hacker news with inline top comments    .. more ..    9 Mar 2012 Best
home   ask   best   7 years ago   
There is no point to distributing music in 24-bit/192kHz format. xiph.org
703 points by nullc  3 days ago   316 comments top 44
sjwright 3 days ago  replies      
I must say I get rather irritated when people spend time worrying about dubious 'tweaker' methods to improve their audio, when the most under-performing component of most people's sound equipment also has the lowest-hanging fruit: The room itself.

When people ask me where they should spend money to improve the quality of their hi-fi or home theater system, in nearly every case my response will be something like "get a thicker rug" or "put something on this wall to absorb sound reflections, even if it's just a bookshelf."

Beyond that, I'd tend to say something like "stop being so paranoid about what you think you can't hear, and enjoy the damn music."

cmer 3 days ago  replies      
There's a lot of scientific-sounded content in this, but unfortunately most of it couldn't be further from the truth. I'm an ex-audio engineer and studied digital and analog audio engineering; this has been debated to death over the last 15 years.

Digitally recording a triangle is the best example of why 48kHz is very limiting. The distinct sound of the triangle constitutes of a high fundamental frequency, ballpark 5kHz and of many very high-pitch harmonics. Most of these harmonics are above 20kHz. The harmonics are what makes it sound like a triangle, not the frequencies below 20kHz. This is why the triangle is one of the hardest instruments to digitally record. It always sounds like crap.

In theory, it's true that the human hear can't hear above ~18kHz, but it can hear the influence of the very high pitch harmonics on a lower frequency.

EDIT: here's more data backing what I said http://www.cco.caltech.edu/~boyk/spectra/spectra.htm

EDIT 2: typos, frequency mistake

Anechoic 3 days ago 0 replies      
For those of you who are interested in just how much of a golden ear you truly are: download Harmon's "How to Listen" software for Windows or Mac OS X http://harmanhowtolisten.blogspot.com/ scroll down).

Harmon requires its trained listeners to pass tests based on this software before participating in juries to evaluate Harmon products. It doesn't directly address the sample rate/bit depth issues discussed in the linked article, but it does address a lot of the issues brought up in the HN discussion, so you can have a chance to see how much those characteristics really matter.

You may be surprised.

Derbasti 3 days ago 3 replies      
He raises a lot of valid points. However...

192 kHz is clearly overkill for listening. Not so for further editing of the data.

Same goes for 16/24 bit, however, the difference between 16 and 24 bit is actually audible.

44100 is not a bad sampling rate, but it necessitates very sharp aliasing filters, which are audibly bad. A bit more headroom is well needed there.

That bit about intermodulation distortion is complete bogus. He talks about problems when resampling high-fs audio data. However, you would never do that. You would digitally process 192kHz all the way. Only your loudspeakers or ears would introduce a high-pass filter, and a rather bening (flat) one at that. There is certainly no aliasing going on there unless you resample (wrongly). Intermodulation distortion is not the fault of the sample rate.

I mayored in hearing technology. Calling 192/24 worse than 44.1/16 is total BS. How useful it is is a different debate.

JangoSteve 3 days ago 6 replies      
Even without debating the science and signal processing arguments raised...

In any test where a listener can tell two choices apart via any means apart from listening, the results will usually be what the listener expected in advance; this is called confirmation bias and it's similar to the placebo effect. It means people 'hear' differences because of subconscious cues and preferences that have nothing to do with the audio, like preferring a more expensive (or more attractive) amplifier over a cheaper option.

The human brain is designed to notice patterns and differences, even where none exist. This tendency can't just be turned off when a person is asked to make objective decisions; it's completely subconscious. Nor can a bias be defeated by mere skepticism. Controlled experimentation shows that awareness of confirmation bias actually increases rather than decreases the effect!

Doesn't that completely negate his conclusion, that there is no point to distributing 24/192 music? If people want to pay for 24/192, and even he just admitted that they will legitimately enjoy it more, how can you conclude there is no point?

Life is short. I want to enjoy things. Whether or not my enjoyment can be quantified or scientifically defended, I really don't give a shit. But that's okay, if you don't want to sell me 24/192 music, Amazon will. Between this and DRM-free content, it's no wonder I buy all my music from Amazon these days.

wickedchicken 3 days ago 7 replies      
For an article containing a lot of "well, if you knew signal processing..." there are two fairly major oversights:

1) Any well-designed system is going to have headroom. Period. Just because 48kHz can capture the frequencies the human hear theoretically, it's always good to have a little wiggle room. This comes into play even more with interactive situations: humans are particularly sensitive to jitter. Having an "overkill" sample rate lets you seamlessly sync things easier without anyone noticing.

2) 192kHz comes with an additional benefit besides higher frequencies: it also means more granular timing for the start and stop of transients. More accurate reverb would be the obvious example. I don't know if the human ear can discern the difference between 0.03ms and 0.005ms but it's something I don't see mentioned often.

blackhole 3 days ago 1 reply      
You always record stuff at 24-bit/192 kHz for many reasons usually involving minimizing analog artifacts and to give you a lot of information to work with. You use 32-bit float wavs to transport stuff around so you don't have to worry about normalizing levels and clipping. Lossless formats drastically improve the quality of transients by an enormous degree. But every single objection to this is either ignoring the points of the article, or talking about the benefits of recording at high fidelity, when this entire article is pointing out that once you have _finished a mix_, there is no reason to distribute things in 24-bit/192kHz. Most speakers can't even play about 20kHz anyway, which makes the entire point moot. I don't care if you have a bajillion kHz, the speakers can't play about 20 kHz, so your screwed.
jwatte 3 days ago 0 replies      
The sampling theorem is for static signals and perfect filters. Turns out, music isn't static. Once you have transients in the program, you need higher bandwidth or you will end up with phasing effects (time domain aliasing.) This is plain from the math!

Filters are also not perfect (but good oversampling filters are not the weakest link)

Further, even perfectly dithered 16 bit data can't go 20 dB below the quantization floor, unless you give up on frequency response on the high end. Again, this is plain math.

With a calibrated 105 dB low-distortion sound system, in a quiet room, I can hear imperfections from 16 bit, 44 kHz material, especially in soft flutes and triangle type percussion. Of course, D class amplifiers, and MP3 encoding, do worse things to the signal, so let's start there. But 20 bit, 96 kHz (or at least 64 kHz) are scientifically defensible, when analyzing the math and the physics involved. No snake oil needed!

WalterBright 2 days ago 0 replies      
My hearing has declined over the years, to the point where audiophile gear is a complete waste of money. For example, I can no longer hear the difference between a cassette tape and an LP. I still listen to and enjoy music all day, but no longer worry at all about the sonic quality of it.

My advice to you younger guys is to keep the windows rolled up while driving. I have no other explanation why my left ear is much worse than my right.

nileshtrivedi 3 days ago 6 replies      
What I would love to have is: independent instrument/vocals tracks along with a default recommended "mix". The default mix would be used for normal playback and independent tracks would be great for custom mix / karaoke etc.

Is this too unrealistic to expect? Has something like this been tried before?

polshaw 3 days ago 0 replies      
I have to say that was probably the most comprehensive dealings with the issue of sample-rates I've ever come across. I'm not going to make the mistake others have of claiming falsehoods (all of which i've read so far have been debunked to my satisfaction by the HN users-- i'm impressed, guys).

As pointed out, mastering has vastly greater effect on the audio quality (and is often pretty poor[1]), and is the reason vinyl records often can sound better than their digital counterpart, despite being an inferior technology[2]. The DAC used also has a massive effect on the sound once you get into decent quality equipment.

Like the author, i'd also love to see some expansion of mixed-for-surround music.

[1] a lot because of loudness wars, as pointed out in the post, but also just due to a lack of time/care/love(/demand?).

[2] http://www.hydrogenaudio.org/forums/index.php?showtopic=6175... This thread explores the bit-depth of vinyl records, beginning with a claim of a maximum 11-bit resolution-- limited by the width of a PVC molecule the record is made from.

untangle 3 days ago 0 replies      
This article is one of the most lucid and accurate that I have read on this topic.

However, one thing that's missing here (and in nearly all other similar pieces) is a full discussion of the prerequisites of the sampling theorem. For example, the signal must be bandwidth-limited (and no finite-time signal can be).

But this is a minor concern, as there are many elements in the analog domain of the recording and playback chains that serve as low-pass filters - starting with the mics. So bandwidth-limiting is effectively achieved.

For a similar reason, the discussion of the "harmful" effect of high-frequencies to playback electronics and loudspeakers to be a bit overdone IMO. Peruse the excellent lab results of modern audio gear on Stereophile's web site. You'll find that bandwidths exceeding 30kHz are rare.

One last thing. When doing subjective "testing," keep in mind that what some folks are hearing may be limitations of their gear. For example, most DACs derive their clocks for higher sampling rates (88/96/176/192) by clock-multiplier circuits. IOW, 44kHz and 48kHz are the only ones clocked directly by a crystal. These multiplier circuits are often noisy, contributing to jitter. The audible effect of this jitter is hard to predict.


PS As an avid audiophile, I find the clash of subjectivists and objectivists on this normally-buttoned-down forum to be a bit of a trip.

Andys 3 days ago 1 reply      
This is a really convincing article that makes me want to set up a double blind test for myself with my own equipment.

In my own tests I believed that I couldn't tell the difference between 16/44 and 24/96 on high quality loudspeakers, but I could with high quality headphones. The studies cited all seem to use loud speakers in testing.

Also worth noting, the article states that obtaining 24/96 source material sometimes means you get better mastered material, which still sounds better after down-sampling back to 16/44.

noonespecial 3 days ago 2 replies      
I was under the impression that two inaudible high frequency tones could interfere with each other to create an audible interference pattern. (I think known as a "beat frequency").

If this is the case, then all of the arguments in the world about the maximum audible single frequency are irrelevant. Imagine music composed entirely of these beat frequencies and performed with a pair of oscillators between 25kHz and 35kHz. Without higher resolution encoding, it would be audible IRL but the recording would be silence.

blahblahblah 3 days ago 1 reply      
I mostly agree with the article in the context of distribution of a final mix. However, the article ignores one glaringly obvious reason to distribute in 24/192 format: to allow the listener to be a participant in the creative process, enabling better results for amateur musician listeners who want to sample or remix the audio or for DJs to get better results when altering the tempo for beat matching one track with another, etc. Of course, if you're going to do that, you might as well distribute in a multi-track format instead to maximize flexibility for the end user (Want to sing karaoke? Just turn off the lead vocal track for playback).
ChuckMcM 2 days ago 0 replies      
TL;DR - long and detailed information about why if you got music in 24/192 format you couldn't tell the difference between it and 16/48 music.

I chuckled because this is so true, and yet tell that to the people who buy oxygen free copper 'monster' cables for their speakers, being careful to align the arrows with the direction of the music from the amplifier to the speaker. People, even otherwise reasonable people, will swear up and down they can hear the difference.

rbanffy 2 days ago 0 replies      
Minor nitpick

> The FLAC file is also smaller than the WAV, and so a random corruption would be less likely because there's less data that could be affected.

At the same time, if you flip a bit on a WAV file, you may hear a "pop" sound. On a FLAC file, the whole encoding block may be inaudible (or worse).

jdc0589 1 day ago 0 replies      
There is no harm in releasing higher quality uncompressed or loss-less tracks. At the worst they will bring in some new customers, such as myself, that currently will not buy music online. Why would I pay $10 for an album as a highly compressed download when I can pay the same price for the CD and rip it to FLAC myself? I realize I am in the minority here, but as CDs phase out even more, there has to be some other way for consumers to obtain high quality versions of tracks.

Footnote, you don't have to have a >$10,000 setup to benefit from higher quality tracks (compared to the downloads that sometimes have 'questionable' quality). I have two systems, a full range stereo (front left and right) setup for nearfield listening at my desk thats +/- 1DB from 50hz-20khz. The other is a stereo setup in my media room; 2 way quarter wave transmission line, +/-3DB 40hz-20khz. The point is, there are a lot of people with less than $1200 in audio gear that still want lossless tracks made available. Who cares if the human ear can't discern much of the extra information, we still want it.

jlft 3 days ago 1 reply      
In normal listening conditions and for most people the difference between 16/44 and 24/192 is inaudible.

Given a 5 minute song, if I have the choice to download a 11MB file (320kpbs MP3) or a 330MB file (24/192) I would of course choose the 11MB file. The sound quality is perfectly acceptable and the file size much more convenient to manage (storage, backups, etc.).

In terms of the convenience of managing the file size and sound quality I think 320kbps MP3 is the best compromise.

Here's a file size comparision of a 5 minute stereo song:

MP3 128kbps > 5 MB

MP3 320kbps > 11 MB

Uncompressed 16/44 > 50 MB

Uncompressed 24/192 > 330 MB

When talking about sound quality there is a much more relevant issue: the amplitude compression (distortion) abuse used by mastering engineers and producers that totally destroys the dynamic and life of the sound. That is a real issue. When buying a song there should be two versions to choose from:

A) "Loud", dynamically destroyed / distorted version.

B) Normal, dynamic, non-distorted version.

Today only version A is available to buy.

leouznw 3 days ago 1 reply      
I know a bit of sound engineering, waves and so..
I totally agree with the title and the first 60 lines of article, and I add my POV:
1. Most of the people doesn't care,
2. What apple did is just about marketing,
3. Most of the people who says that care is pretending,
4. Zeppelin still rock the shit in a poor quality mono mp3 recorded by a drunk guy in the audience of a concert in 73.
sliverstorm 3 days ago 2 replies      
So, presuming we take this example:


The key to reproducing the original signal from the digital signal is a low-pass filter that rejects everything above the sampling rate, correct?

That is to say, what I am getting at is while the original signal can be reproduced, it requires properly tuned, and probably reasonably high performance, hardware to remove the higher frequency components of that square wave. Can you count on consumer grade hardware to do this well?

yu 1 day ago 0 replies      
From Footnote 1:
[...] If we were to use the full dynamic range of 24bit and a listener had the equipment to reproduce it all, there is a fair chance, depending on age and general health, that the listener would die instantly. The most fit would probably just go into coma for a few weeks and wake up totally deaf.
bryanlarsen 2 days ago 0 replies      
One of the strongest things that makes this article credible is that in it we have the author of Ogg Vorbis recommending that we stop using Ogg Vorbis (and all other lossy compression formats).
neilalbrock 2 days ago 0 replies      
A few years ago I became really interested in recording music. I had been writing a little with a friend, using whatever crap equipment we could afford, the results weren't amazing but we were having fun and staying focussed on the music itself.

Then we starting recording other people. I became obsessed with gear, software and all the associated toys that go with any technical pursuit. I'm a programmer, so it's easy to understand how that happens but I totally lost sight of the music, spent way too much money and equipment that was nowhere near being required and generally lost the plot. I was tracking everything 24-bit/96kHz and bemoaning the loss of quality when I mixed down for CD.

Anyway, the TL;DR version of what followed was that we recorded quite a bit, lost interest in making our own music and then the whole adventure came to an end. Now my gear is leaving via eBay and I'm finding my way back to just playing guitar and trying to write good music.

24-bit/192kHz - pointless. Give me a small venue and a guy with an acoustic guitar any day.

agentgt 3 days ago 1 reply      
I know this is slightly tangential but are hi-end DACs really worth it? I have always been amazed how much audiophile DACs cost ($300-1000). The reality is I listen to 320kbps music that was most likely recorded at 44100. DAC technology is not exactly new. So why the price?

Another tangent: To me it seems audio engineering should fix the "woofer". That is it seems subwoofers have terrible distortion.

tcarnell 2 days ago 0 replies      
Has anyone had a look at their hi-fi amp recently? If probably probably doesn't handle much more than 80 kHz and your speakers probably dont respond to anything over 20 kHz. So yes, 192 kHz is pointless UNLESS you intend using it for studio quality editing/mixing - and I'm sure Steve Jobs would not have encouraged this!
zzygan 3 days ago 0 replies      
This is a good article, however the guy who has been pushing this for years and years now, is a man called Dan Lavry. In fact he wrote a very good, rigorous explanation a few years back,in very readable and well written form.


tammer 2 days ago 0 replies      
I find mp3 and aac compression artifacts to be monstrously irritating. I have no idea how the majority of the world seemingly can ignore them.

Further, I can hear a difference between 44.1kHz and 96kHz. Whether you can hear that difference is up to you. (The word-length is a red herring - there's no new information contained in a 24-bit recording vs 16.)

IMO anything less than flac and you're missing something. Higher sampling frequencies do add to the sound, but in a way that is almost invisible to the untrained ear. Perhaps these should be distributed at a premium the way SACDs and similar "audiophile" formats were in the past?

yzhou 3 days ago 1 reply      
The hearing of ears is a time-domain thing, not a frequency domain thing. It's the frequency response of all the frequency components added together. people might not be able to respond well to a single high frequency tone, but might respond well to a combination of tones.
jaekwon 3 days ago 1 reply      
The article AFAIK states little about distortions introduced in remixes & samples. I would expect certain high frequency samples, when mixed together to overlap in time, would introduce moire artifacts (beats).
tintin 2 days ago 1 reply      
I think this only applies to headphones. People also 'hear' sound with there body (skin). Maybe you could call it experiencing sound.
And then there are resonating sounds that cannot be heard but help to create other sounds. But maybe this won't apply to a recording because your will record the result and not the tones that make the result.

This is a great article but I'm still not convinced people cannot have a sensation of sound out of there hearing range.

jensnockert 3 days ago 2 replies      
I just want floating point, then this silly loudness war would end (to some extent, since you can make the mix almost infinitely loud).
yzhou 3 days ago 3 replies      
A person can not hear a 22kHz tone doesn't mean he can not hear a sound that contains 22kHz components. For example, a square wave contains lots of high frequency harmonics, the more higher frequency harmonics it have, the "squarer" the square wave gets. An ideal square wave forms ideal "0" "1" states. A person's ear might not be able to hear a 22Khz sine wave tone, but he might be able to sense the steepness of "0" "1" state.
thewisedude 2 days ago 0 replies      
I am told that a similar argument can be made between TV's that display at 120 Hz as opposed to 240 Hz. i.e there is no discernible difference!
mistercow 3 days ago 2 replies      
> Can you see the LED flash when you press a button? No? Not even the tiniest amount?

I used to be able to see it when I was a kid (it looked very faintly red), but I just tried it and couldn't see it at all. That's actually a little bit disturbing.

diminish 2 days ago 0 replies      
Would someone explain should I use 44.1 or 48Khz?
naughtysriram 2 days ago 0 replies      
I think 192kHz is the sampling rate used by the A2D converter vice verca. It is not the actual frequency of the sound (data).
rbreve 3 days ago 0 replies      
Unless you are a dj or producer and would like to sample or time stretch the tracks.
That's why Beaport offers a wav download option, that many djs/producers prefer.
hackinthebochs 3 days ago 2 replies      
One thing I don't see addressed is the experience of feeling frequencies that can't directly be heard. There was a study done with a particular piece of classical music, with and without a particular inaudible component to it. The presence of the inaudible component drastically changed the listeners perception of the music. They described it as more dark or creepy (perhaps not the actual words used, but it matches the sentiment). The point is that there may be value in reproducing frequencies that we can't "hear", as inaudible notes can alter the experience of the music.

*not the study I was referring to but its along the same lines: http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5291...

citizenspaced 3 days ago 1 reply      
I don't understand why anyone gets down on 24-bit consumer audio.

Specifically because CD-quality 16/44 audio has midrange distortion present during complex passages that is completely eliminated and non-present in 24/96 sources.

Listen to "Us and Them" off a 16/44 CD version of the Pink Floyd album Dark Side of the Moon. When it kicks into the chorus, it becomes totally distorted and everything in the midrange bleeds into each other. It's a mess.

Then, try listening to the 24/96 Immersion box set copy or a vinyl-sourced 24/96 rip and you'll find it's gone. When the song gets complex and loud, everything remains totally clear, each instrument stands on it's own, it doesn't become an awful distorted jumble.

You could argue that it's just the quality of the master that makes the difference; but if you take a copy of the original transcoded to 16/44 and compare it again with the 24/96 copy you can hear the same effect.

Why would anyone argue against high-resolution audio anyway? Sure, most everyone will probably just continue downloading 16/44 MP3s, but at least give us the option to have 24bit FLACs of the stuff we really like. Please and thank you.

hackermom 3 days ago 2 replies      
There is no point with going over 16 bits, but there is definitely a point with going over 44.1khz, as it allows you to actually reproduce waveforms more accurately than 44.1khz. Try reproducing f.e. a sinewave accurately over 4-5khz with a sample rate of just 44.1khz - it cannot be done, and at this point we haven't even taken into account the issue of varying slew-rate characteristics of the thousands or so different DAC output stages in use in personal audio equipment.

44.1khz gives too much aliasing distortion, but 192khz is quite the overkill. Ideally, digital audio could sit on 16 bits of depth sampled at 96khz.

coopersloan 3 days ago 3 replies      
Huh, I think people truly advocating 192 as a distribution format will be few and far in between, a really good and cheaper sampling system can be put together at 96. Still, a lot of things in this article perplex me.

Human hearing is limited to 20k because frequencies higher than that are perceived as painful? Dont agree with that one.

24 bit doesn't offer any advantages to sound quality? Sheesh.

And the crux of the argument is intermodulation distortion increases when you try to represent more frequencies? Isn't that an argument for a faster power amp?

aiurtourist 2 days ago 3 replies      
Science be damned! Onwards with subjectivity!

• 24-bit audio is magical. When I recorded myself playing guitar in 24-bit and played it back through my amp, it sounded like I was still playing. 16-bit sounded like a CD.

• With MP3s, 192 kbps is a huge step up from 128 kbps. 192 doesn't exhibit any of the "swooshiness" heard in the upper range of 128 kbps MP3s for regular rock/pop/hiphop music.

joccam 2 days ago 1 reply      
Sometimes less is more. The debate goes on. Why not just let the music play? And by that I mean high resolution music. All you need is one person who can hear high frequencies, and all the technical mumble-jumble becomes hogwash.

People actually _believe_ the 20KHz argument that anything above is inaudible. That's hogwash. I know because I can hear (or sense) higher frequencies, and I do not have the absolute best ears I've ever "met."

For example, last week I attended a A/V equipment event with very high-end equipment. It was packed --- over 600 people for one evening. 6 rooms of equipment. I'm sure all six served the same fare according to the 20-20KHz argument of this piece, yet they all sounded quite (or even extremely) different.

The 20 KHz argument is a myth. For people who can't hear the difference, no problem. But please do refrain from ruining or hobbling music for the rest of us... who can hear a wider frequency range.

Yes, some people are color blind. Does that mean the rest of us shouldn't use color? I hope not.

Music is an important wholesome and potentially emotional part of human life. Please do not cap it with "false optimizations".

24-bit/192 KHz is not inferior to CD quality sound. If you don't believe me, try a Linn system sourced on a Klimax DS with some high bitrate Linn classical music (or the Beatles Masters USB release!). If you can't hear the difference compared to low bit-rate (including CD quality) material, I assure you someone can. The low bit-rate will sound flat, hollow, less lively, or/and more coarse. Any number of problems exhibit at inadequate bit levels.

Vinyl is analogue quality (no discrete digital distortion). CD quality is a large step down from vinyl. A/V is just trying to get vinyl like quality from digital. We don't need nay-sayers impeding progress. If you can't hear the difference, please let someone who can hear make the informed decisions.


Font Awesome, the pictographic font designed for use with Twitter Bootstrap fortaweso.me
688 points by fortawesome  2 days ago   91 comments top 29
hornbaker 1 day ago 4 replies      
Brilliant. I absolutely love this, and will absolutely use Font Awesome in my next project.

While the name Font Awesome is catchy, it doesn't say much about the product, and won't carry seo juice or meaning for your main selling point: better icons. A name like "fonticons" (pronounced like "emoticons") might be stronger, and you could own that term which may go generic (like "kleenex") if the technique is widely adopted.

In fact, you could literally own it. After making sure a google search was relatively clean, and a USPTO.gov trademark search was clear, I just registered the domain fonticons.com, and would be happy to give it to you if you want it as a token of appreciation for your project.

ccollins 2 days ago 1 reply      
First, this is great. The Bootstrap Sprites definitely need some love and this is a solid forward step.

I am close to dropping in Font Awesome, but the small font sizes really need work. Here is a comparison screenshot of the standard bootstrap sprites vs font awesome sprites in Chrome on Mac: https://s3.amazonaws.com/gusta/sprites-less-vs-font-awesome-...

Again, awesome work. Font Awesome is on my short list to use once it's cleaned up a bit.

headbiznatch 2 days ago 1 reply      
I love font icons and these are great. Thanks for sharing.

Two notes:

1) When I first started using font icons, I encountered an issue that might be worth sharing - you need to make sure your web server properly handles the more esoteric file types that are included in the @font-face declaration.

2) Paperclip icon!!!! I'm sad when these icon sets are missing this very useful metaphor for "attachment": not "my dog just died" sad, more like "I wish I could fly" sad. I am just throwing that out there.

ot 1 day ago 1 reply      
The icons look great! The font rendering engine is still the cheapest and most convenient way for having small scalable graphics.

Note that this trick is as old as Windows 3.1, as Raymond Chen points out in his blog:


(The blog name "Old New Thing" is spot-on as always :) )

jazzdev 1 day ago 3 replies      
Yes, very awesome. Makes implementation much easier. But having just removed a font from our web app to improve performance (download time and rendering time) I can't help but wonder if sprites aren't lighter weight than using a whole font when you only need a few icons.
cobychapple 2 days ago 1 reply      
You have licensed this under the CC-BY 3.0 license (which requires attribution 'in the manner specified by the author'), but I can't see anywhere that you've specified how it needs to be attributed if used.

Is this something you can elaborate on?

tnorthcutt 1 day ago 0 replies      
I don't know if it would make sense for your plans, but have you considered looking into getting fontawesome added to Google's Webfonts collection? That could help drive mass adoption. Here's their submit form: https://services.google.com/fb/forms/submitafont/
rplnt 1 day ago 1 reply      
I have web fonts disabled (because of abuse by many developers) and this looks like rubbish. Perhaps there is way to fall back to image icons if font is not available?
fortawesome 2 days ago 0 replies      
It's been moved to a proper location:
remi 2 days ago 1 reply      
It says “Wide @font-face support means Font Awesome even works in IE4” but not as the way it is implemented on the demo page.

That technique is not compatible with browsers that do not support the :before pseudo-class (eg. IE7). The icons could be used though, but not that way.

ivobos 1 day ago 1 reply      
Looks good. Having a set of geo-location icons would make it even better. In particular:

1) Request geo-location - this icon can be used on buttons that request the device/browser to activate geo-location.

2) Location on map - this icon can be used on buttons that display locations on map.

jogloran 2 days ago 0 replies      
I wondered how these would look as iOS tab bar icons " I added a script to generate them using ImageMagick: https://github.com/jogloran/Font-Awesome
wiradikusuma 1 day ago 1 reply      
Just wondering, is it possible to combine this with the font we use in the website so we don't need to download two separate fonts? Maybe some command line tool?
chrisacky 2 days ago 1 reply      
What application did you use to make these fonts in the first instance?
I would quite like to have a go at making my own font icons. Could be quite useful in replacement of spritesheets.
logical42 1 day ago 0 replies      
This is terrific! I've ported your fonts into my variant of the many twitter bootstrap rails gems out there (https://github.com/logical42/Bootstrapped-Rails). Thanks a bunch for this great work! This is going to make my life, and many others, much easier! :
thekungfuman 2 days ago 1 reply      
Does using the <i> tag have any negative effect on the semantic markup of a page? I see that it doesn't impact screen-readers but what about if someone is trying to parse your HTML?
lostsock 2 days ago 1 reply      
Looks great,

I've just tried to implement them into a Bootstrap site (without LESS) and I seem to get a double up of icons.

It looks like both the default bootstrap icons and the Font Awesome icons are being shown. The instructions don't mention the need to download a custom version of Bootstrap, am I doing something wrong?

vailripper 2 days ago 0 replies      
This looks excellent, nice work.
ars 2 days ago 0 replies      
So, are fonts the way to get scalable graphics on websites?
clarkmoody 2 days ago 1 reply      
This is a great idea!

Wanting to use this font offline, I was trying to install the .ttf to my Windows fonts, but I was unable to do so. Windows claims that it is not a valid font file.

Any suggestions on why this is the case?

praxeologist 2 days ago 1 reply      
Request: an empty/reverse/outline icon-tint or droplet

Nice stuff, going to try to use it sometime!

patman81 2 days ago 0 replies      
Now if we just had a tablet computer with a super high resolution display, this would be perfect for it...
cwsaylor 2 days ago 1 reply      
This is fantastic. I'm going to try to use this in a Phonegap iPhone app right now.
Void_ 2 days ago 1 reply      
The website seems to be down.
TomatoTomato 2 days ago 1 reply      
Font Awesome or Fort Awesome... I'm confused.
pagehub 2 days ago 0 replies      
Wow, this is awesome... thanks for sharing!
RollAHardSix 2 days ago 0 replies      
Maybe it's been a long day, but this actually hurt my eyes. Too Perfect!! O_O

Did anyone else have eyesore issues when they first saw it?

zshapiro 1 day ago 0 replies      
This is seriously great. Thanks!
jasimq 2 days ago 0 replies      
Looks really sharp.
TSA Threatens Mainstream Media Not To Cover Story tsaoutofourpants.wordpress.com
604 points by ddelphin  7 hours ago   123 comments top 26
tylermenezes 7 hours ago 4 replies      
The term "security theater" has been tossed around a lot, but I think it's pretty clearly coming to that. Asking the mainstream media not to cover something like this is completely indefensible from a security standpoint - what, terrorists only learn about security flaws from TV?. It's pretty patently only about keeping their budget.

