hacker news with inline top comments    .. more ..    20 Apr 2011 Best
home   ask   best   8 years ago   
1
FBI seized PokerStars.com, FullTiltPoker.com, UB.com,... domain names twoplustwo.com
865 points by bjonathan 4 days ago   382 comments top 74
1
points by nika 4 days ago replies      
Reagan is the one who signed "asset forfeiture" into law. I remember at the time reading newspaper articles claiming this was "just going to be used to keep drugs off the streets" and how "law enforcement are outgunned and now can defend themselves against drug dealers".

It was obvious to me then that this was a violation of due process. Also, it is not authorized by the constitution, and thus every act of seizure under it is criminal act. (There is a federal law that makes it a felony to violate constitutional rights under color of law. Fourth amendment prohibits this.)

Notably, Bush the First, Clinton, Bush the Second and Obama have not made any moves to undo this legislation.

Meanwhile, this has been used to take money from bikers on their way to buy a motorcycle, and random motorists in Florida and Texas who get pulled over for speeding. "It could be drug money" says the "law enforcement officers" who take life savings and then spend it on themselves.

Just because they haven't seized your assets yet, doesn't mean you aren't at risk.

When the government can take whatever it wants, without any legal restraint, and in violation of the ultimate law of the land, that government is not a legitimate government.

We should be outraged. We should be throwing the bums out-- from Obama down to the local state congresspeople or local sheriffs and judges who fail to take actions overturning this, or who themselves participate in this. It does not matter what party they are from, they are all culpable, and they are all criminals.

Edited: I removed the reference to my property that was stolen by the FBI because it prompted many people to attack me below. I really would rather the discussion be about how to resolve this issue for domain names, or maybe some discussion about how to overturn these seizure laws.

Edited: I've made the legal case in defense of those wrongfully convicted. I cannot keep up with the tide of people who have no citations of the law, but are quick to disparage me personally, for my crime of defending victims here.

Frankly, I think that the ease with which people assume that "naturally" these people were "bad guys" and therefore what they did was "illegal" despite the law and the constitution, is the very proof of my central point that the government is out of control, and they are getting away with it because people can't be bothered to challenge the belief-- taught by government in government schools-- that the "rule of law" holds sway.

2
points by mycroftiv 4 days ago replies      
This is a disaster. A very sad day for the internet. We are entering into pastor Niemoller territory here: first they came for the file-sharing websites, next they came for the online gambling websites, and I would guess that Bitcoin is probably next in line, and following that, Magic: the Gathering online and the MMORPGs.
3
points by lawnchair_larry 4 days ago replies      
The hijacked DNS has not propagated everywhere yet. Mine are still working. If anyone has last minute business to do on these sites, such as cashing out before the FBI steals your money, add these to your hosts file:

$ host pokerstars.com

pokerstars.com has address 77.87.179.116

pokerstars.com mail is handled by 20 mx20.pokerstars.com.

$ host absolutepoker.com

absolutepoker.com has address 66.212.244.175

absolutepoker.com mail is handled by 10 mail.absolutepoker.com.

absolutepoker.com mail is handled by 5 mx1.absolutepoker.com.

absolutepoker.com mail is handled by 5 mx2.absolutepoker.com.

$ host fulltiltpoker.com

fulltiltpoker.com has address 91.211.98.20

fulltiltpoker.com mail is handled by 200 mit-mx00.fulltiltpoker.com.

fulltiltpoker.com mail is handled by 100 mx00.fulltiltpoker.com.

$ host ultimatebet.com

ultimatebet.com has address 66.212.244.148

ultimatebet.com mail is handled by 100 mailb.ultimatebet.com.

ultimatebet.com mail is handled by 200 mailc.ultimatebet.com.

ultimatebet.com mail is handled by 10 mail.ultimatebet.com.

$ host ub.com

ub.com has address 66.212.231.205

4
points by TY 4 days ago replies      
It's real and it's happening now.

I have nothing to do with online gambling (anymore), but this just sent shivers down my spine. Who's next?

The US Government has just strengthened the case of those who were concerned about having parts of Internet infrastructure under the control of the US government.

Domain seizures have been happening for a while (i.e. [1]), but this case will probably be the highest profile to date and will hopefully raise public awareness about this disturbing issue.

I won't be surprised to see US based domain registrars to start loosing a lot of their business quite soon.

[1] http://www.nytimes.com/2008/03/04/us/04bar.html

5
points by pero 4 days ago replies      
SAN FRANCISCO (MarketWatch) -- Federal authorities unsealed an indictment Friday against the founders of the three largest internet poker companies operating in the U.S. The indictment charges eleven defendants, including the founders of PokerStars, Full Tilt Poker, and Absolute Poker, with bank fraud, money laundering, and illegal gambling offenses, according to Federal authorities in New York. Restraining orders were issued against more than 75 bank accounts used by the poker companies and their payment processors, while five Internet domain names used by the companies to host poker games were seized, federal authorities added in a statement. http://www.marketwatch.com/story/doj-indicts-founders-of-top...

Indictment
http://www.justice.gov/usao/nys/pressreleases/April11/schein...

6
points by nbpoole 4 days ago replies      
For those that are skeptical, check the nameservers:

http://network-tools.com/default.asp?prog=dnsrec&host=po...

http://network-tools.com/default.asp?prog=dnsrec&host=fu...

http://network-tools.com/default.asp?prog=dnsrec&host=ub...

All of the domains point to nameservers at cirfu.net, which appears to be the FBI's Cyber Initiative and Resource Fusion Unit (http://itlaw.wikia.com/wiki/Cyber_Initiative_and_Resource_Fu...)

What's more interesting (to me): the domains don't appear to have been using US domain registrars.

7
points by dstein 4 days ago replies      
Has a bureau of the US federal government just claimed ultimate authority over the internet's domain name system?

If this is the case, then obviously we have a very serious problem on our hands. This threatens the way the internet works at the infrastructure level. Clearly the US needs to be stripped of their root DNS server privileges.

8
points by ssclafani 4 days ago replies      
The indictment from the DOJ with a list of the charges:

http://www.justice.gov/usao/nys/pressreleases/April11/schein...

9
points by heyitsnick 4 days ago replies      
I'm happy to see this featured so highly in hacker news.

As a professional poker player, the biggest concern right now are players balances. I know players with 250k+ bankrolls that are extremely concerned about the status of their money online.

Right now it's entirely unclear the relative size of the seizures.

If anyone has any questions from someone in the midst of this, fire way. I'll be up all night.

10
points by dpifke 4 days ago replies      
Someone came up with a Firefox add-on to automatically use alternate domain names when one tries to access one seized by the US Government:

http://torrentfreak.com/firefox-add-on-undoes-u-s-government...

I'm reminded of the John Gilmore quote, "The Net interprets censorship as damage and routes around it."

11
points by olalonde 4 days ago replies      
Isn't their image with no alt tag (http://pokerstars.com/banner7.jpg) in violation with Section 508 Amendment to the Rehabilitation Act of 1973? [1]

    Section 508 of the Rehabilitation Act of 1973 

A Federal law requiring US government electronic and
information technology (EIT) to meet accessibility
requirements

[1] http://en.wikipedia.org/wiki/Section_508_of_the_Rehabilitati...

12
points by InclinedPlane 4 days ago replies      
I for one am incredibly glad!

Nothing is a more serious menace to our society and our way of life than ... online gambling. I'm glad that in this time of unprecedented natural disasters, geopolitical unrest, and financial crisis our government still has its priorities straight.

13
points by ajg1977 4 days ago replies      
Probably related to this - former online gambling lynchpin turns cooperating witness.

http://www.couriermail.com.au/ipad/web-kings-life-on-the-lin...

14
points by eftpotrm 4 days ago replies      
While I'm not at all surprised to see this happening, I'm still astonished that the USA continues to try to stamp out gambling through legislation. I remember growing up being astonished at the number of references on USA TV shows to illegal gambling; I've never once come across it in the UK.

I love cricket, but there's been a persistent series of match-fixing and spot-fixing allegations for years, almost exclusively originating from illegal south Asian (primarily Indian) bookmakers. The legal markets haven't been the source of this sort of problem at all.

Much as I might not like gambling, there is a persistent human desire for it and the evidence seems to be that banning it, as so often, exacerbates rather than minimises harm. The US government should stop trying to hold back the tide on this.

15
points by lusis 4 days ago replies      
This is actually perfect. Filesharing sites don't register on the average user radar.

Online gambling sites? Joe Schmoe's everywhere are about to get seriously angry.

It's sad it came to this but maybe it takes something as overreaching as this to get the attention of people.

16
points by eof 4 days ago replies      
Wow this is huge.

I used to play online poker for a living, I had a decent chunk of cash locked up for almost a year when they came down on online poker previously (UIGEA) http://en.wikipedia.org/wiki/SAFE_Port_Act#Internet_gambling...

It's worth noting that these are NOT American companies. It doesn't look like anyone (players) has had their assests seized; but this is bad news for a lot of people.

It also appears people are still playing.

17
points by sp332 4 days ago replies      
The MAFIAAFire Firefox plugin will redirect seized domain names to alternate domains. It's already working with all of the domains listed in the article. https://addons.mozilla.org/en-US/firefox/addon/mafiaafire-re... Of course, it depends on how much you trust the maintainers of the plugin not to do something nefarious :)
18
points by ig1 4 days ago replies      
As what happened with the guys run the porn redirector under the Libya domain, if you're using a domain/registrar which is regulated under laws which make your website illegal then you're just asking for trouble.

It's just basic common sense: Use domains/registrars which fall under the legal authority of a country in which your website is legal.

19
points by vessenes 4 days ago replies      
If the press release is true, these guys are going away for a long time. They allegedly bribed the owner of a US bank with cash and allegedly purchased 30% of the bank in exchange for the bank allowing them to circumvent US money laundering and anti-gambling laws.

There's a lot of civil liberty discussion in this thread, but I think this is actually a fascinating story about the linkage points between the internet and the real world -- in the real world, these guys needed bank processing. To get it, they went way, way over the line, as did the Bank owner.

20
points by eli 4 days ago replies      
Crazy. DC government just passed a bill allowing the city to offer online gambling. Will the FBI also sieze dclottery.com?
21
points by j79 4 days ago replies      
Viewing Google cache, I noticed ub.com about us page:

All financial transactions are processed by Hoop & Javelin Holdings Ltd., Vincenti Buildings, Suite 522, 14/19 Strait Street, VLT1432 Valletta, Malta, owner of this website.

Can the FBI seize the domain because it's a .com TLD? Or, because transactions were occurring in the States?

22
points by pumpmylemma 4 days ago replies      
Okay. This makes me want to indulge in youthful indignation.

If I saw this and was at a company like OpenDNS, I'd start considering saying "No. Sorry. We're going reverting back to the last good record." The federal government might have technical jurisdiction, and U.S. customers might technically be violating U.S. laws but the ability of the federal government to seize internet properties terrifies me because it might set a national and international precedent. (Other countries already do this, but U.S. doing it kinda makes it globally sanctioned.) I'm terrified of a slippery slope, even though I usually find slippery slope arguments dubious. (Plus, I just think this is a dumb seizure to begin with...)

(End of youthful indignation.)

23
points by skunkworks 4 days ago replies      
US government has been gunning for poker sites for a while (since 2006 when the UIGEA passed). Some places like Party Poker withdrew from the US market, while others flourished by skirting the rules to the best of their abilities (e.g. can't have ads for internet gambling on TV, so let's make a play money site fulltilt.net that will eventually funnel traffic to our real cash games).

I am however surprised that they're seizing domains as I figured this would remain one of those "live and let live" legislations, like the online gambling equivalent of brown-bagging your drink. I imagine this will not end well for whoever was involved in this decision.

Also, 2+2ers sup bro.

24
points by redorb 4 days ago replies      
http://www.whatsmydns.net/#A/fulltiltpoker.com

Shows the propagation is underway.

25
points by ig1 4 days ago replies      
It's worth noting that most gambling sites warn their employees against travelling to the US. The US has in the past arrested employees of foreign firms for actions which are entirely legal in their home country but illegal in the US.

And it's not just gambling sites, in 2001 Dmitry Sklyarov was arrested on a similar basis.

26
points by angrycoder 4 days ago replies      
Coming soon...

PokerStars.cz
FullTiltPoker.ly

27
points by bostonscott 4 days ago replies      
This is another case of government manufacturing criminals.

"There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted and you create a nation of law-breakers."

- Ayn Rand

28
points by andrewcooke 4 days ago replies      
when this happened a while back for wikipedia and filesharing sites i wrote a script that lets you add, update, dump, and share entries in your local hosts file (you can even put the text on a website and pull it from a url). it's not really much use since the sites will be moving anyway if no-one else can contact them, but in case someone finds it useful - https://github.com/ghettonet/GhettoNet
29
points by brk 4 days ago replies      
It seems that it's stuff like this that could be the biggest driver in validating non .com domain names.

I could see a Benelux registrar organization setting up a quality .tld that was free from seizure over stupid shit.

There are still other minor routing problems that can occur, but with proxies and DNS, that is much much more of a whack-a-mole problem than high level domain name seizure.

30
points by jdp23 4 days ago replies      
31
points by cabalamat 4 days ago replies      
Note to self: all future domains I buy won't have a .com extension.
32
points by thought_alarm 2 days ago replies      

    Winners don't conduct illegal gambling operations.

-- William S. Sessions, Director of the FBI

33
points by akavlie 4 days ago replies      
So yeah, about that distributed DNS idea...
34
points by BrandonM 4 days ago replies      
Did anyone happen to cache the IP address for fulltiltpoker.com? I'd like to add it to /etc/hosts so that I can at least connect to the client and get a screenshot of my balance.
35
points by Maascamp 4 days ago replies      
36
points by ajays 4 days ago replies      
You know, these "asset forfeiture" laws will never change as long as it's the 'little people' who are getting reamed.

The day the government grabs the assets of a few rich people, you can bet your ass these laws will change in a hurry.

37
points by jhamburger 4 days ago replies      
I was under the impression that Howard Lederer and possibly several other "celebrity" poker players had ownership interests in Full Tilt Poker so I'm surprised I don't see any familiar names listed as defendants in the indictment
38
points by fanboy123 4 days ago replies      
CNBC Twitter:
Three Largest Internet Poker Companies Charged With Fraud, Illegal Gambling - Pokerstars, Full Tilt Poker, & Absolute Poker - Charged
39
points by andrenotgiant 4 days ago replies      
40
points by mrtron 4 days ago replies      
Online gambling is legal almost everywhere - how does the FBI have the ability to do this?
41
points by viraptor 4 days ago replies      
The event was big and changed a lot... but not for pokerstars or other services.

The client can use ips to auto-update with new domain names probably (it's got a pool of addresses to try). In a few days enough new links will be created to pokerstars.net that it will be reasonably visible on google. Service itself will buy loads of domains and start advertising as pokerstars.{your_tld}. In the meantime, pokerstars.net is still available as usual.

42
points by ynniv 4 days ago replies      
In case anyone thinks this is about deterring online gambling, Washington DC (the municipality, not the Federal government) has recently legalized online gambling as a type of lottery.

[ http://hosted.ap.org/dynamic/stories/U/US_ONLINE_GAMBLING_DC]

43
points by beedogs 4 days ago replies      
America sucks more every day.
44
points by vnorby 4 days ago replies      
WHOA, that's really big news for the poker industry. These are all very large, very big businesses (talking billions of dollars) in the US. Can anyone confirm if their poker clients are still functioning properly?
45
points by beaker 3 days ago replies      
I don't know why but this issue really irks me. The hypocrisy on this is off the charts. Gambling is legal in our country - the WTO has made that legal judgment (http://www.ibet.pro/2007/08/25/us-government-ignores-wto-rul...). Our actions are an attempt to preserve a protection racket for U.S. gambling operations and it's just wrong. Not only that but the strategy of seizing domain names, arresting execs, will never solve this problem. This shit pisses me off - I'm sorry.
46
points by enb 3 days ago replies      
"Australian internet whiz Daniel Tzvetkoff, who has become a prized FBI informant in a bid to avoid a 75 year jail sentence in the US, may have brought down the multi-billion dollar American online poker industry.

The three poker sites - PokerStars, Full Tilt Poker and Absolute Poker - have been shut down."

Read more: http://www.brisbanetimes.com.au/technology/technology-news/f...

47
points by Maro 4 days ago replies      
I'm located in Hungary.

Pokerstars.com works, Fulltiltpoker.com works, UB.com gives me an FBI page.

48
points by Natsu 4 days ago replies      
If anyone hasn't figured it out yet, the Internet Police have come and they're starting the crackdown. So people who have been relying on the non-enforcement of certain laws, even the dumb ones, are going to get some nasty surprises soon. Or at least, that's how it looks to me.

They've killed several botnets and lots of other sites, too, if anyone has noticed.

49
points by codexon 4 days ago replies      
Here's what the domain names look like, for those of us who's DNS hasn't propagated yet.

http://50.17.223.71/

50
points by ataggart 3 days ago replies      
And yet so many people are urging this same government to craft new "net neutrality" laws. Bewildering.
51
points by PHPAdam 3 days ago replies      
PokerStars is back - http://pokerstars.eu

This is the message I get when I log in:
http://i.imgur.com/PfUl4.png

52
points by whackedspinach 3 days ago replies      
How exactly am I supposed to live in a system like this? I understand I can't have a perfect legal system, but the amount of effort required to challenge these ridiculous seizures seems very difficult. There are so many unconstitutional laws that need to be fixed. We need a second supreme court.
53
points by metachris 4 days ago replies      
Pretty strong charges:

* Violation of Unlawful Internet Gambling Enforcement Act [5 years prison]

* Operation of Illegal Gambling Business [5 years prison]

* Conspiracy to Commit Bank Fraud and Wire Fraud [30 years prison]

* Money Laundering Conspiracy [20 years prison]

And for all of them fines double the gross gain or loss: http://www.justice.gov/usao/nys/pressreleases/April11/schein...

54
points by MaysonL 4 days ago replies      
An interesting article about Sunfirst Bank, and a previous brush with money-laundering problems:

http://blogs.reuters.com/financial-regulatory-forum/2011/01/...

55
points by AlexC04 4 days ago replies      
Odd, they're all resolving for me. I wonder if that's USA only? I'm in Canada
56
points by tlack 3 days ago replies      
So far the US is only cracking down on domains in the .COM TLD. Do you guys think the US will eventually crack down on non-US-owned TLDs that are operated by US entities, such as .CO (operated by NeuStar)? And after that, perhaps a doomsday scenario, will they eventually force US-hosted DNS caches to expunge records that are related to criminal activity as, in a way, they are aiding and abetting..
57
points by dendory 4 days ago replies      
This will only get worse, and the US has no issue with doing this with International sites. Remember rojadirecta.org? It's a Spanish site, owned and operated in Spain, that fought for 3 years a legal battle, and won. Then the DOJ just came and in one day seized the domain. No appeal, no warning, their whole legal battle for nothing. They have been offline ever since. The Internet is at the complete mercy of the guys in ICE.
58
points by teyc 2 days ago replies      
59
points by roscohearts 4 days ago replies      
FBI needs to back down, citizens have a choice.
60
points by thehodge 4 days ago replies      
Another interesting thing to note is that most of these are not US companies (I doubt any of them are, my guess would be a US based registrar)
61
points by MaysonL 4 days ago replies      
Two ineresting side notes:

pokerstars.net is still up

pokerstars.co.uk gives a 404 error, after redirecting to pokerstars.com/uk

seems like sloppy webmastership from the FBI.

62
points by ForumRatt 2 days ago replies      
This domain seizure nonsense is just the tip of the iceberg.

http://www.computerworld.com.au/article/383473/white_house_r...

63
points by caf 3 days ago replies      
The entire attack on online poker, and poker in general, is funded, supported and encouraged by that completely immoral mix of human misery and animal cruelty known as the racing industry.

The sooner horse racing ends up where it belongs, alongside dogfighting and bear-baiting, the better.

64
points by warmfuzzykitten 4 days ago replies      
They're resolving to normal web sites for me in California. It takes six hours for DNS servers to resolve? I checked whois and it looks perfectly normal. Also, you can ping the domains to get the URL, e.g., http://77.87.179.116 Is this story true?
65
points by pathik 2 days ago replies      
Meta: This is probably the most upvoted HN post I've seen.
66
points by jneal 4 days ago replies      
Wow, I don't know why this surprises me so much - although I know plenty of people that play poker "illegally". A quote simply because I personally feel it's ridiculous.

I also recall the difference between the poker related .com and .net sites. So fulltiltpoker.net is still up as is pokerstars.net - that, if I recall correctly, was because the .net website was aimed a playing poker with "fake money" while the .coms were all aimed at playing poker with "real money"

67
points by nothans 3 days ago replies      
Web app to report how much money is frozen in your poker account: http://socialsensornetwork.com/online-poker
68
points by Chrono 4 days ago replies      
The sites mentioned still resolves for me but if this is actually true... I am at a loss of words
69
points by thehodge 4 days ago replies      
They all show for me apart from absolutepoker.com but that could be DNS related
70
points by rooshdi 4 days ago replies      
Well, there goes Full Tilt Capital...
71
points by loganlinn 4 days ago replies      
The domain, http://www.pokerstars.net/, is still up
72
points by antidaily 4 days ago replies      
So no season II of 2 Months 2 Million?
73
points by nicklovescode 3 days ago replies      
The worst part: look at the HTML they replaced it with!
74
points by idefix 4 days ago replies      
seems to open fine in california
2
Why the password "this is fun" is 10 times more secure than "J4fS!2" baekdal.com
414 points by joshwa 4 days ago   169 comments top 45
1
points by iuguy 4 days ago replies      
It's interesting. The author shows some fundamental misunderstandings and makes assumptions that are not necessarily based on real-world situations to present an idea that longer strings with more recognisable characters (e.g. passphrases) are better than shorter strings with larger keyspaces. If you pick two data points you can actually fiddle with the numbers to present either side of the argument as the truth. For example:

A full 16-bit unicode 2 character password has 65 536^2 or 4,294,967,296 permutations to work through.

A lowercase alphabetic password of 6 characters in length has 26^6 = 308,915,776 permutations.

Of course there's a tradeoff involved, and that tradeoff is what IT departments try to manage, with mixed success. It's easier for the software to determine whether or not the password contains methods of increasing the keyspace than whether or not the user has typed out a 200 character long series of 'A' characters, so that's what they use. I don't know whether or not increased length has a higher risk of collisions for some algorithms (that's tptacek territory, not mine). Over time, software products have been guided by best practice standards from organisations like COBIT that define and mandate complex passwords based on keyspace rather than length alone.

Secondly, there is a difference between an online brute force and an offline brute force. Depending on the algorithm, with the right kit (or Amazon EC2 instances) you can get billions of hashes per second to crack a password hash offline. At that point your increased length only matters if the attacker doesn't know about the complexity. The samples provided are terrible as they're all lower case with a space at most. This is the poor end of the trade-off. To brute force a SHA-1 hash of the word 'sum' on my 2 year old laptop takes less than a second.

Online brute forcing (e.g. brute forcing a web form) is generally something you're not going to do if you're looking to compromise a web account, unless it is a specifically targeted attack (e.g. the user is an admin or a specific person of interest). In these situations your brute force rate is dependent on your network throughput, the application's ability to respond to concurrent requests and any other factors that may affect it (such as any monitoring system). Your web application on a linode slice will probably choke out between 40 and a hundred attempts per second (and you'll notice it unless you're blind or have no performance reporting). If you can get past the automation detection in larger sites, like Amazon, Google, Twitter etc. you'll probably be able to go much, much higher. For this reason, web site brute forces tend to be dictionary based, or at most on dictionaries and a number.

Ultimately when choosing a password you need to consider what you're defending against. If you own the box or the app, chances are you trust the defences. If you're going to change the password every few months then maybe you will choose a weaker password. If you don't own the kit and you're not intending to use the password, then use a tool such as Keepass[1] and generate the passwords yourself. That way it doesn't matter what J Arthur Random says on the Internet, you won't need to remember the passwords at all.

