The ReadMe, build process, and licensing instructions all point towards this being a well planned Open Sourcing of a product.
I'm pleased with this, and hopefully it will spur development of TM2, allowing it to truly compete with the up-and-coming Sublime Text 2.
No Vim or Emacs style brilliantness, no BBEdit style tons of features and mature engine, no IntelliJ like, er, intelligence, no ST2 comprehensiveness, etc etc.
Plus, the Textmate 1.x text engine was probably a mess too -- I remember the very first versions being laggy (and that's coming from someone who doesn't find even Eclipse laggy). That he couldn't easily fix the one-character-undo is another pointer to that (and, for all I've seen, the 2.x engine is not that better).
It's main saving grace was the many extensions it had, and looking half-decent and native on OS X. Basically, it caught on because it appeared on the right time, and appealed to OS X users like web programmers etc, that wasn't old-time unix buffs, and wanted something native looking without forking for BBEdit (which itself was/is Carbon based and with a custom text display widget).
I don't think Textmate deserved all that success --it should have happened to a better editor.
Allen is a great guy and I love TM. However, here are some facts. TM2 has taken SIX YEARS. It was "90% done" 2009.
This is a living, breathing case study in why quick customer-driven releases are better than "big upfront plans" and "giant system rewrites." Anyone who has developed a major application knows what I'm talking about. These "big rewrites" almost always take much longer than expected, as has clearly happened here.
I have learned to listen to what your customers want, and just build it. Develop it in a few weeks, release it, and then ask again what your customers want. Some people call it "customer-driven development" and I think that's a good way of phrasing it.
I wonder if there is still enough interest in the app where people will contribute all of the community's desired changes -- I hope there is.
Am I one of the only Textmate users who feel that Sublime isn't the right "upgrade"? I much prefer Chocolat or Vico as they feel more like native OS X applications.
Can we save the editor wars for another thread and maybe, just maybe, actually talk about the code?
TM2 alpha didn't fix it. Gave up.
Not sure why this is supposedly so much better than ST2. I've got a Go(lang) bundle installed and a theme that I prefer over my current ST2 theme, but I like the file browser, tabs and menu layout better in ST2.
The latter would of course be great, the former rather sad from a user perspective since most former closed source apps do not survive for long after a switch to open source.
It's good to see that they are sharing their hard work with the community but it's sad to see a legendary text editor basically die!
Now I can code that myself (oh joy :)
Does anyone else have that issue?
First â" the photo that is used as "evidence" caught my eye quickly because it is clearly poorly processed/improperly exposed. There is no black point and that's a bad thing for the image; which leads me to say â" you can't make the sweeping generalization that black is always bad. It's not â" and the work of one pop art painter and a bad bit of photography isn't substantiated proof.
If you want to actually make something meaningful out of this, you'd actually push hard on the idea that too much contrast is a bad thing. Black isn't bad. Heavy contrast can be. Instead, get down to the root reasons that we have issues with contrast â" in short, we're wired to notice differences in color or brightness than we are for absolute values of color or brightness. As such, it's not about one color, it's about the contrast.
Check out Jeff Johnson's Designing with the Mind in Mind: http://www.amazon.com/Designing-Mind-Simple-Understanding-In... or Colin Ware's Visual Thinking for Design: http://www.amazon.com/Visual-Thinking-Kaufmann-Interactive-T...
Both of those do a much better job at explaining the hows and whys of the average person's visual perception.
I don't mean that I didn't know you could enter hex numbers for colors, I just didn't realize that when I wanted a "black" border, #888 makes for a much less jarring border than #000...and this is critical if you have a lot of bordered elements.
I would agree that when painting a shadow, you will likely find if you look carefully that it is not black, but in web design color is different and design has different goals to painting. The former is about clarity and function, the latter is expression and feeling.
In rebuttal to the argument, there are several hundred years of printing that seemed to have moved western civilization forward quite nicely that was black on white.
#000 on my screen isn't black either. It's dark grey.
Doesn't this mean avoiding #000 for design aimed at screen display cause you to avoid pure black twice, and thus just reduce contrast? Perhaps that's what you want, and what looks better. But it isn't because #000 is pure black, because no screen can achieve that.
Art: don't use the color black (or build up to it.) Good tip from "childhood art teacher." Another way of putting it: don't use black unless you know what you're doing.
Design: black is the strongest color. (The three strongest colors in design are black, white, red.) However, don't use a black background with white text (or any other color text on a dark background; bad readability). If your design isn't working in black and white, it's not working.
If you're building something that people will read, make it easy for them to read.
One helpful tip: "warm" colors jump out at you, and "cool" colors recede away from you. You can use this to your advantage when designing buttons, or even when working with typography.
More detail in this article, "Why Monet Never Used Black": http://www.kadavy.net/blog/posts/d4h-color-theory/
rgb(255,255,255) is the brightest color value you can have on the screen and colors like rgb(255,0,0) don't really pop against it because they're dark in comparison.
Enormous pixel art thread: http://forums.tigsource.com/index.php?topic=167.0
Also, all of the articles on your website link to this story. Great reads.
Which is not to say that #222 wouldn't be easier on the eyes.
Also, given the overall temperature of an image, it can be just as high-contrast to use a color on the opposite end of the color wheel.
Either way, these are style decisions, which are highly subjective.
For starters, http://www.smashingmagazine.com/2010/01/28/color-theory-for-...
In all my development environments where i'm coding for hours on end, i always find black background with white text to be far superior in terms of readability. I wish everyone had AMOLED screens (even on our desktops) so using black had more of a real purpose.
1.) I'm not taking "design tips" from someone whose site takes so long to load on a slow connection.
2.) Obviously the author has never been in a cave and turned all lighting off. Cave darkness is a complete and total absence of light & color save for black. This color IS NATURAL!
3.) In the spirit of the "green" movement, doesn't the use of black equate to less power consumption? (Remember http://www.blackle.com/ "energy saving search?")
That said, I'm sure that the author is vastly more artistically talented than I, as I can't even color within the lines in my grandchildren's coloring books!
It's for the people who desperately need things like bootstrap.
I didn't know that, looks horrible to me.But either way a somewhat good read in general.
otoh if you take antialiased font it will NEVER be really black anyway. and people who use bitmap fonts for long hour coding sessions just because it feels better, causes less headaches etc. will tell you that you can take your advice and ... ;)
As such I would actually go as far as to prefer a site that requires (first-party session) cookies to one that doesn't.
A suggestion - rather than rating "A" through "E" why not change to the more recognizable (for US audience at least) scale of "A through F" (A/B/C/D/F) which we're all mercilessly trained to recognize through years of school grades?
"E" as your worst rating confused me at first glance - could be interpreted as "Excellent"
It's one of those tradeoffs you make where you trade a tiny fraction of risk (e.g., that somebody might break into your system and steal the exact cat photo that one high profile blogger was embarrassed to have uploaded) so that you can have an easy fix for the dozens of emails you get each month from people who accidentally deleted the wrong photo and can't believe you deleted it even though I told you to and I'll sue you because that's ILLEGAL!
Definitely not worthy of a big red X against your site, since it's the only sensible choice.
Companies in the EU, are required to do various things under EU data protection law. E.g. they are legally required to protect your personal data, they can only use the personal data for things you agreed to, they must tell you what data they keep on you if you ask, if they are wrong and you tell them, they are legally required to update the data, there is a national body that is legally empowered to tell a company to stop doing a thing/delete data if they are in breech of data protection law, if they suffer a data breech they are legally required to inform users, etc. All of these things are good for users.
Some companies (e.g. those entirely in the USA) are not bound by these. Some companies (e.g. those entirely in the EU) are bound by this. Some companies (e.g. Facebook) say "If you're in the US or Canada, you're under US law, if you're anyone else, you're under EU law".
I imagine this would be particularly valuable as a browser extension.
This seems like an excellent way to deal with this issue too!
I could understand lack of support for IE7 (or perhaps crappy formatting), would raise an eyebrow at lack of support for IE8 (given the nature of the domain and that there's no compelling reason for a lack of graceful fallback in this case), but lack of IE9 support is a bit... suprising.
I certainly hope the team plans on addressing this, otherwise you're cutting a large chunk of browser users out of the picture for (from what I can see) no compelling reason related to the technical requirements of the kind of content you are delivering.
If enough people are aware of the terms it will exert pressure on providers to be more open and reasonable with their terms.
Of course whilst many free services might argue they have more leeway in imposing stricter terms, this still doesn't justify certain treatment of users.
Providing a summary of terms in a standardised manner will also make it much clearer where one particular service deviates in an unreasonable fashion.
In particular, user data and usage of third party cookies would be two categories where it would be good to get visibility.
What's the plan as terms of service change over time? Some greens might become redundant.
Edit: Take the domain and put it to good use, I no longer own it and it beats tos;dr!
Both labels could be changed to "Notification of data requests", and a user would have the benefit of knowing you were comparing the same thing across multiple sites.
As it stands it's hard to compare a sites rating.
Another (possibly more prominent) example: Github has "You don't grant any copyright license to github", right below that SoundCloud has "You stay in control of your copyright", and below that 500px simply has "Ownership".
Assuming those all refer to the same thing (owning your data/copyright), a simple, "Copyright ownership" would be much clearer and unbiased copy.
Does anyone else think TL;DR is a terrible replacement for "Abriged:" or "Summary:"?
So, +1 for tos-dr for letting me know, and a potential extra +1 if they help us get GH to change this policy. I'm going to let them know this matters to me, I hope others here will as well.
That being said, use the same categories for each company, don't re-write the description based on how good/bad it is. It would be far more useful for creating a table (which would also be a great way to organize this information, businesses looking to improve the transparency of their ToS would need only look at top scored candidates to find inspiration).
Draw the pretty colored lines after you grok the concept.
It goes downhill for me as they try to get more technical, redefining the way the encyclopedia is edited and organized. Drag and drop reformatting of article layouts? Really? Don't the best Wikipedia articles tend to be conformant to template layouts?
Wikipedia is not Digg. It does not have, as its primary goal, the delight of random web users. They are doing something bigger than that.
I'm also not a fan of the branding idea. First, they've confused Wikipedia with The Wikimedia Foundation. The two aren't the same thing. The branding they propose makes sense only for the latter. Second, they're trying to do that organic living logo thing that has become ultra-trendy lately (just read Brand New Blog to see it done well); "as Wikimedia evolves, the little lines in the logo will change". Well, maybe, but the relationship between Wikimedia top-level properties doesn't change all that regularly, nor does it meaningfully change depending on the context. Nor does the aggregate set of lines between properties draw an appealing or meaningful picture.
Also the capital "I" in the font they're using is killing me.
However, this person has some legitimately great ideas. I love how the design is far more reader-centric. I'm not sure why I need a history of articles that I read (browsers do that very well these days), but the 'highlighted' text is a cool idea. You can start thinking about the site as helping you research things, keep a scrapbook of snippets. I love it.
The front page redesign: believe it or not, the multiple languages are the most important thing to highlight. Wikipedia's global audience often uses that system to navigate between encyclopedias. They also often use Google to find the English article, and then look for an 'inter-wiki link' in the margin to an article in their native language.
It looks like there's a lot of cruft in the design, and maybe someone needs to be very bold and piss off a lot of users and force a new interaction pattern. But this stuff is all there for a reason. The 'random article' button is actually one of the most popular features. Really!
As for the proposed branding: first of all, the ideas presented here are not very good. It reminds me of the generic brands at the supermarket. The gossamer rainbow graph wouldn't even reproduce properly at small sizes (and if projects are added or eliminated, then what, do we change the logo?)
But more importantly - the thing which the designers rarely understand is that Wikipedia and its sister projects are not products to be sold - they are communities. And they came to consensus on those logos. They're more like sports team logos than a unified branding system to sell something. That said, there is a system, of sorts; when new logos are made, they try to make variations on the red dot and blue and green shapes.
Also, don't get me started on making color meaningful for navigation. It works for subway maps and it sucks everywhere else. Very bad for accessibility (color-blind people). And very bad for maintainability. The Russian Wikipedia is currently the fastest growing site; you can expect it to change position in the rankings soon. Then what, add another color? Should it change colors, surprising the user? Swap the colors in the rainbow?
Lastly, this designer isn't even addressing the biggest problem we have today, which is how to modify Wikipedia for the mobile web. Reading articles is getting better, and we've been using the Wiki Loves Monuments annual contest as a way to drive the development of mobile photo submissions. But there's still no clear vision of how anyone does serious editing on a mobile device.
As for the part where they offhandedly remark that we should make the site live-editable... HA HA HA. You have no idea what you're up against. I worked on this myself for a while. We made some interesting demos but they weren't something you could deploy.
If we were making Wikipedia from scratch today, of course we'd do that and more, but the thing is, there are multiple challenges, and a whole lot of legacy to support.
Technically: it has to serialize to wikitext and be uploaded as discrete changes to sections. So if you want live editing you need bidirectional parsing and serialization in the browser. Wikitext is unlike any other regular language and has a complex macro system, which consists of... other wiki pages. Stored in the database. Which means you need heavy database I/O just to render HTML. Or at least, a very extensive cache of page fragments. You also can't cheat with a simpler parser in the browser, because wikitext was basically designed to indulge whatever shortcuts the community wanted, and be extremely forgiving. Most wiki pages exploit at least one of the weird quirks. You can't even cheat by regularizing wikitext as you go, because then you're causing spurious changes that the community can't easily police. The current team is solving this with a radical approach to parsing that leverages HTML5's standards and a Node.JS based system. So eventually the parser on the site and in the editor might be very similar.
Operationally: Wikipedia is a cheap site to run because it's basically a static site that you can serve from cache. But changing an article can be monstrously inefficient. There are some articles, like "Barack Obama", that would take minutes to re-render if the caches were empty. When you start changing the basic database model to be more 'live', the costs start to explode.
But rather than drown in negativity, let me just say that whoever this is - thank you for throwing your ideas out there. Assuming this isn't just a resume-building exercise, get in touch with the MediaWiki developers. They need designers.
I think it's obnoxious that a design team would spend two months on something without taking any time to consider implementation detail. The MediaWiki project is very transparent, and if New is New cared to learn about what features were in the works, they could have easily found them on the right wiki -- design mockups and all. Whoever would hire these guys to do work for hire will be paying for an intractable mess of a design with a hearty helping of scope creep.
And don't get me started on the proposed Wikipedia logo. It looks like the Wikia fractal with way less nodes.
Actual WordPress logo: http://s.wordpress.org/about/images/logos/wordpress-logo-sta...
(It's not just that both are W's -- they also chose a typeface with a similar distinctive swoosh.)
So this whole thing really irritates me.
Having said that, I think that modernizing Wikipedia or MediaWiki is a an interesting idea (although probably not a priority), and this is actually a decent starting point for discussing how many of the new (mainly, but not entirely, stylistic) UI/UX trends (principles in a few cases I guess) could be applied.
