it can morph its business into whatever it deems necessary or market demands of it, again and again.
Also, the author does not know what a Ponzi scheme is. Facebook Ads might be unsustainable, but it's not a bona-fide confidence trick of any sort, just like the VC dot.bomb burst at the turn of the century wasn't a confidence trick.
I've heard this argument but have yet to see any substantial evidence.
"Those little ads? Nobody clicks on those!"
Um, I don't know that I'd refer to to social games as an "extremely niche business". Also, social commerce/group buying sites have received incredible ROI from advertising on Facebook.
So the assumption is that I, as a user, am naturally more willing to share my contact information with anonymous application X than I am with my friends.
Naturally, this is indeed a transparent effort at lock-in.
One of the permissions read:"Send me email" (optional: send through a facebook proxy)
So now, you can also let the apps know phone number through the graph? I don't find that too big of a step. CAN-SPAM still applies. Perhaps they should set up proxies for the phone number, though.
What I find more funny is that ReadWriteWeb writes:
"Thankfully, this sort of information cannot be shared via your friends' careless actions, unlike other profile information."
which is in direct opposition to the attitude that blogs had on the same issue when Google complained that facebook was "trapping your contacts" by not letting you export them. Now they are thankful facebook doesn't do this :)
Opt-out..hahaha maybe opt-out of only the really obvious ways Facebook is selling your info.
I'm sure my relative would appreciate her abusive ex getting his hands on her phone number. (And given past problems with third parties, I have to think this information -- speaking generally if not specifically -- is going to leak.)
You use the cell phone number as part of password recovery / identity verification (as I understand it). And then you do this?
However, this really could be quite useful if used legitimately, i.e. Facebook commerce, having shipping address available; location aware apps etc.
Well, as long as we are not allowed to partially denie permission requests (which of course would make certain apps not able to share our information to other third parties)
1) There are UI issues that have been raised elsewhere in this thread - mainly, that users get confused when shown a set of complex options. Having watched usability studies where users are given a lot of relatively complex options, I'd suspect that a model where users have to pick among the permissions to give an app is going to fail massively (ie, user turns on everything without actually understanding anything, turns off everything by default or just cancels out of the app install altogether.) A model where apps request permissions right when it's needed will be annoying users with all the dialogs needed.
2) Some apps don't work if they don't get all the permissions they need (imagine an address book app for an email program - if you don't get email address it just doesn't work.) Adding a lot of conditionals to change how your app works based on what permissions they get can be expensive and adds a lot of unnecessary test cases.
In my opinion, Facebook's decision give more granular permissions, but to make it an all or nothing proposition allows them to protect their users by removing spammy/malicious apps, and simplifies the applications built on their platform . This puts responsibility on them to actively remove malicious applications, and on developers to pick only the permissions they need. Given that users tend to make bad decisions given a set of complex options that they don't understand, it seems like they made a rational choice. AppStores on the various phone platforms have a similar decision to make as to how to best protect users from apps, and there isn't consensus as to the best model in that arena either.
They do need to step up their activity to remove malicious apps in light of giving regular applications this option.
I thought his point was pretty clear: FB is rolling in cash and is the target of the latest 15-minute hype and 50 billion dollars of Goldman-Sachs paper valuation, but isn't really breaking new ground in providing the best possible platform for the Web, and he predicts that this will cause it to fail, like other non-ideal repackaging efforts in the past, because it is limited. And he has some experience in this, because he was an employee of AOL in the day.
And weirdly, here at HNN, of all places, I am witnessing a deluge of rabid Facebook fanboys, many of whom apparently think he's just an old fogie who doesn't understand the new generation. The world never ceases to amaze me.
EDIT: more words are always good, right?
This reminds me of a comment that we almost always get on HN when Facebook comes up, and its almost always right: it's not for you. If you want Bcc, it's not for you. The millions of people who are younger than you don't think to CC, let alone BCC. They want to communicate, and they want to do it now, and email is just that formal thing Dad uses. That's their terms, and Facebook gives it to them.
