hacker news with inline top comments    .. more ..    5 Jul 2011 Best
home   ask   best   8 years ago   
Robert Morris, Pioneer in Computer Security, Dies at 78 nytimes.com
578 points by yagibear  5 days ago   45 comments top 34
jgrahamc 4 days ago 0 replies      
What sad news.

When I was doing my doctorate in security I used to attend or give papers at the IEEE Computer Security Foundations Workshop (http://www.ieee-security.org/CSFWweb/) which was held in a lovely old hotel in Franconia, NH. This was a really small gathering of people deeply involved the theory of securing computers.

Bob Morris and his wife Anne used to attend each year. It was unusual for people to bring their loved ones to this gathering and having the two of them there gave a certain holiday like atmosphere to the whole affair.

He was a gentleman and very kind to me as a young graduate student and I remember well playing games in the hotel grounds with him and Anne. At the time he was Chief Scientist at the NSA and the Rainbow books had been produced under his gaze. But he was humble, approachable and helpful.

Condolences to rtm.

jacquesm 4 days ago 1 reply      
Until I read the age at the end of the title I thought it was the younger RM that had died, esp. with the black band at the top of HN.

What a pity, that's sad news to wake up to.

Condolences to Robert.


IdeaHamster 4 days ago 0 replies      
Condolences to rtm and family.

It's a poignant reminder of just how young our field is that we are mourning the loss of some true early pioneers. Imagine if you were a physicist just learning of the passing of Newton? It's also a reminder to value the experience and wisdom of those who are still here with us...

alex1 4 days ago 0 replies      
For those who don't know, this is rtm's (YC partner Robert T. Morris) father. My condolences to him.
jcr 4 days ago 0 replies      

I don't know what to say. I'm just one of many strangers who knew of
your dad, and appreciated his work, but never had the pleasure of
actually meeting him. I'm sure there are a lot of strangers like me who
feel uncomfortable saying anything more than offering condolences but
also feel offering condolences is not enough. We wish there was more we
could do. I hope by stating this difficulty for strangers, you are
reminded of how amazingly lucky and blessed you are to have known him.
You will always remember your loss, but it equally important to also
remember your luck. I hope the warm thought of counting your blessings
will help you and your family through the troubled times.

mapgrep 4 days ago 0 replies      
Over on Slashdot is "a story I've kept secret for 30 years" about Robert Morris harvesting logins at Bell Labs. http://it.slashdot.org/comments.pl?sid=2285212&cid=36628...
tptacek 4 days ago 0 replies      
A giant. Condolences.
pama 4 days ago 1 reply      
Condolences to rtm and the rest of his family. Here is a link to one of the nicest stories about Robert Morris, written by Dennis Ritchie, his friend and former colleague:


squinn2 4 days ago 4 replies      
Cliff Stoll has a nice account of meeting Robert Morris at the NSA in chapter 45 of "The Cuckoo's Egg".


rdl 4 days ago 0 replies      
I was fortunate to meet rtm a couple months ago; a very nice (and smart, insightful, etc.) guy. My condolences on the loss of his father.
pstack 4 days ago 0 replies      
It's important to pause now and then to recall what a glorious time we live in, where we are alive at the same moment as so many other great human beings. Some in technology. Some in humanitarian works. Some in music. Even if they're near the end of their time here, that you and I existed on this ball of rock at the same time they walked it is pretty fantastic.

My best to Mr. Morris and his family and friends.

bdhe 4 days ago 0 replies      
From wikipedia: Robert Morris was the author of crypt the UNIX encryption tool. ViM uses (to the best of my knowledge) crypt when called with -x.
ihodes 4 days ago 0 replies      
Condolences. The world is better for having had him, and worse for having lost him.
w1ntermute 4 days ago 0 replies      
I knew someone had died before I even started scanning the stories, because of the black bar up top.

My condolences to his family. He was quite an accomplished computer scientist.

ajju 4 days ago 0 replies      
Condolences to rtm.
staunch 4 days ago 0 replies      
Anyone would be lucky to live as full, productive, and long a life. Condolences to Rtm and his family.
mahrain 4 days ago 1 reply      
So that is what the black bar is about, I was afraid it was a childish pun on Google's redesign :-S and now I feel bad for thinking that.
astine 4 days ago 0 replies      
My condolences to the man and those he was close to. I hope he died comfortably and untroubled.
funcall 4 days ago 0 replies      
RTM and his controversial (for that time) Internet worm were key influences during my early years with computers and computer networks. My condolences to him and the rest of the Morris family.
kylemaxwell 4 days ago 0 replies      
I feel terrible that I think of his son first every time I see something about him. May he rest in peace.
rbanffy 4 days ago 0 replies      
I don't think anything I write can relieve rtm and his family's pain now. All I can hope is they take comfort in the thought that the pain will fade and what will remain are teh memories of an extraordinary man, and that nothing will take those away.
ericmsimons 4 days ago 0 replies      
My condolences also to rtm. I assume this is why the top bar of HN has a black border-top?
ldayley 4 days ago 0 replies      
This must explain the Black added to the HN top banner (or someone is spoofing Google+). Condolences, rtm.
sim0n 4 days ago 0 replies      
Sad news, my sincere condolences to rtm and his family.
revorad 4 days ago 0 replies      
Very sad news. Condolences to family and friends.
immortalbeast 4 days ago 0 replies      
RIP. Condolences to family and friends.
whirlycott1 4 days ago 0 replies      
Sorry to hear this sad news.
jwcacces 4 days ago 0 replies      
Side note, contrast: "Robert Morris, a cryptographer who helped develop the Unix computer operating system" with a 2001 picture of him with his hand on the mouse of a computer running Windows 3.1.
mindcrime 4 days ago 0 replies      
So sorry to hear this. RIP, Mr. Morris.
shailesh 4 days ago 0 replies      
Deeply saddened by the news. Condolences to RTM and family.
chunky1994 4 days ago 0 replies      
A great loss, he will be missed! Condolences to RTM and family.
tilt 4 days ago 0 replies      
My condolences
kl40d 4 days ago 0 replies      
My condolences.
jrubinovitz 4 days ago 1 reply      
RIP Robert Morris. Getting a question from you about my YCom application was one of the highlights of last year.
Google Reveals Its Stealth Social Project, Google+ mashable.com
520 points by bproper  6 days ago   337 comments top 59
cryptoz 6 days ago  replies      
From plus.google.com:

> Google+ is in limited Field Trial
Right now, we're testing with a small number of people, but it won't be long before the Google+ project is ready for everyone. Leave us your email address and we'll make sure you're the first to know when we're ready to invite more people.

WHY?! WHY are they doing this again? They did this with Wave. Google, you cannot launch a social network while explicitly disallowing social networking! This is so frustrating.

kristiandupont 6 days ago  replies      
This is exciting and all -- and much as I would love to see a serious competitor to Facebook, I still don't know how I would convince any of my non-techie friends that they should switch to this.

Circles? Actually I think that many people like the idea of their posts are being read by as many people as possible and not just the ones with similar interests. Although it looks like a big discussion group, the news feed is really a giant personality-defining display for vain people. I saw a programmer friend post annoyance over some Android API today and I suspect that this was more than just a spontaneous exclamation -- he was communicating that he is smart (to non-techies) and that he is "cutting edge" (to fellow programmers).

Privacy? I have the feeling that most really don't care very much. But ironically, I think the privacy-thing could actually work in facebook's favor. Here is why: I use fb a lot even though I don't like their privacy policies. I trust google more than facebook. Still, it bothers me when it says "logged in" in the google bar at the top because google watches my searches. When I am on facebook I behave like I am in public. I don't hope for the best and write secret stuff anywhere. But with all the google searches I make through a day, I am giving google a lot of very personal information that I would not like anyone to see. I would hate to see something that I was searching for somehow show up in a stream for my friends to see because I accidentally clicked a +1 button or similar.

Finally, there is the fact that even if I can export my graph from fb to g+, it's worthless until my friends do the same. And I just don't see that happening before they come up with some truly ground breaking feature that will allow me to get laid with any friend I choose by clicking on their picture :-)

scarmig 6 days ago 1 reply      
I'm playing around with the trial. Some thoughts:

1) Extremely slick interface. Facebook beat MySpace in part because it was relatively clean; Google+ wins here by a mile. That reason alone makes me root for it.

2) It's Google's umpteenth foray into the social arena, so naturally most people are comparing it to Facebook. But its use cases strike me as being more comparable to Twitter than FB.

3) People can be categorized into contexts and multiple contexts. This is the killer feature. I find myself wanting to just eliminate the "Friends" circle wholesale and just have a different circle for each cluster in my social network.

4) I might be misunderstanding how sharing/the feed works. But, if someone is in any circle and you are viewing that circle's stream, I think you see whatever they share. I'd like something finer-grained than that. I have one friend who I both bike with and play board games with. If we get into a conversation about a ride on a weekend, doesn't the model inherently mean what I see in the board game stream gets polluted with the bike conversation?

dfield 6 days ago 5 replies      
(cross posted from http://news.ycombinator.com/item?id=2706219)

I'm very excited to try this out. Context (AKA "Circles") is the biggest feature Facebook still hasn't gotten right. By mirroring the way we think about our social graph in real life, Google is making a huge step toward converging Online and Offline identity. It will be very interesting to see how Facebook responds to this... they might finally have a competitor.

tomkarlo 6 days ago 0 replies      
Seems like they're trying to avoid the "NYT problem" - the minute they open a new product, the NYT and other pubs write it up, everyone floods it and sees if they like it... gives them no ability to tweak / improve the service iteratively with real life users (which is so important for social services, where alternative agendas are a huge issue) before the world rushes in. So I think a limited-access launch is totally understandable, if a bit frustrating for those of us who expect we should be able to see everything on day one.
simonw 6 days ago 3 replies      
Oops... you need a Google profile to use this feature.
Google Profiles is not available for your organization.

Grr. Google /really/ need to fix their authentication scheme.

cskau 6 days ago 4 replies      
This thing is pretty neat though:
ernestipark 6 days ago 2 replies      
The hangouts feature seems like a big win to me. Group video chats in the browser from someone like Google can really change things.
nhebb 6 days ago 0 replies      
There are different kinds of media coverage in SV. There's the excited, this is cool buzz, and then there's the look what big player X is doing sort of coverage. This feels like the latter. People are talking about this, but I don't get the sense that anyone is pumped up about it.
ChuckMcM 6 days ago 1 reply      
This is a solid move on Google's part. Not half-baked like Wave was. Its more evolutionary than revolutionary but it makes the 'package' of Google services a bit more valuable as well.

It will be interested to see if this impacts the IPO plans of Facebook. This does seem to be a direct assault on their home turf.

201studio 6 days ago 5 replies      
I think this has huge potential. The problem with Facebook, at least for me, is that I have a ton of friends that post pointless shit. < 10% Is stuff and people I actually care about.

Now with features like Circles I can put my REAL friends in one circle, family in another, and all the noise and acquaintances(networking etc.) in a spam filter circle.

This is going to be awesome.

Roritharr 6 days ago 3 replies      
The Url below the keep me posted link on plus.google.com is:


I really would love to know what the FB stands for.

Klonoar 6 days ago 1 reply      
The HTML5 system allows users to drag-and-drop their friends into different social circles for friends, family, classmates, co-workers and other custom groups.

That "HTML5" there is simply for buzz effect. Seriously, come on already...

jcampbell1 6 days ago 1 reply      
I am quite impressed, but one thing that is severely broken is the number of duplicate names in the list. Basically if a person has two email addresses, then they show up twice. This would not be a big deal, but the email addresses are hidden, and it is impossible to tell which is an old/work email address rather than a personal one. I hope this is fixed soon.
nostromo 6 days ago 5 replies      
What I'd like to know is if I can use Facebook Connect to port my graph over (doubt Facebook would allow this) -- or if this means starting from scratch yet again.
selectnull 6 days ago 0 replies      
As usual, Google Apps users, are left behind once again. I really don't understand why Google will not once and for all unify google accounts and google apps accounts.

Supposedly they already did that, and yes I did the "merge the accounts dance", and still, no Profiles for me, and therefore, no +1 and no Google+.

Google, I'm paying for my google apps. I don't want to have another free account just to play with your new features (and I really hope this is not going Buzz way... which I also never saw in my gmail...)

beck5 6 days ago 4 replies      
Circles is very interesting, its could solve a work/life/parents social battle I fight, however the demo only allows you to add a person to one circle, I hope this is just a demo limitation, as my sister is also my 'friend'.
bryze 6 days ago 2 replies      
Perhaps this will make facebook better. Competition can often improve product quality. For google this might, however, turn out the same way that Microsoft's grab for web applications is going. First to market is hard to break.
mikk0j 6 days ago 1 reply      
Can't even click +1. Gives me the error "Oops... you need a Google profile to use this feature. Google Profiles is not available for your organization." since I am logged into a Google Apps account. Google itself force-merged my personal account into the Apps account, so there's an indication of how well they get 'social' in people's lives. And yes I worked there for many years.
mikemaccana 6 days ago 2 replies      
Android app is on the market. Note it eats 8MB of phone memory and can't be moved to SD.
crizCraig 6 days ago 0 replies      
David Winer's sentiments hit home for me. Google is too big to organically build a social network.


However, this poll would suggest people think otherwise:

fedd 6 days ago 4 replies      
too complex to use may affect usage negatively. too many features is not always good. trying to mimic real live brings the complexities of real life to the web.

check this:

"With Hangouts, the unplanned meet-up comes to the web for the first time. Let specific buddies (or entire circles) know you're hanging out and then see who drops by for a face-to-face-to-face chat. Until teleportation arrives, it's the next best thing."

imagine a jerk that noone loves intruding all the hangouts. but everybody too polite/dependant to unfriend

uast23 6 days ago 0 replies      
The most urgent thing I needed on Facebook - "Circles makes it easy to put your friends from Saturday night in one circle, your parents in another, and your boss in a circle by himself - just like real life"

Might just call it a better version.

SonicSoul 6 days ago 1 reply      
heh.. somewhat ironically, minutes prior seeing this post I noticed the "+1" next to every search result. after exploring it told me that my "+1" will be used all over the web including ads. (am assuming this is part of Google+)

I immediately searched for a way to turn it off.

eneveu 4 days ago 0 replies      
PROTIP to invite your friends:

Post something in your "feed", and "target" them, entering their email address. They will receive an email telling them about your post. When clicking the link to view the post, they will be prompted to register.

This worked flawlessly for all my friends.

joejohnson 6 days ago 0 replies      
Group video chat seems really cool. Now I just need to convince enough friends to use this too...
rakkhi 6 days ago 1 reply      
trobertson 6 days ago 1 reply      
For those of you with an Android device, there's an app called "Google+" on the Market right now. I can't say if there's an app for iOS, WP7, etc.

You can install the app without an invite, but cannot use it.

EDIT: The "Learn More" button in the app cycles you back to the "You need an invitation" message box. So the app itself is completely pointless if you haven't received an invitation.

xedarius 5 days ago 0 replies      
I feel like Facebook was a trial, and we all learnt a lot about social networking, we've all made mistakes and it would be nice to re-create your network with hinessight from scratch. This is perfect timing by Google, with Facebook on the edge of an IPO and people largely disillusioned by their service. As long as they 100% lock down the privacy options, get that wrong and it's a waste of time.
dendory 6 days ago 0 replies      
I dislike Facebook like anybody, but this will not take off any more than Buzz or Wave I'm afraid. This will be that side thing that people may or may not notice when they search. This isn't the site people will flock to when they wake up to see what their friends have been doing.
vanchi 6 days ago 1 reply      
Circles would make great sense if we can push some circles into other circles. Close friends into friends and friends into general connections.
alienreborn 6 days ago 0 replies      
I think Google's unending efforts to enter social networking space might become successful this time. Big hurrah to circles and hangouts!
beck5 6 days ago 4 replies      
Do people trust Google more than Facebook? and could that be a factor in adoption? My gut says probably not to both questions.
damonpace 6 days ago 0 replies      
It seems everything is based off the grouping "Circles" aspect. Which if they get it right it will be a home run for the rest of the projects they build off of it. I personally find the Huddle feature the most valuable. This is something I've wanted for a long time, but no one has built...except for GroupMe. Which I'm not a huge fan of.
meow 6 days ago 0 replies      
Their group chat is called Huddle. I think this will have a negative impact on project management startup huddle (www.huddle.com).
richcollins 6 days ago 1 reply      
One of the nice things about the product is its whimsical nature " a puff of smoke and a -1 animation appears when you remove a friend, and when you remove a social circle, it rolls away off the screen.

Where do I sign up???

nkeating 6 days ago 0 replies      
Have been waiting for the day when I can share information that is relevant to the portion of my friends that know or actually care what Im talking about... How has facebook not integrated this before (other than going into privacy settings each and every time)?
tilt 6 days ago 0 replies      
Nice to see this, it feels like they got it
davorak 6 days ago 0 replies      
I like the idea of Google Takeout allowing you to download all of your data easily from:

Picasa Web albums and photos
Your Google profile
Google Buzz
Google Contacts

That alone would make me switch to circles.

kingkawn 5 days ago 0 replies      
Wave looked pretty cool when it was revealed too.
Wilya 6 days ago 0 replies      
"Your Browser is no longer supported." (from plus.google.com)

Well, okay. I'll live without you, Google+.
(Running Seamonkey 2.0.14, which advertises Gecko/20110430. Out of date since.. 3 weeks.)

sinaiman 6 days ago 1 reply      
The problem with Facebook is that your network is too small and constricted, people want to expand and reach many many people, not stay limited within their circle. Think about it, you already talk to most of the people who are your closest friends in real life via phone and chat. You don't need yet another way to contact them. They should have taken the opportunity to bring down the barriers of the closed social graph.

Instead Google makes another Facebook with a different UI. It looks like a cleaner Myspace that will be embraced by a small set of techy users. No way will this ever be cool.

xbryanx 6 days ago 0 replies      
Group video chat alone will suck me in.
nrbafna 6 days ago 0 replies      
works or fails, the UI definitely looks good.
jarodlam 6 days ago 0 replies      
The mobile app I saw a couple of months ago was pretty slick. I hope they've made good progress on that too.
davorak 6 days ago 0 replies      
After reading an article or two on Google+ I searched out the support pages and found them much more informative so I thought I would share.


zachperret 6 days ago 1 reply      
Did anybody notice that you can workaround needing an invite by clicking "Take the Tour" and then "Join the Project" on their demo website?


ignifero 6 days ago 1 reply      
Anybody knows about 3rd party apps? Sure uncle Google has considered us developers ...
EGreg 6 days ago 0 replies      
This is going to kick off a new era in social networking, which we all will be a part of :)
olalonde 5 days ago 0 replies      
Might be the end for Rapportive?
jsilence 6 days ago 0 replies      
Are they going to support open protocols for DiSo?
Salmon, OAuth, Activity Streams, FOAF and such?
They support XMPP with Google Talk and gave Jabber a big push by doing so.


marcamillion 6 days ago 0 replies      
I would love to see a live cam feed inside Facebook today.

That would be interesting.

generators 5 days ago 0 replies      
I can not see intersection of circles!! i.e. one person in multiple circles. :O how can they miss that ?
foysavas 6 days ago 0 replies      
YAWN - Yet Another Way to do Nothing

BTW, thanks for giving up on Google Health. This is way better.

cdcarter 6 days ago 0 replies      
So...iPhone app?
gcb 6 days ago 0 replies      
Who's Melissa?
dgregd 6 days ago 0 replies      
what a terrible name. "plus" what does this mean for ordinary people.
yawn 6 days ago 1 reply      
Doesn't Google already know enough about us and our habits already?
Hisoka 6 days ago 0 replies      
Noone will care, and noone will use it. If it won't help you get laid, or boost your ego, it'll be useless. We human beings are not rational.
Testing Benford's Law testingbenfordslaw.com
531 points by brycethornton  7 days ago   88 comments top 31
jgrahamc 7 days ago 3 replies      
Other fun I've had with Benford's Law.

1. Spotting odd things in MPs' expenses: http://blog.jgc.org/2009/06/its-probably-worth-testing-mps.h...

2. Spotting odd things in BBC executives' expenses: http://blog.jgc.org/2009/06/running-numbers-on-bbc-executive...

3. The Iranian election: http://blog.jgc.org/2009/06/benfords-law-and-iranian-electio...

4. New Age mumbo jumbo: http://www.jgc.org/blog/2008/02/any-sufficiently-simple-expl...

bluesmoon 7 days ago 3 replies      
I like the history section of the wikipedia article:

<blockquote>The discovery of this fact goes back to 1881, when the American astronomer Simon Newcomb noticed that in logarithm books, the earlier pages (which contained numbers that started with 1) were much more worn than the other pages.</blockquote>

Can you imagine the sense of observation and curiosity that would make someone look at a book of numbers and say, "I wonder why these pages are more worn than those ones."

gjm11 7 days ago 0 replies      
There's a nice discussion of this from Terry Tao (outrageously smart mathematician; has a Fields medal) at http://terrytao.wordpress.com/2009/07/03/benfords-law-zipfs-... which contains, e.g., the following nice observation: if X follows Benford's law and Y is any positive random variable independent of X, then XY also follows Benford's law. (Tao goes a bit further than this and thereby sheds some light on why many things approximately obey Benford's law.)

[EDITED to add: Discussed before on HN: http://news.ycombinator.com/item?id=687241. There have been quite a number of other discussions of Benford's law on HN, too.]

kia 7 days ago 1 reply      
This is interesting (from Wikipedia article on Benford's Law):

In the United States, evidence based on Benford's law is legally admissible in criminal cases at the federal, state, and local levels.

imurray 7 days ago 0 replies      
Searching reveals lots of previous discussion on Benford's law on here, so I won't give all the links. Of course, it's an interesting observation, so it's worth advertising every so often.

Here are some hacker-newsers testing files in their home directories:

polynomial 7 days ago 1 reply      
Benford's law only seems strange until you realise natural phenomena tend to express logarithmic functions while our commonly used system of counting counting and measuring is not.

It's still a bit of a brain f--- when you first encounter it. I found it easier to get using plotting tools, as opposed to aggregating lists of numbers and measurements.

seasoup 7 days ago 1 reply      
Seems to me that when you have a group of somethings that are constantly increasing in size it would be natural for the number 1 to come up in the first digit more often because in order to get to 2, you need to pass through 1 first and in order to get to 9 you need to pass 1,2,3,4,5,6,7,8 first. Therefore, you should get the distribution predicted by Benford's law. The way to test this theory, would be to run the numbers on values that are constantly decreasing. I'd expect the distribution would reverse itself.

If it proves itself true, then you could use it to test if a group of things is increasing or decreasing.

rflrob 7 days ago 1 reply      
My favorite explanation of it is that if there is a distribution to the numbers, then that distribution should hold no matter what base you're working in (for natural things, after all, there's nothing special about base 10), and Benfords law can be shown to be a) a law that satisfies this base-independent property, and b) the only law that does so.
breck 7 days ago 2 replies      
Imagine you threw a single stone into the desert and asked your friend to go find it. It would be hard. Now imagine you threw 2 stones into the desert and asked your friend to go find them. It is twice as hard to find both stones as it is to find 1 stone. Imagine you threw 3 stones. It is 3 times as hard to find all 3 stones as it is to find 1 stone.

Now imagine that numbers are built out of stones. To "build" a 1, you only need 1 stone. But to "build" a 2, you need 2 stones. Thus, if you wanted to write a 3, you would have to go in the desert and find 3 stones. It's 3x as hard, and so you'd expect people to "build" 1/3 as many 3's as 1's, 1/5 as many 5's as 1's, and so on. Just as you'd expect there to be a lot more single story buildings than skyscrapers. It's easier to build a single story building.

Thus, the distribution is exactly what you'd expect. While it doesn't actually take stones to build numbers, we don't write the number 3 unless we have 3 of something. Unless you are lying. Which is why this is a great method of detecting fraud.

UPDATE: What do I mean when I say "3 times as hard"?

Imagine the desert is a rectangle of 10 squares. Kind of like a mancala board or a ladder on the ground. You start by stepping in square 1, and to get to square 10 you have to step through each square.

If there is only 1 rock, what are the odds that you'll have to walk all 10 steps to find it? This is the same thing as asking what are the odds that this rock is in square 10. The answer is 1/10 or 10%.

Now, if there are 3 rocks, what are the odds that you'll have to step into all 10 squares? Well, what are the odds that there's a rock in the last square? 26.1%, or approximately 3x as hard. It's interesting that it's not exactly 3x as hard, it's 2.61x as hard. Which makes the data in the OP seem even more logical since you'd expect 30.8% 1's given 11.8% 3's--the 32.62% actual number is not that far off.

synnik 7 days ago 3 replies      
Why is this not common sense?

For the numbers 1-19, more than half of them start with 1.
For the numbers 1-199, more than half of them start with one.

Change the examples to 1-299, 1-399, etc, and you'll get percentages of all digits matching Benford's law.

scarmig 7 days ago 1 reply      
Whoah, check out the distribution of the leading digit in binary!
skrebbel 7 days ago 2 replies      
Cool stuff. However, something mostly entirely offtopic that I genuiunely wonder about: it seems everybody registers a .com just to make a HN post. What's the point of this? Why not post the same data on your blog?
EGreg 7 days ago 0 replies      
Benford's law makes a lot of sense if you consider that many of the numbers are derived from counting up from 0. The scale of these things is exponentially distributed, and therefore the leading digits are more likely to be 1 than 9. This is related to social media -- once your userbase gets big enough it starts growing or shrinking proportionally to its size, i.e. exponentially. This is also somewhat related to the value of a social network ... Metcalfe's law seems to be too optimistic. THe value is probably more like nlog n
dfan 7 days ago 3 replies      
As far as I can tell, "Most common iPhone passcodes" doesn't belong on this list, and I'm perplexed why it seems to follow the law. An iPhone numeric password (which I'm assuming it's referring to) is simply a 4-digit string, so all first digits should be equally probable, unless there's some psychological issue at work. Or are they discarding leading zeros for the purpose of this chart? I guess they must be (0 doesn't appear on the chart), but that's a weird thing to do to a password.
GregBuchholz 7 days ago 0 replies      
I always liked: "Explaining Benfords Law" (http://www.dspguide.com/CH34.PDF).
iambot 7 days ago 1 reply      
great site, awesome design, i love benfords law, first heard about it on WNYC's RadioLab (best podcast in the world ever, im not even kidding).
cycojesus 7 days ago 0 replies      
'Presenting Benford's law' would be a more fitting title.
Nicely presented, and intriguing law for sure but I can't help to think "and?" At this point it lacks a more user-friendly way to submit data-sets.
pragmatic 7 days ago 0 replies      
The text of the article is scrambled (Chrome 12, Windows 7 64 bit)
Havoc 7 days ago 0 replies      
>Imagine a large dataset, say something like a list of every country and its population.

How is that a large dataset? There aren't that many countries.

pkamb 7 days ago 0 replies      
This one is interesting:

I wonder what influence the 'spatial' properties of a number pad password has on this data. For example "5" gets a nice little spike... and "5" is the center key on the 10-key iPhone number pad. The "1" is still the winner by far, but I wonder how many of those are the easy-to-remember "1234".

paraschopra 7 days ago 0 replies      
I kind of feel that the initial data sets are selected just to reinforce the Benford's law. It seems too good to be true!
callenish 7 days ago 0 replies      
Perhaps you should let some of the open data citizen groups know about this so they can add more data. Also, if you haven't already then take a look at CKAN[1] for datasets to add.

[1] http://ckan.net/

kmod 7 days ago 1 reply      
"If a set of values were truly random, each leading digit would appear about 11% of the time"

This kind of mathematically unsophisticated reasoning is exactly why Benford's law is so surprising to people. If you think of what it means for a value to be "truly random", the result is not surprising at all.

jbreinlinger 7 days ago 0 replies      
It seems to me there's a lot of interesting psychology elements to this, but it's also a simple reflection of relatively constant growth rates. If population of cities grow 3% every year, they will spend a lot more years in the 1 millions than the 9 millions, etc

Chart looks like this. https://url.odesk.com/a7och

moheeb 7 days ago 0 replies      
Benford's Law seems like common sense to me.

Any time you are counting something it seems obvious to me that you'd have 1 more often than 2.

dfc 6 days ago 0 replies      
Does anyone else have trouble with the font on that page?
blakerobinson 7 days ago 0 replies      
Benford's Law has always been kind of fascinating to me.
cyberony 7 days ago 0 replies      
My first time hearing about this law (sadly) and I'm stumped! This is amazing!!
mmff 6 days ago 0 replies      
quasar 6 days ago 0 replies      
No black swan :P
TrueCrypt User Held in Contempt of Court truecrypt.org
482 points by dcevansiii  10 days ago   186 comments top 19
ChuckMcM 10 days ago  replies      
First, there isn't enough information to know what it is this person has (or has not) done.

Secondly, the fifth amendment of the US Constitution allows you to refuse to provide testimony which you feel may incriminate you. Generally encryption pass phrases do not count as testimony, the legal system treats them as keys. And that would be covered under the fourth amendment which says the government cannot compel to you to give access to your property for search unless they have probable cause.