[1] - http://keepass.info/

2
points by ianferrel 4 days ago replies      
The author relies on the assumption that one can try 100 passwords per second (or, fewer, in the case of an extra delay), but that doesn't correspond to real-world security breaches.

The danger of having an insecure password is not that someone will bombard the server with login requests. That can easily be detected and stopped by even the most cursory of server security. The danger is that they crack the server and get the list of password hashes, at which point the time to crack a password is dictated by the hardware at their disposal and the hashing algorithm. Your server capacity or timeout protocols are irrelevant.

So, the 100 attempts/sec number is essentially a fiction. It applies only to a manufactured threat. The real threat is much worse, which means that a password like "this is fun" is not reasonably secure.

3
points by patio11 4 days ago replies      
The danger with semantically meaningful passphrases is that they have a lot less entropy than you think they do. I still use them for everything, but it is something to be aware of. (You can get more by e.g. padding it with a number, doing the usual l33tspeak tricks, etc.)
4
points by michaelochurch 4 days ago replies      
I would not use "this is fun" ever. If it becomes at all common for people to start using 2- or 3-common words instead of smaller non-word strings, password crackers are going to start generating 2- to 4-word strings. "This" and "is" are two of the most common words in the English language. A flat dictionary approach may take prohibitively long, but a smart password cracker is going to start with the most common English words, and I just don't believe "this is fun" will survive very long.

If you use 3 uncommon words with no logical connection ("masquerade nefarious pulchritudinous") you are probably safe, but if two of your words are among the language's 100 most common, and your password is a sentence... bad idea.

A cracker faced with a 20-character password space is going to choose "this is fun" before "J4fS!2". It's only with a 6-character password space (which is pathetically small) that "J4fS!2" is likely to be hit.

5
points by tel 4 days ago replies      
As I wrote in another comment, high entropy passwords by definition must be hard to remember. It's not strictly true, but it definitely refutes the title of this submission.

While I think this post is rather optimistic in its calculations " using maximum entropy distributions, for instance " it does bring up a good point: Personally memorable nonsense sentences are rather high entropy.

Actual practical guessing is not pure distribution entropy but instead closer to the KL divergence since an intelligent brute force guesser has to make assumptions about the password distribution in order to reap benefits. If your password comes from an expected distribution (letters in English words, words in English sentences) you're losing a whole lot of potential entropy, traded for particular memorability.

If you can hedge between those bets, though, you're in a good place. "this is fun" is not actually terribly secure compared to "J4fS!2" unless you're actually attacked by a uniform dictionary brute force search. "slurping radicals debilitate enzymatically" is super high entropy and quite likely easier to remember than "J4fS!2".

6
points by juiceandjuice 4 days ago replies      
Assume there are 7500 very commonly used english words. A three word sentence, all in lower case, would yield 421 Billion permutations. Let's say, of those 421 billion permutations, which don't tense or plural nouns about 1 in 5 are familiar english language constructs, which drops down to around 20 billion permutations. In this case, if we took all capital letters, all numbers, and 6 punctuation characters, we'd end up with ~67 unique characters, for a combined 82 billion permutations.

Furthermore, like Richard Feynman discovered in Los Alamos, you could narrow down the possibilities of combinations if you know something about a person. You could probably build profiled dictionary attacks and reduce possibilities a lot.

So, is it more secure? No, it's maybe equally secure, but it would completely depend on the attack. A combination of capital letters would probably be more secure though.

7
points by cool-RR 4 days ago replies      
One advantage of gibberish passwords like "b923F$5mvA" is that if someone looks at your fingers while typing them, he'll have a hard time figuring them out from your keypresses, whereas if you typed "this is fun", it would be much easier.

Ditto for when someone has a visual glimpse of your password which is only a few seconds long. (e.g. someone looked at your laptop screen while you got an email with your password from an irresponsible website.)

8
points by jjcm 4 days ago replies      
This should be fairly obvious to anyone who's done any sort of combinatorics - you're saying that a 10 character password using symbols and lower case letters is more complex than a 6 character password using 36 more characters in the character pool. Anyone who's even glanced at password complexity research will be able to tell you that. To break down the numbers though, a 10 character password using lowercase letters and symbols (spaces) has 30155888444737843000 possible combinations. A six character password has 735091890625 combinations (around 1/4000th of the complexity, assuming a brute force approach). While the author also takes into account the possibilities of using a dictionary attack, you can't really tie a number to the search space for that. It depends on the breadth of what the program will go to. Will it check alternate spellings (color/colour)? Will it check for apostrophes? Foreign languages? Etc.

A while back I wrote a small piece of JS to demonstrate to some people the complexity growth in passwords. Some people didn't believe me that asdfasdfasdf was more complex than Fc34!j_, and this was the end result. Feel free to play with it. The source is rather simple as well:

http://files.jjcm.org/jspass

9
points by synnik 4 days ago replies      
There is a huge logic gap here. He is comparing 11 characters passwords to 6 character passwords. The difference in length also will account for a significant difference in the time required with brute force.

I think what he is trying to show is that is that the lower security of using multiple common words on a password with 11 characters is still greater security than a random 6 character password, and still quite acceptable.

10
points by jasonwatkinspdx 4 days ago replies      
The most useful thing we can do as web developers:

- support very long passwords, so that users can use pass-phrases if they like.

- use bcrypt or the like for storage

- do not create easily cracked side channels, like a fixed set of "security questions" for forgotten passwords

11
points by onedognight 4 days ago replies      
"this is fun" has structure and I suspect is an easy password to guess from the pool of all three word passwords. Just like using a dictionary is better than brute force, trying common words that usually go together when guessing three word passwords is much better than trying all three word passwords. If Google were to write a "word" password cracker using their data trove, I suspect "this is fun" would go down early. Likewise putting spaces between words would be to the Google cracker like adding a number on the end of a dictionary word is to a standard cracker.
12
points by ig1 4 days ago replies      
No it's not. If I was brute forcing a password these days, I'd use the google ngram database, and "this is fun" and pretty much any other memorable phrase would fall pretty quickly.
13
points by stretchwithme 4 days ago replies      
hmm, perhaps I'm missing something, but shouldn't systems just not allow you to attempt to login so much and so frequently?

I guess these systems do get hammered by so many improper attempts and you'd risk blocking the actual account owner. But if a billion attempts are made from the same ip in an hour, shouldn't that be considered suspicious?

Personally, I like what Google's doing with the two-step verification. That's probably where security should be going.

14
points by merloen 4 days ago replies      
In my 25M word corpus, "this is fun" occurs 23 times. There are only 94,000 trigrams that occur more frequently.

Therefore, you should be pessimistic, and consider the password "this is fun" less safe than passwords in the shape [a-zA-Z]{3}, like "tsP", of which there are 140608.

Assume attackers know the algorithm (e.g. three common words, one 7-letter word in l33tspeak, a 6-letter string of random ascii characters) but not the parameters.

15
points by barmstrong 4 days ago replies      
One benefit he didn't even mention: keyloggers

Someone scanning a keylogger file might not even notice "this is fun". It doesn't look like a password.

The only time someone has gotten my password was actually from a keylogger when I logged into Facebook at a hostel while traveling.

Pro tip: Another way to defeat those is using the virtual keyboard in windows to "click" your password in. I do this while traveling now.
http://www.microsoft.com/enable/training/windowsxp/oskturnon...

16
points by tzs 4 days ago replies      
If site X suggests to users that they use pass phrases consisting of common words chosen at random, then "this is fun" is not very secure. A brute force attack using /usr/share/dict/words found on many Unix systems would take about the same effort as a brute force attack on an 8 character random password where characters are drawn from upper case, lower case, digits, and common punctuation.

You'd actually break most people's common words passwords using smaller word lists, say the 4096 most common words. Three words from the top 4096 chosen at random gives a password equivalent to a little under 6 characters of mixed case/digits/punctuation.

17
points by jarek 3 days ago replies      
"None can remember a password like "J4fS<2", which evidently mean that it will be written on a post-it note."

That's bullcrap. Few will remember this password, but most can if they try. My work domain password is over 8 characters in this level of complexity and it took me about 10 minutes to get used to typing it, a day to fully get it into muscle memory. If you ask me what my password is, I'd have to type it out.

18
points by swaits 4 days ago replies      
This person is just.. confused, to put it nicely.

My password system is detailed here: http://news.ycombinator.com/item?id=2431480

It's secure, passwords are never stored, and it's not based on any false premises.

19
points by meric 4 days ago replies      
Doesn't anyone use code for password?

  {login(url='google.com',user='meric',password='sun');}

20
points by EGreg 4 days ago replies      
He forgets one of the easiest ways of getting people's accounts:

http://xkcd.com/792/

21
points by presto8 4 days ago replies      
The title is a bit misleading. The passphrase "this is fun" may be 10 time harder to brute-force than "J4fS!2", but both are hard enough that nobody would bother trying to brute force attack them. So they both are equally acceptable. I personally would rather type "J4fS!2", and here's why:

We use PGP Whole Disk Encryption at my company. The passphrase strength requirements are quite strict. It took me about two dozen attempts before I found a password that it would accept. The password was something along the lines of what the article is proposing, five short English words arranged in a sentence (about 25 characters long). This was acceptable to PGP because the software prefers longer passphrases with less entropy per character over short passphrases.

The problem is that it's quite hard to type this long passphrase in when all you can see on the screen is stars or dots. The longer a passphrase is, the higher chance there is of introducing a typo. A shorter passphrase, mixed case and with symbols, is, at least for a programmer, easier to type, especially with muscle memory.

In the case of PGP Whole Disk Encryption, they obviously realized this since you can press the tab key to enable showing the password in plaintext as you type it. I always do this because it increases the success rate of my password acceptance quite a bit.

On an unrelated note, it seems that a far bigger security risk on the Internet is the use of the same password on multiple web sites. If you use "this is cool" on ten different sites, then you are opening yourself up to serious vulnerability if one of the sites is compromised. Using a hash of a common password with the domain name provides a lot more security, but the simple implementations available today produce passwords that are short with mixed case and symbols versus long strings of words. But since the only sane way to use this approach is with a password manager, extension, or bookmarklet anyway, this doesn't seem to be a major limitation.

But having to create and remember short three to five word passphrases for dozens of web sites would be a daunting challenge!

22
points by pronoiac 4 days ago replies      
I think dictionary attacks are a far more common attack profile than looking for written down passwords. Also, pointing out common passphrases is a good way to ensure that passphrase checking makes it into later iterations of password cracking.
23
points by EGreg 4 days ago replies      
In http://qbix.com , we have implemented passphrases out of the box for all of our apps.

Try signing up there. You will find that the passphrase suggestions are quite nice. To obtain them, I took three random words, searched yahoo news for those words, and for each result, chose 3 contiguous words and presented it as a passphrase suggestion.

In the event that Yahoo is unreachable, our server generates one of 50 million unique phrases from ADJECTIVE NOUN VERB NOUN. I would say this produces greater entropy than if you left people to choose their own passphrases, even if they don't copy our passphrases exactly.

24
points by tcskeptic 4 days ago replies      
When helping people construct passwords I always guide them to use an acronym from a favorite line of a song (or bible verse, or poem depending on audience) and then add a symbol and a number. So for example if you really like Led Zeppelin you might take the opening line"

"Hey Hey Mama Said The Way You Move Gonna Make You Sweat Gonna Make You Groove"

and turn it into the password hhmstwymgmysgmyg!8

or "The woods are lovely, dark and deep. But I have promises to keep"

to become: twaldadbihptk$9

Easy to remember, relatively high entropy, pretty good compromise.

25
points by mleonhard 4 days ago replies      
My undergraduate research addresses this subject:

A Comparative Study of Three Random Password Generators

http://tamale.net/pub/2007/pwdgen/pwdgen.eit2007.proceedings...

26
points by contextfree 4 days ago replies      
“In a sense, there is no such thing as a random number; for example, is 2 a random number?”
27
points by dvdhsu 4 days ago replies      
I refuse to believe that there are no tools that can dictionary attack sentences.
28
points by Ratufa 3 days ago replies      
Good "dictionaries" for doing on-line brute-force attacks don't just contain words, they contain likely passwords. Guidelines for choosing good passwords should point this out. For example, something like "J4fS!2" is a much much more secure password in terms of protection from on-line attacks than "letmein" or "chang3m3" or "tryandguessthis" or "password123" or "root!@#" or "b4ckm3upsc077y". All of those passwords are actual passwords taken from the list used by an SSH brute-force password cracker.

Because people aren't random when they choose words to remember (e.g. "beavisandbuthead" is also on that list), a better set of password-choosing directions would provide instructions one how to add some additional (pseudo-)randomness to passwords that are being created. The classic "pick a phrase, take the first letters + punctuation" method is one way to do that ("pap,ttfl+p" is a somewhat strong password), and it's not hard to think of other password generation schemes that also create strong passwords.

29
points by 16s 3 days ago replies      
Speaking of passwords, I believe hackernews account passwords are transmitted over plain-text HTTP. Even the password reset is plain-text HTTP. Perhaps that will change soon?
30
points by mcorrientes 4 days ago replies      
Using multiple words or even sentences as password (as described in the article) doesn't even work always, there are too many websites or application which have a password length limit.

I recommend to use a password manager, KeePass is quite good.

Good password manager should be able to easily generate a new strong and complex password every time.

Remembering only one password and getting rid of the laziness of choosing always the same password is another advantage too.

Even if a website that stored your password in clear text and someone hacks the website, you shouldn't have to worry about other applications or services you may have used with the same password.

My personal rule is to choose unique strong passwords (alphanumeric and symbols) with at least 9 chars.

Brute forcing a password with 8 chars was with my 5870 no big deal at all, but cracking a password with 9 chars is too expensive (ec2 gpu) or takes to long for the usual hacker.

If someone really brute forces my password, with gpu and a cluster support, damn, than he really deserve it.

But that's just my two cents.

31
points by troyhunt 1 day ago replies      
It's a bit hard to know where to begin responding to the number of inaccuracies in the original post. So here's a complete summary: http://www.troyhunt.com/2011/04/bad-passwords-are-not-fun-an...
32
points by billmcneale 4 days ago replies      
Another positive aspect of sentence passwords is that they are more likely to survive a keylogger attack.
33
points by LiggityLew 4 days ago replies      
What about moving away from semantics (easy to remember words) and change to patterns on the keyboard? That's how I handle my most secure passwords. Patterns on the keyboard using all the keys and combinations of shift create passwords that are easier to remember than a random length string, and can become quite long (>8 chars).
34
points by jitbit 4 days ago replies      
I wonder how many people will use "this is fun" as their password after reading this...
35
points by torstesu 4 days ago replies      
1. Construct a complex password key with a minimum length of 8 characters, e.g -Kr/2.pq4

2. Make an algorithm based on the URL. E.g. news.ycombinator.com
a) Take the last 4 characters in the URL, excluded the domain suffix: ator
b) Shuffle the letters based on your algorithm: orat

3. Combine the password key and the output of your algorithm: orat-Kr/2.pq4

4. Always enjoy individual, secure and easy to remember passwords for any services.

The algorithm you use can be more complex, e.g. adding characters in between, but the basic idea should be explained.

36
points by jcfrei 4 days ago replies      
the author only considers common words attacks, what about common phrases attacks? with a database consisting of common sentences, (eg. from reuters) those passwords could be broken in a much shorter timeframe than claimed in the article.
37
points by spullara 3 days ago replies      
Not any more. Now added to all the password dictionaries.
38
points by vshlos 3 days ago replies      
I started writing a response, but then it got too big. Basically the 5 second timeout is a bad idea because its implementation is not worth the effort. http://oim.ae/gx8qMD for the reasoning.

But the other thing, use UTF8 high value characters. Or simply learn Russian and use a password from russian words.

39
points by reedlaw 4 days ago replies      
This is why I like using Passpack. I can store secure passwords securely without post-its.
40
points by xilun0 3 days ago replies      
The author either knows basically nearly to nothing in computer security and password bruteforcing, or knows stuffs but miserably failed to properly communicate the hypotheses used (he did communicate some of his hypotheses, but not in an appropriate way that would have rightly prevented the general public from making password choices based on this article while under radically different conditions) and caveats to take into account when interpreting his examples.

This article is misleading in the sens the results it gives are only applicable for very narrow cases, and fast reading it can give the impression that "J4fS<2" is a "secure" password and that "this is fun" is even more secure. While this can be true under those very restrictive hypotheses he used, the fact that it was not prominently warned that those hypothesis should not be blindly used for basing password choice for random online web sites or other things makes this article dangerous.

41
points by kodemunky 2 days ago replies      
This article is total crap, the author has very little in the way of security clue -- how does such nonsense make it onto HN?
42
points by Draft_Punk 4 days ago replies      
TL;DR - Password fundamentals...length always beats complexity.
43
points by dude_abides 4 days ago replies      
Not any more.
44
points by drivebyacct2 4 days ago replies      
Novelty accounts on HN? Really? I guess I've quickly become a pessimist in the last few days of changes around here but the green on what is presumably new accounts highlights the poor quality of new commenters.
45
points by zyfo 4 days ago replies      
I never understood this. Why? I can't imagine this being the bottleneck for a secure password in any realistic situation.
3
The unofficial Google shell goosh.org
388 points by JCB_K 1 day ago   50 comments top 22
1
points by growt 1 day ago replies      
Hi, I made this some years ago. In fact it was the reason to sign up as a hacker news user :)

I didn't had the time to update it, so some things are broken (login, auto complete). And the open source project never caught traction.

2
points by eneveu 1 day ago replies      
That's cool, but I like the Google Command Line interface even more:

http://code.google.com/p/googlecl/

I was blown away the first time I edited Google doc using vim, hit ":wq" (save), and saw my changes reflected instantly in my browser, where I had opened the same document.

The Oauth authentication was also pretty cool. Instead of asking for your Google credentials every time / saving them on your machine, the first GoogleCL use opens a browser window, prompts you to log into your Google Account, and asks you to authorize the Google CL client. You may then revoke this permission at any time (like any Oauth token).

3
points by Symmetry 1 day ago replies      
You might be a UNIX geek if:

You type "cat news" and then are confused that the results involve felines.

4
points by tybris 1 day ago replies      
I'm just shocked that something that uses a Google search API survived for more than 2 years.
5
points by JonnieCache 1 day ago replies      
I love the use of the url fragment.

Type some commands and hit the back button a few times.

6
points by random42 1 day ago replies      
Pretty Awesome. I'd love it even more, if it had auto-complete on the command-line too.
7
points by xd 1 day ago replies      
Looking at the svn repo (http://goosh.googlecode.com) this project is over 2 years old.
9
points by djacobs 1 day ago replies      
Very cool. `man login` says that you only see the username we type in. How are you authenticating?
10
points by dhruvbird 23 hours ago replies      
I've made something like this for DuckDuckGo, but haven't released it since I want tab-completion (uses a static list for now). Will release as an official UI once DDG gets search suggestions.

http://dhruvbird.com/tty.html

Edit: There is no GA tracking on this page even though I use to for my site (other pages) - to keep with the general privacy experience of DDG

11
points by keyle 1 day ago replies      
Wow I've been thinking of writing something very similar lately using nodejs and parsing the html (maybe using lynx --dump). But this is pretty much as good idea and blazing fast!
12
points by praeclarum 15 hours ago replies      
guest@goosh.org:/web> calculate 1 inch in m
Error: could not calculate that.

:-( fail. But still a really great concept!

13
points by hsmyers 1 day ago replies      
Appeals to the inner command line in me. Needs a spell command to make it complete for me :)
14
points by ilazarte 1 day ago replies      
If it's unofficial its 'An' instead of 'The'
15
points by Levi 1 day ago replies      
I enjoyed this quite a bit. Set it as my new homepage.
16
points by JMKwins 1 day ago replies      
cool !
17
points by emwa 1 day ago replies      
typed pwd got search results.
18
points by hutushen222 1 day ago replies      
cool
19
points by briancray 1 day ago replies      
Fun
20
points by IVirOrfeo 1 day ago replies      
goosh goosh goosh...
21
points by MikeKusold 1 day ago replies      
'su root' doesn't seem to work. It just shows search results. I'll file a bug report.
22
points by lloeki 1 day ago replies      
Gah. "sudo make me a sandwich" returns actual results.

There has to be a few easer eggs.

5
Hacking The Status Game amirkhella.com
294 points by amirkhella 1 day ago   89 comments top 24
1
points by jseliger 1 day ago replies      
If you're interested, try reading Keith Johnstone's Impro: Improvisation and the Theatre, which has gems like this in it:

"Once you understand that every sound and posture implies a status, then you perceive the world quite differently, and the change is probably permanent. In my view, really accomplished actors, directors, and playwrights are people with an intuitive understanding of the status transactions that govern human relationships. This ability to perceive the underlying motives of casual behaviour can also be taught" (72).

Or this: "A further early discovery [in theatre status games] was that there was no way to be neutral [...] The messages are modified by the receivers" (37).

Consequently, we all have to play status "games" (an imperfect term that nonetheless gets used frequently) whether we wish to or not. Attempting not to play such games might confer the highest status of all, implying that one doesn't need to rely on status modifications to achieve social standing: one is beyond the petty concerns and judgments of others. Chances are that almost one actually is beyond such judgment, but we would like to pretend that we are.

2
points by mindcrime 1 day ago replies      
There is much wisdom in improv. I would encourage anyone and everyone to take at least a "Intro to Improv" or "Improv 101" course. It can definitely change your outlook.

And as far as "hacking the status game" goes, this is part of what the Pickup Artists have been teaching for a while... how a given woman reacts to you is largely about how you present yourself. Act like she's the superior in the relationship, "the prize" as it were, and she'll lower her view of you. Treat her as a peer, or someone of lower status, and you actually become more attractive. Well, that's the theory anyway, and it definitely seems to be borne out at times.

Of course this concept is more general than just interacting with the opposite sex. But you have to be careful... too much of this with your boss, and you may get written up for insubordination or something. :-)

3
points by limist 1 day ago replies      
Fascinating. And furthermore, smart people may be at a major disadvantage with this game; as Bertrand Russell said, "The trouble with this world is that the stupid are cocksure while the intelligent are full of doubt." Put another way, overconfidence and bravado come readily to those with the least real skill and insight; people who know enough to realize they don't know may often stay quiet and deferential.

But at the other extreme, people who have reached mastery in something often exhibit a subtle authority which shows up in body language alone.

4
points by sp332 1 day ago replies      
Almost every person correctly guessed the number on his or her forehead, or was off only by 1! Could this mean that it wasn't a game we were playing for the first time? Could it be that we're playing that game over and over every day?

Really? Maybe it's just that, once everyone knows the rules of the game, they are reasonably successful in communicating a tiny piece of information (a single number) to each other.

This demonstrated that by simply deciding to change my own status and acting accordingly, the other person almost immediately granted me that status and at times, changed their own.

That's because he thought he was supposed to, not because it was necessarily something he would normally have done.

5
points by shalmanese 1 day ago replies      
One thing that's always important to emphasize to people who first discover status games is that it's not always about high status. High status is high reward but also high risk. Properly playing the status game means being able to move fluidly from high to low status as the situation and context demands.
6
points by munificent 1 day ago replies      
The scene in Office Space where Peter is talking to the two Bobs, while presented as comedy, is a perfect example of how this actually works. As soon as he acts like he isn't subordinate to them, they begin to feel that he's "management material".
7
points by kongqiu 23 hours ago replies      
This is such a key insight. Coming from a lower-middle class background and working my way up in large corporations, the power of "status" slowly dawned on me. Some kid from a well-off background comes in and acts like he owns the place, and it works with 7 out of 10 people! Meanwhile a guy from a lower socioeconomic class comes in, works his arse off and hesitates asking for a raise because he's afraid of overstepping -- this guy gets looked down on or taken advantage of by 7 out of 10 people.

Would be nice to have learned about this earlier.

8
points by iterationx 1 day ago replies      
If you get really good at this sort of thing you can take people's wallets just by asking
http://www.youtube.com/watch?v=DR4y5iX4uRY
9
points by asymptotic 15 hours ago replies      
Was it just me or did anyone else think of "Outliers" by Malcolm Gladwell? The author of this article implicitly assumes that all the participants of the game come from similar cultural backgrounds.