I mean obviously their nav takes up more space than necessary and we don't need Wikipedia's logo to look just like WordPress's, but the minimalism, alternate typography of some sort, monochrome icon widgets, etc. are apparently now required in order to qualify as contemporary design. And the connection clouds and highlighter quote idea is cool. And it probably wouldn't hurt to remove one or two of the buttons on the editor or move them to an advanced section, or spend an hour or two making the editor looking more contemporary.
In case anyone actually reads this, I have a question. Is the thing where buttons and controls are monochrome icons (and usually with no 3d appearance), is that going to stay? I mean, is there a reason you can't have multiple colors in icons now? Also it seems a lot of times you don't get labels on buttons anymore (I know, tooltips). How much of this stuff is likely to stick for the next 5, 10 years, or is it just a short term fad? I mean I coded a UI recently for a component platform thing I am building (actual functional software platform, not pictures) and it had multicolor traditional icons on normal 3d buttons with labels. This UX guy saw that and said I was 'completely out of touch'. So I took the labels, 3d and colors off the buttons.
New! is a fairly... new.. advertising agency from my country, Lithuania. They are trying to become better known, so this is without a doubt a targeted publicity stunt ("Look how well it worked for Dustin Curtis to redesign American Airlines! I guess we can do something similar!")
And as that, it's pretty bad. Not only did they showed poor design (in a sense of "how it works") skills, but also left a bad impression as a studio.
-It's completely impractical and does not take into account some of the most basic ideas that Wikipedia is and depends upon. I don't think it's very well thought out or researched, and serves mostly as a hypothetical portfolio piece for a design firm.
For example, the fact that Wikipedia is available in multiple languages is quite possibly its most important feature. The idea of burying language selection within an incomprehensible color band (that will only work on non-touch devices) boggles my mind.
- Many, many important principles are tossed away. Why do the designers change the meaning of the "history" button? Burying the revision history is counter to all things that wikis stand for.
- > "Sharing functions will be the same so no change is necessary" - except that there are no sharing functions.
- The most basic principle of product design is "Know the product," and these designers do not.
This is to say nothing of the exercise in 'brand manipulation.' The most powerful brand that Wikipedia has is the wordmark itself ("wikipedia"), followed by the distinctive "W" logo (crossed "v" characters), followed by a single puzzle piece, followed by the puzzle globe. The brand rework here throws ALL of these things away and replaces them with a stylized "w" glyph that is almost but not quite exactly like the logo used by Wordpress."
But that's just my opinion"
"If you want to have an idea of what the Wikimedia Foundation is thinking with regards to the future of Wikipedia, you'd be better served by reading: http://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/20...
 Brandon full response to the design: http://www.quora.com/Wikipedia/Wikipedia-What-does-the-Wikip...
Deciding that users want to see your overbearing minimalism and your 'sound-great-in-concept-meetings-but-shit-on-paper' designs instead of you know, actual information on the front page of an encyclopaedia strikes me as an astonishing act of hubris.
The one piece of information given on the front page (the languages bar) is a nice curiosity, but utterly useless after about one visit. I'm sure the Swiss, the Swedes, the Danes, the Indonesians would also be delighted to find that their languages have been relegated to 'rollover' status.
As for the article pages, too much white-space, nowhere near enough information density. Did it not strike the authors, "Hey, hang on, the article is almost invisible on this page after all the crap we put in?" http://www.wikipediaredefined.com/img/27.png
" Absolutely terrible; increasing the signal/noise ratio, in addition to increasing unnecessary white space were extremely bad design choices.
The purpose of Wikipedia is to share information. The changes that you proposed impede that goal by the addition of a step where the user has to "understand" the design, before they can begin to use it.
You should have reviewed mathematical and scientific journals before you begun your sketch work. Those types of publications succeed at transmitting a high amount of information, very quickly. Bare HTML pages also succeed at transmitting technical information at a very fast rate.
Rather than just stating that Wikipedia is in need of a redesign, state your reasons. The design of Wikipedia is not simply an aesthetic designer's problem, it is a problem that has to be approached from an engineering point of view: maximise the information communication rate whilst keeping the design aesthetically pleasing, not the other way around."
If a user doesn't recognise the word "English" then they are not going to have any idea what language select. The reason the languages are all listed on the page without any interaction needed is so someone can look at the webpage and recognise their language and select it without having to understand anything else. How do I access the main page of a wiki?
This isn't redefined, it's just a redesign with some bad, some good, aesthetic changes.
Wikipedia is heavily constrained by one thing: the existing mediawiki markup. That presents a huge challenge to implementing this redesign.
Large mediawiki installs become brittle because users have a natural tendency to use the markup for presentation, not structure. Combined with the in markup template mechanisms, the tendency is toward a tangle of interdependent markup. Wikipedia's community does far better than most in fighting this with policy and consistency, but it's still an issue.
Implementing this redesign would require not just working with some of the more difficult parts of the mediawiki code base, but also a laborious effort to rewrite a sizable fraction (if not the majority) of all wiki foundation content. That just isn't going to happen.
But that doesn't mean design improvements on wikipedia are impossible, just that any attempt needs to work in alignment with the constraining forces.
Even after that, how does it then make sense to actually change it to something else, thus removing what identity there once was? It's not like the replacement (with the Adobe-esque abbreviations that are meaningless to people who don't already know them) is an actual improvement.
Otherwise, I don't really get the purpose of it. Wikipedia's not there to look fancy or show off designer skills, and I'd argue that anything that isn't pure content is just completely unnecessary for it.
The deletionists get pared-down, guaranteed notable content, and the inclusionists get the mess.
I find this design gaudy and the gradient bars reminds me of mid-2000s ASP.net design style, which I have a particular adversion to.
Just because a design has been around awhile doesn't mean it requires an overhaul.
Why do you have to ruin every website?
That leaves the actual articles. I like the way they are designed here, except for the monolithic nav bar.
If anything, this is a nice theme for articles - and theming is a feature that has existed on Wikipedia for a number of years now.
I found the way they presented it deferential and respectful enough, why trash their effort? Of course these fantasy redesigns are naive and mostly impractical, but there may also be some decent/helpful ideas being suggested. Do you think Wikipedia is worse off for all of us discussing how it might be improved?
I like unsolicited redesigns so long as the people behind them aren't snide or arrogant in the way they present them (I can see why the NY Times redesign irked people).
Why the guillotine on these guys? I think they contributed something meaningful to the discussion. You don't have to like it to be respectful.
I'm glad I don't have to read a Wikipedia designed by these people.
J'm really not hot on the rebrandjng of everything as "wX". Thjs js almost as unjnspjred as Adobe's CS-era brandjng. Jn fact J wouldn't be surprjsed jf jt turned out that whoever made thjs page js a fan of that abomjnatjon.
Oh and thjs gets even better: you know how thjs "redesjgn" seems to be all about makjng Wjkjpedja's multjple languages completely obscured? The people who djd thjs are from Ljthuanja. WHAT. http://newisnew.lt
(also ... the content is open .... ripe for anyone else to give this a go)
But then I remembered designers aren't supposed to develop new features.
I also think that they add too much focus on the site wide navigation stuff at the top, which takes away the focus on the data.
The main functionality of wikipedia.org is not search, but showing a list of Wikipedia language editions.
> Rolling over the top right corner reveals more options for languages.
> Quote serves as a felt pen. It can be an easy way to highlight the best parts of an article, just like in text books.
This functionality is better done as a web browser plugin. Because then you can save quotes from other websites too, not only Wikipedia.
Where Research, Edit, Talk buttons disappeared?
> Basically, there are two reasons to visit Wikipedia: to read or to contribute. Reading function is Research and contribution is called Edit.
This layout is bad for reading. Article text starts at half of screen, not at top. On most popular resolutions (1366x768, netbook 1024x600) it's even worse, article text would start at the bottom of screen.
But the result is atrocious.
This is exactly the kind of stuff you normally get when BigCorp meets CI-agency.
Every single detail gets backed by an elaborate, esoteric justification, so everyone has their asses covered. Nevermind the horror that is the end-result. What matters is that "we made the button bright pink and 2 pixels tall because studies have shown bright pink catches attention and small click-targets invoke natural curiosity"...
Do the colours indicate language or specific wiki? Can't have both, sorry.
The designers have huge problems with proportion both typographically and in their whitespace. Even if they are just mock-ups, they can use some more care.
I guess people with netbooks would be worse off.
I would love some a image browser and lightbox style reference pop-ups. BUT I imagine the current build runs great on old machines, making it accessible to a wide audience.
I'm kinda over the whole "hey. we're all cool people. let's get together and do stuff." design aesthetic. It was cute for a time but let's move on.
This is not an improvement.
I think what these folks did was a new UX/UI implementation. Redefinition would imply a new way of how wikipedia handles with the data. Not in terms of displaying or presentating the data but in terms of providing better analysis tools for the data (among others).
What this folks did was more of a PR exercise to showcase what they are capable of..
The designers clearly have some layout and visual acumen, but this redesign doesn't fully grasp the magnitude of Wikipedia. Every layout is modular, and every pixel has to be fully thought out. The result here looks more like the-new-Digg than it should.
What they did is a design -- i.e., a document explaining their ideas. There is no working prototype that you can try out. (I was looking forward to trying out the Connection Cloud.)
It wasn't obvious to me that they had a discussion about design but no actual implementation.
Wikipedia is available in 275 languages, and the current logo at least acknowledges that there are other writing systems and that this is not just an English encyclopaedia.
Changing it for a W is a complete disregard of the significance of Wikipedia as a multilingual reference work.
That said, the connection explorer is quite neat and the efforts to ease editing have their heart in the right place.
But for finding out information I need to find out for whatever reason, it's just going to slow that process down.
I often use Wikipedia as a high quality word translator. I study at a Swedish speaking university which requires that a lot of the written material I produce is of course in swedish. Whenever I'm writing a comp sci text and I wonder what in gods name a "morphism" is in swedish I just look up the english article (http://en.wikipedia.org/wiki/Morphism) and hover over the swedish language in the sidebar and voilĂ I've got a peer reviewed translation (peer reviewed because it probably has sources in both languages, in most cases).
More about this story as it breaks!
This post sums up some of my thoughts about it: http://lolcat.biz/post/27368236760/ency-cl-opedia
Bottom line: Personal Taste: I don't like it.
Wikipedia is not Google, it does not crawel and select the best content, it hosts and distributes the most valuable content crawled by wetware during their life time.
It would be great if there was an external site that used content from Wikipedia and had these features.
Some interesting technical (and also 'philosophical') aspects.
I think designers are moving further away from form follows function.
Please go away.
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
This was from 1993 to 1996, on MS-DOS 486 machines in the computer lab. I had found a program on some local BBS that could resize a hard disk partition. So on a few of the machines, I shrank C: by a few dozen megabytes and created my own D: drive and copied games into it.
How to hide that D drive? With Norton DiskEdit, I figured out how to manipulate the partition table manually, setting the partition type to a null value so that DOS wouldn't see it. Next I figured out how to read and write that disk sector in assembly language. Soon I had a command-line executable that would hide or unhide my private partition with a single command. Best of all, DOS would only read the partition table on boot. So I could boot with my partition enabled, then hide it, and play games knowing that any reboot would render the partition hidden again.
The last thing I needed to cover up was the missing space on the C drive, which could be revealed by the DIR command. So I wrote a memory-resident program (assembly again) that constantly scanned for the string of "bytes free" in video memory, and patched in a larger value.
Okay, now the MEM command might reveal the existence of my TSR. So I named my program as VSAFE, which was the name of a memory-resident antivirus program on each of these machines. I had my program output the same text as the real VSAFE did on startup, and overwrote the real VSAFE executable with my own.
So I had a pretty well concealed partition, that would have required some heavy duty skills to find and remove. "format c:" would not affect it, and even FDISK would just show the space as empty, not a partition. Never got caught for any of it; the computer lab supervisor and other students knew I was up to something but never found any of the hidden stuff.
Man, I could have had a career as a malware author...
The sound quality was awful, but the spatial effect was pretty cool because the sound came from everywhere at the same time. I got cool results with Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of Fugue... But this was December, so I dug out a few Christmas tune MIDs and set them to play at random intervals until Christmas. As it turns out, a song triggered during a class once: a lot of people thought the sound was coming from their machine and freaked out, and the teacher spent some time trying to figure out from which machine it came before he understood what was going on.
At some later time we found one computer with sound, so we set up a daemon to monitor logins on all the machines in the room and had a GLaDOS-like voice blurb out a personalized greeting to newcomers. Fun times :)
I've been coding for 10 years now and have reached the point where I'm reasonably handy but I look at a post like this and the sedimentary layers upon layers of experience that Jeff has and feel like a total novice. And yet I can still build stuff that's useful. I can still help people on StackOverflow and I can still learn from the giants above me.
I had no idea when I got into it but in retrospect it's pretty awesome to have chosen a career with such an updraft for newcomers and where everyone at almost every level can meaningfully teach, learn and contribute.
I also had a key to the computer lab. Problem was, the part of the building where the computer lab was located was not accessible after hours -- there was a gate which was locked during off school hours. (Meaning it was designed such that I could get into the room with the computers during regular school hours, out during off-hours, but not back in after hours). This lab had about 20 computers, and live Internet access. More than enough reason to find a way.
While none of my "breaking into" that part of the school during off-hours was done with malicious intent to steal or deface school property, it probably wasn't exactly the most lawful thing a 17 year old could have been doing. My good student status probably helped for those rare occasions when one of the janitors or teachers would "catch" me in that part of the building at times when I shouldn't necessarily have been there. "Research for college", was a good excuse at the time (and actually pretty close to the truth).
Figuring out when it's appropriate is what adult hackers do.
It usually takes a while to go from one to the other.
They (at my highschool computer lab) were still battling to eradicate it years after I left. I am ashamed. Somewhat.
Then I embedded the Game Maker installer in a Powerpoint presentation, since it was one of the few ways to be able to run a foreign exe (along with zip files, but they are more obvious targets and they're more likely to inspect them).
Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which of course they gave me a final warning for.
Edit: The School's IT policy, previously a single A5 page, became two-and-a-half A4 pages thanks to me.
While this page tells of succesful hacks, it doesn't mention all the screw-ups whereby the payload didn't work but caused major problems with the school computers. Nor does it tell of the systems admin getting chewed out by school management for failing to play whack-a-mole properly.
By far the most common route of hacking was getting a teachers password, which was usually either easily guessed, or worse, written down in a notebook in the drawer.
As for me, I found that in university we had computer-based testing for weekly lab classes. When you submitted your answers, it printed the results and showed you where you were wrong.
We found that if we yanked the power cable on the workstation after the print job was submitted and the printer started, the results didn't commit to the database, you'd get a printout of the answers but your score wasn't saved. So then you'd just take the test again, using your printed answers as a guide.
I slowly developed little bookmarklets to make things ...easier. Reveal the hint without taking a score deduction. Decoded the answer obfuscation to just pop up the correct answer. Auto-select the correct answers for that page. Eventually I sat down and read the source of the quiz all the way through and realized all I needed to do was
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
Like most I started early with programming in assembly, C, pascal shudder and then discovering unix.