If they do have probable cause, they get a warrant which gives them the power to do the search temporarily and only for what they think exists. So if you get a warrant to search your hard drive for something, you are compelled to give them the password just like you are compelled to let them into your house if they have a warrant to search for something like drugs or guns or counterfeit plush toys.

However sometimes the courts do see it as a fifth amendment issue [1] and that has been under debate for a while. (As far as I can tell the legal theory is similar to the police not being able to compel you to tell them where you left the body in a capital crime.)

Disclaimer I am not a lawyer this isn't legal advice, and I've not followed up the cited case to see if it made it to the supreme court or not. Any circuit level decision would not be binding on different circuits.

[1] http://news.cnet.com/8301-13578_3-9854034-38.html

Follow up on the Boucher case:

Where the fifth amendment defense was overturned.

jordanb 10 days ago 1 reply      
Depending on what's on the drive, obstruction of justice might carry a much less onerous penalty than what he'd otherwise be facing.

For instance, if it's child porn, he'd be labeled a sexual predator for life. If it's state secrets, he'd be facing treason and espionage charges. If it's mp3s.. financial ruin on top of the felony charge..

geuis 10 days ago 2 replies      
So basically we have a guy in jail who is claiming something and making a public appeal. However, we can find little or no independent information about his case. He provides little information about his case. Indeed, the jail site containing his photo says Charges Unknown.

Let's not jump to conclusions just yet. He was arrested on April 14th. Find out the full case history, what was said, what he's accused of, etc.

It's entirely reasonable to assist anyone who's rights are being violated. But keep that separate from what he's accused of.

burgerbrain 10 days ago 3 replies      
This is why you always have TrueCrypt use multiple volumes. This is exactly what plausible deniability is for.
Aloisius 10 days ago 7 replies      
I have encrypted files/volumes that I don't remember the password for (it has been far too long). Surely not remembering is a valid defense.
CWuestefeld 10 days ago  replies      
The author references a previous letter that describes what he's doing in jail. Can anyone find that?
mdonahoe 10 days ago 5 replies      
Until the 5th amendment and encryption issues get worked out, these drives should delete themselves upon unauthorized access.
brendoncrawford 10 days ago 0 replies      
Text of the article since the page is loading slowly...

  To anyone reading this thread-if you want a quicker response to your
comments or questions, send them to me at:

Matthew Bumgardner
Santa Rosa County Jail
P.O. Box 7129
Milton, FL 32572

Right now it takes about 3 weeks for a post on this forum to get to me,
receive an answer, then have the answer sent back to my sister so she can
post it here.

This is Matthew Bumgardner, the one in jail. I have given this note to my
sister so that it can be posted. Obviously I have no access to email, so this
is the best I can do. Eventually I will get a copy of the posts in this thread
and I will respond when I can. My sister should have already posted the letter
I wrote. Every word is true. There are a few things I would like to add. First,
this jail could generate some serious money for a decent civil rights attorney.
They are already being sued for their mail policy. Inmates can only write on
postcards. They can only send letters to attorneys, members of the media and public
officials. If you were in here and wanted to write a family member, all you could
send was a post card.

The jail also denies access to legal materials. Their policy states that
"inmates will be afforded reasonable access to the courts. This is accomplished
by way of your attorney or public defender." This is a joke, since some inmates
wait 6 months or moe to see their public defender. The policy goes on to state
that pro se inmates must obtain a court order granting them pro se status in
order to get access to the Law Library.

I am a pro se inmate. I have obtained a Court Order granting me pro status.
I have provided that document to the jail staff, and I am still being denied access.
I have filed a new motion requesting an Order to allow me access to the Law Library
and I have also written the judge. I am waiting to see what happens there. I also
ahe a problem getting copies made. When I give my documents to the person making copies,
I inform them that I need them returned immediately. The past two times it has taken
several days fro the copies to be made. This is intentional. Since I am a Federal
inmate the Government pays the jail or me to be here. They make decent money off of
so, so there is no incentive for them to assist in my release.

Although it may seem unnecessary to complain about the jail, it is actually important.
The US attorney and judge that put me here knew exactly what they were doing. They
figured that the constraints imposed by the jail would allow them to maintain their
secrecy. They are wrong. It certainly slows things down, but I will not remain
silent about this.

This issue is more important that you might realize. Right now, this US
Attorney and US District Judge think that holding people in contempt is the way to
deal with encryption. If you read this and still do nothing, then you are telling
them that they are right. You are telling tem that the 5th Amendment is no longer
needed, and that they can issue supoenas that compel acts which are oppressive,
unreasonable and not possible.

I am not asking for my own personal army to help fight this. If you think that
you are my army, you misunderstand this situation. I am your army in this battle.
If you use encryption, or any password protected file, then this issue affects you.
You could be thrown in jail and denied civil rights at the whim of the government.
I am fighting this battle on my own, and I am willing to continue to do so. The
outcome is going to possibly affect many more people. To me, it seems like more
people should be getting involved.

At the very least write the attorney and judge and tell them that what they did
was wrong. Tell them that True Crypt can use more than just a password. Tell them
that a password can be 64 characters long. Tell them they have no right to hold
someone in contempt for failing to produce documents they have never seen. Tell
them that the precedent in US vs. Hubbell and In Boucher II proves that they
are wrong.

The addresses are:

David L. Goldberg
Assistant U.S. Attorney
21 E. Garden Street, Suite 400
Pensacola, FL 32502

Lacey A. Collier
Sr. U.S. District Judge
United States Courthouse
One NOrth Palafax Street
Pensacola, FL 32502

If you don't have time to write a letter, at the very least please forward this
to everyone you now. E-mail it to any media outlet you can think of. If enough
people e-mail tis, a major media outlet might pick up the story.

The Government can only do this in secrecy. If more people know about this it
never would have happened.

Thanks i advance for any assistance you can provide.

ajays 9 days ago 0 replies      
Contempt of Court is a serious business. You can be jailed indefinitely for it. For example: this guy was jailed for 14 years because he couldn't (or wouldn't) turn over information about missing assets during his divorce: http://www.judicialaccountability.org/articles/7year.htm
AndyKelley 9 days ago 0 replies      
According to wikipedia, in order to prove contempt, the prosecutor must have:

  * Existence of a lawful order
* The contemnor's knowledge of the order
* The contemnor's ability to comply
* The contemnor's failure to comply

It seems to me that the prosecutor cannot prove the contemnor's ability to comply, in the case of a forgotten password.

ThaddeusQuay 10 days ago 1 reply      
This may be a hoax. There are only two occurrences of his name on PACER, and both are discharged bankruptcy cases. Also, the federal inmate locator (http://www.bop.gov/iloc2/LocateInmate.jsp) shows no one by that name.
coreyja 10 days ago 1 reply      
This may have been posted below as I did not read every comment but isn't impossible to prove that the file is a TrueCrypt volume to begin with? Couldn't you just claim it was a corrupt computer file that contained random data? How can they ask you for something that they have no proof even exists? There is no proof the file is a TrueCrypt volume so there is no way to prove there is even a password to find.
michael_dorfman 9 days ago 0 replies      
This is one of those stories where I wish we had a bat-signal to summon grellas.
dunmalg 10 days ago 1 reply      
"I changed the password every 3 days and never memorized it. Current password was on a post-it on my monitor. Did you guys lose the post-it?"

Simple as that, right? They can't compel you to remember information you never had in memory. It's probably too late, as he's likely admitted to remembering the password. Dumb move.

asciilifeform 7 days ago 0 replies      
"If you want a picture of the future, imagine a boot stamping on a human face " forever."
JacobIrwin 9 days ago 0 replies      
What is it with the long history treating inmates poorly in the south?

See: Cool Hand Luke

saalweachter 9 days ago 1 reply      
Just out of curiosity--

Does anyone know why it is important that a password can be more than 64 characters? Is he just saying "which makes it very hard to remember", or is there some legal significance to very long passwords?

mobiplayer 9 days ago 0 replies      
Another reason on why you need to hide your TrueCrypt volumes, too.
lukejduncan 10 days ago 1 reply      
How to Make Text Look Interesting: Minimalist Web Design getspace.org
447 points by rabidpookey  10 days ago   72 comments top 20
endtwist 10 days ago 5 replies      
Though this article is a way for Space to sell their new theme, I can attest to the information provided being very useful in-and-of itself. It's a strong overview of the fundamentals of typography and basic rules to follow for strong visual hierarchy and content readability.

If you want to learn more about typography, I'd pick up (what is considered) the typographic bible, The Elements of Typography by Robert Bringhurst. While it is largely intended for print, most of the rules and suggestions still apply to the web. Alternatively, some pioneering folks put together a web adaptation of Bringhurt's book, http://webtypography.net/

munificent 10 days ago 2 replies      
There's some good advice in there, but mixed in with lots of not-so-good advice, errors, or overly broad claims:

- "The classic typographic scale ... relies on the notion that these sizes, when used together, look pleasing to the eye."

The typographic scale has a fixed set of sizes because fonts used to be physical. Having a 71pt font would be a whole new box of lead.

- "I generally take the largest font I want to use and the smallest font I want to use, and place the headers into that scale at even measures."

For something like scale, a geometric progression makes more sense so that relative sizes are at even proportion (say each is smaller than the previous by 15%) then a linear progression of sizes. The difference between 72pt and 70pt is unnoticeable. The difference between 10pt and 8pt is huge.

- "One way is to adjust the kerning and tracking settings in your design program."

Another way, not mentioned, is to just choose a different weight.

- The "stroke width should be as even and consistent as possible"

It says Georgia has a more even width than Krungthep, which is visibly not the case. Some stroke variation seems to aid readability but too much (like modern serif faces) harms it.

- "Georgia features a larger x-height than Tekton Pro."

That isn't Tekton. WTF.

grannyg00se 10 days ago 4 replies      
"Typography is not merely the process of arranging font on a page. It is a living creature; it feels joy in an exclamation point, ...."

Perhaps I'm just not as excited about typography as I should be, but isn't this a bit too much hype? When I'm told that typography is a living creature that feels joy, I'm immediately going to categorize the teller as a person I will not understand. Instant loss of credibility.

smcl 10 days ago 2 replies      
Heh, I got one line of black-on-white text describing a database error. Thought it was some kind of joke
njharman 10 days ago 2 replies      
Am I the only one that thought that was one of the least interesting and very hard to read (as in nothing drew my eye, lacked any motivation to read those big squarish, repeating, same blobs of text) webpages?

Single long column, not adapting to size of browser window. It's more like a book/article/magazine than a web page. Only color jarring red links. Subtitles identical leading/trailing whitespace so text looks continuous instead of broken into sections.

oh but OA used emdash, that's surely important.

snorkel 10 days ago 1 reply      
There's plenty of general typography advice out there such as this applicable to typesetting walls of text like blog posts and magazine articles, but what about the more specific case of type setting in web application interfaces? When developing web apps I feel like I waste a lot of time fussing with CSS font settings and the end result frankly sucks. Are there any typography snob blogs out there that focus on web app typography guidlines?
5h 10 days ago 0 replies      
at first the page was an error message saying "Error establishing database connection" in 20pt bold black times... that was unintentionally funny.
aresant 10 days ago 0 replies      
Text size, color, and font are all conversion drivers in their own right:


I've found that larger font sizes for copy-heavy sites almost always drive higher engagement

BasDirks 10 days ago 5 replies      
- The ragged-right doesn't work with titles that extend beyond the copy.

- Don't use images for examples that are perfectly possible with just type.

- Em-dashes"like this according to convention.

- In one of your examples you combine sans small-caps with regular capitals. Not good style.

- Come on, there are better fonts than Georgia on my mac. Make me look at them.

And there are more examples of bad style on this page.

Like endtwist said, get yourself The Elements of Typography by Robert Bringhurst if you really want to learn.

rglover 10 days ago 0 replies      
This is a great way to promote your product. I love that the creators are not only giving you useful information for your own work, but subtly offering up their theme as an option. It'd be nice to see other products/services marketed like this. It's subtle and smart.
fedd 8 days ago 0 replies      
i made a minimalist web design for my project website http://vsetech.ru/

as i am not a designer at all, so i had to be minimalistic in order not to be very ridiculous. but i tried to make it look interesting. seems i followed some of the advices of the article intuitively (and some was violated of course)

cormullion 10 days ago 1 reply      
Is that really Tekton Pro in those illustrations? Doesn't look the Tekton Pro I used to know...
skm 10 days ago 2 replies      
Is it just me, or does this look uncomfortably similar to the celebrated iA3 template for wordpress, designed by Information Architects?


nwmcsween 10 days ago 0 replies      
This 'advertisement' misses alignment such as 960gs, this makes information easily readable (compare 960.gs sites to this theme).
evolvingstuff 10 days ago 0 replies      
Anyone else not really care for the line break in the title? Seems to me like it would have been better after the colon, so that "Minimalist Web Design" would be grouped together on the next line.

I wouldn't normally be so nit-picky, but it is an article about typography after all.

floris 9 days ago 0 replies      
A good tool to calculate the rhythm & scale of your website's typography is this one: http://lamb.cc/typograph/

For example(in px):

skrebbel 10 days ago 0 replies      
i liked the examples. a typography noob, this was mostly new to me, and made me think about how small things do really matter.
getsat 10 days ago 2 replies      
105 votes + top spot on HN + submitted by an account registered an hour ago? HN is easily gamed, I guess.
mtogo 10 days ago 2 replies      
Funny, a typography article written in one of the most distracting fonts i've ever seen.

EDIT: Obviously i have no idea what i'm talking about. I just thought that the widely varying heights and odd shapes of the letters was distracting from the content.

tedjdziuba 10 days ago 0 replies      
Learn C The Hard Way learncodethehardway.org
402 points by mcantelon  2 days ago   237 comments top 27
DannoHung 1 day ago 4 replies      
The biggest problem with C is not the language C, for it is a small and mostly simple language with a few warts (I'm looking at you, pointer syntax), it is the ecosystem into which you are thrust when you first use it.

That is, the ecosystem of, "What can I include without dicking around with compiler and linker settings, which I do not care to learn very well because I am just starting?", and the ecosystem of, "Why are all these standard libraries full of functions that all the documentation tells me not to use?", and most importantly, the ecosystem of, "Oh, this looks like a nice library that would make my life easy, (and later), wait, why isn't my program working on this other machine? I copied the binary over? Wait, what's this about a missing so? Oh, that's the library I installed, wait, how do I put it the same directory? Oh my god so many configuration settings! Wait, why can it still not find the library? It's right there now! What's LD_LIBRARY_PATH? LD_LIBRARY_PATH is bad? Why doesn't -R work? Oh, that's only for Solaris? What's the equivalent for friggin' Linux?! Ah, rpath, wait... it's trying to find the ABSOLUTE path? UGGARRHGHGHAAHHHH! Okay, finally, $ORIGIN... now let me just put that in the make file like they said I should.... AHGHGHGHGHGHGHHHHHHHHHHHHHHH!!!!!!!"

Which is to say, the ecosystem of fucking ratholes that have built up over 40 years of poor tool design that cannot be corrected now due to historical precedent.

hp 1 day ago 4 replies      
Ohloh says I've changed at least half million lines of C code (https://www.ohloh.net/accounts/rhp/positions/total)
Play me a tiny violin ;-)

What kinda bugs me is that whenever people go to teach C, they make out like it _has_ to be a low-level exercise, as if writing in C suddenly means you can't use abstract data types or object-oriented style or name your functions properly or have Unicode support.

For example, people teach libc string APIs like scanf() and strtok(), which should almost never be used. (See http://vsftpd.beasts.org/IMPLEMENTATION for one take.) Instead, use
http://git.gnome.org/browse/glib/tree/glib/gstring.h or
write your own like http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-string....

If you're going to display user-visible text, you are pretty much required to link to GLib or another Unicode library, since libc doesn't have what you need (unless you want to use the old pre-unicode multi-encoding insanity).

Don't use fgets() and other pain like that, use g_file_get_contents() perhaps, or another library.
(g_file_get_contents is in http://developer.gnome.org/glib/stable/glib-File-Utilities.h...)

You need help from a library other than libc to deal with portability, internationalization, security, and general sanity.

Maybe more importantly, a library will show you examples that in C you can still use all the good design principles you'd use in a higher-level language.

I told someone to "use a string class" in C recently for example, and they said "C doesn't have classes" - this is confusing syntax with concepts.

C requires more typing and more worrying about memory management, that's all. It doesn't mean that all the best practices you know can be tossed.

There's a whole lot to be said about how to write large, maintainable codebases in C, and it can even be done. It's not something I would or do choose to do these days, but it can be done.

One other thought, two of the highest-profile C codebases, the Linux kernel and the C library, have extremely weird requirements that simply do not apply to most regular programs. However, a lot of people working in C or writing about C have experience with those codebases, and it shows.

nikcub 2 days ago 4 replies      
I always had an idea of a 'for programmers' series of books for those who know how to program in one language (say, C++, Java or PHP) and wish to pick up a new language

eg. 'python for programmers' would not need the first half of it dedicated to explaining strings, loops etc. and could get straight into it from a programmers perspective - a bit like K&R. You could then dedicate more content to explaining philosophy, design decisions, internals, history, politics (learn all the in-jokes ;)), etc.

this would also be a good format to learn new paradigms, eg. 'functional programming in scheme, for programmers'

arkitaip 2 days ago 2 replies      
Zed, your level of productivity is truly inspiring. The best of luck to you.
JoshTriplett 1 day ago 4 replies      
When I first learned C, I did so under DOS, an environment in which you could declare a pointer to video memory, make a magic call, and start drawing graphics. I found that a memorable way to learn pointers. Sadly, doing that in the modern world requires quite a bit more setup.
gregjor 2 days ago 1 reply      
I'll be interested to see how this compares to K&R, which not only teaches the C language but also C idioms and the reasons for using them. K&R is still one of the very best programming books. Every other C book I've read is inferior. Peter van der Linden's "Expert C Programming" is the only book on C besides K&R that I've learned anything from.

Good luck, I'm all for more programmers understanding C but I wonder if the wonderful days of programming close to the hardware are ancient history. "[P]eople are deathly afraid of C thanks to other language inventor's excellent marketing against it." Maybe, but I think the raison d'être for C is not apparent to programmers who started with Java, Python, or Ruby.

alnayyir 2 days ago 0 replies      
I have the "learncthehardway.com" domain, waiting for Zed to stop being so insanely busy so that I can do the hand-off. :)
rpearl 2 days ago  replies      
Do people really think C is some mysterious, inscrutable language?

"To many programmers, this makes C scary and evil."

Is this actually true for people? I find C code generally very easy and straightforward to understand; there's not any magic behind the scenes, like there is in any language that's more "high level" than C.

leon_ 1 day ago 0 replies      
I'm skeptical that it will be an alternative to K&R 2nd ed but nonetheless I'm interested in the result.
rgrieselhuber 1 day ago 0 replies      
emehrkay 14 hours ago 0 replies      
I jokingly made this suggestion to him on twitter. He posted a few "assignments" and we (I assume it was more than myself participating) posted pics of our console output.

This guy loves to program

ctdonath 2 days ago  replies      
I look forward to the content. As a beginning C++ instructor I find there is something lacking between the truth of the language and the conventions for presenting it. Nobody, AFAIK save for the truly hardcore student, has nailed it.
briandoll 2 days ago 0 replies      
I'm very excited to see Zed working on this. This exercise-driven tutorial format seems efficient and practical, but what makes this really stand out is Zed's approach to the overall goal.

I greatly appreciate an 'opinionated' programming book. I've probably heard more debates on formatting and style for C than any other language.

getsat 2 days ago 3 replies      
Why is %d used to interpolate an integer into a format string? I don't recall seeing this done for any reason before.

I hope Zed actually covers how dangerous format strings can be if not handled properly. Format strings are still (hilariously) one of the major exploitation vectors in C-based applications today.

Edit: According to Wikipedia, %i and %d are synonymous. Sorry for the confusion.

mikeocool 1 day ago 0 replies      
Oh man, totally looking forward to this. It seems like so many programmers are kind of afraid of C because it's reputation and avoid learning it because they're language of choice is 'more productive.' Which is really unfortunate, I've found having a good amount of C is hugely beneficial to understanding what's going on under the hood when you're using a higher level language, even if you rarely actually program in C itself.

Plus even if you do primarily program in higher level languages, it's a great tool to have in your belt when you need to fix a bug in a library whose bindings you're using in higher level language, or when you legitimately do need to eak a little more performance from a particular piece of code.

Also, love that the book starts by teaching you how to use make as well, so many C books gloss over the tools.

pbreit 2 days ago 2 replies      
Has anyone actually used "Learn Python the Hard Way" in a beneficial way? I started it several times but never got very far and just learned Python from other sources. I didn't really care for the approach.
Sapient 2 days ago 1 reply      
Having read a fair bit of LPTHW (though I had no actual interest in the language), I am really excited about this.

One of the best things about LPTHW was the context it was written in, and if LCTHW is written in the same way, it should be a really awesome read!

derleth 2 days ago 1 reply      
Isn't "C For Programmers" essentially "HOWTO Use Pointers"? Is there another really complicated idea that C has which most of its heirs do not have?
raniskeet 1 day ago 0 replies      
How about having a webpage with recommended libs for newbies to use? Sort of like NodeJS modules page.
drivebyacct2 2 days ago 1 reply      
It should say "Learn C and make the hard way".
newcguy 2 days ago 0 replies      
I know a fair amount of C. But I am still looking forward to this book as I hear that LPTHW taught something to even intermediate level people. Besides the exercises are usually good and would like to solve them.
seagaia 2 days ago 0 replies      
I hope this book will show lots of new C programmers the beauty of pointers in hand-holdy detail ('cause that's the level needed, I feel). Maybe basic stuff about VM, so all the pointer operations make sense (everything is a byte at some offset etc.).

At least I didn't fully appreciate C until I understood some of the underlying concepts.

Looking forward to reading this!

tomrod 1 day ago 0 replies      
Nice! Where's the rest?
auston 2 days ago 0 replies      
Go Zed! I'll buy this when it's ready for payment!
swindsor 1 day ago 0 replies      
The problem with C isn't C. It's shitty C programmers.

Learn how the language works, follow good patterns, and expect some bumps in the road.

Most of the time, though, you can use a different higher level language, and be a happier and less stressed programmer

What every programmer should know about time unix4lyfe.org
396 points by enneff  1 day ago   112 comments top 28
dirtyaura 19 hours ago 5 replies      
> Timezones are a presentation-layer problem!

I want to correct this common misconception that UTC is enough. Calendar time with all human traditions involved is more complex than a simple timestamp.

The advice above is incorrect for calendar and scheduling apps, or anything that has a concept of a repeating event.

An example: we have a weekly meeting occurring 9AM Monday in San Francisco. You are in London and want to attent the meeting over Skype. When is it in London time?

It depends.

On 7 Mar 2011 it's at 5pm

On 14 Mar 2011 it's at 6pm

On 29 Mar 2011 it's at 5pm

To make these calculations, you need to know timezone & daylight saving time (DST) rules of both your current location and the home location of the event.

A "DST zone" of a home location of a repeating event has to be saved together with a time and thus it's not just presentation-layer issue.

geuis 1 day ago  replies      
"Timezones are a presentation-layer problem!
Most of your code shouldn't be dealing with timezones or local time, it should be passing Unix time around."

I can attest to this. At a previous job our entire API used UTC. It was clean and worked at every layer of the app, from django to our client-side javascript. When we needed to display a human readable version, we did the translation at render time. All interactions with time as data was done with the UTC timestamp and saved much headache.

A couple months before I left, one of the engineers proposed switching everything over to a textual representation according to ISO_8601. I forget the nature of the argument, but it was inane(to me). This actually led an extensive back/forth email exchange between various members of engineering, me as one of the frontend engineers, and even the engineering manager who seemed to favor the idea.

I argued, "why change the entire stack which works just fine, etc etc". Fortunately, in this instance a heavy workload and group apathy about taking on unnecessary additional work allowed this entire concept to wither and disappear after a couple days.

tseabrooks 1 day ago 1 reply      
As someone working working on time sensitive code on embedded systems (DVRs that get UTC from the broadcast), I can certainly agree with the issues laid out in the post.

As an example: We have some certifications our product must pass and the certification body plays a 4 minute looping broadcast stream with the test condition in it. It turns out I handled the time jump hat occurred when the stream would loop around poorly and this caused about 1 week worth of headaches and delays in getting our certification. None of my code expects time to be ever increasing now.

dkarl 1 day ago 0 replies      
Backwards jumps in time burned me once. The user was running my software on machines that had a bug specific to certain Opteron multiprocessor chipsets where a process migrating from one processor to another would sometimes see a backwards jump in time, even when the system's time was marching forward predictably on each processor. It just goes to show that you're always doing distributed computing, even if you don't know it.
laut 57 minutes ago 0 replies      
"Other timezones can be written as an offset from UTC. Australian Eastern Standard Time is UTC+1000. e.g. 10:00 UTC is 20:00 EST on the same day."

Every programmer should know about DST. Offsets are not always enough.

When it's winter north of the equator, some countries are on summer time (DST) south of the equator.

psykotic 1 day ago 0 replies      
Erik Naggum's paper The Long, Painful History of Time is a must-read: http://naggum.no/lugm-time.html
projectileboy 1 day ago 3 replies      
I'd like to add one to the list - store your Unix time as a 64-bit value, to save your client/employer some headaches in 2032. I doubt I'm the only HN user who was spent a lot of time in '98 and '99 fixing Y2K problems.
oasisbob 22 hours ago 1 reply      
Unix time: Measured as the number of seconds since epoch (the beginning of 1970 in UTC). Unix time is not affected by time zones or daylight saving.

I don't think this is strictly correct. This implies that someone could start an atomic stopwatch at midnight on Jan 1, 1970, and it would match Unix time. It won't.

Because Unix time is non-linear and will either slew or repeat seconds when UTC has leap seconds, the hypothetical stopwatch would be ahead of Unix time by 34 seconds.

... at least this is how I understand it. Every time I try and wrap by head around the differences between UTC/TAI/UT1, my head really starts to hurt.

lysol 1 day ago 1 reply      
I like to rip on MySQL as much as the next guy, but the article is incorrect about MySQL DATETIMEs:

DATETIME: Eight bytes:
A four-byte integer packed as YYYY-10000 + MM-100 + DD
A four-byte integer packed as HH-10000 + MM-100 + SS

Storing UNIX time as an integer would be silly, considering:

TIMESTAMP: A four-byte integer representing seconds UTC since the epoch ('1970-01-01 00:00:00' UTC)

petercooper 22 hours ago 0 replies      
UTC used to be called Greenwich Mean Time (GMT)

Sort of. This could be misleading because GMT and UTC are still two different things with different definitions. Wikipedia is a good source of info on this, but for starters:

UTC is closely related to Universal Time and Greenwich Mean Time (GMT) and within informal or casual contexts where sub-second precision is not required, it can be used interchangeably.

So not strictly, but practically.. ;-)

rmc 18 hours ago 0 replies      
Another thing to add: When asking people to put in the timezones, don't ask them for a UTC/GMT offset, and the dates that DST starts/ends. Instead ask them for the tzdata format (e.g. "Europe/London"). Then you can localize that wherever you want.
kamagmar 1 day ago 0 replies      
> UTC (which is an arbitrary human invention)

Hmm, i wouldn't call it totally arbitrary. UTC = TAI + LS, such that |UTC - UT1| < 1 second, where:

* LS are leap seconds,

* TAI is "physicist" time, based on the ticking of atomic clocks at mean sea level. The length of a second is constant.

* UT1 is "astronomer" time, the rotation angle of the Earth with respect to the quasar reference frame. The length of a second is not constant.

The Earth's rotation is slowing down, so UT1 is gradually drifting away from TAI. UTC is a pretty natural scheme to reconcile these two systems.

sehugg 22 hours ago 1 reply      
Also beware storing milliseconds in 32-bit quantities (as if you'd ever! but it happens).

GetTickCount is the poster child for this class of bugs: http://en.wikipedia.org/wiki/GetTickCount

In fact some versions of Windows CE intentionally set this value to (0xffffffff - 10 minutes) before bootup so that bugs were more likely to come out in testing, rather than showing up 42 days after bootup.

Also, don't store time intervals as floating point, especially if you're working on a missile system: http://apps.ycombinator.com/item?id=1667060

MarkMc 12 hours ago 0 replies      
The problem with time-based bugs is that they are often subtle. I've had time-based bugs that only appear between 11pm and midnight; or only during daylight savings time; or only where the client is in a different timezone to the server.

Also, it is very common for business applications to deal with 'dates in the calendar', for example:
a) John's birthday is 26 August 1966
b) The loan was borrowed on 16 January 2006 and repaid on 9 September 2009.

I suspect most programmers will disagree with me, but in my experience it is NOT good practice to use a timestamp class to represent such things. It's better to use a class specifically designed to represent a date in the (Gregorian) calendar. In fact, I created an open-source Java class for this purpose:

roel_v 19 hours ago 0 replies      
Don't blindly follow the advice at the end of this article! The issues he identifies are real, but the 'solution' only work in a small subset of use cases. When one needs a longer time span than [1970-2038], Unix timestamp is horrible - how are you going to represent a date of birth in it for people born before 1970 (yes they do still exist!)? There is no guarantee that negative timestamps will work!