Read: http://bokardo.com/archives/what-malcolm-gladwells-book-outl...

Some cultures, e.g. Colombian or South Korean, are more geared towards respecting authority than other cultures, e.g. New Yorkers. A collision of two such disparate cultures can result in disasters such as Flight 052:

https://secure.wikimedia.org/wikipedia/en/wiki/Avianca_Fligh...

More details about the Power Distance Index (PDI): http://www.maximizingutility.com/2009/06/culture-clash-power...

10
points by fxm4139 1 day ago replies      
The timing of this post is a coincidence because I just did the "status game" this past weekend at my improv class. It's a fun insightful game and Amir is spot on about the fact that we are always playing this game. In fact, we were in a class with 12 people, and after walking and interacting around the room (while only knowing the numbers of everyone but yourself on the forehead), the instructor asked us to arrange ourselves in ascending order in a line. It was amazing how almost everyone knew where exactly they were with respect to everyone else (especially when a #5 and a #6 interact, its hard to figure out if you are the superior or not, but the subtleties do tell quite a bit). Both times we did the exercise, only one person was out of place, and that too, they were right next to each other.

Like mindcrime says, there is quite a bit of wisdom in improv. I enrolled in classes because I wanted something very different to break up my usual routine that mostly involves writing code. What was really enlightening to me was that most of improv was not about being funny, but really about the fundamentals of how to communiciate and convey something to a fellow improviser as well as the audience, in the least amount of time (short scenes).

11
points by 6ren 22 hours ago replies      
Strikingly similar to "karma". People don't care about some number, but their status.

When pg experimented with visually distinguishing people with high avg karma (an orange dot IIRC), many people noticed the changing status dynamics (a lower "cringed" before a higher), and it discouraged discussion between equals.

12
points by DavidMcLaughlin 18 hours ago replies      
I guess this could be good advice for manipulating status for short time periods (dating, job interviews, business meetings, etc.), but fortunately once it goes beyond that (relationships, careers, business deals, etc.) the status of everyone involved will settle down to the natural order of things.
13
points by jdp23 1 day ago replies      
Well said. Skills and attitudes from improv are incredibly useful in all kinds of situations ...

A variant I'd suggest when playing the game in real life: as well as imagining an ace on your own forehead, imagine that the other person also has an ace.

14
points by frankdenbow 1 day ago replies      
A few summers ago when I was in Sunnyvale I took a course at the SF Comedy College (http://www.sfcomedycollege.com/). The course opened my mind up to being completely in the moment and creative without overthinking things (applicable to almost everything you do in life). They go through common improv exercises like Yes-ands and scenario role plays. Highly recommend improv classes.
15
points by d_r 1 day ago replies      
There is an excellent discussion of status games in the book "Impro." Highly recommend it if you're interested in hacking the non-tech side of things.

http://www.amazon.com/Impro-Improvisation-Theatre-Keith-John...

16
points by Tycho 1 day ago replies      
I wonder if this guy is hacking the status game with this 'my latest project Keynotopia was built in 3 hours with a budget of $47' claim.

It's like he's saying, 'yeah, that's right, I'm a fucking rock star programmer. The type that makes things happen. The type that's 100x more productive than the average coder. The type you need to hire.'

Cause otherwise, why would he bother saying that, as customers usually want to believe a lot of work has gone into something before they buy it.

17
points by iuguy 1 day ago replies      
I've always liked the phrase, "99% of success is just showing up", although to be honest 0% of success happens when you don't. Self-confidence is a hard thing to gain but really worthwhile trying all you can.
18
points by afterburner 1 day ago replies      
Also, think like a winner.

(Yay, games with life.)

Be careful with this when there are actual status labels in play. Like rank or position. Act like you're an Ace around a boss or slight superior who's not an idiot and you may find yourself wearing that person's patience down very fast.

19
points by karolisd 1 day ago replies      
Once you get an eye for it, it's very easy to see other people playing this game.
20
points by bzupnick 1 day ago replies      
if you go into a conversation mentally giving people status', and then swap in the middle unbeknownst to the other people in the conversation, wouldnt that just really confuse them and make them think, "wait, am I the alpha male or is he.....i coulda sworn he was but then, it just kinda changed..."
21
points by nhangen 1 day ago replies      
Great post until the end, when it was mentioned that everyone should be treated as an ace. I don't agree, because quite simply, not everyone is an ace.
22
points by alokt_ 1 day ago replies      
Isn't this analogous to a "guess a number" game? You have a stack of cards that range from 2 to Ace. If I were to play this game I would not start talking to a guy who has a King on his forehead. I would go to a 5-7 and then determine where I ranked, if I felt I were below 5-7, then I know I am in 2-4 or if I were above them, 8-K. It would seem it would only take only a few more iterations to figure out which status I have.
23
points by jcfrei 1 day ago replies      
dont play this with your friends.
24
points by chernevik 1 day ago replies      
Interesting. I imagine that observers notice "tells" of some kind when a person is acting above their own internal status estimate, and downgrade their own status estimate of that person accordingly.
6
Hashify.me - store entire website content in the URL hashify.me
288 points by kevinburke 7 hours ago   84 comments top 26
1
points by dpcan 6 hours ago replies      
I see this as a remarkable answer to the problem of needing to view a cached version of the website.

For example, what if a URL were posted to Hacker News, but after the URL was a ?hasifyme=THEHASH, where THEHASH was the Hash of the website linked-to.

This way, if the URL could not be loaded because the server load was to high, you could just forward the URL to Hashify.me and the cache of the plain text from the website would still then be readable.

Boom, instant cache of the website content stored right in the URL!!!!

2
points by kwantam 5 hours ago replies      
Last week on a whim I whipped up a URL shortener that expires the forwarded URL after one week[1]. Using that plus hashify, you can essentially make expiring web pages.

[1] pygm.us

3
points by danielsoneg 6 hours ago replies      
Oh, Bit.ly's gonna _Love_ you guys.

Seriousy, though - awesome hack.

4
points by gojomo 6 hours ago replies      
With a name like 'Hashify', I'm surprised they don't also offer the option of putting the content into the '#fragment' portion of the URL. Then, not even the hashify.net site would need to receive and decode the full URL; they'd just send down a small bit of constant Javascript that rebuilds the page from the #fragment.
5
points by powera 4 hours ago replies      
This is pointless. It's impossible to create two pages that link to each other, for one. Also, as noted, most browsers won't allow URLs greater than 2k in size.
6
points by shazow 5 hours ago replies      
Here's a Python shortcut:

Instead of...

    from base64 import b64decode
b64decode(foo)

You can do...

    foo.decode('base64')

Encoding works too. As well as zip (foo.encode('zip')).

7
points by Groxx 6 hours ago replies      
A fantastic abuse of technology. That's one heck of a URL.
8
points by paolomaffei 5 hours ago replies      
"A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum"

Hashify is not really a hash, is it?

9
points by antimatter15 6 hours ago replies      
I hacked together an encrypted (aes 256) read/write "database" once with the bitty API as the persistence backend.

However, this site disappoints me, it doesn't seem to do anything other than what a data URL can do, except it's vulnerable to downtime because of a centralized website.

Edit: for those of you unfamiliar with what a data URL is. You an store a HTML or image document using a URL like data:text/HTML;base64,hashifystuffhere

10
points by iamwil 5 hours ago replies      
I wonder if the equivalent of a quine for this is possible.
11
points by jules 4 hours ago replies      
So in effect, you're using bit.ly as a webhost. Url shorteners might not be completely useless after all.
12
points by riobard 6 hours ago replies      
What about gzipping the content first?
13
points by yakto 6 hours ago replies      
14
points by pedalpete 4 hours ago replies      
Clearly this is awesome, I'm curious as to what lead you to build it? Understanding that you weren't solving a 'problem', but you've created something really compelling here.

Care to give a peak into how you came up with it?

15
points by aj700 4 hours ago replies      
would be a good text "host" but needs clones, so that when it disappears in a few years I can still easily convert my urls back into the document therein. that's the one problem these text host sites have. they never last. this gets around this by hosting nothing, merely converting, but still.

and using bit.libya. i dont trust it.

isn't this also somewhat censorship resistant. since the hashify url without its bitly can be put anywhere on the web that is writable, thus making multiple copies available in a covert way.

16
points by bct 6 hours ago replies      
What are the differences between this and a data: URI? Just the shortener and that it can use out-of-band Javascript for the editor?
17
points by kqueue 6 hours ago replies      
This is going to break in cases where the request line grows above 8k-16k. Many browsers/proxies implement limits on headers/request lines, for good reasons.

It's a very cool idea though.

18
points by hElvis 5 hours ago replies      
I am just coding the same thing right now (began a week ago). Also had the idea to use bit.ly as shortener (because of its api) and make use of multiple shortened links to store the data. Right before looking at HN I was doing some research for a good js compressing algo.

On the one hand i am a bit disappointed (that i am too late), but on the other hand hashify.me is made far better I could make it. Great realisation.

19
points by mlinksva 6 hours ago replies      
Nice hack, though odd name given that no hashing occurs.
20
points by blantonl 5 hours ago replies      
I could see this as a very useful implementation for HTML5/Mobile Web sites.

Consider the user experience for the target site on a mobile platform. You have already loaded the site on your mobile device before even taking action, so when you click the link the response is much faster than requesting the site at the click.

21
points by micheljansen 5 hours ago replies      
At my workplace, this completely freaks out our corporate proxy, so no go :(
22
points by brndnhy 4 hours ago replies      
Careful.

Apache responds with an HTTP code 414-Request URI Too Large once the URI reaches around 8K in length.

Default limits exist in several load balancers as well.

23
points by theoa 6 hours ago replies      
Hashify.me seems to be overloaded for the moment. Nevertheless a brilliant and delightful concept!
24
points by petegrif 5 hours ago replies      
extremely cool
25
points by codejoust 3 hours ago replies      
Finally, an easy and quick way to decode base64 hashes.
26
points by sweis 5 hours ago replies      
7
Cellular Automaton Music Generator earslap.com
289 points by travisglines 3 days ago   50 comments top 28
1
points by bhrgunatha 2 days ago replies      
2
points by wheels 3 days ago replies      
This is pretty neat, but the idea is by no means new:

http://www.youtube.com/watch?v=5u5vBAMcLUE

3
points by peregrine 2 days ago replies      
http://earslap.com/projectslab/otomata/?q=2e3e4e5e6e7u8s8h8z... Making things not only auditory appealing but visually appealing also. This one has some interesting patterns.
4
points by zmitri 2 days ago replies      
Starting working on a JS version so I can use it on an iPad. It's pretty rough right now, but on its way. Need to add in the html5 audio and more complete collision detection. http://www.zmitri.com/static/automataJS.html
5
points by bajsejohannes 3 days ago replies      
This seems like a great idea for background music for a game. Repetition shouldn't be a problem at least.
6
points by agscala 2 days ago replies      
What part of music theory is applied to something to like this which makes all of the tones sounds very nice with each other?
7
points by wallflower 3 days ago replies      
See also: Wolfram's Tones

http://tones.wolfram.com/

8
points by Flow 3 days ago replies      
This was very interesting, look what I made after 5 mins of tinkering: http://earslap.com/projectslab/otomata/?q=06020n0j89796949
9
points by scythe 3 days ago replies      
A surprisingly short loop:

http://earslap.com/projectslab/otomata/?q=3z3o43503s

and some lame attempt at "chaos":

http://earslap.com/projectslab/otomata/?q=1h4o2n

(though of course these are just finite state machines and they all loop eventually)

10
points by simcop2387 2 days ago replies      
http://www.earslap.com/projectslab/otomata?q=0q2q4q6q8q0z2z4...

made this one by playing with the url itself. interesting format, each note is two characters describing X position and Y+direction it looks like so XYXYXYXY.

I built a table of the Y, the X are just 0 indexed numbers

    ^>v<
0 qwer
1 tyui
2 opas
3 dfgh
4 jklz
5 xcvb
6 nm01
7 2345
8 6789

11
points by trafficlight 3 days ago replies      
I want this as a VST.
12
points by bgraves 3 days ago replies      
This is a really great project!
Here's one that I made:
http://www.earslap.com/projectslab/otomata?q=1n204g7b7b6x6q4...
13
points by d0m 3 days ago replies      
Awesome; only suggestion I might add is a way to step back - or go to beginning (without copying the link I guess)
14
points by nazgulnarsil 2 days ago replies      
I accidentally created my most interesting one the first time and lost it forever.
15
points by babyshake 3 days ago replies      
Is there any way to interact with this programmatically via SetVariable calls made in javascript? I have some ideas for alternate input methods...
16
points by evolvingstuff 3 days ago replies      
This is quite fun to play around with! Many of the other CA-based music generators I've seen have sounded rather atonal and random compared to this one. Here's one I made using symmetric initial conditions (doing this makes for somewhat interesting visual patterns as well): http://www.earslap.com/projectslab/otomata?q=0q1q2q3q8w8y8p8...
19
points by deathbob 3 days ago replies      
What a beautiful and fun idea.

Here's one I did that develops really nicely.

http://www.earslap.com/projectslab/otomata?q=062m4l6s8q2p610...

20
points by SeanDav 3 days ago replies      
Really pleasing sound and interesting idea!
22
points by mitko 3 days ago replies      
Thanks a lot - this is the first time I actually create a melody that sounds good and it is sooo easy
23
points by bf84 3 days ago replies      
Very nice!

I remember Native Instruments had a Game of Life-based drum pattern sequencer in one of their Reaktor packages.

24
points by wbhart 3 days ago replies      
Amazing.

It would be really cool to be able to change the number of rows and columns and also the instruments and tones/chords for each row/column.

It's fun opening more than one browser tab and having more than one of these going at once. I refer you to my comment about needing to be able to change the instruments.

25
points by mmcdan 3 days ago replies      
I hope this gets made into an iphone/android app. I would definitely play around with this on long trips.
26
points by rasur 3 days ago replies      
Some excellent work there, and interesting Supercollider projects too. Nice one!
27
points by nphase 3 days ago replies      
I want this as a monome app.
28
points by mkrecny 3 days ago replies      
This is awesome!
8
What was the code quality of the initial version of Google? quora.com
288 points by mlinsey 4 days ago   72 comments top 14
1
points by nostrademons 4 days ago replies      
The irony is that this is still going on at Google, and presumably everywhere else in the industry as well. Some new strong-willed engineer joins, takes a look at the code, declares "This is amateurish. We should be doing so much better," and then gets a whole bunch of people to rewrite it, usually in a different language, with a different style of coding.

I'll credit this with a major shift in my thinking about what constitutes "good" programming. From the outside, I looked at Google and thought "wow, they're accomplishing amazing things, they must have amazing engineering practices". And yeah, things are pretty rigorous...but what I found was that the people who were, by and large, responsible for all those amazing things didn't care. Most of them had fairly loose preferences for favorite programming languages, and favorite development methodologies, and basically ignored the fad du jour. What they did have was an obsessive focus on the user, and on getting things done so they could move on to get other things done. Navel-gazing about what language was best or whether we should be using OOP or how stupid the previous engineers were was generally reserved for the B-players. The As were thinking about how we could return results as you type, or how we could process real-time microblog feeds, or how we could expose new and potentially groundbreaking new features without losing millions of dollars from UI tweaks.

Basically, the code quality of the initial version was "good enough", as was the code quality of every subsequent version of Google (except when it wasn't, which is when it got rewritten), and that's all that mattered. As long as you can do useful things for the user, it doesn't matter whether your coworker thinks you're a 1337 hacker.

2
points by smoody 4 days ago replies      
I was developing an app in Java at the time (1996). The Java motto was "write once, run anywhere." (everywhere?) We used to say "write once, debug everywhere." It was a mess (granted, we were using it to build a client, not a server). A San Jose Mercury news reporter and asked Eric Schmidt (who was running the Java show at the time) to respond to my claim that Java was buggy and Eric Schmidt replied with something along the lines of "If it's crashing, then they must be bad programmers."

Of course I got the last laugh because he went on to become a billionaire. Wait a minute.... maybe he got the last laugh. Either way we're both laughing to this day.

3
points by sriramk 4 days ago replies      
Slightly tangential note. I read Steven Levy's book last week - it is a very good read. If you are even remotely interested in technology and entrepreneurship (which is probable give the site you are seeing this on :) ) - you should definitely go read this.

The parts on Google's early years are very nice. The chapter on Google in China is also phenomenal.

4
points by klochner 4 days ago replies      
The most surprising thing for me: python was much more stable then java at the time.

Checking wikipedia, python was released 4 years before java. I always just assumed python was a more recent language.

5
points by tokenadult 4 days ago replies      
An excerpt from the new book In the Plex by Steven Levy, quoted in the Quora post:

"Over the course of that two years Page and Brin had figured out Backrub's applicability to web search, failed to license the technology to Excite or Altavista, and had founded their own company."

I still remember the days when Altavista was the very best at Web search, and Excite had some features that made it worth checking as a plan B. It was near the end of the two years described in the excerpt when I started noticing Backrub regularly crawling my site, which used to rely primarily on Yahoo for online search referrals. I became a Google user as soon as the Web crawling from Google identified a site I could visit to see the sender of the Web crawler in action. I became hooked almost immediately, and started telling my friends about Google in online forums as I discovered more and more pleasantly surprising highly relevant results from searches I did. Too bad for Altavista and Excite that neither company grabbed PageRank and other Google technologies when they had the chance.

6
points by eneveu 4 days ago replies      
>What surprised me was that Larry Page had lots of trouble getting his crawler and indexer to work, partly because he was in Levy's words "not a world-class programmer" but also because of lots of bugs in the brand new and still unstable language he was using, which was called Java.

Reminded me of:

http://groups.google.com/group/comp.lang.java/browse_thread/...

7
points by rdl 4 days ago replies      
I sort of miss the time when knowing how to use Google (and knowing to use Google at all) allowed you to be instantly 10-100x smarter and more productive than everyone else. (it still applies, just not in the tech industry; being able to google to find drivers for obscure industrial or enterprise computing hardware is sometimes a competitive advantage, but that's about the limit)
8
points by arfrank 4 days ago replies      
There are two excepts of the book at the bottom of the answer that also link to a free preview of the first chapter. I'd recommend reading the preview even if you don't plan on buying the book right now.

https://kindle.amazon.com/post/1EJFN69GTE3AN

https://kindle.amazon.com/post/2BJ69NQFHGN1P

9
points by kenjackson 4 days ago replies      
Sold me on Levy's book.
10
points by cydonian_monk 4 days ago replies      
Backrub....  

I don't recall the name, but I remember using something exactly like (the originally intended) Backrub my first year in the dorms (1996 or early 1997).  The program I was using was more of an overlay where you could draw on the page (using a simple MS-paint like UI) in addition to adding text annotations.  You could either keep the changes local, or share them on some central site.  It's downfall, as I recall, was threefold: buggy code, popularity, and the publicly annotated copies of popular websites turned into layer upon layer of graffiti.  Something like the original concept for PageRank as mentioned would've been perfect. 

It was a neat concept, but really only practical (as implemented) for the static web.  It died long before dynamic page generation became widespread.  (I just can't remember the name of it! :) )

11
points by dillona 4 days ago replies      
What did they switch to after Python wouldn't scale?
12
points by gromy 3 days ago replies      
“Larry Page's grad school project was initially designed to be a way for users to make comments and annotations on web pages.”

Google has been trying to learn social since before its inception.

13
points by nikcub 3 days ago replies      
If this was an ad for the book then it worked, just bought it and am reading it now - fantastic so far
14
points by fedd 2 days ago replies      
the article makes the day i ship my shit be the next week, not next month
10
Oracle gives up on OpenOffice after community forks the project arstechnica.com
281 points by creativityhurts 1 day ago   72 comments top 11
1
points by gregschlom 1 day ago replies      
It seems that Oracle doesn't understand that the main asset of an Open Source project is it's community, not the code base. And this is not something that you can control at will.

Also, let's not forget that it's not only Open Office. This exact same story is happening to Hudson CI right now. The community has already switched to Jenkins, and I bet it's a matter of time before Oracle announces they discontinue Hudson, too.

2
points by jrockway 1 day ago replies      
Now we just need to take care of Solaris, VirualBox, MySQL, and Java, and we can finally stop caring about Oracle.
3
points by flomo 1 day ago replies      
This doesn't surprise me as OpenOffice / StarOffice never really made sense as a business to begin with. Sun invested in it because it allowed them to "eat their own dogfood" (not use Windows) and arguably out of McNealy's obsession with taking down Microsoft.

It will be interesting if the community does anything with it. My guess is that it will be mostly small feature enhancements and integration changes. None of the corporate supporters seem to really want to be in the Office business, so my guess is that any major new release is probably years away, if at all.

4
points by ilikejam 1 day ago replies      
Is this really a surprise to anyone? Oracle have been pretty clear that they're only going for high-end infrastructure deployments, so they're probably glad that OpenOffice has been taken off their hands. They're likely waiting for someone to take MySQL off them in a convincing way as well to get the EU off their back.

Oracle are only interested in turn-key hardware-OS-DB-middleware stacks, and you better believe they don't give a flying toss about anything Sun owned that doesn't fit in that vertical. It wouldn't surprise me if they end up refusing to support anything that isn't mounted in an Sun/Oracle 19" rack (to be honest, that might not be a bad thing - Sun/Oracle racks are pretty nice).

To be completely clear: Oracle really, genuinely, absolutely, does not care about anything which doesn't fit into their model. I've been on the receiving end of a number of Oracle support (re)negotiations, and it never works out well for anyone that doesn't have a red O on their business card. Buy Oracle shares if you have the cash, but stay the hell away from their products if at all possible.

5
points by jordan0day 1 day ago replies      
On a related-to-the-article-but-not-the-content note, did anyone else think the image choice was absolutely perfect?
6
points by Derbasti 1 day ago replies      
Oracle just gets this 'open' stuff!
7
points by Vlasta 1 day ago replies      
What bothers me is the trademark issue. Why should Oracle keep OpenOffice and the fork has to use another name? Trademarks exist to protect the public. Which of the projects is more true to the original one?
8
points by ThePinion 1 day ago replies      
Amazing! Now let's get MySQL back!
9
points by rmorrison 1 day ago replies      
This seems like a dangerous precedent for Oracle to set for itself, especially when it's sitting on many other popular open source projects.

Not that this comparison is 100% accurate, but they could learn from why the police don't give in to terrorist demands.

10
points by Andrex 1 day ago replies      
The writing was on the wall.

Wonder what's next...

11
points by RexRollman 1 day ago replies      
I have to admit to detesting Oracle but I am glad to see they have seen the light of day regarding OO.
11
Living in the zone jacquesmattheij.com
276 points by swombat 4 days ago   82 comments top 37
1
points by edw519 4 days ago replies      
Once you realize this you try to replicate the conditions that lead to is.

"Replicating conditions" rarely works for me. No matter how much I stage the room, the lighting, the time of day, my mood, etc., it doesn't seem to matter. Why? Because I'm focusing on byproducts, not the real thing. The only way I can get back into the zone is to work on "zone appropriate" work that is "zone ready". Call it whatever you want: the most important thing, the critical path, the lowest building block, etc. It needs to be ready to be worked on (all the prerequisites done) and I need to be ready to work on it. Necessary and sufficient conditions.

One thing that struck me the other day is that when I'm interrupted by a living human being when in the zone I'm probably not the nicest person to be around.

That's OK, because you're not yourself anyway. You're some other persona living in the body you share. Sometimes I think I have multiple personality disorder, my personalities are "me in the zone" and "me not in the zone". We both know each other exists, we respect each other, but we have never met.

Total immersion is a powerful tool, it makes it possible to achieve things that are normally at or just beyond what I could do in a regular work setting.

I'll take it a step further: it's the only way to get some things done. Sometimes I look at some work that I did and I can't believe I did it. (Worse, I wonder how I'll ever do something at that level again.) Then I realize that I was in the zone when I did it and all I have to do is return to the zone and trust that my other persona takes over. You don't have to be able to build something right now, you just have to believe that it's possible for you to build it when you're in the zone.