Also, just going to throw this out there, but it is fairly possible that the email is totally fake.

zotz 5 hours ago 1 reply      
"Totalitarian democracy is a term made famous by Israeli historian J. L. Talmon to refer to a system of government in which lawfully elected representatives maintain the integrity of a nation state whose citizens, while granted the right to vote, have little or no participation in the decision-making process of the government."


danso 6 hours ago 4 replies      
Just want to point this out: "strongly caution" is what the TSA flak told the reporter (according to the reporter). That doesn't necessarily mean "don't report this or we'll send you to Gitmo". It most likely was expressed in the context of "you're going to look stupid/spread misinformation if you do."

I'm not saying the TSA flak won't be vindictive if a reporter covers the story. I'm just saying, there's not an immediate reason to jump to this conclusion. You don't get to be TSA flak by writing thinly-veiled threats that are easily retrieved through public records requests.

tomkin 6 hours ago 0 replies      
So, the US collectively pays for the TSA. The TSA takes your money, buys into the accountability of body scanners - somehow miss (then deny) the vulnerability " one a terrorist could successfully overcome - and they're asking, what? That no one know about it? Are you serious? Like the TSA is a newb database admin that accidentally dropped the users table or something? The TSA is literally fucking with your lives and you pay for it and seriously being told to shut up about it in no uncertain terms. Yikes.

What gets me is that the person who pointed out this flaw actually demonstrated it. I shutter to think what would have happened to this information had he only provided anecdotal hypothesis.

milesf 7 hours ago 0 replies      
mrb 6 hours ago 3 replies      
The government supporting the TSA, despite its People pushing against it, is a prime example of failure of democracy in the United States. The People elected a government who does not what they want!

Some countries hold referendums to vote on controversial topics. It would be a great solution to hold one in the U.S. at the federal level asking a very simple question: "Should the TSA be shut down? Yes/No". Direct democracy at its best. Unfortunately the U.S. constitution does not provide for referendums at the federal level... http://en.wikipedia.org/wiki/Referendum#United_States

georgemcbay 1 hour ago 0 replies      
FTA: "For obvious security reasons, we can't discuss our technology's detection capability in detail"

The only situation that would make this "obvious" is if the technology is inadequate. Basically by saying that, they're admitting to a large amount of security through obscurity.

Imagine a bank's website saying "For obvious security reasons, we can't discuss how our passwords are store in detail". Wait, why not? If the technology is adequate to the task you should be able to explain exactly how it works without compromising anything!

grandalf 6 hours ago 1 reply      
The TSA probably views its own mission as largely a propaganda mission. It's just creepy when we realize that it is trying to silence public debate.

The biggest oddity to me is that it's been over 10 years and this debate hasn't actually happened in the mainstream media.

I think one aspect of most orgs that have entrenched power is that they are always very deferent toward government. NPR is a great example... there is lots of coverage of various wall street schemes, mention of greed as a problem in the private sector, etc., but the underlying message in most of the stories is that government is beyond reproach.

epaga 4 hours ago 2 replies      
Though both the email and the blog response from TSA are incredibly unprofessional, the email is NOT intimidation or a "veiled threat", and exaggerating by claiming it is is not going to help a sane discussion about this issue. What do you think the TSA is "threatening" to do? They have no power over the media.

All the TSA are saying is "exercise caution with reporting on bloggers that make random statements because you can end up looking stupid". They're wrong in this case, of course, and most likely know they're wrong, but that doesn't make their statement be intimidation (nor should it be read as such). Let's stay reasoned and calm, people.

cs702 6 hours ago 1 reply      
So the TSA is "securing" airports by trying to keep vulnerabilities secret. Their thinking seems to be, "if no one knows where the open door is, no one will get in." Surely that will work out well. Not!

Bruce Schneier must be getting a kick out of this.

bpd1069 7 hours ago 4 replies      
Overlay a thin layer of material over the metal plate (the dark/black region in the images) that has a regular repeating pattern (think checkerboard) that shows objects suspended beyond the body's silhouette.

Problem solved.

reinhardt 6 hours ago 0 replies      
Eagerly waiting for the Streisand effect
jrockway 6 hours ago 3 replies      
They're not really threatening anything, they're just asking "please don't cover this story". That's their right and it's not censorship unless the journalist faces consequences for covering the story (no future interviews, harassment by the legal system, etc.) It doesn't seem like any consequences are mentioned or implied, so this doesn't bother me. Of course the TSA doesn't want negative press. Would you?
reidmain 4 hours ago 1 reply      
Security through obscurity.

Doesn't work on the Internet. Doesn't work in real-life.

reader5000 5 hours ago 0 replies      
I think the problem is just that the TSA is run by unprofessional people who clearly have no idea what they're doing.
chao- 6 hours ago 0 replies      
What really has my interest is not the TSA's request/threat. That part is unsurprising. Instead, my mind ran through a few ideas about what a news story on this topic would entail. From the last time I bothered to watch CNN, I recall they've acquired a penchant for saying "And a viral video of [topic] is hot on the Twitters today!", showing the video, getting someone in-house to do surface analysis, reading off some Facebook posts, and cutting to commercial. Ideally, a reporter does their own investigation on the topic, either by contacting the TSA and arranging to film while testing the scenario depicted here, or by doing a more undercover verification ala the video itself.

I don't wish to be specifically judgmental of CNN, and I don't wish to over-analyze my mock-scenario. Instead I'm using the thought experiment of a news report on this topic to express frustrations with journalistic practices I have already seen elsewhere. It seems to me there isn't as much motivation on behalf of larger news organizations to put together a verified report, when you can replay something from YouTube and people will believe it much the same.

But maybe there are positive aspects? Crowdsourcing the genesis of news topics allows for a better breadth of topics, clearly. And I recognize there is a need for it in situations such as the Syrian unrest, Tibet, or any place that foreign journalists can't easily access. I get the feeling though, when I go to 'old' media, that I expect old media standards and practices. When I go to 'old' media and get a replay of internet videos followed by an equally-long segment of internet comments, I wonder why I'm not just browsing the internet for myself.

tptacek 6 hours ago 2 replies      
They're allowed to say that. The media is allowed (encouraged; morally obliged, perhaps) to ignore them. Whether he's right or wrong (and I'm sure he's right), the bureaucracy would prefer to continue working towards their quarterly MBOs than to address another controversy. This is a non-story.
skanga 6 hours ago 2 replies      
This is insanity. I try to avoid flying as much as possible.

However, the whole controversy also seems to lack common sense. An easy "solution" to this whole problem is to ask people to go into the machine and do a 360 degree rotation before emerging on the other side. I'll call this the "Airport Dance" :-)

What? It's not like we aren't made to dance already!

rickdale 7 hours ago 0 replies      
I remember before they were rolling out the scanners seeing a story run by the mainstream media about how congress had invested large amounts of money in the scanners before they realized how useless they were and now they were going to push really push hard for them to become the norm. I guess they succeeded. It sucks how in America a logical argument bumps heads with a touchy subject.
todd3834 4 hours ago 1 reply      
For someone who clearly values security, I am surprised to see him running Internet Explorer :-/
DamnYuppie 7 hours ago 2 replies      
I hope the email is fake. Yet I would not be surprised if it wasn't. Most government employees I have met are not really that intelligent. Add that to a bit of power and little to no accountability and you have an instant recipe for disaster.
alanh 4 hours ago 0 replies      
Journalism has been called the fourth pillar of the government.

Its job is not to prop up the establishment, but rather to keep it responsible.

twiceaday 7 hours ago 0 replies      
Security by obscurity.
lightyrs 7 hours ago 0 replies      
I am outraged.
ramses 7 hours ago 2 replies      
Harassment and directly attacking Free Speech? ... but somehow I suspect that this was an employee independently acting stupid, and not an institutional policy.
runn1ng 7 hours ago 2 replies      
To play devil's advocate - he clearly has an agenda and his video is more long and boring political ramblings than something really substantial.
Viral Video About Body Scanners tsa.gov
405 points by maverhick  21 hours ago   185 comments top 60
pg 20 hours ago  replies      
There is something chillingly unconvincing about their attempts at informality.

Big Brother jokey is a lot more frightening than Big Brother bureaucratic or Big Brother bombastic. Too bad this insight wasn't available to Orwell or he could have made 1984 even scarier.

philk 20 hours ago 4 replies      
If their security is as good as their blogging it's time to consider travelling by bus.

Also their "20 layers of security" chart[1] is an unintentionally hilarious masterpiece. Note the arrow they've drawn circumventing every layer of security apart from passengers. So really, we can't say they didn't warn us.

[1] http://www.tsa.gov/what_we_do/layers/index.shtm

suprgeek 20 hours ago 1 reply      
This has got to be one of the stupidest and (unintentionally) scary responses ever to a serious attempt to question security.

- Ad-Hominem attacks on the person raising the questions

- No direct refutatio of the specific points raised in the Video

- Co-relation and causation confusion (we have found x hence we are effective against the things in the video)

- Pathetic attempt at informal tone of voice

- Appeal to Stats and big impressive numbers when none is justified

In short - Americans need to be really upset that their security is handled by these buffoons.

famousactress 21 hours ago 7 replies      
Wow. This blog post makes me WAY more afraid of the TSA than the original video did. I can't wrap my head around the language used. "Things that go BOOM" ???!?!?! Are you fucking kidding me? These are the people that are supposedly acting in the interests of our safety? Disgusted.

Whoever wrote or approved this post ought to be fired. Fast.

rogerbinns 20 hours ago 1 reply      
Guess how many of the people who work on the ground airside are scanned?

In any event the TSA is not taking enough credit here. Did you know their scanners have prevented meteorites? They have also prevented tiger attacks. Since installing them there has not been a single instance of meteorites hitting planes or tiger attacks on planes. I think the US government should borrow even more money so we can get them to also prevent giraffe attacks.

AgentConundrum 20 hours ago 0 replies      
I can't believe that this is the official TSA blog. I can understand trying to take steps to avoid the usual ridiculously dry press release style articles that governments and big businesses normally have, but.. this was just unprofessional.

You have "Blogger Bob" telling us to ignore the video "some guy" made and that everything's fine because this is just one of the way they protect you from "things that go BOOM".

Also, the blog never disputes the video. There is no text that tries to say that the video was faked or anything, or provides any indication that the video and the vulnerabilities contained therein aren't exactly as they appear.

Finally, just because I'm feeling particularly nitpicky tonight: they're using Blogger's favicon and are hosted on Google's servers (DNS resolves to ghs.l.GOOGLE.COM). Maybe it's just me, but that strikes me as a touch unprofessional as well.

mrmaddog 19 hours ago 1 reply      
2 days ago, from a BusinessWeek article about the author of the blog post:

“I call it the corny dad approach. I'm basically the Bob Saget of blogging,” the 41-year-old tells Bloomberg Businessweek. “This isn't really the most exciting subject, so I thought I should inject some personality into it.” Three years removed from working the security lines himself"he used to train TSA officers at the Cincinnati airport"Blogger Bob has clearly gained some perspective on the experience. [1]

Whether or not entertainment has a place in government blogging is an argument for another day, but I think we can all agree that under no circumstances should this type of blog post ever be allowed as an official government response.

[1] http://www.businessweek.com/articles/2012-03-05/why-cant-the...

thaumaturgy 20 hours ago 3 replies      
I've never felt more like I was living in a prequel to Idiocracy than I did while reading that.
DevX101 20 hours ago 1 reply      
I'm almost impressed by the linguistic gymnastics taken here to avoid saying outright that they got caught with their pants down.

The post concludes on an entirely unrelated point to the premise of the post

|Anybody can opt out of the body scanner for a pat-down.

Sure, I'm carrying in a gun in my shirt pocket I'd like to get on the plane. Let me just request the patdown to make sure I get caught.

aprescott 18 hours ago 0 replies      
Astonishing blog post.

Imaging technology has been extremely effective in the field and has found things artfully concealed on passengers as large as a gun or nonmetallic weapons, on down to a tiny pill or tiny baggies of drugs.

This reminded me of part of the recent TSA Fail post by a former FBI agent.

Civil libertarians on both sides of the aisle should be appalled at an unauthorized use to which TSA is putting their screening: Identifying petty criminals--using one search method to achieve a secret goal. This is strictly forbidden in other government branches. In the FBI, if I had a warrant to wiretap an individual on a terrorism matter and picked-up evidence of a non-terrorism-related crime, I could not, without FBI Headquarters and a judge's approval, use that as evidence in a criminal case. But TSA is using its screening devices to carve out a niche business. According to congress, TSA began to seek out petty criminals without congressional approval. TSA have arrested more than 1,000 people on drug charges and other non-airline security-related offenses to date.


mattdeboard 20 hours ago 0 replies      
Beyond disturbing. Equivalent of, "u mad?" Rebuttal with no refutation. Embarrassing and useless, but just enough to placate the placid and ignorant.
stewbrew 18 hours ago 2 replies      
It seems they don't watch German television shows: https://www.youtube.com/watch?v=nrKvweNugnQ
mcantelon 20 hours ago 1 reply      
"Body scanners don't work, but we do other stuff too." Jesus.
shingen 20 hours ago 0 replies      
That last paragraph is a doozy.

Completely addresses privacy concerns; is completely safe; oh and hey, it's completely optional, assuming you don't prefer molestation and possibly randomly missing your flight.

maverhick 21 hours ago 1 reply      
"around the interwebs" "baggies of drugs" "things that go BOOM"

Seems legit.

wpietri 20 hours ago 0 replies      
Shorter TSA: We're not going to deny that this guy can bring whatever he wants through, but having screened 600m passengers in the last year, we did once find a gun and some drugs. So you're safe! And if you don't think a dose of radiation is a good trade for pretend security, you can always wait another 15 minutes for a grumpy person to grope you.
toyg 18 hours ago 0 replies      
Their "20 layers of security" reminds me of your usual "7 proxies" and "over 9000": meaningless over-the-top numbers with no relationship with reality.
jroseattle 12 hours ago 0 replies      
Well, Bob (original author) -- as if the situation couldn't be more magnified, your post has simply added to the impression that the TSA is mostly public hand-waving in the place of real security.

"Crude" attempt? "you know… things that go BOOM"? I sincerely hope you take anyone's claim seriously, public or otherwise, that they can circumvent any security measure put in place by the TSA. The tone of your blog post smacks of disregard; if you thought it would invoke confidence on the part of the reader, you thought wrong.

The biggest defense put forth: well, we have other security detection methods so, hah!

Don't you get that the point about the body scanners is that they can be beaten? That they're superfluous to the security regimen? That if you can't defend them directly, they serve no real purpose? That's the point of the video, and it's completely lost on you (and obviously others for whom you speak.)

As is the impression among so many travelers, the TSA confuses "feeling safe" with "being safe" and it appears your post simply reinforces that view.

Visions of the SNL parody skit from years ago come to mind.

drivebyacct2 20 hours ago 2 replies      
>It is completely safe and the vast majority use a generic image that completely addresses privacy concerns.

Well that makes me feel great. Guess they decided they been caught blatantly lying on that point before so they decided to reiterate it, just with sufficiently vague qualifiers.

tuxguy 16 hours ago 0 replies      
As an Indian, i am always envious & jealous of how govt agencies & systems work so much better in the US than in India.
So i was really shocked to see this blog post, after the said govt agency's credibility has been seriously damaged (by the viral video)

"... things that go BOOM"

Are you f*ing kidding me ? Is that how a govt official is supposed to communicate ?
Leave alone the content, but the tone of the post is very crass, insensitive & insulting.

Unfortunately, this is becoming increasingly common, even in some of the most liberal cities in the US & the world.. San Francisco bay area.

Check out http://news.ycombinator.com/item?id=2890052 & http://bit.ly/bartisevil on the high-handedness of BART PD (Bay Area Rapid Transit)

newman314 20 hours ago 0 replies      
The flippant behavior exhibited makes me both alarmed and angry.

Here's an interview with Blogger Bob that Google returned:

Apparently, being snarky on the government dime pays quite well. Dude appears to be rocking a Rolex.

InclinedPlane 18 hours ago 0 replies      
Number of terrorist attacks detected and thwarted by TSA measures since 2001: Zero

Number of terrorist attacks attempted since 2001 over US airspace: MORE THAN ZERO

reader5000 13 hours ago 1 reply      
Just astounding. As soon as I read "interwebs" I had to check to make sure this was an official communications channel of a Federal agency. Mind is blown. Is this the same level of people running the CIA/FBI? What is going on?
tsigo 20 hours ago 2 replies      
If this weren't on a .gov site I'd think this was satire. As it is, it's just scary and sad.
RealAmerican 9 hours ago 0 replies      
The really funny thing is that this guy is probably making between $93,00 - $142,000 (paid by us). Look at this job listing for a TSA program analyst: http://www.usajobs.gov/GetJob/ViewDetails/311287200

...with tasks like "You will develop and approve solutions to current and anticipated problems"

I think Blogger Bob is writing some of these job descriptions, too.

Makes me sick.

Here are the benefits Blogger Bob gets:
DHS offers competitive salaries and an attractive benefits package, including: health, dental, vision, life, and long-term care insurance; retirement plan; Thrift Savings Plan [similar to a 401(k)]; Flexible Spending Account; Employee Assistance Program; personal leave days; and paid federal holidays. Other benefits may include: flexible work schedules; telework; tuition reimbursement; transportation subsidies; uniform allowance; health and wellness programs; and fitness centers. DHS is committed to employee development and offers a variety of employee training and developmental opportunities. For more information, go to www.dhs.gov/careers and select "benefits."

jcromartie 15 hours ago 0 replies      
This is even worse than I thought the scanners were. THIS is what the operator sees? http://www.tsa.gov/approach/tech/ait/privacy.shtm

That means that it's a complete black-box and if you just beat the scanner's algorithms, you beat the scanner operators too.

What a complete and utter joke.

tsaoutourpants 18 hours ago 1 reply      
Blogger Bob is just another part of the TSA's layered approach to bullshitology. I'm glad it's transparent to all, and thank you again for covering this issue.
einhverfr 14 hours ago 0 replies      
The blog article is extremely funny.

I keep thinking, "If this were a post by Microsoft about a security vulnerability report, I'd be in business doing Linux migrations for the rest of my life."

ojosilva 5 hours ago 0 replies      
To me the bad thing about the TSA, and counterterrorism in general, is that every day that goes by without an attack reinforces whatever methods and expenses they might incur.

But the worse is that only a terrible event could prove them wrong and stop the nonsense.

stretchwithme 20 hours ago 0 replies      
yeah, get all your info about the government FROM the government. No conflict of interest there.

So, why did they defer those safety studies anyway? Just a scheduling conflict? Too busy with an election?

The things that we have to be subjected to just to satisfy campaign contributors.

otterley 20 hours ago 0 replies      
... and nowhere do they deny that the method presented actually works.
eplanit 20 hours ago 0 replies      
"tiny pill or tiny baggies of drugs" go BOOM?? I can't help but notice the glossing over of the mission creep.

[quote from article]
Imaging technology has been extremely effective in the field and has found things artfully concealed on passengers as large as a gun or nonmetallic weapons, on down to a tiny pill or tiny baggies of drugs. It's one of the best tools available to detect metallic and non-metallic items, such as… you know… things that go BOOM.

ard0r 20 hours ago 0 replies      
This is a non-serious response. I think I'm going to talk to my congressperson about this.
shingen 20 hours ago 0 replies      
The fascinating thing about their claimed 20 layers of security, is also that a failure by any single layer can result in a terrorist attack succeeding.

They surprisingly don't point that out. (har har)

nagrom 17 hours ago 0 replies      
The pie-chart on the delete-o-meter on that blog sidebar doesn't reflect the numbers underneath it. At present, there are 50k accepted comments and 17k deleted, but the deleted slice is much less than 25%.
Animus7 17 hours ago 1 reply      
> For obvious security reasons, we can't discuss our technology's detection capability in detail...

The way I read it:

For obvious job security reasons, we can't discuss our technology's detection capability in detail...

Anyway, I sure feel safe knowing that the security of my life is entrusted to obscurity, and I'm thankful for the trolling TSA blog posts that remind me of this.

Uchikoma 16 hours ago 0 replies      
The most interesting thing in that post was on what they focus. One would have that it was terrorism, but no, they spread their attention by looking for drugs with those body scanners. Feeling safe now.
methoddk 13 hours ago 0 replies      
What an ignorantly worded blog post. By the TSA?! Come on.

If anything, this post does nothing but give the impression that the flaw in the scanners IS true.

GBond 12 hours ago 0 replies      
Tone is baffling... only explanation is the official blog is trying to spoof their spoof?

https://twitter.com/#!/tsagov TSA satire)

xster 11 hours ago 0 replies      
I have a feeling this response is doing them far more harm than good. It's just a simple admission that everything stated was true and I'm going to make it into a high school argument and call you some guy with some crude video that's irrelevant.
hgasdasdgdj 1 hour ago 0 replies      
All the comments here sucks ass

"It's one of the best tools available to detect metallic and non-metallic items, such as… you know… things that go BOOM. "

If you shat out an emotion frmo that sentence, you too much of a baby to use the internet, LEAVE.

gaius 19 hours ago 1 reply      
Stand back people, TSA Blog Team is on the case!

More seriously, these jokers let terrorists waltz on board planes (e.g. The Shoebomber) and only the passengers, treated like criminals by TSA, stop them.

Time to send the rentacops back to the mall.

ryguytilidie 20 hours ago 0 replies      
"We're actually safe, I'm not going to give any evidence of this, just trust me".

Seems fair.

guynamedloren 17 hours ago 1 reply      
Today, I am not proud to be an American. Thanks TSA.
tnuc 19 hours ago 0 replies      
I for one feel a lot safer thanks to this blog post from the TSA.

Keep up the great work TSA and thank you for putting my worries to rest.

Do I need to put sarcasm tags?

marcamillion 18 hours ago 1 reply      
This definitely looks like the beginning of the end for at least the body scanners.

If that video brought on so much heat that they had to respond like this and drop the ball so much, queue more public outrage and major back-pedalling in 3.....2.....1....

rythie 19 hours ago 2 replies      
In any case, surely the weakest link is airports in less developed countries, which always seem to be much less secure to me.
mattezell 13 hours ago 0 replies      
It would appear that Wired came to the same conclusion as the blogger - http://www.reddit.com/r/politics/comments/qn0su/wiredcom_con...
functionoid 20 hours ago 0 replies      
Tax payers money...billions...not sure what testing they did before buying or they knew it and still bought them because they got their cut.
plf 18 hours ago 0 replies      
If there was any doubt as to whether the original technique described in the original video worked, this blog post has just confirmed it.
adrianwaj 16 hours ago 0 replies      
Confidence Trickster Bob should go through a con artist scanner. It'd explode.
whalesalad 16 hours ago 0 replies      
Uhh am I the only one here who isn't planning on reading too deeply into this? Seems like TSA got pwnt by lulzsec or anonymous?
quink 18 hours ago 0 replies      
Tagged this in delicious.

Wondering if it'll show up with my tags... http://delicious.com/quink

Can someone else tag it too with my tags and it might show up on their page...?

grepherder 18 hours ago 2 replies      
OK, I will play the devil's advocate.

Yes, he does not deny or dispute whether the method works as claimed.

The otherwise hip language is not helping nor does it sound sincere, I agree.

But, if we want to stay objective:

1) He describes the demonstration in the video as a "crude attempt", which is in certain ways true. Neither is the attempt too sophisticated, nor the documentation of it, or should I say especially the documentation. The video itself is lacking in scientific argumentation, and makes up for the lack thereof with unnecessary political rhetoric that I don't need to be fed to see the simple "flaw" he claims to have discovered - more about that now...

2) The person in the video may or may not be sincere about his claims, but he definitely is not the first person to point out this "flaw". It was known publicly for a very long time, and it is reasonable to assume people who developed and approved the system were well aware of it.

3) Everyone is pointing out that there is no attempt at a "scientific" refutation in the blog post. Well, he is right in stating that their claim never was that they can catch any single concealed object with the body scanner. I don't see what it is exactly that he needs to refute. It is indeed part of a layered system, and I can't see how anyone can disagree with this concept. I'm not saying the scanner is a reasonable layer or that it should stay - but if your argument is "it has to work 100% or it has to go", it is pretty weak. He doesn't really evade any serious accusation here - he simply points out the obvious and reinstates their claim: what was shown in the video is uninteresting, because the body scanner was never about catching metal boxes sewn to the side of a shirt with 98.5% confidence.

You can argue the body scanner is an economical disaster, dispute it on the basis of privacy or bring up health concerns, but I like to stay objective. There is nothing wrong with this post, as a response to the demonstration in the video, beyond the silly language.

CF_riseAbove 13 hours ago 0 replies      
Methinks thou dost protest too much TSA
erode 9 hours ago 0 replies      
I've never believed something less than the words in this blog post.
justanotheratom 17 hours ago 2 replies      
Can someone post a link to the viral video they are referring to? I can't seem to find it (I live in a cave).
brevityness 20 hours ago 0 replies      
So, this is where our tax payers' money is going? Sigh.
warren-g 19 hours ago 2 replies      
Not that I'm condoning the machines, and perhaps I'm missing something, but...

Couldn't this "vulnerability" be fixed if they took two scans? Take one of front/back (current approach) and then ask the person to turn 90 degrees and take another scan? to see the sides?

neilmiddleton 17 hours ago 0 replies      
"things that go BOOM"
OpenStreetMap: Welcome Apple osmfoundation.org
320 points by sambeau  13 hours ago   135 comments top 24
sambeau 13 hours ago  replies      

  "It's also missing the necessary credit to OpenStreetMap's
contributors; we look forward to working with Apple to get
that on there."

ugh 12 hours ago 8 replies      
Then congratulations Apple, for making a not so great map even worse. I can't really judge map quality in the US, but in Germany it sucks. Cities show up twice or are missing completely, labels are often small, unreadable and ugly. There is no consistency in the placement of lables.

OSM has its fair share of inconsistencies but it's not that bad.

The map is ok for what it is: Just for presentation inside of iPhoto, not for browsing or finding your way. I really hope that Apple doesn't plan to use this anywhere else and hat they just didn't go with Google because they can't customize their maps any way they want.

(That missing credit is also shameful. I was looking everywhere inside of iPhoto but couldn't find it. Stuff like that sould at least be moderately easy to find.)

petsos 11 hours ago 1 reply      
I wonder if this is a temporary quick and dirty solution from Apple, pending a full-scale switch to their own maps in iOS 6.0.
5h 12 hours ago 0 replies      
This is (for me) a very timely validation of OSMs efforts, congrats to them!
mrinterweb 7 hours ago 0 replies      
I can see a big migration away from Google Maps with Google's new pricing. Google's pricing can potentially get prohibitively expensive quickly. 25000 map views per day and $4/1000 map views that exceed the free 25000 map views. I am starting a new project that is focused around mapping. There is no way Google Maps will work for me with their pricing model. Open Street Maps is great.
NameNickHN 12 hours ago 2 replies      
There are two things that Apple should do in order to avoid being viewed as a jerk once again. Put in the credit to OpenStreetMap and make a sizable donation to the OpenStreetMaps Foundation.
mokus 10 hours ago 1 reply      
In addition to the attribution, I'd like to know how they are going to comply with the "share-alike" part of the license. Where can I download "Apple maps"? According to the OSM FAQ, it should contain not only the OSM data but all other data they have merged in.

It also seems like they should be required to release all the styling parameters and/or code needed to render the maps exactly as they appear in iPhoto - does anyone know how far CC-BY-SA reaches in a case like this?

EDIT: for that last part, I guess they probably would be fine just releasing the whole thing pre-rendered.

stevenp 7 hours ago 1 reply      
We know that Apple is working on using their own map technology based on some of their acquisitions. Is it possible that OSM is just a stop-gap until their own maps are ready to go? Perhaps they didn't want to enter into another licensing agreement with Google if they're going to be ready to switch to their own solution later this year with iOS 6?
dan1234 11 hours ago 1 reply      
Has it been confirmed that they're using OSM data or could the data be a product of their acquisition of Placebase (back in 2009)?

Apple have actually been using this tile set for a while (it's used in the slide show mode of the current version of iPhoto for OS X).

rmc 13 hours ago 0 replies      
There are some licence and copyright matters to be dealt with, but it's good to see another company switch to OpenStreetMap
MRonney 12 hours ago 1 reply      
The map for my hometown shows a train station that hasn't existed since the early 1900's.
sharmi 9 hours ago 0 replies      
I see this as a favorable move to OSM. Hopefully the OSM's data would be enriched further considering the huge volume of people who would come in contact with OSM. OSM still lacks in a few places like middle east (Kuwait). But what was surprising was, wikimapia has several orders of magnitude better data for the same region compared to OpenStreetMap or other commercial map providers ( That includes google maps, yahoo maps etc
nchlswu 10 hours ago 1 reply      
Could someone clarify using a service like OSM or Google Maps vs. using their data for map tiles?