Also it doesn't take different calendars into account, still doesn't work with leap seconds, doesn't deal well with time spans (t1 - t2 specified in seconds can be a lot things in reality), ...

Use a proper date time library to deal with dates and store them in your database in a string format, including the time zone. It depends on your application which time zone (UTC or local), but in general UTC is best, and the local time zone could be a second column if you need the info (or it could be a property of the user, but e.g. many calendaring application then screw it up in the UI layer...)

I'd like to read a book on the UI issues associated with dates and times, anyone know of something like that?

sgerrand 1 day ago 3 replies      
As per gakman's comment in the Google+ crosspost[1], be wary of the Unix millenium bug[2] if you use integers for timestamp storage.

[1] https://plus.google.com/106356964679457436995/posts/Hzq2P7V6...
[2] http://en.wikipedia.org/wiki/Year_2038_problem

rubashov 21 hours ago 0 replies      
Fails to mention the distinction between Zulu and Solar time. All the times mentioned are based on cesium atomic clocks. Satellite and military applications are often instead based on when the Sun is exactly opposite the Greenwich Meridian, re-synced daily.
JonnieCache 17 hours ago 0 replies      
For anyone else who has just learned about UT1 time and wants to know what it's current value is, here's the link:


Today, UT1 - UTC = 82ms.

jen_h 1 day ago 2 replies      
"The system clock can, and will, jump backwards and forwards in time due to things outside of your control. Your program should be designed to survive this."

This is one of my favorite go-to test cases. I've found some really fantastically interesting, catastrophic network halting badness with this really simple test.

jorangreef 17 hours ago 2 replies      
In the future, the world will use UTC and sunrise and sunset will happen at different times, relative to where you are.
melvinmt 1 day ago 2 replies      
One notable addition: relative time is the same for everyone.

What I mean by this is that instead of messing with timezones (by trying to guess the user's timezone or even worse, asking for it) in most cases it is sufficient to tell the user something has happened x hours ago, or y days ago.

If you're programming in PHP, I can recommend this book: http://www.amazon.com/architects-Guide-Date-Time-Programming...

maurycy 1 day ago 0 replies      
For a much more detailed perspective about time, and still rather accessible, check Poul-Henning Kamp's work:


nivertech 19 hours ago 0 replies      
The most important thing a programmer need to know about time:
"Don't use t+1 or t+N in your timeseries backtesting code ;)"
rvkennedy 19 hours ago 0 replies      
Julian Date FTW! Seriously, JD is much smaller than Unix time, so it's less wasteful of numeric range for most practical purposes. And its use would eliminate a barrier between the computing world and that of science.
tintin 18 hours ago 0 replies      
Does NIST (and other sync tools) keep in mind the round-trip of a request (RTD / RTT)?
altrego99 22 hours ago 1 reply      
MySQL (at least 4.x and 5.x) stores DATETIME columns as a "YYYY-MM-DD HH:MM:SS" string

Wow that's terrible!

wooptoo 16 hours ago 0 replies      
> When storing time, store Unix time. It's a single number.

This is BS. ISO-8601 (MySQL time) is way better and is not prone to the 2038 bug. Unix time has 'scalability' issues.

lacerus 21 hours ago 1 reply      
How can I make Ruby on Rails use unix timestamps instead of MySQL DATETIMEs?
Hacked Gmail Account multitasked.net
383 points by madewulf  8 days ago   164 comments top 32
Matt_Cutts 8 days ago  replies      
The key part of the blog post for me is this: "To mitigate the risk, Google recently launched two-factor authentication, a mechanism that requires you to input, on top of your password, a code generated by an application installed on your phone (iPhone, Android and maybe some others). I have activated this today."

Anyone savvy enough to hang out on HN probably has a fair amount of valuable info in their Gmail account (domain registration info, passwords/access to shopping sites, etc.) and should activate two-factor authentication: http://googleblog.blogspot.com/2011/02/advanced-sign-in-secu...

Is it a little more hassle? A bit. But when someone else tries to log in from a new IP address in the Ivory Coast, or China, or wherever--they'll be prompted for a PIN and won't be able to log in.

I activated two-factor authentication as soon as I could on my Gmail. I think everyone reading this comment should too.

raldi 8 days ago 6 replies      
What I'd like is one-factor for my typical "log in and check mail, write back to a few people" use case, and two-factor or a second password that kicks in when I (or a bad guy) tries to:

* Log in from a computer that's never used this account before

* Set up a forward

* Make a mass mailing

* Change the password

* Do extensive searching or searching for suspicious terms ("password", "credit card", etc)

* Export a large amount of mail

...and other such things. That way, I don't have to be inconvenienced by constantly having to use the second factor, but would still survive a stolen laptop, keylogged passord, or sniffed cookie with a contained amount of damage.

yaakov34 7 days ago 1 reply      
I don't understand why so few comments mention that the "last chance form" is a huge security hole. It seems like most of the information for filling it can be seen by someone over my shoulder as I use Gmail. And it's apparently completely automated and can be tried multiple times. I use a strong passphrase and two-factor authentication for a reason, and this defeats it. I already disable the "secret questions", since I don't want cracking the account to be much easier than cracking the passphrase.

I would like Google to give me an option to disable the "last chance form" for my account. Or, if they inisist, I'd like the "last chance" to be to fly to Mountain View and show Google my passport or a court order.

EDIT: and for extra bogusness, it seems that the information needed for the "last chance form" can't be changed if it's compromised. I mean, I can change my passphrase if I suspect it leaked, but how do I change the date when I started using Gmail? Sounds like the best thing to do the moment a Google account is compromised is to close it.

RyanKearney 8 days ago 1 reply      
> Time now for some damage evaluation. I immediately saw that all contacts had been deleted (annoying but not too bad)

There's pretty much a one-click restore process now: http://i.imgur.com/1EYZ5.png

drivebyacct2 8 days ago 6 replies      
Not sure why any of these steps should lead you to fear about using Gmail. Hosting your email yourself is almost surely more risky. Those hosting their own email aren't going to have complex password recovery system with the abuse protection that Google's has. There isn't going to be a warning system to alert you that there have been sign-ons from foreign states/countries. There isn't going to be two-auth out of the box unless you install the PAM module.

If your weak link, was, as usual, the human link... I would be inclined to trust a system more catering to (forgive me) ignorant users.

I just worry that the mindset is, "I got hacked because I use Gmail, if I used something else I'd be safer." and I find that logical to be pretty flawed.

51Cards 8 days ago 4 replies      
I haven't set up two-factor auth yet because I don't always have my phone handy and my understanding of it is that on each log-in you need to use both factors. My comments below are based on this understanding so forgive me if I'm wrong.

What I would love is if instead it asked for both factors under these circumstances:

- option A - on every login like it is now.

- option B - at least once every X days, with a warning that "within the next three logins you'll need to use your second auth" so I will know when it's coming without being locked out because my phone is dead.

- in both of the above cases ALWAYS require two factor auth every time I change the account settings (like password, recovery addresses, etc.) Possibly even require it when I try to do things like purge a mailbox entirely or bulk email all my contacts.

Having this blended option would make it a no brainer for me

Edit: Thanks all for the clarifications below. I am going to give it a try.

unshift 8 days ago 3 replies      
tl;dr: don't give your password to anybody. we've been saying this since the mid-90s but people still seem to slip up.

gmail's two-factor auth is nice and easy with the handy iPhone app. of course nobody wants to complicate something like sign-in, but email integrity is very important. facebook also has a similar two-factor auth process (though not as nice; they text you, vs a nice app).

two-factor is a no-brainer at this point for managing your identity, especially given the huge volume of leaked passwords we've seen in the past month. it only takes a few minutes to set up and almost completely eliminates problems like the one in this article. if you haven't set it up yet, do it now! much easier than learning the hard way.

muppetman 8 days ago 0 replies      
I read a story similar to this a few weeks ago. The guy recovered his account, changed all passwords, but then it was snatched again. Rinse and repeat, I think he got it back in the end though.

Very strange - he thought he'd been targetted specifically.

sorbus 8 days ago 2 replies      
> most distressing to me is that I am still unable to explain how those guys were able to get access to the account twice after I changed the password, security questions and backup email address from my Mac that does not seem to be compromised.

It sounds very much like the hackers were also using the "last chance form." Consider that all of the information it requests is available through Gmail - account registration data, names of tags, most emailed people, and verification code (which was apparently emailed to him, and therefor present in the compromised email account) (Note: I haven't used the form myself, I'm going on the information in the article).

Also, the title is a bit link-baitish.

hzay 8 days ago 2 replies      
I went through this two years ago. My ex was hacking into my accounts.

- He used the 'last chance form' to get into my gmail by entering the password I'd given him a year before this (I'd changed the password twice after giving him that password)

- He ran a dictionary attack on my college email which didn't have captcha's, then hacked gmail using the password that worked for my college email

- We were using shared vnc in college, he found his way to my firefox through a mutual friend, installed a plugin that sent him all POST data and got into my gmail again

I created a new gmail account after each incident. I had to abandon each gmail account once it was cracked because of the 'last chance form'. Back then, you only had to give it one or two correct past passwords, and it gave you access. On hindsight, I've been remarkably dense, but it was a good, early lesson.

llgrrl_ 8 days ago 6 replies      
This is exactly why I'm using two-factor authentication for gmail (heck, I even ported the two factor auth code generator to my watch so I don't have to panic when my android phone runs out of battery - http://tnhh.net/pancake/chronos-otp.xml :-)

However, I don't use Gmail for 'everything,' it's just too dangerous and I feel doing that way Google knows more about me than they should. I think everyone should be hosting the main email address under something that they can sure control (your work/edu account, or a paid email service). My main account is hosted on fastmail (I paid something like 12 bucks for three years) and is cloaked under a dozen of other email addresses.

Plus, for fastmail you get a free smtp account, and a standard IMAP account (gmail's IMAP is weird). And they will respond if you're in troubles.

josephcooney 8 days ago 0 replies      
A friend of mine got his domain stolen recently. He believes his gmail was brute-forced through a known vulnerability/feature when POP is enabled http://seclists.org/fulldisclosure/2009/Jul/254 . He did a write up http://secretgeek.net/sg_hijack_1.asp and here http://secretgeek.net/sg_hijack_2.asp . As soon as this happened to him I turned on 2-factor auth and it works very well.
KingOfB 8 days ago 0 replies      
This happened to my girlfriend and I had a similar freak out. After asking a few more questions she remembered getting an email to enter her gmail password to get more storage space.... She knows better, but just didn't think about it - it seemed legitimate. Ask your friend more questions, I bet she fell for the same scam. I've met 4 people now that fell for the same one.

I'm also very concerned about the no 'restore' option from gmail. What good are google backups if you can't initiate them?

madewulf 7 days ago 0 replies      
For the record, I don't think that Gmail security is bad, or worse than something else. I just wanted to report my story, as I thought it would be interesting. I am a bit overwhelmed by the reaction to this post, honestly.
spacemanaki 8 days ago 0 replies      
I bet signups for Gmail's 2-factor auth spikes when stories like this start circulating. It's awesome that they provide it. I fear it might be too much to ask for my mom, grandmother, etc, who are probably more vulnerable to being attacked in the first place (weaker, duplicated passwords for sure).
eneveu 7 days ago 0 replies      
I've also activated two-factor authentication, and I don't think the drawback he mentions are that problematic:

This indeed increases security, but tends to be a bit cumbersome (I often have a depleted battery, for example, which could prevent access to my emails from a computer) and does not solve other case (like somebody stealing my laptop and using an already opened session).

1) You can print a list of one-time passwords and store it inside your wallet. If your phone's battery is depleted, you can use them to log in. You should store another copy of this list in a safe place, just in case.

2) If somebody steals his laptop, he could always log from another computer and disable his session and/or change his password. He should use a password-protected login on his laptop anyway, with an encrypted drive.

jarin 7 days ago 0 replies      
My Gmail account recently was compromised due to the MtGox intrusion, as I had completely gotten lax with my password security practices (I noticed because I was no longer able to log in to my Google account). The worst thing about it is I knew better. I had 4 different passwords that I would use for different types of sites, and it just so happened that my MtGox and Gmail passwords were the same.

Thanks to my backup email account and 1password's ability to search accounts by password, I was able to restore access and change every account password I had gotten lazy about, before any damage was done. Turn on 2-factor authentication for my Gmail and Google Apps accounts, and now I can finally feel secure with only 2 passwords I have to memorize (Gmail and 1Password).

chapel 8 days ago 1 reply      
One thing you should check for if your email was compromised is the pop3 forwarding and imap. Attackers will forward your emails to their own accounts using either or both. This makes it very easy for them to retake your account.
someone13 7 days ago 0 replies      
A friend of mine had a similar problem with her Hotmail account.

It had been hacked, but the recovery questions hadn't been changed (mainly, I think, because Hotmail makes it incredibly difficult to even find the option to do this). We reset her password, changed everything, and the account got re-hacked within 30 minutes.

This happened three more times until, eventually, the recovery questions were changed and we couldn't get access. I posted on the support forums, regained access, changed EVERYTHING (this included checking for email forwarding rules, and so on).

Now, through all this, I told my friend to not sign in to the account (or use MSN) from any computer except mine, to ensure that it wasn't a keylogger or Trojan that was causing this. My machine was running an up-to-date version of Ubuntu, on my home network, using HTTPS. So I'm pretty sure it wasn't a trojan.

Unlike Google, Hotmail requires a human to look over your problem, so after the third time we had to wait for a day to get the account accessed, we just gave up. I signed in, copied down as many contacts as I could, then deleted all the incoming emails. We ended up having to abandon her Facebook account too, as the hacker accessed that and was spamming her friends. Her Tumblr, and a couple of other accounts were toast also. We almost her Facebook back, but the hacker deactivated the account.

It was very frustrating trying to solve this, because I didn't know how the account was being accessed! I opened a ticket asking the Hotmail support staff to tell me how the password was being reset - not any more information, just the method - and they came back with the standard "we won't reveal information unless you have a search warrant or court order".

I love modern technology and all, but sometimes it's REALLY frustrating.

16s 7 days ago 0 replies      
For those of us who never travel outside the continental U.S. (or wherever), it would be nice if Gmail had an option we could check that read, "Disallow international (non U.S.) access to my account."

This would add a small measure of protection, though is not ideal as compromised machines (or proxies) in the U.S. could still access the account.

pavel_lishin 8 days ago 1 reply      
So, it seems that the XP machine was the source of intrusions - I'd like to see a follow-up.
S_A_P 6 days ago 0 replies      
So Im perplexed about how the gaming XP machine fits in here. I can understand that maybe that machine was used to log into the gmail account once and the auto login would have let the "hacker" in once. How then, if the user changed the password and security questions, etc did this person access the account 2 more times???
leon_ 7 days ago 0 replies      
> I was very glad that the "last chance form" did work twice

> That's when I lost the connection again...

hmmm ...

bwooceli 7 days ago 0 replies      
There is another layer of protection you can put in place - Google Apps. For many people, spending the $10/year on a private domain with the 10 account limit would be more than sufficient. Allocate one of those accounts to a strictly administrative role with 2 factor authentication. That way, you can self-serve on things like emergency password resets etc.
paulnelligan 7 days ago 2 replies      
Something i do quite regularly is google search each of my passwords, and I would advise anyone to do the same.

I found several older passwords with my login up on a file-sharing website not so long ago. Luckily I didn't suffer the same fate as the writer's wife.

Also, I believe that google should have 'paid support' in place for this type of situation. No doubt it would be profitable for them, and would save many people quite a lot of pain.

jdhopeunique 8 days ago 0 replies      
It would be nice if Gmail and Facebook had two separate passwords: one for everyday login and another for administrative functions such as changing passwords, forwarding options, etc.
jeggers5 7 days ago 0 replies      
I'd say this is happening a lot more than we actually hear about. He also raises a good point about how if you gained access to a lot of people's gmail a/c, you'd also get access to a lot of other services they use via the password reset form.
paraschopra 7 days ago 0 replies      
Just enabled 'Two factor authentication'. Thanks for writing this. Made me realize the loss I would incur if my account gets hacked.
riffraff 7 days ago 0 replies      
the "last chance form" (or "account recovery exam") really is a hard and impossible to find thingy.
Also, I frankly have no idea about when I started using some services, and worst, no clue on how to find out.
aj700 8 days ago 1 reply      
They should be asking for certain characters of your password now, to defeat keyloggers. If you've got tons in the cloud, you need bank-level security. If people can cope with it for banking, they can cope with it for gmail.
namank 8 days ago 0 replies      
I worry about this a fair bit. This is why I am in the process of cloaking my gmail with a throwaway address (ping@namank.com)

And I just suggested gmail this:

Gmail runs my life, as it does yours! Yes, I have an alternate email but whoever has my password can change it and then I'm LOST! You need to make this hackproof (yes yes, i know. but please, atleast TRY)

I suggest:
-Have a backdoor password. There MUST be a 24-48 hour window between changing the backdoor password and the main password.

-Must be a 24 to 48 hour window between a password change and alternate email change.

swaits 7 days ago 0 replies      
You get what you pay for.
Calling Bullshit on Unpaid Interships irishstu.com
372 points by EamonLeonard  4 days ago   202 comments top 47
WillyF 4 days ago 7 replies      
I didn't realize that the unpaid internship situation is as bad in Ireland as it is here in the U.S. My startup helps college students find entry level jobs and internships, so I'm constantly aware of what the latest trends are.

One trend that really scares me is that there are some "career experts" whom I interact with regularly who offer their own unpaid virtual internships (I've seen lots of other internships like this, but the fact that career experts who are supposed to help interns are offering these really blows my mind). These are people who don't have the ability to offer many of the benefits that do come with an unpaid internship such as making connections, learning what it's like to work in a real office, having a recognizable name on your resume, etc.

Another trend that scares me is that we're seeing more and more internships auctioned off in charity auctions. Rich parents actually pay for their kids to get some experience.

Unfortunately, interns aren't going to be the ones to stop this trend. Unpaid interns do benefit from their internships. They mostly accept it as something that they have to do, and they know that if they refuse to take an unpaid internship, there are thousands of other students who will snap up the opportunity.

Change is either going to have to come from employers or the government. I strongly believe that offering paid internships is more favorable to employers because they get better quality interns who are more motivated, and the employer has a stronger incentive to use the intern's time well.

Here in the U.S. there are already laws against unpaid internships. I wrote an article on it here: http://www.onedayoneinternship.com/blog/are-unpaid-internshi...

There's actually an excellent and fair standard for determining when an unpaid internship should be allowed; however, I've never heard of an employer's being prosecuted under the Fair Labor Standards Act for having unpaid interns. And if the law were to start to be enforced, I'm not sure the outcome would benefit students in the short-term. There would be a lot fewer opportunities as many employers would get rid of their internship programs. This would result in even more competition for what paid opportunities were left.

I really hate unpaid internships, but I still haven't figured out what it's going to take to make them a thing of the past. They've become an essential part of the transition from education to employment, and messing around with that in a time when really talented grads are struggling to land jobs probably isn't a good idea. We may have to wait until the economy really heats up again.

zeemonkee 4 days ago  replies      
Unpaid internships are essentially a form of serfdom.

The serf system in Russia IIRC started with free peasants who sold themselves into slavery to the landowner when they fell into debt - unlike African slaves in the US, who were essentially kidnapped into servitude.

In the same vein people are taking up voluntary servitude in order to get a paid job - sometimes even paying for the privilege.

Moreover - a point not raised in the article - in expensive cities the only way a fresh graduate can survive without salary is if their parents subsidize them. Who can afford to do so ? Rich families. So it's a form of discrimination.

A company has no excuse for not paying at least minimum wage. If you can't afford the employees you need you shouldn't be in business, period. Any company that uses unpaid internships is morally bankrupt and should be boycotted.

wccrawford 4 days ago 4 replies      
And as usual, I disagree.

When I was just starting my career, I would have gladly worked for free as an intern to get my foot in the door of the industry. Now, I wouldn't have done it for -long-, but internships aren't supposed to last a long time. As it was, instead I spent a year unemployed, and then took a job as a stock clerk at a grocery store. That time would have been much better spent as an intern... Especially since I think I could have found a job after 3 months of being an intern. 6 at the most.

The reason his entire post is wrong is that the person DOES get something out of it. They get training (whether it was structured or not is a different matter) and they get experience. Guess what helps you get a job most in the IT industry? Experience.

As for being hired, any company worth their salt will offer a real job to anyone who shows skill. Job offers should never be automatic.

nicpottier 4 days ago 5 replies      
Perhaps it is different for design, but taking on an intern for a software shop is almost always a greater burden than benefit.

I interned at a few different places while in college, and I was definitely way ahead of the class as far as writing useful code. Regardless, the overhead of people bringing you up to speed on their specific projects and processes for only three months of work just doesn't match what you are going to contribute. The cold hard fact is that you are still junior, very junior, no matter how much a hotshot you think you are. So the time they put into you makes it a pretty even trade for it not to be paid.

Though come to think of it, both internships I went to were paid. But the point stands.

To put it simpler terms, ask any company whether they find new college graduates effective and worth the overhead for the first few months they work. I doubt many would say yes, and those are people more qualified than those seeking internships.

officemonkey 4 days ago 0 replies      
At my organization, we used to have unpaid internships for college students, but they would receive college credit. We thought that was still kinda B.S., so we found some money and created paid internships.

Back in the day, when I started my career, to get my foot in the door, I worked at a temp agency. "Word processing" was all the rage and they needed people who knew how to use Microsoft Word. After a couple of months the boss noticed I knew how to spell "glaciolacustrine" correctly, so he asked if I had a degree. A couple months later I was hired. All the time I was getting paid $10/hr.

That's the way firms should be finding and cultivating young talent: paid internships, temp services, and recruiting. Unpaid internships are indeed bullshit.

Confusion 4 days ago 0 replies      
If you're not paid, you're not valued. Nothing you produce will ever be good enough. Nobody will make time for you, because they have more valuable things to spend their time on. No money is lost if you're struggling to do your assignments; no money is lost if you don't learn anything.

A company should be invested into their interns and the best way to be invested is by paying them a wage and expecting decent work in return.

hugh3 4 days ago 0 replies      
I work in academia. In academia, we pay crap, especially to the people at the bottom of the totem pole.

But even we pay our summer interns.

GvS 4 days ago 1 reply      
It's not a problem for IT students. I could choose from many offers in my city. At our forums we laugh from low paid offers and I haven't seen unpaid one. I ended up going to different country and earn 1,1k euro with no real experience at all and I extended it during crisis (it was few years ago) so I guess I was useful.

If you really can't find anything it's better to make nice portfolio projects for yourself at home or work on some opensource project. It's similar experience but feels much better than working as slave for some awful company that can't even afford small wage.

noarchy 4 days ago 0 replies      
Even Wal Mart will pay you while training you. If a company cannot meet that standard, something is wrong, imo.
Produce 4 days ago 0 replies      
Companies tend to save money at all costs, even at the expense of decency and Doing The Right Thing™. It's the same reason a lot of them have clauses in their contracts forbidding people from discussing their wages, even though it is in the employees' interests to do so.

I figured something out when thinking about this one day - where you're going is how you'll get there. If your goal is to make money, your goal is greed and your path will be a greedy one. If your goal is to make a positive contribution to those around you and get one back in return, then you will still make money but won't step on peoples' toes in the process.

maeon3 4 days ago 0 replies      
If you become an unpaid intern, then you better be learning 10 new things per day that you couldn't have learnd any other way. I can see where interning where be beneficial for both individual, company and society. However in the vast majority of cases the intern is just getting ripped off.
synnik 4 days ago 1 reply      
Wow. We hire almost every intern that works for us, unless they suck. Internships are also normally done pre-graduation from college. It is not a job, it is in exchange for college credit. We hire the day they graduate.

But it is also up to the intern to decide whether or not our internship is right for them. A overgeneralized diatribe like the one posted is aiming to get people to not intern at all, whereas the appropriate act would be to critically evaluate your options, and make an informed decision about each specific company.

rb2k_ 4 days ago 0 replies      
While I think it's horrible if companies don't pay interns, I can see how the "you're learning things!" angle could seem more reasonable in the US.

My outside view is that a lot of Americans pay thousands of dollars to go to university.

Universities are, for a lot of people, just a means for learning a discipline and giving them more/better possibilities in a future job search.

While most internships aren't as "prestigious" as a university degree, they probably don't cost as much either.

In the end, both of them will have allowed you to make some new contacts, learn trade-specific things and add a new slot on your résumé.

p.s. this certainly doesn't go for all professions/internships. But the general direction seems about right.

davidw 4 days ago 0 replies      
0 is just one number along a range of numbers - it's not particularly special. In some cultures, it's considered normal to exchange not just free labor to get your foot in the door, but to actually pay cash to do so.

I am not convinced it's a net win for society.

chrisclark1729 4 days ago 0 replies      
Perhaps this thread has gone too long, but the comments are overwhelmingly against doing work for free.

TL;DR - It's an interns fault for taking crap free work, in essence putting their future in someone else's hands.

My experience: 3 years ago I was an accountant and thought about killing myself nearly every day. It used to take me 10 - 15 minutes to get out of my car every morning just to walk inside. I was able to use free work to transition from a boring career to one I enjoy in an incredibly short amount of time.

Rather than go back to school only to finish in debt and start at the bottom I was able to trade valuable work that I could do (finance/accounting) for experience in work that I wanted to do (development/data analysis). I would always suggest short projects so as not to overwhelm either party, but this turned out to be very favorable in the long run.
One major caveat is that these were not company created internships. I wasn't in the business of letting a company compile all of their shitty work only to pass it off on someone to do for free. THAT IS WHAT NEEDS TO BE CALLED BULLSHIT ON.

If a job seeker shows just a little initiative they can force free work to have a training component that is defined in advance and one from which they will benefit. Too many workers put their future in someone else's hands by assuming the company has some training program mapped out for them. Not surprisingly, these are exactly the types of employees who continue the cycle of useless and exploitative internships that you rail against.

If you are doing work for free, YOU are on the hook. You hold most of the cards because there is nothing forcing you to continue working.

apinstein 4 days ago 1 reply      
I can't find the article right now, but there have been studies about and there is evidence for that many people will do something for free, but if offered to be paid a market rate that is low for the same work, will not do it. In fact, they'll be insulted by the low value ascribed to it.

Personally I would feel like an a-hole offering someone minimum wage to do intern-level work at our startup. Nor would I want it on my resume that I worked as a web developer for $8/hour. They do not want a market price that low on their skills. They'd rather have a free internship on paper.

That said, it does all depend on context. In fact during high school I worked in a bio lab for free for about 50 hours and then asked for a paid internship (which was minimum wage) during the summer. However I was a high-schooler, so this was cool. But I would not have taken (and in fact turned down) low-paying jobs after college. So I can see that context does matter, and I don't think it's fair to rip on all unpaid internships with the same stroke.

amirmc 4 days ago 0 replies      
I've had friends who wanted to get into journalism and publishing and the only way they could do it was by working for free for several months. Not even 'internships', just free work. Eventually, there were vacancies and they were the obvious hires.

I'm not suggesting this was fair but it was a pretty clear case of supply outstripping demand, which meant that employers could afford to let the system develop this way.

epo 4 days ago 1 reply      
30-day free trials are for software. People deserve more respect.
jasonlotito 4 days ago 2 replies      
Correct me if I'm wrong, but isn't the idea of an internship about learning, not about producing? If your producing for the company something they are selling (or creating net value), don't you have to get paid? I mean, people here are talking about actually working on projects the company is earning money for. That's not an internship.

Am I clueless, or are other people just ignorant?

andrewflnr 3 days ago 0 replies      
Last summer, I took an unpaid internship at a software company, if it can be called an internship. I was introduced to someone who worked there, and he got it worked out for me. I didn't work on core stuff for the company, so maybe it was less an internship than just hanging out in the offices while I worked on an open-source project relevant to them, specifically github.com/andrewf/pcap2har .

I learned a crap-load of stuff there, technical and otherwise. I am enormously better off having taken that opportunity. Would I have been worse off if I had worked on stuff that directly made them money? No.

My friend has left to work on his own startup, but I started this week as a paid intern. I hope to keep working part-time when I start school again.

I cant speak for other people's experience with less-scrupulous employers, but I have nothing but gratitude for the people who gave me my unpaid internship.

bugsy 4 days ago 1 reply      
In the US there's two very different sorts of internships.

The first is what you describe, scamming desperate people during a economic depression out of free skilled labor that has monetary value to the company.