Nice post, Jacques. A few other things that may be helping:

  - I do all my work in my private home office.
- no land line
- only 6 people have my cell phone number for emergencies only
- no texting
- no chat
- I only check email in batches
- I only check Hacker News in batches
- L-shaped desk, single 19" monitor
- great office chair
- 3 kinds of light: natural, overhead, and task
- green & black full screen Textpad editor
- alt-tab to full screen test session
- windows open all year round (in winter it gets cold)
- sweat suit in winter, gym clothes in summer
- I work on only one thing: the most important.
- When I'm stuck, I go away from the computer.
- I always have pen & pad nearby. Always.
- Certain foods & drink help - this changes and is tricky.
- I face the door.
- I face southwest in every desk I've ever had. (I don't know why.)
- Cats remind me I'm not alone, but don't interrupt (much).
- SO knows: If I'm typing & looking at screen: don't interrupt!

2
points by lionhearted 4 days ago replies      
Very, very good post.

Some other thoughts -

If you notice some habitual thing you do when feeling initial frustration (surf to a website, turn on the TV, whatever) - then try changing your environment slightly to make it harder. If you use Google Chrome, delete or move a site you go to habitually. This can help a lot for not bailing out during that first 15-30 minutes of warmup when working on something a little frustrating and a little beyond current skill level.

Silence is good, but if you have a hard time finding it, try to find music that drowns out the outside world for you. Electronic music helps me - a nice mix of Benny Benassi, David Guetta, or John Digweed and I can ignore background noise. Also, if lyrics distract you and you like electronic, maybe try looking up some "minimal techno" - it's kind of weird, but very cerebral. I work very well to it, it's zone-getting-into music for me.

Silence or kill your phone entirely.

Make very clear to people when you're about to work on something important and don't want your concentration broken, let them know you're going to be an angry cave bear woken up from hibernation if they bother you, and let them know exactly what to bother you on - "Don't disturb me from working unless something is on fire, and maybe not even then" tends to get the point across.

Also, you've kind of got to regular your caffeine/sugar/food a little bit so you don't totally spike and crash. It takes a while to get this down, but there's very few things that are as much of a bummer as having your blood sugar crash, caffeine withdrawl, and hunger kick in all at the same time when you were doing good work. Knowing your own rhythms and eating/drinking/caffeinating intelligently during your work helps a lot.

3
points by MortenK 4 days ago replies      
There is a psychological term for that state of mind, which I'm sure most of the readers here know already. It's been investigated thoroughly by the psychologist Mihaly Csikszentmihalyi (try saying that 3 times fast).

It's called Flow (http://en.wikipedia.org/wiki/Flow_%28psychology%29) and to me is a really interesting topic, as well as a mental state I'm sure most programmers are experiencing regularly. At least unless they are sitting in a hectic environment, like say, a home office with 3 cats and a frequently insisting girlfriend (theoretical example).

4
points by zyfo 4 days ago replies      
What he describes seems to be the same as flow
...the mental state of operation in which a person in an activity is fully immersed in a feeling of energized focus, full involvement, and success in the process of the activity.

For tips on how to create the zone that OP is talking about, read the wikipedia article [1]. The book Flow by Mihály Csíkszentmihályi [2] is also highly recommended.

1: http://en.wikipedia.org/wiki/Flow_(psychology)#Components_of...

2: http://www.amazon.com/Flow-Psychology-Experience-Mihaly-Csik...

5
points by pmjoyce 4 days ago replies      
Interruptions collapsing the mental model into fragments reminds me of a pg quote about interruptions that has always chimed with me.

But the time quantum for hacking is very long: it might take an hour just to load a problem into your head. So the cost of having someone from personnel call you about a form you forgot to fill out can be huge.

This is why hackers give you such a baleful stare as they turn from their screen to answer your question. Inside their heads a giant house of cards is tottering.

http://www.paulgraham.com/wealth.html#f1n

6
points by billybob 4 days ago replies      
"An interruption - no matter how short or slight - collapses that whole mental model in fragments on the floor. I literally have to re-build it before I can continue to work and that typically takes anywhere from 15 minutes to over an hour."

One thing that helps me with this is to "sketch out" my plan in comments before I start. That way, if I get interrupted, I have comments to jog my memory of what I was doing.

This also helps when I have to chase a rabbit trail. Maybe my comment for a particular step just says "capture the substring and replace it with foo," but to actually do that, I have to look up the method documentation. When I finish with that detail, I don't want to have to say "now where was I?" My next comment helps me get back on track.

7
points by geoffw8 4 days ago replies      
I have this, and I'm not a coder. I started life as a designer, working on mobile campaigns and the similar. When I came out of this "constantly sit in Photoshop" mode, I found it really hard to work. In a management role its impossible to have a "zone" thats comparable to my Photoshop days.

I beat myself up because sometimes I don't feel like I'm working hard enough, whereas what I actually think is happening is my brain has associated "working hard" with being in "the zone" - something I find hard to do with this type of work.

I'm currently sitting in Photoshop doing some logo resizing for our homepage, and its nice being "back in the zone"!

8
points by michaelochurch 4 days ago replies      
I don't think flow is some sacred state that requires specific conditions for most people, and I don't think it's broken by bathroom breaks, fetching coffee, or even short, rote social pleasantries. Most people can achieve it.

As for flow, I think it's like sleep in its onset. You can't force yourself into the state, but if you make the conditions right, it'll usually start in 10 minutes and fully set in within 40-60.

What makes flow impossible in most work environments is arrogant, short-sighted managers (there, I said it) who ask for detailed, impromptu status reports several times a day. They're so used to email clients and web services that can be checked 33 times per day, with no degradation in performance, that they think they can pull that shit off on the people working for them, and it's not that way. Establish a sane, regular reporting schedule and fucking stick to it.

9
points by chegra 4 days ago replies      
I don't know if any of y'all picked it up, but I personally find I'm way more productive when I was at school than when I'm working. I think this can be attributed to work environments tend not to afford you the luxury of a quiet environment.

I think one of problems with the work environment is that they don't know how much they leave on the table because of the environment, and without a cost, there can be no cost/benefit and no impetus to change.

10
points by snikolic 4 days ago replies      
I've recently started using VMs to help get me into my zone faster and keep me there longer. I keep a separate VM for each project I'm working on, and I keep all other activities (browsing, music, chat, etc.) out of them. I've found a few advantages:

1) Easier to get into my work. When I restore a VM, it's still in the exact state it was in the last time I worked on that project. Terminals open, commands still partially typed in, working files open, notes typed to myself, docs/references still open, etc.

2) Easier to avoid distractions. The logical sandboxing of work and play has really been helpful for me - once that VM opens up, everything else gets hidden and drowned out. There is no temptation to "just peak at HN" - I'm either completely in my work VM or completely out of it. When the divide between work and play is blurry, I err, but this keeps that divide very crystal clear.

3) It's easy to recover from distractions when they do occur (and they are inevitable). I just minimize the entire VM I'm working in, and all of my work is kept in its exact state: positioning of windows, files open, etc.

11
points by fdb 4 days ago replies      
The book "Pragmatic Thinking and Learning", by Andy Hunt of the Pragmatic Programmers, talks at length about managing focus. It also includes techniques for improving learning, gaining experience and even meditation techniques.

http://pragprog.com/titles/ahptl/pragmatic-thinking-and-lear...

12
points by MatthewPhillips 4 days ago replies      
Let me add that it must be a desktop computer. I don't want a laptop with its wide screen, its trackpad, or its keyboard that I have to adjust to rather than it adjusting to me.

A second monitor will make me 10% more productive but I can live without it if I have to. Give me a laptop and my productivity falls to a crawl.

For me the zone happens somewhat randomly. If I tell myself that I'm going on a programming binge after work I'm probably not. I'll find some excuse, pick up a 6 pack and watch a baseball game or something. But if I read about some new library or a new technique, I'll often pop open a text editor and play around with it. Next thing I know I've decided to use it instead of some other library than I previously was working with, and have completely replaced the code in a couple of hours.

13
points by atlei 4 days ago replies      
Two golden oldies by Joel Spolsky:

Where do These People Get Their (Unoriginal) Ideas?

- http://www.joelonsoftware.com/articles/fog0000000068.html

Human Task Switches Considered Harmful

- http://www.joelonsoftware.com/articles/fog0000000022.html

+1 to "Flow" by Csikszentmihalyi

14
points by tejaswiy 4 days ago replies      
It's interesting that you mention multiple monitors. Despite all cases made for programmer productivity and screen real-estate, I find that having a browser window up, starting at me in my second monitor while I try to code on my main screen is incredibly distracting. I've yet to figure out how to use the browser purely for work related stuff without hopping on YC / Reddit to see what's happening, so I'm just going with single monitor for now.
15
points by Swizec 4 days ago replies      
My process of getting into the zone is completely different. I absolutely need my environment to be chaotic and random. I'm always on the hunt for my "coding mojo".

This usually means changing the desk I work at every few weeks, possibly going to a sofa for a few days. Today I even went to work at a coffee shop despite having a readily available office. It's just too boring there.

Another thing I seem to need is enough low-grade internet to quickly refresh my mind when I get stuck on a problem. It lets me delegate whatever I'm thinking to the back of my mind while I mindlessly surf the internets until the problem is suddenly solved and I can get back to work.

16
points by daoudc 4 days ago replies      
I almost missed my train stop yesterday because of this. I think the train works particularly well for me because:

  - It's a routine, so I can plan a difficult job to work on
as I'm walking to the station
- There's no internet, so no HN/other distractions
- It's normally quiet

One thing I've noticed is that I can only get into the zone if I've got a hard enough problem to work on. I don't seem to be able to do lots of easy problems as efficiently as one large one.

17
points by leftnode 4 days ago replies      
I moved to a new laptop and it's really helped me get back into the zone more frequently and easier. The reason is that I haven't set up my Bookmark Toolbar in Firefox, so going to Reddit/HN/SomethingAwful isn't just a click a way and it's not always visible. Throw in an F11 with multiple desktops to tab between (first has a full screen shell, second is my editor, third is my browser) and it makes for an incredibly productive environment.
18
points by humj 4 days ago replies      
The zone is something I'm very familiar with and have been aware of for a long time, even before programming. To me, the zone is a product, not only of complex problem-solving, but also, high creativity (but perhaps these are one and the same). By day, I'm an architect (as in physical buildings), and I often find myself in the zone particularly in early design, when thinking very big picture and developing new concepts; asking myself questions like..
- what are the different components of hte project
- how do they relate to each other
- how do they fit into the existing infrastructure
- how does it change the existing
- what is the experience of each type of user
- how do these experience differ from expectation (good or bad)
- how do these new relationships and interactiosn affect the business model

just to name a few... So these are a lot of questions to handle all at once. I find myself asking suprisingly similar questions now that I'm coding/designing. The basic principles of physical space don't differ much from web space. My analogy for this sort of juggling is an image of a person standing one-legged on a ball with a stack of plates on his head and juggling an array of different objects.

When I'm in the zone, my mind is hyper-extended and I tune everything else out. I often won't even answer someone who comes up to speak to me. In college, my mother would call me and I wouldn't answer for hours. She'd get angry and say.. you couldn't spare 5 minutes? 5 minutes means having to drop all the things I'm juggling, fall off the ball and break the stack of plates on my head.

In the most extreme cases, when in the zone for extended periods of time, I've forgone eating and sleeping (no caffeine needed in the zone), without any ill effects until snapping out of zone, which ends in a crash.

19
points by BasDirks 4 days ago replies      
When I have been zoning for 4+ hours, I often dream about vim and data structures. Same thing with chess, not joking.
20
points by Afton 4 days ago replies      
stands up

Hi. I'm a programmer who's never been in the zone (as I understand it). This is in spite of being engaged in my work, and vigorous efforts to improve my practice.

I wonder how many of us there are.

21
points by hallowtech 4 days ago replies      
My zone is best found between 7pm to 5am, usually on the couch with the laptop, and some easy to zone out tv series playing in the background. I think I've played through the Highlander and 4400 series several times just writing code. Its easier if you've already seen it, so its not really an interruption, but rather a way to keep from burning out on just staring at the computer screen.
22
points by gvnonor 4 days ago replies      
Being in the zone is more acute and recognizable when one plays an outdoor sport for a moderate period of time. I used to play tennis competitively and I could clearly tell when I was in the zone. It would be amazing, I would feel like I could take on anything my opponent would throw at me and without even breaking a sweat. I would expend very little effort but still end up playing the best tennis of my life.

In programming, I doubt if it's as easily discernible. I've been programming for a few years and had a few productive stretches coding 8-10 hours at a time(with small breaks in between of course), but never felt like I was in the zone even once.

23
points by kitsune_ 4 days ago replies      
Regarding "the zone" and "uninterruptability": I often wonder whether programming attracts people whose modus operandi is what it is, and "other people" would, for instance, have no problem with being interrupted, or whether programming is an activity which forces people to tackle problems in this way.
24
points by ollysb 3 days ago replies      
I've realised that lately I don't really code in the zone anymore. My workflow is completely tied to testing. Spec, red, code, green and the code just grows and adapts. All consuming flow is now very hard to achieve, there's simply too much time waiting for the computer to run tests, it's the stuttered conversation of a satellite phone. On the other hand it's far easier to return to work. Distractions used to feel like being forced to stop whilst cycling up a steep hill. Now the pace feels slower but it's steadier and more controlled.

I miss those old sessions. Lost in my own world, code flying out for hours at a time sometimes straying far from the next compile but certain that if I just kept hacking there would be a glorious moment when it burst into life. I wouldn't go back now though, the red, green has me. I'll just have to wait for that cloud editor I'm longing for, the one that'll run tests instantly as I type.

25
points by james_ash 4 days ago replies      
I found Jason Fried's analogy in "Rework" useful. Paraphrasing: "Going to work" is like going to sleep. If someone keeps interrupting you every few minutes, you're never going to fall asleep. It takes uninterrupted time to get there.

I've tried to use this analogy with my wife. Still working on it.

26
points by jpr 3 days ago replies      
> It was the very first time that I used 'structured programming', a technique a friend of mine had shown to me.

Huh? How old is this guy? I thought structured programming was something that came out in the 30's or something.

27
points by soofaloofa 4 days ago replies      
The closest I have come to this ideal is when playing sports. For me, mental preparation was absolutely key.

I imagine high performing athletes are able to achieve this feeling of being in the "zone" quite often.

28
points by esmevane 4 days ago replies      
I'm glad to hear this voiced in the communities I've attended. Honestly, I'm having extreme bouts of difficulty explaining this to the folks I collaborate with. They are genuinely wonderful folks, but I just can't seem to get across the severity of even minor interruptions.

Sometimes, I will deliberately engage in nothing but research until everyone is out of the office. Then, I start coding. Not an optimal resolution, by any means, but until articulating this amicably is possible, it's what I've got.

29
points by 5h 4 days ago replies      
headphones in, volume up, only vim open.

could be in the middle of a war zone, or my office that frequently mimics such, as long as I am interested in the problem at hand I can get in the zone.

30
points by demoo 4 days ago replies      
Maybe it is because I'm not a real coder, but whenever I'm working on some project (usually front-end web design) I find myself checking resources and other code examples often.

How do you guys deal with these while 'in the zone'? Got a book or notes lying around? Or are visiting the web/irc to get unstuck?

31
points by kefs 4 days ago replies      
Related reading for those living with us nerds:
http://viewtext.org/article?url=http%3A%2F%2Frandsinrepose.c...
32
points by antfarm 3 days ago replies      
paul graham has some interesting things to say on working environments and distractions, quote: "a working environment is supposed to be something to work in, not despite [of]".

listen to:
http://itc.conversationsnetwork.org/shows/detail188.html
http://itc.conversationsnetwork.org/shows/detail657.html

33
points by walta 4 days ago replies      
I find that the hard part comes from not knowing what to do next. For me I have a notebook that I call my planning notebook. I write in the notebook the outline of what I'm trying to accomplish -

Who it's for
What it should do
When I think it'll be done
Where it needs to happen
Why I'm doing it
How much it will cost

This frames the project for me. Then after that I come up with what I think the next thing I need to accomplish on the project is and write it down. Later when I site down at my computer, I have no questions about what to do next and so I can hit the zone really fast.

34
points by ww520 4 days ago replies      
Music is what does it for me. Just put on a headphone and code away.
35
points by hanibash 4 days ago replies      
I like to participate in day long hackathons for this reason. Mentally, I know that I've blocked that time off for coding, and socially, all my friends know that I have too.
36
points by weicool 4 days ago replies      
Shh! He's wired in.
37
points by tarkeshwar 4 days ago replies      
Hardest factor that keeps me away from the "zone" is: the task-at-hand being uninteresting and grungy, which is typically the case at regular jobs. Any tips on how folks overcome this factor? Other than to go built my own startup.
12
Dropbox Lack of Security tirania.org
276 points by zdw 1 day ago   176 comments top 21
1
points by patio11 22 hours ago replies      
This is the first time I've heard someone on HN actually ask for more security theatre. Sure, Dropbox could spend seven figures to get a ISOxxxx whatever consultancy to draw up a 125 page document describing their internal checks, do the obligatory all-hands yearly mandatory training where you have to get 10/10 questions right and question 1 is "A user has uploaded naked pictures of themselves to their account. True or false: it is permissible to download these and take them home with you.", etc etc.

And they'd be exactly where we are today:

1) Yes, we could look at your data any time we want to. This is an inevitable consequence of letting you look at your data any time you want to.

2) We promise not to abuse our power #1.

3) If you don't trust us on #2, you should not do business with us.

Except they'd be out seven figures.

2
points by thought_alarm 23 hours ago replies      
Do a lot of people think that Dropbox is some sort of super-private service?

I'm no security expert, but do I hope it's obvious to most people that Dropbox wouldn't be able to do stuff like reset your password if they didn't have access to the contents of your files at some level. A truly secure and private service would look a lot different, and be much more complicated to set up. That's the tradeoff.

3
points by gergles 22 hours ago replies      
I don't care. I use Dropbox because of the unparalleled feature set and ease of integration. I have my taxes stored on Dropbox, along with a lot of other sensitive information. They're in an encrypted RAR file with a line-noise passphrase, just like they would be if I were storing them anywhere (including locally -- after all, what if Mallory steals your hard drive? Or, to parrot the most common movie plot threat, what if the NSA secretly breaks into your house when you're out at the movies and images all your disks then slips them back in without your knowledge?)

The features DB offers for sharing, web access, etc. are well worth the tradeoff, and I am ashamed to see the security pedants constantly pillorying Dropbox because it's not some imaginary "verified secure" system. They don't advertise to be that. A claim of "we encrypt your files with RSA" should be utterly meaningless to you without knowledge of how the key is controlled, and a few seconds' thought and examination of the feature set should inform you that yes, Dropbox has to have the key to decrypt the files. That doesn't make the claim of "your files are encrypted" any less true.

4
points by tlrobinson 23 hours ago replies      
It always seemed obvious to me that Dropbox has access to your unencrypted files because they make them available to you through the web interface.
5
points by arashf 23 hours ago replies      
hi there, arash from dropbox here. all data is (as we state in the referenced help article) encrypted before it's stored on the backend.

all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.

re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.

for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)

6
points by csallen 17 hours ago replies      
Dropbox didn't lie. This is simply a misinterpretation (or misunderstanding) of what's meant by the phrase "Dropbox employees aren't able to access user files". It's not the same as saying "It's impossible." The fact is, if you send a company your unencrypted data, it's obviously possible for them to view it at some point. Otherwise they could never encrypt it in the first place. So when they say that employees aren't able to access it, they mean that they, as a company, choose not to access it.

A good analogy is the post office. Anyone who works there and handles your mail could, if they so desired, tear open your package and steal the cookies your mother sent you. We trust them anyway, because we know they take precautions to ensure it doesn't happen. Dropbox is the same, but even tougher (I doubt the average Dropbox employee has access to their decryption mechanisms, but plenty of people at the post office can unseal your envelopes).

That said, to not acknowledge it as even possible for the company you send your data to you be able to access that data seems, to me, a bit naive. That's not the promise they made, and so the claim that they lied is false.

7
points by runjake 12 hours ago replies      
All this press about Dropbox is getting ridiculous. I'm almost suspecting it's a hit job, but I'm wondering why people like De Caza are getting involved.

Pay attention to the two following rules. They are, and always have been true. Write them down if need be:

1.) The government can demand files from any US (and many non-US) companies. The company is then legally-obligated to turn them over.

In the past, the government has even successfully demanded data without the proper warrants (read about the VZW/AT&T/Qwest/NSA fiascos).

2.) Your cloud data is always subject to security breaches and provider employee abuse. Encrypt accordingly (I prefer DMG and TrueCrypt).

Why is this news? Did people not understand this?

8
points by donpark 22 hours ago replies      
Three points:

1. Sensationalism aside, Dropbox should review questionable security claims to reduce false sense of security if any. With millions of users, careless words formed out of marketing needs are no longer needed. What Dropbox users need now is more clear picture of what they are giving up to gain Dropbox's services.

2. The weakest security link is the user and their computer, not Dropbox which has enough financial incentives at stake to be diligent security wise. In the end, no computer open to external data or code is safe. What protect most users today is actually not security technologies but cost/benefit ratio to potential attackers, tempered by goal and scale. 99.9999% of Dropbox user data is useless to attackers and cost of mining questionable nuggets out continually expanding sea of data from 20 million users is not a trivial task.

3. While it's true that user must trust Dropbox in the end, some of its security measures could use strengthening even if it's just intended to raise the level of sophistication necessary to steal Dropbox data.

9
points by tzs 23 hours ago replies      
It is possible to design a Dropbox-like system with the following properties:

1. Files are stored encrypted.

2. The service provider does not have the ability to arbitrarily decrypt the files. By "arbitrarily decrypt" I mean decrypt at any time they wish. They will be able to decrypt if the owner's client is actively connected.

3. When someone uploads a file that is identical to an existing file, it initially is stored separately, but in most cases can be eventually de-duplicated, without compromising #1 or #2.

I'll leave the details as a fun exercise.

10
points by icedpulleys 23 hours ago replies      
Regardless of how you want to parse a company's public statements and written policies, it's the height of naivete to think that a data host (ANY host) wouldn't share your data with law enforcement or has encrypted data in such a way that they guarantee that no one can access it.

If you have sensitive data, encrypt it yourself. Encrypt it on your local drive, back up encrypted data, encrypt it before uploading it to Dropbox. Doing otherwise is akin to not having a proper backup process: it's either because of laziness or ignorance.

11
points by earl 23 hours ago replies      
truecrypt ftw

If you're uncomfortable with dropbox, put a truecrypt partition right inside your dropbox folder.

12
points by zdw 1 day ago replies      
Couple this with the unencrypted metadata on mobile problem: https://grepular.com/Dropbox_Mobile_Less_Secure_Than_Dropbox...

And how their "encryption" on the server side is basically a lie, as they do dedupe on data: http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...

I'm stunned that anyone would use them for anything for ephemeral data you wouldn't mind posting in public.

13
points by perlgeek 19 hours ago replies      
I don't know if that's how dropbox does it, but I could imagine that they have a master key to which normal employees don't have access, you need the founder and a trusted second person to retrieve it.

Thus their statement "Dropbox employees aren't able to access user files, and when troubleshooting an account" wouldn't be too far off the mark, and they can still make the data available to the government, on request and with higher effort.

14
points by jeffreyg 23 hours ago replies      
There was a really good thread in /r/netsec a few days ago about encrypting your dropbox:

http://www.reddit.com/r/netsec/comments/gowvu/doityourself_e...

15
points by grandalf 14 hours ago replies      
All US companies will comply with government requests for data, even Google, when a warrant is presented.

If you don't want anyone looking at your data, use your own strong encryption layer and hope that there's not a back door.

16
points by chrishenn 23 hours ago replies      
Relying on others to safeguard/encrypt your personal data just doesn't make sense to me, in the same way that closed-source cryptography doesn't make sense.

If dropbox is claiming a false sense of security then that is an issue, but users that truly care about their data should resort to truecrypt or something where they are the only ones who control access. You can sync your files with dropbox and keep them safe with a truecrypt volume. Or if that is to much of a pain, only do so for sensitive files. Have your cake and eat it too!