The author also discounts Facebook as being some sort of Neo-AOL. It is that, but where AOL faltered was being a completely walled garden. Facebook as a development platform, and, perhaps more importantly, an online identity to all sorts of other sites, makes Facebook use even more in-grained. I would love to see some stats from sites that allow Facebook Connect on how much their user registration went up. Facebook offers a portal, but also a wider identity, and they do it well.
If Facebook isn't for you, then that's that. But it doesn't mean what they're doing is wrong.
People use Facebook because they see past the "website" and read the content. They communicate with their friends and family. How many non-technical people have you ever heard complain about email apps? They don't because they use email to communicate, not to use an email app.
If the first thing you feel is "exasperation at the aggressive dimness of it UI and its functionality" then you need to find some new people to connect with so that you're actually interested in reading what they have to say.
Calling other people stupid for not building and maintaining their own website strikes as bit elitist, just as saying that people that don't design and build their own houses are lazy. We specialize.
To him it is easy / fun / rewarding to build his own blog, photo sharing, thingamabob. Sure, it has been for me too in the past. But it isn't anymore, especially because Facebook wins on the front of notifying my friends of things of mine they might find interesting.
In short, he is really missing the point, that Facebook has allowed millions upon millions of people to participate on the web in a way they couldn't before. Were they the first to try? No, but they are the first to do so so successfully across such a wide strata of users.
I also find it super ironic that he seems to think highly of Twitter (talk about lack of features!!) while gives Facebook a hard time for missing functionality. At least I can comment on 'status' messages on Facebook without changing my own status. :)
Then it dies down and everybody seems happy about Facebook.
Until a year later, HN is full of hate-posts again. So, if history is to repeat itself, I'd say that the hate will have died down by June and I'll get my hate-blogpost ready for next year, having missed this years Facebook-hating-season
So the guy who created Orkut must have been in the wrong place at the wrong time. Too bad for him. His Google stock probably only made him a millionaire. Totally uncool.
Does Facebook do that? I get recommendations of people I might know, but I don't recall ever being told how many friends I should have.
Lots of ranting towards Facebook here of late, I must say.Facebook is a great way of telling your friends that HTML5 has got a logo, for example. Also, this way your friends that arent on sites like linkedin will get an idea of what you're up to.
I'm sure people who are interested in programming and building webpages will go their own way in the end anyway.
Maybe I misunderstood this article and the previous about Facebook rants, in that case I apologize.
Just my .02
I did make a cute graphic out of it, if you want it: http://jaysonelliot.com/blog/2009/06/13/what-does-facebook-r...
I mean facebook had the same UI/policies/uglyness since quite some time, why sudden surge of facebook-bashing articles (followed by google)? I wonder how much of the content from above articles was written genuinely and not with alterior motives.
Facebook is incredibly innovative at growing its user base. No other social network has concentrated on and succeeded at this like Facebook.
> Its grasping attempts to get its hooks into every single thing I do feels like being groped by an overly obnoxious salesman.
One thing I will never forget though. The smell.
"The team encourages everyone to still come to Brisbane and support local business and the community - we need your support!"
After having been through the after-effects of an earthquake where I live it's been clear to see the difference it makes for businesses that can open to have custom.
1. __have home on high ground__
2. see 1
3. see 1
all else is bullshit and/or out of your control (eg. level of flooding, degree of local or government competence/planning/assistance, etc.)
Is this an event that could have been prevented or is this a 1000 year flood?
That said, the Wivenhoe in this case did precisely what it was meant to do, and those who operated it did an admirable job under extremely trying circumstances, IMHO. It simply wasn't designed to cope with the volumes of rainfall that occurred, afaict.
I hope the forthcoming inquiry will not focus so much on the smaller-scale "tactical" decisions that led up to the flooding (it will be news to nobody if it turns out some mistakes were made: I'm sure there were), but more on the state's water management strategy as a whole. Unfortunately the news reporting I've seen so far has already tended towards the former.
It's water management strategy that has failed SE Queensland twice in the last few years: first when the water nearly ran out after the drought, and now only two years later there's too much water by half. Neither drought nor flood are strangers to Australia, so half-arsed measures and excuses should not cut it for anybody. Increasingly unstable weather conditions caused by climate change make it even more urgent that we get this right.