I remember starting off by hacking the computer lab computers in my school. The lab staff had to log you in so they would know who was using which machines. I learned the pattern through a little social engineering and it wasn't long before I never had to talk to the staff. I also bypassed many of the tools that locked those machines down and even locked the lab techs out of a few of my favorite machines that I used for long running processes. I even had my own primitive form of RDP using screen captures and email. Eventually I learned to crack the passwd file on my schools mainframe and then I had access to everyone's accounts including the teachers. I then discovered those passwords also worked on most home dialup accounts, outside email, irc accounts, etc. Fun! I used to dominate the east coast irc back in the day, at least in my little world, but I kept my head real low so I wouldn't be noticed.
You know the best way to pick up a girl from Scandinavia? Easy, hack her email and irc accounts, knock her boyfriend off of irc and impersonate him, erase her boyfriends incoming emails and, spoofing his email address, bully her a little and tell her to stop seeing guys like yourself. Somehow it worked like charm. Man was she hot! First hot girl I ever dated.
My downfall? I gave some "goobers" some irc scripts to perform netsplits and become admin of their favorite channels. The idiots got caught making life threats against an irc admin that banned them and, in a stroke of self-preservation, they turn me over as their "ring leader". No hacking your way out of that one! Real sweet, eh? My parents were not very happy having the local police, the FBI and the NSA knocking on their door. I lost computer privileges (still went to college and got my degrees though) and now I just hack my own private network of pcs, laptops and cellphones at home.
Ahhh, the memories....
Then again, teaching the entire year how to use NET SEND to send direct messages to every computer on the network was fun. So simple, yet total chaos soon followed. Imagine hundreds of Windows popups with messages such as: "Hi i79, did you know that miss Lengstein is wearing a thong today?". Every single person behind a computer in the building had to click through all these messages individually when they booted up their machine.
We thought it was amusing, especially the invidivuals who could not figure out what the hell was going on. As was the moment when the horrible miss from the library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'.The resulting crackdown started out fairly scary at first but became outright hilarious when every single authority figure started their frowning speech with "I am sure you have been punished enough". (Never punished, parents did not even find out, IT department just told me 'whenever you figure someone else out, please do not tell the rest').
I took that advise to heart and told only a select few when I uploaded mugshots of every single person in the school to photobucket. Fairly sure no one every found out, even when we hung pictures of other kids with drawings on their faces around the school and got busted they did not even stop to think about where we got those pictures. To think this all played out in a top five high school makes me smile like I am up to no good again.
This appears to be the root of all that is self-taught.
Trust your technolust.
I got into big trouble as the teachers thought I'd crashed the whole computer, they shouted at me pretty hard!
I still think it's quite funny to enter your name as 'poo'.
Looking back, it was quite a jerk move. I was trying to be clever (well, I was clever), but it didn't get me any more status with anyone - basically just reinforced the geek status I had (which wasn't a good thing to have in 1985). I was bored, but that's a pretty lame excuse. I think I ended up with a C- in that class ("intro to computers I"), mainly because I never flowcharted anything.
After figuring them all out a few weeks into the semester, I started writing up some BASIC programs on my TI-86 that would take in student's parameters and spit out solutions. Long story short, I ended up selling answers to some jocks and got caught (I guess the teacher was suspicious when C students were getting these hard problems correct). End result was: made my teacher simultaneously proud/disappointed, earned a few bucks, learned about corruption/greed.
All in all, it was a good learning experience and I don't regret it (though giving away answers for free would have been more altruistic I guess)
For a while there the first program I wrote for a new computer was a War Dialer. Just like everyone else who had seen War Games.
I remember when my parents (in Michigan) got a call from Norway after 14-year-old me owned a bunch of some large ISP's nameservers and proceeded to launch broadcast amplification attacks against a bunch of IRC servers.
I guess now that the Internet is for normal people, stories like this are news again.
Sounds like the statute of limitations hasn't expired yet. Should be interesting when it does!
I suspect a lot of people on this board did the same (illegal) stuff as kids... We're lucky that we had the good luck to grow into productive adults. I like to think society is also lucky that it let us grow into productive adults.
However, my actually hacking life started on the Ultrix systems. I don't remember how I first had access since I don't think it allowed Guest logins, but I discovered a great hack: all of /dev/tty* was word-readable until someone fully logged in to a particular port at which point it was only readable by the user logged into that port. so every few hours, I'd just "cat /dev/tty* >> passwords.txt" and harvest logins for everyone who logged in during that time. I had some fun with one of the admins for awhile having unknowingly logged into his account. We chatted a bit and he was a good sport about it, but the hole was patched a few weeks after. I never knew if it was already a known issue or if I was actually the only one who found it.
A friend wardialed a system that appeared to be a Dept of Transportation front-end to the brand-new digital readerboards along the Interstate. Let's assume we never actually changed any text, but I cracked the password, TRAFFIC, on the 3rd or 4th attempt. Good one, guys!
Exploring random address on TELENET dialups was a blast as well. Most were very secure since they'd been well-picked, but every so often you'd find some interesting terminal and start poking around figuring out what it responded to and how to navigate deeper.
Don't get me started on the first 2600 meetings in Seattle. Some very prominent people in the tech/hacking space now were pretty sketchy back then.
As someone who works in telecom and VoIP, and deals with the financial and regulatory aspects of a lot of jurisdictions that continue to be locked down by PTT monopolies, I think this is a silly question. :-) It's only domestic long distance that has really crashed.
My high school exploits mostly revolved around bypassing the school district's proxy servers, since they blocked pretty much everything I wanted to do, including legitimate stuff. I did this via tunnels of various sorts (but predominantly SSH) out to my home machine. Oddly enough, they didn't do anything to stop us changing the proxy settings in the browsers, they just broke outgoing HTTP(S) with firewall rules. No problem, I just sent the traffic to a box running Squid, reached via my home cable modem.
That weekend, I fired up a 286 someone had given to me, coded up a mock-DOS environment, got the main manager on-side and left it set up for the next morning. Next day...:
Start computer, get coffee. Type "win" (for Windows). Get 2000 random ascii characters with an error message. Typing "dir" produced an empty C:\ drive called "F* You Francois". Anything you did pretty much got you "bad command or file name". Your manager (who is in on it) is shouting at you to get the computer going because his restaurant is starting up. You're typing out "F* You Francois" as a password, looking for bits of paper around the office, trying to restart the computer but having the autoexec.bat put you back into it.
After about 2 hours, main manager types "fix", and the rest of your day continues, but with much added mockery.
It wasn't particularly sophisticated, but I truly loved that :) Lessons were learned.
We did something similar at school. Mocked up the Turbo Pascal UI with menus and everything, but was a bit...uh, erratic. Unfortunately the teacher knew exactly who it was and came storming into our next class :)
Yeah, that was a good time.
My biggest mistake was sharing this knowledge with my classmate, who used it to do a great many annoying and potentially harmful things. After doing things like sending "I 0wn j00!" to 11,000 computers on the network (via NET SEND), crashing the shared network drive with millions of blank text files, etc, he finally got caught after badly damaging 3 of the computers in our lab using my hack method that I'd written a batch file to accomplish and given him the disk.
I was called to the computer lab by my awesome programming teacher, who informed me that he had to leave the building in 45 minutes, and if the computers weren't back to their proper state by then, we'd both probably be suspended. The other kid just sat there, while I furiously reversed the changes and got out with a few minutes to spare.
Naturally, the next year, him and a couple of my other classmates were suspended or expelled for repeatedly crashing the entire 11,000 network with advancements on my initial script. I was thankful that there was apparently no ties left to me in the program's execution, but that was warning enough to focus on productive things for the remainder of my high school career.
At the new school they had the same machines, so I put my knowledge of the platform to good use. I wrote an app which played a sound sample of a loud obnoxious burp at random intervals during class.
At college they had a Novell network. The login was a simple text prompt, which I discovered called in to a novell DLL. I wrote my own substitute login command which also saved the password to local disk somewhere, and replaced the default version on a few machines.
In both cases my reaction was the same on discovering my password hacks had actually worked. I crapped my pants and covered my tracks!By the time I had started uni, I had largely grown out of that stuff. But something triggered a latent interest I had neglected for too long... the campus accommodation was based in tower blocks, with an entry intercom system. I noticed 4 very quiet dtmf tones whenever buzzing my friends apartment. I can't remember how I did it, but I found a way to get a dial tone and to my delight, 9 for an outside line worked fine using the type of handheld dtmf dialer banks used to give out.
They tried several types of lockdown software, nothing ever actually worked. You can't stop kids from playing games.
I know the word in society has a double meaning. It could mean breaking into a system, or engineering an innovative piece of software. I personally wouldn't really care, except nowadays I'm finding myself promoting a hackerspace or a hackathon on the radio, and usually every time I start an interview I have to begin by saying "We're not criminals." It gets tiring after a while. Once we were trying to form a partnership with an organization, and the guy immediately threw us out of his office when he heard the word hacker. He wanted nothing to do with us.
We also never got caught. Wild times in first grade, let me tell you.
Other nonrespectable "hacks":
- "net send *" to importunate colleagues
- wrote mIRC scripts to win at the IRC trivia games (this was actually funny for a little while)
- would call collect to my dial-up provider, learned to dial on rotary phones by "switch-hooking" -
- would connect portable phones to disabled payphones just to see if it was a regular line what I could use (it was)
- would "paint" the backside of payphone cards with graphite to fool the machine into thinking I had more credits.
- wrote a little "ringer" program and passed to my colleagues so we all ran it together and made the teacher crazy (oh the regret).
- used IDKFA in Doom.
Those are my earliest, lamest memories.
Probably the coolest thing was my neighbor somehow managed to get his hands on two master keys for the high school. He had a buddy at a local hardware store duplicate them (highly illegal) and we spent many nights prowling the high school, opening doors nobody could and exploring every inch of that place. Thankfully we never got caught, but I look back fondly at it as the start of my career hacking stuff.
Within hours, everyone on my buddy list had their own "petition" in their away message and after checking traffic, we found we had thousands of unique hits.
Most of the credit goes to my friend who actually executed the tech part and was temporarily suspended when the inundation of angry emails supposedly hurt the school board's server.
Just checked and the school district still does not own the .us domain so this "hack" would be reproducible.
Though I also had great fun with the spv command on george and knowing all the terminal ID's, but thats another story.
Was pretty innocent about the whole thing, changed a few backgrounds remotely, and sent messages and shutdown people's computers in class remotely. Unfortunately I changed a default Windows background image, which meant it showed up something unsavoury for everyone who logged in, and got caught, copped detention and a many, many page letter about how I shouldn't do it.
This quote is amazing. I see myself in it.
Took me 15 minutes to try the number on the Social Security card in the desk beside the safe! Presto!
Noteworthy points from the press release
The partnership terms include: - Customers will be able to use Pay with Square, Square's payer application, from participating company operated U.S. Starbucks stores later this fall, and find nearby Starbucks locations within Square Directory; -Square will process Starbucks U.S. credit and debit card transactions, which will significantly expand Square's scale and accelerate the benefits to businesses on the Square platform, especially small businesses, while reducing Starbucks payment processing costs; - Using Square Directory, Starbucks customers will be able to discover local Square businesses -- from specialty retailers to crafts businesses -- from within a variety of Starbucks digital platforms, including the Starbucks Digital Network and eventually the Starbucks mobile payment application; - Starbucks will invest $25 million in Square as part of the company's Series D financing round; - Starbucks chairman, president and ceo Howard Schultz will join Square's Board of Directors.
Square loses money on transactions below $6. The reason is for the sake of simplicity they waive the per-transaction fee that Visa/Mastercard charges them and just charge a flat percentage of 2.75%. But even though this is a relatively high percentage, it's not enough to recoup the cost of the per-transaction fee at low transaction sizes.
Take a $2 coffee charged to a Visa credit card. Visa charges Square 1.76% + 6 cents, or 9.5 cents. But at 2.75% Square only collects 5.5 cents.
So even if Starbucks was already paying wholesale Visa/Mastercard rates, they'll save 4 cents or more a cup thanks to Square's "simplicity subsidy".
Now multiply that by a few billion cups. Starbucks saves millions, and Square is happy to pay it to drive their growth into the stratosphere.
It will also put their product in front of end customers, many for the first time. I for one have heard/read about Square since they first started shipping readers, but had not actually seen the product in action till last weekend (live in Silicon Valley).
And shouldn't 140 characters have been enough?
Also worth noting is that SB's mentions processing costs will be cheaper. It's hard for me to imagine that SB was overpaying with their last vendor so I worry about the economics on this deal. Maybe it's the anchor tenant though that allows for additional enterprise deals to follow so is worth it. I can imagine other large retail organizations that had any interest were on the sidelines saying "It's one thing to service 10,000 food trucks but come on!" They'll stand up and listen now with this.
Starbucks has a history of taking risks with startups ~ https://en.wikipedia.org/wiki/Kozmo.com
If it's just for US stores then the title should probably be amended. Being a Canadian, I've never seen a merchant using a square device.
PS - Anyone noticed how they seemed to be stepping around the idea of those local businesses being other coffee shops? Craft businesses in the Press Release...like craft coffee shops?
If Square could do a GoCardless with all those consumers that use Square, both Square and merchants could benefit massively...
I have trouble comprehending the size of other planets, photos like these make me feel uneasy (in an exciting way) because they are strikingly similar to landscapes we might find here on earth - yet it's a completely different planet! I'm no longer looking at mars as a red circle as shown in textbooks, but now as vast unseen landscapes that have never been explored before - a new perspective and a new age of discovery and I can't wait to see what else happens in my life.
It's also a stunning achievement. As I lie in bed looking up into the darkness, a boundless expanse of tens of millions of miles of absolutely nothing lies between me, and a small man made robot with the martian wind gusting and whistling gently over it. A robot that is cautiously making small movements, buzzing and whirring going about it's business with no one there to hear the sounds or see the movements it's making. A machine who's intentions are totally pure - it's sole purpose is simply to learn. A small beacon in a far-reaching expanse of barrenness and nothingness.
One thing I found recently I'd never heard of before is 'Venera 13': http://en.wikipedia.org/wiki/Venera_13
A Russian rover that landed on Venus in 1981 - designed to last the harsh environment of Venus for 32 minutes but actually lasted 127 minutes. An extraordinary engineering achievement to have a rover go from freezing space temperatures to temperatures of over 450c.
And it managed to transmit images of the surface:http://mo-www.harvard.edu/microobs/guestobserverportal/Galil...
Absolutely stunning, and in some ways even more eerie and provocative to me than the Mars pictures as the environment it briefly operated in is far more hostile and as time was so limited the images are even more precious.
Navcam Left A: http://mars.jpl.nasa.gov/msl-raw-images/proj/msl/redops/ods/...
Navcam Right A: http://mars.jpl.nasa.gov/msl-raw-images/proj/msl/redops/ods/...
Why do images from landers like this always look like there were taken from a iPhone 1's camera?