17
points by MetallicCloud 23 hours ago replies      
Wouldn't they have to keep the keys on their servers? Otherwise when my computer dies, I wouldn't be able to access my files from a different computer.
18
points by joanou 23 hours ago replies      
Dropbox is a good service, and I am sure file access is limited to a few employees, but I wouldn't use it for sensitive data or for a business. Any service where you do not control the encryption keys, e.g. Box.net, and myriad others will have the same issue. It's all about tradeoffs. Ultimately they can access your data. The truecrypt option may solve it for some but that means the whole archive has to be shared.

AltDrive unlimited online backup versions your files and allows you to control your encryption key. It runs on *nix, OSX, Windows, and other OSs. http://altdrive.com

19
points by kennywinker 22 hours ago replies      
forgive me if I'm naive, but can file hashes be spoofed in any way? I'm thinking upload a bunch of files that hash to random numbers, then download the de-duplicated original files.

could someone more knowledgable in this area tell me if this is a credible threat?

20
points by davidmduarte 15 hours ago replies      
I don't use Dropbox because their app on my computer have access to my computer.
The data I could send to Dropbox are as secure as the data i send to a host or email server.
... or may I wrong. :)
21
points by jbverschoor 14 hours ago replies      
If I steal your ssh private key, I can do anything I want
13
Online Cash Bitcoin could Challenge Governments, Banks time.com
273 points by kiba 3 days ago   210 comments top 27
1
points by sage_joch 3 days ago replies      
I think the main takeaway is that governments are making a strong case for an alternative, decentralized currency:

  * preventing transactions they don't agree with
* inflating savings away
* freezing bank accounts of adversaries
* seizing cash at security checkpoints

2
points by tarkin2 3 days ago replies      
I don't think Bitcoin solves the main problem of new currencies: confidence of their acceptance.

John Law introduced paper money into France by getting the government to accept it for paying taxes. Every Frenchman and woman was confident the state, no matter who took over, would still collect taxes. And the state, knowing the currency was valuable to everyone--even foreigners, could also use it.

Where's my confidence that people will desire a bitcoin in future? Even if, say, every Starbucks in every country started accepting them, it'd only be as valuable as the trend for coffee and the stability of Starbucks. Could I, when planning a mortgage, bet on Starbucks' popularity over 25 years?

I can see how game currencies can come about. But the market for these games is limited and ephemeral in the long run. If you want to compete with banks, you need to think about long term confidence. I've yet to hear how Bitcoin, or any other startup currency, solves this problem.

3
points by ZitchDog 3 days ago replies      
Bitcoin is a fantastic idea, with one crucial mistake: the finite nature of bitcoins. The fact that coins will one day "run out" will almost certainly lead to increased speculation, which will in turn lead to a deflationary spiral, followed by a "bubble burst" when speculators sell all their bitcoins and average coin holders are left holding the bag.

Infinite coins would tie the value to the opportunity cost of computation, which is actually a really cool idea. Inflation based on the log of moore's law would ensure a steady inflationary rate based on computing power. This would deter speculators and incentivize innovation in computing power in order to more efficiently mine currency.

My hunch is that an uncapped bitcoin competitor would have a more difficult time getting off the ground, since the finite nature of bitcoins favors the first mover.

4
points by cookiecaper 3 days ago replies      
Bitcoin is awesome because it stands to make electronic payments extremely easy without any hassle from banks or outsiders. No more e-commerce hassles like a merchant account or payment gateway.

The anonymity is less strong than many initially presume since ALL PAYMENTS ARE PUBLICLY REGISTERED, including the payment chain. This is why it's important to generate a new btc receiving address whenever you perform a new transaction. The entire exchange history of that bitcoin is public knowledge, from the day it was generated until the very last transaction. Hence, if you use a bitcoin that was sent to a publicly disclosed address to pay for something, that transaction is linked to you forever. So people need to be careful about how they use which bitcoins, and the client doesn't really make that easy.

There really is a lot of potential in btc, I've been excited about it since I first learned of it, though as soon as the government catches on they will outlaw it (if they can't find a current law to justify prosecution and/or destruction of the btc network, which is doubtful) and do everything possible to destroy it. They won't like it at all, and neither will the banks that even btc users rely on to store their country's regularly denominated currency. I am scared and interested to see what happens to btc as demand rises.

5
points by gaius 3 days ago replies      
This is what happens when you challenge governments and banks: http://news.ycombinator.com/item?id=2451302
6
points by gte910h 3 days ago replies      
To me this press effort always seems like just people who already have bitcoins trying to get buyers to raise the price of the currency.
7
points by AndrewMoffat 3 days ago replies      
Why is Bitcoin a good currency again? If I understand how it is distributed correctly, those with higher/more computational power receive more of the finite bitcoins. How does that not favor the already rich?
8
points by clistctrl 3 days ago replies      
Bitcoin is pretty sweet, but its extremely confusing. I barely understand it, and i'm an extremely technical user. I think people need to work harder on bringing down the complexity.
9
points by AndrewMoffat 3 days ago replies      
There's some great discussions going on in the Economics section of their forums: http://www.bitcoin.org/smf/index.php?board=7.0
10
points by originalgeek 3 days ago replies      
> Because Bitcoin is an open-source project, and because the database exists only in the distributed peer-to-peer network created by its users, there is no Bitcoin company to raid, subpoena or shut down.

Which will leave only Bitcoin users to raid, subpoena and shut down.

11
points by mshron 3 days ago replies      
As far as I can tell, the only way to actually stay anonymous and have a foothold in the bitcoin economy would be to exchange bitcoins for cash in person with someone.

Even then, once you tried to combine that account with any other you owned that was traceable to you (record in an exchange, email sent to a client containing your bitcoin address) it would be easy to link them together, since the entire ledger is public.

I guess what I'm saying is that your level of sophistication to stay anonymous would have to rise along with the sophistication of an attacker, which is not immediately obvious from these glowing articles on Bitcoin.

12
points by cookiecaper 3 days ago replies      
Every time btc gets press mtgox jumps. We were looking at averages between 70 and 80c / btc, now it's up to $1.11. I would encourage people to let the furor die down a bit before investing in bitcoins, until they're back in the 80-90c range at least.
13
points by ender7 3 days ago replies      
Bitcoin is both a really great idea, and a really stupid idea.

sage_joch has already pointed out the reasons why it's a really cool idea.

It's also flawed in a number of ways. First, the limited supply means that you've essentially just created an electronic version of gold. It's more easily tradeable, but its behavior as a commodity will be similar.

If you like investing in gold, that's great. I guess.

Second, bitcoins do not necessarily remove the issue of paying a fee for transactions. Instead of paying a fee per transaction, you will instead pay a fee in order to transform normal currency into bitcoins (this is not as readily apparent now, but if the system ever becomes large enough to actually have stable value, then you will need to pay someone to convert real currency to bitcoins). Will this be cheaper than credit-card fees? Probably? Keep in mind that credit card companies are offering just that: credit, which is a service. Someone has to pay for it (either you, the merchant, or the marketers who they sell your buying profile to).

Third, bitcoins ignore the fact that national currencies are an incredibly valuable tool for modern governments. They can of course be misused (see: Argentina, post-WWI Germany), but adjusting the value of your currency is one of few ways of improving your country's competitiveness globally (see: the trouble Ireland, Greece, and other European nations have had recently because they do not have control over the Euro). So, don't expect national currencies to go away, or become obsolete.

Perhaps the Bitcoin community has an answer for these concerns...

14
points by euroclydon 3 days ago replies      
I have a hard time getting excited about a currency when the main reasons given for it's existence are for online gambling and Wikileak donations. I would be excited about a dollar alternative that allowed the common person to protect themselves from the inflationary rot that the US Congress is hell-bent on subjecting us to.
15
points by patja 3 days ago replies      
Good recent Bitcoin podcast interview on Econtalk: http://www.econtalk.org/archives/2011/04/andresen_on_bit.htm...
16
points by pnathan 3 days ago replies      
Bitcoin is really cool.

I just wish I knew what to sell to get some. My dabbling with mining bitcoins has convinced me it requires a on-all-the-time setup to mine with any prayer of success.

Last time I looked, there didn't seem to be a real economy, just people trading bitcoins. ~.~

17
points by euccastro 3 days ago replies      
Not arguments, but advice: RTFA.
18
points by kragen 3 days ago replies      
Oh shit. I guess that's the end of the road for Bitcoin, eh? No way governments and banks are going to let it live now that Time says it "could challenge" them.
19
points by iterationx 3 days ago replies      
>>Intermediaries as Choke Points

Interesting to see an article using network theory. http://en.wikipedia.org/wiki/Choke_point

20
points by rick888 2 days ago replies      
What's to stop someone from taking apart the software/building rogue software and generating their own bitcoins without going through any of the complicated math calculations?

If they can't, then there must be some central authority preventing this..which means it's no different than the government

It also doesn't really help with privacy. In fact, it does the exact opposite:

Taken from: http://www.bitcoin.org/smf/index.php?topic=5907.0

"Every bitcoin transaction ever made is public, and the life of every bitcoin is fully recorded in public for all to see,"

21
points by barmstrong 3 days ago replies      
Just realized, BitCoin could become a force to recon with overnight if just one step happened: Paypal started supporting BitCoin.

Peter Thiel is a libertarian and seems like he would be very sympathetic to the idea - who knows, crazier things have happened.

22
points by nabilt 3 days ago replies      
Great article that explains the basic technology and it's potential impact. Great link to send to some of your non-tech friends.
23
points by thedaveoflife 3 days ago replies      
Money is fiction. The value of money is derived from trust in the central authority that creates it. Therefore I think an entity like Bitcoin (though not necessarily Bitcoin itself) could conceivably come to replace federal currency because its source is not human beings, but an unflappable algorithm.
24
points by DiabloD3 3 days ago replies      
For those that think Bitcoin has no purpose, what about all the small time FOSS authors out there who are, frankly, scared shitless of Paypal coming in and closing their account?

Bitcoin is perfect for stuff like this.

And if you think Bitcoin is a waste, feel free to send your coins to 1DbeWKCxnVCt3sRaSAmZLoboqr8pVyFzP1

25
points by known 3 days ago replies      
Sounds like computerized http://en.wikipedia.org/wiki/Hawala
26
points by known 3 days ago replies      
http://www.weusecoins.com/ for the beginners
27
points by waynerad 3 days ago replies      
Someone tell my why the US government can't just demand ISP's block the protocol that Bitcoin uses?
14
JQuery Events: Stop (Mis)Using Return False fuelyourcoding.com
267 points by vilda 2 days ago   19 comments top 9
1
points by blantonl 2 days ago replies      
I'll stand up and raise my hand and state "I do this often." I'll also say that this article has me scheduling some code reviews this week of my own work to find out where I'm doing this.

And, this is a well written article - especially since it points out actual examples of where things could go horribly wrong on a page with jquery implementation and why they could go wrong. That alone could possibly save me hours of searching stackoverflow for reasons why my jquery events aren't firing etc.

2
points by MichaelGG 2 days ago replies      
I'm not very well versed with JavaScript/jQuery, so perhaps my thinking here is completely off.

Is it often the case that you want to wire up a click handler to link, but still want to follow the href? If not, why doesn't jQuery just automatically prevent navigation for links when handling the click event? Then for the few cases (confirming navigation, perhaps tracking user actions?) the programmer could explicitly indicate the continue through with navigation.

Having to write preventDefault() in each handler seems like unnecessary noise, doesn't it?

3
points by edanm 2 days ago replies      
Brilliant article.

A great explanation of a pretty technical point most people gloss over. I for one had to learn the lessons of this article the hard way and figure them out for myself. I wish I had read this article before I started using javascript heavily.

4
points by lindvall 2 days ago replies      
I wish the title wasn't so much about "Stop doing ___" but the contents of the article are good for people to be aware of.

These are little details of how systems work that are just brushed over too often but are important to get right.

5
points by robryan 2 days ago replies      
I think for me I've always just returned false unless their was some specific reason not to, which hasn't come up overly often. But yeah it could be something that is confusing when it comes back to reviewing code down the track.
6
points by qntm 1 day ago replies      
This may sound like a stupid question, but if you don't want the browser to follow a link when somebody clicks it, why not just leave off the href attribute?
7
points by purephase 2 days ago replies      
I'm with blantonl. I do this more often than I should (and I know better).

I've actually been struggling with a click event handler not firing and this article may have pointed me in the right direction.

Thanks for the link.

8
points by mcdaid 1 day ago replies      
Great article, particularly like the Top, Bottom or Somewhere in the Middle section. I had never considered how the position of e.preventDefault() would make a difference.
9
points by pippy 1 day ago replies      
Sadly it's another IE6 hangover.

event.preventDefault() does not work in IE6, you have to use event.returnValue = false;. To not break standard compliant browsers you have to have if(event.preventDefault) event.preventDefault();, but by then you have three lines doing what one could do, you give up and use return false;. (and not use child click events).

Fortunately with IE6 usage under 5% now, I'm sure your boss wouldn't notice it.

15
The Lisp Curse winestockwebdesign.com
249 points by winestock 4 days ago   149 comments top 19
1
points by pg 4 days ago replies      
Occam's Razor suggests that the reason there is no dialect of Lisp as popular as less expressive languages is that no one happens to have created one yet. What languages are has changed. Languages used to be specs. Now they're open source projects. Open source projects seem to succeed based more on the energy of their initial organizers than anything else. There are only a few big language-project organizers, and none of them happens to have chosen to implement a language that is a dialect of Lisp. That's the sort of thing that's true until it's false. E.g. Clojure could be the counterexample.

Maybe there's more to it than a small sample size, but that seems the likeliest explanation. The second most likely explanation is almost as mundane: that the reason new dialects of Lisp have trouble attracting adherents is that mainstream programmers are put off by s-expressions.

2
points by TY 4 days ago replies      
Most of the essay can summarized by this quote from it:

  Lisp is so powerful that problems which are 
technical issues in other programming languages
are social issues in Lisp.

While this is not a bad essay I'm experiencing a fatigue from reading articles/books/posts about great powers of Lisp and why Lisp is where it is today.

Instead, I'd love to see that mental energy spent on advocacy/defence/adulation/hatred of various Lisp dialects on actually writing great software.

Let's stop looking at Lisp as a religion and instead use it as a great tool to create beautiful things.

Disclaimer: I've used CL, Scheme and Clojure on my various (mostly personal) projects. For the current one, I use Python as it fits better for what I'm doing today. My next project will use whatever it needs to work.

3
points by sedachv 4 days ago replies      
The Lisp Curse is all the people writing opinionated articles about the Lisp inferiority complex, instead of contributing to existing Lisp software.

There are tons of incompatible, undocumented libraries for Perl, Python and C. This is no correlation to anything. The people who want to use existing libraries use them. Those who want to reinvent the wheel will do that and there is nothing you can do to stop them.

Lisp Machines aren't magic.

If you think GNU Emacs is "obsolete," you can work on http://common-lisp.net/project/climacs/ or http://common-lisp.net/project/phemlock/ or http://mclide.in-progress.com/ , but don't expect anyone else to share your opinion. GNU Emacs is the best multi-language, multi-platform programming environment available today. Most people somehow manage to avoid the "Lisp Curse" and just work on improving Emacs extensions.

4
points by luu 4 days ago replies      
I'm always wary of arguments along the lines of “we weren't successful because we were too awesome”, when there are alternative explanations. Could there possibly be any other reason?

I've found Ruby to be very easy to extend, and one complaint I've heard is that it's so easy to write DSLs that everyone has their own incompatible languages. And yet, Ruby is successful. So, how come Ruby is more marketshare than, say, SML? Could it possibly be that most people just find it easier?

It implements most of the unique features of Haskell and OCaml. In some respects, Qi surpasses them. For instance, Qi's type inferencing engine is Turing complete. In a world where teams of talented academics were needed to write Haskell, one man, Dr. Tarver wrote Qi all by his lonesome.

Seriously? Qi is nice, and “better” than Haskell and Ocaml in some respects, but it's also inferior in many other respects. To port all of Haskell's experimental features to Qi would require teams of people. There's nothing particular to Lisp that would make that orders of magnitude easier. Haskell just has a lot of features.

5
points by randrews 4 days ago replies      
I see his point about how everyone rolling their own thing is bad for the Lisp community, but he's got a kind of ridiculous view of C:

"Making Scheme object-oriented is a sophomore homework assignment. On the other hand, adding object orientation to C requires the programming chops of Bjarne Stroustrup."

It really doesn't. You can have a system that uses structs with function pointers, which is how things like Glib work. You can have a compiler that adds special syntax for doing this, which all gets translated into normal C calls; this is how Objective C works. OO is just Not That Hard To Do in any language.

Anyway, Lua is another great example of this curse because there's no module system or standard library to speak of, everyone rolls not only their own object system but their own list functions. The reasons are different though; Lua's design goals are to be a tiny language for embedding, so they sacrifice completeness for being really easy to customize.

6
points by shasta 4 days ago replies      
Or the explanation could be that Lisp just isn't that great. First of all, it doesn't even make much sense to talk about "Lisp" as if it's a language. The difference between the toy lisp you can write an interpreter for in a page of code and Clojure is night and day. And the other features are actually much more important than just being a Lisp. I'd be afraid to work with the "Haskell" that the smug Lisper of the article slaps out with macros. Not only would it probably not be as well designed as Haskell, unless they copied Haskell's hard work wholesale, but it wouldn't interop well with any other Lisp code.

Secondly, if you actually look at the defining feature of Lisp, S-Exprs and macros, it's not a good idea. Code generating S-exprssions may be more sane than generating C code through string manipulation, but it's still a bad idea and for the same reasons. Code is a human readable format (even if you force it to be S-expressions and pretend it isn't). Code shouldn't be generating other code, it should be generating more structured values. There are composability advantages to doing so and as an added benefit, you don't get stuck with S-expressions as syntax. I predict that in the not too distant future, languages will provide a better alternative to almost every current use of macros (we're already over half way there).

7
points by ChuckMcM 4 days ago replies      
An alternative explanation is that Lisp doesn't have a person with a strong vision, program management skills, a thick skin, a diplomatic way to saying no, and a big ass repository.

The same argument is repeated throughout the essay, "Its not that Lisp doesn't have X, it has {X0,X1,..Xn)!" and that is the problem. Using lisp I get no or very low re-use for any code out there. Ergo I must write a lot of it myself. He recognizes it and laments:

"Look more closely: Large numbers of the kind of people who become Lisp hackers would have to cooperate with each other."

At the solution. But here is the rub, the qualities of the lisp user today are, in part, derived from how difficult it is to re-use code. People who could write anything they wanted enjoy the expressive power of lisp and tolerate the requirement to create from whole cloth basic things that should exist already.

Now posit a world where there was the Lisp equivalent of CPAN, and an aggressive authoritarian requirement on documentation, coding standards, and unit testing. Once sufficient mass had built up in this repository, even dweebs who don't know the difference between arrows and monads could use Lisp to make something useful, and they would take on the false mantle of 'lisp hacker' and the population of lisp users would swell and there would be still more things checked in and poof a thriving 'lisp' community, except it wouldn't look at all like the current community.

8
points by gphil 4 days ago replies      
This idea kind of reminds me of the notion that ideas are cheap, and that execution and hard work are what it really takes to create a valuable company.

It seems to me that the hard part of developing language features is developing the documentation and the tools, and it's this work that will drive language popularity much more than the features themselves.

9
points by mtraven 4 days ago replies      
As someone who has programmed Lisp commercially for a long time, I have to agree with this essay. I've had much the same thoughts over the years.

At one point I was one of five Lisp engineers in a 10-person company. I think we had no fewer than five hairy macros for creating complex UI layouts, because everybody wanted to do it their own way, and you could hack something like that out in an afternoon.

You'd never get the same kind of phenomenon in a Java-based project, because creating something like that in Java is a major undertaking, so you'd have people settle on one that probably came from outside, and a whole ecosystem of sponsors, books and whatnot.

Just very different worlds. But Lisp programmers can't reinvent the wheel all the time, so I'm very glad of things like Cliki, asdf, and Quicklisp that are promoting sharing and standardized libraries.

10
points by ww520 4 days ago replies      
Large cooperative programs are usually written once but read many times. For large projects to succeed, the reading part needs to be optimized.

Lisp being too expressive encourages the optimization in the writing part - I can write my own macros/DSL to make writing MY program easier. The readers needing to learn and understand those are their problem. This encourages people to write their own libraries instead of understand and reuse the existing ones since it's always easier to build a mental model of your own writing than the others.

As noted by the others, Scala is starting to have the same problem in regarding in its ease of proliferating DSL.

11
points by gord 3 days ago replies      
I suspect there are similarities to : Why aren't the smartest people the richest, why dont they get laid the most?

The lisp language 'microkernel' is clearly a fundamentally important construct - the essential core of all computer language.

But lisp needs to interact with the surrounding ecosystem - less than genius level programmers, ugly APIs, non-mathematically perfect OO abstractions, old fashioned data stores. Its actually a lot of work to wrap that... given the impedance mismatch. Perhaps this is the same reason microkernel operating systems have won in theory but not in practice - interfacing to 'the real world'.

Comparing Arc and Scheme [both of which I really enjoy] to the Javascript / node.js 'environment' ... it seems Node.js is more amenable to real work. Its a less expressive / powerful / elegant language - but via Node, Javascript melds beautifully with the async IO model of the OS and gives superb primitives for developing TCP/http services.

Maybe its not the breadth of the libraries available, but the smoothness of the bridge between the language and the real world.

Geeks who apply their smarts and learn something about social interaction do get laid [ to abuse my analogy ].

12
points by kleiba 4 days ago replies      
Not all professional programmers are college kids with degrees in C.S. Imperative languages are much easier to get your head around than OO-languages if you don't have a formal training. And lispy abstractions like map and first order functions are even trickier. So I thought it's natural that the more abstract a language, the more difficult it is for it to make it into the corporate world.
13
points by schickm 4 days ago replies      
Oh lordy...this essay effectively summarizes the entire codebase of the lisp application that I work on with a team of 6 or so other developers.

I think what can work though is having an awareness of the power of the language you are working with, and then balancing the usage of that power with readability of code. You can write macros all day that save you precious typing time, but when someone else has to figure out those macros all that saved time is lost. Any language that allows the developer to define the syntax will always be troubled with this concept.

14
points by magice 4 days ago replies      
I think this essay is bull. As someone points out, it is yet another I-am-so-good-that-no-one-wants-me things that LISP people love to throw out. Maybe THIS attitude ("Lisp is Olympia and I, the proud user, is Zeus") is why.

Let's be frank, there are many many excellent languages that do not even attract enough people to have a "community." Icon always comes to mind as example: brilliant language, excellent libraries, but the only believers are myself and a professor. Other than that, Haskell, SML, OCaml have never attracted a significant number of users. They all are brilliant, right? BASH may have more serious products than those great things.

Let's face it, the true Lisp curse has not been discovered, and Lispers' attitude has helped it hide even better. I have my theories; you have yours. And mine are always more correct than yours. It's Lisp land, man. You can't argue against that.

15
points by plinkplonk 4 days ago replies      
It is past midnight where I live and it has been a long day, and I am sure it is my fault, but I am having some trouble identifying the central point of the essay.

Is it something like "The curse of lisp is that it is too expressive"? Genuine question. Please help.

16
points by jhuni 4 days ago replies      
The beauty of Lisp is in its simplicity. Lisp has the simplest syntax in the world, and the entire language is based upon five simple primitives.

All other mainstream languages complicate matters with operator precedence tables, multiple operator notations (prefix, infix, postfix, postcircumfix, etc), and many other syntactic weirdities.

The simplicity of the language makes it the best language there is for collaboration. Lisp is not to blame here - the community is.

A properly organized community can create standards for the use of macros to prevent their abuse and standardize on libraries to prevent fragmentation. Unfortunately, the Lisp community isn't well organized.

17
points by coliveira 4 days ago replies      
The reason Lisp programmers don't have a fancy IDE is that they don't feel the need for it. Everyone that really understands what he's doing is using Emacs or their own thing.