The second is internships at places like magazines, newspapers and politicians offices. These ones are more interesting. Poor people and minorities can't afford to work for a year for free. But the children of the rich can. The internship provides cover to avoid having to hire minorities since hiring takes place from the internship pool.

dmoo 4 days ago 1 reply      
As this is Ireland I've got to assume there is also an element of trying to reduce the numbers who are technically unemployed and so make things look better. It sounds very familiar to the community employment schemes etc. from the '80s where people basically worked for their unemployment benefit so as to gain work experience / help the community. I can even remember being turned down at an interview for one of these way back when and feeling pretty bad.
In the end some people will gain something & some people will be exploited but it wont make much difference to the economy other than to help drive down wages.
erikb 4 days ago 0 replies      
In Germany I often see unpaid interns, but actually not in a bad situation. There are 2 situations in Germany when an unpaid internship will happen: One is, when the students working as interns are still going to their schools and maybe are first or second semesters. So actually they don't really create value, but they cost time, energy, working hours of coworkers, electricity, rent and so on. The company basically already pays a load to have this intern sitting there and a high chance to get no value back in return. I think in this situation it is quite fair, not to pay wages.

The second situation is, when students try to get a job, which a lot of people want to have, like at Google, Price Waterhouse Coopers and so on. In this situation the brand alone will help them out later to get better jobs or even give them a chance for a full time job in this company that others can't get. It's a little like doing a start-up. You put in a lot for the small chance to get a unnatural big payoff.

In both situations I can't disapprove of unpaid internships. I hope with sharing these experiences, other readers might get a more objective point of view. It is not all bad about unpaid internships!

gorog 4 days ago 1 reply      
This past year I followed a web development course. I'm now supposed to work 3 months for free. I don't mind it because I've been jobless for a long time before. The problem is, I just can't find an employer (in France). I get the interviews, but my interviewer always assumes that I'm supposed to know everything by heart, have nothing more to learn, and more importantly, they want to see a portfolio of sites I've done before other than the one I've done in class. Basically, they don't want an intern, they want a real, super-fast worker for free. So I'm going to fail at my diploma because nobody wants me to work for free for them. To make it worse, I'm the best student of my class. Those who can't code found an internship. Are we supposed to lie and bluff to be allowed to be exploited?
stevenwilkin 4 days ago 0 replies      
The place I'm currently contracting in (mentioned in article) has their summer intern programme in full swing.

Not only are the guys getting decent pay but they are building a useful in-house app while getting trained up in technologies like OS X, Linux, Git, Ruby, Rails, MongoDB etc.


jeffchuber 4 days ago 0 replies      
Companies often don't pay interns for 2 reasons:
1. They don't think they can afford to give them responsibility, and with no responsibility = no pay. This is a terrible relationship. (no pay = no responsibility as well)
2. They know that if it's unpaid - it's likely that only people very interested will apply - and this signal is, supposedly, very strong.

The 3 MAJOR problems are:
1. The company is sending a signal that says, "we don't trust you", "we don't think you can do valuable work", "and we don't value you enough to pay you"
2. The company gets lower skilled people, because the good ones get the jobs with good experience AND pay
3. Have you EVER tried to get a volunteer to do anything?! It's impossible. Incentives are not aligned.

georgieporgie 4 days ago 0 replies      
I don't know why there aren't more low-level tech jobs for college students. I paid for a couple years of state school by working in a deli. The only jobs I saw that would hire a "college kid" were on campus, and those basically boiled down to having the right connections as soon as you arrived. No longer a freshman and nothing related on your resume? Not interested.
kosei 4 days ago 0 replies      
Personally I got a lot of value out of my unpaid internships (Kate Spade & Sports Illustrated). Though I understand the reasons against it, I got to a) work with a great team, b) make some great business contacts for future job referrals, and c) get experience that looked great on my resume.

That said, I completely understand that my experience was the exception rather than the rule. Plus, both companies I interned at most likely could have afforded to pay me too.

afterburner 4 days ago 0 replies      
Are CS students not cynical enough? Compared to, say engineers (non-software)? Or is it just the effect of fierce and deep competition?

Or perhaps the potential for learning a lot (practical knowledge) in a short time is greater in software dev work than others?

walkon 4 days ago 1 reply      
I'm confused. Who forces people to work for free?
studiofellow 4 days ago 0 replies      
Passing judgment on all unpaid internships in all situations is unreasonable. When deciding whether to accept an unpaid internship, common sense is the best guide.

I've seen both unpaid and paid interns treated poorly. I've also seen both thrive. I personally had 2 paid internships before I graduated college. One was demeaning and the other an incredible learning experience.

If an unpaid opportunity offers a lot and you can afford to take it, why not? How is this different than contributing to open source or doing pro bono for charities?

However, if a company doesn't want to pay, I'd suggest more caution. Ask lots of questions, and if you end up just getting people coffee, quit. Interns are working professionals just like anyone else and deserve equal respect.

ThomPete 4 days ago 2 replies      
If products can be free so can interns.

Look at it as a freemium model.

phxrsng 4 days ago 0 replies      
In the US at least, there are many opportunities for paid internships. All the major tech companies offer them - Google, Microsoft, Yahoo, Facebook, Zynga, Boeing, Lockheed, etc - and many of the smaller ones do (though in smaller numbers). At almost all of them, interns are treated as normal engineers and put on teams as basically full time employees with an end date ~3-4 months after they start. They are paid very well (competitive with what a FT employee would make for 3 months). The internship can, and in many cases, does result in a full time or reintern offer.

The thing is, you have to be able to cut it and basically interview as someone who they would WANT to hire as a FT after a year or two more experience.

yellowredblack 4 days ago 0 replies      
This is what I learned from a half-day legal seminar in california aimed at startups:

In California, unless the work is for course credit at an established institution, an intern must be paid minimum wage. If not, the intern can do the work, and then file with the state, which will then do all the investigation. The intern doesnt need to get a laywer. They get the state's lawyers looking for a hefty fine, back taxes, and the opportunity to audit the hell out of someone. Start-ups are especially vulnerable to this because programmers who would normally be exempt probably aren't making enough and should be paid overtime. The state doesn't care what those programmers want. They want their back taxes.

walexander 4 days ago 0 replies      
I had a paid internship but would have gladly done it unpaid if I had to. I interned at a big name place, so YMMV, but I can say that senior year when I was looking for jobs _no one_ cared about what I did in school and _everyone_ cared what I did at that internship.

You are not going to work there to do slave labor, you're getting bullet points on your resume, mentorship from senior engineers, as well as taking in the business environment which you've probably never seen before.

I hope no college student who can't find another option has decided to stick his nose up at an unpaid internship because of this post.

joe8756438 4 days ago 0 replies      
There's a great book that came out recently, Intern Nation, it's the first exposé on this issue that I'm aware of. It is fantastic, totally engaging, covers all of the many aspects of the internship problem and its genesis.
conjectures 4 days ago 0 replies      
The problem is part informational. Grads take internships in the _hope_ it will lead to a job. For most it doesn't. Hope is perennial, so more bums can always be found for seats.

Banning them is unlikely in most countries as it's politically unrealistic. Exhorting companies not to do it is unreliable. So not easy to close off intern demand.

Tackling the supply side might be a better bet. The answer might be in educating grads to mentally file internships alongside diet pills and pyramid schemes. Providing alternatives also good (but more difficult).

scottseaward 4 days ago 0 replies      
The CV still rules when it comes to getting past HR departments and into interview. The HR departments (and employment agencies) I've worked with look directly at the Work Experience section of a CV and then tick off a bunch of boxes for the job they're trying to fill. Unpaid internships are one way to fill a CV with relevant experience. Find a way to bridge that gap and you don't need to do an unpaid internship. I went through 3 months of unpaid work with an ugly little company for exactly this reason, and it paid off, but those were the most trying 3 months of my professional career.
threejay 3 days ago 0 replies      
I'm currently in my sixth and final year of pharmacy school which consists entirely of clinical rotations at different practice sites in the area. Not only are these internships completely unpaid, we have to pay ~$30k for the priviledge which equates to almost $1000/week (6 x 6 week rotations). It's a complete scam.
zachcb 3 days ago 0 replies      
I'm very desperate to join a startup as an intern or employee. Some of us (me) have been dreaming (literally) about being in a startup that it doesn't matter what we do, as long as we get in one. It's gotten to the point where I would even pay to be in one. What I get out of it is that I will see if a startup is right for me, and at this point that's all I can ask for.
jvandenbroeck 4 days ago 0 replies      
Totally true; I did an unpaid internship for a startup and didn't learn a thing(actually they where doing a verrrry bad software engineering job). The advantage was that I didn't really had to work much & I got grades for the internship @unif. But I wouldn't do it again.

I felt under valuated, I can make really complex s/w architectures, solve complex, challenging problems & I was doing work that I could've done as a 14 year old during the internship..

int3rnaut 4 days ago 0 replies      
It's all relative and depends entirely on how much you put into it and how much your employer does the same. I've had friends who've taken unpaid internships and have gotten entirely different experiences out of it.
alanorourke 4 days ago 0 replies      
While in college i chased a small design studio you have never heard of to take me as an unpaid intern.
I learnt loads just watching them run a studio and work with clients.
I do not see how they could possibly have justified paying me for the little value i gave back.
Still gratefull for the opportunity they gave me.
paolomaffei 4 days ago 0 replies      
This guy clearly never had a company.

We do not pay our interns and still lose money in the process if we don't hire them after because we have lost too much time not just training but also fixing errors people at their first experience will do.

Nevertheless we still invest on internships because that's the only way to snap good talent just out of university.

So please, stop the bullshit.
Yeah, and downvote away.

hvass 4 days ago 3 replies      
The only reason for me to do an unpaid internship would be to do it a 'brand-name' company. You do see the best practices, meet an amazing team and it might lead to an eventual job with the company.

For an unknown company - not a chance.

perl 4 days ago 0 replies      
If someone tells me I wont be paid..but still i want to take up that work ? why blame

But if someone fresh grad is duped into believing doing unpaid work will get him something else then its bad.

dadads 4 days ago 1 reply      
I have to disagree with calling unpaid internships a rip-off.

As a student, I see this as a way of getting something on the resume to break the catch-22 situation of having zero experience.

Please stop asking how to find a technical co-founder. humbledmba.com
347 points by benehmke  4 days ago   103 comments top 42
cletus 4 days ago 3 replies      
Good post.

Speaking as a technical guy, my default position is to be turned off by co-founding with a business guy unless they have an amazing track record. I like the advice of earning a technical co-founder.

I just wish more business guys realized their ideas aren't that special, aren't a magic way of printing money and just coming up with the idea doesn't entitle you to 75% of a two-man venture. It doesn't even really entitle you to an extra 10%.

In the beginning, your job is probably going to be to find a place to work, deal with the guy who's installing the Internet line, buying computers, buying food, buying and assembling furniture and generally just making things work. That's all very unglamorous work but, depending on the venture, it's quite likely your (alleged) business skills will be of very little value (while you're building a PoC/PoS/MVP).

I don't think I'm alone (as a technical guy) in generally finding business guys to have an inflated sense of self-importance who often want to treat technical people as an exchangeable/replaceable commodity.

wccrawford 4 days ago 2 replies      
I think you de-stress the 'having an idea' too much. Having a truly great idea -will- attract a co-founder. Well, if they hear it. It's not a magic spell.

Also, being the 'idea guy' might be over-rated, but being the 'vision guy' is definitely the bee's knees.

At a previous company, 1 man was the vision behind the entire product. I can't tell you how many hour-long meetings were ended in 5 minutes when he showed up and made it all clear. (This was after things got really busy and cloning him started to seem like a good solution.) You could bring any question about the direction of the product to him and he would have a good, clear answer.

Without him, I really doubt the company would have been a success.

luke_osu 4 days ago 3 replies      
Last week I was approached by 2 business type guys looking for a technical partner to start a business. One of these guys I already knew from years back. Immediately I got the impression that these guys were very passionate and very serious about their idea. It helps that their idea was a good one.

What really impressed me is they had already done a lot of the leg work. They picked out a name and had a logo designed. They had used mocking software to mock up most of what will become v1. They had written content for the entire website. They had already started using their competitors products which only further validated their idea. They had also reached out to their contacts to see if the idea had legs and if people would use it. They had a big vision for what they wanted to do.

When guys come at me like this, it gets me fired up and makes it hard to say no. They aren't looking for a free ride and they don't expect/want you to do all the work. They needed a guy to build it and they wanted an equal equity partner.

That is how you land a technical co-founder.

dmitri1981 4 days ago 5 replies      
One thing that irritates the hell out of me every time is meeting a 'business' guy with the world's best idea, who is prepared to let a lucky developer have 10% of the venture in return for building the damn thing.

I am yet to meet a developer who has not had this very same experience.

kstenerud 4 days ago 0 replies      
I've already had my fill of "idea guys". Somehow, almost every one seems to think that merely coming up with a cool idea while drunk one night automatically entitles them to 50% of the profits (after YOU build and ship it).

A successful startup requires all aspects of a business:

- leadership

- sales

- marketing

- market research

- competitor research

- product research

- product development

- product shipping & deployment

- contacts in key areas related to your business

- strategic planning

- financial management

- employee management

- investor management

- lots and lots and lots and lots of paperwork

- and of course a million other little things you discover along the way

Some of this can be learned as you go, but the most likely startups to succeed have a large portion of these areas covered by the founders, at least in the book learning sense.

So whenever I'm approached by an idea guy, my questions usually go like this:

- "Great idea. So who else is doing it?" (red flag for "nobody")

- "Who is going to buy this?" (red flag for "everybody")

- "How do you know that [group x] is going to buy it?" (I'm looking for something better than a hunch)

- "How much starting capital do you have?" (got to at least have ramen money)

- "Who have you spoken to about funding?" (red flag for "nobody", unless they are bootstrapping with their own money and have enough for 6 months of runway and a plan for after that)

- "Are you going to do this full time?" (If not, this conversation is over)

- "What skills are you bringing to the table?" (Must have at least half of the list above, or have other interested co-founders who fill many of the gaps)

So if you're looking for a technical co-founder, make sure you're bringing a business to the table, not just an idea.

TheSkeptic 4 days ago 1 reply      
You don't earn a technical co-founder any more than you earn your first secretary. Every person who is recruited to join a business must be convinced that he or she is going to get something out of the deal.

The problem quite simply is that there are a lot of wannabe entrepreneurs out there who expect someone with technical chops to join them when they a) don't have an existing relationship, b) don't have a proven track record of execution and c) don't have anything to give besides equity that isn't worth anything. In other words, "co-founder" is little more than a title bestowed upon the person you need to build your product but can't actually pay to do the work.

It's no surprise that it's hard to find a "co-founder" of any type under these circumstances. When somebody you briefly spoke to at a meetup asks you to be a "co-founder" in exchange for 10% of a company that doesn't exist yet, you're naturally going to be skeptical. If that person adds a reasonable salary to the equation, you're far more likely to take the proposition seriously.

Additionally, I think it's worth pointing out that wannabe entrepreneurs have a lot of misconceptions about what type of technical skills they need. Instead of looking for someone who can build a basic web app (which is what 99% of them want to build), they look for a hipster developer whose resume is filled with all the buzzwords of the day. You do not need a Ruby on Rails developer with MongoDB experience to build a web application where individuals can organize and share pictures of their pet goats.

jaysonelliot 4 days ago 1 reply      
I'd like to give an alternate perspective to the Business Guy vs. Technical Guy dichotomy.

What about your UX Guy?

(apologies for the gender-specific wording; both women and men are "Guys" in my post, here)

The UX Guy the one that takes Business Guy's wacky ideas and hones them down to a limited feature set that people can actually understand. He helps the Technical Guy map out the user flows, often deals with the tedious writing of use cases, business rules, and content matrices. A good UX Guy even gets involved with the data modeling.

Your UX Guy brings the insight about how people will use a product, and knows how to create scenarios that anticipate that use. Those scenarios focus the work, and usually shrink the feature set.

The UX Guy is the one with the interaction design skills, the usability skills, and the one who makes sure the brilliant idea from Business Guy and the brilliant execution from Technical Guy actually result in something people will want to use, and most importantly, can understand how to use.

Sometimes your Technical Guy is also your UX Guy. Sometimes Business Guy is (not that often, sadly). No matter what, though, I'd argue that having a UX co-founder is one of the most valuable things you can do.

nhangen 4 days ago 1 reply      
As a non-technical guy with a lot of ideas, I skipped looking for a co-founder and just hired people to make stuff. Eventually I learned enough code to be dangerous, and with a bit of a design background, I've spent a lot of time building mockups and doing front end work to fill in the gaps.

I have found that developers are much more likely to engage in conversation with me because I can speak their language. This also works great at conferences, meetups, and local events.

In the end, I decided to try and build things so awesome that I'd have developers asking to join my projects, instead of the other way around. So far, it's working well.

jgrahamc 4 days ago 1 reply      
Someone email this to the Winkelvoss twins. Every time I hear about how Zuckerberg stole their 'idea' it makes me mad. He didn't steal it, he implemented it. The idea wasn't worth much, the implementation was everything.
mcdowall 4 days ago 1 reply      
I'm torn either way on this post, on one hand I agree that you should go tell them to find their own resources but on the other hand and from experience as a 'non tech' founder myself even getting some of these items done isn't enough to get a co founder, you need a good network too.

For clarification, I worked previously at startups where development was outsourced and I was working as a project manager. This time round with my own idea I knew I didn't have that luxury and would need to contribute a he'll of a lot more if I could be lucky enough to tempt a co founder to take on the bulk of the technical development.

So what did I do, after a few months of procrastinating over the idea I finally decided what better way to get going than to learn a new language and code (I already know HTML / CSS / asp.net back in the day). I looked at languages that seemed to have a good following and active support forums that if I got stuck I could ask for help in, I chose Ruby on Rails and ordered two books on Amazon.

It was really difficult at the start but after a while I found things were clicking into place, albeit using a lot of trial and error. I installed irc and became active on the rails channel and found the guys really helpful on there.

So after a month or so I got through the books and figure I was ready to start planning and applying my ideas to what I had learnt, this was the hardest part of all and still is. Simple things like image uploading using AWS or Paperclip I found took me days to get my head around as a lot of this was alien to me and outside the comfort zone of the tutorials. I progressed and thought it was about time I start developing the front end UI so started getting to work on photoshop creating templates and designs, I found some great resources like designmoo and iconfinder which helped me in this process. After the designs were done I reached out to a previous contractor who had experience in rails and HTML/CSS and paid him to cut and code it to fit the view, I setup a Heroku hosting account, configured the DNS and hosted the code on Github for collaboration.

I suppose the site was now at 75% ready, I had feedback from a few angel investors that it was a good idea and that to get in touch when I had a working prototype, this is where the delays set in, I just couldn't find a co founder to help with that all important final backend work.

See in your post you state a co founder should bring some of the qualities you point out such as do the front end or learn to code or business networking, I've done all of them and more yet I am no nearer to finding someone local who I can get onboard. I know the first part of being a successful co founder is being able to sell yourself and your product but I think it's sometimes forgotten how difficult and time consuming development and design is to get to grips with. Whilst I know this may come across as a rather random reply I thought it at least fruitful to show that some non tech founders are willing to get their hands dirty with some code and in fact the other half, the finding a co founder is equally a struggle as learning to code

That being said if anyone is interested please feel free to get in contact ;)

VuongN 4 days ago 0 replies      
I completely agree with this article, I would also add the following. I'm so tired of seeing these posts on HN--I do appreciate the genuine feelings, but my gosh, I am so frustrated when I see posts on Ask HN:
1) What should I build?
2) What programming language should I learn?
Both question tells me the poster hasn't done enough thinking and research on their own and is asking a VERY BUSY community to do the legwork for them. The questions should be from this stage:

1) You are trying to build this idea, you've researched and tried a few strategies in thinking about this [then explain what you're thinking], any other suggestions before you go build this thing? Fine, this is a meaningful conversation we can have and will afford opportunities for everyone to learn from it. Most of us are building something because we mostly CAN'T sit by/live without it NOT being built.

2) If you're a young and a starting out hacker, all you have to do is Google your questions. Most questions, believe it or not, have been answered. All the programming language X vs Y, framework A vs B questions are usually answered extensively by many other wise hackers that went before you. If you don't spend the time to read, understand and appreciate those reading/researches which many hackers in the community had spent the time writing them out specifically for YOU, all ou're doing is asking a VERY BUSY community to do your basic legwork for you. No, that's now how it works. Most of us learned stuff/languages because we are hungry for it. We ask questions on freenode etct, read articles, books AND discuss in depth about what we're trying to learn.


makthrow 4 days ago 0 replies      
Good post. "Entrepreneurs" nowadays seem like a bunch of whiners. Maybe it's the internet that encourages such passivity and hand-holding over the internet.

You want to succeed? Do whatever it takes. Learn how to code even if you won't be the one coding the program. Learn to speak the language, whether it's VC/investing, tech, or business. Sell your idea to a tech cofounder.

I agree idea guys who can't do sh are pretty much worthless. But I worry that there's been an overemphasis on the technical side. Sorry hackers, you aren't as special as you think you are. You have some personal projects you want to work on? Most personal hacking projects are worthless and even worse ideas than the ones business guys come up with.

Also worrisome is the attitude hackers have of only working with people with successful track records. I think that's the exact opposite of what you should do. People with successful track records have more to lose, and may have just gotten lucky the first time around. We should pay attention to the idea, not necessarily past success. You don't see business guys recruiting hackers based on whether they founded twitter/facebook/google do you?

A great hacker needs to be paired with a great vision guy. If hackers were as important as they thought they were then all hackers would have made it big already, and that is very far from the truth.

khill 4 days ago 1 reply      
Is it possible there's a market for technical people who could help business guys like this with a prototype of their idea for a fixed price?

I wouldn't be willing to quit my full-time job and work with some unproven guy on a startup project. However, I might be willing to work during my personal time to help a business guy build a prototype which could be used to find a technical co-founder, vet an idea, or pitch the product to a customer or investor.

Of course there are the usual hazards of fixed price projects. However, if the deliverable is clearly defined and agreed to up front, it seems like a nice option for both parties. Business guy gets technical input and prototype, technical guy gets cash and an opportunity to become a co-founder if the product has value and a market.

PaulJoslin 4 days ago 2 replies      
Quite coincidently I saw this on Reddit today:

The video is a stereotypical 'Idea Guy' - asking for a rock star developer to develop his project (for almost free), on the promise of 'riches' when they strike gold.

It is amazing how many people share this view these days (even more so after the 'social network' / success of facebook).

Despite the video author's lack of technical knowledge, there is still no excuse for his lack of research into creating a start up like that and the low value he puts on the technical co-founder.

I guess the real question to the author of that video would be. Apart from the idea, what do you as the non technical co-founder bring to the table?

PaulHoule 4 days ago 0 replies      
Jeese, I haven't seen anybody ask this question on HN for the last month, but maybe I've been working too hard.
tomkarlo 2 days ago 0 replies      
There are really three roles in a startup: funding, selling, and building. They're all important. If a business co-founder doesn't have funding, he/she has to prove they're good at selling. Unfortunately, a lot of business co-founders with ideas haven't actually spent much time selling, and they don't have much money either, because if they did, they'd be looking for a technical _employee_, not a "technical co-founder."
MatthewB 4 days ago 0 replies      
Excellent advice, I will be quoting him on having to "earn" a technical cofounder. He couldn't have said it better. The truth is, ideas and idea people are generally a dime a dozen. For the most part, it is all about execution.

For non-tech cofounders, you need to prove you bring something substantial to the table. The best piece of advice in that article is to learn to code yourself. If you really think you have an idea that could turn into a company, you should be driven to do anything it takes to build your MVP.

Just starting to code the front or backend will show people how dedicated you are and that alone is impressive to coders. Also, having a piece of your site already started will help you explain your idea to a potential tech cofounder better than words alone can.

My biggest suggestion is to go to "hack nights" in your area. You will kill two birds with one stone by doing this. First, you will be around people willing to teach and help you with your project. Second, hack nights are a great place to meet people looking to join a project.

porterhaney 4 days ago 0 replies      
Can't catch a fish unless you go fishing.

Hustlers should stop asking the community how to get a technical cofounder, but it doesn't mean they should stop asking technical cofounders to be a... cofounder.

Only way you're going to find one is to put your idea on the line and prove you've got the chops to support each other.

earbitscom 3 days ago 0 replies      
I couldn't even get through this. Probably an informative post, but yet another one that acts like technologists are God's gift to business people.

It is so rare that a technologist or two technologists, without a business person, build a killer company (read: not product), unless one of them is a strong business person, and then what makes them more one than the other?

Honestly, the first part of the post is true - if you're a good founder, you'll figure it out. But honestly, I just could not be more sick of posts acting like business founders are nothing but a thorn in the side of the technology world.

And the comments on these types of post are laughable. "Oh, at the beginning your job is to make sandwiches." I was selling partners on our product before it ever existed. If your business person is making sandwiches, it's no wonder they had to beg people to build their product.

kayoone 4 days ago 0 replies      
I am a technical cofounder myself. Still i believe a successfull business is the sum of many parts, not only the technical side. There are also enough stubborn devs that praise everything they build but still fail to bring it to a relevant audience.
I agree with parts of this post, but overall i dont like this kind of elitist talk on here all the time on how everything else than technical guys is worthless.
There a bad business guys and bad technical guys as well.
commanda 4 days ago 0 replies      
Speaking as a technical cofounder, it depends on the potential technical cofounders that you meet. Personally, when I met my non-tech cofounder, he already had his idea well thought out to the point where he'd made a trailer video demonstrating some of the UX using After Effects. I fell in love with the product idea itself because I'm primarily motivated by product ideas, and secondarily by team members.

I've now got as much skin in the game as him - neither of us is making a salary yet.

There's no one way to find your technical cofounder - we're all motivated by different things, and maybe what you've already got will click with someone. Just keep meeting people and putting your idea and self out there.

jeffchuber 4 days ago 0 replies      
Having an idea to fit a vision is your starting altitude. Great execution takes it to the stars.
The starting altitude does matter.

It's really honestly all about teamwork - not some tit-for-tat, we are better than you. So don't perpetuate it.

ForrestN 4 days ago 1 reply      
I think the frame of "Business/Idea Guy" vs "Technical Guy" is a mistake. Where does design fit into all of this?

I can imagine an "Idea Guy" who just says "let's make AirBnB for pets" or something, and then the "Technical Guy" designs and codes everything according to loose goals stated by the "Idea Guy." In that setup, clearly unless the "Idea Guy" has a truly magical idea that he somehow has the means to protect, he's not worth much.

But I can also imagine an "Idea Guy" who is also a product designer, who has a concrete vision for not just what to make, but how it should be implemented, how it should look and feel, what the process should be like, and so forth. He's synthesized a lot of complicated things and just needs a "Technical Guy" to translate his blueprints into a building. In this case, the "Idea Guy" is really valuable indeed, especially if his decision about implementation differentiate the business or otherwise drive it's success.

In other words, execution is more than coding, it's making a ton of decisions. Value can be added by making lots of really good decisions, and you don't have to be a programmer to do that. Of course, if you have no familiarity with technology and can't see all of the possibilities, you won't make good decisions.

rokhayakebe 4 days ago 0 replies      
You seem to be tired to answer this question. $10 say you did not answer it more than 100 times, yet you have asked your professor hundreds of questions.

You could have skipped the rant (which is not going to have any sort of effect) and went straight to how to earn a technical cofounder.

abbasmehdi 4 days ago 0 replies      
I think a good hacker/hustler combination is a great idea! Thats way the hackers doesn't have to deal with all the BS that comes with running and growing a business and stay true to their passion, and the hustler can focus on growth, raising money, doing bills, getting the marketing and PR set up and rolling, think how to acquire new customers, enter new markets, do financials, find new partners, read through contracts etc. RIM is an example of that, they have co-CEOs, Google's Eric S was a business guy and so is Ballmer (I think). Neither is S. Jobs a hacker. My point here is they are useful ... I mean if your passion is technology and you list all the activities involved you will see a LOT detracts from the passion. And you kind of need them as a co-founder so they have vested interest, and are diligent, resourceful and careful.
ohashi 4 days ago 0 replies      
I have a strange view of this. I wouldn't generally consider myself a technical co-founder, but keep getting approached as one. I think I am better at the business side of things but get forced into the technical side because who else will do it? The constant business pitches are somewhat boring, I haven't seen one where I thought, 'damn I need to join that guy/company.' It feels like most approaches are somewhat desperate, and that's a turnoff. Instantly what comes to my mind is 'why didn't someone else take up this offer if it's so good?'

I can only speak for myself, but it wouldn't surprise me if others used similar reasoning when being pitched (perhaps on both biz/tech side). Almost always, these things seem forced rather testing interest and seeing if there is any match. If a founding team is like a marriage, these guys pitching you to join them as a cofounder are asking you to jump straight into bed with them, there is no real courting period or build up. I feel like that's what's missing.

richcollins 4 days ago 0 replies      
As a technical guy the only thing he proposed that got my attention was Build a following. A strong following can be extremely useful in getting a lot of feedback early on.
gmansoor 3 days ago 0 replies      
Finding a cofounder is like finding a marriage partner. You spent time and get to know each other before committing long term. Doing a trial projects may be one thing but its not just a matter of few days or meetings.

I second with "Spent some money" advise. Business people should also prove that they have a skin in the game by some way. Obviously it varies depending upon what else you are brining on table, and what has been done before.
Money factor may not be as critical if the business person has already have mockups, market research, and many things that could have been done before or in parallel. You just have to show that you are not just looking for coder and then see if it works without spending any of your own energy.