The data rate direct-to-Earth varies from about 500 bits per second to 32,000 bits per second (roughly half as fast as a standard home modem). The data rate to the Mars Reconnaissance Orbiter is selected automatically and continuously during communications and can be as high as 2 million bits per second. The data rate to the Odyssey orbiter is a selectable 128,000 or 256,000 bits per second (4-8 times faster than a home modem).
the rover is in a clean chamber, with the staff wearing suits. Why is the clean chamber needed for assembly?
List of missions to Mars:http://en.wikipedia.org/wiki/List_of_missions_to_Mars
(1pm EST or 10am PST on all NASA channels)
It's ridiculous to travel across the system and not being able to send good images.
> First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry's published self-check algorithm.) Then you hang up.
> Next you call back, and tell Amazon that you've lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account â" not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn't have anything to share by press time.
At least to get into the Apple account, you need the credit card on file. For Amazon, you can send a fabricated credit card number and get complete access (because you can add a new email account, to which you send a password reset to).
Apple just seems like the worser player because Mat Honan put so much power into the hands of iCloud. If Honan was in charge of administering enterprise services using Amazon's EC2 services, and hackers used his account to wipe out everything (or compromise corporate security), everyone would be calling out Amazon.
Edit: I haven't seen this fact mentioned much, but Honan's billing address was compromised through a WHOIS lookup on his domain. This is a huge reason to use registry protection services. It's true someone could look you up using things like Pipl and Spokeo, but that's only if you have something in public records, such as a mortgage (or, in some cases, leases).
Honan is in an especially tough situation because of the uniqueness of his real name.
What's needed right away is a "badge of security approval" from an independent third party, which verifies not just the technological side, but the customer-service side too. Including things like:
- password policies (e.g. not limiting to 16 characters)
- hashing and salting passwords
- standards for security questions (these are usually so horribly written)
- standards for identity verification if you've forgotten password AND sercurity question answers (most sites will not be big enough to bother with this, so you just lose your account, but Facebook/Apple/Google/etc. need to have a common model, so inconsistencies between companies can't be exploited)
- policies for sending out password-reset emails, adding/changing e-mail addresses, with appropriate user notification
- waiting periods between changing emails and passwords, so you can't just go and change everything about an account all at once
- special unique privileges to initiate operations that can delete large amounts of data (like a special second password, or extra security questions, for deleting your account, remote wipe, etc.)
These are just vague ideas off the top of my head, not an actual proposal. But we really need a set of "best practices", and a way of identifying that companies are actually following those best practices.
A secure "lock" icon in the browser bar is no longer enough.
Or am I missing something? Is there value added in this process? Or do these concerns end up reaching a much wider audience?
Email accounts get hijacked, phones loose data, and impersonation happens on Twitter. A blog post about one of these or all in combination may make the front page of HN, but unless the writing is compelling (and in this story none of it is), it will not persist there.
This story is a story because the Macbook was wiped remotely. That's what's scary. Losing data on a phone or iPad will never potentially entail the loss of years of work. They are second and third devices, and intended primarily for consumption not creation.
It's our computers which hold our work (and as this story shows, moving it to "the cloud" may not offer significantly greater protection). An architect doesn't store her design on her iPhone, nor a developer her code, nor an entrepreneur his company's books. Our computers tend to hold important parts of our lives. They are the tools we use to create and retain our work.
Apple forgetting that for the sake of a consistent sales sheet across product lines is really the heart of this story's traction.
Remote wiping at the flick of a switch is a bug, not a feature in the consumer world.
Dropbox doesn't send an email notification, or anything of the sort, when adding a computer to your Dropbox account.
I discovered this, when one day I realized some of my files in Dropbox were deleted. Specifically my 1Password file.
I logged in to check things out, and discovered that there was a weird computer added to my account. I promptly changed my password to dropbox, did a recover of my 1password file, changed the master password of that, then went through and changed passwords of my most important information stored in 1password.
The fault lied with me, in that my dropbox account was still using my temp 'testing this service out' password I'd used when i first signed up. Stupid me. My 1password master password was already very strong so I wasn't highly concerned.
What ticked me off, was that there was absolutely no notification or verification process when adding a computer to your Dropbox account! I wrote Dropbox, and their only response, after MANY days, was 'make sure your password is strong'.
the only reason i discovered this is because they didn't have my real email address and BillMeLater called me to tell me they needed me to update my email address. so, we also know that they don't even require email address authentication. now all of my credit reports are locked. i recommend everyone do the same.
sorry to hijack the discussion, but wanted to provide another "4 digits suck" example.
Don't get me wrong, remote wipes are useful. But they should be protected by some kind of a "Remote Wipe Authorization Passphrase" that the user must set up. Otherwise we are all simply at the mercy of the next access control vulnerability in iCloud.
Not trying to defend anyone. But has this been reproduced enough to confidently say they'll give control to "anyone"? Or was it just an employee mistake not following the policies in place? It would be a mistake on their part either way, but I'm just trying to understand what the mistake was.
In the interest of full disclosure... I can barely muster trust enough for gmail. Actually, I don't trust gmail, which is why I don't use it for anything important or personal. I certainly would not put my child's photos onto a cloud service and expect them to be safe. And from what I understand, these people put, not only their data on iCloud, but their ACTUAL DEVICES are administrable from iCloud. That seems insane to me. It seems that this is the inevitable result of any such system.
I guess I am just a bit surprised at the surprise being expressed here. USB drives are not THAT horrible are they? They seem, to me, far more reliable backup methods.
As far as password recovery, I would like to see something more "physical", if you will. For example, Apple charges a small random amount to the CC on file and you have to come back and give them the amount.
A fingerprint scanner on every iPhone could be interesting.
I think the reality is that nearly all but the most safety conscious/paranoid hackers reuse easy-to-remember passwords across a multiplicity of sites. Some might have two or three passwords to fence-off, say, financially related logins from non-financial stuff. Still, the vast majority of Internet users are probably in the first group with a simple password across every single login they have. That's the problem. And, with such tools as Facebook logins you also have a situation where discovering on login gets you in to all manner of sites.
How do you protect Mom, Dad and Uncle Fester from this? You are not going to turn them into computer scientists or security experts. No, they are not going to create and remember fifteen different thirty-two character passwords with a mixture of alphanumerics and symbols. That's just not going to happen.
Not sure what the solution might be at this point. The Internet, due to the nature of its organic evolution does not have an underlying security construct that is, for lack of a better word, bulletproof.
That's still a fail because if your wallet probably contains credit cards, which have your name and credit card number, obviously. And driver's licenses in the US, as far as I know, include an address. So it's all there. You're screwed.
What is necessary is 2-factor authentication, which is what a lot of us have been saying for a long time (I wrote this blog post in 2009, after another Twitter-related hacking: "Why The Twitter Breach Is Bullish for Two-Factor Authentication": http://chrisco.wordpress.com/2009/07/16/why-the-twitter-brea...). If not 2-factor, at least don't make recover possible with things so easily obtained, such as information from items typically contained in a person's wallet.
What proportion of share price is effected by security, as that is all a company realy care about.
Now maybe the whole credit card system that we have is at fault - one number to rule them all to pay for things. Maybe is we had a system were we could give each transaction a unique number you could was unique to each vendor you used. Then if that number is leaked it woud be clear were it leaked from and only effect the people who leaked it. Until then there are disposable credit cards.
If Apple only accepted Apple credit cards and if Amazon only accepted Amazon credit cards, then this would not of happened. Can see what the outcome of this will be and people will still complain.
You are basically assigned an access phrase and access image. They ask you to look at these two things and know what they are. Then, when you visit the site you enter ONLY your username. Once you click submit you're shown your access phrase and access image. If this were a phishing site, there is a high chance that your access phrase and image wouldn't match so you'd know to GTFO.
This is followed with a 2 factor authentication. Pretty solid IMHO :)
I do like his second idea though.
Remember time beats all security.
Not only that but the pull request is done in a fun and informal style -- a perfect example of Github's use by a Github employee =] He frankly admits that some of the changes are substantial and weren't requested or set out before hand, so there's no pressure for them to be merged into mainline if not appropriate.
It's important to note that this is an example where both sides work optimally though.I've contributed code to OSS projects backed by companies previously and it's not uncommon to end up with "dangling" pull requests -- no-one looks at it either for months or at all.
I'm still appreciative of these companies, don't get me wrong, but if it takes months for a short but critical bugfix to get through then you're not playing the OSS model properly. Either admit it's a "dump and release" or ensure your open projects are handled properly. Developers will look at you in the future and decide that's your attitude towards all your projects (see: Oracle).This ends up being a major problem when you need to win the trust of third party developers for your start-up/service/tool.
(I'm also really glad the dablooms library is getting more exposure due to this -- the initial Hacker News post fizzled out)
Life is too short not to have some fun in your day job and kudos to vmg for doing exactly that. For the rest of you..lighten up. Seriously.
I know this has been discussed before, but I'm honestly mystified why this is still an issue.
The tone and humour in that post requires a large amount of confidence in the changes being made, in order to write about the humorously, but also in the author themselves to actually present their work in such a tone. vmg is perfectly entitled to do both of these; the pull request is detailed, shows clear motivation and research, and vmg seems to know his stuff. The problem is that GitHub encourages networking. The damage comes when other people who are less experienced, or frankly, less knowledgeable, copy his style and do produce noise.
I worry about a risk of imitation of this culture, but missing the crucial underlying detail and explanation that's hidden in vmg's writing. I worry reasoning with this people will be difficult because they have trained themselves to have such arrogance in their work.
I prefer a dry report not only because it is succinct, not only because it makes my life easier to understand, but also because it encourages a disciplined state of mind. If you aren't able to write about something in a mature dry tone and back it up (that is, not cover up with humour), then you should doubt your work until you can amply support it. Yes, life is short, but it's also so short that I would like to get things done; rather than have to potentially argue past people to get important points across. Lets put this creativity into making great stuff, not making great pull request comments, eh?
Finally, all of this stuff builds a record for the project. A succinct, yet detailed, pull request is much more accessible a year down the line to understand the changes in more detail. Of course, this detail should be in the commit messages (and I do criticise vmg on poor commit messages here), but every bit of writing contributes towards project documentation, at some level. The more we can create a habit to create mature, if somewhat monotonous, technical writing, I do think the better.
So no, it's not just a "I HATE HIS FUN" argument; there are more reaching concerns, no matter how exaggerated you might think they are.
Uh, not for a while now...
Which is not to say that the general point isn't sound - MD5 was aimed at generating high quality entropy while most non-crypto hashes are aimed at generating entropy-enough fast - but don't use MD5 for crypto stuff anymore.
An an improvement though, you only need two independent hash functions to run your bloom filter. Strangely enough, this isn't well known and as such isn't implemented anywhere near as often as it should be (ie. it's not implemented here).
"Developer profiles code; replaces slow library call A with faster library call B; ensures B does not change any important behaviour; writes self-congratulatory pull request."
Just write the facts and let them stand for themselves.
MD5 is a cryptographic hash (even though it's not secure anymore for most purposes) and while it's pretty fast, you don't need any of its crypto properties, just the properties of a good quality regular hash function. Such as Murmur, or even simply FNV.
More pressing question for me - did anyone get to that kind of UI and capability (profiling userland) under Linux with SystemTap/DTrace port or anything really?
On a specific note, to characterise someone as sexist because they disagree with someone who happens to be a woman is in my opinion itself one of the most egregious examples of both sexism (for reasons I'll detail) and libel (for the damaging political and social impact of being branded with such a label).
First, throwing the term 'sexist' around carelessly undermines genuine claims of sexism. Second, it attempts to not only target an individual as sexist, but often the male gender as a whole as being part of a "misogynistic boys-club", in turn implying that masculine identity itself is inherently wrong. Third, it undermines genuine gender equality - if people are concerned about their criticisms being perceived as sexist they will refrain from open and honest critique which is the hallmark of colleagues and equals. Fourth, it assumes (paternalistically) a gender role for women as "poor persecuted girls" who need protecting from criticism and attack. Consequently, sexual inequality is perpetuated - after all, if this same criticism had been targeted at a male journalist would we expect to see responses such as "you're only picking on him because he's a man"?
There are plenty of genuine cases of sexism (against male, female, and other gender identities) which emerge out of the obsolescence of traditional social roles. Leveraging the political sensitivity of this important issue to attack an opponent is pretty low.
Soghoian does criticize the reporter, who is a woman.
Apparently for Wired, when you criticize one of their reporters, and their editor it's all out war to the death and here they played the gender card.
It was either that or admit their mistake.
[Wired's rebuttal is] kinda annoying. Ryan Singel, old white guy, repeats Quinn Norton's gender (female) five separate times (she is a girl) because Sogohian, dirt-poor terrorism suspect, is apparently the chairman of the Patriarchy. Hey, you know who else has white male privilege, Ryan? Editors at old-media print magazines.
I do not speak for him, but I think you can safely assume that the vitriol reserved for Chris is somehow co-incident with his preference towards working with the WSJ to bring cogent computer security reporting to a wide audience. My impression is that Wired sees this as a US vs. THEM kind of thing.
Delivering secure solutions to an audience that is unaware of the risks is always a dodgy proposition. Better informed customers would improve the market for those solutions and keep vulnerable persons from over-trusting a flawed product. We all benefit when this happens.
Chris is asking for better reporting, not male reporters. A very big difference indeed.
OP's tale sucks, but does not surprise me.
> Today, Ryan Singel, the editor at Wired's Threat Level > blog responded to my blog post, but incorrectly frames > my criticism as if it were solely directed at Quinn > Norton and her coverage of Cryptocat.
> It isn't clear why Norton felt it wasn't necessary to > publish any dissenting voices. From her public Tweets, > it is however, quite clear that Norton has no love for > the crypto community, which she believes is filled > with "privileged", "mostly rich 1st world white boys > w/ no real problems who don't realize they only build > tools [for] themselves."
For starters, Quinn wasn't trying to bury factsâ" the paragraph about how Cryptocat is an experiment is directly above the screenshot of the app, so it's fairly noticeable.
Second, your section titled "On the issue of privilege" doesn't actually talk about privilege. It talks about how two white men were stopped at the border to the US and one who had some of his devices seized. Her tweet was stating that maybe tools made by white men in first-world countries might not be able to adequately address the needs of less fortunate individuals under oppressive regimes.
So sure, it's great to call out projects that seem Too Good To Be Trueâ˘, but multiple times you drew attention to Quinn's specific article, and even once needlessly quoted a few of her tweets. I don't see that attention paid to any other reporter, so Ryan's rebuttal is mostly on point.
This is like Sony all over again. I've been boycotting them for the past few years, and they just keep doing things that make me want to boycott them. When will someone invent the double boycott?
Accusing a man of sexism just because he doesn't agree with a woman is worse.
While I have nothing but anecdotal evidence for it, this highlights for me the practice of simply labeling anycriticism against a female as sexism, which is well counter-revolutionary...
If you keep all your data on your MacBook and believes Apple will take care of the rest, you are not an expert, you are a fanboy that has no right to state your opinion publicly.