In a way it is similar for other languages. Why Ruby doesn't have something like Eclipse? Because it doesn't need one. Even for C/C++, the only reason why there is a Visual Studio is that there are so many entry level programmers that will buy it. Experienced C programmers feel much more comfortable using UNIX/gdb.

On the other hand Smalltalk programmers have an IDE because they need it: it is just the way it works for Smalltalk.

18
points by Tycho 3 days ago replies      
The problem with this argument that I see is that Lisp can't make everything easy - there will still be more advanced problems that take collaboration to solve. Thus while other programmers band together to make simple web servers, Lispers should in theory band together to tackle deeper problems. Which would make it more competitive than other languages, not less.
19
points by systems 4 days ago replies      
lisp needs a cpan
16
Screw you. Pay me. venturebeat.com
245 points by privacyguru 4 days ago   86 comments top 16
1
points by edw519 4 days ago replies      
Oh the horror stories I've heard:

- a software house whose biggest client found out that they were 75% of their business. So they just stopped paying their bills and waited them out until the source code ended up in receivership.

- A contractor that bid a time and material job, deployed it successfully, and got paid. He was then called back in to change a few things for which he was not paid because, "We paid for it to be right in the first place."

- a local trucker that made 500 successful deliveries buy screwed one up, so he got paid nothing. He blocked the parking lot with his truck in order to get paid. (The company would rather pay him that get the bad press from the local newspaper.)

- bounced checks, checks without signature, checks where the 2 amounts didn't match, checks with next year's date: too many to mention

Also, I'm surprised no one has mentioned a controversial practice I know that others have used: time bombs in the software. It goes something like this: Here is your working version which we will make permanent when you're paid in full.

I have never resorted to something like this and I hope I never do. Has anyone ever tried this? What are the ramifications, financial, business, and legal?

2
points by crikli 4 days ago replies      
My small firm has never had cash flow problems and we've never had a client successfully avoid payment. (EDIT: We've had cash flow problems in the beginning due to being a startup, but never from non-payment).

There are a few things that we do that have created this scenario:

1) Stipulate a 10 day payment policy. We don't really expect people to pay that quickly, but prospects/clients always bring it up. It give us the opportunity to communicate how serious we are about getting paid. We then flex the policy to something more realistic, although we make them fight to get the time beyond 10 days.

2) Payment is made regardless of the client's invoice status. We work with a lot of creative agencies so we're not always contracted to the ultimate payer. We make it very clear that we will be paid on time regardless of the status of their invoices. This is a really big thing to look out for it you work with agencies; they want to try to wait to pay you until they've been paid. We make it crystal clear that we will not allow their collection issues to become our collection issues.

3) Meet with your clients face-to-face and build relationships and in some cases friendships with them. It's a lot harder to screw over someone you have to look in the eye. Also, in my case I'm a pretty big dude, ex-lock (rugby), and it's also harder to screw over someone who could break you in half. It's primitive, but it works. :)

4) ALWAYS ALWAYS ALWAYS get money up front. We have a sliding scale for this based on total contract size, but it ranges from 25-50% as an initial payment.

5) Don't start the clock or work until you get paid. We guarantee delivery time, however our clock doesn't start until we've deposited payment, and our contracts stipulate this.

6) Follow up on invoices. We follow up on invoices at 15 day intervals. This is a good thing for so many reasons. It reminds them you're serious. It allows you to communicate before you have to go to the mattresses. It keeps you on top of your A/R because it's too easy to go "oh, it'll be okay, they'll pay" and go back to the IDE.

3
points by michaelochurch 4 days ago replies      
This wouldn't work in New York where you can call cabs from the street, but I lived in a town in Minnesota where there was a "non-payer" phone-number list that cab companies used. If you didn't pay the driver, your phone wouldn't get through to any cab company until you paid it back, plus interest and a processing penalty.

It seems like a "bad client" list would be, at least, a partial solution.

4
points by eli 4 days ago replies      
When I got my first real job at a small consulting firm, I was shocked at how many clients just refused to pay their bill. They didn't even really seem to have any specific reason for not paying.

Law firms were they worst. I guess because whaddya gonna do? sue them?

5
points by ihumanable 4 days ago replies      
As someone getting started in the Freelancing / Consulting world and trying to figure out how you are supposed to do things the "right way" this was a really accessible, fun, and valuable piece to watch, definitely worth the time.

I do have some questions for the HN community if anyone has some advice, thanks in advance.

What's the best way to go about contracts, especially form contracts. Most of the work I do is the same kind of thing and normally the only variables are rate / duration / deliverables. Is the best way to go about this to find a lawyer and have him draft something that I can just drop "$rate / $time" for "$durationOfProject" into.

Is it best to go to the lawyer with some sort of draft in hand already or should you let them do all the work? Can anyone point to some good resources for boilerplate contracts?

Anyways, it's all very new and confusing and exciting, just trying not to fuck it up too badly. Thanks for any advice.

6
points by michaelpinto 4 days ago replies      
My lawyer once pointed out to me that "contracts are only as good as the people who signed them" and what I've learned over the years is to go out of my way to avoid doing business with anyone who seems to be a flake. Granted that things can go south, but this strategy works well. And I say this as someone who went to court once and still couldn't collect.
7
points by tomkarlo 4 days ago replies      
I once had a client ask if they could just not pay a $2M bill (after 18 months of work) in the name of the "relationship" (because presumably there were much bigger deals down the line.) My boss, to his credit, didn't miss a beat before saying "that's not the kind of relationship we want."
8
points by leftnode 4 days ago replies      
Just had to send out a Fuck You, Pay Me email this morning. That's the #2 piece of advice I'd give to graduating computer science/engineering students: always get paid. #1 is don't build that idea the business major across the street has for free, which ties in nicely to #2.
9
points by jgarmon 4 days ago replies      
During my consulting days, this was a hard issue to get across to many clients. (Part of the reason I don't do much consulting anymore.) My time has a value. You're paying for my time. Whether you extract value from my time is up to you, but I'm going to be paid for it either way.

My consulting colleagues often disagreed with this philosophy, trying to walk some careful balance of not asking to be paid too much so the client will use you again. use being the operative word here. If the client is the type that doesn't value your time, you don't want them to hire you. It never ends up being worth it.

10
points by blazamos 4 days ago replies      
Any particular reason you changed the title? Some people might find it offensive, but they've already semi-censored it with the title "F*ck You. Pay me."
11
points by rabble 4 days ago replies      
There's a ton written about running a startup, but there is amazingly little written about doing a professional services design / development firm. Anybody know of good sources for running a good services firm?
12
points by sleight42 4 days ago replies      
Tangential but I'm hugely impressed with the camera work in this video. The alternate long and close-in shots of Mike, the speaker, and the use of contract gave it a decided Hollywood feel for me.
13
points by ElliotH 4 days ago replies      
Wish I had seen this about a year ago. Learnt some of it the hard way already sadly.
14
points by jnhnum1 4 days ago replies      
Don't people usually deal with this sort of thing by signing a contract ahead of time?
15
points by daimyoyo 4 days ago replies      
This question might seem naive and if it does I apologize. I live in Vegas but in all likelihood the vast majority of projects I'll be taking will be for out of state companies(especially in CA.) Should I retain a lawyer here, or should I look for one based in California? Thanks for any insight.
16
points by canadiancreed 2 days ago replies      
This is something that, as someone that is looking to get into the whole consulting business (yes I must be insane), found quite interesting. Thanks for sharing.
17
Want to attract top tech talent? Offer telecommuting cnn.com
243 points by chanks 11 hours ago   129 comments top 39
1
points by edw519 9 hours ago replies      
In the past 4 hours I have exchanged ones and zeros with people and computers in New Jersey, Pennsylvania, Florida, Arizona, California, Germany, Singapore, and India.

And got 3 "office days" worth of work done.

And I haven't even brushed my teeth yet. :-)

You know what telecommuters say, "Once you've deployed a killer app in your pajamas, you can never go back."

2
points by angrycoder 9 hours ago replies      
I've spent the bulk of the past 8 years telecommuting, even when I've had full time positions locally. It requires a strong commitment to communication and the experience to recognize when the communication is failing so you can get off your ass for a face to face meeting or phone call. I also ending up working a hell of a lot more hours than I would if I just had a desk job. But I wouldn't have it any other way.

I don't give a shit about your corporate culture or your ping pong table or your office politics or your ego battles, I only care about solving problems and producing solid solutions. Telecommuting lets focus on doing just that while leaving all the other nonsense behind.

3
points by mgkimsal 10 hours ago replies      
This is sort of a no-brainer. I'm pitched by recruiters about once a week, and they're all for far away positions - typically SF area, but other areas too. I can't sell my house any time soon - the market just isn't moving - so I'm somewhat held hostage by geography. This doesn't mean that I can't travel onsite and visit your office regularly, nor does it mean skype and phone don't work out here in the sticks :)

Telecommuting requires the entire team or ideally the entire company be set up to work like that - just having one guy out in a different state or country on his own doesn't work very well in most cases. I understand that. What I don't get is why more companies aren't structuring themselves to take advantage of remote workers.

If you have strong procedures in place to deal with remote/offsite workers (fulltime or not), you can more easily integrate short term labor when you need it - you'll have the shared workspaces, file transfers, documentation, version control, etc, already set up and ready to let new people in as needed.

This seems like this would be a competitive advantage that more companies should be looking at. Maybe they will be in the coming years as the impact of underwater mortgages and geography-locked workers starts to impact the broader tech labor market.

4
points by jasonkester 8 hours ago replies      
I've been working a remote contract these last 6 month, and one thing that surprises me is how I bill a lot less hours than I would if I were on site.

If I boot up in the morning, spend 30 minutes trying to get into something, fail and end up back here on HN, I don't bill any time. If I did the same thing sitting in a cube, I'd get paid for it.

The end result is that the client gets a much better deal by having me off site. Works great for me too, since I can justify billing out at a higher rate that reflects the fact that they get essentially all my productive time for the week, and nothing else. Everybody wins.

As an added bonus, if I really can't get started in a morning, I can bail and go bouldering for the day and not feel guilty about it. The bizarro world salaried version of me would spend that same day sitting in a cubicle secretly playing video games on the clock.

5
points by jordanb 9 hours ago replies      
I routinely have people begging me to work for them, but probably 4 in 5 clam up when I specify that -- while I'm happy to spend as much time with them as necessary to get the specs and make everyone comfortable -- I will not sit in their office to do the programming.

I can not, for the life of me, understand why that is such a sticking point with so many people. Fortunately I have enough people who are willing to work with me anyway that I can forget about the ones who don't, but it seems mind-numbingly obvious to me that if you're desperate for the skills I have, you should be willing to work with a requirement that doesn't cost you anything.

As near as I can fathom, it's a psychological thing. Remote people don't seem like they're part of your "empire" as you look out across the office and see all the busy beavers hunched over their computers.

6
points by wyclif 10 hours ago replies      
Startups that demand relocation to NYC or SF are a total show stopper here. Many of us are held hostage by geography-- maybe you own a home, maybe you have kids in a school they're flourishing in, maybe your parents need help. If you're a family man you won't like spending your wife and children's time in Bay Area or Metro NYC traffic. But here's the thing: the technology most startups use means they can transcend geography to an extent.

I do not underestimate the value of having a team in the same location. It does affect morale and company culture. But with the right people and the right technology those issues are quickly going to wind up in the rearview mirror. When I look at a company, I want to see if they are set up to do remote work, or are they landlocked?

7
points by mgkimsal 9 hours ago replies      
Posting another thought here.

I have a suspicion that there's enough people in the SF area (and a couple of the the other "big" markets) that will actively fight against telecommuting, specifically because it will lower wages in those areas.

As someone else posted, yes, I understand the value of a team being in the same room. But that value comes at a premium price, and it's one which may not always be worth paying. However, given the boom/busy/buyout cycle in the bay area (as an example), enough of the same workers can move from company to company as the companies are merged, bought out, or close, that this keeps the talent supply close enough to what is needed to make it harder to embrace telecommuting. You just need a few more people to fill in a few gaps, right? They need to be on site, or they're not a 'team player', or just not serious about their career in tech if they don't want to move to the valley! (have heard this before).

If the majority of companies out in SF set themselves up to embrace telecommuting, that would mean it would be easier to fill that next position with someone from Idaho, Kansas or Utah. That would mean the company could pay a lower wage. Why would the culture of startup workers want to embrace something that will end up driving down their salaries?

8
points by michaelchisari 9 hours ago replies      
I love Chicago, you just can't beat this city for the kind of value you get for the price. The closest competitor is New York in terms of food and culture, but the costs are astronomically higher.

When I'm contacted by a job recruiter for a position that pays more, but requires moving to somewhere like Mountain View, I will rarely entertain the idea. Sure, I'll fly into the office, I'll do it quite regularly actually, but there's no way I'm picking up and moving to a city with considerably less to offer, yet which costs substantially more.

I understand the value of social capital, and working with people face to face. But how often does that really need to happen? As developers, our job is ultimately to write code, and that can happen anywhere.

9
points by bravura 7 hours ago replies      
At MetaOptimize, I am competing with Google and Facebook and LinkedIn and a host of other companies to recruit top ML + NLP talent.

But, the benefit of my recruiting model is that I hire people remote and part-time. A lot of strong strong people are in academia, but love their academic post and don't want to move. They just want build cool stuff on the side and make some extra money.

The fact that Google + Facebook + LinkedIn + friends must own you full time, asses in seats, creates a unique hiring opportunity for me.

10
points by ddlatham 9 hours ago replies      
I see several comments saying more companies should be hiring remote workers, building their culture to support it, and why aren't they doing it?

It's interesting to see the numbers in this article.

What's remarkable is that, even after two years of flattish compensation, technology professionals are willing to sacrifice $7,800 on average to work from home

The article speaks as if this is a huge amount, but as a chunk of total salary, it's probably 5-15% for most tech jobs. So the question for employers is, is it worth an extra 5-15% in salary to have your team work together in person?

In many cases it is.

11
points by igorgue 9 hours ago replies      
My advice would be, talent /= experience.

I'm sick and tired of companies being super picky because I don't know their technology stack or maybe just one element, they don't even offer a technical test these days.

I wont learn Cassandra or Scala because they are popular on super-webscale sites, I did, though, learn Haskell, Node, MongoDB, Redis, Python, Ruby, not because they teach that in college. I think that tells you I can learn other technologies.

But I get a feeling - in many interviews I've had in the last couple of month - they get disappointed when I tell them I don't know Scala, Cassandra, Hadoop...

Most good programmers I know (they're not genius level, nor most of the people here) are willing to relocate wherever you are, but they might not know the super-awesome-webscale technologies you use because they work for actual businesses that charge customers and don't need a billion uniques a month to be profitable.

Instead of bitching about the lack of talent (and there are many programmers like me) be willing to train people on your weird-ass technology stack.

12
points by bphogan 10 hours ago replies      
I would love to do more remote work, but then I hear horror stories about people having problems not being around people. Feelings of isolation set in after a couple of months, and people end up going to a gig where they are around people. To those doing remote work, is this common?
13
points by shimonamit 10 hours ago replies      
I liked the ending:

Maybe if we called it 'cloud commuting', CIOs would buy in.

14
points by rickmb 9 hours ago replies      
In my experience, the number of people that actually have what it takes to telecommute effectively is extremely small, and most of those are self-employed already.

Of those that want to telecommute and have a steady job, very few can actually handle the responsibility and the lack of stimulus from co-workers for longer periods of time. Flexible hours, working from home on a regular basis, sure, no problem, but actual full time telecommuting requires a lot of commitment, discipline and communication skills.

15
points by dabent 9 hours ago replies      
I have failed to understand why someone in India can do my job, but telecommuting is still frowned upon.
16
points by earl 6 hours ago replies      
I've previously worked for a pair of bosses who telecommuted. Never again. At least for the types of algorithmic / machine learning software I work on, frequent in person collaboration is really helpful and none of the remote collaboration software came close to standing in front of the same piece of paper / monitor / whiteboard.
17
points by droz 6 hours ago replies      
I think I may be in the minority, but I don't think people are thinking of the consequences of this telecommuting push.

I like the fact that there is a place where I do work and where I live. I do not want these two places to be the same. Much for the same reason people don't put a television in the bedroom. The bedroom is for sleeping, the living room is for TV.

I find that with the remote people I need to work with, I'm working around their schedule of when they will be around. It is difficult to communicate over IM, IRC, telephone and Skype (doesn't feel a fluid as face-to-face interaction).

If everyone starts becoming remote, then what's the point of having an office? If enough companies come to the same conclusion, what's the point in owning a building (from the eyes of a real estate guy). And ultimately, what's the point of having big office parks and so on and on. That's a lot of land and lot of capital at stake if this ever actually took off.

If a company asked me to be remote, I'd tell them I'm going to start looking for other employment options.

18
points by fshaun 1 hour ago replies      
As with many things, working from home entails tradeoffs whose [dis]advantages will be weighted differently.

For me, it's great when I need to concentrate and bang out the code. No distractions, and I can poll IMs instead of needing a context switch when someone drops by. If I'm stuck on a problem I'll go for a walk, cook food, or take the laptop out to a coffee shop to work. I enjoy the flexibility.

Downsides for me: I do miss some of the random office chatter -- finding out cool problems coworkers have solved and generally learning by osmosis. And I have yet to find a great replacement for 3-4 people standing at a wall of whiteboards. IMs, skype and meeting highlights solve some problems. Our group is 2/3 remote spanning 8 time zones, so we're used to working a bit harder on communication.

As for social factors, it was hard at first. I'd find myself not leaving the apartment for weeks, which was less than good... I'm making an effort to get out of the house daily, whether hitting the gym, buying groceries, or just strolling around. This is getting easier, especially as spring seems to finally be hitting Boston.

The biggest non-technical advantage for me is not needing a car. I detested commuting. Instead of spending an extra hour or two driving I can take breaks (or even naps) in the day and have the same "door-to-door" time. Financially, it's also a winner. I don't even know how much gas costs here. There are 4 zipcars within a few blocks if I need them.

Work-life separation is trickier. I'd love to have an apartment with an extra room for an office, but that would likely cancel out any vehicle savings. Getting a separate desk to split work and personal computing helped a ton here.

19
points by crenelle 9 hours ago replies      
I have telecommuted for several gigs and positions. The most difficult situation to deal with is when most of the rest of the company doesn't telecommute, so everyone is not in the habit of cluing you in to what's going on. You may have all the tools required to establish and maintain decent communications, but they often don't bother to adopt any of it for their end. I even remote-developed for a large networking company with enormous communications facilities designed to solve problems like that -- but they had me fly over to headquarters all the time instead.
20
points by kayoone 9 hours ago replies      
I worked from home for the past couple of years and now work in an office and have to communte everyday. But i have to say i like working in a space with other engineers to discuss ideas and concepts and energy more as sitting alone at home.
21
points by megamark16 8 hours ago replies      
Thinking back to the recent post about Performable paying a $12,000 referral bonus: I consider myself a perfect candidate for the Performable job, with the exception of location and willingness to pick up my family and move them across the country. For a competitive salary (by midwest standards, which would be a lot less than what you'd pay in Boston) I'd tell them to keep that $12,000 and use it to fly me out to boston twice a month for a few days at a time, and let me work from home the rest of the time. I work hard when I'm at home. Shoot, I built AppRabbit from the ground up evenings and weekends from the recliner in my home office. Plus, I spend more than an hour a day commuting right now, so you can have that time too :-)
22
points by atacrawl 10 hours ago replies      
With an unemployment rate of just 4% among tech professionals, and shortages in specific fields, flexibility shouldn't be a last resort.

I would have guessed that tech unemployment would be lower than the national average, but 4% is really low.

23
points by keefe 53 minutes ago replies      
sane people like to work for other sane people and work should be about what you produce unless you have necessary human interactions
24
points by spoiledtechie 8 hours ago replies      
<shameless plug for a job>

I know im a bit late to the game.

I have been looking for a telecommuting job for the past 6 months with no such luck. I am a solid programmer and I get the job done. I hobby code at home and have an awesome work ethic. I have several years experience and have been everything for GIS software to coding directly on the GPU.

I have worked on all three types of mobile devices for my current job, and have a pretty intense background of C#.

If anyone has a job that they would love to fill with a telecommuter. Please look my direction.

my blog at spoiledtechie.com
my email spoiledtechie with gmail.

Thanks for the look see!

25
points by Harkins 8 hours ago replies      
Anecdote: I've been traveling for the last three months, but most of my network is in Chicago. I hear from recruiters and hiring managers every couple days and, despite the consensus that Chicago has a "developer crisis" (to use the words of an Obtiva blog post), every single job has onsite only.
26
points by pbj 9 hours ago replies      
I was reading a study a while back about how an absurdly high percentage of total jobs could be done via telecommute but aren't. It's crazy to think about how many millions upon millions of dollars in fuel costs and reduced emissions could be saved by having more telecommuters. Not only that, but companies could save so much money by having reduced or no office space/electricity/etc. Plus they'd get the added benefit of increased worker satisfaction in most cases.
27
points by SoftwarePatent 10 hours ago replies      
Want to attract top tech talent? Offer a high salary.
28
points by adnam 9 hours ago replies      
I recently quit my job because they wanted me to telecommute.
29
points by jherdman 9 hours ago replies      
Like hell I would! Nothing beats face-to-face communication, and the wonderful things that can arise from spontaneous interactions.
30
points by kalleboo 2 hours ago replies      
I've never had a proper job in an office - I started working an online gig in uni, and I've been working for them ever since. It's great not needing to be in one place. I've started taking round-the-world trips - live cheap in hostels, work in coffee shops using their WiFi. Hanging out in Singapore and Tokyo sure motivates me to work a lot more than my apartment at home.
31
points by pdenya 10 hours ago replies      
I used to work in NYC but I've been working from home for a couple years now for an agency based in NYC (I live in CT now). I make good money but I've been offered a 20k+ raise and other bonuses to work in the city. Barely considered it.
32
points by dekayed 9 hours ago replies      
I think it is also important for in-office workers be allowed to telecommute when needed. Having that flexibility offers a lot of freedom as there are times where you need to be out of the office but can still work. I currently have a family situation where I try and be at my parents' home a week a month and having the option to work from there has been a huge help. It is definitely a big factor in why I would stick around in my current job for a while at least.
33
points by melipone 10 hours ago replies      
I agree. We need to see more of that. I would suggest to offer a few trips a year to the "office" though for morale.
34
points by Andys 4 hours ago replies      
35
points by mdink 9 hours ago replies      
I started an interesting thread awhile back about this very topic:

http://news.ycombinator.com/item?id=2202187

Had some interesting comments...

36
points by lancefisher 9 hours ago replies      
I live in Missoula, MT and I'm not willing to move because my family is here, and I love the city. Programmers here are willing to take a pay cut to stay, and I know several that telecommute to out of state jobs that pay better than most local companies. I telecommute too, but my employer is local.
37
points by adyacplus 7 hours ago replies      
I have never earned a dollar in IT, but in other fields
I got a lot of success, so I consider IT a hobby.
Perhaps I could be a top tech talent if enough money and
flexible conditions were around, anyway I think programmers are mere pawns in game of business, so it seems better to
devote time and energy to develop better strategies.
38
points by cheez 6 hours ago replies      
Haha, cloud computing!
39
points by brndnhy 7 hours ago replies      
If you're "top tech talent", compromising on salary will likely not be part of your telecommuting scenario.
19
New CSS Techniques and Tools smashingmagazine.com
230 points by cwan 1 day ago   3 comments top
1
points by tripzilch 1 day ago replies      
oooh, I especially like the cicada thing (aka multiple backgrounds with co-prime dimensions). Lots of interesting possibilities there.
20
The Node Beginner Book nodebeginner.org
230 points by shawndumas 15 hours ago   43 comments top 11
1
points by nailer 15 hours ago replies      
Good things:

- Tells me what I'll make with the tutorial right up front.

- Lets me know exactly what prerequisite knowledge is (I can tick all those boxes, good).

- Aimed at folks who know traditional backend languages and some JS but aren't JS Gods (a lot of node tutes seem to assume complete JS mastery).

No bad things so far!

Thanks Mr Dumas.