Overall, I like the post, but title is bit confusing or contradictory to what Jason talked in the post. How to earn a co-founder would probably be a betters title.

fezzl 4 days ago 0 replies      
I'm a business guy... who learnt to code. Here's why "finding" or even "earning" a technical co-founder is a stupid strategy: there's no guarantee that, even after you have found or earned him, he'll be sticking around. You'll then be left with half-done code that no other person wants to work on, and you'll find yourself learning how to code to get going anyway. So, just learn to code. If you find coding too difficult, you're probably just not smart enough anyway to be an effective business guy.
chadp 3 days ago 0 replies      
This has to be the best post on HN for the full year 2011. Just do it. Start something. Scramble and find a way. Hire offshore and just get it done.
Benjo 4 days ago 0 replies      
Founders: in your experience, what qualifications should a "business guy" have? Is the willingness to do what your cofounder can't or what sufficient or do you need a certain business/leadership/social skill?
protagonist_h 4 days ago 0 replies      
Every startup has a technical and business component, but their relative importance varies greatly. On one end of the spectrum, you have companies like Google which is a purely technical achievement; on the other you have Groupon which is a mostly a business achievement. The important component is what requires real vision and innovation and that may have to come from either technical side, business side or both. The profile of founders should reflect what kind of startup you are and what is its "critical issue." E.g. it doesn't make sense to have a "business co-founder" whose only job is doing some routine paperwork just as it doesn't make sense to have a "technical co-founder" whose only job is to develop some trivial webapp.
lux 4 days ago 0 replies      
dowork77 3 days ago 0 replies      
As much as I'd like to agree with this post, I can't. I had an idea and learnt programming to implement atleast a prototype. Done. I can't go to local meetups because we don't have any (small country in europe). I posted on HN (during the "best time") with the title that I'm a business guy with a prototype. I received two upvotes, one comment and got one email. Now I did expect a little more earnings here, what did I do wrong?
ttran08 4 days ago 0 replies      
Loved your post. Definitely great advice. I made the decision yesterday to start learning to code, but your post made me feel I really made the right decision. Thanks. :)
iSimone 3 days ago 0 replies      
As someone who you're describing I absolutely love the post. I've gotten into WordPress, basic PHP, a lot of frontend stuff and a few projects later I feel confident to actually look a technical cofounder in the eye and say let's do something together.
maren 4 days ago 0 replies      
So true, I'm completely non-technical but I've built a business that is bootstrapped, ramen profitable and growing - now we are actively looking for a Technical co but I'm realizing that I need to learn the basics myself as well. Awesome article!
recusancy 4 days ago 1 reply      
Agreed except for the recommendation of 99designs. That's zero respect for design.
jamesdevonport 4 days ago 0 replies      
Wonderful advice, in particular to just go ahead and at least build the user interface. It is defiantly possible to reach the MVP stage through outsourcing - just get something out there!
tk999 3 days ago 0 replies      
I am a technical co-founder and I am looking for business cofounder. Drop me a line if you are interested in local market and based in South Bay area.
WalterSear 4 days ago 0 replies      
As a formerly non-technical entrepreneur, I approve this message.
jackwagon 4 days ago 0 replies      
You're either building or you're selling or gtfo.
Designing GitHub for Mac warpspire.com
350 points by rtomayko  6 days ago   76 comments top 25
tptacek 6 days ago 5 replies      
What a f'ing fantastic article. Thank you so much for writing this.

I spent a decent chunk of time last year building up a somewhat large Cocoa application (a telling synecdoche of how ambitious the app is: it integrates libevent with the Cocoa loop and involved writing a whole new evented Redis-backed HTTPS cache in ObjC).

But unfortunately, I got to the UI part of this project ("UI part", heh) thinking "this is going to be so much easier than webdev, look at all these tools!, and that was a crushing disappointment; getting anything reasonable on the screen has been intensely painful, and is if anything much harder than CSS3+JQ is on modern web apps.

I'm thrilled to hear that at least to some extent, it isn't just me, and making a good-looking Cocoa app (especially your first) is just very hard.

gregschlom 6 days ago 4 replies      
> Death of the SSH key. People should be able to connect to GitHub with their GitHub username and password.

This sounds like a wrong design decision. I wish nobody could log into my github account using anything but my SSH keys.

This is also true of my AWS account: my ec2 instances are protected by SSH keypairs, but if anyone gets my AWS password, he has full control over everything.

I'm not a security expert, but SSH keys feel way safer than passwords, especially with all those recents article showing how easy it can be to bruteforce passwords.

tolmasky 6 days ago 1 reply      
Without going into whether I agree with his assertions on Cocoa, if it seemed so much easier to do with web technologies, why didn't he just do it with web technologies?

Cocoa is probably the framework best suited for incorporating web views, and tons of apps do this: Mail.app, iTunes, Aperture, Colloquy, etc. etc. Use the right tool for the right job, if you have something that is going to have a lot of flow-based layout, then by all means use WebView.

It's kind of like refusing to use an NSTextView, then complaining about having to lay out text yourself.

sant0sk1 6 days ago 2 replies      
Great article for sure, but I take issue with these bits:

> Unfortunately for everyone involved, every OS X application that's showed up over the years gave up and tried to turn CLI commands into buttons.

It's my understanding that for a really long time there was no linkable library for interacting with Git. So unless these devs wanted to first write said library they were pretty much left with putting buttons on the CLI.

You might say "Well they should have written one, then!" but that is quite a risky capital expense on a piece of software that could easily flop. GitHub did it (with Summer of Code's help), but they have umpteen uses of such a library even if nobody uses GitHub for Mac.

> It blows my mind that no one tried to do anything special. Git (and its DVCS cousins like Mercurial & Bazaar) provide an amazing platform to build next generation clients " and it's like the entire OS X ecosystem left their imagination at home.

I dunno, I think GitX (especially its forks) does some pretty special things, including making it dead simple to stage/unstage/discard single lines of files.

RyanMcGreal 6 days ago 0 replies      
> Eventually, I (well, many of us) decided that better native clients (OSX, Windows, Linux, Eclipse, Visual Studio, etc) was the best way to grow GitHub.

I hope that means they plan to build a git GUI client for Windows, the poor bastard child of git support.

cageface 6 days ago 1 reply      
As an aside, I really feel like Apple is losing the plot with their latest batch of UIs. Wooden end panels, birch bookshelves, the glossy reflective dock, leather-bound notebooks etc, all smack of a lack of imagination and an timid need to convey value in outmoded terms.
pohl 6 days ago 0 replies      
There is no layout engine for Cocoa. If you want two elements to rest side to side, you'll need to calculate the pixel size of the text, padding, borders, margins " then manually position the next element.

This is getting a lot better in Lion. If you browse the WWDC 2011 videos, look for Session 103 "Cocoa Autolayout".

jkkramer 6 days ago 1 reply      
> Simplify the git fetch, pull (--rebase), push interaction. Synchronize " don't make the user figure out what they need to do to get their local commits remote and remote commits local.

What about conflict resolution? That's one of the hairiest, least-user-friendly scenarios in my experience.

chrismealy 6 days ago 1 reply      
Dear github: clicking "published" on a project deletes it from github. That was a surprise!
cdcarter 6 days ago 1 reply      
He makes great points about MacRuby. I started tooling around with it for an app a few months ago, and though it was a great interface, it didn't make working in Cocoa any easier, and I still had to learn a lot of weird technology choices in Cocoa.

Though, I think the difficulty of making a complex GUI in Cocoa shines in the OS X world. It's a lot harder to make a working UI, so you want to get the design right the first time, so you don't have to go back and re-do.

oscardelben 6 days ago 1 reply      
On a related note, i've built a simple github browser for ipad that will never get approved on the AppStore due to paid accounts. If someone wants to play with it here's the link https://github.com/oscardelben/GithubBrowser
beck5 6 days ago 7 replies      
Has anyone been using this client, is it worth using as far as GUI's go?
ttrashh 6 days ago 0 replies      
I'd love to see a good comparison from someone with a good bit of WPF/Silverlight/Xaml and Cocoa experience.
dolinsky 6 days ago 2 replies      
Could someone elaborate on the difficulties encountered managing branches of an iOS project in XCode using git?
gawker 5 days ago 0 replies      
Just wanted to say thank you so very much! I'm just getting started on trying to build an iOS/Mac application system and while it's fairly straightforward to build it, the design of the user interface is what gets me. Going from ok to 'wow' is what really sets Mac applications apart from most PC applications.
atomical 6 days ago 0 replies      
Smartgit is an awesome client for mac and I love the diffs view. Git is complicated so does a simple client help or hurt? I think that's up for debate and different users are going to have different requirements but for me I feel Smartgit is simplistic, useful, and functional where as I think of the Github client as more of an RSS type application where I check the latest stuff that has been committed.
grimen 5 days ago 0 replies      
I really like what GitHub do, though in this case I would say that the GitX client (forked one) is way more productive and overview:aböe IMO. I even managed to teach my MBA partner how to use it - this one is actually a bit more confusing than GitX interface. Abstraction is not always for the good, but a very good try at least.
swaits 6 days ago 0 replies      
I use SourceTree. It's not free, it's definitely not cheap, but it's badass. http://www.sourcetreeapp.com/ I have no affiliation, just a happy customer
vladocar 6 days ago 0 replies      
This is so unfair. I finally mastered the GIT console pushing and pulling stuff around. And this awesome product comes and the console is now obsolete. Jokes apart, this is super tool that will bring new users that are still not familiar with the console. Great job guys!
peteysd 6 days ago 0 replies      
I've been enjoying the app these last few days. Nice job! It's a great add-on to an already killer service. I'm quite happy to send the folks at Github some of my money each month, because they really earn it.
natesm 6 days ago 1 reply      
On the images/code drawing points: are there any benchmarks for this? I've been writing meticulous CGGradient type stuff recently, should I just make a gradient in Photoshop and call it a day instead?
mmphosis 6 days ago 1 reply      
rawsyntax 6 days ago 0 replies      
The bit about the NDA is a little ridiculous.

Apple wouldn't be able to politely ask people not to blog about their stuff.

thelicx 6 days ago 0 replies      
Super interesting article
PartyDawg 6 days ago 0 replies      
It's amazing, I thought I would come here to learn things, but instead I am teaching.

Branching projects is hard in XCode? Zip up the project files and back up the revision... in I don't know, a source code repository? LOL!

None of the re-writing is required in Xcode for your app. Design the app, then make it in Xcode. If you have to make revisions to the design of your app, go back to designing it. Most of the code can be re-used, but clearly you haven't finished designing the app yet...

Interesting take on the initial experience. But instead of casting about for blame, it might be better to ask why your processes are going wrong.

Skype options turn out to be worthless reuters.com
338 points by TWAndrews  10 days ago   142 comments top 23
ghshephard 10 days ago 7 replies      
Absolutely zero surprise on my side. VCs, and acquiring companies are always looking to maximize their return, as legally as possible during an M&A deal, even (sometimes particularly) if that means screwing over employees who are no longer with the company.

I actually like the honesty of this quote:

"Silver Lake declined to comment. When asked about Lee's situation, Skype spokesman Brian O'Shaughnessy said, “You've got to be in it to win it. The company chose to include that clause in the contract in order to retain the best and the brightest people to build great products. This individual chose to leave, therefore he doesn't get that benefit.”"

Most people will look at it and say "What an Asswad" - but at least he's not being a hypocrite. That's precisely what everyone in the M&A team is _thinking_ they just aren't _saying_ it.

This is another take on what Oracle did when they bought Oblix (I had just left Oblix in 1999) Oracle gave MegaBonuses to all the existing employees and executives, two of the founders, and paid absolutely nothing for the common shares. The acquisition price was still $100Million plus, but there was only enough money to cover the preferred options + liquidation preferences in the "on the record" purchase prices. Effectively, they wiped out all the employees who were common shareholders, but no longer with the company (or were part of the 15-20 out of 100 who were laid off during the acquisition) while taking care of the VCs and the acquired employees. (As a side bonus, they called the money they gave to the acquired employees "Retention Bonuses" - which resulted in the top people having to hang around for another year)

Lesson to be learned: When you leave a company, and it is still private - if they are Sold, instead of going public, there are probably any number of ways that you will get wiped out if you are no longer with them - possible exception if you are a founder with a significant percentage of the company, and you might be able to raise a stink for minority shareholder rights. Then you'll get a "consulting bonus" to shut you up.

This story is more common than not.

dctoedt 10 days ago  replies      
1. By no means do I want to defend Skype here, but the prose in the linked documents isn't especially incomprehensible, at least not for documents of this type.

I teach contract drafting to third-year law students. It's hard work to take a complex if-then-else concept and render it in plain English.[a]

And here's the rub: Few clients want to pay lawyers to spend extra time on readability -- "good enough" (whatever that means) is the goal.

2. [EDITED TO ADD THIS:] It's not unusual for a private company's employee stock plan to include a "call" option that gives the employer the right to repurchase employee-owned shares when the employee leaves the company.

That makes sense when you think about it -- if you're a private company, you don't want a lot of random ex-employees owning dribs and drabs of your shares, especially if you're worried about the 500-shareholder limit (under current law).

On the other hand, for a company with an upcoming exit to buy back the shares at the employee's cost, instead of at a good-faith estimate of the stock's then-current value -- well, that does indeed seem unusual.

(EDIT: Some documents like this provide that, IF: The company wants to do its buy-back EITHER: (i) after an exit is announced, OR: (ii) if an exit is announced within 30 days or so after the employee's departure; THEN: The employee is entitled to the exit pricing for the buy-back.)

3. Again, not to defend Skype, but conceivably they might not have had a choice about the buy-back price, at least not without jeopardizing some kind of favorable income-tax treatment.

If I had to guess, I'd venture that, X number of years ago, some overzealous junior lawyer decided to draft the relevant documents so as to put the company in the strongest position s/he could. Now that zealousness may be tying their hands. I stress that I'm speculating here.

* * *

[a] If you have occasion to write a complex if-then-else sentence, try using all-caps and punctuation like this: IF: It rains at least one inch today but not more than two inches; AND: It doesn't rain tomorrow; THEN: You will turn on the sprinkler system tomorrow; AND: You will not do so the day after.

brudgers 10 days ago 0 replies      
The article leaves out some relevant context. It appears that Yee Lee was at Skype for one year one month 3/2010 - 4/2011. That entire period of time was after Silverlake had purchased Skype and more importantly after the right to repurchase vested options was in place.

It is difficult to see this as private equity screwing over founders or early employees (Skype was founded in 2003 and had been valued at more than $2 billion for five years when Lee Yee came aboard). Indeed given the short tenure of many of the people involved in the story, there seems to be more smoke than fire.

[Lee Yee on Linkedin: http://www.linkedin.com/in/yeeguy]

[Business Week article correlating Linkedin profile to article: http://www.businessweek.com/magazine/content/11_27/b42350386...]

[my comments on previous versions of story: http://news.ycombinator.com/item?id=2672786]

kenjackson 10 days ago 2 replies      
A big part of business is who you're in bed with. MS should cancel the Skype deal, if at all possible. That would be one sign that they've turned a corner. I will never fork over a dime for any Skype service. This, while legal, is clearly unethical on a broad scale. And its the worst kind of unethical. Apple and MS play hardball with competitors -- but you don't do that with your employees.
johngalt 10 days ago 0 replies      
This is why cash is king and "equity" is worthless.

Hey bizdev weenies out there that wonder why you can't find a technical cofounder/employee who will work for equity, here is your answer.

ianterrell 10 days ago 4 replies      
While I understand that legalese is necessary since English is ambiguous in its best moments, the only reasons I see not to include a "plain English" version of a contract are A) to save on lawyer hours, or B) to screw someone over.

For most contracts I suspect that the overhead on a plain English version would be very small, as the lawyers' understanding of the topics is necessarily deep to formulate the contract (or they're just shitty lawyers, another topic).

Plain English versions of contracts, with their plain English meanings of clauses, should be included in any contract between two parties of vastly different bargaining power, i.e. a corporation with loads of legal resources and a non-millionaire potential employee.

Update w.r.t. comments"I understand the points you're making, but I don't think it invalidates the argument. I'm racking my brain to find the examples I've seen, but there do exist in the wild "plain English" versions of contracts that are not binding (and they specify that) but instead contain comprehensible summaries of the salient parts.

jsherry 10 days ago 4 replies      
"It turns out the investor group...had secured a so-called repurchase right that gave them authority to buy back the shares at the grant price."

If this is true, it sounds like somebody didn't properly perform their due diligence before signing their options agreement. Although it's never right for a company or investor to exercise this buy back when it comes to an honest, hard-working employee, the onus really falls on the employee ensuring that this clause never sees the light of day in their contract in the first place. Perhaps in the event of "cause", one could make a case, but certainly under no other condition.

EDIT: It's an unethical clause to begin with - absolutely agree with the comments. Just saying that you can't count on anyone besides yourself to act on behalf of your own best interests.

unreal37 10 days ago 0 replies      
I understand that Skype is a private company, and so that when they grant options it will have some odd terms that employees of public companies don't have.

They shouldn't use the terms "vested" and "unvested" then. His options were vested, yet were callable. That's not what vested means. They should call all options unvested until the company goes IPO.

alain94040 10 days ago 0 replies      
Amazing, this is the first time I see a stock options agreement where the employee is forced to enter into a partnership for his vested shares. I agree with the blog's title "upgrading Skype to evil".

On the other hand, you should have known Skype, incorporated in an international haven, was not your regular startup.

EDIT: also, the stock agreement just says "management partnership" on page 3, with no prior definition of what it might be. Later on, it gets more references, without ever being defined. A good lawyer may have a case?

NonEUCitizen 10 days ago 1 reply      
Silverlake is not the only investor in Skype; e.g. Andreessen Horowitz is too:


ajays 10 days ago 1 reply      
What is Microsoft doing about this? As the acquirer, they may still be able to "do the right thing" and make some of these guys whole. Sure, it may cost them a few million bucks; but can you imagine the goodwill it will generate for Microsoft? You can't buy that kind of good publicity!

But will Microsoft do such a thing? I doubt it very much. (I would love to be proven wrong, of course)

arturadib 10 days ago 0 replies      
I wonder how many of us are now scrambling to dig up a copy of our stock option agreement. This sets a terrible precedent. In case you didn't get it yet:

READ YOUR LEGAL DOCS (sock options, IP, etc) and negotiate sketchy terms before you sign them!

protomyth 10 days ago 1 reply      
in the other thread on this http://news.ycombinator.com/item?id=2691455 the article had the following line "the company's decision to repurchase would also cause a tax hit to him" - anyone know how that works?
nestlequ1k 10 days ago 0 replies      
Anyone interested in joining GoDaddy after the SilverLake deal should have their head examined.
madmanslitany 10 days ago 0 replies      
I don't really have much to contribute on the story itself, but I suddenly realized that my former CS472 Artificial Intelligence project partner and friend from Cornell works for Silver Lake, which has led me down an interesting path of daydreaming now that I'm starting work with a Valley-based company in a few weeks.

It would actually make for a great short story or novelette to see former classmates on opposite sides of a deal like this. A lot of very smart engineers go straight into jobs in technology sector investment banking, private equity, etc. soon after college that could eventually put them on a collision course with erstwhile friends.

NonEUCitizen 10 days ago 1 reply      
va_coder 10 days ago 1 reply      
What's to stop a disgruntled software dev who gets treated this way from secretly using his knowledge to support an open source competitor? It doesn't have to be anything close to a line by line copy, just subtle hints here are there about better, but generic, ways of doing things.
paradox95 10 days ago 0 replies      
So the people who lost out here have any recourse? I hope they are talking to lawyers. I'm not typically the type of person to sue over everything but this is screaming for a lawsuit.
wccrawford 10 days ago 2 replies      
"that you will receive no value" is hardly opaque, even if the rest is. Any contract that said that would have me pouring over it with a fine-tooth comb. Or more likely, just rejected it and finding work elsewhere.

I wonder if that contract is subject to legal action, though? Seems to me that was a deliberate attempt to screw him over. He shouldn't have signed it, but they shouldn't have written it, either.

I'm now serious considering canceling my Skype subscriptions and finding alternatives, despite how useful they are to me a the moment.

daimyoyo 10 days ago 0 replies      
This is yet another reason I refuse to use Skype. I won't patronize a company that treats it's employees like that.
joshu 10 days ago 0 replies      
They could also have executed their options to purchase the stock...
cypherpunks 9 days ago 0 replies      
I've seen swarms of employees get screwed in ways similar to this. It's not uncommon in Silicon Valley.
lanstein 10 days ago 0 replies      
I'm sure I'm not the only one who reviewed their stock grants... (good news :))
A preview of Gmail's new look gmailblog.blogspot.com
329 points by sahillavingia  4 days ago   172 comments top 54
latch 4 days ago 8 replies      
I'm a pretty huge fan of all the new Google designs. Plus, gmail, the top bar, fonts.... They've kept things minimalistic while making things just feel cleaner and crisper. Whoever is leading this redesign is doing a fantastic job.
albertsun 4 days ago 11 replies      
I really hope they preserve the Classic view. I can't stand how spaced out everything is. I went from being able to see 10 or so contacts in Gchat without scrolling down to just 4.

Edit: That's with the "Dense" view. Regular is even worse.

brianwillis 4 days ago 4 replies      
I just can't get past the black bar. After years of it being white, black just feels imposing.
RexRollman 4 days ago 3 replies      
I just wish they would get rid of the invite widget. It served a purpose when Gmail was invite only but now it just wastes space.
scottkrager 4 days ago 7 replies      
Holy ad batman. The new themes move the small text ad to the bottom of the page....but then it floats as you scroll.

That's one way to increase clicks.

I'd try the new theme if it wasn't for that...it's very distracting when scrolling down.

ianterrell 4 days ago 2 replies      
In the old Gmail interface, my eye goes straight to my inbox. In this new interface, it goes straight to the bold blue "Search Mail" in the header"which is proportionally much larger than necessary.

The new look for Google is a huge step up overall, but that's a huge usability violation to me.

marcamillion 4 days ago 0 replies      
Wow...Google is on FIRE! That shake-up at the top, seems to be bearing fruit.

This is exciting.

5l 4 days ago 1 reply      
Interesting that they're adding additional details of the person you're conversing with to the right above the ads. I wonder what that means for Rapportive.
tnorthcutt 4 days ago 7 replies      
Does anyone with an Apps account have the ability to preview the theme(s)? I don't, in my apps account.

Yet another example of Google treating apps customers as 2nd class citizens. See also: account/login issues and lack of profiles (which means no Places, no Google+, and other products). Google is effectively ignoring what are often their best/most enthusiastic customers in by doing things like this. Very puzzling.

bdonlan 4 days ago 1 reply      
There's a lot more white space in the new design - enough vertical space is lost for about seven conversation entries. Not sure I like this change for that reason...
DanI-S 4 days ago 1 reply      
I'm happy to see Google taking as much care and pride in the visual engineering that goes into their products as they do the back-end.
crizCraig 4 days ago 1 reply      
While the extra white space requires more scrolling, it makes it easier to read, for me at least. It also makes it easier to click a message.

From http://en.wikipedia.org/wiki/White_space_(visual_arts):
White space should not be considered merely 'blank' space " it is an important element of design which enables the objects in it to exist at all, the balance between positive (or non-white) and the use of negative spaces is key to aesthetic composition.

Most people actually seem to be liking it which is suprising to me since it's such a dramatic change:

SandB0x 4 days ago 0 replies      
Just a few tweaks and a general tidy up. We'll barely notice it after a week or so of use.
nikcub 4 days ago 2 replies      
so they added padding to everything?
Splines 3 days ago 0 replies      
I'm going to be honest here and say that I think it looks horrible. The ALL-CAPS on buttons looks amateurish, and I want my separators and selected-mail-box background highlighting back.

The non-dense theme also is too sparse.

I suppose this is just because I'm used to how it looks, but hopefully they'll keep the old themes around.

martingordon 4 days ago 0 replies      
I like it a lot. It reminds of Whistler and Windows Mobile (yes, that's a good thing). The only thing I would change would be to tighten up the outside margins by about 50%.

My instant reaction to the lower visual density was negative, but after using it for a little while, I think it's dense enough to be usable but sparse enough to be calming. It's amazing what the removable of a few borders and shaded areas does to the feeling of apprehension about email.

jeffreyrusso 3 days ago 0 replies      
My biggest complaint about the way Gmail currently looks is that it lacks structure - different features and components run right into each other. It's messy and feels cluttered even though it isn't over-designed. (That's a complaint that holds true for most Google products.) This new design looks like a real step in the right direction. It looks much cleaner and more structured. Big +1 from me.
krashidov 4 days ago 1 reply      
It looks like Google has somewhat abandoned the Google Colors for a black blue and maroon(?) color scheme.

They really want people to notice these changes, it creates more publicity for Google+.

ianterrell 4 days ago 0 replies      
But why is the top bar charcoal gray instead of the black seen on all the other sites?
watty 4 days ago 0 replies      
Wow, definitely keeping as my new theme. I had to disable the "Right-sided chat" lab feature but works great other than that.
Newky 3 days ago 0 replies      
Although I appreciate the clean design, I find it blinding, I'm going to use it for a few days and see how I get on but for now, the plethora of white space seems to hurt my eyes!
orofino 4 days ago 1 reply      
Really liking the work. I'm really looking forward to what they have in store for Reader.
ck2 4 days ago 1 reply      
It's just spaced out more, I don't see anything removed.

I hope I can change the vertical line density back.

kmfrk 4 days ago 2 replies      
When I first saw Google+, I felt that it looked a lot like [Helvetireader](http://helvetireader.com/) to the point where I thought that they may have been (heavily) inspired.

With the new Gmail interface, this can't be a coincidence.

Credit where credit is due? Hell, are we talking about a blatant rip-off?

phreeza 3 days ago 0 replies      
What happened to the Priority Inbox? I still see the add or remove priority buttons, but there doesn't seem to be a proirity inbox?
dmm 4 days ago 3 replies      
The article describes the new look as "modern". I hear that all the time. What the hell does it actually mean?
ww520 4 days ago 0 replies      
I actually don't kind much how it looks but speed is important. UI performance is an important UX. Hopefully the new GMail UI is faster than before.
erikb 3 days ago 0 replies      
Hm. I'm actually quite happy with the design Gmail has right now. A customer in a situation like this wonders, if any change to the interface doesn't just mean more costs for me as the user (like the change of "open in new tab/open in new window" between FF3 and FF4).
davezatch 3 days ago 0 replies      
Things are a little too spread out perhaps, but I already love that the top action bar (archive, spam, delete, etc) follows you down the page. As someone who's never quite mastered gmail keyboard shortcuts, I was constantly checking items then scrolling to the top or bottom to manage them. Nice little timesaver.
scrrr 3 days ago 1 reply      
I prefer a stronger contrast between read and unread messages. While the new look looks great for search, maps etc. I find it less useful in GMail.
chrisvallejos 3 days ago 0 replies      
Google's UI upgrades have me really excited. What I really like about Google and all their products is how utilitarian they are. Their products are not about looking pretty, but about giving me the most useful features I need. What I like about the new UI look is that they are thinking about the aesthetics of design more. Gmail used to look like a bland data grid from excel, and it was very dense with information. Now there are more pixels in between rows and columns in the new Gmail, giving the layout visual space. The color changes also make the UI more interesting to look at and quicker to navigate. But the best part is the dark navigation bar at the top. Love that.
lachlanj 4 days ago 0 replies      
I really like the new apps and search interface, but the use of red is really bugging me. Surely this is basic UI that urgent things are made red like alerts etc. I fail to see why the 'compose mail' and 'create' calendar event buttons need to be a glaring red?
shortformblog 4 days ago 0 replies      
Perhaps it's because I'm used to using the darker "Shiny" theme, which I've had on for many years, but the colors of the Preview theme are way too bright for my taste. I think they should come up with a more subdued version of it that doesn't feel quite so loud. Functionally, though, it's great.
acak 4 days ago 0 replies      
This interface would be much more suited to tablet-sized screens.

Apart from information-density (which should be more forgiving on the tablet form factor when compared to PCs), the spacing also makes this a touch-friendly alternative to the Ajax-laden tablet interface.

For a PC screen, however, I'd say 'power users' quite like the higher information density on the current UI. It's much more efficient if you think about how far the eyes need to move and how much one needs to scroll to get to an element on the page. Navigation is not much of a problem currently with a precise device like the mouse and with keyboard shortcuts.

ajarmoniuk 3 days ago 0 replies      
I, for one, don't welcome the new look. The old overal Google look given an air of unrefined, raw 'geekness'. I liked the feeling that I was using something designed and made by scientists rather than enterpreneurs. This is, saldy, finally going and Google is becoming one of many.