I've read some great stories in the Wired print magazine over the years, but their online presence is typically Gawkeresque.
A major conference has recently had to deal with issues stemming from a complaint about harassment that wasn't actually a complaint. It was never reported to staff, nor venue, nor law enforcement. Instead, twitter and blog posts were used.
Or is hype in news coverage only a problem when it's hype the author personally disagrees with?
This feels like little more than linkbaiting trolling, but I suspect that it was in earnest which is almost worse.
Also, this: "All German citizens can easily find an up-to-date version of their laws online."
And it's only 130 megs of markdown when zipped (246 unzipped)! A mere 4,737,628 lines! Surely you have time to read it, right? And therefore be a well-informed, law-abiding citizen?
I wonder how big America's would be :|
 `wc -l $(find . -name '*.md')` admittedly very rough
Sadly though alot of laws due to changes and word-smith pervertions can be hard to understand and in that it would be nice if there was some universal way to express law's that you could get any law in any country and express. That would be immpressive though hard to do. Only comparision would be picture based traffic signs, that is somewhat as close to universal with regards to laws as can get.
Be nice when all the countries have there laws up in such a way. Will make grepping alot more fun and probrbaly be the birth of lgrep (law-grep).
And there was me hoping they had fixed that! Ahwell, one step at a time :)
This is why it is hard to make current versions of X, Y or Z in terms of a version control.
It is also common to have laws X and Y both applying in the same context, and sometimes it is not clear which one is newer or how to apply "An update to X".
It is little easier to work on a more fine grain, in terms of sections and articles and not the law text as a whole, but this makes it a lot less official.
God bless America.
If so, this is a brilliant pricing model for adding value on top of someone else's API. One-time App store pricing of $1.99 gets $1.39 to use on purchasing a short-duration Twilio line and then in-app purchases can be used to refill extra numbers/minutes, all presumably with enough margin to make money on top of the basic "reserve and use a Twilio number" functionality.
Just checked and Twilio phone numbers are $1/mo. and 1-2 cents a minute for calls. There's definitely headroom to make money here.
Frankly, the job of law enforcement is up to people in law enforcement. We're not responsible for them. Their physical inability to do certain kinds of harm is part of the balance between civil rights and law enforcement.
Most people who benefit from Burner won't be criminals. It'll probably end up reducing crime by protecting potential victims. Most people are good, so when this thing is doing it's job, it's mostly going to be protecting good people. The additional safety will encourage people to have a better feeling of safety in their lives, as they'll be taking smaller risks when using their phone and interacting with other people. In single life, this thing is frankly a godsend, and can really make a substantive improvement in many peoples lives... Especially for those who've previously been victims.
Worrying about whether to protect people, versus easing the jobs of the people who protect people, is absurdly myopic.
What happens if your app indeed becomes a salvage for criminals? What's your policy around government requests for information about the person who used the number during a duration? Would you cooperate with subpoenas, or is this really only private on a social but not legal level?
I just projected so far down the line that I would have requests from the FBI every day for who was behind particular phone numbers due to nefarious use of temporary phone numbers.
Do they get reused eventually with the hope that the time since burning is long enough for the old usage of the number to have died off?
 Sorry, didn't see PanMan had asked virtually the same question already.
The only think that might confuse people is if you start to recycle numbers (because you don't want to keep paying for them), and the call gets connected somewhere totally unrelated.
I recommend checking out Plivo btw. They're cheaper in every way and I've heard the voice quality is better.
My company uses Twilio now and just made up my mind to switch to Plivo as soon as I have some free time.
Just thinking about whether law enforcement or the courts can get details.
(somehow, it now says "this video does not exist" right now)
1- They better have a very large pool of unused numbers - otherwise it's likely my phone will be randomly ringing due to the many past users of the number I just bought... who knows where and how many times they would have posted the number at.
2- Personally, I don't immediately see how I'd go away from Google Voice, which is free, to a paid service. Because of the above, I prefer to have one or two fixed private numbers which I can always remember. If the number becomes a problem, I can always block the annoying caller or switch to a new number - for free. (I still haven't had to replace my year-old private number, btw).
That being said, it'd be neat to see what people end up doing with true throw-away numbers.
Right now, Burner is top of mind for me, but I don't have an immediate need to use the app. If it were free, I would gladly download it right now, and simply pay for a number whenever a use case arises.
As it stands now, I probably won't download the app, and when a potential use case does arise, who knows if I'll remember (and be able to download on the fly) this app.
Great concept, and love the rest of the pricing model built on Twilio. I just think the Burner team might be missing out on potential additional distribution.
I have a very basic cell phone, since I prefer using a laptop to do my browsing/email/development. I like to disconnect at least half my day, and not be at the beck and call (excuse the pun) of a smartphone.
Because I can't really come up with any.
Perhaps another way of framing this is to ask the question: are you optimizing for the best case or the worst case? This ultimately is a form of risk management. And I'm not talking in the algorithmic sense, meaning complexity expressed as the asymptotically worst case. I'm talking about people, software and ecosystems.
Let me illustrate this idea with Java.
- C++ has operator overloads. Java does not? Why? Because people might abuse them. That's optimizing for the worst case (ie bad or inexperienced programmers). Properly used, operator overloading can lead to extremely readable code;
- Java has checked exceptions and uses them liberally (pun intended). C#, as one example, only has unchecked exceptions. Why? Philosophically the Java language designers (and many of its users) feel that this forces callers to deal with exceptions. Pragmatically (IMHO) it does not and leads to more cases of exceptions being simply swallowed. But again this is optimizing for the worst case ie programmers who should deal with a particular error condition but won't;
- Java has no multiple inheritance. Same story: it can be abused ("it is known"). But also mixins can be a powerful metaphor.
- Rinse and repeat for duck typing, extension methods, etc.
Putting Python two steps from Ruby strikes me as an interesting choice. I'd say the difference is at most one.
I also see a lot of Python code that isn't really Python. It's Java expressed in Python syntax rather than idiomatic Python and that is kind of sad.
Which isn't to say that any of this is necessarily bad (or good). It's just a (software) political viewpoint you need to be comfortable with (or at least can tolerate) or (to quote the South Park meme) "You're gonna have a bad time".
One of the comments linked Worse is Better , which is worth a read too.
If you like dynamic typing and can write good, legible code in a language like Python or Lisp, do it. If you like static typing, knock yourself out. If you want to use an IDE, go for it. If you want to use emacs, do it. Hell, if you like object-oriented programming, try it out. I think 95% of "object-oriented" programming (as currently practiced) is junk, but the other 5% is legitimately valuable. If you have the taste to pick from that 5%, go ahead.
What you shouldn't have the right to do is impose complexity on other people. Use whatever environment you like, but if your code depends on your environment, that's bad. If people can't get work done because they're cleaning up your messes, that's bad. Be as liberal and as kinky as you want in your own sandbox, but don't impose your wacky, untested DSL on everyone else.
That said, I like statically typed languages. ML is the only language I've encountered where reading average-case code is enjoyable. (Scala's a great language, but average-case code is ugly due to the Java influence. There's a fair amount of spaghetti code written in it due to the cultural legacy of the SpaghettiFactoryFactory Java culture. I can't speak for Haskell because I haven't seen enough.) I think that's neat and very rare in the programming world. How much code is enjoyable to read? 1 percent, maybe? In Ocaml, that number is a lot higher. Probably around 50%. 50 percent of Java code isn't even legible. Being able to actually read other peoples' code is nice, and it's one thing I miss about working in Ocaml.
I'm probably more in line with the hard-line conservative camp in terms of my view of complexity: avoid it unless you need it. The Unix philosophy works. Religious X-oriented programming doesn't. Big Code leads to fail. Small-program methodology's little programs (Unix philosophy) are written to solve problems: do one thing and do it well. Ambitious projects should be structured and respected as systems, not all-or-nothing, massive single-program megaliths with no clear communication policy among modules. Small-program development works. Big Software is written to get promotions. That produces the next generation's legacy horrors. Also, structuring your company around 17-day "iterations" is stupid. Et cetera.
I also tend to think that a lot of the features that scare typical software conservatives are genuinely worthwhile. Macros in Lisp are important and can be very beneficial-- if used conservatively. Cleverness for its own sake is bad, but there are times when macros are very useful. Document what you're doing, and make sure it's tasteful and makes sense before you let anyone else depend on the work, but go ahead and do it. I wouldn't have learned what not to do with macros had I not made a few mistakes when I first encountered them.
So, with a mix of opinions from the "conservative" and "liberal" camps, I can't say where I fall. I like macros (when used by disciplined people) but I also like static typing. Both turn out to be very useful tools. Consequently, I find that I like a lot of different languages and insist not on a specific one, but on small-program methodology so that people can use the right tool for the job.
I'm conservative because I dislike complexity (I think "software liberals" are OK with complexity as long as it's under the hood-- most metaprogramming involves extremely complex solutions that, when they work and the abstractions don't leak, although this is rare, allow clean interfaces-- whereas I'm not comfortable making that distinction) but I (a) understand that liberalism is essential to driving innovation, and (b) can't classify myself as a conservative because management is inherently conservative and is, in software, almost never the solution to the problem. Usually, it is the problem. Most companies fall to shit not because they have some difficult code-- every codebase has some crap in it-- but because management mandates that they use the bad code (often for political reasons, like the original architect being a crony of the manager) as-is instead of taking the time to understand or replace it. I'd like to see how Valve evolves over the next 5 years, because I think management in software is usually a source of undesirable complexity, rather than the safeguard against complexity that it thinks it is being. If Valve can give us a determination either way on whether software can work without managers in the first place, that'd be incredibly useful information.
Not surprisingly, software politics also has a lot of individual inconsistencies and hypocrisy. Corporatism (in politics, not software) is neither socialism nor capitalism but a system designed to give the best of both worlds to a well-connected elite and the worst of both to everyone else. (Consider air travel as a microcosm: Soviet experience and service quality and comfort, mean-spirited and capricious-- but very capitalistic-- pricing.) I think the same exists in software politics and the typical managerial conservatism. People and organizations can identify in name with liberalism or conservatism, but tend to pick and choose as suits them. (For an example of this inconsistency: Google, a bastion of software conservatism, allowed GCL to exist.) What makes 90 percent of software jobs so fucking miserable isn't those rock star, "undisciplined" Rails liberals or stodgy gray-haired conservatives. Rather, it's a corporatist "crony capitalism" state where people who win managerial blessing get liberalism (i.e. the autonomy to do whatever they want and freely impose complexity downstream) while the rest of the drones get stonewalled with a supposedly stiff-lipped conservatism (e.g. "you can't [fix that codebase | use that language | pursue that side project] because we can't afford the risk") that is presented as principled, although the drones see managerial favorites getting through that wall on a daily basis, so they aren't fooled.
Nevertheless, I don't know which was worse, the claim about what political conservatism/liberal is or the software one. I guess the software doesn't matter because he's just making it up anyway, but still. Before anyone thinks too highly of this piece, I recommend people study some actual philosophy and humanities.
At it's very core this is just an elaborate (not in a good way) dressing up of the static vs dynamic typing discussion; hardly a revolutionary insight. I also don't see how this is "risk" based debate. But in any event, this is just hard to take.
What's interesting is that there has been a shift over the years to where "programming" has come ot have a strong ideological bias to only one type.
The types I noticed then I call Cowboys and Architects. These are just terms I'm using for convenience, not meant as pejoratives.
Cowboys are now more common:Some programmers write a bunch of sloppy code without bothering to ever design anything. Their methedology for making a product seems to be akin to bashing to the code into the shape it needs to be eventually. This group of people tend to advocate policies that assume everyone else is writing crappy code as well- unit tests, agile, etc. For instance, agile rejects design and assumes you can't know what the right shape for the code is going to be more than a week in advance and that all code is maleable without repercussions.
Architects are now rare:Other programmers will sit for a week and think without writing any code. When they do, they sit down and over the course of an hour (or however long it takes to type it) will write out the code for the complete system or module. It will be bug-free with the exception of typos. Once the typos are fixed (Generally by getting the compiler to accept the code) the programmer can move on to implementing the next bit of functionality. Sometimes there are errors in the code working with other code, generally integration errors, but not errors in the thinking of the programmer. These programmers only accept that Agile makes sense because the business side of things can't make up its mind, so they architect core systems that are flexible to support multiple business needs, but don't need to be rewritten or bashed around, because they did it right the first time.
I'm of the latter type, and I have tested this objectively, by producing a 10,000 line iOS App like this, which has been in use for several years by tens of thousands of people with no crashes or other defects (a few minor conceptual bugs- mismatch between the features and the expectations of the business, which were fixed)... and not a single unit test. It compiled, it worked, and almost all the development time was spent on the UI. It has had major releases (eg: going from being iPad only to a universal app, etc.)
It has built in reporting for exceptions, and all of the reported exceptions are the result of things other than my code (eg: there are several situations where iOS will crash an app if it needs to or due to problems with pre-release versions of iOS, and those are what generate the exceptions.) No customer reported bugs either. (though they do have requests for things working slightly differently and new features, no programming errors reported by customers.)
The industry is so dominated by a culture of "all code is crap" that I think many people think that all programmers are cowboys and even Steve here is delineating types of Cowboys, and nobody believes architects exist.
Can you imagine someone saying "unit tests are a waste of time, they just double the amount of work with no benefit.". It produces a litany of excuses for why this isn't true. ("You need them if other people work on your code!", "maybe for a team of one", "you're assuming you'll never forget a design decision", etc.) I know this message will get responses along those lines-- its because Cowboyism has become an ideology. Yegge is right - programmers are ideological.
I'm not a savant and I'm not rare. Architects like me were about %50 of the programmers out there when I started out. I think the mainstreaming of "hacking" has produced a lot of people who are taught to be cowboys and a culture that encourages cowboyism.
Put another way, it's the political liberals who came up with OSHA (I hope--I'm somewhat ignorant of the actual history :P). A liberal or conservative outlook is not characterized by some particular processes or tools--it's characterized in an entirely relative way. The conservative approach is in choosing the familiar over the novel and in avoiding change. The familiar could be safer--Java vs Python--or it could be less safe--Java vs Haskell. I've talked to some ardent Java adherents, and they have lucid cases for not going over to Python or Ruby or Clojure or what have you. But--critically--these cases are virtually identical to their cases against going over to Haskell or Scala. There are differences in details, of course, but it's a difference in degree rather than kind.
Another even more extreme example is TDD. In particular, the arguments people have against adopting TDD are essentially exactly the same as I've seen from TDD supporters against using formal methods. Once again, some details differ, but the core idea seems to remain: some people are inherently wary of change.
It's also interesting to note how Yegge categorizes certain concepts in multiple "buckets". Either he's just being inconsistent (which is plausible) or he's making a deeper point: it's not about the particular concept, it's about the philosophy behind it. If he wasn't making that point, I've made it for him :).
That is, anything called "something calculus" is conservative, but lambdas (e.g. lambda calculus) aren't. Type-based functions overloading (like type classes, I guess) is conservative, but Scala implicits are liberal.