We also stopped describing the video as optional. In practice it wasn't.
Just curious if there is anyone that has gone through YC with an established company, and how that worked out for you.
they are a great way to methodically think about your team and ideas (like "What do you understand about your business that other companies in it just don't get?")
EDIT: As someone pointed out on IM, it's acceptable but we're expected to mention it in #9.
Does that count? How far you have progressed in mindset and development of the product? I wish there was a field for that in the application. I'd be interesting to see that progress, IMO.
Let me know when it's fixed...
>VP8 is not a standard. It was developed secretly by a single company, and until recently, had only a single working implementation. The public wasn't open to collaboration on the specification until the bitstream spec was frozen, including the bugs that existed within.
This is an interesting point. One I had never even realized.
One area that unfortunately it didn't really cover was the impact of widely available hardware and GPU-accelerated decoding for H.264. Surely the millions of non-PC devices being sold with H.264 support (even baseline) will have some effect on the outcome of the new video format war.
Great article though!
(I'm not being rhetorical)
Google's, Mozilla's and Opera's actions and careless, uninformed (or possibly intentionally slanderous) responses in this discussion clearly show that their issue with H.264 isn't that H.264 isn't open enough, but rather that it isn't gratis enough.
>incompatible with open source
Does this make sense to anyone? It seems to me the word open doesn't mean much now.
1. Level3 started offering CDN services. By leveraging their existing peering relationships (as a tier 1 ISP) they could essentially subsidize the transit costs of the CDN business, compared to e.g. Akamai which had been paying Comcast for peering to reach Comcast customers.
2. Netflix got a good offer for CDN services from Level3, and switched a bunch of their content from Akamai to Level3's CDN.
3. Comcast therefore saw a bunch of paid traffic turn into unpaid traffic overnight, and complained.
This is a business dispute between two self-interested parties. Is it really fair for Level3 to use their position in the ISP business to undercut competitors in a new CDN business? Was it fair a few years ago when Akamai caved and agreed to pay Comcast for peering? Will it be fair for Comcast to use a newly acquired media property to exact revenge on Netflix/Level3?
The problem with Network Neutrality is that it takes a complex issue, the product of many complex business relationships, and frames it in a black-or-white context. The history here is complicated, and the only thing I'm sure of is that everyone's a bad guy sometimes.
I am a Comcast residential HSI customer, and have many clients who arebusiness HSI Comcast customers. At the same time, I do maintain serversin my own racks at a datacenter.
What is not mentioned in this letter, is that Comcast is already beingpaid - by me, and by every other customer, for access to the content.
Note that Comcast has never said that the Level3/Netflix issue is aboutusers exceeding their allotted bandwidth (currently at about 250GB/monthfor residential); presumably, were a Comcast user to use 249GB ofbandwidth downloading cute pictures of cats, Comcast would have noobjection.
It appears to be the specific issue that Netflix is a possiblecompetitor to Comcast's TV business, that somehow causes Comcast todecide that there is a problem.
Understand this: every Netflix video to be streamed, is specificallyrequested by a Comcast user, operating under the Comcast-advertised"High Speed Internet" service and presumably within the bandwidth capsthat Comcast's own contract allows.
That Comcast presumes to have the right to limit, modify, or decide forme which pieces of the Internet I can have access to, removes Comcast'scommon carrier protections, calls into question the truth of your (meaning Comcast)advertisements for the HSI service, and raises the issue of whetherComcast is dealing in bad faith with each and every Comcast HSI subscriber.
Way, way too late. It went from 10 to 5 a few years ago.
Remember it makes no difference if it's Republican or Democrat they are both pro massive-corporation. Wait until Comcast starts moving it's call centers overseas to increase their profit by reducing US labor costs.
If politicians aren't going to fight corporate control of health care decisions for the nation, why do you think they are going to bother about something like the internet.
Let the downvotes commence.
His Nerd Handbook (http://randsinrepose.com/archives/2007/11/11/the_nerd_handbo...) quite likely saved my relationship with a highly non-technical increasingly significant other. I owe the man a bunch.
EDIT: i'm wearing my hoodie, yo!