After the announcement I read tweets that basically said Apple was still using the Google Maps service, but the tiles were rendered by Apple?

Based on what I'm reading it sounds like I misunderstood or am misremembering what I read.

JVIDEL 10 hours ago 1 reply      
What is the word I'm looking for, "disappointed"?

The lack of given credit to OSM doesn't seems like an accident, and I was looking forward to see what Apple was doing with that amazing mapping technology from SAAB.

This is underwhelming to say the least, I was expecting much more from Apple.

Shank 13 hours ago 2 replies      
I thought someone compared the terrain with OSM and in certain locations it differs?

Edit: They're apparently combining map data in some places.

X-Istence 10 hours ago 1 reply      
The Apple tiles are completely missing the street I live on ...
dutchbrit 11 hours ago 0 replies      
Someone at Apple definitely deserves a good spanking..
chpolk 12 hours ago 0 replies      
With many of these larger map-based apps switching to OpenStreetMap, does anyone know any apps that receive a large amount of traffic that are currently/going to stay with Google Maps? And if so, how are they dealing with the charges (is it doable with a large amount of traffic without a significant source of revenue)?
Tycho 6 hours ago 0 replies      
Just when I thought they couldn't get any more evil.
Metapony 10 hours ago 1 reply      
Link is down. I'd ask for a google cache link, but the irony would make me implode.
dbkbali 12 hours ago 1 reply      
Great Apple, do no evil! How can we get better coverage for Asia?
robertgaal 10 hours ago 0 replies      
How can a project this cool have such an ugly website? It's shit like this OSM...
phil 9 hours ago 2 replies      
I don't get it. Where's the evidence that these maps are based on OSM data versus, say, Navteq or TeleAtlas data?

The tiles use terrain data that nobody thinks is from OSM, and when I look at North American cities, the street grids certainly don't seem to match any better than you'd expect.

This post sounds pretty confident but they don't explain why.

tseabrooks 13 hours ago 1 reply      
It feels a bit silly to fawn over map tiles... and I'll probably be accused of being an "Apple Fanboy"... But I'll be damned if those aren't some gorgeous tiles.

Hopefully, this signals apple will move away from google for the built in maps app and provide something superior themselves with something comparable to the kick ass turn by turn in the current Android devices.

Sometimes the bug isn't in your code, it's in the CPU dragonflybsd.org
293 points by there  3 days ago   97 comments top 14
jaylevitt 3 days ago 5 replies      
As someone who found four compiler bugs in three weeks - in a five-nines fault-tolerant OS, yet! - and who found a PostgreSQL optimizer bug within weeks of learning SQL, I think the key to being "that guy" is playing five-whys with every single bug you encounter.

I work with some very talented developers who, when they try something and it doesn't work, try something else. I am fundamentally incapable of that. If it doesn't work, I MUST KNOW WHY. Even if that requires building a debug version of my entire stack, adding all sorts of traces, and wolf-fence debugging until I have a minimal fail case.

It's a real limitation; if I hit an undebuggable brick wall, I have no ability to attack the problem from a different angle. Luckily, there are few things that are fundamentally undebuggable.

16s 3 days ago 2 replies      
Please stop referring to him as "this guy", he's well known in the BSD and Linux worlds. He had commit access to FreeBSD before many things we take for granted today even existed. His name is Matt Dillon and he's one hell of a hardware/OS hacker. http://en.wikipedia.org/wiki/Matt_Dillon_%28computer_scienti...
jdfreefly 3 days ago  replies      
First off, I would say that is some pretty awesome work by this guy to chase this down. Including his work with the manufacturer to help them reliably recreate the issue.

Second, I would say that over the course of my 10 year career in managing developers, I've heard many, many times that the bug was in the kernel, or in the hardware, or in the complier, or in the other lower level thing the developer had no control over. This has been the correct diagnosis exactly once. If I had to guess, I would say about 5%.

gue5t 3 days ago 1 reply      
Here are some more details about this particular bug: http://leaf.dragonflybsd.org/mailarchive/commits/2011-12/msg...
etrain 3 days ago 4 replies      
My hat's off to this guy for the work he did, and indeed, finding a CPU is quite the accomplishment.

That said - what is it about the hardware manufacturers that makes them relatively immune to this sort of thing? Is it formal verification and rigid engineering process? Is it that they spend so much money developing these things that they better do them right, god dammit?

Sometimes I think that the whole industry would be much better off if everyone up the stack was held to these kinds of standards. If that were the case though, where would we be? We'd have rock solid systems, but how sophisticated would they be? Would UNIX exist? What about (a more bulletproof and less feature complete) Java?

bebop 3 days ago 1 reply      
Great job tracking down a hardware bug! That must be really exciting, and you get your name in the AMD errata I assume?

One of my comp sci professors found a bug in an Intel chip and got his name in the errata. I think that gives you +100 to nerd credibility :)

augustl 2 days ago 0 replies      
In order to reliably reproduce the bug, he wrote his own operating system. A small one, but still, an operating system. That's pretty badass..
ot 2 days ago 0 replies      
Original thread with all the analysis performed before the bug was attributed to the CPU:


(Check out in particular the section "EFFORTS AT FINDING A KERNEL BUG THAT WASN'T A KERNEL BUG")

bgrainger 2 days ago 2 replies      
If you're interested in the types of bugs that are present in modern CPUs, AMD makes their errata documentation publicly available. (As far as I know, Intel's errata are not public. Edit: See tedunangst's comment below for a correction.)

The errata documentation for AMD Family 10h Processors (Athlon, Opteron, Phenom, etc.) is here: http://support.amd.com/us/Processor_TechDocs/41322_10h_Rev_G...

The errata for AMD Family 12h Processors (A-Series APU, etc.): http://support.amd.com/us/Processor_TechDocs/44739_12h_Rev_G...

I found this out when an AMD engineer confirmed an AMD CPU bug for me: http://stackoverflow.com/questions/7004728/is-this-should-no...

sjwright 3 days ago 1 reply      
When a CPU bug is discovered, what options are available for remedying the situation?
throwawayderp 3 days ago 0 replies      
Nice catch.

It would be interesting if he has accidentally triggered a backdoor, such as mentioned in this post.


daenz 3 days ago 0 replies      
Amazing. I'm happy his sanity survived!
dhruvbird 3 days ago 0 replies      
wow! this is quite a rare thing...
comice 3 days ago 0 replies      
Next time my code isn't working as expected, I'm going to shout "cpu bug!" and cite this article.
Google Play play.google.com
288 points by IgorPartola  2 days ago   107 comments top 36
BrainScraps 2 days ago 8 replies      
I know that there is probably conflict between Google Wallet/Checkout - but they need to get on this issue like last YEAR -


It just implies that they don'y know anything about who is using Android phones in the U.S. I only have my gut to back this up (after observing who carries Android for the past 2 1/2 years or so) but Android devs will be able to make so much more money once Google starts selling gift cards in retail stores.

Why? Metro PCS, Boost Mobile, and teenagers. My guess is that they're a large part of the Android user base that is very unlikely to link up a credit card to their account. They would however be great candidates to use gift cards bought for them on birthdays/holidays.

I swear if they don't do this soon, it'll only keep more and more developers from releasing apps on Android.

Kylekramer 2 days ago 3 replies      
I get the idea. Android Market is essentially Google's iTunes now, and they want to push the music/movies aspect. Google Play makes more sense than iTunes branding does (tunes are about 1/8 of what it does these days), but there is some weirdness. Play works well for music/movies/games, but not really for apps/books. I was introduced to the brand with an update to Google Books app saying it was now Google Play Books, which made me think Google was expanding into sports team management or something.
psychotik 2 days ago 2 replies      
"Google Play? Is that like Google Labs, where they play around with new technologies? No, it's where you get apps for Android"

"Get music from Google Play. No, not Google Music. You play music in Google Music, but you buy it in Google Play. Got it?"

"You get apps from Google Play too. No, not apps for your music. No, not apps for Google services. Apps for your Android phone. Any type of app - from Google Play."


jcampbell1 2 days ago 2 replies      
This is a great concept, but the execution leaves something to be desired. Google really needs some detail obsessed folks. How do they not notice the flicker on the transitions of the app market carousel? Also, a linear transition? Yuck.
CodeMage 2 days ago 1 reply      
Just what I needed. Yet another service that doesn't offer any content in my country and even if it did, it doesn't seem like they would let me download the songs I paid for. Screw that.

Edit: I stand corrected about downloading. Thanks for the info, abraham.

bookwormAT 2 days ago 1 reply      
I like the new name because it makes it clear that this is one of Google's apps, not a part of Android.

'Android Market' was confusing a lot of people. I've seen more than a few journalists thinking that, for example, the Amazon Kindle Fire is not a complete Android based system, because it does not ship with the Android Market. Some even called it a fork.

benatkin 2 days ago 0 replies      
There was a strong freedom connotation in the name "Android Market", both in that it used the Android brand which is associated with an open source project, and in the meaning of the word "Market". No such connotation exists with "Google Play".

Sad, but not surprising.

ConstantineXVI 2 days ago 2 replies      
Their new app badges[1] say "Get it on Google Play". It's not clear at all what platform you'll be getting it for. Most people know they have "an Android", not "something with Google Play". Bit of a step back.

[1] http://www.android.com/developers/branding.html#google_play

MindTwister 2 days ago 0 replies      
> We're sorry. The Google Play music player is currently only available in the United States.

Should've known...

methodin 2 days ago 2 replies      
Anyone know if the apps will work on the Google TV? If so this is a lot more compelling. I'm assuming a pure Google Reader would be the next logical hardware step, in which case Google is ramping up to become a bigger threat to Amazon, which should prove to be very interesting. Apple vs Microsoft vs Google vs Amazon. That's a battle of the giants if I've ever seen one.
buster 2 days ago 0 replies      
evertime.. everytime the same thing. Why are those services most of the time not available in my country?
Makes me mad.. Google Voice, Google Music, Google Play, netflix, hulu, pandora, etc etc etc(!!!)

pff... :(

brown9-2 2 days ago 1 reply      
Anyone care to guess what's up with these crazy long URLs? For instance https://play.google.com/store/apps/details?id=com.bithack.ap....

The ?t= part doesn't seem relevant to the document being shown as you get the same page without it.

VonLipwig 1 day ago 0 replies      
This is the least exciting thing I have seen today. There are hundreds of these throw away games which are nothing more than a time sink and contain no more depth than an A4 sheet of paper.

So there is an new/improved platform store to buy/sell these apps. Greeeaatttt....

vibrunazo 2 days ago 0 replies      
Maybe this is a preparation to unify the Android Market and the Chrome Web Store? This is a brand that would make sense for both android and web apps.
nickpresta 2 days ago 0 replies      
For those developers wondering where http://market.android.com/publish went, you can find your apps here: https://play.google.com/apps/publish/Home
rb2k_ 2 days ago 0 replies      
Or as it's known in Germany: "Leider ist das gewünschte Dokument nicht in Ihrem Land verfügbar."

Stupid geo restrictions...

cek 2 days ago 0 replies      
Google Play is a smart attempt by GOOG to gain more control of MO/OEMs. Platform fragmentation exists across 5 axes (UI, Device, OS, Marketplace, and Service).

By bundling these services together they may make it harder for MO/OEMs to implement their own and reduce fragmentation across both the "Service" and "Marketplace" fragmentation axes.

rbreve 2 days ago 1 reply      
We're sorry, the document you requested is not available in your country. :(
GBKS 2 days ago 3 replies      
Hm, it looks like market.android.com now also redirects to Google Play. Wasn't Android supposed to be a separate entity from Google?
joejohnson 2 days ago 3 replies      
The animation on this page renders very poorly for me (Chrome, OS X)


zaidmo 2 days ago 0 replies      
If you are not from the US, UK, Canada, Australia or Japan, you may only be able to download apps. No ebooks, games or movies. They should at least add private, non-commercial podcasts. No benefit to me in South Africa.
Source - http://googleblog.blogspot.com/2012/03/introducing-google-pl...
bostonvaulter2 2 days ago 0 replies      
While I like the overall concept I find that the navigation on Play is horribly broken. For example from Google Play Music I don't see any way to get back to the main Google Play store to buy apps or movies:


moeffju 2 days ago 0 replies      
Once again, not available in my country (Germany). Which is extra dissatisfying because Google Music worked just fine (I was in the early beta).

Is there any way for me to get a US credit card and bind it to a German bank account, or PayPal, or whatnot?

rglover 2 days ago 1 reply      
For having as much money as Google does (presumably), they really don't invest in design talent all that much. This UI is killing me.

Edit: Which is kind of bizarre because they hired this guy a while back: http://dribbble.com/KounterB

adunsmoor 2 days ago 0 replies      
It doesn't work well with Google's account switching yet.

I happen to have 2 google accounts (personal and work) and was logged in to both. With mail and docs I can switch back and forth between them.

In Google Play, there wasn't a way to switch from the "default" account to purchase music unless I signed out of 1 and signed in with the other.

I'm sure that'll come along later, though. I realize my usage is an edge case.

dazbradbury 2 days ago 0 replies      
Appears some of the apps have been put on sale as part of the launch. HotUkDeals has a list of what's available for those that are interested:


troymc 2 days ago 0 replies      
This brings many of Google's stores under one brand, but the Chrome Web Store remains separate. (It has web apps, extensions, themes, etc.)
ed209 2 days ago 1 reply      
I find their departure away from their usual logo styles pretty interesting. I like the logo, but it doesn't really say "google" to me. Maybe that's what they were intending http://cl.ly/053t0P2T1w441L3h3P0w
DHowett 2 days ago 0 replies      
The Market autoupdate mechanism is going to ensure that the Market icon spontaneously disappears on all devices running 2.2+ (with Google branding) in unison, much to the confusion of every single user who just knows "I press the 'Market' thing and I get games."
bbrizzi 2 days ago 1 reply      
Had to read quite a few comments to understand what was happening. Accessing the site from France, I only see Android apps and games.

What is on the US site exactly? Movies and music? Would anyone mind posting a screenshot?

tree_of_item 2 days ago 0 replies      
Why isn't the Chrome Web Store a part of this?
JVIDEL 2 days ago 0 replies      
For a moment I thought Google was getting into gaming...

Hey, after Valve's Steambox anything is possible, and if rumors are true they are trying to emulate Android's model with OEMs.

notlion 2 days ago 0 replies      
Gah.. The logo looks like something Microsoft would come up with.
TwistedWeasel 2 days ago 2 replies      
There are a total of 71 movies listed, or am I missing something?
halayli 2 days ago 3 replies      
It looks like a carbon copy of Apple App store / iTunes.
kaiju 2 days ago 0 replies      
And still no API for music.
SSH Key Audit on Github (required) github.com
289 points by ericelias  1 day ago   105 comments top 23
pilif 1 day ago 2 replies      
What makes me the most happy about this is that they ask for the password in order to add a key now.

I was always very afraid of XSS attacks (I know - there shouldn't be any - but there could and were, though not for this) that would add another key, so I always hoped they would add that additional bit of protection.

As such: Another huge thanks to @homakov for forcing the issue.

spicyj 1 day ago 0 replies      
The accompanying email:

  A security vulnerability was recently discovered that made it possible
for an attacker to add new SSH keys to arbitrary GitHub user accounts.
This would have provided an attacker with clone/pull access to
repositories with read permissions, and clone/pull/push access to
repositories with write permissions. As of 5:53 PM UTC on Sunday,
March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking
additional precautions by forcing an audit of all existing SSH keys.

# Required Action

Since you have one or more SSH keys associated with your GitHub
account you must visit https://github.com/settings/ssh/audit to
approve each valid SSH key.

Until you have approved your SSH keys, you will be unable to
clone/pull/push your repositories over SSH.

# Status

We take security seriously and recognize this never should have
happened. In addition to a full code audit, we have taken the
following measures to enhance the security of your account:

- We are forcing an audit of all existing SSH keys
- Adding a new SSH key will now prompt for your password
- We will now email you any time a new SSH key is added to your
- You now have access to a log of account changes in your Account
Settings page
Sincerely, The GitHub Team

--- https://github.com support@github.com

memset 1 day ago 6 replies      
Here is the command you use to obtain your fingerprint for this audit:

`ssh-keygen -lf ~/.ssh/id_rsa.pub`

rdl 1 day ago 6 replies      
Why are ONLY keys at risk, which this implies?

Presumably someone could have added a key, done evil, then removed the key. Evil includes all sorts of interesting things, like checking in code under the name of an existing contributor. This could potentially be really subtle and would be difficult to find in an audit later.

(Remember the stink over OpenBSD potentially having backdoors in the IPsec stack, revealed in late 2010? http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd)

andrewjshults 1 day ago 2 replies      
They also did a notification when you tried to push:

ERROR: Hi andrewjshults, it's GitHub. We're doing an SSH key audit.
Please visit https://github.com/settings/ssh/audit/<removed>;
to approve this key so we know it's safe.
Fingerprint: <removed>
fatal: The remote end hung up unexpectedly

A little weird to see when you're doing a push but good that they put it in there. Their email got flagged as bulk in gmail so until I saw this I didn't know they were doing the audit.

pak 1 day ago 3 replies      
As an interesting side effect, they will have pretty exact stats on how many active users they have; might help them sunset old accounts or move them to the slowest servers.

(Because of the offline nature of most git actions and different habits on pushing/pulling, it's probably hard to otherwise estimate how much a user cares about their github.)

avar 1 day ago 4 replies      
Correct me if I'm wrong but the nature of the vulnerability was that someone who's not you had to submit a page with certain POST variables they could have determined after the fact to be malicious while logged in.

So the fact that they're sending out this E-Mail tells us that they either don't keep logs on requests + POST contents, or that they haven't had the time or inclination to analyze this data if they have it.

jgrahamc 1 day ago 2 replies      
It would be interesting to know the details of the vulnerability. Given that they've patched it, it would be good to see what the error was in case others are affected.

Was this Rails-related and what was it?

joshklein 1 day ago 1 reply      
Several comments below praise the Github team response to this vulnerability. I agree. But it should also be mentioned that the first email I sent to my company this morning read, "should [our product] source code be in the cloud?"
spullara 1 day ago 0 replies      
I guess this answers my questions about how long this vulnerability existed (a long time) and whether or not they could verify no other accounts were compromised (no).
finnh 1 day ago 0 replies      
Sadly the link in the email isn't direct (it's a tracking link through "news.github.com"), so Thunderbird flags it as a possible phishing attempt =(

Edit: github send out an email with a link to the ssh audit page; that's the email to which I refer

tomjen3 12 hours ago 1 reply      
Why are you guys praising GitHub? They basically screwed up thrice: first by not catching such an obvious flaw (granted it should have been changed in Rails, but still), second by breaking half the scripts that rely on their service and finally by sending such an obnoxious email (really required action? Who the hell to do you think you are?).

Anyway it is pretty moot at this point since I have long ago forgotten my password and changing the orgion to somebody else is pretty easy.

That said, can anybody recommend alternatives? I know Bitbucket and they seem pretty great, especially as they allow private repositories, but it seems the consensus here doesn't like them for some reason?

skrebbel 13 hours ago 0 replies      
Damn I envy the GitHub guys. They can send a mail to their users about SSH Keys and nearly all users simply understand it and get it over with.

In any other business, the result of a similar mail would be an overloaded helpdesk, a significant reputation hit and a massive bucketload of competitor FUD.

niels_olson 1 day ago 5 replies      
Um, is anybody else having the experience that their keys really do seem to be different?
rwmj 1 day ago 0 replies      

This script is very useful when doing this audit, because you can turn your .ssh/authorized_keys file into a list of key names and fingerprints to check against what github is showing you.

benatkin 1 day ago 0 replies      
It was easier for me to just delete all of the keys. I had some I didn't need anymore. I also didn't pick great names for the keys I had. It's easy to add a key so instead of checking the fingerprints I can just create a new key.
Ecio78 1 day ago 1 reply      
I've just registered yesterday on Github (it's suggested for Coursera's Saas Class i'm attending) but they've sent it to me too, even though the vulnerability has already been resolved before my account was created. Maybe they've not checked account age..
zby 1 day ago 1 reply      
I've just seen it and I headed to Hacker News to verify if it was legit :)
homakov 1 day ago 1 reply      
Is it a good idea to check created_at != updated_at ?

People update public keys very rarely.
I would even say NEVER.

Just make an sql against your table to see what are the most possibly are malicious keys.

(i see no reason to update timestamps doing 'the trick'. I believe attackers didn't)

ricardobeat 1 day ago 0 replies      
Did this change just disable re-use of deploy keys across multiple repos?
my8bird 23 hours ago 0 replies      
while this was a good response to their security issue a little heads up would have been good. they broke all of our auto builds and by the time we figured it out the guy who's key was used for the builds was gone on his vacation. luckily, we got ahold of him prior to him turning his phone off.
levigross 1 day ago 0 replies      
They also added a audit log so you will be able to track and address any future issues.. https://github.com/settings/security
homakov 1 day ago 1 reply      
you got balls guys. It is hard to force everyone to do something but you did it. Kudos

also, if we go back few years ago this way would be a bit secure to handle keys
@key.body = params..
@key.title = params..
I am sure update_attributes is good choice when you got 5+ fields and update database scheme pretty frequently.
Just my 2 cents

Apple releases Ipad 3 apple.com
282 points by craigbellot  1 day ago   318 comments top 47
Aloisius 1 day ago  replies      
It should be noted that the limited data plans for both AT&T and Verizon mean that at the max 4G speed of 73 Mbps, you could use all your bandwidth for the entire month in less than three and a half minutes (2 GB plan).

The overages of $10/GB per month on both services mean once you go over your plan, you'll be looking at a little over $5/minute in new charges.

It is possible (though highly unlikely) to rack up over $200K/month in bandwidth charges if you managed to find an empty 4G cell for a month.

Sadly Sprint, which has unlimited 4G last i checked, was absent from the release of the new iPad.

guelo 1 day ago  replies      
The world of LCD panels baffles me. For some reason Apple can sell an iPad with a 2048x1536 IPS screen for $500 but your average $1,000 laptop comes with a crappy 1366x768 TFT screen or maybe 1920x1080 if you're lucky.
Xuzz 1 day ago 7 replies      
Although the HN title (currently) says "Ipad 3", Apple seems to actually be calling it the new "iPad" (edit: "new iPad", not "New iPad"). It's a bit confusing: next year, is it then the "old iPad"?

But, we don't really have that issue with many other Apple products (iPod nano, all Macs, etc) that use the same naming scheme. So we'll see how bad it actually ends up.

tomkinstinch 1 day ago 5 replies      
The 264dpi screen is a big deal. I was at a workshop with Edward Tufte this week. He extoled the virtures of using paper for information-rich data transfer. Having paper-like screen resolution is an obvious advantage for disseminating information.

I'd like to see a startup take on PowerPoint by releasing software to compose iPad-friendly presentations. Think one-pagers full of text, graphs, and figures. On an iPad they could be interactive, annotated, and linked together. Every iPad-toting meeting goer could scan a QR code on the way in to get on the same page, and then sit and discuss the content. Gone will be the days of presenters doling out bullet points at excruciatingly slow pace.

Having read Isaacson's biography of Jobs, it seems that Apple may be gunning to disrupt the textbook market. Having paper-like resolution is a great step in that direction.

afterburner 1 day ago 6 replies      
It's 10% heavier:


Yes, I know why, but I was hoping against hope it would get a little lighter. But I didn't think it would. Maybe next year, when there's no reason to up the resolution.

huggyface 1 day ago 1 reply      
I have four Android smartphones and two tablets, but this is the first Apple product that has really opened my wallet. Literally, my wallet is sitting open.

But their store keeps crashing and going back to the offline state. Called their phone sales and they couldn't help me because they use the online system to enter orders. :-)

Ah well, I'll get one soon enough.

_djo_ 1 day ago 1 reply      
It's 'the new iPad', not the iPad 3. Apple is evidently going to follow the same pattern as it does with its computers and is doing away with a sequential numbering system.

So the next iPad will also just be 'the new iPad' the same way that every year we see 'the new MacBook Pro'. The iPhone will probably follow suit.

jevinskie 1 day ago 3 replies      
No mention of bumping the RAM from 512 MB to 1 GB. Even my TF101 Tegra 2 tablet has 1 GB of RAM. I wonder how much the 4x larger retina display assets will increase RAM usage.

Edit: I guess it does have 1 GB of RAM. http://chronicwire.com/the-ipad-3-has-1gb-of-ram

tvon 1 day ago 3 replies      
I'm still somewhat amazed they haven't found a better way to handle updating the store. I understand that there is a marketing aspect to taking it offline, but it should be back online and updated immediately after the event is over.
cube13 1 day ago 0 replies      
Might want to double check your math there.

42 Mbps is 5.25 MB per second. At that rate, it'll take about 950 seconds to download that. That's about 15 minutes.

The more common 2 GB plan would be up in about 6 minutes.

thematt 1 day ago 4 replies      
Nothing mentioned about Siri. That is surprising, because I thought that inclusion would be a slam-dunk.
nextparadigms 1 day ago 4 replies      
Since the pixels are multiplied by 4, and the GPU only by 2, does this means the real world performance (in games) of the iPad 3 GPU should be half the performance of iPad 2?
FaceKicker 1 day ago 3 replies      
Is it just me or do the comparison pics of the old iPad screen vs. new retina display on this page look exactly the same? http://www.apple.com/ipad/features/

Edit: never mind, there's a zoom widget I didn't notice.

ot 1 day ago 1 reply      
Pre-ordering will be a lottery. I've been trying to get to the online Store for more than half an hour and I get either server error, "we'll be back soon" or incredibly slow connection (which then fails). I managed to get once to iPad page but clicking on any link brought me back to server error.
benwerd 1 day ago 0 replies      
I'm pretty psyched about the 1080p video. We just released our iPad app, which compresses video and shares it with people / teams, and my hope is that this will drive further adoption. Also, I want one, and I want to be able to share the video I take with it.

I do resent how poorly my iPad 1 performs now though. I only bought it 18 months ago!

Steko 1 day ago 2 replies      
Apparently it's just "iPad". Not 3, not HD. Maybe people will always call it the iPad 3 or maybe we'll end up calling it the 2012 iPad or the 3rd gen or something.
ericd 1 day ago 3 replies      
I'm always kind of surprised that the online store doesn't update instantly. I have to imagine that their "We'll be back soon" splash page kills a lot of potential impulse purchases.

It seems to be back now, but the iPhone is showing "From $0", and clicking on the iPad gives an "Oops" error page. Couldn't this all be worked out in staging?

marze 22 hours ago 0 replies      
In the presentation, Cook refers to the "new iPad" with no "3". Inside Apple, they probably have viewed what we call the iPad 1 and iPad 2 as the prequel 1 and prequel 2 to the actual iPad, which is only now finished.
abruzzi 1 day ago 0 replies      
I'm glad they didn't call it "iPad HD". Call me pedantic, but HD should be limited to ITU 'HDTV' broadcast spec, and the iPad 3's resolution doesn't fit. Instead it just confuses things with imprecise language.
joshAg 14 hours ago 0 replies      
Welp, this does it for me. As soon as i can get a completely carrier unlocked iPad in the bay area, I'm going to switch from my laptop (x61t) to this new iPad plus a dock and a BT keyboard and mouse. All I really need is an ssh/X-window server app, and I can run all my programs on my server or desktop.
shad0wfax 23 hours ago 1 reply      
Wonder how many are willing to upgrade from Ipad 2? I have an Ipad 2, I don't see a need to upgrade.

I am sure the tablet devices will follow a similar cycle as iPhone. Upgrade once in 2 years. I am beginning to wonder, the only aspects that might make me want to upgrade to IPad 4 next year, could be faster processor and more memory, thus making the overall experience better. I am sure Apple will have some exclusive software that will run only on their latest device (ex: Siri), that might force me to upgrade. Given how I use the Ipad right now - Videos, Netflix and eBooks (very limited browsing), I am ok with what I have now.

Will be good to know some statistics on how many upgraded to Ipad 2 from Ipad 1.

icki 1 day ago 2 replies      
I'm excited that they're addressing user complaints about 'content creation'. iPhoto looks particularly impressive; it looks like people will be using their tablet devices for more than just content consumption now.
julianb 1 day ago 0 replies      
Looks like the iPad2 is available for $399 now.
kenrikm 1 day ago 0 replies      
The Apple Store was live for about two minutes but a DDOS from everyone trying to pre-order brought it down and they went back to "We'll be back soon"

I would love to see how many hits they are getting.

mikemoka 22 hours ago 1 reply      
Everyone is speaking about bandwidth speed, but what about the first major product launch of the post-Steve era? What was your impression about it? A little bit of something clearly wasn't there if you ask me
wmf 1 day ago 0 replies      
"Quad-core graphics" seems like misleading marketing to trick people into thinking A5X is equivalent to Tegra 3; this seems like a shame since Apple could presumably win without it.
juiceandjuice 1 day ago 0 replies      
I think this link is titled wrong.