In my view, the languages that are the most conservative (at least in my part of the world) are Java and Python. Why? Simple: they are the default language for almost everyone I know. You're at an enterprisey company? You're probably using Java. You're at a startup? You're probably using Python. You're using C or Scheme or Haskell or Erlang? You're crazy. (I should note that I don't know very many people in systems or embedded programming, so my view is obviously rather biased.)
All this rambling (I certainly see why Yegge always writes long posts) has left me with a fairly concise conclusion. Namely, mapping programmer attitudes to a spectrum vaguely inspired by politics is a reasonable idea. Sure, the reality is that there is no total ordering so a one-dimensional representation is fundamentally lacking. However, it's good enough to give some insight.
But I would not map technologies there based on the technologies' innate traits. Rather, I would map them there based on the thinking behind the people who use them. This is similar to how--if you don't know the background--it's hard to guess which political party supports which regulation. Gun control is the opposite of liberal, but it's exclusively heralded by liberals; deregulation seems liberal but, of course, isn't. Yet, on other issues, people on either end of the spectrum behave as expected!
This is why I think languages like Java and Python are fairly conservative. Not because they try to offer some sort of safety but because they are safe choices. This is also why I would probably place C# as significantly more "liberal" than Java--it may be the most "conservative" .NET language, but it is far less afraid of embracing new ideas than Java. So that end is simple: at least for enterprisey companies and startups, it's populated with Python and Java. But what about the other end? I think this is where the languages that most people consider too crazy to use go. Haskell, Scheme, Erlang and so on. Only very brave--very liberal--companies are going to use Haskell or Scheme in actual production. Too many weird features. Even the sentence "Scheme in production" just sounds weird.
So it's not a matter of wanting handrails (Haskell) or not even wearing a helmet (Scheme); rather, it's a matter of being willing to choose something more advanced over something more understood.
In particular, I like typing as machine readable documentation, that makes IDEs simpler and more accurate in code navigation and refactoring. Dart in particular shows this false dichotomy really well, but having a type system for human and machine readable docs, making the IDE experience far more pleasant, but which can be turned on or off. Unsound, untyped, programs can still run. Yes, dynamic languages can have nice IDEs too (Smalltalk), but they are harder to engineer.
In terms of optimization, typing is a must for many types of hard real time programming. You can bet that the Mars Curiosity rover isn't using a garbage collected dynamic language. Nor are the inner rendering loops of most mobile games or console games. (Lua is another story when it comes to actual game logic)
I don't think that Tim Sweeney or John Carmack are prematurely optimizing when they decide to write a game engine(rendering) in C++, because experience has taught them that it is highly unlikely they'll be able to optimize a dynamic language implementation later to a satisfactory level.
I think many people use a mix of languages depending on the context. I certainly wouldn't write a web service in C++, nor would I write a 3D game in BASIC. I wouldn't use anything but Perl to masage text files, and I'd use R for data analysis. ďťż
Steve claims that Clojure folks come from the Haskell/ML world when the survey lists the "former primary language" of survey takers to be 1% Haskell, 0% SML, 0% Ocaml. Whereas they actually come from Java, Python and Ruby mostly.
The Clojure "replacement" in the survey is all over the map with Common Lisp, Erlang, Haskell, Java, Python, Ruby, Scala and Scheme all performing well. The liberal/conservative thing is a false dichotomy and Clojure community is probably living proof of that.
One may find many aspects of a contract annoying yet still prefer a world where contracts are widespread to a world without contracts.
In a sufficiently complex ecosystem contracts make some things easier and some things more difficult. But contrary to Yegge's assertion, it may be that some organizations have a contract that if something breaks, then one of the parties involved does a rewrite/redeploy. This is not a replacement for a contract, as Yegge implies, simply a different contract.
One contract might be: "All code must be unit tested". Another might be "If you don't write unit tests and your code works, that's great, but if it fails then prepare to pull an all-nighter if necessary."
My guess is that most developers, if asked which kind of methodology was appropriate, would generally pick a methodology that was appropriate for the level of risk involved. If the code is going to manipulate a robot arm holding a knife as it jabs quickly toward the programmer's body, few programmers are going to think that the bugfix/redeploy approach makes sense. But when it's a social site then everyone starts to feel more like a cowboy.
I think it is an insult to the professionalism of programmers everywhere to assume that risk decisions are a function of internal constitution rather than a rational risk assessment.
Unfortunately, your business is not Aunt Marge. You need to be able to make the tough calls and say that, no, banning the color yellow is not a viable policy. Software engineering and programming languages are both seriously-studied disciplines, and all too often, the evidence comes down conclusively in favor of one position.
To pick an easy target, in many languages like Java and C++, null can be passed in place of (almost) any type. But
1) Empirical studies show that values intended to be non-nullable are more common...
2) ...which means that many method definitions are cluttered with is-null checks (to cut down the exponentially-increased state space)...
3) ...and it's just as easy to provide a feature to turn it on when it's wanted (option types/Maybe monad)...
4) ...which many companies hack into C++/Java anyway (various annotations and preprocessors)
This is a pretty solid case. Liberals win -- it's less code. Conservatives win -- there are fewer bugs. Sometimes things really are that one-sided.
For example of what's pretty close to a Yegge rant of the 1980's, see Edsger Dijkstra, "On the cruelty of really teaching computing science" . It seems to be bemoaning similar debates in the software field, though from a very "conservative" perspective, since Dijkstra prefers that a formal proof should be required with every program, and one should completely avoid anthropomorphism in discussing software design.
Another thought that's crossed my mind: one of the reasons for the evolution of these approaches to politics and risk over the years has to do with the scale of impact. Liberally messing around with a social and economic systems can lead to widespread human disaster: China's Great Leap Forward comes to mind. How the software is used and how reliable it needs to be is an engineering tradeoff with regards to cost & time. This is often why you tend to see much more liberal approaches to software in smaller companies - the scale of impact is much smaller (in terms of customer base, and investment) when you cock up.
Now, it's clear that larger companies, particularly many IT shops, could learn a thing or two about being "progressive conservatives", as they've "conserved" for far too long and are caught in the trap of special interests (i.e. traditional vendors dependent on their cash). Fear of dynamic languages, open source, or cloud services, or non-waterfall development is mostly a reactionary ideology grounded with some kernels of truth - static typing DOES help codebases scale (but you shouldn't be proud of a large codebase), you can't just pick ANY open source library as some are DOA, or ANY cloud as some are unreliable, and tinkering with your delivery methodology can reduce your performance greatly due to confusion, plus there's plenty of cargo-cult agile consultants waiting to rope you in. So, you need to think these things through. But that's not an excuse for avoidance. Perhaps that means I'm a software moderate.
In general, when I fall on the liberal side of an argument, I think it is for the reasons he gives (no fear, resist ossification). But when I fall on the conservative side (which happens just as often) it is not because of fear, but because I think that mathematically rigorous abstractions (pure functions, persistent data structures, etc) offer a more powerful way to approach the problem.
I think my attitude toward bugs (which he suggests is the defining issue) is more nuanced than this spectrum allows. Bugs are inevitable, and it's not the end of the world when you have a bug. We need debuggers. But I think that over time, if we are doing anything right, we should be growing a stable core of our codebase that is increasingly flexible and bug-free. I guess maybe this could be considered a centrist view. It is certainly neither liberal nor conservative.
Someone in the thread mentioned pragmatism vs. idealism. I think this is a much more useful distinction. I would definitely consider myself an idealist. But the pragmatic-ideal axis doesn't map to the conservative-liberal axis at all.
Political talk and thinking is poisoned by the ideas of "left" and "right" even though those phrases haven't had a connection to reality since the French First Republic.
It'll probably be fine. Politics is in many respects a zero-sum game, and polarises participants into two camps. Software isn't like that.
With Clojure you keep one feet on the ground (the Java ecosystem) and the other feet is in the unknown dark water.
If it's a library that someone else will use, I try to play as conservatively as possible, and I fully expect that despite my best efforts those developers will uncover lots of bugs regardless.
If it's a mission critical application, I'll also be conservative. The more pain there is in fixing things later, the more careful I'll be up front.
When I'm writing a game, I'll play it more fast-and-loose. So long as any glitches don't crash it or open an exploit or ruin the user experience, it's usually an acceptable trade-off.
When I'm writing stuff for myself, I go crazy, trying out all new fads and methodologies just for the hell of it. This way, I learn new things and get enough experience with them to mark them as conservative-safe and liberal-safe.
My only sticking point is this: If someone competent cannot follow your code, you haven't documented things properly.
From a German point of view both liberals and conservatives are right wing. And his article is totally missing any left wing politics. He is missing the green, the socialists, the communists, and the anarchists point of view here.
And making it one dimensional also does not fit: What about Christian socialists, what about conservative greens, what about anarcho-capitalists, or national socialists?
e.g. I would classify myself (when it comes to programming) as anarcho-capitalist: I'm using the language that best fits the problem, without bias. And I'm earning most of my money with free software.
I also can not agree with how he positioned some languages, e.g. Perl might look liberal at first, but the CPAN community is more conservative when it comes to constraining regression test or documentation than the Ruby or Python people. Also ASM might look liberal at first, but if you ever worked in a closed shop, you know that ASM/370 coders have a really conservative approach to create software.
And because of that you can find yourself in an endless argument with someone.
Why he dressed it up in political satire (allegory?) I don't know, seemed to me to make his point less forcefully.
I'm trying to think of an apt analogy for this post that doesn't involve vomit or defecation, but it's hard. From the introduction proclaiming how readers will be stunned by how clearly and resoundingly true the revelation revealed within will be, to the literary diarrhea it's followed by... it's like a little kid proudly telling his parents he finally used the toilet properly only for them to find he completely missed the bowl. Yeah, I failed.
If the political spectrum is deeply flawed, as he said, then why even try to hack it onto something completely unrelated, made of individual technical points where each programmer may have a different approach?
I don't know, I like a lot of his past posts, but I don't dig this one. I don't think it provides any useful insight whatsoever.
Is there a reason nobody speaks publicly about Apple's engineering culture? We hear a lot about the culture at Google, Facebook, Microsoft, and Amazon. But I've never met an Apple engineer. And I've never read any detailed accounts by an insider.
Does anybody have any good resources? Or is there a very restrictive confidentiality policy?
"A measurement of length of a piece of writing, particularly when indicating a length excessive for the genre. A Yegge is approximately 4000 words or 25 kilobytes.
Named for well known programmer and technical blogger Steve Yegge, whose blog up to about 2009 was notorious for entries of approximately 1 or 2 Yegges in length, vastly exceeding the typical length of blog entries in the genre."
If that happens, I predict a fucking hellhole and I can only imagine myself leaving the industry at once.
A bit annoying that the post text only takes up about 33% of my available screen real estate, even on the "view single post" URL: http://cl.ly/image/1p1B2o3D262g
The type of tools they use and like are circumstantial. It's more of a empiricists vs. authority thing.
In my estimation, if the answer here is unclear, then this metaphor breaks hard.
So this is the project that Yegge mentioned would turn "all code [...] into Wikipedia." Man, my ongoing project is more similar to it than I thought.
I find it curious that he would even bother to mention (IV) though. (IV) falls right out if you start from the correct data representation, which I would have assumed from (A). I wonder if he's still listing dependencies explicitly.
Scheme, Erlang and company are more like communism: extremely liberal applications of extremely liberal beliefs. So much so that people tend to view them as "good in idea, but flawed in practice".
Python and Ruby are more like traditional liberalism. They bring in new ideas, but not in excess.
Scala and Clojure seem remarkably centrist. They both bring in good ideas from both the liberal and conservative camps.
Lastly, C is "old guard" conservatism, C++ is a Bush-style "compassionate conservatism" that tries to please everyone while being labeled "conservative", Java is a neo-con, and C# might be compared to the Tea Party.
This means that promising projects like Clojure CLR have no chance of taking off the ground, unlike say Ruby vs Jruby vs Ruby EE vs Rubinius.
Assembly language: Batshit liberal.
Perl, Ruby, PHP, shell-script: Extremist liberal.
Python, Common Lisp, Smalltalk/Squeak: Liberal.
C, Objective-C, Scheme: Moderate-liberal.
C++, Java, C#, D, Go: Moderate-conservative.
Clojure, Erlang, Pascal: Conservative.
Scala, Ada, OCaml, Eiffel: Hardcore conservative.
Haskell, SML: Extremist conservative
Woud be nice to overlap James Iry's chart with it...
 from http://james-iry.blogspot.com/2010/05/types-la-chart.html
(Dynamic Languages are Static Languages by Robert Harper): http://existentialtype.wordpress.com/2011/03/19/dynamic-lang...
With HN discussion here:http://news.ycombinator.com/item?id=2346590
I think there are way too many variables for a linear scale to provide meaningful comparison.
Conservative: the existing system must not break!
Progressive: we must add new features!
urban - accepts a certain amount of chaos for the benefits of reducing redundancy, wants to centralize code, reuse via shared centralized code
rural - wants to be isolated, wants to "see" everything, wants to have control over everything, reuse via cut-and-paste
His conservative definition is seems to be "everything that is wrong with the world" or something.
Also, this older rant reads to me as Yegge saying that this "conservative guy" was responsible for Google's success:
"I've been debating whether to say this, since it'll smack vaguely of obsequiousness, but I've realized that one of the Google seed engineers (exactly one) is almost singlehandedly responsible for the amazing quality of Google's engineering culture. And I mean both in the sense of having established it, and also in the sense of keeping the wheel spinning. I won't name the person, and for the record he almost certainly loathes me, for reasons that are my own damn fault. But I'd hire him in a heartbeat: more evidence, I think, that the Done, and Gets Things Smart folks aren't necessarily your friends. They're just people you're lucky enough to have worked with.
At first it's entirely non-obvious who's responsible for Google's culture of engineering discipline: the design docs, audited code reviews, early design reviews, readability reviews, resisting introduction of new languages, unit testing and code coverage, profiling and performance testing, etc. You know. The whole gamut of processes and tools that quality engineering organizations use to ensure that code is open, readable, documented, and generally non-shoddy work.
But if you keep an eye on the emails that go out to Google's engineering staff, over time a pattern emerges: there's one superheroic dude who's keeping us all in line."
Also some classification of technology as conservative or liberal depends upon the competing technology it is running against. I was a bit surprised to see Python classified as liberal - but it makes sense when comparing it to Java. If it is being compared with Ruby it is very conservative ("do things one way").
There are some non technological risks that influence technology decisions. Visual Basic may be "Hardcore Liberal" from a language perspective, but it is pretty conservative politically (backed by Microsoft, lots of available experienced programmers).
Steve as usual has interesting insights. I am not sure that this is a paradigm that completely fits - but it does provide a perspective for understanding fundamental beliefs that can lead to disagreements in software projects.
I did find it interesting that he considers himself a liberal (both in software and politics), then then goes on to create a "type system" categorization for programmers (and programming languages) to be placed into.