2
points by ManuelKiessling 13 hours ago replies      
Hi all,

I'm the author of The Node Beginner Book. Thanks for discussing it here.

Your input is a great help. I see the points WA makes regarding the bad things.

It's true that it's yet another Node tutorial chewing around on the web server / web app stuff; but I think for the people I'm addressing it's still the most useful scenario because it allows to understand how a full fledged app is put together, and is a great example to explain all of the fundamental concepts, new JavaScript ones and conventional ones (because it might makes sense to understand what stuff is done differently and what is done in a known fashion).

So nothing really new here - I hope where this tutorial differs is that it (arguably) might be the first "one-stop" tutorial for Node to get beginners started. Not more not less.

Every other resource I could find forced me to google around to fill the gaps - while this is not a bad thing per se, I think sometimes it's nice to have something that really guides you from A to Z.

Like, for example, http://ruby.railstutorial.org/. If I manage to create something that's only 10% as cool, I'm going to be very happy :-)

3
points by yardie 13 hours ago replies      
This will be an invaluable guide in the future but I think it needs more work. Hello World has been covered everywhere so it's utility as an intro is pointless if you are already a programmer or are familiar with programming.

The guides I find most useful, in addition to references, are the ones that have you build an application from the ground up. So that you start to understand the pros and cons of the language you are trying to learn. I already know how to do Hello World, I already know how to create a node server, what I want is a bit more context, like building a simple messaging server, how to create and use simple frameworks, whats even more appreciated is tutorials and samples about the stuff already built-in.

This is one of the reason why I like working with Apple and Microsoft. They give you tons and tons of sample code that compiles and work. Want access to process information? Here's how. Want to use the camera? Here's how.

It would be great to have a simple CRUD node app that connects to MySQL. That usually gets me 75% of the way there.

4
points by city41 13 hours ago replies      
I'm still trying to understand how node actually works. I'm just about to start digging through its source code. It seems most people view node as a magical mystery that they don't understand why it works, just that it does. How is a single threaded app doing things in parallel? Is it like a game loop where it iterates through all its pending operations and gives each a slice of time to progress forward? Are deeper parts of node multi threaded? The callbacks being called serially makes perfect sense, its the parallelness of the actual operations that confuses me.
5
points by brown9-2 14 hours ago replies      
A little confusing that the title refers to "Node" rather than "node.js".
6
points by RyanMcGreal 13 hours ago replies      
This was a well-written, easy-to-follow introduction, but I'd gladly pay money for an actual Node book that takes the reader from introduction to mastery.
7
points by d0m 14 hours ago replies      
I suggest using syntax highlighting in code examples.
8
points by Apocryphon 9 hours ago replies      
I've asked this already (http://news.ycombinator.com/item?id=2447840) but what books on JS are good for someone who wants to go into development with Node? Most texts that I know of deal with client-side JS. Right now I'm just reading Eloquent Javascript + JavaScript: the Good Parts, but I would like to see if there's any other books that would be good, especially for someone new to closures.
9
points by rmason 11 hours ago replies      
I second the need for a good CRUD example. Also "clear" instructions on running NODE on Windows would be a big help.
10
points by rick_bc 6 hours ago replies      
Kind of off-topic, but I don't really understand what Node.js is about until this presentation.

http://jsconf.eu/2009/video_nodejs_by_ryan_dahl.html
http://s3.amazonaws.com/four.livejournal/20091117/jsconf.pdf

11
points by hutushen222 14 hours ago replies      
Though I learn only a little JavaScript, I will try it while I have a block time.
Now, just save it to my personal archive.
21
Show HN: made a html5 game, polished it many many times hotbazooka.com
209 points by bazookaBen 3 days ago   113 comments top 45
1
points by pornel 3 days ago replies      
Just a general advice for writing HTML games: remember to preventDefault() on all keyboard-related events (keydown, keypress) for all keys you use when your game has focus (add tabindex to your canvas so you'll get focus/blur events).

Otherwise browser's shortcuts could interfere with your game. I have Opera customized with 1-key shortcuts (with no modifier key) and that's a minefield in games that assume keyboard is all for them.

2
points by thamer 3 days ago replies      
Your App Engine app is over quota, game.min.js can't be loaded: http://game1-main.appspot.com/baked/game.min.js
3
points by treyp 3 days ago replies      
pretty awesome job. fullscreen or a larger playable area would be nice.
4
points by JoshTriplett 2 days ago replies      
I'd recommend against using OpenID; see http://productblog.37signals.com/products/2011/01/well-be-re... for a well-written explanation of why. However, in the meantime, if you continue to use OpenID, please allow user-specified OpenID URLs, not just a fixed list of providers.
5
points by woogley 3 days ago replies      
Decent game overall, but I hope you plan on switching out the Advance Wars sprites with something you own in the future. (or use resources from sites like http://opengameart.org/)
6
points by pedrokost 3 days ago replies      
You may want to use the up arrow to jump. Using X for jumping and C for shooting is a bit confusing.
7
points by aberkowitz 3 days ago replies      
The best part about it was that I forgot it wasn't Flash.
8
points by mkilling 3 days ago replies      
Really really great game! You should make the rewards for freeing a prisoner appear instantly, waiting for those items to appear kills the pacing of the game somewhat.
9
points by mayukh 3 days ago replies      
10
points by aniket_ray 3 days ago replies      
Doesn't seem to be working on my XP SP3 + Chrome 10.
I'll give it a try later on my Ubuntu and Win7, if they work any better.
11
points by nicetryguy 3 days ago replies      
i like it!

Needs a shorthop bro. Jump continues only if jump button is being held. check any NES / SNES Mario for an example

12
points by flondon 3 days ago replies      
This was really fun! Addictive enough to have me spend 20 minutes completing all 5 levels.

Suggested areas to work on:
1 - The FPS reduces significantly when battling the tanks and shooting the officers - almost to the point of wondering if the game will crash.
2 - There was 1 prisoner on level 4 who I'm sure was unreachable.
3 - Improved sound effects i.e. different level music, mood music when facing the tanks etc

Looking forward to the next installment.

13
points by pablasso 3 days ago replies      
The fact that you can run out of ammo may made it a little too punishing for a game like this.

It's addicting anyway, but it could be even more.

14
points by esschul 3 days ago replies      
The key binding is the same as in biolab disaster. And it sort of looks the same. But awesome-awesome. Multiplayer coming soon?
15
points by allenp 3 days ago replies      
I like the meaty sound it makes when a shot hits. More meaty sounds might be good.
16
points by Arxiss 2 days ago replies      
This is so awesome! Good work bazookaBen! I can't believe that you can make games with... html5. I thought this is only like: "with html5 you can make games! yea yea, i will just stick to flash..."
17
points by makmanalp 3 days ago replies      
Pretty awesome! My two complaints: Not everything has to talk. The weird monster going "roar" was a bit tacky. It's an ingrained convention that if something is flashing, it's about to disappear, so don't have your health crates flash by default.
18
points by davorak 3 days ago replies      
The music goes a way when I switch tabs! It is a shame more games do not do this.
19
points by amourgh 3 days ago replies      
Nice job.Can you please tell me what you used to code it:RoR,Python or just HTML5 only.i have an idea to develop something like that.
20
points by bcaulf 3 days ago replies      
Fun game! I'm happy I got to play. Smooth and natural feeling controls at 50+ fps on Opera 11.01, Windows Vista, 2.4GHz Core 2. Smoother than some native code games games I have played. Good art, good sfx.

I did want bigger pixels. Zooming in the page in the browser worked fine. And I would have liked either a higher difficulty setting or adaptive difficulty that gets harder if I haven't died for a while, like Xevious had. And I agree with nicetryguy that a short jump would be nice. And the monster didn't really make any sense in the game story.

21
points by suhail 3 days ago replies      
Is there a way to get in touch with you? Email me? suhail@mixpanel.com
22
points by sgt 3 days ago replies      
I just put on my headphones, I didn't know you had this awesome C64 style music in it.. Great platformer game..!
23
points by nitrogen 2 days ago replies      
Is there anything that can be done about the audio lag? In other words, is it something that could be solved in JavaScript, something that needs to be improved in browsers, or an inherent flaw in the HTML5 audio spec?
24
points by jcapote 3 days ago replies      
This is probably the smoothest html5 platformer I've played. Kudos.
25
points by riskish 3 days ago replies      
this is awesome. Nice work. What tools did you use?
26
points by bazookaBen 3 days ago replies      
anyone completed the entire game so far? I made 5 levels, planning to have more by next weekend
27
points by bazookaBen 3 days ago replies      
the game was tested on

Chrome 10
Safari 5
Firefox 4
Opera 11

some users with IE9 reported some errors, I couldn't debug because i'm on OSX. Please let me know if there're any cheap methods to get an IE9.

28
points by thepsi 3 days ago replies      
Nice game - how much work is something like this?

I like how the controls/movement are precise yet just forgiving enough.

Only thing, I'm not hearing any music (Chrome 11 beta, OS X).

29
points by GvS 3 days ago replies      
Nice oldschool music. Where did you get it?
30
points by kyledr 3 days ago replies      
Great game. A little QA: your enemies are speaking a mix of German and English, and the signage is English. When you follow woogley's advice and change the sprites out, make sure exit becomes Ausgang. Some enemies say "fire!" instead of "feur!", and some say "stop!" instead of "halt!" Also, I couldn't restart the game at the game over screen (using c or x). Chrome 10 on OSX.
31
points by bazookaBen 2 days ago replies      
have a quick question: how do I sort the comments coming in by time? Getting pretty overwhelmed here.
32
points by wazoox 3 days ago replies      
Fantastic job! The only downside is the limited game area size, but it's really pretty and funny.
33
points by sgt 3 days ago replies      
Pretty cool! Is there any way you can make it larger? I find the characters to be very small.
34
points by zquestz 2 days ago replies      
Really like the game, have you considered doing a write up on how you developed it? I think there is a lot of people out there that would be interested in developing a game, especially with this level of polish.
35
points by joakin 3 days ago replies      
Shouldnt this load on the iPad ? It stops at 25% of the loading
36
points by adsr 3 days ago replies      
Nice game, well done! Reminded me a bit of Metal slug.
37
points by danenania 2 days ago replies      
Awesome! Creative and fun gameplay. Action-packed. Good level of difficulty.
38
points by ct 3 days ago replies      
Very cool dude! Congrats on finishing it. This is motivating me to start on a game also this weekend :)
39
points by chromejs10 2 days ago replies      
Nice job! It's fun. The jump is a little too slow for me though. And it's very frictionless. Awesome that this was done in html5.
40
points by creativityhurts 3 days ago replies      
I think I found a bug: after losing the game and you want to start again, pressing x or c doesn't do anything. (Chrome 10 on Win 7)
41
points by yousain 3 days ago replies      
Great game. Just played it again so I can beat it. One thing I found annoying was how the enemy bullets can go through cover. Also I would have liked it more if you added more boss fights like the one in the first level instead of just tanks.
42
points by philipDS 3 days ago replies      
Super awesome! Reminds me of my old NES games :)
43
points by potomak 3 days ago replies      
are you @BazookaBen from Minnesota?
44
points by jsavimbi 3 days ago replies      
Not bad, not bad at all.
45
points by foxhop 3 days ago replies      
Nice work!

I'm in the process of building a game portal, would you like a subdomain like http://privatejoe.gumyum.com ?

I could create an A record right away.

Also you should check out my game sometime at http://four2go.gumyum.com

23
Photo tour of Facebook's new datacenter scobleizer.com
205 points by creativityhurts 3 days ago   49 comments top 14
1
points by maukdaddy 3 days ago replies      
This is absolutely fantastic. I've been following the Google datacenter efficiency project for a while, and an opensource competitor will only make things better for the world. I can't wait for the day when more large companies either embrace this concept for their own datacenters or outsource to datacenters built on these technologies.
2
points by cmelbye 3 days ago replies      
Very cool, but why in the world would he use Instagram? All it did was crop the photo down to a square, so we couldn't see parts of the datacenter that weren't within that square.
3
points by chuhnk 3 days ago replies      
Rackspace are building a datacenter based on the opencompute plans, very cool. Exactly what I had thought about based on the announcement of open compute. Hosting companies, large companies and all sorts will be leveraging this information to increase the scale of computing in datacenters as a whole. I hope more companies will contribute to opencompute so we continue to see improvements like this. The facebook datacenter looks awesome, as you can see they are serious about being a long term company rivalling the likes of google.
4
points by martincmartin 3 days ago replies      
Which brought up the question: why Prineville. ... low tax rates and friendly climate to business, etc.

In other words, whatever labor is needed is considered unskilled. You found a tech company in the Valley, NYC or Boston because, even though the costs are high, that's where you can attract the talent. When the quality of employees is a non-issue, you may as well place it in a place that's economically depressed, i.e. desperate.

5
points by forkandwait 3 days ago replies      
Just a note: In the high desert, "evaporative cooling" (all those water jets, fans, and filters) are refered to as "swamp coolers". Much more poetic.
6
points by torstesu 3 days ago replies      
How can this be more energy efficient than systems using cold ocean water to dump the heat surplus? E.g. The datacenters in iceland, where Opera has its datacenters. Would love some more details.
7
points by davidw 3 days ago replies      
Being from Oregon, I always get a kick out of seeing this... Facebook, in Prineville. It's a small town that's not much of anywhere. Previously, it was known as the HQ of Les Schwab (free beef!) Tires, but even they moved over to Bend.
8
points by soundlab 3 days ago replies      
Note the dual axis solar trackers in the field adjacent the facility. They are from Bend, OR solar startup PV Trackers http://www.pvtrackers.com/
9
points by akent 3 days ago replies      
I wonder why there are at least two ridiculously big (like, 4096 pixels wide?) embedded images that are forced to width=500 in the HTML? Ever heard of thumbnails?
10
points by rhizome 3 days ago replies      
By the way, why did Rackspace send me there? For those who don't know, I'm a full-time employee of Rackspace which is the world's biggest web hosting company.

Scoble has a day job at Rackspace?

11
points by ck2 3 days ago replies      
So this is fun to look at, but considering how datacenters are supposed to be secure, isn't this counterproductive to them?
12
points by fedd 2 days ago replies      
do all/many queries to facebook go to Prineville and how physically? shouldn't datacenters be in the middle of some thick cable hub?
13
points by mrmuhacks 2 days ago replies      
would be even more interesting if a tech person could do a tour/photoshoot instead of a non-technical buzzhound.
14
points by wefqwerq 3 days ago replies      
Why is a corporate guy wearing a jacket showing the datacenter ? Doesn't represent the startup spirit IMHO.
24
Dropbox Hits 25 Millions Users, 200 Million Files Per Day techcrunch.com
199 points by ssclafani 1 day ago   72 comments top 19
1
points by staunch 1 day ago replies      
I know it will probably end up being the first $1 billion+ exit for YC but I'm really hoping it's the first IPO. It'd really put an end to the myth that YC startups are "dipshit companies" once and for all (not that Heroku didn't do a decent job of that).
2
points by brlewis 1 day ago replies      
Thanks to Dropbox my photo sharing site has the world's best uploader. (1) Since it's an ordinary folder, all photo management software (iPhoto, Aperture, Lightroom, etc.) can export to it without installing a plugin. (2) People can queue up photos to upload while traveling even if they're currently without Internet access. (3) Mobile clients are already built, and people can use the same client either to upload to my site or to send to their desktop for post-processing.

If you're running a site that people upload files to, I highly recommend integrating with Dropbox. They have an API, but I just did it by letting people share a new folder with box@ourdoings.com and pulling photos from that folder.

3
points by edanm 1 day ago replies      
Dropbox is the best startup to rise in the last few years. In terms of startups I use that have actually changed the way I use computers in a huge way, it is right up there with Facebook. It is one of the services that I simply could not imagine living without, now that I know it exists.

If you haven't used it, or are still on the free plan, you really should try it out and buy at least 50gb. Stick all your most important files in there, and forget about that annoying thing called "backups".

4
points by maguay 1 day ago replies      
It'd be really interesting to see how many of their users are paying subscribers. Most of the heavy Dropbox users I know do have pro accounts, and for me, it's the best spent SaaS money I've every spent!
5
points by rmorrison 1 day ago replies      
Wow, the most impressive thing here is the exponential growth: 2 million users in late 2009, 4 million mid 2010, 25 million now.
6
points by citizenkeys 1 day ago replies      
Proving that dreams sometimes do come true, the Dropbox Y Combinator application from 2007: http://files.dropbox.com/u/2/app.html

Google never got around to releasing the "G Drive". None of the other competitors for Dropbox ever caught on, either.

7
points by jcampbell1 1 day ago replies      
Has dropbox taken money since the $6M in 2008?

Their financials must be incredible. If it costs $2/yr to support a free customer, they must already have 500k paying customers to cover the cost. They could just as easily have 1M paying customers and be wildly profitable.

My guess is they are keeping their financials a massive secret, because if they became public it would invite competition from copycats with a budget for TV ads.

8
points by RK 1 day ago replies      
Maybe I should send an unsolicited job application to Dropbox for a (sexy) data scientist position. 25 million users is pretty crazy.
9
points by revorad 1 day ago replies      
A hockey stick made of money! Thanks Dropbox for setting such a kickass example of a great technology product and company.
10
points by tropin 1 day ago replies      
Dropbox it's ok, but what I'd really love is a software which does something a bit different: to arrange all the unused space in the hard disks of a LAN as a big virtual folder, with redundancy and all.

Every time I think of the Outlook-and-Word users I have at the office with 500Gb hard disks...

11
points by geoffw8 1 day ago replies      
Dropbox - the result of building something people actually want.
12
points by didip 1 day ago replies      
Dropbox had helped me accomplished the impossible.

Convincing a girly teenage girl to have a habit in backing up her computer regularly.

No other service could do that, not even Time Machine.

13
points by sdizdar 1 day ago replies      
Amazing... One thing I would like to point that even though people claim that systems such as Dropbox are "simple" it is really not so simple to implement.
Just ensuring that Windows piece does not mess up your computer (eat all your CPU, bandwidth etc.) is really hard. There are a lot of not-so-sexy work behind the curtains.

BTW, we just started private beta for cloudHQ for Dropbox (http://www.cloudHQ.net/dropbox). Basically this service provides synchronization of Google Docs and Dropbox files and backup of Google Docs to Dropbox. And we have a cool thing that you can edit Dropbox files directly with Google docs (you need to install our Google Chrome extension). We need some beta testers ....

14
points by rakkhi 1 day ago replies      
I am massive fan of Dropbox and like to see it doing well. I have talked about its virtues on many Quora posts. I have ussually recommended using a Truecrypt volume within the Dropbox folder to guarantee encryption.

Now reading findings like this and the authentication issues exposed in the last few weeks I'm getting quite worried about the security of the whole solution. Going to have to change a lot of my posts to say do not store anything sensitive without Truecrypt: http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...

15
points by stef25 1 day ago replies      
Dropbox worked great for me for quite a while. Then my Keypass password.kdb file got corrupted. This file contained all the passwords to my personal / freelance and office projects. Impossible to retrieve the data. Major PITA. So now I just use it for funny pictures and music but I don't trust it with really important things anymore.
16
points by loso 1 day ago replies      
This is definitely a service that I have no problem paying for. Whenever people say to me that people will not pay for online services and you have to use ads, I use Dropbox and Netflix as an example now that Netflix's streaming service has really taken over.
17
points by brown9-2 1 day ago replies      
Anyone know if that is 25 million active users or 25 million registrations?
18
points by plainOldText 1 day ago replies      
im wondering how many of these users are paying customers, since subscription is dropbox's only source of income as far as i know.
19
points by Fester 1 day ago replies      
Awesome numbers. I wish I could participate in design/implementation of a system like that.
25
Former Google VP Kai-Fu Lee Got a Nickname, Start-Copy Lee jyorr.com
199 points by rjyo 4 days ago   94 comments top 27
1
points by gyardley 4 days ago replies      
Tumblr's not alone -- Innovation Works also has a pretty decent copy of my last start-up, Flurry, called Umeng. (For the curious, compare the product at flurry.com and umeng.com.) I've been watching Umeng for a bit and the services have slightly diverged, presumably because Umeng's learnt a bit more about the Chinese market and adapted its product. But the initial product was just a straight-up clone.

I am a little surprised to see this from as respected a person as Kai-Fu Lee, who I'd expect to be innovating, but you just have to shrug. This sort of thing happens in business, and it's not worth getting too excited about.

2
points by erikstarck 4 days ago replies      
While this example is a little extreme in its similarity with the original, copying a startup idea and implementing it in another market than an English speaking is not just done in China. Here's an article about a bunch of european startups doing the same:

http://www.businessinsider.com/what-do-ebay-facebook-and-gro...

3
points by iantimothy 4 days ago replies      
I can't remember where I got this quote from, but early on I learned that there are basically three ways to beat the US in technology:

1. The Japanese Way - Innovate By Leapfrogging.
2. The Indian Way - Innovate By Piggybacking.
3. The Chinese Way - Innovate By Copying.

Looking at how things have been over the years, China isn't going to stop a strategy that has worked across industries.

4
points by kragen 4 days ago replies      
Some other important look-and-feel clones:

Windows (copying MacOS)

Lotus 1-2-3 (copying VisiCalc)

GNU/Linux (copying Unix)

Gosling Emacs (copying ITS and Multics Emacs), which eventually became GNU Emacs

Excel (copying Lotus 1-2-3, to the point that VisiCalc slash commands still work in Excel last time I tried them about five years ago)

OpenOffice (copying Microsoft Office)

C compilers everywhere (copying the original Unix C compiler)

Compaq's clone PC (copying the IBM PC, and giving rise to the entire IBM-compatible market)

Friendster (copying Sixdegrees)

Facebook (copying Friendster, somewhat less faithfully)

Every modern IDE (copying Turbo Pascal)

Every modern search engine (copying Google)

MS-DOS (copying CP/M and a little bit of Unix)

MercadoLibre (copying eBay)

Intel's current x64 CPU line (copying AMD)

Netscape (copying Mosaic)

Internet Explorer (copying Netscape)

Wordpress (copying Movable Type) (I'm not sure who to credit with the modern blog, with its comment threads, "after the jump", and permalinks. Pyra?)

Being able to copy the look and feel of competing products is crucially important to allowing innovation to continue. If Personal Software Inc. still had a monopoly on spreadsheets, it's a good bet that the spreadsheets we use today wouldn't have progressed much from where we were in 1984. The interface designs that seem innovative and unique today are either faddish crap or the baseline from which tomorrow's innovation begins.

5
points by tyng 4 days ago replies      
I'm not against stealing ideas and methods from other companies, internalising them then IMPROVE upon them. That's part of innovation.

But blatant copying?! Even the UI?! C'mon Kai-fu, I'm sure Innovation Work can do better than that. The whole purpose of Innovation Work (which is itself a copy of YC, for those of you who don't know) is to spur entrepreneurialism in the region, but all I see is setting up a very bad example. I can't imagine how the founders feel OWNERSHIP in their startups. It's more like a gold rush.

6
points by holdenc 4 days ago replies      
Tumblr will have the last laugh here. There's practically no market for tasteful online advertising or paid software in China. So, while he might rack-up users it will be hard to monetize this.
7
points by delackner 4 days ago replies      
I'm kind of surprised that anyone is actually surprised or offended by this kind of stuff. The US would be a backwater farming colony if it hadn't wholesale stolen the technologies that allowed New England to compete in the textile industry. That is only the most obvious example.
8
points by dclaysmith 4 days ago replies      
These copy cat sites (and similar ones in Europe) are an interesting test to the "idea" vs. "execution" argument. I bet that there are other nearly perfect clones of Tumblr in China yet this one has risen to the top. I'm sure Kai-Fu Lee is looking beyond the ideas and at teams behind them.

Cloning might not be the most ethical way of building a product but clearly DianDian identified a market that wasn't being served in China and had the ability to bring a product to that market.

I love that the discussion of cloning was happening on "Zhihu, a clone of Quora".

9
points by BrandonM 4 days ago replies      
> His first open letter in year 2000 to students titled About honesty and integrity.