Nowhere is it referred to as iPad 3, iPad HD or anything like that. It's just "The new iPad"

leeoniya 1 day ago 1 reply      
so Apple ditches Flash for HTML5, but requires Quicktime to play the Retina tech video?


MatthewPhillips 1 day ago 2 replies      
Does this not include an update to iOS?
MatthewB 1 day ago 0 replies      
I'm wondering if my grandfathered unlimited plan with AT&T can be applied to the iPad?
munchor 1 day ago 2 replies      
I hate it that I can't watch the videos on Apple's website, and to me, this is just a reminder of that, oh why?
lelf 1 day ago 1 reply      
Is me the only one was secretly hoping for tactile feedback?
cicloid 1 day ago 0 replies      
Isn't the LTE migration in part a cost saving measure for carriers and later on the final user?

From what I remember, LTE does pump more data in a more cheap way; and the infrastructure for it is more cheap also.

tlb 1 day ago 3 replies      
Resolutionary. What a godawful marketing department word. The first thing you see. I miss Steve.
warmfuzzykitten 1 day ago 0 replies      
Apple can't keep the Apple store up. Why are they surprised by the load?
eternalmatt 1 day ago 0 replies      
It sincerely bothers me that no where no the apple.com site, has Apple referred to his as the iPad 3. The closest thing to a new name that they've given is "The new iPad".

Please everyone stop calling this the iPad 3.

jiggy2011 1 day ago 1 reply      
I wonder what the implications of this will be for web design?

A website built with a fixed with 1000 pixel design is suddenly going to look pretty silly on a new ipad.

Of course if you design around large resolutions you will marginalize those with standard displays.

Fizzer 1 day ago 2 replies      
Does anyone know if OpenGL's 1024x1024 image size restriction is being raised as well? Seems pretty limiting to not even be able to make an image that's as big as the screen without tiling four of them together.
kenrikm 1 day ago 0 replies      
Ouch, Just ordered 32gb 4g (AT&T) $780 with tax.
If I were not using it for development it would hurt a lot more however it still is about double what I would be comfortable with for my own use.
xpose2000 1 day ago 0 replies      
During iPhone 4S release, who cares about 4G. iPad HD, all hail 4G!
incanus77 1 day ago 1 reply      
It's spelled "iPad" and it's not the 3.

Now, if you'll excuse me, I'm going to get back to my Desk 4 and have some Breakfast 2.

dlsym 1 day ago 0 replies      
Apple releases Ipad 3 - and no one cares.
cageface 1 day ago 1 reply      
It says a lot that the longest thread thread here is about data plans. I guess this is a logical iteration of the iPad 2 but they really seem to have left the door open for an Android manufacturer to leap ahead here. Both this and the 4S feel like Apple on autopilot.
Osiris 1 day ago 4 replies      
I think Apple is doing a great thing by pushing up display resolutions. I can't believe that PC manufacturers still REFUSE to produce laptops (at least consumer grade) with any resolutions higher than 1366x768.

I've been watching consumer laptop sales for a year and the only one I've seen with a higher resolutions is a 17" beast. Luckily I got a 15" Macbook Pro from work with a 1680x1050.

Everyone's known since the iPhone 4 that Apple would do a hi-res Tablet display, but PC manufacturers still refuse to innovate and put in hi-res displays in their laptops.

I refuse to try to write code with only 768 vertical lines.

jcfrei 1 day ago 1 reply      
I feel like apple is already slipping without steve jobs. calling the new ipad "the new ipad" certainly doesnt seem like a smart move (same goes with the iphone 4s - wouldnt you rather have an iphone 5?). and furthermore, there's again very little innovation in the device, the outside hasnt changed at all, albeit being a little thicker. just improving display resolution seems like a change most ipad2 users won't appreciate enough. I just feel like that apple is now just draining every penny from it's customers with small innovations and a huge brand - while still being unable to decide what to do with it's stockpiles of money.
scrame 1 day ago 0 replies      
Hooray! Another iteration of an expensive toy for tech managers trying to justify their jobs and people who think that money buys taste!
robomartin 1 day ago 0 replies      
Why I will not be buying an iPad 3:

- Resolution: Who cares.
- Camera: Who cares.
- 4GLTE with a ridiculous price and cap. No thanks

I don't think there's anything really compelling about the iPad 3 for the masses. Sure, they'll sell a bunch of them, mainly because, well, that's what they are selling now.

Being on WiFi most of the time I don't see any motivation to get an iPad 3 over my iPad 2. Most of the time the iPad 2 is used to casually browse the web on the couch, play chess and mess around with other games. In none of these use cases has the iPad 2 screen resolution proven to be an issue at all.

Once usage becomes more serious iPad 2 goes on the shelf and I/we switch to computers. All of our home computers are equipped with a minimum of two 24inch 1920 x 1200 pixel screens. There is no way the iPad 2 or 3 experience can compete with this at any level.

I think Apple needs to fix the issue of carriers gouging customers for connectivity. We have four iPhones and two iPads. Why are we paying six fixed-cost, limited usage data plans when the devices are on WiFi most of the time? Why is it that we can't buy a "family" plan, if you will, and pay one fee for connectivity. That's what you do with DSL: You pay one amount for a data rate and it doesn't matter if you have one or fifteen computers attached to the service.

The next revolution in mobile might not come until the recurring costs involved in using these devices come under control.

Cursor:none abuse (trick users into clicking Facebook 'like') jack-shepherd.co.uk
269 points by jackshepherd  2 days ago   65 comments top 20
duopixel 2 days ago 6 replies      
A much more straightforward abuse would be pointer-events: none. Just position an element over the 'like' button and let clicks pass through it: http://jsfiddle.net/rVxTn/
Zirro 2 days ago 1 reply      
It should be noted that the NoScript add-on for Firefox prevents this from working through it's Clickjacking-protection (and possibly a couple of more, cursor-specific tricks). People need to know that it does more than block JavaScript.
epochwolf 2 days ago 1 reply      
Interesting. Chrome's "Under the Hood > Content Settings > Mouse Cursor" setting doesn't affect this. I would have thought it would prevent this.

Also, stuff like this is why we can't have nice things in browsers. You can't trust the internet.

chc 2 days ago 2 replies      
For everyone talking about JavaScript: As far as I can tell, this is fundamentally a CSS vulnerability. Something quite similar ought to be possible without JavaScript " it would just be a bit less elegant. For example, you could just make a pixel grid of divs to simulate mousemove events and position the fake cursor with CSS hover styles.
RandallBrown 2 days ago 2 replies      
I love it. It seems to work fine in Firefox, although the real cursor starts flashing when it's above the Like button.
superchink 2 days ago 4 replies      
Odd effect. I see two mouse cursors (Mac OS X 10.7.3 + Chrome Dev Channel).
ck2 2 days ago 1 reply      
Good luck faking my inverted extra large windows cursor.
EmmanuelOga 22 hours ago 0 replies      
Speaking about prevention (for the specific case of the like button), I have privoxy (1) setup to disable fb plugins with rules like these:

{+block{Facebook "like" and similar tracking URLs.}}

{+block{Stupid facebook xd_proxy.php.}}

The second one also removes an annoyance I see from time to time when I bypass the proxy which makes the page request again and again that xd_proxy.php file.

If I really want to like something, I disable the proxy and reload the page. I use Proxy SwitchySharp (2) for chrome to do the setup for me in pages I visit often.

1: http://www.privoxy.org/
2: https://chrome.google.com/webstore/detail/dpplabbmogkhghncfb...

pnewhook 2 days ago 1 reply      
This is brilliant, but now it's only a matter of time until it's in actual use. Sort of like how evercookie was a clever hack meant to call attention to privacy concerns, then was put into actual production sites.
mkopinsky 2 days ago 0 replies      
I tried clicking "Fork me on github" but couldn't because I couldn't position the real mouse pointer in the right place.
jusob 2 days ago 0 replies      
I guess I should use this as an opportunity to remind people of the "Zscaler Likejacking Prevention" plugin for Firefox/Chrome/Safari/Opera (check the corresponding add-on stores). I use the setting "Request confirmation for all Facebook widgets" so that it asked me for confirmation before sending the Like request.
Maro 1 day ago 1 reply      
I use Ghostery to wipe out Facebook showing up elsewhere on the Internet.


drucken 2 days ago 0 replies      
I have NoScript 2.3.1 in Firefox with the default settings, including Clearclick protection. I have no Facebook account and no scripting is enabled for this site, including JQuery.

The site is still able to disable my mouse over most of the screen.

Am I the only one?

smackfu 2 days ago 0 replies      
Cursor:none makes it cleaner, but it's not necessary. You could use a lighter cursor like cursor:crosshair or cursor:text along with the fake cursor, and I bet most people will still click using the fake one.

In fact, even if you can't change the cursor at all, you could easily create a swarm of fake cursors that would frustrate the hell out of the user.

TheMiddleMan 2 days ago 0 replies      
I forked this to use a different exploit which takes advantage of pointer-events: none.


justindocanto 2 days ago 1 reply      
I have some input on your todo list:

If you give an id (or class) to your p tag that contains the links you said you wanted to make easier to click, then you could use css and easily add a :hover state. Then on the hover state just make the cursor normal so it's easier to click those links. Upon mouseout the cursor will go back to 'normal'. =)

cocoflunchy 2 days ago 0 replies      
I don't think I'm getting the desired result... my cursor disappears, and I all I see is a static one in the top left corner above a cropped "Like" button (in french though, that may be the problem).
See here : http://imageshack.us/f/836/28545472.jpg/
downandout 1 day ago 0 replies      
Is this news? Likejacking has been around for well over a year. Google it.
natmaster 2 days ago 1 reply      
In Firefox, the cursor flashes above the like button. Still easy to miss, but certainly not bad as it seems Chrome is.
AznHisoka 2 days ago 0 replies      
Nice, can I use this to trick people into clicking an affiliate link instead?
I'm an Engineer, Not a Compiler numbergrinder.com
258 points by Luyt  1 day ago   148 comments top 27
edw519 1 day ago  replies      
Imagine interviewing carpenters:

Method 1:

  How many ten penny nails in a pound?
Who makes better screwdrivers, Craftsman or Snap-on? Why?
What's your favorite toolbox? Why?
How can you tell when wood has been treated?
Why should you measure twice, cut once?
Which end of the hammer do you hold?

Method 2:

  Show me something you built. Describe what you did.
Cut this piece of wood according to these specs.

If you needed someone to build your house, which method would you choose?

raganwald 1 day ago 5 replies      
I'm going to take the incredibly unpopular stance that nano-questions are not considered harmful. It's true that only asking nano-questions, or emphasizing them, or thinking that a good engineer must necessarily be able to answer all of the nano-questions perfectly are all broken ways of thinking.

But I look upon them as a kind of FizzBuzz. I know for a fact that while you can look them up in Google in 500 nanoseconds, experienced people doing hands-on work are going to be able to answer 2/3 nano-questions instantly. A few such questions sprinkled in the opening part of the interview are useful for weeding out the AbstractArchitectureAstronautFactoryFactories from the Programmers.

I'm not talking about esoterica, e.g. “What is protected inheritance in C++?” Lots of practitioners might say, correctly, that they never use it and can easily look it up if you need to know how it works. And sometimes answering esoterica correctly has negative correlation: You end up hiring people who are SmartButTooBusyPlayingWithCoolIdeasToGetStuffDone (I'm a prize example of this). But if a programmer says he's working with jQuery and I ask him to explain the difference between $(‘.foo.bar'), $(‘.foo,.bar') and $(‘.foo .bar'), I don't want to hear from him that he can look it up on the Internet, a jQuery programmer knows the answer.

It's acceptable for someone to say, “I don't know jQuery, but I'm a smart guy, I can figure it out on the job by looking stuff up,” but if he says he's been using it to build awesome HTML5 applications, I want to ask a few of these questions to make sure that I'm interviewing the person described on the resumé. A working programmer will know the answer to all of them, they shouldn't be hard. Interview pressure will cause some fuzz, so I don't expect perfect, maybe get 2/3 or 3/5 right and then we can talk about composition vs. inheritance or whatever other pet “Start a conversation with a smart person” question.

I want to be incredibly clear about this: I don't think that there is some strong correlation between memorizing things and being a good programmer. I don't think programmers should rush out and memorize trivia just to “pass” an interview. I look stuff up all the time in my job. But I do think that if the questions are easy and obvious to the working programmer, a few of them are an appropriate FizzBuzz for weeding out the folks who have falsified their hands-on experience.

By and large, interview questions are a touchy subject because they serve as a kind of metric for valuing people. So when I say I think it's cool to ask a few of these questions, some folks are going to think that I say that I measure their worth by whether they know a handful of bits of information. That's not the case. I'm not saying you're unworthy if you don't memorize things. But I am saying that if you claim to have a certain type of experience, there are some questions that are going to be dead easy for you to answer, and those questions are going to help us get to the good part of the interview very quickly.

p.s. List vs Set is a funny question. I can't imagine anyone with a degree being ignorant of the difference regardless of the programming language! It's also a good lead-in to a more experiential question: “Okay, can you describe a time you've used a set of some kind? What were you trying to accomplish? ..."

srean 1 day ago  replies      

  IDE dependency? Perhaps, but that isn't necessarily a bad
thing since that is representative of the tools they will
be using in the office.

Mine is perhaps an unpopular view.

I have come to believe that a decent programmer can and should be able to work well enough without an IDE. Presence of an IDE should be a sufficient condition not a necessary condition and I see so much of the latter.

IDEs are a crutch and there is a minimum level of "walking" that I expect from you without a crutch. If you have to reach for a crutch even for the simplest tasks you will earn my suspicion that you are not as comfortable as the other guy in more complicated operations. As for the claim that IDEs are a representative tool, it need not be true, more for a start up pushing the envelope. Who knows which new or non mainstream language/technology will be most suited for the job. There may not be any mature tooling available yet. I would want my co-hacker to be able to cope.

To give an example, there was this guy who claims he knows scala, but loathes working on a scala project because apparently there are no mature debugger for scala in eclipse. For him a eclipse plugin is a necessary condition.

I have seen too many programmers who program in the following mode - let me type something in the IDE. No errors detected ?, good. Let me test it on a few cases. Didn't work ? let me bump up the loop bound by one, no cookie ? let me decrement it by 2, didnt work, let me change the sign of this expression from positive to negative -...ad infinitum. I am more scared when such a code passes a few half assed test cases and the author cannot explain why the fix works.

I am not saying IDE are universally bad, quite the contrary. I advocate IDEs, but under two scenarios - (i) you are learning a new language (ii) you are an expert in that language. It is the overly populated middle ground, where it is used as a substitute for (a) thinking about your code or (b) knowing the language, that worries me.

trustfundbaby 1 day ago 1 reply      
This story is a bit embarrassing to me, but I'll tell it anyway, I went for an interview a while ago, where I got asked a basic Javascript question ... problem is, I haven't actually written actual javascript in almost 3-4 years (not simple, but not really that hard either) ... I've been writing jQuery, which is supposed to be javascript, but I digress ...

I know how Javascript works, scoping, hoisting blah blah blah, but I haven't written a for loop, or used an actual getByTagName or whatever in a long long time ... I told the interviewer this, and they seemed cool with that, they asked me to write in pseudo code and I did that, then they asked me to convert it to javascript ... hunh?

Well, I started going through line by line and started doing just that, asking them to refresh my memory about the syntax of stuff, even how to write a for loop (yup, its amazing what spending years using jQuery.each or $.each will do to you :P). Anyway, we concluded and though I was annoyed at how out of practice I was, I thought I did okay.

Well the recruiter who set it up, called me back (very nicely I might add) and gave me the feedback on the interview. The interviewer, (who had been very nice to me too btw), had eviscerated me, writing that I displayed a lack of Javascript fundamentals ... saying I didn't even know how to write a for loop.

I don't blame them, because we clearly shouldn't have been talking in the first place, they were obviously looking for a hard core Javascript guy ... and not person who could just build complex front end UIs & interactions using backbone/ember/spine/jquery/whatever, which is what I was more interested in.

But it also got me thinking about how some engineers fixate on syntax, and use it in judging other programmers, and I realized that in some circumstances it is pretty appropriate.

For example, if you're looking for a specialized dev, then that kind of stuff probably does matter; in that, it can help you spot a star very quickly ... but I also think that over reliance on it could let you miss out on people who could easily specialize to the level you want, but might not have that immediate level of familiarity with the language. But when you have to go through 100's of candidates, is that something you're willing to take the time to look out for? Should you?

Sorry for the rambling, just been thinking about it for a long time now.

DrJokepu 1 day ago 8 replies      
> My favorite phone interview question? “What's your favorite language?” followed by “What are it's weaknesses?”

This is also one of my favourite questions to ask when I'm interviewing someone. Unfortunately most of the time the only response I get is confused stares. Maybe this is just a UK culture thing but it feels like many people are not prepared to display critical thinking on a job interview.

slavak 1 day ago 1 reply      
I for one would be grateful if an interviewer asked me this kind of question. It gives me an instant and unambiguous indication that this is not a place I want to work, saving me a lot of wasted time - and God forbid if I'd otherwise actually ended up accepting a job there.
staktrace 1 day ago 1 reply      
I disagree with some parts of the post. I think good engineers have to be able to work effectively at a high "system" level of abstraction as well as at a low "compilation" level of abstraction. If you can't look at a chunk of code and know enough about the language to know that it could throw a ClassCastException, then it is quite likely that you will fall prey to other language gotchas which can bubble up and destroy the entire design of the system you're trying to build.

I don't think the current state of the art in software development has yet advanced to the point where we can just black-box away all of the entire "compilation" stuff such that it never affects the "system" stuff. I really would like that to be the case, because it would eliminate a lot of unnecessary complexity in software development.

I think asking a limited number of compiler-level questions (less than 5) in an interview doesn't take up a lot of time, and can allow you to get an idea of how much actual experience the candidate has with the language as well as dealing with nitty-gritty problems that come up while you're coding. The value and time spent are both small, so the value/time ratio is probably in the same ballpark as any other question you might ask.

phatbyte 1 day ago 0 replies      
To me, a perfect interview would be:

"Here's a coding challenge, go home, write the code to solve this, come back tomorrow and tell me three things:
- How you did it, - Why you pick this solution, - How it could be improved"

by doing this I could see how he writes code, if he's just a google copy&paster, and what's his skills in algorithm optimization etc...and specially, how he/she thinks.

Quite frankly I don't care if someone doesn't know what Polymorphism is right from his head. I didn't knew what polymorphism was until a few months ago, and yet I was applying the same principles in a lot places in my code. That's the downside of being a self-taught you don't get to know a lot of theory, but on my work I know I'm doing it right. (Also because polymorphism is a very abstract thing to be honest....)

In a nutshell, get developers who can show you their code and can it explain it, don't rely on theory, you are not hiring a college professor.

dhotson 1 day ago 3 replies      
I'm kind of on the fence on this.

These questions might seem pretty lame, but as an interviewer it does tell you something about the candidate's level of experience with a language.

If you've worked with a language for any decent amount of time. There are things that you really should know without having to look it up all the time.

This is especially true if you mention on your resume that you're an expert at something. I'm definitely going to ask you a difficult question about it and I'll expect you to answer in some depth.

If you mention you're a Java pro but can't tell me what the 'synchronized' keyword does for example. I'd be concerned.

chimeracoder 1 day ago 1 reply      
The real problem is what knowledge the question is supposed to test - is it testing whether you know the answer to the question, or is it testing something else altogether?

Put another way, the problem is less the specificity of the questions and more the ease with which you can expect to earn them.

I haven't used Swing/AWT in two years, and I couldn't really tell you what inherits from what. But after a weekend of breaking through the rust, I'd get back into it, so it's of no consequence to any potential employer.

However, some language-specific questions are very telling. For example:

    How many arguments does type() take in Python?[1]

If you answer '1' or 'either 1 or 3', that tells me two very different things about you. The latter tells me that you may understand that Python uses prototypical inheritance, rather than 'pure' class inheritance, and it tells me that you may have done a non-trivial amount of Python metaprogramming before. If you understand Python's inheritance structure in this way, you're a much more valuable candidate to some companies than you are for simply knowing syntax errors and interpreter-specific quirks... and the opposite may be true at another company).

(Of course, it's possible that you know that and have simply forgotten, or were confused by the phrasing, etc. - no question is perfect, but after enough of these, you start to piece together a picture of the candidate).

The point is, the former question is something that you can reasonably learn during a training period and which asks little more than face value. As for the latter question - you all know that now, so you can also learn it during a reasonable training period. But actually applying that knowledge (which comes with the followup questions) is something that would require a significant level of familiarity with the subject in question, which is what they are really trying to get at.

[1]This may not be the best wording for the question, since it tips the interviewee off to the trick beforehand, but I can imagine a way to present this question so that it wouldn't.

funkah 1 day ago 1 reply      
> Basically: Any question that takes 5 seconds to answer with Google is not a good question.

Can't argue there. I haven't done a ton of interviewing in my career so far, but it is important to me to find out how the other person thinks. Being able to cite function names and package identifiers from rote is not important, at all.

robomartin 1 day ago 0 replies      
"A good engineer thinks abstractly in terms of designing and building systems, they think in terms of algorithms, components, and engineering design. They do not necessarily know all of the details of syntax of a given language"

Precisely. I'll take someone who can think this way before someone who can rattle-off all of the minutiae about a particular language. I've run across too many programmers who don't have a clue about project organization, MVC, data representation, optimization, etc. Yet, they can pass minutiae-filled tests about a particular language.

Unless you've been programming in a single language for an extended period of time you will not have encyclopedic knowledge about that language and its libraries.

Get 15 to 20 languages under your belt and the effect is more pronounced.

I know exactly what it takes to write a number of sort algorithms, genetic solvers, neural networks, real-time embedded OS and more. No, I can't rattle off exactly how to write it in the language of the day. When switching to a language I haven't touched for a while it takes me two to four weeks to "task switch". I surround myself with reference books, use the IDE and any available online resource. Somewhere during that period I start to rock. I get the job done and produce clean and efficient code, fast.

I would probably fail the kind of questioning the article describes. Yet I've been solely responsible for large projects using languages spanning from assembler to Forth, C, C++, Verilog, Lisp and, lately, Objective-C.

Bad programmer! No doughnut!

gbvb 1 day ago 1 reply      
I believe Any senior engineer worth his salt should be able to do lint style verification of someone else's code quickly. When I am expecting someone to be a senior enough engineer, they should be able to look at someone's code during Code reviews and find the issues in it that can lead to problems without resorting to IDE/debugging.

I do agree that nano-questions are not useful except in situations where you get a resume with keyword bonanza: You know the kind, ones with every language,OS in the first page listed so that they will pass through the corporate recruiter filter. For those, nano-questions trip up but that will give me an indication to dig a little deeper into their IDE usage pattern. If they show some proficiency in it, (for e.g., tell me the command in Eclipse to find all the references to a particular method, if the answer is search in files, .. :)).

dmitrykoval 1 day ago 1 reply      
If you happen to be asked such questions it might be a good indication that the type they are looking for is code monkey. Or they are just not good enough to assess engineering skills. In both cases it's a red flag.
burke 1 day ago 2 replies      
I'm coming at this from the perspective of someone with a pretty good memory for things like this, but those particular "nano questions" seem pretty damn fair to me. They're fundamental enough that it's not really relying on random trivia; they're testing things that you need to know 90% of the time to write a program, no?
lrobb 1 day ago 1 reply      
On the list vs. set... This is an "easy" one if you just stick to the standard CS def, or you just know a language that has a clearly defined library offering that... But in PHP, there's technically no difference between a list and a set: An array in PHP is actually an ordered map. A map is a type that associates values to keys. This type is optimized for several different uses; it can be treated as an array, list (vector), hash table (an implementation of a map), dictionary, collection, stack, queue, and probably more. As array values can be other arrays, trees and multidimensional arrays are also possible.
shimfish 1 day ago 0 replies      
I had a company that was ready to give me a job make me take a PHP test on http://www.123assess.com

After the 10th question asking me to debug 30 lines of obfuscated code in my head while a 3 minute countdown ticked away, I called it a day and decided these were people I didn't want to work for.

phamilton 1 day ago 0 replies      
I think it is important for questions to be within the scope of the resume. If the applicant claims 20 years of Java only experience, throwing in a few of those questions is just a sanity check for that claim, especially if that claim is one of the reasons you are hiring them.

A sportswriter who claimed an expertise in basketball wouldn't feel it unfair to be asked a few trivia questions in an interview. If he didn't know how may winning seasons the Chicago Bulls had with Michael Jordan then maybe he isn't as expert in basketball as he claims.

Where these questions are unfair is when the applicant is more of a generalist. They have worked on very diverse projects in multiple paradigms and multiple languages. Their skill lies not in knowing how to use their tools, but in approaching new tools and quickly understanding how to use them. If you are a Java shop and someone comes into the interview with little Java experience then asking questions about Java specific type enforcement is going to leave them a little flustered.

Cater the interview to the applicant, not necessarily to the position. Then evaluate your understanding of the applicant with respect to the position and see how well they fit.

jussij 1 day ago 0 replies      
This is why as a 20 year veteran of Windows C/C++ programmer I no longer bother applying for C/C++ software development contracts.

I really don't give a stuff that your Boost/STL trick question is missing a semi colon, which in reality would result in pages and pages of false compiler error messages.

I really don't want to try an second guess the compiler and tell you where the missing semi colon should go.

I use the compiler to detect my mistakes. I read the compiler output error messages, understand the message and fix my mistakes.

But I don't pretend to be a compiler. I'm a software developer. I use the tools available to me to write software.

hef19898 19 hours ago 0 replies      
Fully agree with this post, even not being a programmer 8I'm slowly asking myself why anyway...) I'm not thrilled by the prospect of answering detail questions out of my head. Things like, I already hated them back in university. Nice to check if the candidat can remember the basics, but I'd actually prefer a guy who can not only remeber them but actually use them in context.
Coming more from the classical engineering fields, you don't want a guy who can write in norm script on hand written drawings, you want a guy who can use Catia (or what ever) AND can actually design good, working parts. And that actually has nothing to do with Catia skills.
Nothing different to my current field in Supply Chain Management, but there I'd strongly suggest using some basic nano questions, sad as it is.
IanDrake 1 day ago 1 reply      
I usually open with some nano questions. Sorry, but if you say you have 5 years of experience with C# but can't tell me which namespace List<T> or Stream or SQLDataReader is in, then we're done, because you're lying.
parvinsingh 1 day ago 0 replies      
I wonder, how would someone interview a doctor. Asking him more of theoritical questions ? Or asking him to do practicals, which I believe might be completely off the books depending on the situtation :).
Anyways, there are
1) people who pass the interview very well, and cannot perform the duty on the job.
2) people who do fair on the interview, but are very well executors of the duty.
3) People who really become the backbone of the feature, and become the go to guy for everything and anything, they may or may not perform at the interview.
spiralpolitik 1 day ago 0 replies      
There seems to be trend toward ever increasing absurdity when it comes to interviewing for Software Engineers. In fact some of the recent HN posting about interview techniques are verging on being a parody of the Knights who say Ni from Monty Python and the Holy Grail ("We want you to cut down the largest tree in the forest...with a Herring !!").

As the post says find the Person who is the best fit for your team/company. Everything else can and will be learned on the job if you get the right candidate.

XcodeNoob 1 day ago 0 replies      
So an interviewer asked dumb questions, and sometimes they get my orders wrong at McDonalds. NEXT.
blahblahhhhhh 1 day ago 0 replies      
Great post. I felt the same way recently in a few interviews.
jebblue 1 day ago 0 replies      
Excellent article, totally relevant, thanks.
ExpiredLink 1 day ago 0 replies      
I guess it's hopeless.
Why Bootstrap might be very important scripting.com
250 points by davewiner  1 day ago   82 comments top 29
ohyes 1 day ago 2 replies      
I like bootstrap because I'm terrible at getting things to align properly on a web page and it basically does it for me.

As a programmer, this is awesome because I can spend the rest of my time on the interesting programming stuff. Really, it appeals to:

1.) My complete lack of understanding of the intricacies of CSS and web page design.

2.) My mindset as an industrious but lazy programmer.

3.) It can be made to be generally portable.

I can see that down the line I might want to replace it with something else or hire a real designer to make me real buttons and web page styles, but it an excellent tool for the rough drafts of different ideas that I have. I can put things 'here' and 'there' on a web page quite easily, and that is really what I want/need.

It is much like a writer throwing down his ideas stream of consciousness style onto a piece of paper. He knows that he will have to edit eventually to make it consumable, but for now, he just needs to get the ideas down on paper while he has them.

wildmXranat 1 day ago 1 reply      
You will have to pry that framework from my cold, dead fingers. Most web projects if not all would benefit from one thing or another that is shared amongst major solid frameworks. It's silly discriminate against projects that use it, and most of all, down right foolish.