Of course look is not all, the quality of service they provide is uncompared. I'm still a fan, but I really prefered the old days.

apgwoz 3 days ago 0 replies      
I'm going to complain about the amount of padding in the messages list per message, but praise the rest. The redesign of most of Google is a welcome change.
steilpass 3 days ago 0 replies      
Am I the only one who was instantly reminded on http://calvetica.com ?
mahrain 3 days ago 0 replies      
This may actually have me switch to using a site-specific browser for gmail instead of mail.app!
blntechie 4 days ago 0 replies      
Hate the new back button. Loved the simple hyperlink back to Inbox.
meow 3 days ago 0 replies      
The new theme looks good but the boundaries between the elements doesn't seem well defined, giving a floating appearance to them. Also the background is kind of glary.
uast23 3 days ago 0 replies      
It almost looks like the "html only" view of gmail which is originally meant for slow connections. Nevertheless, lighter is better and it is definitely soothing.
joejohnson 3 days ago 0 replies      
I like that Google's new UI designs are using more buttons instead on text links. This is easier to see at a quick glance.
davidedicillo 4 days ago 0 replies      
I love the new design theme. Clean, minimal, elegant. Well done Google.
floppydisk 4 days ago 0 replies      
Looks like they took some of the design ideas from their mobile version and migrated them into the main one. Square(er) buttons being one example.
pg_bot 4 days ago 0 replies      
Hmm two issues that google needs to resolve with this. The new ad bar at the bottom is constantly obstructed by waiting for mail.google.com ajax request, so it is effectively useless. The color of the compose mail button needs to be changed asap.
duomo 3 days ago 0 replies      
Gmail now gives YOU the benefit of the doubt, dropping that pesky 'Report' and putting 'Spam' right up there with all the other important verbs of our time.
lasonrisa 3 days ago 0 replies      
It does look good and yet the only think I can think off is "cover fire", from one of Spolsky's classic.

Google+ looks like a real improvement though.

yhlasx 3 days ago 0 replies      
That big red button is distracting, the rest is awesome. same with calendar
thethimble 3 days ago 0 replies      
After using it for a couple weeks, the bright red Compose Mail button is really annoying. I hope they change that.
skarayan 4 days ago 1 reply      
Looks like they got rid of Buzz?
kennyma 3 days ago 0 replies      
Looks great! So glad Google finally has some design talent instead of just smart engineers.
dahawi 4 days ago 1 reply      
anyone else has the top bar in white even with the new theme ?
zyph 3 days ago 0 replies      
Basic White is still the best gmail theme.
u48998 4 days ago 0 replies      
Yawn! I'm on TB, so don't care.
How To Safely Store A Password codahale.com
319 points by shawndumas  4 days ago   209 comments top 31
eneveu 3 days ago  replies      
Many developers need to read and understand this. It is far from mainstream knowledge...

The other day, I saw the following post about password hashing in my RSS feed: http://isc.sans.org/diary.html?storyid=11110

- No mention of bcrypt (though the posts mentions key stretching using SHA1)

- "When selecting an algorithm to hash passwords, it is important to select carefully as it is difficult to change the algorithm later. You will have to ask users to change their password if you do as you no longer know what password they picked." --> seriously? you can update the password the next time they log in...

- "You could also add a secret, in addition to the salt. If the secret is not stored in the database, it would not be easily reachable via a SQL injection exploit (yes, you can use them to read files, but it requires sufficient privileges)." --> security through obscurity, nice

- "For the paranoid, you may want to do the hashing on the client side (javascript) . This way, the server never receives the plain text password. We do this here for the ISC website on our login form [2]." --> oh noes...

Note that the blog has ~15k subscribers according to Google Reader...


I also launched a debate on StackOverflow the other day. A self-proclaimed "security expert" (he later edited his post to remove this part) was advising against using bcrypt, arguing that it would facilitate DOS attacks against the login page... He prefers security through obscurity, using a secret salt:


I thought it was a bad idea to leave this answer unchallenged, so I tried arguing with him. I was met with arguments of authority such as "Wow you are out of your element and could not be more misguided on this topic" or "you disagree because you don't understand. Show me an exploit you have written, then I'll pay attention to you.". Happily, some (more experienced) people got in on the debate. I hope this will help developers make an informed choice, if they stumble upon his answer...

(edit: list formatting)

tzs 4 days ago 6 replies      
I'd like to see sites offer the option of not using password-based authentication. Instead I'd like to see public key based authentication as an option.

Basically, the site would have a copy of my public key (say my GPG key or an ssh key), and to authenticate I prove that I have access to the corresponding private key.

nonane 4 days ago 6 replies      
The article claims it takes bcrypt 0.3 seconds to hash a 4 char password on a laptop.

How does a server authenticate users in high volume with bcrypt? ~0.25 secs per auth request might warrant having a separate server just for authentication.

stephth 4 days ago 1 reply      
Khao 4 days ago 3 replies      
I have read this article and read the Wikipedia entry on bcrypt and I still cannot understand something. In this article it states that : "As computers get faster you can increase the work factor and the hash will get slower.". How can you make the algorithm slower over time and still be able to validate user passwords that were stored before you changed the speed? Could anyone enlighten me on this?
bborud 2 days ago 0 replies      
In security the most important thing you can teach people is to be aware when things are harder than they look so they'll take a bit of extra time educating themselves and talking to other people.

Learning how to separate good from bad advice is a skill that needs to be maintained. Also, in all software that is supposed to provide some form of security, one has to be prepared for the eventuality that it probably contains errors.

I used to read a lot of books on cryptography and the use of cryptography. I've forgotten most of it by today, and to be quite frank: the more I know, the less I want to write crypto software. There is something deeply unsatisifying about work where you know that what will in all likelihood trip you up is some trivial, stupid mistake.

It isn't hard because of the crypto itself. Sure, certain cryptographic libraries can be extremely awkward to use (which in itself is a security risk), but the problem usually comes from where you aren't looking for them.

I cringe a bit when people advertise software as being secure because it uses this or that encryption scheme. I also cringe when people claim that they "encrypt databases" and their systems are therefore secure -- because, for most usage scenarios, I can't think of any really secure way of doing this. Not without compromises anyway. And while I honestly know that I have just a rudimentary grasp on cryptography, I know a lot more about it than most people who make products that hinge upon correct application of crypto.

Just the other day I was trying to determine how many rounds I wanted to use in bcrypt for storing passwords for a given system. I think I spent most of the day pondering this question, writing benchmarks and reading up on what other people said on the topic.
A couple of days later a friend of mine emailed me a code snippet that implemented the password hashing scheme of a commercial product they use that makes shameless claims about being secure. (I think he probably just looked at the hashed passwords and made a guess about the method they had used. I don't think he had a look at the original source code). If memory serves the product uses unsalted SHA1 hashing. In other words, the vendor didn't even bother thinking about the problem.

What scares me a bit is that even I thought "well, if they claim to have well thought-out password handling and they are in the business of selling security systems, I suppose they have probably given this a lot of thought" the first time I visited their website. After all, large companies give them millions. Right?

I wonder what other things they are doing equally badly.

yogsototh 3 days ago 1 reply      
I am surprised nobody had already talked about scrypt yet. Here is an old hackernews entry about it.


I would have loved to use scrypt, but there is only a C implementation. I would had loved to have at least a javascript one.

16s 3 days ago 1 reply      
It's good to raise awareness of this issue. When more devs began using bcrypt or scrypt, offline password cracking will be much, much more difficult.

The only reason GPUs are cited as testing 600 million hashes a second is that the underlying hashes came from a Microsoft Windows Active Directory where they were simply MD4 encoded. That speed is not possible with bcrypt. Devs need to understand this.

Edit: Yes, that's MD4 not MD5. Microsoft Windows NT hashes are simply Unicode strings that are MD4'ed. This includes Windows 7 and Windows 2008 server.

falcolas 3 days ago 2 replies      
Honest question. Why would someone who handles more than a couple-dozen login attempts per second choose to use bcrypt? It would seem that the computational overhead of supporting bcrypt at scale would not make a lot of financial sense.
firsttimeposter 4 days ago 1 reply      
People keep posting this here. But I think http://www.tarsnap.com/scrypt.html should probably be considered the best way to do this today. Google is even using it in ChromeOS.
mleonhard 2 days ago 1 reply      
Let's say I use bcrypt and want to increase the work factor every year. Is it possible to determine the work factor of an existing hash, or will I need to maintain this information alongside the hash? The java and python bcrypt APIs don't have any function that returns the work factor.

Can I increase the work factor of an existing hash, or must I wait until the user logs in and then use the plaintext password to generate a new hash?

Is there a bcrypt API that provides a hash comparison function that addresses timing attacks? The py-bcrypt example code uses the '==' operator to compare hash strings, leaking timing information:

    # Check that an unencrypted password matches one that has
# previously been hashed
if bcrypt.hashpw(password, hashed) == hashed:
print "It matches"
print "It does not match"

(from http://www.mindrot.org/projects/py-bcrypt/)

peteretep 3 days ago 1 reply      
I recently put together a commentary + code on how to upgrade passwords hashed insecurely in your DB without user intervention. This was in response to MtGox talking about "slowly migrating users", which presumably means upgrading passwords at the point of login:


tomjen3 3 days ago 4 replies      
What always annoys me with the discussion of passwords is that everybody here focus on a technical solution that allows the user to continue to use insecure passwords.

That isn't the problem. Reuse is. And the best way around that is to not let the user select the password, just generate it server side. Technically this is easier to get right than some complex password generation scheme and the end result is properly better too.

pbreit 3 days ago 2 replies      
Can someone help me understand what a password cracker does with a list of salted/hashed passwords? How do they know they've figured out the right plain text passwords without bouncing them against the authentication logic?
jorangreef 2 days ago 1 reply      
To see if I understand bcrypt correctly, would this pseudo code achieve a similar adaptable computational cost?

  function(uniqueSalt128Bit, password, rounds) {
var hash = SHA1(uniqueSalt128Bit + password);
var length = Math.pow(2, rounds);
while (length--) hash = SHA1(hash);
return hash;

fleitz 2 days ago 0 replies      
What properties of bcrypt make it better than SHA-512 with more iterations to make the time taken to process it equivalent? Is there something about the algorithm that makes it more difficult to speed up via GPU/hardware?
tzs 4 days ago 3 replies      
Why not PBKDF2?
SaltwaterC 3 days ago 0 replies      
http://www.openwall.com/lists/announce/2011/06/21/1 - some bcrypt implementations out there are still broken if they used this code. You may give the SHA-based scheme a chance.
giaskaylee 4 days ago 1 reply      
The real question should always be how you detect and handle these attacks. Allowing someone to attack your service for 12 years and eating up your resources in the meanwhile just sounds too passive a solution.
antihero 3 days ago 1 reply      
Or a stretched newer algorithm like Whirlpool. Or stretched SHA-256? What advantages does bcrypt have over them?
klon 3 days ago 1 reply      
Does anyone know how Djangos built-in password hashing fares?
Revisor 3 days ago 0 replies      
What work factor do you recommend to make it reasonably fast and still bruteforce-proof with the current HW?
joejohnson 3 days ago 0 replies      
Now, how do I explain to my girlfriend that picking longer, more complex passwords is a realistic security precaution and that I'm not just a paranoid nerd?
ltamake 3 days ago 1 reply      
For PHP users, phpass is a really nice password library. http://www.openwall.com/phpass/
Tichy 3 days ago 1 reply      
So I assume if you use bcrypt, you only verify the password once upon login, and then store a cookie that verifies the user is logged in? That brings other security risks.

But the alternative seems to be to make every request very slow, because it would require bcrypting the password with every request.

d0vs 3 days ago 1 reply      
bcrypt is so flawed...
ck2 4 days ago 2 replies      
and/or stop using a single word and use sentences (phrase)

eight characters is easy - try cracking 50

evo_9 4 days ago 1 reply      
Another thread where seeing Karma would really help...

Maybe it should be optional?

praptak 3 days ago 3 replies      
You can add the configurable slowness factor to any secure hash. Just use salts but leave out k bits from each when storing them. The more bits you leave out, the more work it takes to verify a password as the verification procedure needs to brute-force the missing k bits.
zubisu 4 days ago 1 reply      
the weaknews is actually storing the salt or code or key with the password. using bcrypt helps a bit but doesnt truly solve the issue. i think thats important to point out. sha1 with a salt u cant find beats bcrypt with a key u know any day
Sal Khan has started videos about Python youtube.com
319 points by paufernandez  5 days ago   81 comments top 16
hebejebelus 5 days ago 1 reply      
Interesting, very interesting. Now, I haven't watched any programming-specific videos other than the one linked, but my immediate thoughts were something along the lines of "But you need to know [that a program executes from the top-down] first!" where [] is pretty much everything I know about programming.

But I think that I might be wrong. I think that Sal might be right, and just go. Python is easy enough that some people might pick it up just from following along - not to mention that you don't want to fill people's heads with crazy words they've never heard before. That's only going to stop people from trying to program.

The problem is that I'm a fairly experienced programmer by now, so any thoughts I _do_ have are going to be skewed. I can't look at these videos from a beginner's eyes because my mental model for programming is already set, and no matter how I look at something, I'll try to fit it into my existing model.

Either way, this is fantastic. Absolutely excellent. I think it's wonderful. Honestly cannot shut up about it. I'm going to tell my sister to watch them, just to see what she thinks.

Given that Sal focuses an awful lot of time on getting Khan Academy in schools, this may be the next step in teaching the entire world how to program. I can't wait to see where this leads.

Locke1689 5 days ago  replies      
He's just straight up wrong about putting the filename in a comment at the top of the file. It's true: files change names all the time, why make someone change them in two places every time? Moreover, he should be describing the module using PyDoc, not comments.

I'm worried: Sal does not seem like a professional software developer or someone who's done significant software maintenance. Like Visual Basic, he could end up just teaching bad practices that people who watch his videos will just have to unlearn later.

Personally, I'm still going to recommend that people read Learn Python the Hard Way, not watch this video.

edw 5 days ago 4 replies      
There was a recent essay taking Khan to task for what the essayist saw as superficiality in Khan's coverage of world history. I am interested to see how the Hacker News community assesses the quality of materials that are related to subjects that are within the areas of expertise of many of us.

On a related note, what many people here found a helpful introduction to Clojure was viewed with circumspection my some in the #clojure Freenode community. Assessing the quality of materials is made even more difficult by the challenge of finding the critics whose opinions are worth paying attention to.

shii 5 days ago 3 replies      
thenewboston[1] has owned this space for a little while now and has been doing really awesome vids on things like Python, C++, Java, Obj-C, iPhone dev, PHP, gamedev, Cocos2d, and Adobe CS software.

It's funny because he's coming from the opposite end now, since he's been doing mainly programming and technical content vids and has recently started making series on things like Biology and mathematics, the forte of khanacademy. Pretty awesome to see it all play out.

[1] http://www.youtube.com/user/thenewboston#g/p

younata 5 days ago 0 replies      
I like Sal's stuff. I've used his videos on math to review stuff I didn't quite get during a lecture (given the quality of math professors I get, this is often). I've watched his other stuff because they're generally interesting (and really cool, I wish I could draw/write like he can).

I watched the video, and enjoyed it. I'm going to recommend it to my friends. It's rather high quality (not going to talk about the download that goes with it, I didn't look at it), and it gets across a good thing about computer science: You can easily verify the results with your own computer.

I see that their's a lot of criticism on this, but this is already loads better than what current uni students are getting (I just went through my first year of uni, and I can tell you that I've not learned anything [1] in my CS classes).

As I've stated previously, I would recommend this to my friends, as well as to people just getting their feet wet in programming. Good job Sal, you're pretty awesome.

[1] Except for an x86 assembler class. That class had an excellent professor, and I now understand pointer arithmetic.

streeter 5 days ago 0 replies      
It is really cool that Sal is trying to do everything himself, but this method does not scale. There is no way he can create the breadth, and more importantly, the depth, needed to cover all the topics a student will learn. As long as Sal continues to produce all the content himself, I believe the Khan Academy will be relegated to complementary and supplementary content.
duck 5 days ago 1 reply      
Seems like the video has been removed...
nextparadigms 5 days ago 0 replies      
I didn't look too much at this, but I've done thenewboston's Python and Java tutorials, and they are AWESOME!
neovive 5 days ago 0 replies      
Introduction to programming languages and constructs are a great fit, especially if they emphasize and build upon the concepts discussed in the other videos. Writing and understanding the logic behind the factorial program is a great way to reinforce that concept -- with an introduction to Python as an added benefit. Looking forward to seeing how this develops.
espeed 5 days ago 1 reply      
I'm going to try this on my mom :)
krmmalik 5 days ago 2 replies      
I wish he would do javascript, would be uber cool if he suddenly had a fascination with Node.js
sidman 5 days ago 0 replies      
I use Sal's material quite abit, well mainly his finance and mathematics material, specially if i need to remind myself of things i did back at uni. I think Sal is most strongest in those areasgiven his background. However looking at the rest of what he produces if your a beginner in any of the topics his stuff is a GREAT place to start. My weapon of choice is actually python so it would be great to see how those tutorials look like :)

Just gotta say great job to Sal though, he spreads his knowledge and i'm sure many people around the world are greatful for it.

Ganthor 5 days ago 2 replies      
Anyone else getting a "This video has been removed by the user" message?
mattlong 5 days ago 1 reply      
FYI, looks like the video has been taken down...
ved 4 days ago 0 replies      
Vids removed ?
SearchYC is shutting down searchyc.com
297 points by chengmi  7 days ago   59 comments top 40
edw519 7 days ago 0 replies      
"If I have seen further it is by standing on the shoulders of Giants." - Isaac Newton

I believe there are quite a few of us here at Hacker News that could claim you, Mike and Jerry, as our giants.


pclark 7 days ago 1 reply      
SearchYC has actually been tremendously valuable to me and my startups in the past. Hacker News is such a treasure trove of information, anecdotes and friends and your service was the gateway to that.

I used SearchYC as my "google for startups" I honestly cannot reiterate how useful your service was. I wish you'd keep it going as I still use it over the Hacker News Search (habit, more features, search within search results, being able to search for specific comments from users, etc etc.)

A friend was having relationship problems in part due to his startup, and I explicitly remember him saying "I looked on SearchYC and found tons of other posts from founders in the same boat" (this was when you had the curated post categories)

Seriously, thanks. (my startup is kind of in crunch at the moment but I had been meaning to reach out to you guys when I saw your service went offline a few weeks ago, i couldn't let you guys go without me - and probably the majority of the community - giving you guys some thanks and credit)

patio11 7 days ago 0 replies      
Thank you for creating and maintaining SearchYC these last few years. I used it more than any site except, well, HN. (My apologies for the server load.)
timf 7 days ago 1 reply      
Thankyou so much for creating and running SearchYC, sad to see it go. It was a really great resource and well executed!
kirubakaran 7 days ago 4 replies      
Instead of shutting down, can't you hand it off to someone? Please!
mikeklaas 7 days ago 0 replies      
Would you be willing to release the extensive HN dataset you have collected?
ivank 7 days ago 1 reply      
With SearchYC gone, is there still a way to get an RSS feed for a user's comments?
raju 7 days ago 0 replies      
I echo the sentiment of many other HNers. Thank you for all the great work, and the invaluable resource. I can't count how many times it has served me in the past.

I wish you the very best - I am almost expecting something even more kickass out of you guys soon.

brown9-2 7 days ago 0 replies      
SearchYC was an invaluable resource and a great tool - thanks for the work!
dschobel 7 days ago 0 replies      
Can't thank you guys enough. If you have a paypal link where we can send you some beer money, I'm sure you'd collect a few rounds worth. Cheers!
duck 7 days ago 0 replies      
I'm sad to see it go. I use it every week when creating my Hacker Newsletter and since it has been down I've had a hard time using HNSearch as effectively. Search really was just one component to it, it also had a great way to browse Ask HN threads.
markbao 7 days ago 0 replies      
SearchYC was no less than kickass. Thank you so much.
loschorts 7 days ago 0 replies      
Thank you for running searchyc all of these years. It was a tremendously useful service.
senthilnayagam 7 days ago 0 replies      
no time adding new feature is OK. but if it is hosting costs, HN users can donate or get a sponsor.

if you want a maintainer, I am willing to takeover from where you are leaving

shii 7 days ago 0 replies      
Amazing site and resource, thank you so much for your time running it. Really appreciated it.
ColinWright 6 days ago 0 replies      
I'm deeply unhappy to see you guys close down. My experience is that your results are easier to use and more accurate. Just one instance of an annoyance is here:


But although I wish you would continue to include SearchYC in your future work, I wish you all the best in whatever you put your time and efforts towards.

JayNeely 7 days ago 0 replies      
SearchYC has been an invaluable tool for me. It's easily tripled the value I've gotten from Hacker News.

Thank you for all your work on it.

yosho 6 days ago 0 replies      
Don't know how to rephrase what's already been said so I'll just say it again. Thanks so much for providing an awesome service!
omouse 7 days ago 0 replies      
Turn it into free software! It would be invaluable to the community and you would get a hell of a reputation for it I think, especially from hackernews users.
hollerith 6 days ago 0 replies      
SearchYC -- particularly the ability to sort results by date -- has been very useful to me.
keeptrying 7 days ago 0 replies      
It was a really useful and great tool. I used it a lot. Thank you!
jmonegro 7 days ago 0 replies      
Is this not ironic http://d.pr/x9Ri :)

Seriously though, all the best, and thanks for all the years of good service!

paraschopra 6 days ago 0 replies      
I especially loved the Ask HN archives -- they are undoubtedly the best advice for entrepreneurs.
drtse4 6 days ago 0 replies      
Thanks a lot, i lost count of the hours i spent in searchyc searching for old threads, simply great.
tstegart 7 days ago 0 replies      
Thanks to everyone involved. It was invaluable.
Estragon 7 days ago 0 replies      
What did SearchYC give you over a google search like "site:news.ycombinator.com <search term>"?
Typhon 7 days ago 0 replies      
There goes the arc forum search, until, maybe, we get our version of HNsearch.
ghostDancer 7 days ago 0 replies      
Not going to say nothing new, but it's been really useful for me. Thanks.
savrajsingh 7 days ago 1 reply      
Maybe Greplin could swoop in and fill this void. It would be nice of them.
fastfinner 7 days ago 0 replies      
Great tool all these years, thank you.
karussell 7 days ago 0 replies      
If you still need rss feeds you could use http://jetsli.de launching in ~2 weeks)

You will be able to search for 'geeky news' also on other services than hackernews.

ltamake 7 days ago 0 replies      
Thanks for creating this, guys. Any chance you might consider sticking your code on Github?
keke_ta 6 days ago 0 replies      
Thank you so much for creating SearchYC. I loved it. When I research something, SearchYC is a great resource.
wallflower 7 days ago 0 replies      
Thank you!
OoTheNigerian 7 days ago 0 replies      
Thanks guys. It helped me on more than one occasion.
c4urself 7 days ago 0 replies      
Thank you!
staunch 7 days ago 0 replies      
Thanks guys!
brndnhy 7 days ago 0 replies      
It's still the better search interface. Hope you make the code available.


tamersalama 7 days ago 0 replies      
Thank You
New Google Web Fonts Interface google.com
299 points by jamesjyu  6 days ago   46 comments top 18
thematt 6 days ago 1 reply      
Great interface, but the number of fonts is a bit overwhelming to browse through. It would be awesome if you could sort by "most downloaded" or "most used" -- just to get some ideas.
tobobo 6 days ago 1 reply      
Wow - I've never seen a cleaner font browsing interface, and they make using the fonts you look at so easy I didn't even realize I was doing it.

Let's hope the Web Fonts API doesn't go the way of the Translate API, or many webpages will be rendered in incorrect fonts. Horror!!

201studio 6 days ago 2 replies      
How many awesome things can Google roll out in a day?
cdcarter 6 days ago 2 replies      
This is fantastic! I've been waiting and waiting for Web Fonts to expand, and now I have a lot more choices than Syncopate and Raleway.
thedjpetersen 6 days ago 1 reply      
ThomPete 5 days ago 0 replies      
This has several flaws.

For it's not consistent. I filtered for Serif and got sans serif in the mix.

But even worse. You can't specify very precisely. For instance if I need a slab serif how do I filter that?

StacyC 6 days ago 1 reply      
Nice improvement to the interface. I've just recently started using these fonts a bit and I really like the service. The collection is growing too so there's a good variety there. Nice job, Google.
hydrazine 6 days ago 0 replies      
Super like! Can't wait to try it. Looks much easier than tinkering with raw CSS.

Edit: 2 lines of code were all I needed to add. Ridiculously easy.

JCB_K 5 days ago 1 reply      
I still don't see the point of a service like this. With a tiny bit more work you have them on your own server, and you have all the control. If Google tomorrow decides to stop serving fonts, your design won't be broken.

With some services I understand people rather have it externally has it's a hassle to do it yourself, but @font-face is too easy to not do it.

hsmyers 6 days ago 0 replies      
Keeps getting better with each iteration! That said, I'd still like to see some pi fonts and printer's ornaments...
habitatforus 6 days ago 3 replies      
Judging by the other comments, it's just me, but the fonts look worse now. They aren't smooth at all.


rglover 5 days ago 0 replies      
This is a great update to their existing library. It reminds me a lot of Fontcase and similar font browsing apps. It's great to see that their library keeps growing. Definitely going to make this a first-stop before working on designs from here on out. Thanks, Google.
scottseaward 5 days ago 0 replies      
I like this a lot. I'd love to see a monospace fonts filter. Although, saying that, it looks to my eye like the only monospace font on there is Inconsolata.
lautenbach 6 days ago 0 replies      
anyone have experience using this after typekit? we've been somewhat disappointed with the inconsistency of typekit's rendering lately and are looking for another option...
ya3r 5 days ago 1 reply      
They once had some Arabic fonts. Where did they go?


This is a snapshot of their IO's session video.

theatrus2 6 days ago 0 replies      
Didact Gothic is a nice one for headlines.
abhaga 5 days ago 0 replies      
I wish they would add Indic scripts too!
jackpirate 6 days ago 2 replies      
How is this useful if everyone else hasn't already downloaded those fonts? Everyone has Ariel. That's why it is so popular.
Dotjs " hack the web defunkt.io
300 points by duck  6 days ago   58 comments top 20
holman 6 days ago 3 replies      
I've sneakily been using this for months on Hacker News itself- I just .hide() stories past around story #15. More signal, less noise. And it's just jQuery, so it's really easy to whip up.

Bonus points for it being so easy to share, too: https://github.com/holman/holman-js/blob/master/news.ycombin...

gue5t 6 days ago 2 replies      
This seems like it's a lot of overhead for what amounts, in terms of capability, to a reimplementation of greasemonkey. It also makes you implement finer controls on execution by url yourself, whereas greasemonkey has them in its syntax. The author states,

"GreaseMonkey user scripts are great, but you need to publish them somewhere and re-publish after making modifications. With dotjs, just add or edit files in ~/.js."

but this caveat is just as strong for files you maintain outside of your browser, and some browsers' implementations of userscripts/greasemonkeylikes actually have a similar filesystem-based model for managing scripts already.

While respectable, I had hoped to be more impressed by a tool that beckons me to "hack the web".

rpearl 6 days ago 0 replies      
mph 5 days ago 0 replies      
I added CoffeeScript support if anyone's interested.

just change your file extension from .js to .coffee


oldgregg 6 days ago 1 reply      
I'm waiting for someone to build a social browser extension on top of something like this. Anyone could submit custom CSS/JS for a website and the most upvoted "theme" automatically gets loaded. Sure the JS security issues might be a nightmare, but the web would look soooo much prettier!
omaranto 6 days ago 0 replies      
Doesn't Chrome have builtin support for Greasemonkey scripts? How is this better? Is it just the convenience of having jQuery preloaded?
tung 5 days ago 0 replies      
See also jsshell[1] for Chrome. Press the button and you can run jQuery-powered JS on the fly, save snippets and run them, even automatically on regex-matched URLs.

[1] https://chrome.google.com/webstore/detail/kmgmkbicahmbceidoi...

JackWebbHeller 5 days ago 0 replies      
Great work! But I had some trouble getting it to run on my Mac.

I think it might be because I use VirtualHostX - http://clickontyler.com/virtualhostx/ - which alters my hosts file. I had to create a host - http://dotjs/ - pointing to my ~/.js/ folder - then edit the Extension JS to point the Ajax to http://dotjs/ instead of http://localhost:3131. A bit of pain but it might just be who this affects.

reustle 6 days ago 2 replies      
Requires Ruby? Why...
TheMiddleMan 6 days ago 0 replies      
"GreaseMonkey user scripts are great, but you need to publish them somewhere and re-publish after making modifications."

Publish them where? I don't understand this. Whenever I change a user.js file and save it the browser updates it and it's ready to go next time the page reloads.

Side node: Scriptish is a fork of greasemonkey with many cool extras. https://addons.mozilla.org/en-US/firefox/addon/scriptish/

jasonkit 3 days ago 0 replies      
I think the ruby web server is not necessarily needed, simply change the dotjs.js's content to

$.get(chrome.extension.getURL("script/"+window.location.hostname+".js"), function(script){

it will look for the js file in the extension directory instead of the local ruby web server, and this should work for any platform. To take the ~/.js convenience, a symlink in *inx system or shortcut in window will do the job.

__rkaup__ 6 days ago 1 reply      
The instructions given only work for Mac.
sim0n 5 days ago 0 replies      
Sweet! Believe it or not I've been actually looking for something like this for Chrome over the past couple of days so this is great.
blago 6 days ago 0 replies      
Awesome, exactly what I needed. I was just about to create yet another "inject X.js" bookmarklet.
Sym3tri 3 days ago 0 replies      
I wrote a simliar extension for CSS.