This is the author's big conclusion? He just had to go snarky with it? The guy once wrote about honesty and integrity. That was TEN years ago; it's not some big scandal that he has now taken a couple products that were not available in the Chinese market and brought them to market as quickly as possible.

If you can get away with it, why not make your minimum-viable product a near-clone of an existing product that works but not in your market? That seems like a very sound strategy to me. Once he gets some traction and begins to see what improvements he should make in the context of his market, the product will begin to diverge.

If Tumblr wants to localize to China with an all-new Chumblr, then we can start fighting over IP theft. Until then, the guy is simply doing a service.

Blogs used to be superior to mainstream media because they gave the straight facts while avoiding the sensationalism that plagues modern day media. It's too bad the latest wave of bloggers are all wanna-be journalists.

10
points by michaelpinto 4 days ago replies      
Something that we tend to forget is that we learn by imitation " and industries are no different than individuals. Chinese firms will start to evolve their software to local tastes and will slowly set themselves apart from mere clones that don't translate well. That will be followed by free form borrowing of the best ideas from multiple sites " and that will be followed by local innovations. And at that point China will begin to export their software as the world wants to talk to them (much the way you'd join LinkedIn from abroad if you wanted to do business with Americans).
11
points by wcsun 4 days ago replies      
Ironically, Sequoia Capital invested both in DianDian and Tumblr. Great Firewall is really good for copying and monetizing startup businss.

http://fan.renren.it/a/ITxinwen/hulianwang/20110325/79864.ht...

12
points by brown9-2 4 days ago replies      
Why is Google mentioned in the headline? They have nothing to do with this story. Might as well list all of the schools this guy attended in the headline as well.
13
points by yannickmahe 4 days ago replies      
Interestingly, the Chinese word for learning, 学 (xue) also means to imitate/to mimic.
14
points by nikcub 4 days ago replies      
The entire Chinese startup scene fascinates me - we don't peer into it often enough
15
points by Hipchan 4 days ago replies      
As much as it pains me as a person who values intellectual property, I have to admit that copying is a valid and important strategy. At least half (anyone know of a more educated number?) of the development in Asia since the Meji Restoration consists of pasting Western ideas.

I hope this means that all startups take the internationalization seriously from the beginning. Hopefully we can get some sort of solid services / startups / processes that can help internationalize companies much earlier on.

The current crop of localization services are frankly inadequate.

16
points by tstyle 4 days ago replies      
In general cloning is pretty bad. If I ripped off a popular iphone app, threw it on the app store, I'd be dilution the profit of the original creators and confusing users. I profit at everyone else's expense.

But there is a pretty good chance that Tumblr and Quora will soon be blocked in China. (All it takes is one blurb by one user on a sensitive issue, which is how Posterous and blogspot got blocked).

So if we assumed that

1) A product like Tumblr creates value for it's users
2) Tumblr will never be able to profit from China without the government/network connections

then cloning Tumblr seems like a win win scenario for everyone involved.

If doing a startup is about creating something users want(that doesn't exist yet or is not accessible for whatever reason), and the spirit of startups is to do things as efficiently and cheaply as possible, then isn't Diandian(the Tumblr clone) doing exactly what they are suppose to?

Disclaimer:
I founded a startup in Beijing a few months ago, and actually received seed funding from Kaifu's Innovation Works. I don't work for them, nor am I trying to defend anyone's actions(Come on guys... even the ICONS?). Just offering a different perspective from the other side of the the great firewall of China. ^^

17
points by guard-of-terra 4 days ago replies      
Many Russian internet businesses (can't call most of them startups) copy parts of interface, ideas or business models from American [ex]startups.

They never seem to copy the whole experience as a whole, as it seems to be with Chinese ones - but useful bits here and there.

On the other hand, when they don't copy they are accused of that anyway because for some reason Russians value precedence in tech highly.

In all the world the problem seems to boil down to: If there is a business model that works and the niche is vacant in their market, why innovate?

18
points by est 4 days ago replies      
19
points by staunch 4 days ago replies      
You've got to love their name: "Innovation Works".
20
points by VladRussian 4 days ago replies      
my understanding may be wrong and whoever knows better please correct me if so. The copying in Chinese culture isn't a "vice of stealing", it is more like a "virtue of modesty and respect to the masters". I.e. taking a clean canvas and trying to paint something original is like an arrogant statement that one can come up with something better than using that canvas to make a good copy of a great work of a great master. And only when the one has perfected his skills and craft, it is appropriate to make original contribution, say add/modify a couple of details to the copy of the great work.
21
points by eneveu 4 days ago replies      
Bad Hackers Copy, Great Hackers Steal...? ( http://vimeo.com/4763707 )
22
points by tszming 4 days ago replies      
Idea for a weekend project: A social directory for copycat websites.
23
points by shareme 4 days ago replies      
One of the points missed by the HN knee-jerk crowd:

by Kai-FU funding knock off clones rather than investing in something new that takes VC money away from other potential successful startups in the startup scene in China.

24
points by sradnidge 4 days ago replies      
One wonders if the likes of Google and Microsoft employed Kai-Fu Lee so that he would be less inclined to fund / promote clones of their products in China.
25
points by happywolf 4 days ago replies      
MS Windows 'borrowed' alot from Mac's UI, and nowadays most smart phones are copying iPhone's concepts. I feel the hidden interest in this thread is more on Chinese/China bashing rather than intellectual property.
26
points by barista 4 days ago replies      
This guy was formerly at MSFT. The same guy who when quit, Ballmer threw a chair at him. Not sure if he was worth the chair now.

http://arstechnica.com/microsoft/news/2005/09/1106.ars

27
points by msy 4 days ago replies      
Well I'll certainly look at Sequoia a little differently now. The legality and there's ethicality, I look for both in business partners.
26
Insight From Dropbox: Failure Is Not The Worst Outcome, Mediocrity Is onstartups.com
185 points by yoseph 1 day ago   71 comments top 21
1
points by mixmax 1 day ago replies      
around 9 years ago I started a startup with three other guys. One of them left pretty quickly because he'd rather keep his daytime job, the three of us presed on. After around two years two of us thought that this particular startup wasn't worth pursuing, because it would never take off big-time. We'd basically missed our window of opportunity.

So we gave our shares to the last guy, and he's still running the company today - 9 years later. We've gone on to do other things, which are arguably more exciting, while he still sits around with two employees and tries to squeeze every penny out of the business while going nowhere.

Leaving was one of the best decisions I ever made. Leave or shut the company down if it enters a quagmire.

2
points by johnrob 1 day ago replies      
This post reminds me of Paul Buchheit's definition of startup advice:

Limited Life Experience + Overgeneralization = ADVICE

The argument posed by the author looks good so long as he selectively chooses his examples (dropbox in this case). There's far too much chaos in startups to ever know what the best possible outcome is, so a founder can never come to the proposed conclusion of mediocrity (in fact, there's so much gray area that any conclusion is really just a reflection of founder confidence).

3
points by shadowsun7 1 day ago replies      
There's something about this that makes me slightly uncomfortable. It seems to me that there's a very fine line between perseverance and mediocrity (probably the same fine line between self-belief and self-delusion). I can, for instance, think of a number of startups that 'languished in mediocrity' ... until they got acquired. Blogger and Gravatar, for instance.[1]

Has anyone a better measurement for knowing when it is mediocrity and when it is perseverance?

[1] Funnily enough, both acquisitions freed up the respective founders to do bigger, better things: Evan Williams to Twitter, and Tom Preston-Werner to Github.

4
points by RyanMcGreal 1 day ago replies      
The insight in slightly more detail:

> The reason mediocrity sucks more than failure is very simple: Failure lets you move on, mediocrity stalls you and keeps you from reaching your potential.

5
points by ivankirigin 1 day ago replies      
I definitely don't regret shutting down Tipjoy. I think about opportunity cost a lot, and the cost of not shutting down was huge.

This comment is somewhat ironic because I'm with Dropbox now. It really is a great company.

6
points by revorad 1 day ago replies      
I think the real insight here is that Dropbox solved an unsexy fundamental problem in a huge market. Dropbox is actually exactly what Drew's original YC application said it would be. (Aside: not all initial ideas suck. Some are good and just take a lot of work to execute).

If Drew had carried on working on the test prep idea, it would have probably grown into something bigger within the broader education market, which seems to be popular with a lot of startups now.

To achieve huge success with Accolade, the product would have to expand out into new areas, unlike Dropbox, where the basic product itself caters to a huge market.

7
points by Rexxar 1 day ago replies      
That remembers me the history of Angry Birds creators: Should they have stop after 6 years without a huge success ?

http://thestartupfoundry.com/2011/03/11/angry-birds-overnigh...

http://news.ycombinator.com/item?id=2314532

8
points by paraschopra 1 day ago replies      
What's wrong with running a business indefinitely with modest growth? There are tens and thousands of small businesses all over the world that survive for years and years and their owners genuinely enjoy running them.
9
points by dean 1 day ago replies      
SAT preparation may be a "Super-competitive category, and it was going to be hard to differentiate." But you could say the same thing about online storage. I guess differentiating, and building something special, comes down to the ability and creativity of the entrepreneur, and knowing yourself enough to know whether you've hit a dead end or not.
10
points by sayemm 13 hours ago replies      
I agree with this. In retrospect, I'm so glad I failed because of the time it saved me. The only thing worse than a failed startup is a funded failed startup, because the latter takes up 4+ years of your life, which is why it's interesting reading about Drew's exp with the SAT prep idea. Failure is totally worth it so long as you learned from those golden mistakes and are improving yourself to give yourself an edge the next time around.

I think the worst startup founders are the ones who go from one idea to the next without really thinking about what went wrong or what they need to do differently in order to improve their chances of winning. They think mere repetition is going to make them lucky.

Conversely, I think the best startup founders are the ones who are persevering and determined enough to not stop taking chances, but they're also continually investing more time in training and improving themselves to get an edge. Failure for them is a great learning experience. Max Levchin had four failed ventures before PayPal.

11
points by makmanalp 1 day ago replies      
This seems to go along with the "fail fast" philosophy that has been so popular recently.
12
points by maxxxxx 1 day ago replies      
I think that's fine if you spend other people's money. For boot strapped I'll always go for mediocre instead of failure.
13
points by presidentender 1 day ago replies      
Mediocrity is not only a worse-case in startups. A 'comfortable' standard of living, a 'comfortable' desk job which pays the bills and doesn't encourage much development... that's the worst.
14
points by bherms 1 day ago replies      
I understand the glamor of writing posts like this -- Yeah! Look at us (or them). We/they don't even care about money. It's all about building something incredible...

You won't often find these types of posts from people or about people who aren't wildly successful already.

15
points by dr_ 1 day ago replies      
The article fails to mention that the online storage space itself was considered quite competitive at the time. Yet Drew Houston was able to pull it off.
It's a bigger space than SAT prep, but given the right entrepreneur, either could have been successful.

Chris Dixon had thoughts on this in an earlier posting:
http://cdixon.posterous.com/dropbox-and-why-you-should-inves...

16
points by krschultz 1 day ago replies      
Competitive yes, but Dropbox has great differentiation. Maybe the concept for differentiating in the original startup wasn't as good.
17
points by mhartl 1 day ago replies      
Stories like this underscore the caveats to the idea that determination is the most important (controllable) factor in startup success. I think it is, but the right strategy is often to abandon a bad or mediocre company to focus on one that can be great. Don't fall into the trap of determination for determination's sake.
18
points by brlewis 1 day ago replies      
Dharmesh, are you saying it would be a bad thing to have a world with many profitable startups much smaller than Dropbox?
19
points by kenjackson 1 day ago replies      
I think Rovio might disagree. Google might also.
20
points by websitedesigner 1 day ago replies      
Thanks for the article it's given me a bit to think about. I've been running a web design business for 5 years and I would say it's well and truly stuck in that word you used. But it's hard to know whether you are the smart + entrepreneurial type or just a small business operator and it's hard to know what else to do as well. Thanks for the post though it's food for thought
21
points by ra 17 hours ago replies      
Have you heard of Kickstarter?

Check out what these guys did, and follow the link to their product: http://siegetoys.com/post/4743188690/con-que-con-lasers-or-h...

27
In the UK? Strange browser behaviour? You might be being IWF'd. grimboy.co.uk
178 points by iuguy 2 days ago   46 comments top 14
1
points by mattmanser 2 days ago replies      
This actually took down editing rights for wikipedia for virtually the whole of the UK a year back or so. For wikipedia the whole of the UK looked like it was coming from 6 IP addresses.

Turns out that they'd blacklisted an album cover for having a naked 14 year girl on it, so everyone going to wikipedia got shunted through the system, which makes it appear as if everyone's coming from a handful of IP addresses. Ironically the 70s album cover wasn't censored in the UK when it originally came out.

I can't remember all the details now, I'm paraphrasing a story told by Glyn Wintle from the Open Rights Group[1]. I saw him at a Notts Tuesday event[2], good speech, a whole lot more insidious things going on than you realise.

In the UK the Open Rights Group are the people you need to support/get involved with to help keep things like this in check!

[1]http://www.openrightsgroup.org/
[2]http://notttuesday.com/2010/07/05/tuesday-13th-july-keeping-...

2
points by JonnieCache 2 days ago replies      
Transparant HTTP proxying by your ISP isn't all bad. Back when Virgin was NTL, if you didn't pay your bill, instead of cutting you off at the exchange they would just put in place a proxy rule that redirected all HTTP requests to a page telling you to pay.

Some broke friends of mine noticed that their already downloaded torrents still worked. Obviously, all non HTTP traffic worked just fine. They took to going to the pub at the end of the road, grabbing .torrent files and downloading them at home. Pretty resourceful. I considered hooking them up with a SOCKS proxy but never did.

3
points by joshu 2 days ago replies      
Once, delicious was very briefly on the block list. They quickly realized that it didn't host images and unblocked it.

Buuuuut:

Virgin and NTL blocked it for YEARS afterwards. It was a nightmare getting it unblocked. I eventually had to reach out to a friend that knew Branson to get a high enough level connection.

Government blunt weapons plus corporate disinterest are in aggregate bad for everyone.

4
points by JonnieCache 2 days ago replies      

    $ curl -I filesonic.com

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 17 Apr 2011 12:21:29 GMT
Content-Type: text/html
Location: http://www.filesonic.com/
Age: 0
Via: HTTP/1.1 webcache1-know.server.virginmedia.net (Traffic-Server/5.7.0-59705 [cMs f ])

Note that I can still download from those site at will. It doesnt look like they're actually blocking anything. I'm on the 10mbit service, which is on a different network to the 50mbit+ plans.

Virgin have stiffed me before with deep packet inspection, but this one is new to me. Time to persuade my new housemates that changing to DSL is a good idea...

Or figure some more elegant way around it. Any ideas? Hooking up openDNS at the router level is on my list, but I doubt that will help.

5
points by donohoe 2 days ago replies      
Great. They're not just censoring the Internet (poorly), they're also breaking it too. Fantastic.
6
points by petercooper 2 days ago replies      
And transparent proxies being what they are, even when you're accessing legitimate content, you can end up with bizarre failures since cookies aren't working properly. Get quite a lot of "you don't have cookies enabled" errors from file transfer sites which don't occur through non-UK VPNs.

Shoddy transparent proxying and traffic shaping isn't anything new in the UK though. For the past couple of years I've frequently had Google go "down" for blocks of 5-10 minutes several times each week, yet through VPN it's fine. If you want a reliable connection at home in this country, it seems you need to just be permanently hooked up to a VPN located somewhere else.

7
points by ugh 2 days ago replies      
Wow. I didn't know that the UK has a censorship infrastructure.
8
points by cabalamat 2 days ago replies      
Someone needs to set up an Internet Watch Foundation Watch Foundation.
9
points by tgandrews 2 days ago replies      
Looking at the IWF website. Only child porn is within their remit. This seems a little crazy breaking parts of the web and effectively assuming everyone visiting a file sharing site is a paedophile.

http://www.iwf.org.uk/hotline/the-laws

10
points by udp 2 days ago replies      
Yep, my connection is "IWF'd"... I had no idea this kind of thing was going on. At least when they block a website in China they block it with a clear message instead of just silently breaking its functionality.
11
points by wzdd 2 days ago replies      
I used to live in Australia, at a time when most .au ISPs did not censor the Internet. However, transparent proxying was fairly common among ISPs anyway, because it saved them money. I suspect that might be what's happening here (though I guess the cost savings are higher when you do it in Australia, because data charges to Australia are ridiculous).

If the ISPs just wanted to implement IWF censorship, they could do it less invasively by using packet inspection.

12
points by vabole 2 days ago replies      
One thing that annoyed me a lot while I was living in China was the extensive censorship of the internet. Seeing the same amount of censorship in the western countries is even more unsettling.
The only difference is in the definition of the illegal content used .
13
points by tobylane 2 days ago replies      
Damn that's annoying. They are actually quite good in their package, I shall list the options from memory (ignoring what doesn't apply or is just plain out of mind).

Sky - Broadband, phone, TV. Requires you to pay a Murdoch (hard pill to swallow for one parent)

Virgin - Cable (internet on different unshared fiber), phone, tv. Requires acceptance of this article. (Tbh not too fussed)

BT - Broadband and calls. TV package is an expensive joke. Call centre is shit/Indian (quality of the line and training, not racism)

Talktalk - Broadband and calls. Even worse call centers. My parents are afraid to leave them now...

Anyway, I believe I'm wrong somewhere, I wish I was wrong in more places (everything negative).

14
points by AndyJPartridge 2 days ago replies      
I'm on a Virgin Media 50MB connection, and filesonic.com is blocked for me.
28
A death sentence for a young Chinese businesswoman chills entrepreneurs economist.com
167 points by kungfooey 4 days ago   70 comments top 11
1
points by gatsby 4 days ago replies      
This Economist article paints a very different picture from the article below:

http://www.chinadaily.com.cn/china/2009-12/18/content_920158...

Businesswoman gets death sentence for defrauding investors out of tens of millions of dollars vs. Businesswoman gets death sentence for fundraising

2
points by bilbo0s 4 days ago replies      
I don't know.

80% returns?

Really?

She was able to get 80% returns?

GUARANTEED?

This lady kind of sounds like a potential Madoff who got caught early.

Yes, she may be totally innocent. That is one of many possibilities. Having mentioned that... man...

80%?

guaranteed?

Trading Futures?

Maybe the punishment is a bit harsh, but it really does seem she was not totally on the up and up.

And secondly, what kind of a person gives their money to someone promising 80% returns risk-free? Who did she raise this money from?

I mean let's say you're listening to a financial services guy give a pitch over Evian and roasted sweet potatoes with cumin. Right. He says, "I'll get you 80% yearly on your money! Guaranteed! Risk-free!"

Well at that point you and I probably look at each other, and just leave. Who would believe that?

3
points by protomyth 4 days ago replies      
Does this mean angel investing is illegal in China. I am not sure what "raising and pooling money outside the official system" really means.
4
points by rbanffy 3 days ago replies      
What strikes me as odd is that she pleaded guilty and helped broaden the investigations and still got a death penalty. This pretty much removes any incentive for a guilty plea and for helping an investigation.

I think it's fairly reasonable to consider whether she is facing capital punishment for financial fraud or for having helped broaden the investigation in the wrong direction.

5
points by aptsurdist 3 days ago replies      
This is horrifying and I don't even know where to start examining the problem. Firstly, how do we trust any news source on a case like this when the press is controlled by the accuser? Second, even if the sentence is 'legally correct,' when does the threat of a human rights violation become too important to ignore - should countries be pressured to abolish death sentences (at least) for non-violent crimes? Even if the death penalty is the 'official' punishment to fit the crime, certainly it's a big problem if the actual delivery of that sentence is relegated to a minority of cases in which the government is motivated to prosecute. Of course selective prosecution is a problem with any legal system, but when the sentence is death it is all the more important to monitor cases through a transparent system. It doesn't seem that this kind of transparency is in place.
http://www.cbsnews.com/stories/2010/08/23/business/main67982... see: "...the judicial system is overly secretive in deciding on death penalty cases."
http://www.time.com/time/world/article/0,8599,2014070,00.htm... see: "...opaqueness of its legal system."
6
points by PakG1 3 days ago replies      
Ultimately, she was convicted of “illegal fund-raising” for, the court concluded, raising 773m yuan from illicit sources.

What does this MEAN, I wonder? Money laundering? Or?

7
points by cheez 3 days ago replies      
Hey guys, try and follow the laws of the country in which you live.

Even if you think it's unjust, you can't change it if you're dead.

8
points by pan69 4 days ago replies      
China. So close, yet so far away.
9
points by lisperforlife 3 days ago replies      
Please correct me if I am wrong. Basically she is dying because she defrauded a bunch of rich dudes and created employment opportunities. The rich dudes are pissed and so she is now facing a death sentence? This is pretty screwed.

Sending her to jail is one thing but death sentence. That is just idiotic.

10
points by BasDirks 3 days ago replies      
Barbaria.

Edit: I shouldn't attempt irony on the interwebz. Barbaria was said with a wink at history.

11
points by jrockway 3 days ago replies      
Wow, and just when I thought death for mass murderers was a bit too cruel...
29
Git can't be made consistent bramcohen.livejournal.com
164 points by mark_h 2 days ago   35 comments top 9
1
points by decklin 1 day ago replies      
Another interesting case: http://www.kernel.org/pub/software/scm/git/docs/howto/revert...

I'm not sure if the "forget whatever happened" metaphor works for me. In the "revert a revert" article above, the problem is that merging a topic branch doesn't cause the first few commits on it to be applied if those commits were already merged but then reverted -- the revert has no effect on the merge. This is precisely because every commit object, since it includes it's parent's sha1, uniquely determines a history of changes, and commits in that are in both ancestries don't get re-applied.

In Bram's example, you have the opposite problem -- two commits are semantically the same but were made independently and have different sha1s. If Linus were drawing this diagram he would label them B and B' (and so on... there's a lot). To git, B' is totally different so a merge applies the change "again". If the other person had noticed this and reset their branch to the first B, the merge would be a fast-forward.

IMHO, the Don't Do That should apply to creating those commits (by cherry-picking, or not rebasing duplicated work) rather than merging. Not because such commits are morally wrong or something like that, but because git intentionally ("the stupid content tracker") doesn't handle them well. That's the tradeoff of the nice object model.

Our git workflow at my job is pretty messy and does run into this sort of stuff. I'd love something just a little more darcs-y, like say grafting together the two branches in the second example that arrive at the same content (without having to manage a local grafts file separate from the repository), but that opens many other cans of worms that I'm sure I'm not intelligent enough to deal with.

2
points by riffraff 1 day ago replies      
>I have a little secret for you: Git can't be made to have eventual consistency

David Roundy, the initial author of darcs, seems to disagree on this. From https://github.com/droundy/iolaus :
> I realized that the semantics of git are actually not nearly so far from those of darcs as I had previously thought. In particular, if we view each commit as describing a patch in its "primitive context" (to use darcs-speak), then there is basically a one-to-one mapping from darcs' semantics to a git repository.

3
points by jarin 2 days ago replies      
In short: Don't be a dummy and expect git to be some kind of advanced artificial intelligence.
4
points by dons 2 days ago replies      
Note that darcs implements the "expected" or "naive" semantics, at the cost of edge cases that have exponential time (rather than going ahead with unflagged inconsistent merges).
5
points by someisaac 1 day ago replies      
I am surprised to see this post from bram cohen, as he himself had a heated argument with linus torvalds on git design.

http://www.gelato.unsw.edu.au/archives/git/0504/2153.html
http://news.ycombinator.com/item?id=505876

6
points by Matt_Rose 2 days ago replies      
Nice to see Bram Cohen coming to the same conclusion I did. Having two branches constantly cross-merging is a bad idea, no matter what SCM you use.
7
points by codex 1 day ago replies      
I stopped reading after the first sentence. The author takes some liberties with the definition of "eventual consistency.". Either he doesn't know what it means, or he likes to demolish terms which used to be defined precisely.
8
points by closedbracket 1 day ago replies      
Mr. Joy is a really ironic name.
9
points by mrwhy2k 1 day ago replies      
Holy crap... someone still uses LiveJournal as their blog.
       cached 20 April 2011 04:11:01 GMT