I use the framework as a concise, distilled version of good CSS practices and I find it hard to believe that somebody launches a project that looks like a kitchen sink example.

justjimmy 1 day ago 6 replies      
Bootstrap is great for what the name implies, but when you are delivering the product to the public, it's not good enough.
The perfect example is iOS apps. Can you imagine your designers simply copying and pasting from iOS's default theme? It's very bland, it turns off users before they even use it (which in effect, is bad UX. Bootstrap has both + and -, good UXer will see this and adjust accordingly/depending on the phase of the product). I use this resource for my wireframe/mockups http://www.teehanlax.com/blog/iphone-gui-psd-v4/ Personally I won't ever use it in a beta product/website as is.

There's nothing wrong with bootstrapping to map out user flow, and give clear indication a button is a button, a list is a list etc. But when it's time to up your game, give access to the public, default bootstrap visual/color needs to go.

Humans judge a book by its cover. If you release your bootstrap website, users will have to work and over come the barrier of your bland looking site and then decide if it's worth it to try your product.
PS: The point about lawyers have crappy websites and yet we still use them is because our expectations changes depending on the organization. Do we expect government websites to be wow and dazzle us? Do we expect a new Apple product's website to use bootstrap? Do we expect a 2 month old startup website to be featured on Behance's frontpage?

And remember who your early adopters are " if it's people that scours HN or see countless bootstrapped sites, what are they going to think when they see your site? Would they be understanding and go 'Oh its okay - they're a startup, I'll give them some leeway when it comes to visual design' or 'Would they go eff this, these guys don't care about design or visuals. I'll come back later'.

jasonlynes 1 day ago 1 reply      
i'm a designer and a developer and i'm using bootstrap in my latest project as a base UI. i figured, i'm introducing some big new ideas that are hard enough to explain to my users, why make them discover how a new menu or form works? so i used bootstrap for all my typical interactions and it's saving me weeks of work i would have spent rolling my own custom framework.

and it doesn't look anything like bootstrap.

richardw 18 hours ago 1 reply      
To all those arguing for custom design:

Sure, having a killer design is first prize, all other things being equal. However, in a lean startup resources aren't infinite - you have to decide where to put your time and money.

Marketing has a concept called "point-of-parity/point-of-difference" [1] that I think might be useful here. Bootstrap without any customisations gives you parity - your design doesn't suck anymore. Once you've achieved parity and your customer feedback indicates that design is hurting you, iterate the design.

Building a todo list for designers? Pay lots for design.

Building a technical app for builders? I suspect once you have relative parity they'll buy based on how well you target their needs.

[1] http://en.wikipedia.org/wiki/Points-of-parity/points-of-diff...

coderdude 21 hours ago 0 replies      
Many people have commented saying that their primary concern with Bootstrap (or what holds them back from liking it) is the default styles. There's a lot being done to combat the wave of bland Bootstrap deployments and not everyone chooses to go vanilla.

You can try:

- Bootswatch, free color schemes: http://bootswatch.com/

- Lavish, a way to apply colors extracted from images: http://lavishbootstrap.com/

- WrapBootstrap, a marketplace for premium Bootstrap themes: http://wrapbootstrap.com/ [shameless plug]

Check out Built With Bootstrap for great examples of sites that are thinking outside the default styles: http://builtwithbootstrap.com/

davewiner 1 day ago 0 replies      
It's wonderful how you guys are demo'ing the first paragraph of this piece. You're giving all the same reasons people said the Mac was a bad idea, 28 years ago! You have so much in common with your grandparents. :-)
phatbyte 1 day ago 3 replies      
I can't make up my mind about this.
The developer in me loves bootstrap, it doesn't makes me think too much about UI. I can't just worry about coding and functionality.

However, seeing all websites using the same layout it's pretty boring and dull. I think the web is what it is because of it's diversity. I'm a very visual guy, I love te see beautiful well design things and new approaches.

If bootstrap or any other framework is the end of road as far as UI interface, it's pretty sad IMO.

PetrolMan 1 day ago 2 replies      
I think the author is making a flawed argument. OS widgets and the use of Bootstrap across the web are very different.

OS widgets provide a user familiar with those elements hints and clues about how to use a program. A menu is a menu is a menu no matter the application. Bootstrap provides a very similar framework.

The problem is that we don't interact with public facing websites in the same way we interact with websites in the same way as desktop applications. The level of complexity tends to be very different and design is far more important for a website.

I can understand using Bootstrap for an admin interface; it provides that same recognizable framework for a user. For a public facing website, however, I think using Bootstrap is almost abhorrent. Whenever I see that very distinct black navigation bar across the top I have an urge to leave a website.

I understand that you can of course modify Bootstrap but to be honest I think the design choices are simply wrong for most sites. Bootstrap is great for web applications but for a blog... seriously?

Anyway, enough ranting. I actually really like Bootstrap and I'm using it currently but I know I would not use it for my own personal blog or public facing site.

josephcooney 1 day ago 0 replies      
Most users don't even read the text you throw up in their faces, let alone notice the differences between different CSS frameworks. I've seen people hit F5 repeatedly in desktop applications and wonder why it wasn't refreshing. I think bootstrap is awesome, and is exactly what web development needs.
jaimzob 1 day ago 0 replies      
Standardized toolkits were a boon when the Mac came out - they were confining enough that the average programmer couldn't produce a really bad interface. Today however, and after quite a struggle, the idea is finally taking hold that software should have an _actual_ design phase conducted by _actual_ designers that understand how people _actually_ interact with software.

The disquiet some people feel is that frameworks like bootstrap make it very tempting to drop this design phase in favour of snapping widgets together and assuming the end result must be a good UI because users are "used" to the individual widgets. This would definitely not be step forward in software construction - web or otherwise.

whileonebegin 1 day ago 0 replies      
Good post by Dave. As others mentioned, I think Bootstrap is very much like the Wordpress for web apps. Just like wordpress has hundreds of templates, hopefully we can get a variety like this for Bootstrap as well. This could be as simple as adding more examples to the official Bootstrap site. Maybe skins?
ux_designer 22 hours ago 1 reply      
When people say they "use bootstrap", are people just using it unmodofied?

Throw a "custom.less" at the bottom of your styles.less, and you can make bootstrap completely indistinguishable from the vanilla style.

right now I am building a very large browser app on bootstrap, and you'd never know by looking. All I do is add styles to the "custom.less" and change what needs changing.

Programmers need to realize that customizing the look and feel of bootstrap is VERY VERY easy. It's perfectly safe to use for production.

All bootstrap did was make a vanilla, simple template so you don't have to redo all the boring html work over and over. There is nothing that constrains you to a layout or visual style.

camerondaigle 1 day ago 1 reply      
As a designer that works primarily with Rails devs on large-scale applications, I feel the pain of developers that need UI/UX/application designers and can't find/afford them (for personal projects, startups, etc).

Bootstrap fills that very interesting and apparent need in the web community. It feels like a coping mechanism for devs who can't find good design/frontend resources, so I don't have a personal need for it, but I hesitate to dismiss it entirely as I personally know many developers that wouldn't have anywhere to turn without a tool like Bootstrap.

That said, the author's attempt to push it forth as some sort of a framework for all web language is a bit much. The best UI and UX will always be at the service of what the specific website requires, not skinned out of a modular system.

But this knowledge/resource gap is a growing problem, and I don't see enough of the design community becoming aware of it and stepping up their game to make things like Bootstrap less necessary.

guelo 1 day ago 1 reply      
Apple fans can be really unimaginative with their analogies. "I like something. It must be just like something Apple did!"
mdonahoe 23 hours ago 1 reply      
Pardon me for not doing enough Googling yet, but...

Is there a "getting started with bootstrap" tutorial that anyone here recommends?

The Bootstrap page talks about all the features and how easy everything is, but I don't know where I should put the files, if I need jQuery already, etc.

eric_bullington 22 hours ago 0 replies      
If anyone is interested in using Bootstrap along with Python as a backend, I recently published a template I've been using for web apps that integrates a Bootstrap-enabled frontend with an existing Flask template by imlucas (flask-tool), plus flask-auth authentication using SQL Alchemy. I find it useful for prototyping, and yet because it's based on Flask (very modular), it can be easily customized and scaled up:


It's barebones right now but I'll be making improvements and would welcome pull requests (there's a todo list).

dreamdu5t 1 day ago 0 replies      
Without a good designer you won't know if your integration of bootstrap is beneficial.

Like programming, UI is about problem-solving. You can only commoditize design to a certain extent. You still need a design phase. Period.

The interface is the product. It's not something you tack on at the end.

creamyhorror 1 day ago 0 replies      
"What the Mac realized is that there are a set of things that all software has to do, so why shouldn't they all do them the same way?"

Indeed - but I'd venture that the standard behavior for most web elements is already well-established. Pretty much everyone knows how to use a dropdown or a modal. Bootstrap makes it easy to implement these, and that's really handy. You could do the same with jQuery plugins or CSS snippets, though it would take more time.

The bigger aspect of Bootstrap (IMO), and the one that really grabs people's attention, is its distinctive and consistent styling. That's what shouldn't be kept consistent across websites. (It's not like different styling will confuse users.)

Tangentially, overriding Bootstrap's styling can be a bit messy, especially if you aren't using Less/SASS; but it's necessary if you intend to design a site with its own look. That's what I'm dealing with now.

samstave 1 day ago 2 replies      
Sorry for not following, can someone give me a quick synopsis of exactly what bootstrap is?
pacomerh 1 day ago 0 replies      
In my case Bootstrap is very handy for prototyping and getting apps to a certain level of functionality before applying the final look. I always end up skinning it to a very specific product requirement, and in some cases I end up using only half of it. To me what makes a project look bootstrapy is the buttons and fonts, so if you can brand your own, that helps.
ianleckey 15 hours ago 0 replies      
Don't understand the furore personally. Bootstrap is a great framework and there is NOTHING to stop people tweaking and customising it to suit their design needs. It's a stylesheet for crying out loud, just edit it.
cleanshakeapp 1 day ago 0 replies      
I agree that having bootstrap as a common standard is doing more good than harm. However bootstrap is tied much more to design esthetics than interfaces.

With that being said, website designs have defiantly shown trends over the years (as have operating system "themes"). So I think we'll see something else come along to replace the bootstrap eventually according to the "standards" of the next greatest design phase.

Note Bootstrap does make a solid case for using standard components such as LESS, CSS and jQuery.

AtTheLast 1 day ago 1 reply      
If you don't know much about design then Bootstrap is a wonderful way to make a decent looking website. Also, if you need to build a quick prototype then bootstrap is great. But, many web apps have unique functionality and requirements that are beyond Bootstrap.
phzbOx 1 day ago 1 reply      
Ironically, that page would look so much better if bootstrap was used!
danso 1 day ago 1 reply      
Dave makes some good points. But the part that amused me the most is that his site uses a table based layout...he should use bootstrap's row/span system :)
tzaman 1 day ago 1 reply      
Oh man, this post is so wrong. It's just like saying all people should look exactly the same in order to avoid confusion.

Yes, bootstrap is a good thing. But it should be used only as a base for further improvements.

wmf 1 day ago 0 replies      
Isn't Bootstrap for apps?
damptrousers 1 day ago 1 reply      
It's difficult to believe this many people actually still listen to dave winer. He's done, old, and irrelevant. Sad to see people still listen to his drivel.
Reddit vs Hacker News vs Twitter williamedwardscoder.tumblr.com
247 points by willvarfar  2 days ago   75 comments top 12
kijin 2 days ago 4 replies      
> The per-page time is actually quite high; often over 5 minutes on average for a lot of my stories even when its a big crowd. I suspect some subtle misreading of Google Analytics on my part, or else people might actually be reading the whole thing carefully!?

That might be because a lot of people do what I do: keep the article open while browsing comments on HN or Reddit, and switch back and forth between the two tabs while writing my own comment. In fact, I'm doing it right now. I don't know how Google Analytics would measure time spent on a page when the page sits idle in a background tab for the most part but brought to the foreground from time to time.

[Edit] Things get even more complicated if you open 5 articles and 5 comment pages at the same time, and take 30+ minutes to go through all of them.

radicalbyte 2 days ago 2 replies      
> A comment on HN is going to be mature and reasoned; often expanding or exploring technical issues raised

That's what I love about HN : the content of comments here are of a very high quality.

It's something that I've noticed with my own posts - well reasoned comments attract a lot of positive karma. Even if you're taking a controversial stance on an issue.

joshuahedlund 2 days ago 1 reply      
> Nobody actually follows the links in tweets though; click-through is often in the low digits per tweet

Tweet click-through data is obscured in Google Analytics because anyone who clicks from a mobile app shows up as a "direct" hit because there is no referring URL. There's some speculation and evidence[1] that this, at least in some cases, shows up as "Mozilla Compatible Agent".

[1] http://www.seo-theory.com/2012/02/15/why-simply-believing-se...

diminoten 2 days ago 3 replies      
There is something systemically flawed with Reddit's moderator system which precludes it from ever being an unqualified success as a social news aggregator.

The primary issue revolves around the selection process for moderation. To become a moderator for a subreddit, you need to have thought of the name of the subreddit. That's it. This nomenclature designation act grants any user absolute power within that domain space, and the ability to grant any other user the exact same powers.

The person who created the "programming" subreddit has no qualifications, no resume by which to judge their aptitude for the moderation job, and no process exists by which to vet newly added moderators.

A moderator can, for any or no reason, decide to activate the "spam filter" on any submitted article, removing it from public voting and view. This is the only tool by which Reddit moderators are given to modify their respective domains, and when used for reasons other than spam, it "teaches" the filter to remove non-spam results. This is the cause of the "broken" spam filter on Reddit - moderator abuse.

eogas 2 days ago 1 reply      
FWIW, it's currently in /r/programming's spam filter, and it won't be coming out because it's not about programming. Sorry to be all stackoverflow about it, but that's how we operate.
willvarfar 2 days ago 2 replies      
According to my own mining, I should have waited a few hours before posting this :)

Anyway, some time next week I'll be in a position to add a line describing the success of "deeply meta" posts like this one ;)

We just have to get someone to post it to proggit too, I guess. And perhaps dzone...

chrisacky 2 days ago 1 reply      
Yesterday, I posted an article on HackerNews. Its received 62k views in total so far. HackerNews was the site that kicked off all of the view counts and it quickly jumped to the top spot #1.

After it reached the top spot, I thought I would also post it on Reddit. It didn't get a single upvote. It's the third time that a story of mine has made it to the front page of HackerNews and then not received a single visitor on Reddit. In the future I don't think it is worth bothering.

Ultimately, 100% of the traffic that I received, would not of happened if it weren't for the upvotes on HackerNews, because from these upvotes everyone started tweeting about it. It received 900 tweets in total.

Here was some of the highlights.


(The highest it went to was 800 concurrent users).

I'm guessing 60k for an article within 24 hours is a lot!

nikcub 2 days ago 2 replies      
No mention of Techmeme? I'll add that the best way of getting picked up by other bloggers is first Techmeme (not the largest audience but definitely the most influential in tech) and second HN.

I've had blog posts pick up their traffic peaks 2-3 days after they were posted as the route was techmeme -> other tech blogs -> mainstream media

rtisticrahul 2 days ago 1 reply      
My experience with HN has been much better than with Reddit. In reddit, even good posts get down ratings a lot of time.

The one thing i like about hacker news is your posts still have 1 point minimum even if others dont like it, whereas in reddit you fall down to 0 points which makes you feel discouraging sometimes.

18pfsmt 2 days ago 2 replies      
I must admit I'm nauseated by the number of references to reddit on HN. I think reddit is powerful and fills a void, but the few times I've visited > cmnd+w. Twitter is also useful on occasion, but simply not my "cup of tea." These sites feel like eternal September, and make me consider suicide (not to over-dramatize...).
toadi 2 days ago 1 reply      
On what data are these assumptions based? Don't see any reference.

So for me he uses numbers to support his conclusions but I can't check them.

fool 2 days ago 0 replies      
What I'd really like to see is some sort of "diffusion" system to let me know which link aggregation site found a URL first.
How to Hire a Programmer codinghorror.com
246 points by cruise02  2 days ago   144 comments top 33
cletus 2 days ago  replies      
As much as people like to deride #1 (here and elsewhere) it's one of the most useful filters (in terms of filter value for effort spent). It's not a positive filter (in that a candidate who passes won't necessarily be a great programmer) but it is a great negative filter (a candidate who fails almost certainly isn't).

#2 I have mixed feelings about. A lot of people work on things where the source code (even the product) isn't visible. Having an SO profile is semi-useful but lack of one doesn't really mean anything. Github only makes sense if you work on open source (and frankly I'm tired of the incredibly naive "Github is the new CV" postings that pop up every few weeks).

#5 is what I really object to. At least in this case you've gone through the initial filters. Some companies use an audition project as an initial filter before you've ever spoken to anyone (you know, to see if you'd be a cultural fit and so on). I have zero time for this.

The problem with an audition project is that anyone truly good won't have to jump through those kinds of hoops. They'll have their pick of offers as is. Job seeking through a traditional (non-network) route is relatively low percentage such that there's only so much time worth investing in any particular position.

I'm happy to prove to you know I have a solid enough foundation in data structures and algorithms, I can program my way out of a paper bag and I can problem solve and communicate effectively but as soon as you ask me to spend a week--even a day--on some audition project, forget it.

Honestly, hiring isn't that hard. You just need people who are good at hiring to do it. I've done 10 or so "lunch interviews" at Google this year. This isn't an interview per se. It's simply taking someone to lunch in between their onsite interviews. It's a chance for the candidate to unwind, ask some questions, etc. But there is no feedback element to the process.

Of the 10 after 10 minutes I predicted 8 wouldn't get hired, 1 would and 1 I wasn't sure about. Turns out the "yes" declined an offer and the "maybe" didn't get one and I was otherwise right. And this is simply from going to lunch with them.

My formula is:

1. Filter early. "Hello world" and other simple programming tests;

2. Establish technical foundation and problem-solving ability (with one algorithm-related question that should be coded); and

3. Otherwise ascertaining personality/cultural fit. This you should get just from talking to someone for 10-15 minutes.

It's really not that hard. You just need someone who can actually do it to do it.

dustingetz 2 days ago 5 replies      
John D Cook has a lot to say about this: [1]

"One of the marks of a professional programmer is knowing how to organize software so that the complexity remains manageable as the size increases. Even among professionals there are large differences in ability. The programmers who can effectively manage 100,000-line projects are in a different league than those who can manage 10,000-line projects. ... Writing large buggy programs is hard. ... Writing large correct programs is much harder."

Jeff Atwood's metrics will help you filter out engineers whose complexity ceiling is <1k lines -- StackOverflow answers, whoopee -- but that's not a terribly hard thing to interview for. Much harder to interview for the very best, the mythical 10x productivity programmers[2], those who can handle 100k LOC, 1M, or more. Perhaps this is the difference between an experienced non-expert and a real expert[3].

In my experience not a lot of employers care about this, perhaps because their challenges aren't those of complexity-in-scale, or perhaps because complexity hasn't bit them hard enough yet, or perhaps because they are "unconsciously incompetent"[4]. About the only hiring signal I've identified for this is interest in functional programming -- languages like Clojure and Scala exist precisely to raise the ceiling of complexity a human can handle[6] -- and as such I'm trying to learn this stuff and trying to find people via the community who care to hire engineers with these skills. Unfortunately my own bias may be blinding me, you never know which side of Dunning-Kruger[5] you're on until it's too late.

If you care about these things: I'd love to know who you are and what you're working on, email me.

[1] http://www.johndcook.com/blog/2008/09/19/writes-large-correc...
[2] I am not one of these, but I strive to be one someday.
[3] http://www.dustingetz.com/how-to-become-an-expert-swegr
[4] http://en.wikipedia.org/wiki/Four_stages_of_competence
[5] http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
[6] Clojure creator Rich Hickey talking about complexity: http://www.infoq.com/presentations/Simple-Made-Easy

edit: man, this got 2 downvotes in 2 minutes, cmon guys i put a lot of thought into this!

angrycoder 2 days ago 5 replies      
They always tell you when you are interviewing you should never bitch or gossip about your old job. Articles like this are the inverse of that, the employeer is subtly bitching about every bad hire they've ever made. This is a giant red flag that whoever is doing the hiring sucks at their job.

I've had a few interview process that have included some or all of these 6 steps, and I've turned down every one of their offers at the end. Not because I don't have the time to work on a sample project,or because I can't cobble together and isolate some sample code for them to take a look at, and not because I don't know how to play the interview game.

It is because your interview process takes too damn long. One or more phone screens, one or more in person interviews, then a request for a sample project or source code, then a request for references, then a meeting with team, etc. That takes months, with weeks of down time in between.

If you can't figure out if a person is a good fit socially and is a competent programmer in less time that, you suck at hiring and shouldn't be doing it.

mbenjaminsmith 2 days ago 3 replies      
I was about to scream about #5 until I saw this:

"This should be a regular consulting gig with an hourly rate, and a clearly defined project mission statement."

I interviewed with a YC company about a year ago and was asked to do #5 except without pay. It's a long story, but in short I let my guard down because it was a YC company only to find myself having wasted a week. The part that really pissed me off is that they came back _months_ later and pretended that no time had passed at all (obviously their hire didn't work out) and asked me to jump through more interviewing hoops. When I rightfully just told them to put money where mouth is they actually insulted me and the free work I had done (written in an email no less).

The point I'm making is that if you need this many hoops for a candidate to jump through you shouldn't be the one hiring. Find someone else with a business-tuned intuition and ability to judge character. If you act like you're the world's greatest company which people will waste hours and even days trying to impress you're going to miss the best people out there.

Also #2:

"Show me a Stack Overflow profile where I can see what kind of communicator and problem solver you are. Link me to an open-source code repository of your stuff."

Kinda cheesy for Jeff to say the first part. I absolutely agree with supporting both info sharing sites and open source. But as a self-taught programmer that ships products and does very well financially, I can tell you that there are effective people out there that don't rely on SO to get things done and therefore probably don't contribute to it.

I do absolutely support open source software but I also don't have a lot of free time. I've written a raster to vector conversion library that I'd love to clean up a bit and open source. But I literally don't have time to do so. Does that make me a second class programmer? Having hired many people over the years I know that I would look very seriously at someone who has shipped a lot of products but doesn't follow programmer community trends like SO. I guess it could mean they're truly horrible programmers with no knowledge to share. It could also mean they're too busy meeting their own (or some company's) targets. It could also mean they like to unplug once in a while and lead a normal life.

I understand why companies like Google take a hardline approach to hiring. They just deal with too many people. But if you're reading Jeff's essay on hiring you're not running Google. If you're a small company you need to look at the outliers first since that where you're likely to find overlooked talent. That's where you're going to find the people who don't jump through hoops but who actually get shit done on a daily basis.

btilly 2 days ago 3 replies      
Good luck hiring someone who is merely unhappy in their current job.

If someone is in a full-time job, it is hard enough to find time to go to interview. Good luck finding a free week to do a side project for you. They will self-select out of your selection pool, yet they are very valuable possibilities. Ditto for a probation period, why would someone with a job go work for 3 months for the possibility of maybe getting a different job?

Yet that said, I don't think this is bad advice. A company will see many candidates that could have worked out, the challenge is making sure you don't wind up with a promising looking dud. A high rate of false negatives are OK, so long as you don't get a false positive.

But it also isn't the only good way to do it.

kamaal 2 days ago 0 replies      
Frankly speaking I interviewed for a bigMegaCorp last year which is pretty famous. Can't give out the name of the company for obvious reasons.

They first had a telephonic round and checked around my skills. They talked of my last projects and make me write some code. It went well. Then they invited me to have some onsite interviews. It was the most pathetic interview experience any body could ever have.

They gave me a laptop and made me code. Which I did. The first day they had three 1.5 hours session coding session based interviews. Of which I missed only on one question. They went pretty fine. They told two days later I need to go through more interviews, It was a another two coding sessions plus a database and common design pattern based interview which I also did well.

But they called in a week later and said I needed to come again. Frankly speaking my patience had ran out. But nevertheless I still went. Only to find I had to go through another three rounds. This time the experience was pathetic. Its was full of puzzles and memorizing arcane facts of various bits and pieces of software which I bet no productive programmer will ever have time for. It was puzzles and fact quizzing galore like I had never seen before. Coupled by one Algorithm interview and I bet they asked mathematics I had never heard of before.

Another week later they told me I was rejected. Now this is what I have a problem with. You want somebody who can build quality software, who knows his trade. Programming languages, Databases, Tools, design patterns, Quality and other daily stuff.

How the hell does it matter the guy doesn't know facts and puzzles? Frankly speaking I can learn that too! If I spend 30 mins a day reading the career cup ebook and other internet puzzle forums I can very well game the algorithm and puzzle rounds. But what will this every say about my skills as a programmer?

All this 'Github as a resume' , and 'Stackoverflow profile as a resume' work fine only in forums like these. Otherwise every interview has a puzzle and algorithm quiz round which has absolutely no relevance to the daily work of a programmer.

Honestly all big web companies claiming to hire the best are definitely hiring the most knowledgeable person. But none of them are hiring outliers, passionate and productive people who can do miracles. This also perfectly explains, why most of their innovation and growth happens through acquisitions and not in house innovations.

Because most companies have people who know a lot, but not necessarily who can do a lot.

trustfundbaby 2 days ago 0 replies      
You missed one Jeff ... treat them with respect.

I've interviewed at a lot of places, and some of the things these companies do is breathtaking ... that's when they're interested in you. They try to schedule you into 3-4 hour interviews like you don't have a job to do that day. They send you coding assignments that take 4-8 hours to do. Interviewers get your resume 15 minutes before they walk into the room with you, then ask you to rehash your entire background (because ... you know ... that shit isn't in the resume in front of you already).

Then there's the default position some of them take that 90% of the people they interview are idiots, so they're just going to treat you as such until you prove them wrong.

I had one firm set me up for an interview, and then cancel it without actually telling me, until I emailed about 2 hours to the time of the interview wondering what was up etc etc

But that's just the half of it, as soon as some of them decide you're that worthless programmer who didn't pass their pet brainteaser/trick question, they won't even do you the courtesy of telling you that you're out of the running. The recruiter who was all so chummy with you and positive about your prospects goes AWOL and you get that dreaded automatically generated rejection email.

If you felt good enough about me to actually talk to me on the phone to get me to interview, why can't you even email me to cut me? Just man up and do it like the movie Moneyball. "Sorry x, you didn't make the cut. Good luck in your search". I'm a professional, I can take it.

Its all rather exasperating, because we both want the same thing in the end.

robomartin 2 days ago 5 replies      
Sounds good...if you are hiring 15-year olds.

If someone asked me to write a "Hello world" program in an interview I'd get up and leave (or hang up the phone). It's an insult. This would be very clear sign that I was talking to the wrong people.

A lot has to happen before a formal interview takes place. If you have to ask a guy (or gal) to write a "hello world" program it probably means that you have absolutely no clue who you are talking to and have done zero homework pre-interview.

You know what I want to see? Bring your laptop to the interview. Let's connect it to a projector and take me through some code that you've written.

Inside of 30 minutes I should know what kind of a programmer you are. In 60 minutes I probably have enough data to decode your DNA and tell you what you are going to die from.

What the hell are you going to learn from printf("Hello world")?

CodeMage 2 days ago 1 reply      
Okay, to get this out of the way first: I completely agree with Jeff that hiring programmers is hard and that the way a lot of companies go about doing it is about as effective as Russian Roulette. I've seen it and felt some of the dismal consequences. As a matter of fact, I still have to work with lots of those people that should have been filtered out in step 1. So yeah, I agree with the idea.

Having said that, his process, taken together, is ridiculously one-sided. The message it sends comes across as "Of course you want to work for us, regardless of all the hassle we're putting you through, who wouldn't? Only someone out of their mind, that's who! And we don't want people like that here."

Think about it, Jeff. You are asking for someone who:

1) is highly skilled

2) has an attractive portfolio

3) is mature enough to communicate well

A lot of people like that already have jobs. If you want them to do #5 -- which might be something they're forbidden by their current employment contract, by the way -- and you also want them to prepare a presentation for #6, you must be the sexiest employer on the Earth.

In short, what do you propose to balance things out?

shioyama 2 days ago 5 replies      
As someone who has not yet worked professionally as a programmer (nor hired one), I might not be the best person to comment on this article (so take what I write with a grain of salt). But as someone aspiring to do so, I find this article and others like it on HN frustrating.

For one thing, as mbenjaminsmith noted, for small (and I'd argue medium-sized) companies, setting up so many hoops for a programmer to jump through doesn't strike me as a very smart strategy -- you'll likely end up with very few candidates. But more importantly, the "hoops" listed in the article mostly filter for a particular type of candidate. In fact, the whole "jump through hoops" approach to hiring itself frustrates me -- not because I don't think I could jump through them, but because of the place I would end up in if I did.

I come to programming with (what I consider to be) a fairly diverse background. One of the things that I immediately sense in recently having crossed over (in my free time, currently) into coding and into the profession of coding is how homogeneous the community tends to be: on the surface (for example) almost exclusively male and dominated by a relatively narrow demographic, but deeper down also lacking in a diversity of life experiences.