It's free in the Chrome store:

DanielRibeiro 6 days ago 1 reply      
Reminded me a lot of Greasemonkey for FF.
antihero 5 days ago 1 reply      
Why does this need OSX?
meow 5 days ago 1 reply      
Umm.. is there a way to run it on windows :( ?
robinduckett 5 days ago 0 replies      
Sorry, how is this different to greasemonkey?
Brewer 5 days ago 0 replies      
This just made my day, keep up the good work.
Don't be rich, Live rich slideshare.net
296 points by BioGeek  8 days ago   137 comments top 25
econgeeker 8 days ago 5 replies      
We've been doing this for three years now. This couple seemed to focus on having a year abroad, we've made it our lifestyle, and we're doing a startup (rather than consulting).

I started this as a response to the "how to keep productive" question, but I'll try to address the other questions people have been asking in the thread later on.

We also have the issue of taking some period of time to get back into the productive zone. What we do is spend the visa limit time in each country. For americans in the UK that is 6 months, for instance. So we rented an apartment for 6 months. In the Shengen zone (most of europe) it is 3 months, and last year we spent 2.5 months in berlin.

In both cases we spent most of the time working a normal lifestyle %90 of the time. After our 2.5 months in berlin we spent a couple weeks traveling as tourists (that's where the other 0.5 months went.)

I figure 2 weeks on either side of a relocation are not going to be productive, so might as well spend half of that time, or so, doing tourist stuff. By having such great breaks regularly, we are recharged and I think more productive when we are working.

The weird thing is, indoors, the only thing foreign really is the outlets... so it feels like we're still in the USA, but then you step outdoors and the language, accents and architecture are completely different. So you can "travel" across the globe every day. It is really hard to explain that feeling but it is pretty powerful.

Taxes & Visas-- As far as governments are concerned we're tourists. We present ourselves this way and we get tourist visas. However, for most visas "tourist" and "business" visas are essentially the same. We don't work in any country in the sense that we don't have a job, we don't participate in their employment schemes. We're taxed like americans (the US taxes your income no matter where it is earned).

As I mentioned we're doing a startup. (We did one and we're just in the process of pivoting so what the new one is at this point is a little vague.) I don't feel out of the technology scene at all-- I have all the same connections I did before we left, except that I can't go to local unconferneces, but I didn't really get much out of them.

There is one conference that I miss that is done in the USA only, but we started buying the videos for it. Spending hundreds of dollars on conference videos sounds expensive, but it is cheap compared to actually going there (Even from within the USA). I don't really miss the networking opportunities-- and we're now networking with a real international network. EG: we network with the locals wherever we are.

The technology scene really is global.


This is a big one. This inhibits a lot of people. However, if you've got an income from your work, and savings to get by in the USA, you can get buy longer when you're traveling. Even traveling in expensive first world places like europe, right now, we're able to live on the budget we were living on in the USA. Overall, we're actually spending a bit less, and we spend a lot less when we are living in lower cost places (even places in eastern europe, which are "expensive" compared to southeast asia, are cheep.)

So, we could have remained in the USA, and spent the same amount of money. I don't think we would have gotten any more work done, and we would have had a lot less fun. Plus, as our product is global, better understanding of other countries helps.


Health insurance: We have the health insurance we had in the USA. It covers us globally. There are specific health insurance plans that cover long term travelers and we might switch, we just haven't done so yet.

Neither of us are under 30, nor are we over 50.


Crazy? You hear a lot of people who knock this idea. Lots of people say "I'd love to do that but I've got responsibilities" or the equivalent.

That's fine... just don't presume we're not doing serious work, we aren't doing a "real" startup or anything lie that. These days startups often have employees spread around the globe... we don't have to carry the whole company with us.

I think people thinks this is harder than it is. Or maybe for some people the idea of living out of a backpack is tough.

Personally, I relish the challenge!

Between my laptop, camera, and assorted stuff, I've got about 7 pounds of clothes etc, and 10 pounds of electronics gear. Every time we-repack, we actually shed some unnecessary stuff. It is a process... but I love it.

motters 8 days ago 4 replies      
It sounds nice if you can pull it off, but on the occasions where I've been continually moving from place to place I've found it much harder to actually get anything done. Continual travel adds cognitive and other entropic overheads which deplete your mental and energy real estate.
maccman 8 days ago 3 replies      
I've been doing the same for 9 months now. I've travelled round the whole world, had a fantastic time, and wrote a book for O'Reilly as I went. It's been the best year of my life. In fact, it turns out that writing books is one of the best ways to do this - as it's very flexible and a successful book will just about cover traveling costs. What most people don't realize, is how cheap it is to do this.

As always though, everything is best in moderation. I'm yearning to be back in the startup/technology scene - and I will be come September. I'm sure that'll I'll do another trip like this in my twenties though (I'm 21 now).

georgieporgie 8 days ago  replies      
What are the best technologies to focus on in order to be mobile/remote?

I've notice that nobody is interested in remote C++ development, and the few people I meet who are doing something like this are in some branch of web development.

stevenp 8 days ago 0 replies      
At the beginning of June I went to Chris Guillebeau's first World Domination Summit in Portland, OR (http://worlddominationsummit.com/) and met lots of people who are living like this. I highly recommend going next year (I'm already registered!) if you're interested in learning about the techniques people use for lifestyle design.
ilamont 8 days ago 1 reply      
Living abroad in your 20s is an unforgettable experience. I lived in Europe and Asia for most of the 1990s, and still look back wistfully at that time of my life. I gave up some early career "juice" but got so much more out of it.

Note that doing what the OP did is far more difficult if you have children, although it is possible to work stable jobs in a single country for longer stints with kids.

rdouble 8 days ago 2 replies      
This looks like fun, but so many people have done this now, it's almost a cliche.

It almost seems more unique to hear about a hacker from NYC documenting a summer working in New Paltz, rather than another story about social media experts working from cafes in Buenos Aires and Thailand.

kristofferR 8 days ago 1 reply      
BTW, my favorite podcast is The Lifestyle Business Podcast:

The hosts are two guys who have created a million dollar business in the last three years while traveling. Their business is not some bullshit "blog"/earn money by selling tips on how to make money thing, it's a real business that actually sells physical products.

Everybody should check it out. It's a shame that they're charging for the first episodes since it makes it kinda hard to recommend to people (I discovered them before that), but their content is definitely worth paying for. It's probably the best audio-only business content I've heard.

wallflower 8 days ago 0 replies      
For inspiration, check out Worldhum and Brave New Traveler:



skarayan 8 days ago 0 replies      
Moral of the story: structure your life around things you love. Travel is cool, but not for me long term. I love internet startups and getting better with every new idea/execution. Soon, I will be able to stop consulting and get my cash flow from a self sustained business. In the mean time, I consult to fund me ideas. Life is good.
irahul 8 days ago 2 replies      
> Don't be rich, Live rich.

Why not be rich and live rich. I get the "Live rich" part but that "Don't be rich" is unwarranted.

rafski 8 days ago 2 replies      
Not trying to take away from how fantastic and inspiring a story this is, what's with the "check for grants/subsidizing" bit?

Is the ultimate advice "be from a wealthy country that lets you travel on welfare"? :)

ori_b 8 days ago 1 reply      
How does this work with respect to visas and the like? I don't imagine that countries like you coming in to work and earn money without paying any taxes.
bignoggins 8 days ago 0 replies      
My wife and I are currently doing something similar. Traveling the world (4 continents, 20+ countries). She's working on photography and blogging while I'm developing my own iphone apps. Best decision we've ever made, and haven't looked back since (been on the road for 3 months, currently at an airbnb in Taiwan). My wife keeps a blog at http://www.shenventure.com if you're interested in reading about how we did it.
jonmaim 8 days ago 1 reply      
A very useful site to help you find a good city/country is numbeo.com. There you can make cost-of-living comparison between 2 cities.

For example, look at the difference between Lausanne, Switzerland and Bangalore, India (the indian silicon valley!) -> bit.ly/ltwXUf

jonmaim 8 days ago 4 replies      
Currently doing it in Bangalore, India! Anymore people/couples doing the same right now?
seanharper 7 days ago 3 replies      
This is fascinating, and I would really like to try this at some point. However, I am 30, married and have a 1 year old kid. Does anyone have any similar resources, examples, for people who have done this with kid(s)?
jbrains 6 days ago 0 replies      
The most fun part of this lifestyle is being able to say "I'd like to go to Paris again this year", then finding work close enough to Paris to pay for going to Paris. By not needing to squeeze every dollar out of my trips, I can be much more flexible and enjoy the travel more.
Tichy 7 days ago 2 replies      
Wouldn't the rich way to do it be to buy a yacht and float from place to place?
sjmulder 8 days ago 3 replies      
What's the best way to go about finding places to live for a short time that don't cost an arm, leg and rib?
TA662 8 days ago 2 replies      
This is just how I'm hoping to spend most of my 20s.

I did freelance for a while, and I came to the conclusion that I don't really enjoy doing client work, so now I'm working on a startup instead.

Does anybody have experience doing a startup on the road, as opposed to the more common freelancing/blogging/consulting?

My aim is to get my SaaS product(s) to the point of requiring almost zero work. (Everything automated, effective 'help' section to keep the amount support emails as low as possible, etc.)

This seems impossible with freelancing/blogging/consulting, as you'll only be able to lessen the workload so much (i.e. it can't be self-sustaining), whereas depending on the startup you can theoretically get by on just a few hours work per week, while your revenues are still increasing.

robertduncan 8 days ago 2 replies      
How does immigration law work for this kind of trip? Do you need a work permit/visa?
hetaoblog 7 days ago 0 replies      
interesting experience. for people running personal web business, maybe this is worth trying for some period;
I just started to do something during weekends, hope it can grow big to cover my daily job
dennisgorelik 8 days ago 1 reply      
Internet allows "rich live" without actual traveling.

Besides, if you have kids, traveling is much harder / expensive.

sliverstorm 8 days ago 1 reply      
Beetle? Vintage? That seems to imply "good"...
Why mobile apps suck when you're mobile (TCP over 3G) davidsingleton.org
287 points by dps  7 days ago   68 comments top 21
kalleboo 7 days ago 6 replies      
There were plenty of wireless-optimized TCP replacements proposed back in the days when WAP and XHTML Mobile were the hottest things around, but none took root as operators, web servers and browsers needed to adopt them in tandem.

Now that smartphone apps are widespread and someone developing a service can control both sides of the connection, there's definitely room for someone to devise a really good TCP replacement (layered on top of UDP) with an iOS library, an Android library, and an Apache mod.

dspillett 7 days ago 0 replies      
The problem for those of us on capped and/or expensive-per-kbyte mobile connections (in the UK that is everyone who doesn't spend a large chunk on their monthly contract - people on Virgin pay-as-you-go pat £3 for a day's access but IIRC you get cut off after 25Mbytes in that day) with restarting connections early is that the ~20 seconds worth of packets queued up during the blip is going to be sent anyway even though they are now no longer needed. 20 seconds worth of discarded packets could be quite a bit if you were transferring data at decent 3G+ speeds just before the blip.
jchrisa 7 days ago 0 replies      
This is exactly what CouchDB, and Mobile Couchbase for Android and iOS, is designed to fix.

Networks are slow. Mobile networks are slower. The most robust fix to the problem is to "optimistically replicate" your application data to the end user's device, so that the network latency does not become part of the user experience.

This is a strong fit for applications like CRM or geographically constrained apps, as the data sets are small enough to fit completely on your devices. For larger data sets the issue becomes: which subset of the data should be copied to the device ahead of time.

The user should never needs to wait on the network. All data operations are played against the local Couch, which handles asynchronously transmitting changes to and from the remote server, in the background. This pattern makes it much easier for app developers to make responsive applications, where users are never left waiting on multi-second round trip times.

aristus 7 days ago 0 replies      
Here's animation of the packets of a Facebook page hit over 3G on a moving bus:
praptak 7 days ago 0 replies      
It looks like this should be (at least partially) dealt with at the OS level especially if the OS in question is a mobile one.
micheljansen 7 days ago 0 replies      
Interesting. I cannot stop thinking how cool it would be if Google actually decides to step in and propose an alternative protocol for mobile networks. If they put it in Android, they already have a huge base for adoption.

Ended up writing a piece on Google because of this on my blog:

(shameless plug :P)

clistctrl 7 days ago 5 replies      
Not that his advice is bad, but these statistics are a bit biased. Trains make for some pretty unusually difficult channel conditions.
justincormack 7 days ago 0 replies      
Interesting, suggests a quick fix might be for the client to not use keepalive, or to selectively close connections that are very slow so as to start new ones. Potentially a much easier solution than writing a new transport.
rowanseymour 7 days ago 1 reply      
Very interesting and sheds some light on the weird latency issues I see here in Rwanda, where 3G issues aren't limited to being on moving trains. Sometimes pinging shows crazy return times of 30000-60000ms. Other times they're only 200-400ms but every other ping packet times out, i.e. one packet through, next one drops, and so on. Still trying to figure out exactly what's happening then.
warfangle 7 days ago 0 replies      
Would Vint Cerf's recent work on a high-latency network standard for space[0] apply? Would it make mobile more useful? It's designed for latencies of days (not seconds), so it might be overkill. But something to masticate upon...

0. http://www.technologyreview.com/communications/21601/?a=f

schiptsov 6 days ago 0 replies      
The much worse problem is DNS. For big networks that pushes always the same two IPs (even without round-robin) it is a disaster. There are lags of servers, lags of network, dropped packets, useless overhead with EDNS and different packet sizes (timeouts and retransmitions) and above all, the practice by content providers and CDNs to use hundreds of changing in real time hostnames to implement load balancing and/or geoIP based assets loading. They use near zero TTLs which makes caching useless and dynamic sets.

Indian Airtel's network is a live example of that disaster. It is almost unusable, while they still actively promoting 3G and iPhones. ^_^

lukego 7 days ago 1 reply      
Don't worry, our Lisp startup (www.teclo.net) is fixing TCP over mobile networks, it will all be fine soon enough. :-
sebandr 7 days ago 0 replies      
I'm in a start up that's developed techniques using UDP to allow someone to roam across wifi - in other words we have managed to reduce the tcp delays and time outs to provide consistent and reliable handoffs between wifi zones and devices - regardless what of the network provider. The technology also allows hot handover between femto and wifi too. Right now we're mostly focused on a mobile app to improve broadband delivery of content to mobile users in shopping malls, commercial zones, etc. but that's low hanging fruit. Eventually we believe that this can be integrated in mobile apps to let others us this for true mobility while running broadband services.
kaeso 7 days ago 0 replies      
As an historical note, most of these concerns are the same expressed in RFC 3481 (category: BCP). You'll note from there that some of the issues are still open even if almost a decade has passed.
wibblenut 7 days ago 1 reply      
This is partly why I'm so interested in publishing information at the DNS level (i.e. .tel) - you get to use UDP (or TCP failover), plus other awesome benefits. You can do other innovative things with DNS too.
etherealG 7 days ago 0 replies      
anyone know what tool I could use to run a similar test?
hxf148 6 days ago 0 replies      
Mobile HTML5 apps, the future is the past. :) Check ours out http://infostripe.net
dps 7 days ago 0 replies      
Dave Taht points out http://www.bufferbloat.net/ which looks very interesting!
jb55 7 days ago 3 replies      
We should probably get these long round-trip protocol issues ironed out before we build our galactic internet
willyt 7 days ago 0 replies      
Is there any way round this for HTML5 apps? I know you can save an app icon on iphone but when you launch it just launches safari which seems to make a network request to check if the site is up to date? (Sorry, I'm a bit naive about all this HTML5 stuff.) e.g. Gmail in safari on iphone is useless when you get long latency situations like this. Is there a way round that?
zobzu 6 days ago 0 replies      
SCTP anyone?
Once Greece goes... lrb.co.uk
284 points by andrewcooke  1 day ago   188 comments top 16
lyudmil 1 day ago  replies      
Every time I bring this up I get down-voted, but I cannot resist.

No one argues that the Greek economy was in good shape. It clearly had severe problems with corruption and inefficiencies, which were brutally exposed when the global financial crisis hit. Everyone suffered, but because of the problems in the fundamentals of the economy, Greece suffered disproportionately more. However, the European Central Bank lent the "bailout" money demanding cuts to public spending that, in the current economic situation, would have very likely worsened the Greek economic situation. Greeks realized this and protested, but were (understandably) dismissed as spoiled brats, demanding an unsustainable, comfortable lifestyle.

Now that the likely, predictable outcome is looking even more likely (namely, default), journalists are still omitting that crucial part of the analysis. Many economists warned that in a crisis of demand, which is what we're experiencing now, cutting government spending is a bad idea. In a situation of such great uncertainty in the market, the government is the only source of demand big enough to make a dent. It must, of course, borrow the money and therefore increase its deficit by doing so, but that's a worthwhile thing to do when the alternative is default. After the economy has stabilized, the deficit problem can be overcome by growth. Moreover, even if deficit reduction is your priority, if the economy is shrinking you're always going to be fighting a losing battle no matter how many spending cuts you make.

To summarize my point, the Greek economic turmoils are less of a cautionary tale of the perils of uncontrolled spending (although they clearly are also that), and more an illustration of the negative effect the austerity measures recommended by the ECB are having on the economies they are imposed on. It should give leading European nations pause when considering what to do with the rest of the troubled economies in the eurozone.

fleitz 1 day ago  replies      
Markets are pricing greek debt as defaulted because it's the most rational thing for the greeks to do, and the most rational outcome. Greece holds power over the EU to the degree that its financial insolvency can bring the whole system down. (Technically, it's a power transfer from the EU to US as the fed has already bailed out the EU banks in anticipation of the Greek default)

When you owe the bank $1 million the bank owns you, when you owe the bank $469 billion, you own the bank. The average greek is smart enough to know this and knows that the closer they get to default the better the deal they will get. The banks have two options, get nothing, or get something.

Also, if the Greeks' can't pay at a AAA rating they certainly can't pay at AA rating, nor A, not BB, so the end game for rational thinkers is default because as the rating drops the inability to pay increases. Since Greeks hold EU notes and EU denominated assets they can't even be screwed via an exchange rate mechanism. If Greece defaults Europe basically has to eat it, and it puts Europe in a much worse negotiating position with Spain and Portugal.

Furthermore, with regard to bond pricing there is no such thing as a bad bond, only a bad price, hence they are quickly being priced to zero. It's similar to the whole subprime thing, guys who bought subprime post Aug 2008 actually did alright because the prices were so low that you'd be somewhat likely to get your money back.

Aloisius 1 day ago 1 reply      
The Eurozone could go belly up because of a cascading failure. The US may default because conservative politicians think it is "not that big of a deal." China is scared of an economic slowdown and inflation. And everyone thinks we're in a bubble and we're about to hit a point of irrational exuberance.

Interesting times.

JanezStupar 20 hours ago 4 replies      
There are two sides to this article one is correct and the other is deceitful. I assume that this article was written by a Greek (I infer this from the first person accounting of situation).

The true part of the article is the part about debtors options and possible scenarios.

The deceitful part is the part about "ordinary Greek not understanding the situation and having no part in it". In eastern Europe we have a saying that someone is "indebted as a Greek", meaning that someone is perpetually taking loans to repay old ones while having not a slightest intention of ever paying them off. And this proverb is centuries old AFAIK. So all this protesting going on, pleas of "ordinary Greek people" are an elaborate scheme of shedding guilt. Modern Greeks as a nation are an entitled (an order of magnitude more than attributed to gen-Y) and lazy bunch. Boasting their "heritage", while they have nothing in common with the antic culture.

Any businessman worth his salt will be weary of doing business with Greeks - thats how bad in general their ethics situation is. While I cannot offer any meaningful opinion about how to get out of this mess. I can try to provide some insight into how Germany and France got into this mess. The first would be that greedy coke powered bankers got all optimistic that Greeks will repay their debts this time and went on to issue insane amounts of subprime loans, ok this is not what happened.

What did happen was that western world knew full on from the beginning what would happen - but proceeded anyway, since Greece was too strategically placed in the cold war and could not be lost to Soviet influence. The Greeks being smart, knew that and took full advantage. What happened after the cold war, was basically the subprime mortgage scenario of US played on a national scale - it is fraud committed by German and French bankers over the people of EU. I'm not believing anyone "in the know" telling me with a straight face that they didn't know that Greeks were cooking their books.

So in a sense like US subprime fiasco is fraud committed by US elites over people of US, European sovereign subprime debt crisis is also a fraud committed by European elites over their peoples.

I recommend reading this analysis of Greek[1] and Irish[2] debt crisis. It has to be some of the best journalism I have ever read.

[1] http://www.vanityfair.com/business/features/2010/10/greeks-b...
[2] http://www.vanityfair.com/business/features/2011/03/michael-...

Let the Greek diaspora and leftist lunatic downmodding begin!!

Edit: Indeed it was not written by a Greek. But the part about people of Greece not knowing what is going on is pure bullshit - I am not accusing the author of having an agenda. However I am accusing him of not having balls and bringing it out.

abalashov 16 hours ago 0 replies      
A recent Der Spiegel article (http://www.spiegel.de/international/europe/0,1518,769329,00....) made a titular remark that I found noteworthily pithy:

"The Euro Is a Fair-Weather Construct"

sek 1 day ago 2 replies      
The reason for this big imbalance is the focus of the German industry on exporting goods.
Every time the Euro is lowered the German exports are heavily increasing what makes the problem even worse.

Different countries with the same currency was a stupid idea to begin with.

mkramlich 1 day ago 2 replies      
This article reminded me of the larger issue: why do so many modern, national governments seem incapable or unwilling to ever operate with a balanced budget? Why do deficits and debt seem to be the norm? Why all the excuses? Is it a kind of stupidity brought about by having a large group of people each pulling in different directions? Or is it by design and due to malevolent intent? Just curious what everyone thinks.
joe_the_user 8 hours ago 0 replies      
The Greek economic situation is unsustainable. The US housing market is unsustainable. The Chinese housing market is unsustainable. I could make a longer list if anyone wanted.

My point is that this article seems to imply that Greece will be the first to go. Maybe but maybe not. If doubt shifts to US, say, the euro might look at great investment by contrast for a while.

Tomek_ 19 hours ago 0 replies      
If you haven't already you should also read http://www.vanityfair.com/business/features/2010/10/greeks-b... to get more of a perspective on what went wrong in Greece.
yaakov34 1 day ago 5 replies      
I feel like I should have stopped reading this missive after the first phrase, which is "The economic crisis in Greece is the most consequential thing to have happened in Europe since the Balkan wars."

The Balkan wars were in 1912-1913. I can think of a few other significant things that happened in Europe since then. This crisis - it is really more of a tantrum than a crisis, since the Greeks know perfectly well they are on the hook for the money they spent on themselves - doesn't even register as a blip. It's not going to collapse the economy of the 400 million people within the EU/eurozone area, and even if it did, it still wouldn't reach the significance of 70 years of revolutions and communism and dictatorships and the freaking Holocaust and a couple of world wars, now would it?

This sort of wild-eyed panic mongering by people who take a bath on their real estate or stock purchase, and think that they are living through the worst crisis in the 7,000 years of recorded history, is beginning to wear thin. It's annoying even as deliberate hyperbole.

On top of this, the economic points made are stale and unconvincing. He talks about low interest rates being appropriate for Germany, but not for Greece. Well, guess what? You don't have to lend at low rates to Greek institutions. You can take a risk premium on top of the basic Euro central bank rates. People weren't doing that because they thought that Greece would catch up economically to the Euro average; it didn't, and the risk premiums went up. Hardly worth killing the Euro zone over this.

EDITED to add: he probably meant the wars in former Yugoslavia, rather than what's actually known as the Balkan wars. OK, but frankly, this is still crap, since clearly the creation of the Euro block itself and the unprecedented economic expansion in its new members is far more significant than a tantrum in 3% of the Eurozone. And the economic points are absolute garbage: yes, Argentina recovered, because it is a mining/exporting country and commodity prices skyrocketed. Not very relevant to Greece.

tluyben2 15 hours ago 0 replies      
What does Greece 'do'? I can tell you what France exports/makes, Germany, Netherlands, Italy, even Portugal, but Greece; do they actually do anything? Is anything created there? Do the Greek actually work? I've been on vacation there a few times, and i've never seen people so lazy; we went into restaurants and actually had to literally kick the waiters to serve us; they were annoyed that customers came in.
sprovoost 1 day ago 1 reply      
Some people have jokingly suggested that Greece should just sell a few islands. I'm just curious how much they'd have to sell to make e.g. $100 billion.
I think it would be kind of cool (and historically ironic) if they sold some land to China and let them build a few descent city-states in the area in the next year or so. A couple of million extra people should prop-up the Greek and EU economy.
jamesgagan 1 day ago 1 reply      
"There is a good moment in one of the otherwise terrible Star Trek movies..." - a knife to the heart in an otherwise interesting article. ;)
jodrellblank 1 day ago 1 reply      
Is there any personal punishment for leaders ruining a country? There would be if the Greek ministers were committing war crimes, or if they were driving without due care and attention. Why not for "running a country without due care"?
patfla 1 day ago 1 reply      
I found this more compelling and succinct:


cynusx 1 day ago 0 replies      
In my opinion the EU needs to trace the contagion effect and limit its effects.
It can do this by offering to take over all credit default swaps on Greece's bonds, no sane economic actor is going to refuse that when a default is imminent.
What happens then is that the ECB absorbs all losses from a Greece default, blowing a large hole in its balance sheet.
However the ECB can just print itself back into solvency.

The aftermath will be a period of high inflation.

Google+ Project: It's Social, It's Bold, It's Fun, And It Looks Good techcrunch.com
285 points by philipDS  6 days ago   78 comments top 24
icarus_drowning 6 days ago 0 replies      
Well, I'm glad there are some significant new features that Google is trying to use as leverage. Group video chat comes to mind as something that most people don't like to deal with, but as an integral part of a social network, I can see it making more sense.

Its clear they've tried not just to 'clone' Facebook, which I appreciate.

dfield 6 days ago 2 replies      
I'm very excited to try this out. Context (AKA "Circles") is the biggest feature Facebook still hasn't gotten right. By mirroring the way we think about our social graph in real life, Google is making a huge step toward converging Online and Offline identity. It will be very interesting to see how Facebook responds to this... they might finally have a competitor.
luu 6 days ago 2 replies      
Unlike on Facebook, people do not have to agree to be friends with one another. They can receive someone's updates without sharing their own

So it's like a reverse twitter, where you choose who can follow you?

illumin8 6 days ago 3 replies      
If they pull a Wave and only invite users in small groups it is doomed on arrival. This thing needs to be free and massively available like Gmail. Social is not like email - you need wide participation in order for it to succeed.
jagbolanos 6 days ago 2 replies      
I have been an anti-wave, anti-buzz but I just tried Google+ and it's great. I think this time Google really can kick FB. Great, simple interface and integrated to my gmail, picasa, contacts, gtalk it is definitely great!

I love the circles philosophy and UX.

One problem is the restriction on invites. Google+ is valuable to me if I can share things with others, just like I do it in FB right now. They have to enable invites soon or the early adopters will get bored and leave forever.

jneal 6 days ago 1 reply      
Okay, there are way too many posts on Google+ on HN right now, but I do have an opinion I would like to share and this thread seems to be the most appropriate.

When I first heard the news about Google+ today, my initial reaction was wow, Google is going to fail again. I mean, with Wave, and then Buzz, and I figured this was just another in the line of failures.

However, after looking into it and reading about it, it is actually very cool looking. I look forward to trying it out live when it's ready.

katieben 6 days ago 3 replies      
Awesome, can't wait to try it! Circles sounds like just what everyone wants. I think I'd switch to any half-decent social network made by Google. I do hope they provide a way to use the Facebook data export to make switching easy.
thirdsun 6 days ago 0 replies      
I have to admit that the stuff shown on Googles demo page looks really good. I really appreciate the focus on social circles as I really don't want to share everything with everyone but rather address different groups of friends.

Overall this seems to be very well thought through with some fresh ideas.

Ryanmf 6 days ago 0 replies      
Facebook launched at schools not called Harvard the Summer preceding my freshman year of college. It went live at my school a few weeks into that first semester. I enjoyed it immensely and observed it carefully, but sometime in 2007 it really began to wear on me. Later, (~2 or 3 years ago) I more or less withdrew from using it altogether.

Circles addresses something like 70% of my gripes with Facebook. Of course, we still haven't seen Google successfully build a social network, so nothing's really been addressed until everyone joins the party (or doesn't). Google+ looks interesting though.

Too bad my primary Google account is my Apps account for my primary domain, and since Apps accounts don't have associated Profiles anymore, I don't get to play. Then again, I'm still dealing with the fallout of the transition to "The New" Google Apps, having already used my domain email as a Google account to sign up for really exotic things like Google Reader, so perhaps I don't need yet another new plaything at the moment.