Then again my actually political views tend to span the liberal/conservative spectrum so I suppose this is not surprising.
priestc, your account was hellbanned 26 days ago: http://news.ycombinator.com/item?id=4245644
Didn't we know that already?
I would like to believe that the political bit was just a well timed hook to get people to read his blog. He understands that the right incendiary rant will bring readers. If it is sincere, though, it shows a disturbing level of crankiness.
Around fifteen years ago, I read as a child with fascination an account in Scientific American about an automated highway project where sensors were to be placed every few feet on the road, and cars would follow them, until a driver retook control at the end. I imagined a future network of roads in which cars read from sensors to determine where they were, and was kind of saddened that governments didn't immediately start putting these sensors into highways. This is such a cooler solution, one that doesn't depend on a parallel development of infrastructure, one that would presumably take lots of bureaucratic steps that are naturally associated with usage decisions on publicly owned land (which makes sense).
What this reminds me of, rather spectacularly, is that if one method of getting to your solution fails, either because those sensors didn't work out, or the bureaucracy didn't, if you come up with a solution, and say "oh by the way I did it already", it's a lot harder for anyone to ignore it.
2.9 trillion miles driven in 2009 http://www.fhwa.dot.gov/ohim/tvtw/09dectvt/09dectvt.pdf
10.8 million traffic accidents in 2009 http://www.census.gov/compendia/statab/2012/tables/12s1103.p...
If my math is correct the average american can expect to get in an accident every ~250,000 miles driven, (NYC to LA 90 times) so this does seem to be an improvement if all else is equal (which I'm sure is not the case!).
When economists think about technology, they look at it as a productivity booster. From that angle, robot cars will have a huge impact - so many commute hours will be transformed to work, or even leisure, which also boosts productivity.
So many smart people are about to be given a 10% or better bump in time to make and to do.
Also, who's commute doesn't involve temporary construction signs?
The car is pretty eye catching: http://www.vibe.com/sites/vibe.com/files/styles/main_image/p...
So it gets attention...and most accidents happen when people don't pay attention.
Once these become more common, it won't be a huge deal, so people will stop noticing them and accident rates will go up. Probably not by much, since you'd eliminate most of the driver caused accidents
The hard part will be fighting the technophobes when somebody drives into the side of one of these and kills themselves. I don't envy being in that battle.
That is going to be hard to pull off. For places that get a lot of snow, often you can't even be sure if you're on the road or not.
First, Amazon and Wal-Mart and Fed-Ex will have giant fleets - then consumers and mid-sized businesses will follow. Small local governments and developed Asian nations like South Korea and Japan will also drive adoption.
Having a fully-automated supply chain will break the competition who doesn't have the capital to get there fast enough. The big companies already automate the factories, and once delivery is automated, the circle is complete.
1. http://www-nrd.nhtsa.dot.gov/Pubs/811552.pdf table 4
What if the car was smart enough to identify situations where it was unable to auto-navigate safely? It could pull-over and ask the human to take-over for awhile. I would rather see a mostly capable self-driving car come to market sooner than wait around for near perfection.
On this note, it seems that the trucking industry could adopt a self-driving truck even if it was only good enough to travel along long stretches of highway. The first/last miles would be manually driven just like today. Could the trucking companies use remote navigation (much like military drones) to handle first/last mile and perhaps problem spots along the way?
What's the minimum viable product?
(from http://www.slate.com/blogs/thewrongstuff/2010/08/03/error_me... )
That's not a lot of miles, but the fact that they've done it completely without accident is relatively impressive.
On the one hand, these will help close the "fun gap" between the city and the suburbs. One big problem with living in the suburbs is that you can't really drink a lot wherever you are, because you have to drive home afterwards. If your car drove itself that restriction would be removed, and over time the suburbs could start to compete with cities for nightlife despite the large delta in density. Places might even start staying open later because they could make more money selling alcohol.
On the other hand, I have a power-nothing manual-everything sports car that I love to drive. Already most people I know drive cars with automatic transmissions, and now some manufacturers don't even ofter manuals anymore, even on fairly powerful high-end cars. I can imagine many of the same people who choose an automatic transmission today will choose a fully automatic self-driving car tomorrow because to them it's a utility and not a form of entertainment. Eventually, the market for non-self-driving cars will shrink in the same way the market for cars with manual transmissions has.
It doesn't matter if you reduce by a 1000 the risk of accident. When an accident is caused by a human error you have someone to blame, you can think "I would have done better". But when the accident is cause by a machine, then people will stop trusting the car and be done with it.
Trivial example, could i choose to always pull out in front of the robot even if it's not my right of way? (presumably safe in the knowledge the robot will always give way to avoid a collision)
Could that escalate to the robot being treated as a mobile speed trap / felony snitch?
Oh, and I would very much like if every vehicle put on the back and front of the car - it's current speed measured by the car.
The real safety improvements will come when all cars are autonomous and they talk to each other.
Now also imagine if that address isn't up-to-date (I found it on the web!), or there is some other problem with the address.
How quickly will we adapt to the car?
Venera 13's arm functioned properly. Venera 14's returned strange data, which was soon traced to a very simple fault - both Venera landers had a lens cap protecting their sensitive camera equipment on descent. These popped off on landing, and then the spring-loaded instrument arm extended to perform its testing.
Venera 13's arm extended into the soil correctly. Venera 14's arm extended directly into its discarded lens cap. Poor Venera 14 travelled millions of kilometers to test the compressibility of a lens cap on the surface of venus.
http://www.mentallandscape.com/C_Venera_Perspective.jpg Venera 14 on right)
Venera 14 did also function for almost twice its design lifetime (~57 minutes) so it was a good little probe, but I love to use this little example when talking about reliability engineering.
Also this shot of Halley's comet fly-by from another Soviet craft (Vega-1) that only served to deposit a lander on Venus but then went on to fly close to the famous comet as well:http://www.mentallandscape.com/CS_Vega02.jpg
It's an eight-part series (each episode being about 45 minutes), and the first three episodes were especially remarkable for the descriptions of what scientists have accomplished, the interviews with some key people, and the film/images shown. I can watch those over and over, and each time I'm struck by how amazing it is that people have accomplished things like this. To me, there's a wonder in it all, from the fact that there have been these achievements and that I've lived at a time to bear witness.
I know it's listed on Amazon and through Netflix for anyone who is interested. My thanks go to whomever it was around here who informed me that this series exists.
Best self-promotion you can do is make quality posts and submissions and then link to your blog from your profile page instead.
Gods have finally heard my prayers. What have they been waiting for all this years?
Power of QT + Productivity of QT Creator + Simplicity of Python = Amazing, IMHO.
PySide-powered python scripts can be frozen into binaries with various tools such as cxFreeze, that's a good thing.
BTW, QT Creator is one of my inspiration sources for my new text editor with a Firebug-like UI for testing css/html in real-time (http://liveditor.com).
Url is http://www.kauppalehti.fi/5/i/porssi/tiedotteet/porssitiedot... if you want to hand it to Google Translate
Edit: I guess it's an accounting trick where you don'tcategorise acquisitions as an expense. But stillleaves the 125 salaries...
Somehow it looks like this whole open governance transition of Qt was aimed to lessen disturbance of the inevitable sell off.
stop-and-frisk is a significant issue in NYC. Ostensibly the authority is granted as part of a larger effort to eliminate firearms on the street. It resulted in nearly 700K stops in 2011. That got 800 some-odd guns off the streets of the city at an unknown cost to goodwill (given most people stopped-and-frisked are Black or Latino).
On the flip side there is no doubt that stop-and-frisk has contributed to one of the highest rates of marijuana arrests in the country for NYC. Odd, given New York state effectively decriminalized small amounts of weed in the 70's. It's only through a loophole that states publicly displaying the drug makes possession an arrestable offense and it's been reported that the NYPD consistently instructs people in stop-and-frisk situations to remove any drugs from their pocket and present it for inspection prior to frisking, making it publicly displayed.
Gov. Cuomo called on NY state legislature this year to eliminate the public display issue, but nothing happened before the end of the January-June session.
edit: added "small amounts"
> I was taking pictures of something that was really wasn't anything shocking for them. There was no police line. Ive been doing this a long time and its frustrating. Im credentialed. They asked for the credential, I'm shooting, the next thing I know I'm in jail and my equipment is confiscated.
Serious question: Why does/should it matter that he is credentialed?
Again, not that it'd likely ever happen, but hey, petitioning your elected representatives never (okay, rarely) hurt.
Let's call it for what it is... the police were enjoying watching the fight and didn't want to be disturbed. What happened to the girl or rather the attacker? nothing, the justice was instead leveled at Stolarik, and what's he going to do back, nothing. What a shit hole NYC must be. (I might be wrong too)
Today I am happy to announce that you can find the source for TextMate 2 on GitHub.
I've always wanted to allow end-users to tinker with their environment, my ability to do this is what got me excited about programming in the first place, and it is why I created the bundles concept, but there are limits to how much a bundle can do, and with the still growing user base, I think the best move forward is to open source the program.
The choice of license is GPL 3. This is partly to avoid a closed source fork and partly because the hacker in me wants all software to be free (as in speech), so in a time where our platform vendor is taking steps to limit our freedom, this is my small attempt of countering such trend.
I am also a pragmatist and realize that parts of the TextMate code base is useful for other (non-free) applications, so I may later move to a less restrictive license, as is currently the case with the bundles. For now, please get in touch with us if there are subsets of the code base you wish to use for non-free software, and we might be able to work something out.
Anything related to the code base, including contributions, can be discussed at the textmate-dev list or ##textmate on freenode.net. Pull requests can be sent via GitHub but if you plan to make larger changes, it might be good to discuss them first if you want to ensure that we are interested in accepting a pull request for such change or simply want advice on how to go about it.
The bar charts used to illustrate that article are terrible. They present raw counts for each font, but each font was not presented to the same number of people---they varied from 7,477 (CM) to 7,699 (Helvetica), which is a pretty big swing given the other numbers they're displaying. In fact, when you run the percentages, CM has a higher percentage of agreement than Baskerville (62.6% to 62.4%)!
When we turn to the "weighted" scores, which don't follow any clear statistical methodology that I'm aware of, the bar chart is again presented with counts rather than proportions, and this time with an egregiously misleading scale that makes it seem like CS gets half the score of gravitas-y fonts like CM and Baskerville, when in fact its score is only about 5% lower.
Finally we get to the "p-value for each font". That's... not how p-values work. The author admits that his next statement is "grossly oversimplified", but there's a difference between simplification and nonsense. He says that "the p-value for Baskerville is 0.0068." What does that mean? What test was being performed there? Can we have a little hint as to what the null and alternative hypotheses were?
Also, did they control for desktops vs smartphones vs tablets? It's reasonable to hypothsize the device's screen (and zoom level on mobiles) affects typeface rendering and its perception.
All in all, intersesting and worthy of more work, but I want more to believe the result more.
I quickly went over to a different (Windows) machine to try it out because I couldn't believe my eyes. That one was given Georgia, so I mistakenly assumed that Errol Morris was such a type hipster that he included Computer Modern in his type stack if it was installed locally. It was pretty funny to see this today.
One thing I will say, is that the Computer Modern webfont they used is a disaster. It had tons of aliasing issues. I wonder how they sourced it since natively it isn't in a normal font format. (Knuth!) That certainly would skew the results.
This is a nice example that you can get statistical significance for small effects, if your sample is big enough. Their p-values are explained very badly, so I did my own analysis by transcribing their data from those plots. Let's take their weighting scheme for granted. I agree with some other commenters that the sums and counts are misleading, and instead took average scores per font, and computed confidence intervals for those means. The means are indeed a little different, and for some pairs, statistically significantly so.
But does it matter much? Take the pair with the largest gap, Baskerville vs. Comic Sans, of 0.95 versus 0.79: a difference is 0.16. This is out of a 10-point scale (ranging -5 to +5).
In fact, the standard deviation for the entire dataset is 3.6 -- so just 0.05 standard deviations worth of difference.
Or here's another way to think about it. If a person does Comic Sans example, versus could have done Baskerville example, how often would they have score higher? (This ignores the weightings, it's a purely ordinal comparison. I think this is related to the Wilcoxon-Mann-Whitney test statistic or something, I forget.) So with independence assumptions (if they had proper randomization, hopefully this solves), just independently sample from the distributions many times and compare pairs of simulated outcomes. 22% of the time it's a tie, 40.3% of the time Baskerville scores higher, and 37.8% of the time Comic Sans scores higher. I guess then it sounds like the difference is better than nothing.
Not sure what's a good and fair way to think about the substantive size of the effect. I wanted to take the quantile positions of the means, but realized you can't exactly do that with ordinal data like this (zillions of values share the same quantile value).
I probably missed something, so here's the transcribed data and R/Python code probably with errors: https://gist.github.com/3311340
Now that I'm thinking about it more, averaging the agreement scores seems weird. Maybe it's clearer to use the simple binary agree/disagree outcome.
I've thought for years Georgia was a great choice on a resume/paper.
a) You want to stand out
b) You also don't want to appear too "starchy"
For Weighted Agreement, it looks like Comic Sans had a way lower agreement rate (it looks like 60% lower) but Comic Sans had only a 4.5% lower agreement rate than Baskerville, including their weighting system.
For Weighted Disagreement, Georgia had only a 7.7% increase in disagreement than Baskerville whereas the chart makes it look more than double.
Still interesting, but not nearly as substantial as they make it out to be. Is there a term for this type of manipulation of charts (whether intentional or not)?
EDIT: Indeed, the term for this is "Truncated graph" http://en.wikipedia.org/wiki/Misleading_graph#Truncated_grap...
And as a bonus (thanks wikipedia!), according to Edward Tufte's "Lie Factor" (where 1 is considered accurate), the Weighted Agreement chart has a lie factor of ~15 and the Weighted Disagreement chart has a lie factor of ~17.
No amount of 'pushing' and 'pulling' at data can compensate for a poorly designed experiment. Georgia can't be used as both the control and a measure of how effective Georgia isâ"clearly fonts that stood out from the rest of the page would have a different effect than the one that looks exactly like the rest of the page. To give any of this credence, the sample should have stood alone, or the typeface of the surrounding page should have been randomized as well. What we're looking at here is "Are there certain typefaces that compel a belief that the sentences they are written in are true when contrasted with Georgia?".
There's two axis - engagement and authority. Baskerville is not engaging, but it looks authoritative. So you tend to agree, even if you don't know what it says (like a boring professor or politician). Comic Sans is like a boring person in a clown suit - you can't follow what it's saying, and you tend to disagree just because it looks a little stupid.
The more respectabel Sans are engaging, but not authoritative; Times is both engaging and authoritative.
If you read something in Baskerville, you agree because it looks so boring that you can't be bothered reading it. Georgia, on the other hand, encourages both strong agreement and strong disagreement - people take it seriously, but actually pay attention. No-one takes Comic Sans seriously, because it's hard to read and looks stupid.
Edit: incidentally, she works at CERN on the ATLAS experiment too.