I would argue that the process described in this article is partly responsible for maintaining this lack of diversity, by the simple fact that it encourages the "hoops" mentality.

Why do programmers think asking if Oct 31 and Dec 25 are the same day is funny? I have no idea. Can I find the largest int in an array? Sure, but why in the world are you asking me this?

And FizzBuzz (linked in #1): yes I get it, it's easy and it filters out 199 out of 200 candidates, but what about those 199 other candidates? Is it not possible that among them, you might have missed other candidates whose broader set of experiences would have taught you something that you didn't know, something more important than the fact they failed FizzBuzz, for whatever inconsequential reasons?

People have such a diversity of skills and experiences. Sure, a portfolio can express some of this. Selecting from your community (#3) also strikes me as very sensible. But to find the outlier candidates who have broader potential and knowledge of problems outside the "canon" of standard programming practice, I think you have to take a more open-ended approach.

In the end, I guess maybe the problem for me is that the whole "How to Hire a Programmer" idea itself strikes me as somewhat misguided. A guide to "hiring a <fill_in_the_blank>" is only ever going to filter for cookie-cutter representations of <fill_in_the_blank>, whatever that profession may be.

lachyg 2 days ago 5 replies      
One thing I've really struggled with since coming to San Francisco is that every company seems happy to take extensive time out of a programmer for an interview, including an audition project.

Yet if you ask this of a designer, you get shot down immediately for soliciting spec work.

dinkumthinkum 2 days ago 1 reply      
I don't really agree with this, as usual. If you follow these directions, you might end up ok but you can definitely miss a lot of good people, and yes I'm aware of the meme about being happy to miss Knuth in order to avoid any blubs.

I also think it's not practical for a lot of companies. As well, I know around these parts it is almost sacrosanct that one should have a Github, possibly blog, etc but there are many great programmers that do not have such a portfolio. I mean, many of these programmers are very good, deeply technical, and work on quite serious things.

As far as #5, you will definitely miss out on people there. Many people with real talent actually have bills to pay and companies willing to pay them without some trial project. I understand the reasoning here, I mean, wouldn't it be great if we could go a step further and get someone to work for free for a year before we start paying them, just to make sure they are in it for the "long haul."

#6, I have no problems with; it's quite reasonable.

Honestly, I have followed Atwood for years, how many of these things would he actually pass, besides the thing about being very public? - no ad hominem, purely tangential.

suresk 2 days ago 0 replies      
These seem like mostly good ideas. I do see some problems with things like GitHub and SO rep becoming so important in the filtering/hiring process - it gives a huge advantage to those who work at companies with good open source policies. Open source contributions and contributions to community resources like SO can be useful, but I hope the lack of them doesn't cost too many people shots at interviews - there are a lot of good developers with no presence on SO or GitHub.

I do, however, have a bigger problem with #5. It seems fine at first glance, provided the company is being honest about it, but from the perspective of the potential employee, it is hard to know if performing well on the 'audition' is really all that is standing between you and the job.

About 8 years or so ago, I was applying for a new job. The interviews all went pretty well, and I was given an audition project that was aligned with this companies product very tightly. I spent several evenings (probably ~8 hours total) working on it and submitted what I thought was a pretty good project. After I followed up with them a while later, I was told that while my submission was the best one they'd seen, they weren't going to be extending me an offer.

I sort of wondered if they were using applicants to build their product, but it seems like it was a lot of overhead on their part. Either way, I wasn't pleased that I'd been given a project to work on even though I apparently wasn't going to get hired anyway.

singular 2 days ago 0 replies      
Though I'm not saying there aren't good points here, there are many, I think it's interesting to consider the usual impact of discussions on this subject - typically a great deal of insecurity/defensiveness (I feel it too), which I don't mean to say in a negative light, in fact I think it's quite natural.

It's worth quoting Steve Yegge's fantastic 'get that job at google' [1]:-

'Me: blah blah blah, I like asking question X in interviews, blah blah blah...

You: Question X? Oh man, I haven't heard about X since college! I've never needed it for my job! He asks that in interviews? But that means someone out there thinks it's important to know, and, and... I don't know it! If they detect my ignorance, not only will I be summarily fired for incompetence without so much as a thank-you, I will also be unemployable by people who ask question X! If people listen to Stevey, that will be everyone! I will become homeless and destitute! For not knowing something I've never needed before! This is horrible! I would attack X itself, except that I do not want to pick up a book and figure enough out about it to discredit it. Clearly I must yell a lot about how stupid Stevey is so that nobody will listen to him!'


trefn 2 days ago 0 replies      
These 5 phone screen questions are lifted almost directly from Steve Yegge's "Five essential phone screen questions" post - https://sites.google.com/site/steveyegge2/five-essential-pho...

  1) Coding. The candidate has to write some simple code, with correct syntax, in C, C++, or Java. 
2) OO design. The candidate has to define basic OO concepts, and come up with classes to model a simple problem.
3) Scripting and regexes. The candidate has to describe how to find the phone numbers in 50,000 HTML pages.
4) Data structures. The candidate has to demonstrate basic knowledge of the most common data structures.
5) Bits and bytes. The candidate has to answer simple questions about bits, bytes, and binary numbers.

They even use the same regex example. He attributes other things to Steve, so maybe this is just an oversight, but I'd like to see another link.

radagaisus 2 days ago 0 replies      
Just a minor point about hiring young developers.

I was first employee in a start up before I even finished high school. A real start up, with backing from a top VC and an amazing founding team.

On the interview I looked eager to start getting shit done. I was super enthusiastic, asked hard questions, trash talked technologies - I looked like I actually knew what I was doing!

Then I went home and started to learn all those three letter acronyms they talked about.

You have to check that people can actually code. I'm not talking about algorithms, I'm talking about string truncation, url shortening service, time_ago_in_words - some programmers do know how to oversell themselves.

hef19898 2 days ago 0 replies      
In any technical domain, it's hard to identify the right people, even you base your hiring process on recommondation letters as it is done over here in Germany. These letters, and CVs and degrees as far as that is concerned, only get you so far.

After thinking about it (and deleting my first comment), I see it as some good basic advice for first time employers. What I don't really get is the point with the trial project... Do start-ups and highly qualified experts (supposed you actually want experts) really have that much time to waste? I don't think so.

One important point mentioned in the comments was culture, and yes it is paramount. Especially in disruptive, small companies where you cannot afford to have the average well-adopted worker drone around you usually get from HR in bigger companies, ideally the founders are around to communicate the culture themselves. Ouliers actually are a good place to start looking if don't already know your candidates.

Personally, I like interviews whith people who actually have a say in the hiring, only HR usually sucks. Added benfit: people knowing their job usually can tell after professional discussions (and some tests that can be done in a couple of minutes to identify the liers) if the prospective employee knows his job or not.

Disclaimer: Non-american non-programmer commenting, so please be kind :-)

p.s.: Treat them with respect, because if you don't you'll only get the desperate and they tend to be desperate for a reason.

mirsadm 2 days ago 0 replies      
Once you work at a few places and go through this process many times you get sick of it and create your own startup :P
lhnz 2 days ago 0 replies      
I can see all sorts of ways that this will give you false negatives.

This is what I would recommend:

1. Via an online test: check if they can code something very very simple. (This is your threshold that simply exists to not waste so much time.)

2. In their CV: Look for public-facing indicators of skill: github account, stackoverflow account, blog posts, etc. (Bias towards candidates with these indicators, but do not discriminate against those without. These are indicators of true positives and not true negatives.)

3. In a phone interview: ask about and then assess their breadth of knowledge. Find out their passion.

4. In a phone interview: test the depth of their knowledge in a relevant category of knowledge. If they are struggling then attempt a question in something they're passionate about. (This is the point where you detect true negatives.)

5. In the interview room: give them a choice of hard problems -- the sort you would want them to work on if they joined. (This is where you detect true positives.)

6. In the interview room: find out whether they're the right cultural fit for your company. (This is where you filter out any true negatives that remain.)

jiggy2011 2 days ago 0 replies      
The problem with stack overflow is that I ask for more questions than I answer.

There's a few reasons for this.

1) Finding time, although I can easily justify asking questions on SO at work it doesn't seem quite right using my employers time to answer somebodies (probably coursework) question and it's something I'd have a hard time justifying to the MBA types when there is other work that I could be doing. So my only option would be to go back home and specifically go on to answer questions.

2) Finding good questions to answer can be difficult since I only use a relatively small toolbox of software that is not particularly popular and I usually have more luck discussing it on google groups than on SO.

So that only leaves me with the easy lowest common denominator questions that have either already been answered or don't look terribly impressive to answer just as a way to earn points.

I would rather write a case study of developing something and problems that I solved along the way and publish this on a blog, of course I would have to be careful doing this about work things as well.

dspeyer 1 day ago 0 replies      
> Instead, I have my own theory about how we should interview programmers: have the candidate give a 15 minute presentation on their area of expertise. ... The one thing every programmer should know, per Steve Yegge, is how to market yourself, your code, and your project. I wholeheartedly agree. Now pitch me!


This really looks like an anti-test. I'd rather work with people who don't know how to market themselves -- that marketing skill would distort every technical discussion I had with them.

Even if that is a skill you want, a programmer who's really bad will almost certainly know how to bluff for 15 minutes -- they've been practicing their entire career! -- whereas a good programmer hit with that will probably wobble a bit looking for a topic.

Even if you have a extraordinary bullshit detector, it's still a poor signal. It won't tell you what the candidate is weak at -- and that's often the most important thing to determine.

SanjayUttam 2 days ago 0 replies      
I see posts like this regularly on HN (lists of stuff you should do to hire that top 1% of talent). What I don't recall seeing, though, is a post more along the lines of employment branding. I understand how for very small start-ups that may just be a waste of time but when you get to a certain point it seems like you're going to want to do something. That might just be having a labs.yourCompany.com blog, or releasing an open-source project once in a while. I think that great devs want to work places where they know the work is interesting/fun/whatever. It's a lot easier for you to get the word out via say a blog, rather than have a 1-1 conversation with someone over the phone to communicate the cool stuff you're doing. Just my 2 cents.
dpdp_ 2 days ago 4 replies      
Why do an audition project when you can fire candidates who do not work out within the first three months?

My advice is to trust yourself and hire people you like. Take a leap of faith. If things do not work out - be quick to pull the trigger.

invalidOrTaken 2 days ago 0 replies      
Also worth reading: http://www.deserettechnology.com/journal/writing-a-good-job-..., by HN's very own cookiecaper.
cyanbane 2 days ago 0 replies      
Totally agree with judging people based on their portfolio, however a lack of StackOverflow achievement currency or github commits doesn't signal much.
Mizza 2 days ago 0 replies      
It's funny to see a similar blog do exactly the kind of SEO targeting I've been doing: http://gun.io/blog/how-to-hire-a-programmer/ Same title and everything. Hooray Google Keyword Tool! (The content is different, this is about full time employees and not freelancers.)

I'm glad to see that he recommends _actually paying_ the programmer doing the trial period! I see this kind of article a lot, the advice is always the same, but often they suggest the trial be unpaid.

tobiasSoftware 2 days ago 0 replies      
I have issues with both #2 and #5, having just gone through the getting hired process myself. I think a portfolio is good, but I can't stand this "let's look at Github and Stack Overflow" attitude. To my interviews I brought four projects that I plan to sell one day and one project that I worked on but wasn't mine, so these projects are not open source and I don't like this trend of employers expecting all this open source code. I have real working programs in my portfolio, that should be good enough, if I show you the code you would just nitpick on it anyways.

Give them an audition project: Just no. The suggestions in the article definitely help, but audition projects as I've seen them are horrible, and even with the suggestions, you still need tons of time that you probably don't have unless you are unemployed. Maybe if it's an hour test-like thing, I had a good test project with a company that was an hour long, it tested me on a programming language I had never used, I guess it was more similar to a hello world programming example than anything else.

However my other experience with audition projects was the week type. It was two questions, given BEFORE the first interview as a pre-screen. The first was a 2 page single spaced paper on an economic question. This was about 10% the length of the major research paper I had to do around the same time, all I could think of was how much better my time would be spent doing that.

The coding question was far worse, something about triangulating a trapped miner using his cell phone records. There were so many things not explained that I would need, like the API of the cell phone records or how the data was stored that I felt like either I would have to ask the guy for more information than he would give or that it would be totally fake. Oh, and on top of all that, they gave me a deadline of the work week, not even a weekend. I was in school at that time and only had a few hours on weekday nights.

From my personal experience (which very well may be colored by the one example above), I would have to say that projects as part of a hiring process are for desperate candidates. It will screen out the dumb or lazy ones, but it will also screen out the skilled ones because they will figure it's not worth their time trying to do tons of work for a company that very well may not give them a job, and that the time would be better spent doing something REAL (and not unpaid work for the company either), maybe even a project to put in a portfolio and show off to all companies they are interviewing for.

ap22213 2 days ago 3 replies      
Why doesn't short-term contract to hire work? Seems like it would save a lot of time, with very little risk.
einhverfr 2 days ago 0 replies      
Actually this is entirely how I would expect to go about it.

I recently looked into the way my alma mater hires IT folks and they give you a set of around 6 essay questions. Things like "Please tell me about two projects which best define your ability in terms of X." X might be network engineer, web developer, etc. For grins and giggles (and to help me figure out my hiring process) I went ahead and filled it out. The result was essentially the sort of portfolio that they were asking about.

I do agree that you want to see someone's work but I don't think it needs to be an audition project. Even a properly done portfolio takes a bit of time to put together.

jamesli 2 days ago 0 replies      
Interview is a two-way process. The company must know who are their good interviewers and who are not. A not-so-good interviewer may not only give false-positive feedbacks but also contributes to pass really good candidates. To be worse, a lousy interviewer may produce a negative image to the company and actually drive a good candidate away.

I think many people may have the experience that an interviewer was so rude and arrogant that no way would you join the company and work with the interviewer.

johnx123-up 2 days ago 0 replies      
My personal favorite: How to interview a candidate/programmer http://rajeshanbiah.blogspot.com/2009/01/how-to-interview-ca...
boskonovitch 2 days ago 0 replies      
#2 in addition to seeing their portfolio they should also give you a code review and explain what the code does.This avoids code plagiarism.
NDizzle 2 days ago 0 replies      
I always see these kind of hiring practices put into place and enforced AFTER I'm already hired and working. (no, I don't conjure up hiring practices like these.) Simply put - I wouldn't have gotten my own job if I had to conform to these standards.
Colleges and Employers Demanding Facebook Passwords msn.com
242 points by aspir  2 days ago   178 comments top 48
raganwald 2 days ago  replies      
Here's what I said the last time around:

First, I consider this the equivalent of asking to record conversations I have with my friends. If you as an employer think that it's part of your business to eavesdrop on my friendships and romances, then we know where we stand and I will be over here working with someone else.

Second, I can't give you my FB credentials even if I wanted to. The reason is that by doing so, I am violating the privacy expectations of other people, who do not expect that the things they share with me in private messages or on their wall or photos will be shared with my employer.

I have a similar arrangement with the person I date. She is welcome to ask me about my FB and email, however she is not allowed to rifle through it at will because other people may have an expectation of privacy in things they have emailed me.

bilbo0s 2 days ago 4 replies      
I'm just going to repost a comment I made during an HN thread on trolling here:

"....However, on a general note, I think it is important to realize that every text message you send, every cell phone conversation you have, every post to the CNN forum you make, every tweet you send ... is directly attributable to your IP whether you use your own name or not. With Facebook and Google tracking everything you do, whether you are logged in or not, I would go one step further, and say all of these things are directly attributable to you personally.

I would strongly urge young people to really think about what they are putting out there. Consider this, the military was doing the equivalent of credit checks for sensitive positions during the 60s. Now you need a credit check to do ANYTHING, even things that don't require credit. How long before an internet and phone background check is standard in the background checks organizations do before offering jobs?

I can tell you the military is doing this sort of screening right now for sensitive positions, but at least you are confronted about it. It still basically ends your career, but they will give you a chance to explain your posts. In the private sector in the future, they will just deep six your application and you won't know what happened. Or they'll let you in at entry level, maybe, and subsequently you'll start running up against an invisible barrier as you try to advance beyond the first or second layer of management. Or you will find resistance to you advancing into management at all.

Also be mindful, it can affect more than your professional life. Think about what the background checks for apartments will look like in the 2020s. Or what 'dating sites' will be like in the 2020s.

Please consider your future before you make comments on ... say ... black people and Hurricane Katrina ... that might be misconstrued. Or post an opinion on ... say ... American soldiers in Afghanistan ... that could be taken out of context and viewed in a negative light.

All that said, the absolute best defense against these sorts of situations is just not to be a douche, which isn't very hard..."


I think that comment is apropos here as well. I encourage all of the young people I work with, as often as I can, to be careful about what comments they put ANYWHERE on the internet. To be mindful of what they say during ANY cell phone conversation. And to try to limit their use of text messaging.

I know this sucks, but this stuff is serious...these things WILL affect your future.

SMrF 2 days ago 2 replies      
And then the article requires a Facebook account to comment.

"Hey look, we're quickly aggregating all of our personal data into one centralized place creating an obviously appealing target for authority as evidenced by this recent trend of college sports programs invading the privacy of students. Let's all talk about it on Facebook."

nokcha 2 days ago 2 replies      
An employer or college who obtains an applicant's Facebook password and uses that password to access the applicant's Facebook account may be committing a federal crime under 18 U.S.C. 1030 (Computer Fraud and Abuse Act, prohibiting access of protected computer systems without authorization or in excess of authorization). (Note that the Facebook Terms of Service prohibit sharing one's password or logging in under another's account.) See http://volokh.com/2011/12/01/judge-orders-plaintiff-to-give-... noting that such access may be a federal crime even if authorized by a state court order).

The statute (18 U.S.C. 1030) also creates a civil remedy; Facebook may be able to sue employers who access an applicant's account. Even if the statute is held to not apply in such situations (or held to be unconstitutional as applied in such situations [1]), Facebook may still be able to sue under state law for inducing said applicants to breach their contract with Facebook (tortious inteference) by sharing their password.

[1] E.g., see U.S. v. Lori Drew, 259 F.R.D. 449 (C.D. Cal. 2009), where a district court held that 18 U.S.C. 1030 criminalized TOS violations (including falsifying one's date of birth) but was unconstitutional in that regard.

modeless 2 days ago 0 replies      
Any employer who does this would leave themselves wide open to lawsuits based on anti-discrimination laws, as there's no way you can troll someone's private Facebook profile without learning protected information such as age, religion, national origin, disability, marital status, sexual orientation, etc.
ttt_ 2 days ago 1 reply      
Social media is becoming the main agent of a police state in a frightenly quick pace. I'm starting to think that the only reason these practices were not so common before was because of a technical barrier, and not because our rights were once valued.

Putting bugs in your phone and residence is difficult, requires technical expertise and people to actually monitor. So well, what can you do? Like the article says, the option was to educate. But then comes social media and kills the technical barrier, so great, lets spy on our students, candidates, etc, and have them give us clearence to do so through intimidation.

We never had those rights to begin with, spying was just more of a hassle then than it is now.

Now begins the real fight for those rights. If we fail, then we are left with a socialitariam-regime and forced to keep using some hypocritical-media in order to be able to get jobs/loans/etc while we keep private matters offline (until new technology breaks that barrier too).

X-Istence 2 days ago 2 replies      
I would laugh in their faces so hard, and just turn around and walk away. I am neither handing over, nor logging in for my bosses to see.

I've had a post that I accidentally made public on my Facebook come back to bite me in the ass, and it won't happen ever again.

funkah 2 days ago 0 replies      
I've noticed a lot of people on Facebook who use nicknames or "first name plus some other word" instead of their real names. I imagine this is intended to keep anyone from searching their real name with Google or Facebook and finding that profile. But it's a short step from that, to having two or more Facebook accounts, one to be the person's "public face" and the rest for the actual things people do on Facebook.
billpg 2 days ago 1 reply      
"Sure. My password is =rk#C0|q7_Mf@zrtf'XnM/'2C3ZTJ1[*/>)1Wk(sr&+z0pEG/}jmN_3[jI:jp( I'll write it down for you on a piece of paper."

"Yes, that's really my password. High security. Don't you have a secure password like that? You really should you know."

"It didn't work? Are you sure you typed it in correctly? Try it again."

lukeschlather 2 days ago 1 reply      
>Shear has gotten the attention of Maryland state legislators, who have proposed two separate bills aimed at banning social media access by schools and potential employers.

Why is this specifically targeted at social media? No one should request copies of people's private keys as part of any routine interview process. This is no different from asking for a copy of someone's PO box key, and the law should also clearly say that that is illegal (if it isn't already?)

sdfjkl 2 days ago 0 replies      
There can and must be only one answer to such a request:
"You want WHAT!? Are you joking?"

If they weren't joking, walk out immediately, stating why. Warn others.

I could and would never work in a place where a "social network username and password" field has made it as far as the application process, even if it isn't mandatory (yet). And neither should you.

Lukeas14 2 days ago 0 replies      
So glad I work in an industry where I'm comfortable saying no if asked for my Facebook login, knowing I can then go talk to the next company down the street. I can't imagine being in the position where my college scholarship or only job opportunity I may have for 3 months is at risk unless I provide my superiors with access to my most private conversations.
mindcrime 2 days ago 0 replies      
The next (which would be the first) employer who asks me for information of that nature will be politely asked to perform a variety of degrading sexual acts with themselves, various farm animals, and several types of construction equipment and power tools.

When I get done laughing, I'll happily write down my 'password' for them: if they have any shame, they'll be beet red when they get done reading it.

OK, I probably won't get the job, but that's OK since it's clearly somewhere I wouldn't actually have wanted to work anyway.

Seriously, this whole notion is so asinine that it's almost beyond belief. I mean, why not just ask me for a copy of the key to my PO box, a copy of my car key, permission to tap my phone, and access to put a camera in my living room? Get real, people...

achompas 2 days ago 0 replies      
For those who don't click through, the article's title is supremely misleading. There are only anecdotes about corrections departments and college athletics. But hoooooly crap this little gem:

Social media monitoring on colleges, while spreading quickly among athletic departments, seems to be limited to athletes at the moment. There's nothing stopping schools from applying the same policies to other students, however.

Look, college athletics has a lot of issues. Colleges secure all economic benefits associated with player performance in exchange for a college scholarship (I hope O'Bannon v. NCAA solves that problem soon). [0]

But how can anyone extrapolate requirements from college athletes to the entire student body? Would any Ivy School dream of asking an applicant for their password, when said applicant's mother might be a partner at a law firm? What about the constitutional issues regarding the same request from a public university (funded by taxpayer money)?

[0] http://www.theatlantic.com/magazine/archive/2011/10/the-sham...

carbocation 2 days ago 2 replies      
> All this scrutiny is too much for Bradley Shear, a Washington D.C.-lawyer who says both schools and employers are violating the First Amendment with demands for access to otherwise private social media content.

> "I can't believe some people think it's OK to do this,” he said. “Maybe it's OK if you live in a totalitarian regime, but we still have a Constitution to protect us. It's not a far leap from reading people's Facebook posts to reading their email. ... As a society, where are we going to draw the line?"

Surely they are misquoting this lawyer, or did the First Amendment start applying to corporations all of a sudden?

tomjen3 2 days ago 0 replies      
Great, now I have to go unfriend everybody who might be willing to hand over their access since they would otherwise allow others to see what I have written.
CPops 2 days ago 0 replies      
* It goes without saying that a request for access to personal data like this is something that nobody should ever comply with.

* Asking somebody for access to their email/social network account is actually a great question to ask in a job interview. If somebody is so careless about their private data to easily give away access to it upon request, that would easily disqualify them in my book.

brador 2 days ago 3 replies      
I love how, even without a constitution, things like this would never fly in Europe, yet here in the US, WITH a constitution, we get these events taking place.

It's almost like the existence of the constitution encourages challenges to privacy. The "if you had a defense but didn't use it then you must be okay with what's happening" thinking.

aspir 2 days ago 0 replies      
I was a college athlete back in the day, and my athletic department tried to do something similar -- they would make shell accounts controlled by athletics/ncaa compliance and try to friend whole teams. We got around it by having a shared block list of the shells. If I recall correctly, we had 20 at a given time.

But, our team was small (30 people), and not in the "money sports" (football, basketball, baseball), so we could get away with this. Larger teams in higher profile sports won't be able to do this.

smacktoward 2 days ago 0 replies      
"Before we hire you, we'd like you to make a copy of your house keys for us. You know, so we can check in occasionally and make sure you're not doing anything that would make The Company look bad..."
unimpressive 2 days ago 0 replies      
Honestly. I learned the hard way that you can't take back what you say on the net. No matter how young you may have been when you said it, or how you meant it when it was first written. If it can be misconstrued, it's there for all eternity.

It's to the point where I think you could almost start one of those hipster movements I'm always hearing about. Give it a sophisticated name like Entropism. Set an example by running around the Internet behind seven proxies, inside a virtual machine, with JS disabled, running firefox, with a fake user agent, going over each one of your posts with a style-analysis program and dataset, clearing most history every five minutes, blocking cookies, deliberately messing with the response times of your hardware to prevent device fingerprinting, spoofing your MAC, etc etc.

joezydeco 2 days ago 0 replies      
I wonder if I could, in return, ask for a company's accounts payable queue and bank balance.

I mean, how do I know that this company is trustworthy? Are they paying their bills on time? Is there cash in the bank?

fragsworth 2 days ago 2 replies      
As a Facebook game developer, all of our employees are friends with everyone in the company. We wouldn't require any of our employees to do this but so far none have complained. I think, however, that someone who didn't friend us would somehow be alienated from the rest of the company. I don't know how a situation like that should be properly handled.
jgamman 2 days ago 0 replies      
this is a business opportunity - curate some fb pages within a network with believable handles (ie, jj334) and then just sell them to a recent grad that wants a fb profile that looks squeaky clean. try not to put too many 'saved 4,000 kittens' links or it'll get suspicious... ;-)
but seriously - scrubbing your youthful indiscretions from the goog or fb is a high-value service at a point in time where people realise they need it.
btw i'm not saying the OP is right, i think it's a terrible precendent and i'd have told them to @#$@#$ off.
dmils4 2 days ago 1 reply      
This is unbelievable. With all of these studies showing up that employers/schools use public social media channels to make a decision on applicants, this is way over the top.

Hopefully this ends fast.

16s 2 days ago 5 replies      
What about those of us who have no Facebook account?
vibrunazo 2 days ago 1 reply      
This gives me an idea of how to understand a developer's integrity and views on privacy before hiring. Ask them if they're ok with giving you their facebook account. But don't really ask for it. If they ask "so should I write down my password". You just say "I don't really want your account, just wanted to know if you were ok with it".
epochwolf 2 days ago 0 replies      
You have to be kidding me. This kind of violation of privacy is unconscionable.
joelrunyon 2 days ago 0 replies      
If you're going in for an interview and now this is a requirement, why don't you just deactivate your account and tell them that.

Then, if you get the job (although I don't think I'd want to work at a place that's looking over my shoulder constantly), you can reactivate it whenever you want.

orbitingpluto 2 days ago 0 replies      
Meanwhile I am trying to read the article and having problems doing so because ghostery keeps on popping up notifications of adblocking.

I might aquiesce to a FB access request as long as I was also given access to all emails, phone calls, SIN numbers, banking information and sexual habits of the Deans or CEO of the institution. That seems fair, considering I never use FB.

prophetjohn 2 days ago 0 replies      
Pretty glad I work in an industry that's hard up for talent enough that I can walk out of an interview if I'm ever asked this, you guys.

Not that I use Facebook or have used it in the past enough that there's anything on there I wouldn't want any given person to see, but this is some bullshit business.

dlikhten 1 day ago 0 replies      
FUNNY: Friending a coach will have ZERO implication in Google+. Because there's no "Friend" post. It's by circles or with specific people.

Privacy by default.

Also my facebook answer is "i don't have one at the moment" and I wouldn't use my real name on facebook.

tibbon 2 days ago 0 replies      
Easy answer, is to either say "I'm not on Facebook" or simply give them access to a fake account. Everyone should be setting their Facebook settings to be reasonably strict so that they would have a damn hard time telling you have another profile.
mathattack 2 days ago 0 replies      
I'm willing to say for many things, "You don't have to work there if you don't want to" but this particular issue bothers me. Most firms can Google you, and find a lot of public Facebook info. If that's not enough, asking for your password is basically wiretapping a mobile phone for which you make no business calls. It's VERY hard to live with this.

I'm struggling to come up with any justification. About all I can fathom is a world in which they have to prove 100% that you're not insider trading. But if they need your Facebook to prove this, this need to tap your personal phone # and read all your snailmail too. And every personal email account.

Wow this is depressing.