I will add that I think the Huddle and Hangout components may offer"in the case of the former"good competition both on Android and in general to iOS Messaging/BBM (the only hang-up that has me short of sold on iOS messaging is people don't yet think of their Apple IDs as communication accounts/channels, their Gmail accounts on the other hand...), and"in the case of the latter"someone not only to compete with Foursquare, but perhaps to answer the question from normal folks: Why "check in" anywhere to begin with? (Because you've arrived at the "anywhere" you just "Huddled" over meeting at, your phones already know it, and if you acknowledge their requests to "Hangout" together, even more of your friends may show up. Or something. That last part's a little hazier for me. What if you want to broadcast to the world that you're enjoying your new favorite tea spot, but you don't want to say which 5 people you're with and risk persons 6 and 7 whom were specifically not invited showing up? In any event it seems to me a more human workflow than "Go places, check in, get points/kittens/whatevr."

Pistos2 6 days ago 1 reply      
I'd have to see these Circles in action, but if they're what I think they are (e.g. you'd make a "Work" circle, a "Family" circle, a "Casual Acquaintance" circle, etc.), then Diaspora has that concept: They call them "aspects". I must admit, "circle" seems like a better term than "aspect", though.
terinjokes 6 days ago 0 replies      
Ironically, the "Keep Me Posted" page has Javascript blocked by Chrome.
ChrisArchitect 6 days ago 1 reply      
it feels so closed off. Silo'd. Makes me shudder.
zephjc 6 days ago 4 replies      
Thing's I noticed trying out the demo:

- You can only have add a person to one "circle". If I wanted to add someone to two or more, I'm SOL. Maybe they will change this.

- A "circle" can only contain a certain number of users before it runs out of room. I haven't seen how it deal with this - does it shrink the circles as you add more? What happens if there are 500 people in one, would they be a bunch of 1 x 1 pixel dots? Or does the circle just say "You can't add any more people"?

rch 6 days ago 1 reply      
If G+ knows individuals, then search results served to other known (or unknown) individuals could reflect the subject individual's 'circles' settings. Ergo, individuals in general have a significant, possibly material, incentive to take part in G+ to the greatest extent possible.

search > social

rektide 6 days ago 1 reply      
I'm really excited I don't have to build my own XMPP Muji client[1]. Hang-outs are something I've wanted for a long long time; passive virtual spaces. Goonfleet used to go crazy with Stickam, but it was more event oriented, less passive. Hopefully this can be a good marker in helping people actually communicate and build community over the net, v. individual play.

[1] http://telepathy.freedesktop.org/wiki/Muji

johnrob 6 days ago 0 replies      
Apparently another feature was to automatically set your gchat status to "available". That explains why I got a bunch of messages yesterday morning.
makthrow 6 days ago 2 replies      
Very bad marketing here. Whoever chose the name "Google+" should be fired. First, the name confuses people with google's +1 button. Second, what does "+" have anything to do with a social network? It gives you no information at all about the service. They should have called it "google circles" and emphasized that Google Circles let you compartmentalize your social network, as opposed to facebook.
Bam, instant differentiation. Instead we have a product that tries to do too much and needs a demo to make people understand.
lparry 6 days ago 1 reply      
I see they're using their 'winning' wave strategy again.

1. launch a social platform, but restrict signups to the point where nobody with access has any contacts on the service

2. keep it locked down until the buzz/hype is all gone

3. open it up to everyone and let them wonder why there was any buzz/hype in the first place

If they dont let early adopters use the platform and give the crucial early feedback, they might as well throw in the towel now.

hollerith 6 days ago 1 reply      
I might delay learning anything about Google+ until I have some evidence that Google is not going to kill it in a few months :)
olalonde 5 days ago 0 replies      
I hope it won't be blocked in China.
MetallicCloud 6 days ago 1 reply      
> "Everyone has high-speed networks these days"

Oh really? Tell that to a bunch of my friends who are either forced onto dial up, or 1.5Mb internet.

Not everyone lives in a big city.

genericbrandx 6 days ago 0 replies      
Anyone want to wager when Google Mindmaps will debut?
rektide 6 days ago 0 replies      
I haven't heard anything about API's or developers.

Another annoying case of "do no evil" not implying anything about actually pushing the state forward or helping. I'm not altogether that interested in the greater of the two silos, although I am excited by a state of play other than facebook moseying down the field palming the ball in one hand.

presty 6 days ago 0 replies      
I wonder what huddle.com has to say about Google's Huddle..
Google+ Demo google.com
275 points by cskau  6 days ago   76 comments top 23
kyro 6 days ago 4 replies      
I'm really looking forward to trying this out, and here's why:

With Facebook, I felt as if I was on this huge football field with all of my 'friends.' I could lean in to whisper with a friend here and there, or even put on some face paint and huddle together with like-faced friends to form a group. But everyone could still see me, and I could see them " I just had to peer down the field. I can't really say things to my group that I'd normally say in private because with all these people on the field with me, someone would certainly overhear us!

With Google+ the structure is different. Rather than a field, it's more like a big building with many rooms. Each room can be decorated and tailored to a specific group of friends who hang out there. Best part is once I'm in the room, I can close the door and be myself! I can go up two levels, change hats, and walk into a different room.

tl;dr Google+ lets me fully engage my various social sides, whereas Facebook never really let you as you were always in the eye of the public.

Edit: One thing I did notice that I wish they would change is that it seems as if a friend can only be placed into one circle. Often times there's a lot of overlap among my social circles and friends may be part of at least two different groups.

Dove 6 days ago 2 replies      
This looks to me like Don't Be Evil showing up as a competitive advantage. Facebook seems want my data and my network for its own exploitation; Google seems to actually be thinking about what's best for me.
markbao 6 days ago 2 replies      
Really well done, interactive demo.
mattwdelong 6 days ago 7 replies      
A little tangent here, but does anyone else find it increasingly difficult to manage multiple sessions on the Google platform?

I keep having difficulty not knowing which google account I'm logged into, having issues enabling/disabling features before I have access to a feature X and then, I find out feature X is not available with google apps hosted account; but it's available with my gmail account.

There really isn't a solution other than using chrome, incognito window and n browsers per google account. I sure it's a minority of the google user base having this issue, or I'm sure it would be dealt with. Anyone else experience this, and have a solution? I'm just short of abandoning data in all my accounts but one, and moving everything over to it (and forward emails).

andrewguenther 6 days ago 1 reply      
There are several reasons I am hopeful for this.

1. It looks CLEAN
While in my opinion one major reason Facebook ended up beating out Myspace was its wonderful interface, I feel like recent renditions have just lost that simplicity. I want connecting with my friends to be simple, not a bombardment of Farmville updates and a poorly designed messaging system.

2. Sparks
Hopefully Google will succeed where Facebook has failed in actually making keeping track of your interests, well...interesting.

3. Circles
Friend management in Facebook has always been one of my biggest complaints, Circles seems to be a legitimate approach to making organizing your friends a little bit more intuitive.

I am very excited to see Google+ roll out to the masses, and I do hope it is successful. Not because I want it to take Facebook down, but I think it wouldn't hurt to make them break a little sweat and think about their users a bit more.

v21 6 days ago 0 replies      
That's the best web demo I've ever seen. I'm a jaded person, but I clicked on all the things and did all the stuff and felt pride at using their (impressively easy) interface. Serious unexpected design chops from Google!
kno 6 days ago 4 replies      
I think one of main Google problem is Brand Fatigue, people are tired of Google this and Google that. Why not call it friend something or give it a generic name like Baboo, Facebook or something fresh that will give the impression that it is something new.
Vraxx 6 days ago 0 replies      
Honestly, I'd be open to trying this JUST for the circles. Too many times I've had to restrain myself from posting certain things because of the wide range of "friends" I have on facebook.
JanezStupar 5 days ago 0 replies      
I adamantly insisted through the whole Facebook is a Google killer period, that when Google decides and turns its eye towards FB's turf - they won't be able to compete. For two simple reasons:

1. Google has more of everything.
2. When Google commits to something they don't give up after a failed attempt. They learn and come back meaner and badder.

What I like about this service is that it offers (not in beta mind you) actual value as it seems. And I mean that in a productivity sense, not just vanity shots and addictive "click like an automaton" games.

I believe that it is time for someone to hire me as a strategist.

rheide 6 days ago 3 replies      
Can't put 1 friend into 2 circles? Great job on simplifying my social life..
RyanMcGreal 6 days ago 0 replies      
Bad sign:

> 404. That's an error.

> The requested URL /intl/en-GB/+/learnmore/notifyme.html was not found on this server. That's all we know.

earle 6 days ago 4 replies      
Flash instead of HTML5.......
Pistos2 6 days ago 1 reply      
The "Keep Me Posted" button brings me to


which is a 404. I had to manually delete "-GB" to get a 200.

whatever_dude 6 days ago 0 replies      
Whatever can make them close down Orkut faster, I'm down.
signa11 6 days ago 0 replies      
this is very nice, although seems to be overlapping with couple of independent offerings. to me, for example, sparks == instapaper, instant-upload == path/color etc.
vibrunazo 6 days ago 0 replies      
I'm specially interested in the potential of a developer API for this new Google Sparks. Since users explicitly list their interests. If google let's developers access user's interest graph with AppEngine. Then we can do some really really cool customized user experience with it.

My brain is going crazy with ideas after reading about this. Just imagine the possibilities... hmmmmm :)

fastfinner 6 days ago 0 replies      
Yesss, finally I'll be able to get off Facebook! Even though I use Facebook lists, circles seems a lot simpler and functional. For me, photos, and comments and discussions generated off photos is really important, so I need a social network that my friends are also on. The only other service that all my friends share is GMail, so this is really great.
kylemaxwell 6 days ago 0 replies      
Very slick use of Google Maps underlying tech, it looks like. Similar to Prezi, too.
alorres 6 days ago 0 replies      
This is great. The circle groups and the group chat is awesome. But I'm wondering how many groups you'd be able to create (would there be a limit?) and how the center stage of group chat works? It said in demo that the person talking or the loudest would be center but what if 3+ people hit the same volume level, or if like tinychat, there are multiple people talking? Would love to get a reply from someone in Google+ beta.
mitrick2 6 days ago 0 replies      
Tried to add myself to the waitlist, and got a 500 server error. When the waitlist fails, it doesn't inspire confidence.
bennesvig 6 days ago 0 replies      
The functionality feels really similar to Prezi.
curiousfiddler 4 days ago 0 replies      
Loved the hangout feature. Really!
crag 6 days ago 1 reply      
Good luck. When my grandma joins I'll take a look. She's on Facebook. ;)
AWS drops bandwidth pricing amazon.com
266 points by werner  5 days ago   93 comments top 21
rkalla 4 days ago 2 replies      
Making all in-bound traffic free is a super-aggressive (and much appreciated) move.

As blhack pointed out Voxel's per-GB rate[1] before AWS dropped was extremely competitive, but they charge for in and out-bound data. AWS, after the 1st of July will only charge $0.12 for out-bound data and $0.00 for inbound data, effectively making it something like $0.06/GB compared to Voxel (I'm hand-waving this a bit to make a point).

Also as wiradikusuma pointed out, this comes right on the heals of Google's App Engine pricing structure change[2] to be more business-friendly (read: more expensive/more predictable billing) that upset smaller shops and individuals.

As someone who reads most of the AWS forums every night, I would say overall that Amazon seems to be responding more quickly to low level failures that used to run rampant on the system (although US-EAST still has more failures than any other region. I guess due to overload). They seem like they are hitting faster/smoother, sounds like a good time to push forward and grow which I imagine this move will help do.

Getting a little excited to see what the price decrease for per-GB billing on S3 will be in the coming months following this up (my assumption).

[1] http://www.voxel.net/pricing

[2] http://www.korokithakis.net/posts/app-engine-pricing-changes...

timf 5 days ago 0 replies      
The pricing change is better understood with the tables here which include a "previous" column:


sriramk 4 days ago 1 reply      
This is probably a move in response to Windows Azure dropping its inbound data transfer rates to zero last week. When I was back in Windows Azure, we would often see AWS try to do a price-match whenever we changed prices drastically.
zmmmmm 4 days ago 1 reply      
I'm blown away. This radically changes the cost for one of my core products (automated browsing from EC2 machines). I've thought for a long time that EC2 was getting comparatively very expensive for bandwidth (simply not decreasing their prices). I thought they would have to change it, but I didn't expect free!
blhack 4 days ago 2 replies      
For another comparison, voxel.net (which serves imgur):


$0.10/GB up to 40TB

$0.07/GB up to 500TB

$0.05/GB >500TB

This looks like the cheapest "real" CDN I've seen. Awesome :) Not that I need it [yet], but here's to hoping :)

nigelsampson 5 days ago 0 replies      
I wonder if this was in reaction to the same pricing change from MS Azure http://blogs.msdn.com/b/windowsazure/archive/2011/06/22/anno...
Rickasaurus 5 days ago 2 replies      
Amazon is now the #1 choice for web scrapers everywhere :)
werner 5 days ago 1 reply      
My blogpost w background information: http://wv.ly/iLDaqu
tzs 4 days ago 0 replies      
This is big. It makes it a lot cheaper for a busy site to keep an up to date mirror at Amazon on standby for use in emergencies.
orijing 4 days ago 3 replies      
Dropbox must be super happy that half their bandwidth costs have disappeared!
latch 5 days ago 0 replies      
I don't even remember what the old pricing was. For the first (non-free tier), was it at 0.18? 0.12/gb is getting pretty cheap for non-bulk bandwidth of this quality.


above poster has link showing it was 0.15

wiradikusuma 5 days ago 0 replies      
this should put some pressure on recent Google App Engine price increase (fingers crossed)
MaxGabriel 5 days ago 1 reply      
For someone inexperienced in this market, why wouldn't they just say free? I've never heard someone sell something for "$0.00"
chaselee 4 days ago 0 replies      
Now if only Google App Engine would follow suit...oh wait they raised prices =/
kmfrk 4 days ago 0 replies      
The timing for this Django deployment script couldn't have been better: http://news.ycombinator.com/item?id=2700120.

I was going to look into deployment scripts for App Engine, but Amazon makes it more compelling to use AWS.

MrAlmostWrong 4 days ago 0 replies      
Everytime I see a price drop my first though is always, "I wonder how much this increases Dropbox's revenue?"
neworbit 5 days ago 1 reply      
Good lord, about time. Why was incoming bandwidth ever on the list?
Joakal 5 days ago 2 replies      
Why is bandwidth pricing higher in Asia despite bandwidth rates there being among the highest in the world?
nhoss2 5 days ago 2 replies      
ooh "AWS drops bandwidth pricing" come on please be true! darn it just inbound.
aolnerd 4 days ago 0 replies      
We're looking for even cheaper bandwidth for streaming audio. Can anyone recommend a vendor to provide 150mbit+ bandwidth on a vps platform or rented server platform?
anamax 4 days ago 1 reply      
I wonder how soon/if tarsnap will update their pricing.
Paper.js " The Swiss Army Knife of Vector Graphics Scripting paperjs.org
262 points by hakim  7 days ago   41 comments top 13
haberman 7 days ago 3 replies      
Why implement vector graphics on Canvas when you could use SVG?

EDIT: Seems to be answered in the FAQ: "We have decided to use the Canvas object as the main backend for now because it is faster than SVG and allows us to implement and optimize our own Scene Graph / Document Object Model. We will be offering SVG (and hopefully PDF) importing and exporting in the future."

But it seems hard to believe that doing vector->bitmap rasterization in JavaScript is going to be faster than using the browser's SVG implementation (written in C++).

gruseom 6 days ago 1 reply      
Regarding vector graphics performance, there's a weird way to use SVG that is sometimes much faster than Canvas: use string concatenation to build up a huge blob of SVG markup and then splat it into the browser all at once by setting innerHTML on an SVG element. We rely on this trick for UI performance in our web app. In fact, we do it on every scroll and/or mousemove. The amount of computation you can get away with in JS without noticeably slowing down the renderer is nothing short of astonishing.

Given how clunky SVG can be, it's surprising that this technique works so well. I believe the performance gain comes from batching everything you want to render into a single ginormous round trip between JS and native code. With Canvas, you don't have that option, so you have to cross the grand canyon with every call. The equivalent in SVG would be making a series of tweaks to the SVG DOM, and that's even slower. Much better to rebuild the entire DOM yourself in text and overwrite the old one.

As a bonus, you can take the same approach in IE using VML. Though the markup is different, the SVG and VML models are close to isomorphic - not close enough to abstract over without an annoying impedance mismatch, but much closer than either is to Canvas. Thus this technique affords a good way to get graphics performance out of both the modern browsers (SVG) and the pre-9 IEs (VML) for as long as the latter are around.

maresca 7 days ago 2 replies      
Has anyone used both this and raphaeljs? How do the two compare on features, browser compatibility, performance, etc?
fedorabbit 7 days ago 1 reply      
default smoothing example uses 52% - 62% CPU at run time on my macbook pro i7 duo core 2.66GHz laptop. Bouncing ball uses 100% on average. Pretty cool script! it makes a good example what today's browser is capable of.
kleiba 7 days ago 2 replies      
That website makes my CPU sweat.
aarondf 7 days ago 0 replies      
The Mona Raster, made with Paper.js


[EDIT] Slightly sharper eyes.

fomojola 7 days ago 2 replies      
Internet Explorer compatibility, anyone? I mean, I'm as much in favor of the latest and greatest as the next man, but...

RaphaelJS has IE covered.

noduerme 7 days ago 1 reply      
proce55ing is great for what it is / does, but there's a large gap between that and building functional games and animations, which isn't addressed by their screen graph model (nor this one). At issue, and missing, are parent-child relationships in which transformations and mouse events can be factored or transmitted up or down a display chain in the screen graph. To my knowledge, the only existing library that does this on Canvas is StrikeDisplay (strikedisplay.blogspot.com). In general, the ability to do that doesn't impinge on the ability to use native canvas vector functions in any way; but it simplifies the mixture of vector and raster images for animation, and acts as a better tool to let coders focus on the game they're trying to build rather than the intricacies of the canvas processing -- or to step it up, the raster and/or vector transformations -- behind something like:

var a = new Sprite();
var b = new Sprite();
b.x = 100;
a.rotation = 45;

Which ideally should rotate both a and b by 45 degrees clockwise, with b offset in the rotation around a's axis by 100 px.

laughinghan 6 days ago 0 replies      
The obvious comparison is with Raphael.js (raphaeljs.com)

Wouldn't it be great if someone did all the RaphaelJS examples in PaperJS, and vice versa, so we could compare performance and ease of use?

emiranda 7 days ago 1 reply      
Anyone happen to know where I can find general information on implementing something like this? http://paperjs.org/examples/chain/ I'm interested in implementing this mechanic in Flash (for a game). I looked through the source code and it seems like a lot of code just to get to the point. Hoping to find something more basic that I can port over.
mhd 6 days ago 0 replies      
I still miss Display Postscript.
Shana 7 days ago 0 replies      
Q-anyone have comparisons to the processing.js (processing) wrap?
florin_ 7 days ago 1 reply      
any 3d on canvas?
The Tale of OpenGL vs. Direct3D stackexchange.com
261 points by tilltheis  5 days ago   33 comments top 13
brudgers 5 days ago 2 replies      
Though well written, I think the article misses an important point. Microsoft designed Direct3D with games in mind and the culture surrounding OpenGL gave priority to productivity applications for engineering and design as is appropriate for something that was developed by Silicon Graphics.

The characterization of Microsoft being disorganized because they were working on OpenGL at the same time as Direct3D is a direct result of misunderstanding this difference. Microsoft had to address to entirely different markets: gamers for whom high frame rates were much more important than fidelity and engineers for whom accurate rendering was important (Even today, high end graphics cards for Windows workstations run OpenGL.)


3dLabs involvement with the development of improvements to OpenGL is symptomatic of OpenGL's emphasis on fidelity in rendering and the legacy of SGI from whence it evolved. The slow pace was perfectly acceptable to a group of serious people who care about standards and don't care about games.

3dLabs is also an example of the distinct segmentation of the consumer and engineering market for graphic cards in the PC market. The second PC I inherited in my first CAD job had was a 386 with an Nth Engine B752 - you could have built a kickass gaming system for the price of the card alone but it wouldn't put much of a dent in the price of an Iris.


Keep in mind that back in the 1990's all sorts of consumer grade graphic card craziness was going on in Windows boxes - e.g. VESA local bus [http://en.wikipedia.org/wiki/VESA_Local_Bus] and the volume of new Windows machines was exploding and many of them were running graphically intensive games.

marshray 5 days ago 2 replies      
The moderate experience I have with OpenGL confirms this explanation. However, it sort of misses the point. The author may be a bit too close to OpenGL to judge the relative significance of the all the historical details he knows.

Take a step back:

A) There's no way in hell Microsoft would allow OpenGL to take the lead from Direct3D on Windows and Xbox. They would wield the carrots and the sticks to prop up Direct3D (and perhaps even disadvantage OpenGL) if it ever came down to it.

B) OpenGL is a success by any objective measure. Nearly every platform except Windows and Xbox uses it exclusively. E.g. mobiles. Game consoles may have dedicated APIs but I'm sure there's a better OpenGL compat layer than a Direct3D.

Recently I've developed some code on Linux for OpenGL 3.3 with GLSL and it is awesome.

latch 5 days ago 3 replies      
As if Glide never existed

In all seriousness, I did 1 graphics programming course back in the day, and it was pretty insane. This was all in OpenGL. The amount of code required to draw the simplest scene was massive. I seem to remember there's a built-in teapot primitive, and I ended up just using that to construct everything (yes, there are simpler built-in primitives, but none nearly as cool as a teapot). I didn't do very well in that course.

goalieca 5 days ago 0 replies      
Wikipedia also has an extensive page on this topic http://en.wikipedia.org/wiki/Comparison_of_OpenGL_and_Direct...
Impossible 5 days ago 1 reply      
This is probably the most accurate view of the history of OpenGL vs. Direct3D I've seen on the internet. It goes into the actual implementation details of why OpenGL or D3D have been more or less popular for games\graphics programming over the years. Also follows my personal adoption of the APIs for projects pretty closely. Most other comparisons are too political or anti-MS, and are often written by people that have limited (if any) experience with Direct3D.
ANH 4 days ago 1 reply      
Another thing that isn't exactly helping OpenGL is Apple's slow creeping adoption of recent versions. I'm running the latest Snow Leopard and my code is reporting OpenGL 2.1.

I'm not really blaming Apple. I mean, on top of the core version they've implemented about 100 extensions with names like GL_ATI_separate_stencil, GL_NV_fragment_program2, GL_ARB_instanced_arrays, etc.. But the OpenGL 4.1 specs were released a year ago and I've got 3D code that runs significantly faster when I boot into Windows. Exact same hardware, but it's OpenGL 2.1 (+ extensions) vs. Direct3D 9.

barrettcolin 4 days ago 0 replies      
As a complement, Chris Hecker has kept some of his notes regarding OpenGL vs. Direct3D around:


It seemed quite important at the time that he- who begat WinG, which begat DirectX, some of which is covered in Renegades of the Empire, which someone else mentioned, which is certainly worth reading- went on to agitate for OpenGL over Direct3D. Now there's kind of a scrapheap of history vibe off of the whole thing.

rvkennedy 4 days ago 0 replies      
The article misses one of the more interesting recent developments - that via OpenGL ES, GL is effectively doing an end-run around the whole Direct3D roadblock. As several posters have mentioned, GL ES is the standard in all the major mobile platforms. Now WebGL is threatening, not without some MS pushback, to become the standard for native 3D on the web.

Almost by default - simply because DX is a Windows/Xbox technology, and these platforms (particularly Windows, but also the traditional consoles) are fading - and GL is ruling the new world of games - online games, Facebook games, web and so on.

It's rare indeed on HN to see much talk of Microsoft's continuing dominance, because in the web/tech world, that dominance doesn't exist. Games are changing too. And it's games we're talking about here - OpenGL has always run the show in serious applications of 3D, and that shows no signs of abating.

deathwarmedover 5 days ago 0 replies      
I feel a lot less ignorant of all that was going on behind the scenes whilst I was rocket-jumping, exploring black mesa, destroying diablo's soulstone, driving around liberty city etc
Fuzzwah 4 days ago 1 reply      
As a gamer all I knew was that Quake ran fast and Monster Truck Madness was framey as hell on my box. Thus I knew that OpenGL was good and Carmack was god and D3D was terrible.
gavanwoolery 5 days ago 0 replies      
I just wrote about this recently, although with more focus on Microsoft's mistakes post DirectX 9.0:



spydum 5 days ago 0 replies      
slow clap
IBM develops 'instantaneous' memory, 100x faster than flash engadget.com
261 points by alvivar  4 days ago   34 comments top 10
rkalla 4 days ago 6 replies      
Whenever I see announcements like this, I try and cap my enthusiasm -- I think reading about solid-state-drives in the 90s and not getting them until... well the last 2 years, I have learned to be cautious with falling in love.

THAT being said, this article suggests mass-production on a timeline of 5-years (give or take) along side other innovations like Intel's 50Gbps Thunderbolt.next() [1]

I'm really gunning for the world not ending Dec 2012 now; I want to see this stuff in a desktop PC ;)

Aside: It is fun to think about what changes to current industries would occur when computing power becomes insignificant -- for example, video editing/production, video games, voice recognition, security, etc.

Just in our industry, with the cost of a GB dropping to damn near $0.00, the first thing we saw was an explosion of apps dealing with huge data sets -- something previously only done by a few select mega-corps.

Anyone, just speculation and fun at this point.

[1] http://www.engadget.com/2011/04/29/intel-touts-50gbps-interc...

InclinedPlane 4 days ago 1 reply      
Faster than flash, much higher write-cycle lifetime than even SLC flash, if these hold up in mass production it'll be like christmas for everyone.
Joakal 4 days ago 3 replies      
To differentiate it from RAM, the word is PRAM.

More: https://secure.wikimedia.org/wikipedia/en/wiki/Phase_change_...

ajays 4 days ago 0 replies      
Wasn't IBM also responsible for bringing the Giant Magneto-resistive (GMR) technology to the spinning disk drives, thereby increasing their capacity many-fold? It looks like they'll do the same to flash with this PCM memory.

Keeping my fingers crossed.

PS: Did anyone else notice the gratuitous mention of "cloud computing" in the press release? :-D

jacques_chester 4 days ago 1 reply      
I would have preferred a straight-bat presentation, rather than the strained hangover jokes.
DharmaSoldat 4 days ago 0 replies      
It will certainly be interesting to see what happens with technology like this when it gets combined with others such as graphene, memristors, etc.

I agree with rkalla that tempering one's hopes towards it is probably the way to go, but it's always nice to see someone pushing the envelope.

stupidhurts 4 days ago 2 replies      
incidentally, does anyone know how close memristor cells are to mass production?
zwieback 4 days ago 1 reply      
Aren't the wear-out numbers for flash understated? I seem to remember that the flash I've worked with is in the tens to hundred thousand cycles already but maybe that's not what's in consumer products?

Also would be interesting hear about power consumption for read and write.

maeon3 4 days ago 1 reply      
Now the bottleneck will be the CPU in a huge way. Intel we need a few orders of magnitude faster processors now!
jvandenbroeck 4 days ago 0 replies      
It's time to buy some IBM shares
Very clever story telling using HTML and Javascript... hobolobo.net
258 points by dclaysmith  16 hours ago   27 comments top 9
silvestrov 15 hours ago 2 replies      
For each page, you must use the horizontal scrollbar to see see the animation and the rest of the images.
mambodog 14 hours ago 1 reply      
I am working on something similar to this, though I've implemented a renderer like that of a game, with all visible elements being rendered at 30 fps, foregoing DOM manipulation for writing HTML text directly to innerHTML[1], and culling non-visible elements. This avoids the slight jerkiness that exists when scrolling on the linked page.

[1] http://www.youtube.com/watch?v=_RRnyChxijA&t=22m56s

hobolobo 14 hours ago 0 replies      
Well, this is awkward. (Check u/n)
I am unable to claim responsibility for this :)
kungfooey 15 hours ago 0 replies      
Wow. This is fantastic. Clever story, clever execution, clever little surprises in the illustrations. Can't wait to see what else this guy comes up with.
jpdelatorre 14 hours ago 1 reply      
Looks really cool. This would be an amazing tablet app for children. +1 if there's a voice over option. Although it seems a LOT of work to put together.
petewailes 15 hours ago 5 replies      
So, I've got a question... Whilst this is undeniably cool, can anyone actually anything beyond short children's literature being told this way?

As a more random note, what innovation have people seen/would people like to see in the literature space? How would you tell a novel online?

Discloser: am writing a novel, and reserve the right to totally take any ideas from this and incorporate them. If I do, you'll get a credit in the book.

ineedtosleep 3 hours ago 0 replies      
Microsoft also made something similar to show off IE9's HTML5/CSS3 capabilities. I don't have a link handy, but it should be easy to find.
inportb 12 hours ago 0 replies      
I really enjoyed the experience!
sigvef 10 hours ago 0 replies      
http://hobolobo.net/what-is-this-thing thinks I'm using Internet Explorer, when in reality I'm using Chrome 14.0.803.0 dev-m.
       cached 5 July 2011 04:11:01 GMT