Sniffnoy 2 days ago 0 replies      
It's worth noting that the "you have to add the coach as a friend" strategy has a hole in it now that Facebook has the "restricted" list, allowing you to apparently add someone as a friend without actually giving them any access. Of course, Facebook is so terrible to navigate that I'd bet most users don't even know this exists.
horsehead 2 days ago 0 replies      
I really enjoy seeing these social media articles. I got in trouble with my employer for a post on a friends social media page that my employer found out about (a coworker was trying to get me fired, it turns out) and threatened me with firing. The post was unrelated to work, but they deemed it as reflecting poorly on the company.

learn the hard way I suppose? in any case, I still feel that social media sites are plagued by abuse by third parties.

dinkumthinkum 2 days ago 0 replies      
This doesn't make any sense. What if I don't have any social media, in fact, how do you even know that I do and that it that account searched, is, in fact, me. Why don't you also ask me to surrender my cell phone and dig through all my text messages; why not read my email and look in my bathroom as well?
int3rnaut 1 day ago 0 replies      
For those struggling with privacy concerns, I have a very workable (albeit ugly) simple solution to this problem that actually works: Create a second Facebook account.

You'll likely have to make other provisions--but if it's really a big deal, it's not that difficult or taxing, really. Plus you can have a bit of fun creating your fake you for these types of things.

dangoldin 2 days ago 0 replies      
If only no one actually succumbed to the demands. Then the colleges and employers would have no choice but to reverse the decision. Unfortunately, those who agree to this will coerce others to do the same.

Talk about a perverse network effect.

jackcviers 2 days ago 0 replies      
IANAL, but: It's easy, "Just Say No." If they really want the information, they'll get it somehow or refuse you employment, at which point they may open themselves for a lawsuit involving discrimination based upon race/sex/creed and/or privacy violation and/or libel and/or slander, which will net you more money than if you had accepted the job in the first place. If everyone in an industry begins to refuse you based on your privacy standards, you may be able to sue based on suspicion of collusion.

On a humorous note, if personal lives are a deciding factor in whom a business chooses to employ over and above other, skills-based qualifications, the job you are applying to is likely very easy, and thus the kind of job that robots will be doing soon.

ggwicz 2 days ago 0 replies      
This is disgusting. But be thankful for it: if a company or school does this, they're letting you know immediately that they're the type of soul-crushing institution that you wouldn't want to associate with in any fucking way. That could save you a lot of time, at least. (have to look at the bright side!
mcos 2 days ago 1 reply      
Who's to know whether or not Facebook is considering plans to monetize this sort of behaviour by offerring institutions you have listed on your profile the opportunity to see everything you have listed for a fee.
samstave 2 days ago 1 reply      
While I don't have a facebook account, I would never give an employer ANY account credentials to ANY external service that was not theirs.
Chrono 2 days ago 0 replies      
I would never in my life willingly give up any of my passwords, to anyone. Especially not something that contains so much private information as Facebook. Sure, Facebook themselves may share some of that information, or all if asked by a court but generally speaking it is somewhat safe.

Want my Facebook password? No thank you, I will go somewhere else.

lmarinho 2 days ago 0 replies      
Is there a running list of companies/colleges that engage in this kind of practice? I'd like to know to keep my distance from them. Since they are so keen on invading other peoples privacies I gather they wouldn't mind being exposed on this issue.
dreamdu5t 2 days ago 0 replies      
We sounded the same alarm when employers started drug testing, and the majority of people defended the practice. "It's not a civil liberty issue, it's about employers protecting themselves. Only drug addicts oppose drug testing."

How is this any different than drug testing employees?

gcb 2 days ago 1 reply      
Really are we discussing msn articles now?

But to give perspective here: this is for college athletes. Nothing new.

Those people, usually, agree to several freedom limitations, such as ridicule curfews and sex life control before games and such.

I doubt one more freedom limitation is any concern.

About the fears of it leaking to other jobs, well they are doing that for decades and you still have to hear your manager saying the curfew today will be 3pm cuz he do not want you making sex before the launch tomorrow.

drhowarddrfine 2 days ago 0 replies      
So does law enforcement. Apply to be a cop, as my son is doing as I type this, be prepared to hand over your passwords so they can check your Facebook page out.
Git Magic stanford.edu
219 points by llambda  2 days ago   23 comments top 8
yuvadam 2 days ago 3 replies      
All these git tutorials are nice, and they might be beneficial for some people.

Personally, I find all these supposedly-helpful analogies useless and confusing. If I start to learn git, I would rather someone just tell me three things:

1. Git saves 'entire' snapshots of a directory on each commit.
2. Each commit resides in a graph and has a pointer to its parent
3. The only commit with more than one parent is a merge commit - which carries data on how to merge two previous commits.

arscan 2 days ago 2 replies      
So, off topic a little here, but does anybody else find the "title" attribute on the main content divs to be very irritating? Apparently I read with my mouse cursor sometimes (I didn't realize I did this), and that pesky "title" attribute constantly causes a tooltip to get in my way.
aiscott 2 days ago 0 replies      
I didn't think I would like this. I'm a nuts and bolts kind of person and I like to try to understand from the ground up if I can.

However, this is a pretty good narrative, and is filling in some blanks for me. For instance, the git whatchanged command was new to me.

manojlds 2 days ago 2 replies      
What do they mean by the below in the Git shortcomings section:

Git on MSys is an alternative requiring minimal runtime support, though a few of the commands need some work.

Need some work on what? I hate it when some statements are made without giving any explanation

charolastrauno 2 days ago 2 replies      
I'm sitting next to Ben right now, and he's blushing at all the attention. He says he keeps meaning to do a v2.

Anyway, if you really like this, you should consider getting a physical copy: http://www.amazon.com/Git-Magic-Ben-Lynn/dp/1451523343/

ljlolel 2 days ago 1 reply      
wsxiaoys 1 day ago 0 replies      
The Simplified Chinese version looks like a machine translation.
Learning from 20 years of personal analytics stephenwolfram.com
208 points by hendler  10 hours ago   31 comments top 11
nod 4 hours ago 0 replies      
The scope and scale of this data is breathtaking! However... it strikes me that the best that he could do with this data was plot it and say "oh, I remember those events". I wouldn't feel like all of that effort was worth it, if I were him. What did it DO for him? Apparently very little.
sr3d 6 hours ago 3 replies      
As someone who's trying to optimize his life better, what strikes me the most is this part of the post:

  For my consistent experience has been that the more 
routine I can make the basic practical aspects of my life,
the more I am able to be energetic"and
spontaneous"about intellectual and other things.

This reminds of the book Uncertainty that I'm reading. Very interesting indeed.

siavosh 9 hours ago 4 replies      
This is amazing. I think the quantified self movement is going to be huge. With more personal tracking gadgets (fitbit, jawbone, nike fuel), measurements are going to become more and more seamless, passive, and complete. Not only will you get historical insights into your blind habits, but you can finally have an objective feedback loop on your behavior, and make necessary adjustments.

But one of the biggest challenges is going to be privacy...

Sukotto 8 hours ago 0 replies      
If this sort of thing interests you, check out Kevin Kelly's Quantified Self collaborative project.


peter_l_downs 1 hour ago 0 replies      
I would love for all of the little tools and scripts he uses to keep track of this data to be released publicly. Half out of curiosity (how exactly does he do it?) and half out of interest in doing this myself. Although his post doesn't seem to make any important conclusions from the data, I'm sure that there are some really interesting correlations, patterns, etc.
kayoone 8 hours ago 1 reply      
wow, so he was and is writing a minimum of 50 up to 200 emails per day ? Insane, that would take up my whole day, but since hes mostly managing his company his job probably is mostly about writing stuff to people, but still amazing to keep that up for so long.
citricsquid 8 hours ago 1 reply      
For anyone that wants to track their own typing, check out the whatpulse project: http://whatpulse.org/

My typing (http://whatpulse.org/stats/users/210575/) seems to match his in frequency, around 10 million per year.

pofla 8 hours ago 0 replies      
If you're curious about the setup he uses there's more here.
10char 7 hours ago 0 replies      
My side project http://AskMeEvery.com helps with personal data tracking. It asks you a question of your choice (ie how many phone calls did I have, how many commits, anything) every day and graphs your responses over time. Might be useful if you're interested in this.
wr1472 5 hours ago 1 reply      
I wonder how he reliably recorded the phone call data?
jpalley 8 hours ago 0 replies      
If you are interested in seeing this sort of data for yourself - it is exactly this experience we are building at BrainPage.

Leave your email on http://signup.brainpage.com - we'd love your feedback as it gets ready.

Why Objective-C is Hard ashfurrow.com
204 points by AshFurrow  2 days ago   148 comments top 38
zoul 2 days ago 6 replies      
People fret over language syntax too much. In most sane languages including Objective-C you simply forget about the syntax after a few months. What's much more important is the conceptual complexity: the number of language features and the way they fit together. A second important thing is the standard library. Objective-C is a pleasant language by both these metrics, since there are just a few language constructs above the C level, they fit together well without creating dark corners, and Cocoa is a very mature and well thought-out framework. The iOS Objective-C ecosystem does take some time to master, but so does every modern SDK, since the libraries are always huge. Programming is hard and if somebody is scared by minus signs in front of method names, evil spirits will suck his soul out by the time he gets to thread synchronization.
siavosh 2 days ago 3 replies      
I spend half my day in iOS development and the other half on a Java web stack. I love the RESULT of Obj-C+Cocoa Touch, you can achieve amazing user experience. But I'm reaching the point thinking: it's 2012, I'm an application developer, why am I spending half my time debugging memory leaks and concurrency issues? Java isn't much better either, why all this boiler plate, and still concurrency nightmares. I've done a handful of side projects with django and that's better, but I still think if I showed my teenage self what I'm programming in, he'd wonder if there was ever any real progress.

I guess what I'm saying is after all these years I want to work on a higher level, as a result I've started to play with Clojure and functional languages. Whether I'm idealizing functional/clojure life, I'll soon find out, but the appeal is very high to spend my time dealing with problem complexity, not language/framework ones.

tmcw 2 days ago  replies      
Pretty great article. Though I wish someone could point to the paper or whatever that explains the philosophy of Objective-C having insanely verbose method and parameter names. Like, readable is one thing, but they always end up like stringFromAppendingThingToThingToNumberYieldingThingThx and it becomes unimaginable to use Objective-C without XCode to autocomplete the other 40 characters.
phatbyte 2 days ago 1 reply      
I don't think Objective-C is hard at all.
If you understand OO or come from a OO language you can pick it up pretty fast, like in a day or two.

Cocoa on the other hand requires much more learning curve. Also apple could improve their documentation.

I'm currently working on a OSX app, and Objective-C has been a breeze, with the new ARC is even more easy to work with.

batista 2 days ago 4 replies      
Forget the fact that we're not even talking about methods, really, we're talking about messages (a distinction I'm not going to make) and you refer to selectors like the one above as performAction:withTwoParameters:. Most people don't care anymore.

Well, those people have fairly low expectations of themselves then. People say this bullshit about the supposedly strange Obj-C syntax, whereas the part that it's not C is basically 99% "Smalltalk in square brackets". Nobody complains that Smalltalk has a strange syntax, even small kids seem to use Squeak just fine.

[object performAction: param1 withTwoParameters: param2]

not that different to:

object.performAction(self, param1, withTwoParameters=param2)

in Python, or any language with named parameters. The syntactic differences are superficial. You don't even have to know about selectors and messages to understand the gist of what that invocation will do. "OMG, method parameters have a name" --well, big effin' deal.

Ever seen C++ (especially the recent standard)? Or the beast with 1000 features C# has become? Obj-C compared is leanness personified.

The ACTUAL source of complexity in programming in Objective-C is the huge Cocoa (et al) API. But a huge API, especially nicely documented as Cocoa is, and with such breadth and nice MVC design, is a GOOD THING.

This tightly-coupled codesign is unique to Objective-C. There are other languages that run on .Net, such as Iron Python. Lots of language use the JVM besides Java, like Clojure. Even Ruby and Rails are two distinct entities and projects. The only significant effort to use a different language with Cocoa/Cocoa Touch and the Objective-C runtime, Mac Ruby, was a project largely backed by Apple before they abandoned it.

Actually, there are several efforts besides MacRuby to use another language with the Objective-C runtime: Nu (Lisp like), F-script (Smalltalk like). But the main difference here is that the Objective-C runtime is a very simple runtime, not a full VM, so the comparison to CLR and Java is not that apt. For one, CLR was designed from the start to support multiple languages, and Java didn't have any major language targeting the VM until like 2004-5.

In general, not that good of an article...

stcredzero 2 days ago 0 replies      
Unless you've played with other languages that support these features, like Ruby or Lisp, then this feels really weird. Don't worry! Lots of great things feel really weird the first time you try them, like broccoli or sexual intercourse.

I find it really weird that there's no mention of Smalltalk, which is exactly where the weird syntax comes from. It's also where the notion of IntentionRevealingNames comes from, which the author wonders about.


(That's the Ur wiki, BTW.)

Thoughtful post but with less than stellar marks for research.

outworlder 2 days ago 0 replies      
I might be just me, but I've always found Objective-C's syntax very nice (compared to, say, C++).

It might be verbose, but you have a clear separation between C and Objetive-C. If it doesn't contain "[]" or "@", my brain can just parse it as C code.

dustineichler 2 days ago 0 replies      
I'm going to disagree. Objective-C is an ASNI C derivative language. Programming for me at least isn't knowing the syntaxual elements of a language but leveraging paradigms I know to exist from one language to the next. Objective-C while looks different, is really no different than most languages. It definitely shouldn't be your first language, maybe not even your 2nd choice, but if you have a conceptional knowledge of programming languages and you're keen on diving into the deep end, there's enough resources out there you're not going to drown. I love Objective-C for many reasons, but then again I equate programmatic choice to personalities. If that makes sense. Point being, don't be deterred. iOS SDK is something else all together, but like anything worth learning, learn by doing.

What you should probably decide for yourself is if this article makes it seem harder than it is. His conclusion about Automatic Reference Counting is on the money, but that's about it.

"When learning Objective-C, it's not just a language or a framework or a runtime or a compiler, it's all of these things". No is not. These are different.

If anyone is considering learning this language, there's a bunch of unsolved problems that frequently include writing new libraries.


thought_alarm 2 days ago 0 replies      
The entire article is about how Smalltalk syntax is different from C syntax, something that any reasonably competent programmer gets over very quickly. And he gets it wrong.

The article is a complete waste of time.

dgallagher 2 days ago 2 replies      
It's best to think of Obj-C method call syntax as a sentence, written in english, which happens to also be computer code. If you name your methods and variables succinctly and explicitly, the language is extremely readable and documents itself (assuming you know english).

Obj-C was the first language I learned after Python. I remember the 2nd month in, it went from being difficult to read, to extremely easy.

Obj-C code can be written terribly, like this:

    NSString *someString = @"hello what's up?";
NSMutableString *anotherString = [NSMutableString stringWithString:@"I have more to say, don't I?"];
NSArray *stringArray = [NSArray arrayWithObjects:someString, anotherString, nil];
NSUInteger stringArraySize = [stringArray count];

Messy Obj-C code! Human eyes like simplicity, like right angles, and columns. Same code, more readable:

    NSString        *someString     = @"hello what's up?";
NSMutableString *anotherString = [NSMutableString stringWithString:@"I have more to say, don't I?"];
NSArray *stringArray = [NSArray arrayWithObjects:someString, anotherString, nil];
NSUInteger stringArraySize = [stringArray count];

Takes an extra few seconds of typing, but goes miles.

gdubs 2 days ago 2 replies      
Syntactic sugar (dynamic getter and setters using @synthesize, @property, allowing for dot syntax accessors) is not new. Nor is Garbage Collection. Garbage Collection is not available on iOS, but has been for a long time on OS X [edit: and as noted below, is actually being deprecated in favor of ARC]. Objective-c 2.0 came out in 2006. Blocks, at this point, are not really new either. So, I think it's incorrect to say that Apple is 'adding' these things.

If a newcomer checked out the online documentation for contentStretch they would find:

"Defines portions of the view as being stretchable. This behavior is typically used to implement buttons and other resizable views with sophisticated layout needs where redrawing the view every time would affect performance."

There's also a lot of good arguments as to why dot syntax is often NOT what you want to do.

For instance, a someCALayer.frame will give you the frame of that layer based on its anchor point, position and bounds. However, you can't do myLayer.frame = someRect [edit: as pointed out below, you can do this -- but the results may not be what you expect].

The introduction of the 'simpler' dot syntax, in that example actually makes things harder for a new programmer.

So, I don't agree that syntax is why Objective-C is hard. Intimidating because of syntax, perhaps. But, once someone begins coding (IMHO) it can be one of the easiest languages.

My school taught Pascal in the intro to comp sci class. I found it incredibly difficult (well, maybe dull is a better word). I then self-taught myself actionScript (late 1990's). I then self-taught myself Objective-C, and I have to say it really just took a Big Nerd Ranch guide and I was off and running. It takes years to become fluent, but I really think that when someone grasps the basics of Objective-C, over time it is one of the most intuitive languages.

jinushaun 1 day ago 0 replies      
The only item I agree with is the last item: Objective-C is a nebulous term because it's so intrinsically tied to Apple and Cocoa/UIKit. The syntax? You pick it up within a week. Message passing versus method invocation? An important, but subtle distinction.

So what makes Obj-C hard? For me, it was Apple's gigantic MVC-style framework. Rewiring my brain to grok Obj-C was nothing compared to grokking Foundation Kit, UIKit and AppKit. Growing up with C++, C# and Java, you get used to a particular way of doing thing. APIs are designed and interacted with in a certain way. Apple's API feel completely different. From building strings and making network connections to working with images and animations. Apple's version just feels different.

jamesu 2 days ago 1 reply      
Anything you do not understand is inherently hard.

The only thing i would say is uniquely hard about Objective C is getting your head around some of the APIs, but then again that can apply to any language.

xiaoma 11 hours ago 0 replies      
Is MacRuby truly abandoned? If so, then I'm saddened. I just started experimenting with it recently and found it to be the answer to everything that frustrated me about obj c.
augustl 2 days ago 0 replies      
Hard is OK. Over time, you become better at it, until it's no longer a problem -- it's a relative thing. Not saying easy is bad, but hard isn't _that_ big of a problem.

Example: I find Russian very hard to speak. That doesn't mean Russian IS hard, I just don't know russian. And some languages are harder (more stuff to learn) than others.

See http://www.infoq.com/presentations/Simple-Made-Easy

k-mcgrady 2 days ago 1 reply      
I've only learnt 2 programming languages 'thoroughly'. Pascal and Objective-C. I find Objective-C a much simpler to understand language than Java for example. I have worked in Java (although not extensively) and it just seems messy to me. Objective-C is much more human readable and better structured in my opinion.
hboon 12 hours ago 0 replies      
Objective C isn't hard. Ruby isn't hard.

Building a great app is hard. Building and running a great service is hard. Building and running a great company is hard.

Most commonly used programming languages aren't hard.

scrod 2 days ago 0 replies      
>However, they're also adding to the language in ways that makes the code expressed in Objective-C simpler:

>Synthesizing properties

>Dot-syntax for accessing getters/setters

>Garbage Collection

>Blocks (closures)

>Automatic Reference Counting

>Weak references

Sorry, but none of these things make the language any simpler " they all add yet another style of doing things that only raises the bar and the learning curve for new developers when reading existing code, in precisely the same way that C++ and Perl have done. And this is true even of garbage collection (which, by the way, is deprecated in 10.8), because it needs to coexist with other frameworks and code that might not be garbage-collected, and more importantly because all heap-allocated C buffers consequently require their own low-level wrappers (e.g., NSAllocateCollectable, objc_memmove_collectable, etc.).

igorgue 2 days ago 1 reply      
You know what I really dislike about Objective-C is that is really inconsistent with properties and messages, at one point I said out loud: JUST PICK ONE! Coming from Python this is a big thing for me, I like when there's only one right way to do things.

P.S. My only experience with Objective-C is with the iOS SDK.

radiowave 2 days ago 0 replies      
I think it's very largely a question of what you're used to. I don't know much about Objective C, but given my knowledge of Smalltalk, the use of keywords to identify arguments seems entirely natural.

But then I've never really understood why people think it's acceptable for languages to insist that you do this:

myfunction("First argument","Does this one really go second?","Is there even a third?")

algoshift 2 days ago 0 replies      
Nah. Not hard. Different. People have a natural inclination to resist the new. My guess is that a competent programmer with OO experience should be comfortable with Objective-C within a week or two of study.
julik 1 day ago 0 replies      
Well, from my limited experience with Objective-C a few things made it hard.

The first is the traditional Cocoa pattern of a method that does useful things, which looks like this:

  - (void)beautifullyNamedMethodFor {
void* ugly_ptr_type; // and around 45 more
CFObscurePtrRef* .. = CFObscureObsoleteFunction(NULL, NULL,.....); // 56 arguments
// to the callback omitted for brevity
// and so one - with 45 lines of NULL ptrs passed as void* to CF calls
// juggled and incremented ad absurdum until your eyes bleed.

So on the surface it's a beautiful Smalltalkish thing, while down below it's usually all hairy C, pointers and null-terminated strings and Core Foundation callbacks right out of MacOS 7 (especially if you want anything useful to be done that is not in Cocoa by default). This always seemed to me to be a deception in a way.

Another pet peeve of mine is the same agony of choice that is object variables (pointers versus values). When I want to return something or declare a variable, even when I am in the rose-tinted-glasses Cocoa world of beautifully-named methods, classes and keyword arguments I still have to put the dreaded death star in front of just the right things (and to remember NOT to put it in front of exactly proper other things).

So I guess for me the most problematic Objective-C part is the one that has to do with C (because it adds a level of complexities on top of C). The "Objective" part is actually very nice, once you get used to the call syntax and the brackets.

cwbrandsma 2 days ago 0 replies      
I find Objective-C hard as well, but it has more to do with the nature of the message passing syntax that objective-c has.

For instance, for the life of me I CANNOT get calls to NSNotificationFactory right the first try, and there are no compiler hint to help you...it just doesn't work for some reason.

There are other items like that. Not much help when the app crashes, lack of Namespaces (class name collisions), etc.

Then throw in all the fun of submitting an app to the store. Working with iAds and In App Purchases will make you want to hurt something.

cageface 2 days ago 0 replies      
Really the only thing that makes Obj-C the language hard is that the C layer pokes through often enough that you really do need to understand C as well and C presents a lot of pitfalls to a new programmer.
mahyarm 2 days ago 1 reply      
I love the flexibility and breadth of things you can do with objective-c/c++. It's downsides mostly come from syntax, container class getting/setting is way too verbose, same with string operations. If there was a special syntax for just string and container classes, large swaths of my code would be smaller.

UIKit view controller classes are also not flexible enough, and crap out in a lot of custom multithreaded operations when they shouldn't. I could reproduce the same behavior with my own classes (animations, transitions, view control, etc) using just basic UIView classes and it would work significantly better.

bobstobener 2 days ago 0 replies      
Not looking for trouble here but writing an iPhone app should be no more difficult than creating a Keynote presentation, imho. If Apple is the leader in document development (Keynote, etc), why can't they do the same with writing apps. Look at what they've done with the complexities of video editing. Where is the consumer grade development app for iPhone?
pjmlp 1 day ago 0 replies      
I don't understand all these comments about Objective-C being hard.

Maybe it is because I am programming computers since the Z-80 days, or because like it is expected in my country I did a good earned CS degree.

If you think using a language like Objective-C is hard, maybe you should not be programming at all.

rsbrown 2 days ago 0 replies      
You had met at "... like broccoli or sexual intercourse". Great read, well written.
glaurent 2 days ago 2 replies      
I know Objective C, C++, Java and have basic knowledge of C#. Of all these I'd rate Objective C as the easiest to learn and to handle. It's much more forgiving and easy on the programmer, and the syntax is trivial.

You seem to make a big case of the message passing syntax, but your example is very poorly chosen. Rather than 'performAction:withTwoParameters:' it should be 'performActionWithFirstParameter:andWithSecondParameter:' as are most Cocoa methods. Named parameters may seem verbose but they are much more readable than 'performAction(param1, param2)'.

If Objective C is a "large" language, I wonder what you'd call C++ or C#. Huge ? Humongous ? If you think Cocoa is large and complex, the C++ Standard Library or the Java library will make you weep.

iamgilesbowkett 2 days ago 0 replies      
is it fair to TL;DR this as "Objective-C is only hard if you've never used Smalltalk"? or is that overly glib?
cmelbye 1 day ago 0 replies      
I personally love the syntax of Objective-C. I find it very readable. I wish I could use it more often.
sgonyea 2 days ago 0 replies      
What lots of others have already mentioned.

Also be aware, there is something called "Objective-C++" which is a superset of C++.

The syntax is not "weird" unless you just don't know the language. Acclimation is part of the learning process.

In my opinion, the syntax/language is pretty great. I enjoy ObjC greatly. My main beef with it is that it's less than portable. ObjFW attempts to solve this, and is a phenomenal framework already.

kln 2 days ago 0 replies      
Rather than performAction:firstParameter withTwoParameters:secondParameter which is kind of confusing.
You should name it performActionWithTwoParametersFirst:firstParameter andSecond:secondParameter if you insist on calling your method performAction
JVIDEL 2 days ago 0 replies      
I know this is a short article meant to explain the basics but I don't like how under the History section it makes no mention of NeXT or Stepstone which were the creators of ObjectiveC.
AznHisoka 2 days ago 0 replies      
Before I took the jump to learn Objective C and iPhone development, I dreaded the huge learning curve needed. Now that I'm on the other side, I LOVE the fact it intimidates people :)
ja27 2 days ago 0 replies      
It's not that bad. A little verbose, but it's not like switching from C to Lisp or Prolog.
andr3w321 2 days ago 1 reply      
For me the most annoying thing about learning xcode/objective-c is apple tries to force you into buying a Mac.
imaginaryunit 2 days ago 1 reply      
Minor point that has always bugged me: why doesn't Cocoa have native implementations of tree data structures?
Bsnes has emulated every SNES DSP byuu.org
203 points by pkmays  1 day ago   36 comments top 9
feralchimp 1 day ago 1 reply      
Add one to the list of "people who should never pay for another beer in their lifetime":

In order to extract these programs from most of the DSPs, we had to decap the chips, scan them in with an electron microscope, and 'tweak' the processors to allow us to dump their protected program ROMs.

As you can imagine, this kind of work costs a substantial amount of money. Professional firms that do this can charge upwards of $100,000 per processor for this kind of work.

Thankfully, Lord Nightmare from the MAME/MESS project was in contact with a savant named Dr. Decapitator, with the necessary knowledge and hardware to make this possible. Even better, he was willing to do it just for the cost of the donor cartridges and supplies. This worked out to $250 per coprocessor.

kevingadd 1 day ago 3 replies      
It blows my mind that there's a SNES game out there that shipped with an ARMv3 core inside it. I wonder how much that ate into their margins?
funkah 1 day ago 0 replies      
Great stuff! I found myself missing a bit of background, though, which you can find here: http://byuu.org/articles/emulation/decap
bri3d 1 day ago 0 replies      
I love how game consoles are always providing exciting hacks - from the variety of CPUs and DSPs used in SNES cartridges to the brute-forced SHA collision exploited to hack the PSP.

For what it's worth, this is almost identical to the process initially used to hack satellite TV smartcards, except it seems that these devices had a lot less physical tamper protection (and can't be reprogrammed with a new ROM over-the-air).

I think this kind of console hack is a dying art - as process shrinks and most consoles move closer and closer to commodity hardware and off-the-shelf software, LLE and chip decapping become less and less appealing and software exploits are the name of the game.

Absolutely awesome, though - this is the kind of story I come to HN to read.

SoftwarePatent 1 day ago 3 replies      
"Yet once again, we were stuck looking at a binary blob. And this time, we had no real HLE code to go off of. Luckily, Cydrak recognized the ISA just from looking at the binary: it was an ARMv3 CPU!"

From the perspective of a software guy, this sounds very impressive. Can some hardware guy chime in and tell us just how impressive it is to recognize a CPU from looking at a binary dump?

shin_lao 1 day ago 1 reply      
Congratulations on this very difficult project.

I however think it is a prime example of great teamwork rather than open source.

Open source is a mean, not an end. We tend to forget that.

mistercow 1 day ago 1 reply      
This is fascinating, but I'm not really clear on what role the electron microscope played. Did it just allow them to see where they needed to modify the chips to allow them to dump their ROM?
scw 1 day ago 0 replies      
I found this Wikipedia article helpful in explaining the roles of the DSPs in the games that used them: http://en.wikipedia.org/wiki/List_of_Super_NES_enhancement_c...
pkmays 1 day ago 2 replies      
Can any MAME/MESS hackers tell us if we'll be seeing accuracy improvements now that this information is available. MESS is my console emulator of choice.
The all-new Basecamp is live basecamp.com
203 points by tbassetto  2 days ago   148 comments top 50
atourgates 2 days ago 3 replies      
I'm a bit behind the curve here - but now that I'm caught up, I'm concerned. When I saw the title of this article, I immediately logged into my Basecamp. Hmm, it looked the same. So I went and found their upgrade instructions. Then I learned that it's not a straight 1:1 upgrade, it's a different product. And they've dropped support for some quite important features, like, time-tracking.

My work runs on Basecamp. We chose it for two reasons, first because it did (nearly) everything we needed it to do, second, because it was being developed by a company we loved.

Now, it's completely integrated into our days to day production. We depend on it. If I walked in to work today and Basecamp was down, I might as well turn around and head home. We've let 37Signals premiere product become essential to us.

As of today, we're using their formerly premiere product. And if we wanted to upgrade to their premiere product, we'd lose completely essential feature.

Yes, they can say that Basecamp Classic will be the same great product it's always been, but it won't. Part of that greatness was innovation, and I don't think anyone believes that 37Signals will continue to innovate with a product that has "Classic" in its name.

The solution isn't hard. 37Signals just needs to be clear.

Will critical features like Time Tracking be in a future version of Basecamp, or will that requirement make us, forever, second class users? Because, I'd rather be a 1st class user at one of Basecamp's competitors than a 2nd class user at the service I've been using for the past 4 years.

webwright 2 days ago 1 reply      
The comments here remind me of Joel Spolsky's excellent 80/20 essay: http://www.joelonsoftware.com/articles/fog0000000020.html

Excerpt: "...A lot of software developers are seduced by the old "80/20" rule. It seems to make a lot of sense: 80% of the people use 20% of the features. So you convince yourself that you only need to implement 20% of the features, and you can still sell 80% as many copies.

Unfortunately, it's never the same 20%. Everybody uses a different set of features. In the last 10 years I have probably heard of dozens of companies who, determined not to learn from each other, tried to release "lite" word processors that only implement 20% of the features. This story is as old as the PC. Most of the time, what happens is that they give their program to a journalist to review, and the journalist reviews it by writing their review using the new word processor, and then the journalist tries to find the "word count" feature which they need because most journalists have precise word count requirements, and it's not there, because it's in the "80% that nobody uses," and the journalist ends up writing a story that attempts to claim simultaneously that lite programs are good, bloat is bad, and I can't use this damn thing 'cause it won't count my words."

jashkenas 2 days ago 2 replies      
It's fun to poke around under the hood a little bit, and look at parts of the internal API:

    > Object.keys(bcx.models)
["PersonOrGroup", "Bucket", "BucketAccess", "Calendar",
"CalendarEvent", "Project", "Person", "CalendarDisplay", "Todo"]

> Object.keys(bcx.models.Todo.prototype)
["constructor", "isAllDay", "isTimed", "urlRoot", "getBucketPath",
"showPath", "bucket", "doesOccurOn", "doesOccurOnOrAfter",
"doesOccurBetween", "getDueDate", "summary"]

shimonamit 2 days ago 1 reply      

I want to migrate, but...

> Basecamp Classic and the new Basecamp don't offer the same features, so some data in Classic won't make it into the new Basecamp.

So maybe I'll stay. But wait...

> Will you continue to improve Classic? The majority of our design and development efforts moving forward will be focused on the all new Basecamp, but we'll continue to support Classic as long as customers continue using it. We expect that to be for many many years.

Maybe. Maybe not. The web moves very quickly you know. New browsers, standards, security risks etc. I can think of a million and one reasons Classic will get EOL'd sooner rather than later.

This is certainly faithful to their backwards compatibility intolerance. The new product couldn't be bound by the "burden" of the old. Now I the customer am left with a very distasteful choice to make.

thehodge 2 days ago 5 replies      
Looks like they have got rid of the free plan...

(I'm not saying this as a negative thing, it's going to be really interesting to see the response to this, I know there was a blog post a while ago saying there hardly anyone on the free account upgraded) I'm using a free basecamp account but we only have one project and $20/$25 is just a little much for that a micro plan at $10 would be awesome :) )

gr366 2 days ago 3 replies      
I notice the new version is running on basecamp.com. The old version is at basecamphq.com and 37signals always made a point about the domain not mattering as much as the product name. I imagine there's a follow-up to that saying that if your product becomes successful there's nothing wrong with going and grabbing the pure domain (thinking Dropbox, Instagram and others. Or basically the opposite of Color.)
tchock23 2 days ago 2 replies      
Am I the only one here who thinks they've actually done a good job with this transition? I've been a long-time (paying) user of Basecamp and the entire 37 Signals suite, and I think Basecamp needed to be revamped long ago.

I actually like that they've created a brand new experience/product, and have given everyone ample time (90 days) to evaluate whether or not they like it. I also thought the FAQ was clear, and the transition process was well explained.

As for the loss of time tracking that a few people have complained about... If you're really that serious about time tracking, you shouldn't be using the extremely limited time tracking capabilities of Basecamp Classic anyway. We use Harvest and integrate it with our Basecamp account, and it's a perfect setup for us. I always thought time tracking seemed like a "nice to have" feature of Classic.

jasonfried 2 days ago 0 replies      
mef 2 days ago 1 reply      
I enjoyed the ad for wysihtml5 in the console on pages that use it. "Heya! This page is using wysihtml5 for rich text editing. Check out https://github.com/xing/wysihtml5

First time I've seen that, but makes sense for an OSS project to promote itself to people who would have the console open, i.e. devs.

stdbrouw 2 days ago 0 replies      
I'm surprised to see people complain about the copy. Is "The majority of our design and development efforts moving forward will be focused on the all new Basecamp, but we'll continue to support Classic" really that hard to understand, let alone disingenuous? Is it, despite it being mentioned a zillion times in the FAQ, so tough to understand that they've cut some features and that therefore the upgrade won't make sense for everyone?
zavulon 2 days ago 2 replies      
No milestones? What are we supposed to use instead of it? Our workflow heavily depends on them ..
redguava 2 days ago 1 reply      
Their new pricing page breaks many of the "rules" for getting conversions (eg. clear call to action). It will be interesting to see if they blog about the results of it.


stdbrouw 2 days ago 0 replies      
So, no API yet. The neat thing about client-side apps is that they force you to craft a great API from the get-go, because you'll be using it extensively in your own application. DHH was talking earlier [1] about how client-side MVC isn't a great developer experience and consequently why they avoided it for Basecamp Next, and I sympathize with that decision, but I wonder how great of a developer experience it is to have to develop a server-side app with various AJAX-related endpoints and then having to go back and develop a full-fledged API... instead of doing just the latter.

[1] http://news.ycombinator.com/item?id=3603680

Hates_ 2 days ago 3 replies      
Is there a way to migrate existing Basecamp accounts over? I can't seem to find anything on how to do it.
revorad 2 days ago 0 replies      
It's funny to think Trello is now competing with Basecamp by "underdoing the competition"!
Maro 2 days ago 0 replies      
It's really nice how the 37s pages use type for design. Other sites would use images much more to get the same level of design across. It's really neat.
netmute 2 days ago 2 replies      
Great, they basically removed all the features we use in Basecamp Classic :)
ry0ohki 2 days ago 0 replies      
Wow lots of team members (32?) at 37Signals these days!
mweibel 2 days ago 1 reply      
I didn't use basecamp before and I'm just testing a little bit. Seems to be quite fast.
What I kinda don't like: If you click on e.g. a discussion, a modal-window-like layer pops up where the discussion is displayed. Now how can I go back? First I was quite unsure how to do this without clicking on the browser's-back button.
Then I figured out that you can click out of the layer and the layer disappears. I think there's a need for a "close"-Button..
cfontes 1 day ago 0 replies      
Is it possible to export data from it ? because I just found out that there is no free plan, and I already added a bunch of stuff to the Next version... (felling really stupid).
mdg 2 days ago 0 replies      
cool, so does this mean the month-long campaign 37s has been running on HN can come to an end? I prefer to be marketed to by only YC-backed startups.
mikemoka 2 days ago 1 reply      
I am sure they A/B tested the new design, even though it appears somewhat less effective on a first look.
tlogan 2 days ago 0 replies      
Does new Basecamp has an API?

We use a Gmail contextual gadget to create Basecamp todo from emails so I wonder if that is going to work.

alberth2 2 days ago 1 reply      
Does anyone else find the marketing on basecamp.com shaddy?

It says on the front page:

projects managed with Basecamp

rock-solid uptime reliability record

of customers recommend Basecamp

Yet all of those stats are for the legacy Basecamp Classic product and not for this brand new product they created, which has a completely different code base, which was just released TODAY.

tmgleb 2 days ago 2 replies      
Where did timesheets go? Has anyone been able to find time tracking?
alpb 2 days ago 1 reply      
Just finished reading Rework. in that book they usually tell that they rarely implement new features because most of them are redundant for most of the users and only a few would benefit out of this. Personally,I am not a Basecamp user and I really would like to learn what's new.
andycroll 2 days ago 1 reply      
Interesting that they've taken an new approach to SEO for their feature pages... a long list of vaguely project management named pages.
aymeric 2 days ago 0 replies      
Wow, I love the attention they paid to details.

If you click on the blank project boxes behind the Red Marker "Welcome" text, the Add Project bounces to attract your attention.

tho 2 days ago 1 reply      
Old Basecamp was not being improved actively anyway. It took them 5 years to add deadlines to to-do's, for example.

The new product reminds me (even in the name) the failed NeXTSTEP operation systems. The incompatibility with existing solutions was part of it. Basecamp Next is not an upgrade, but a new product. It does not have the same set of features, in fact it has even less (time tracking, milestones, etc). Free accounts are also dropped out, as it seams. Old browsers like IE7 do not seam to be supported... A lot of things are going against what J was preaching all those years.

I can see Basecamp fans buying it, but if I would be a new user and I would check their website for the first time (that is also designed with you already knowing about Basecamp in mind) I would ask myself "why would I pay $20-$150 a month for a product with so few features"). It's a nice to-do list, but the users got smarter and the market moved forward - users need more features, not just a one-page project page (Google Docs can do half of it out of the box and for free).

manuzi 2 days ago 0 replies      
great new simple and neat design.
and the copywriting seems even more direct and to-the-point.
well done.
marcusbrown 2 days ago 1 reply      
What about the API? Is it still going to be supported in the new Basecamp or will it remain just for the classic Basecamp? I really hope there will be some kind of continuity where the data structure make it possible.
Beside this, it looks really clean and fast. I like it! :)
shearn89 2 days ago 0 replies      
is it just me, or is the stylesheet 404'ing?


EDIT: Told the team about it in a ticket, JIC.

chadhietala 2 days ago 0 replies      
Are they using pjax or something like it for the marketing site. I know you had mentioned that's how the application works. Just wondering if there are any plans of open sourcing that.
overshard 2 days ago 0 replies      
No time tracking makes this completely useless for my company.
wwdevries 2 days ago 0 replies      
Congratulations to the 37signals team on launching the all new Basecamp. Just migrated our projects from Basecamp Classic and it's working beautifully.
Rulero 2 days ago 0 replies      
I'm not a big fan of it, I think I will stick to Basecamp classic or develop my own solution very shortly.
livejamie 1 day ago 0 replies      
Any recommendations for alternatives?
hugorodgerbrown 2 days ago 0 replies      
It's looking great - easy migration, super-fast. Congrats to all involved (no humans.txt?)
jtarud 2 days ago 1 reply      
It appears they just bought basecamp.com as well. It's been basecamphq.com for a while.
TimothyWayne 2 days ago 0 replies      
37signals, have you had a SSAE 16 attestation (newer version of SAS70) performed yet on this new product yet?

I ask because my corporation can't use Basecamp unless this new product has coverage.

philip1209 2 days ago 0 replies      
No more free tier?
tho 2 days ago 0 replies      
samgranieri 2 days ago 0 replies      
A job well done to @jasonfried, @dhh and the 37signals team!
stuartmemo 2 days ago 0 replies      
Looking forward to their numerous blog posts talking about how good their new design is and how shit you are for not doing something the way they do it.
pgdev 2 days ago 0 replies      
Looking forward to moving across from "Classic" ;)
alberth2 2 days ago 2 replies      
System Down!


Not sure how 37signals can claim 99% uptime when on the first day of launch, it's not working.

johnx123-up 2 days ago 1 reply      
Is it still on Rails (or Node.js)?
alberth2 2 days ago 1 reply      
Free plans by using a test credit card # (e.g. 4111111111111111).

It works.

Good job 37signals. You instill so much confidence in your in attention to details in your product. Much like the recent known Rails security vulnerability that you never addressed and now Github was compromised as a result.

jacobr 2 days ago 1 reply      
If your company is completely dependent on Basecamp, how come you haven't tried the beta already, and given feedback?
Drbble 2 days ago 1 reply      
Next time you gear up for a major upgrade, try less time blogging for HN, more time talking to your users about the features they care about.
LulzSec brought down by own leader foxnews.com
195 points by techinsidr  2 days ago   130 comments top 29
JonnieCache 2 days ago 4 replies      
I reckon a huge proportion of blackhats in the scene are working for the feds.

Some kid with no record gets thrown in a van by men with guns, and the full force of police psychological manipulation is brought to bear on them. They get told they're irrevocably destined for a lifetime of being brutally raped in the showers.

Is it any surprise that these young men with no experience of foul-play or maliciousness outside of the virtual world fold and turn informer with such regularity?

If I were an active blackhat, I wouldn't talk to anyone, ever. I wouldn't even invent a pseudonym, that's the first step to ending up on fox news.

EDIT: Eric Corley, publisher of 2600, thinks it's one in four: http://www.guardian.co.uk/technology/2011/jun/06/us-hackers-...

hack_edu 2 days ago 2 replies      
Funny tht right around the time he was arrested, Lulzsec declared they were done and sailing off in their Lulzboat. Then they reappeared a few months later, probably started back up after Sabu went to the narcs. Luckily this was only after Anonymous put together their new decentralized teams that do the footwork now. Lulzsec is just a name now, very little work is done by their namesake anymore.

The writer is a bit confused. Topiary was caught way before this round of arrests.

Also, there has been a significant belief for months now that the "Real Sabu" disappeared and was (maybe) arrested, or that he was never an individual but only a name the group used for PR. Finally, there is significant doubt that Kayla is a single individual as well.

ebbv 2 days ago 3 replies      
Oh Fox News. Even when reporting on something legitimately interesting and out of the ordinary, they have to use very un-journalistic phrases like "...allegedly commanded a loosely organized, international team of perhaps thousands of hackers..."

"Perhaps thousands"? Perhaps millions! Perhaps five. Ugh.

driverdan 2 days ago 1 reply      
As a former blackhat and ID thief who used to spend a lot of time in "underground" chatrooms and forums this doesn't surprise me at all. This is a standard pattern LE follows. Start with small arrests, work your way up, get someone at the top level to be an informant, take everyone down. Works for any type of group.

This always works because people are foolish and too trusting. The best rule is to assume everyone is LE trying to catch you. That means never revealing info that can lead back to you, never telling anyone personal info, your general location (eg the weather), always using 7 proxies, etc.

People who don't break the law would probably be surprised how much personal info crackers give to their online "friends". Less so on fraud forums but it still happens.

As some other people mentioned read "Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground" for more info on how LE works. The FBI took over a few carding forums and Secret Service also had high level CIs.

knowtheory 2 days ago 0 replies      
This is a pretty impressive rollup by the Feds.

Seems like an inverted flipping maneuver. Rather than starting with the small fish and cutting deals up to the top, they hit the ostensible mouthpiece/leader and wraps up all of the other folks in the org so that it doesn't splinter off and create successor orgs.

tlear 2 days ago 3 replies      
We are still in the stage of these groups being very amateurish. It will take few rounds of purges until really committed+careful+smart organizations emerge.
alecco 2 days ago 1 reply      
From the rt story:

> Monsegur pled guilty to several charges of computer hacking conspiracy, for which he could receive a maximum of 124 years behind bars.

That's what a serial killer would get. US law is ridiculously tilt to corporations.

kyledrake 2 days ago 4 replies      
This article claims billions of dollars in damage. If this is what the FBI is saying, they are wrong. Lulzsec damages don't even approach a million dollars, most likely. Billions of dollars is how much money it costs to do things like provide universal health care for a small state. The FBI should investigate real cases and not treat a bunch of merry pranksters like they're a bunch of super terrorists.
jcromartie 2 days ago 1 reply      
> the unemployed, 28-year-old father of two allegedly commanded a loosely organized, international team of perhaps thousands of hackers

Sounds like he was pretty busy.

upgrayedd 2 days ago 1 reply      
So these dox were accurate after all?


codesuela 2 days ago 0 replies      
No surprise here considering that 25% of hackers cooperate with law enforcement[1]. These people aren't hardened members of violent crime organisations like Gangs or various mobs and are probably very easy to "break". On the other side hackers tend to trust each other way to much and share personal details inside their group which makes infiltration very easy. Sure you can be behind 7 proxies when you hack something but that doesn't matter as soon as you start talking to your hacker buddies about your personal life without using OTR or even bothering to sign into chat services with a proxy. As soon you start sharing details about how you're in love with a girl or that you feel depressed or you are about to order pizza at place X it's pretty much over for you.

These hacker groups are like a clique a social circle of friends but most "hackers" don't think that their "friends" will rat them out in a second. Most of them probably have never been interrogated or even any contact with law enforcement and therefor very easy to intimidate.


st3fan 2 days ago 0 replies      
"The offshoot of the loose network of hackers, Anonymous, believed to have caused billions of dollars in damage to governments, international banks and corporations..."

Wait .. what ... !?

We are talking about those guys with The Love Boat theme right?

tokenadult 1 day ago 0 replies      
The Fox News reporting can be supplemented by the official FBI press release on the arrests:


phear 2 days ago 2 replies      
shocker... but like anonymous/lulzsec continuously said, you cant kill an idea. another group doing it for the lulz perhaps soon or later will come up
calibwam 2 days ago 1 reply      
Working with the FBI for the lulz?
pimentel 2 days ago 0 replies      
Having read Kevin Poulsen's 'Kingpin', one could not expect a different result.
feralchimp 2 days ago 0 replies      
It will be a while before we have a real sense of how "crippling" this rollup really was.
vetler 2 days ago 0 replies      
No honor among hackers?
ohashi 2 days ago 2 replies      
I wonder what will happen to Sabu after this?
gavinlynch 2 days ago 1 reply      
One question: If the FBI knew of additional hacks that could expose things such as customer credit card numbers, should they have intervened? Did they intervene?
cygx 2 days ago 0 replies      
So did someone from 4chan actually phone the FBI as threatened last June?

See http://i.imgur.com/HlHnJ.png if you don't mind coarse language...

wladimir 2 days ago 1 reply      
It's strange that it was revealed at all whether he works with the FBI. Is that normal? Why not keep it secret for somewhat longer to catch even more hackers? Exposing him as informant could also bring his life in danger.

This makes me doubt the truth of the story a bit.

mellifluousmind 2 days ago 1 reply      
Well, you can pretty much imagine how it went down. FBI caught up to him with threats like "eh..you are unemployed, and you still have two kids. You want to see them in foster care system?" ... well, no surprise there. too many buttons that FBI can push on this guy
mhurron 2 days ago 1 reply      
What an ass.
colbyh 2 days ago 0 replies      
Is this the ultimate troll move?
werdnanoslen 2 days ago 0 replies      
They defaced a few websites and stole plaintext/unsalted databases, and Fox makes them sound like terrorists. How surprising.
KarlJakober 2 days ago 0 replies      
Can someone image link so I dont have to go to fox news?
nakkiel 2 days ago 3 replies      
Any idea why they don't mention the nationality of Hector Xavier Monsegur? His name sounds like Spanish or French but it could be otherwise. In the end, it's confusing and I can't really get a geographical idea of the Lulzsec thing.
tannerburson 2 days ago 2 replies      
So a guy hacks github, he's a hero. A guy hacks a bunch of media organizations, and he's a villain. I really don't understand the groupthink these days.

How is one of these okay, and the other not?

Securing Your Domain Against Seizure: Where Is Safe to Register a Domain Name? gun.io
191 points by Mizza  1 day ago   74 comments top 24
redthrowaway 1 day ago 5 replies      
I take issue with the author's criticism of .is. They've recently told most of the world to go fuck themselves, and one of their members of parliament is a Wikileaks spokesperson. I'm thinking they're pretty pro-freedom.
kijin 1 day ago 3 replies      
UAE and Palestine? Seriously? UAE has a questionable track record insofar as journalistic freedom is concerned. It ranks #112, below Liberia and South Sudan, in RSF's Press Freedom Index. What if one of the Emirs is offended by what I post on the site? Palestine ranks #153, not to mention you'd have to take Israel into consideration when you do anything Palestine-related.

Gandi.net is an excellent registrar, but I'm not sure about them anymore since they now operate in the UK and US as well. They even have a US-incorporated subsidiary.

drats 1 day ago 2 replies      
I think a distributed .alt where people can have a "backup" of their domain would be nice. gun.io with gun.io.alt running concurrently on the distributed system. It would be a nice reference to the alt.* Usenet split in response to attempts to control it. The underlying technology and how to arrange it is another question though. Edit: Mcantelon's reference elsewhere in the thread to namecoin looks like a good start http://dot-bit.org/Main_Page
JBiserkov 1 day ago 1 reply      
How about .eu? An obvious choice for any European company planning to expand beyond national borders.

EURid European Registry for Internet Domains) is a non-profit organisation established by the European Commission is a consortium of three European ccTLD operators: DNS Belgium (.be), IIT-CNR (.it) and NIC-SE (.se).

Am I missing something?

shingen 1 day ago 2 replies      
A lot of this comes down to how badly the Feds want you. Another domain might buy you a thin buffer of protection, but if you're doing anything that really irks the US Government they'll go to great lengths to get you. They got the Swiss to burn a lot of their treasured banking privacy customs just to flush out off shore accounts. If you can get the Swiss to do that, you can get most any country to seize a local domain with a fraction of the pressure.
rmk2 1 day ago 1 reply      
I think the article forgot its own criteria half way through...

> Countries with military mutual defense agreements (NATO, etc).

And then he continues to name both Sweden and Norway...Norway is a NATO-member (though not part of the EU, just the EEA), and while Sweden is not a NATO-member, it is an EU member state, which means it is involved in EU-defence just as well...(and even though Iceland's economy has recovered well, they are also a NATO-member) Norway is definitely not militarily neutral, since they have troops in Afghanistan.

He also doesn't give a definition for what a "small"-sized or a "medium"-sized country is...

[edited for clarity/spelling]

kgo 1 day ago 1 reply      
If you look at this as an uptime issue, it has the same answer as any other uptime issue. Redundancy.

A single server isn't good for uptime because when it dies you're screwed. At the next level, a single data-center only gives you so much uptime because if that data center goes down you're screwed.

Same thing here. Any single TLD isn't safe for any number of technical and political reasons. If you want to be safe, register multiple tlds with multiple entities so you have redundancy.

drucken 1 day ago 0 replies      
Interesting article.

Shame he did not cover or mention directly the highly popular .EU domain which has no particularly strong requirements.

While individual EU countries may fall under the NATO/ECHELON agreements under varying degrees of importance (Germany for example it is likely highly irrelevant), internet infrastructure tend to be well-protected at the EU level.

mcantelon 1 day ago 0 replies      
Non-centralized approaches like Namecoin will be more likely offer DNS security than the establish approached.
pessimism 1 day ago 5 replies      
Speaking of gandi, a while ago, I ran into some problems logging in to their site, and I"finally"got this response from them by e-mail:

    Hello again pessimism,

Our password field supports only passwords up to 16
characters at this time. All longer passwords
are truncated.

If you have any further questions, please let me know.


Tier 1 Tech Support
Gandi US

I checked in with @theharmonyguy who says this is a pretty bad thing, and I originally intended to do an Ask/Tell HN post about it, but life got in the way.

What are your thoughts on this and its implications for using gandi?

plainOldText 1 day ago 0 replies      
I have a curiosity. Would it be better to register a domain as a person or as an organization? Are there any major differences in liabilities associated with each entity? (And I'm thinking .ch and the like domains. I don't think for .com would make any difference.)
twentysix 1 day ago 0 replies      
UAE, Singapore and Mauritius are all small countries. Singapore and UAE have a cozy relationship with US and the media is heavily regulated and controlled by the government in both countries. UAE even blocks Skype.

I dont think the top level domains of these countries are secure at all.

joejohnson 1 day ago 2 replies      
Can anyone explain why these domains are usually so much more expensive that .com domains? I just looked at .se and most of those run almost $40/year. It seems like demand would have .com domains priced higher than these cc-TLDs.
codesuela 1 day ago 2 replies      
If you want a bulletproof registrar that doesn't bow under pressure and with competitive pricing go for http://internet.bs/ yes they have their offices in the bahamas). Also free whois protection is included AFAIK
EGreg 1 day ago 2 replies      
Or simply register your own tld if you've got hundreds of thousands of $ lying around :
ragmondo 13 hours ago 0 replies      
How about... we start a kickstarter. Target 200k of which 185k is used for the application for a gTLD and the remaining 15k is for setting up an INC or LLP such that all those who have contributed can register as many domains as they want for "cost" (whatever that works out to be).

Obviously the exact gTLD we chose is subject to a bit of democracy, voting etc etc but I'm sure with a bit of an open forum then they'll be an interesting debate.

Nyr 1 day ago 0 replies      
Internet.bs is a good choice if you want a safe domain name registrar. They are based in the Bahamas and the staff is composed by people from Europe and South America.

Getting a "secure" swiss domain name with a registrar in the USA isn't probably the best idea ;)

mixmastamyk 1 day ago 1 reply      
I've got a .co on namecheap now. No controversial plans but curious as to how safe it is.
vaksel 22 hours ago 0 replies      
nowhere is safe...if you become a problem they'll eventually come for you
tlack 1 day ago 0 replies      
This is a great resource. But where should we locate our actual application: where should we host to avoid seizure?
kzrdude 1 day ago 1 reply      
I would go with anything .ch
instakill 17 hours ago 0 replies      
What about .co.za?
Ecio78 20 hours ago 0 replies      
What about .to ?
freejack 1 day ago 1 reply      
This is getting a bit silly. Unless you are running a gambling, torrent or porn site, just get a .com and worry about more important things in your life. Asset seizure is something that drug dealers, not startups, should be worrying about.
Sencha Touch 2.0 sencha.com
195 points by creativityhurts  2 days ago   39 comments top 13
unoti 2 days ago 1 reply      
I've been using PhoneGap and JqTouch. I tried using JqueryMobile, but I had trouble getting some things working, and found that jqTouch just worked easier and faster for what I was trying to do.

But then I found that I'm kinda having to roll a lot of my own UI elements, using old school CSS and Javascript. I'm combining iScroll (a javascript scroller for touch drag scrolling). It's all very interesting and exciting, but it certainly feels like more of a "Research" project and less of a "Development" project, because there are no real models of how things are done to look at. I feel like I'm constantly blazing a trail of semi-undiscovered country.

It looks like Sencha is taking a different approach, and implementing some of these UI elements in native code, with different implementations on different platforms, rather than it being just a traditional DOM app?

raimondious 2 days ago 1 reply      
Looking at the source code of the example projects, it seems that Sencha Touch continues to use HTML/JS/CSS as a development environment for native apps, not to be used on the web in any other way than as mobile apps. For instance, a search engine cannot read any content presented by a Sencha app, unlike a jQuery Mobile app. To me, this makes their description of Sencha Touch 2.0 as an HTML5 framework disingenuous. All attacks that have been made against Flash for compromising the accessibility of content for a slick user interface can be levied against Sencha Touch. Can this be avoided?
navs 1 day ago 0 replies      
Painfully slow on my Samsung Tab 10.1 running Android 3.2. It even crashes on the stock browser.

Also, for some weird reason I can't view the main content on Sencha's site.

Joeri 2 days ago 0 replies      
I'm currently working on an offline web app based on ST2. So far the experience is positive. Since the framework is easy to add into a html5 appcache manifest, it's relatively easy to turn it into an offline app. The ui components are very high quality. I'm also really digging the mvc architecture with device profiles, which let you adjust your views for tablets or phones with common models and controllers.

Ofcourse it's not a native app, and you can tell. Fidelity is the downside of using ST2 instead of native. The upside is easier deployment (it's just a web app), and ios, android and blackberry support from a single codebase (windows phone is coming, but not ready yet).

dreamdu5t 2 days ago 2 replies      
A bloated, poorly documented, needlessly abstracted 300KB mess with slick marketing.

Don't waste your time: Grab iScroll and roll your own mobile webapp.

phzbOx 2 days ago 8 replies      
About performance.. or more importantly "feeling", how does it compare with native iphone app? I.e. does it have a 2 secs lag on everything that is clicked, etc.
evanm 2 days ago 1 reply      
Good stuff. We use ST for everything and have anxiously been awaiting this release.
CptCodeMonkey 2 days ago 0 replies      
So far been fairly happy with SC2, my client has built a proof of concept app that probably pushed the limits of the framework for controllers/models/views/etc but it's still performent on most of the iOs/apple devices.
petenixey 2 days ago 0 replies      
Nice work John ;)
krmmalik 2 days ago 3 replies      
Anyone here who has used both PhoneGap and ST? How do they compare?
jstsch 2 days ago 1 reply      
Using ST2 for one of our apps, running within Phonegap. Performance is so-so. No match for native. Pretty easy development though.
5vforest 2 days ago 1 reply      
I wanted to try using "The Watch List", one of the new example apps Sencha developed, but lo and behold, "Sign in with Facebook" is the only option. When will the madness end?
patja 2 days ago 1 reply      
What is up with the use of the font "klavika-web-1" on their site for <h2> styling? It renders pretty ugly in Chrome.
       cached 9 March 2012 03:11:01 GMT