I certainly agree that Comic sans nudges me towards disbelief (and I'd never read a full article written in this horrible font :-)), while Georgia seems more 'professional' and believable.
Baskerville in my mind is instantly associated with all the books I read - most of those on scientific topics had this or a very similar font. Don't know whether it affects my judgement of what's written compared to any other normal fonts.
Typewriter-style fonts do make texts seem older and therefore, more believable (since they've been around for so long, there must be some truth to them - the standard logical reasoning).
I wonder... Do the names of programming languages have an effect on how seriously people want to read what's written in them? If given 3 names (e.g. Python, Ruby, Groovy), do people subconciously rank their seriousness???
Now I'm going to petition Randall Munroe to gather more data (thinking of the color survey).
a lot of sites at MIT, CMU have that mark... the more prestigious, the uglier.
of course it has to be a certain style of ugly.
I can't help but be in awe.
Currently a third tunnel is being built and apparently it's "the largest construction project in New York history". The project was begun in 1970 and won't finish until 2020. It cost 6 billion. When the third tunnel comes online, it will allow for the other two tunnels to be shut down for repairs for the first time in their history. Scenes from Die Hard were filmed in Tunnel 3.
This is big, long-term stuff folks. Makes me feel kind of proud of civilization.
I read an article, some years ago, about the problems of getting subterranean tunnels at a depth greater than 100 foot approved. As part of the process the plans get submitted to the security services, who then say "yes" or "no"; and you only get three attempts. I can't find the article (or anything similar) so maybe it's just myth.
The Moscow subways are beautiful, but when I went (April '86) you were not allowed to take any photographs.
I'm fascinated by the complex networks of public tunnels, secret tunnels, and abandoned tunnels.
And if you like that, you'll REALLY love Brian Hayes' Infrastructure: A Field Guide to the Industrial Landscape (http://www.amazon.com/Infrastructure-Field-Guide-Industrial-...). It's porn for people who like to try to figure out what the random towers in a chemical plant do, or how the electrical station you just passed on the interstate works.
Of course no mention of "Beauty and the Beast"  which took place in a pretty fanciful world under New York city.
Given the expense these days of tunneling I wonder if we've reached a peak of complexity underground for now.
 Actually only the parts between San Jose and Palo Alto but it was the imagery not the accuracy they were going for.
Its a timeless page.
You guys are doing awesome work. Thank you.
Does this mean I can apply rounded corners via jquery css without having to write 4 separate css properties for each browser?
Is it just me, or is that overly passive-aggressive for a release announcement?
Would love to see some benchmarks!
Size reduction wasn't our primary goal in this version, but we felt it was important to hold the line on code growth, and we definitely achieved that.
TL & DR for the patch: - some internal rewrite - some small fixes - smaller code size
The gear in the bottom right of the Chrome inspector has a lot of useful options, such as emulating touch events and preserving the console log upon navigation.
The Watch Expressions persist across tabs and I keep "this" as the top watch expression all the time. It makes for an easy quick check when debugging to make sure that you're in the scope you thought you were, and you can always use the dropdown to inspect all the properties of the current class.
CTRL+G works in the sources tab (go to line)
You can highlight some code and right click -> Evaluate and it will run that selected line in the console for you. Alternatively you can highlight the code and press CTRL+SHIFT+E
You can remotely use the web inspector for Chrome Mobile: http://www.youtube.com/watch?v=s4zpL4VBbuU
There's a useful shorthand: In the console you don't have to type "document.getElementById('blah')" to get a reference to the blah ID'd element. Instead you can just type "blah" in the console, and even though autocomplete doesn't show it, pressing enter will return the element with ID blah!
(So if you're reading this Webkit/Inspector developers, thank you.)
Regarding the element drag and drop: it's a really awesome way to brainstorm redesigning a UI, but I've found if I mess with it too much it starts behaving weirdly and getting confused about whether the elements are in their old or new spots, and I have to refresh and start over. Still an awesome feature for productivity.
I had to manually roll back Safari to 5.1.7 to get the old one back.
I will give Apple credit for keeping me hooked on Safari since they're bookmark and history sync across all their devices via the cloud is top notch.
You need to shift-enter every line, not as usable as Firefox/Firebug. Also tab is still not working. This is the reason why I am still using Firefox for development purpose.
Is there a similar list for firebug? A strong advantage of firebug is of course that it's has a bunch of nifty extensions. Which one do you prefer?
I loved using Safari's inspector for for trying out CSS selectors. It seems that both for Chrome and Safari, only searching for xpath seems to still work. Am I missing something or did that really get removed?
We wonder what books scholars will write about 500 years from now. It won't be what's popular, it'll be whats pirated.
trying to work out if it's available via torrent now...
For example, for Pulse's answer to the stack question:
* Google App Engine * AWS * Hive * S3 * Redis * Django * Backbone * ASI * MBProgressHUD
If you want to get fancier, you could have it be a delimited list:
Name of product|Category|Purpose at company
If the backend has this data, then we can see popular solutions by category, such as JS frameworks.
Obviously, it wouldn't be hard to go through the few entries you have now and pick out the entities, but better to have a system in place early on before you expand too much.
I think a view that allows sorting by tech product and comparing usage would be very useful. I'm not saying ditch the interview format, just provide multiple ways to view the datapoints given.
For the front page, I'd also reduce the size of the logos.
Otherwise, great start, this is something that will be very useful to developers.
My favorite part, however, is the "What business software do you most wish existed" section. Once more interviews get posted (removing the small sample size), others can use these as startup ideas themselves.
I'm worried that this is proof that a lot of the big darlings of the 'industry' are really just feeding off each other's venture capital.
Is the data going to be available in a structured way?It think of trend tables, use counts, graphs, you know...
I was a little disappointed that there isn't an auto-biographical interview. The meta post of "We Use That Uses..." seems like an easy add.
It is possible to become an American. I have seen it done. My wife, out of all the girls I knew when I first lived in Taiwan, was the LEAST interested in gaining a green card or even living in the United States as a student until we had occasion to enter the United States (her first occasion ever) as a married couple after a year of married life in Taiwan. Over time, she has become a Minnesotan American by choice rather than by birth, and indeed we have spent far more time in the United States than I had ever imagined possible when I first planned my adult life as an American with a university degree in Chinese language. There have been great opportunities for us in America and much that my wife can cherish even though none of her primary or secondary education was intended to prepare her for life in the United States, and none of my higher education was intended as anything but preparation for living in east Asia. The United States is open to immigrants, accepting of cultural diversity, and a second home for many people that becomes a more meaningful home than their first home. That acceptance of outside influence is America's strength, and why the United States and not China will be the superpower of the twenty-first century.
What the United States can learn from China (but even more so from Taiwan, Japan, and South Korea) is better provision of elementary education in government-operated primary schools, particularly in the subjects of mathematics and science. Native-born Americans like me who have lived in east Asia are APPALLED at the wasted opportunities that United States schools have with their lavish resources to provide a truly world-class education. United States schools do not do as badly as they possibly could, but they also don't do as well as they reasonably could be expected to do. Let's learn from China's best examples here in the United States. Meanwhile, I hope that the common people of China eventually learn from other democratized countries of east Asia how to come out from under a one-party dictatorship and to enjoy uncensored mass media, free elections, and a vigorous civil society.
I spend the bulk of my time in Beijing, Taipei, and Ulaanbaatar (Mongolia). My take is slightly different.
Well, a lot is true. The property thing, definitely. The state industry takeovers is scary; you have to get a sense for what industries they don't mind foreigners in, and which they do. Media? Yeah, you don't want to own a media company in China as a non-Chinese. The same is true with energy and raw materials. Probably not true for manufacturing, education, and consumer goods. So, that's a weird and surreal and true point.
But some things seem dead-off. The Chinese seem much more community oriented than the West. On mornings I'm up early, there's always large groups of people doing Tai Chi, or moving around doing a sword-dance, or other group exercises. Likewise, there's huge groups of people singing, dancing, waltzing, in the evenings. Families go out and play together a lot. At least, that's what I see in CBD in Beijing.
The thing about the Chinese loving money and size is true. It's not as bleak as it sounds though, it's probably similar to 1950's America in that sense. You've got people who were raised lower on Maslow's Hierarchy of Needs, so they're very pro-money and pro-security. It's all pretty upfront, and everyone is in to hard work, credentialing, and earning well. My friend is married to a Chinese woman, and we were working something like 12+ hours a day for a while. Since his work/life balance was totally destroyed on the projects we were on, I apologized to her one day at their house. "Hey, sorry we're working so much..." and she replies: "You're making money?" I say, "Yeah, we're making money." She says: "Okay! No problem then, keep making money! I'm glad you two are doing it!" They named their cat "Wangtzai" (spelling?), which translates to "Bring money." Yeah, they named their cat "Bring money." But they're also happy and have a good home life together. She just respects working a lot and wants her husband to work a lot. That's where she's at mentally.
This part struck me as the most off --
> [China] does not welcome intrudersâ"unless they happen to be militarily superior and invade from the north, as did two imperial dynasties, the Yuan (1271-1368) and the Qing (1644-1911), who became more Chinese than the Chinese themselves. Moreover, the fates of the Mongols, who became the Yuan, and Manchu, who became the Qing, provide the ultimate deterrent: âInvade us and be consumed from the inside,â rather like the movie Alien.
It's not like "Alien" -- it's more like, China was so much more artistically and culturally sophisticated that even invaders assimilated the conquered culture, and happily so. It's little known that the Mongols (Yuan) built the Forbidden City at first. It was called "Forbidden" since it was Mongolian-only, preserving some of Mongolian Steppe Culture even within China. Likewise, Mandarin is the Manchu language... the ethnic minority that conquered China and became the Qing. The Han (majority) now speaks the minority's language, since it was widely spoken in courts and high level administration under the Qing Dynasty.
But why did the Manchu become more Han-like and base out of Beijing? Because it was a pretty amazing place, and by and large it always has been.
I don't know, maybe I'll get China-fatigue at some point. I agree with his point that you'll never be really truly Chinese in China, but foreigners also get all kinds of additional respect and benefits for being foreign, along with a tacit okay to break certain customs and decorums because you don't know better. For foreigners in China who speak Chinese, it's even better -- you get delight from everyone you interact with, and lots of respect (arguably, undeservedly so)... so yeah, it's good and bad. The article comes across overly jaded, though I suppose the idea to not start a media company or buy residential housing are both good pieces of advice!
Remember the 'roaring 20s?' Materialistic society, ambivalence about foreign affairs, widespread corruption, distrust of foreigners. A Chinese who owned a tea shop in a small town may well have to beg for a renewed lease, yes?
Well, China is not the United States, but lets put things in perspective. At the moment neither the leaders nor the people of China want to be a 'world leader' so why do we keep talking about it as if they do? China has its own problems and most Chinese are well aware of it.
China is not yet a rich country. Its Per Capita GDP (PPP) is about the same as Ecuador or Belize.
Right now things in China are not so great. It seems the Conservatives are back in power and so there has been some increased restrictions of freedom after a couple decades of improvement. Corruption continues to be a problem. The price of groceries, as well as property, has been increasing.
But the overall trend is upward. The author of this piece has fallen afoul of the Guanxi networks of business and politics in China. Sorry, yes, they don't play fair. But I am hopeful at the turn of the next century China will be as prosperous and egalitarian as my own United States of America.
I'd say their education system (and society) tends to hammer the creativity out of people. I see strong evidence that who think differently are ridiculed. Only the strongest personalities could withstand this, and it is obvious that they often leave for greener pastures. Nurturing the free thinkers is not easy.
Superpower & housing bubble aside, first they have to figure out things like why having seatbelts in cars is important - that the individual is in fact valuable.
Of course. The British led the world and did not offer (at the time) anyone the chance to be British either. In fact, they actively discouraged interbreeding. It is a dogma of the modern Occident that it is stronger to be multi-ethnic, and that national identity should be open to anyone. History shows us, however, that that is hardly a necessity for world empire.
Full disclosure: I was once in love with a Chinese woman from an elite family, who I am fairly certain loved me but rejected me because I did not belong to the appropriate stock (with influence from her family). Lesson learned: if love is strong, kinship bonds are often stronger.
I grew up in that culture in America having a Chinese mother and belonging to the local Chinese community. The interesting aspect to it, is that it represents a curve as everyone gets a 97+ on their tests. It felt like 97 was the median in the class. It just happened to be instead of having scores from 50-100, you had them compressed from 90-100. Scoring below a 90 is equivalent to getting an F in the local Chinese community as only a few ever scored that low.
I personally appreciate having gone through that and all the brainwashing that occurred with that mindset. I know one of my strengths is the ability to work well under pressure, where often my motivation is correlated with pressure. While I never made the connection in college, I innately understood the curve and how to play the game due to being curved at a young age.
The worry I have at times with correlating motivation with difficulty is whether I am creating an invalid proxy for value. Sometimes the work leads to something of value, but they are not directly linked as there are plenty of difficult things out there that generate little value to society and oneself.
That said, bringing it back to the OP's concern about his children's education, I don't know what it's like to go through a full Chinese system as I highly appreciate the mixture of Western education in my upbringing. I had a nervous breakdown in high school after realizing the falseness of my quest I had around accomplishments and achievements. If it weren't for the liberal arts of Western culture (arts, music, and literature), I don't know how I would have came out of that mental breakdown. I began to value the Renaissance man who was balanced in a variety of topics and sought the balance of academics, the arts and social skills. I wonder if it weren't for those concepts, if I would have trained myself to seek higher and higher goals in mastery over academics as I saw with some of my childhood friends who had a stricter Chinese upbringing.
The China that the author describes is not the China I've seen. Housing prices may be high, but he neglects to mention that it's common for companies to provide housing to their employees. Yes, people will ask you about your money - but that's culture, and it's not impolite.
There are a lot of untruths in his article, but it's too long to pick apart. A big one, though, is about appreciation for foreigners. China does in fact have laws about foreigners, but most are designed to protect them and avoid international incidents. For example, several schools around the Shaolin Temple offer practical training in everything from hand-to-hand combat to spears to swords. Only three, however, have passed safety regulations to accept foreigners. The Chinese also likes to tell you that you're special, because they think it endears you to them, whether it's true or not.
I'll end by saying: it's hard to judge China through a western perspective.
The title is a tautology. I can't help but feel that anyone from country X will every be integrated into any other country, as long as they still want to be themselves. Which is what the author never really states. Had he bought into the materialistic lifestyle, asked everyone how much money they made, and insisted his kids cram for elementry school exams, and toed the party line (whatever that may be), then maybe he would've been considered Chinese (I bet he'd say you still wouldn't but he didn't even consider that possibility). But no, he wanted to be a Westerner in China, and by definition, never become Chinese.
I lived in Europe for half of my life before age 30. I was fluent and mistaken for a native of the country where I lived. Yet, I could not help but retain my American perspective; I don't think I could give that up even if I wanted to. So even if I blended into the culture and wanted be a native, I could not feel like one myself. I came "home" to the US and don't feel American anymore either--I think that will be the author's fate in Britain. I have American friends still there, native by any standard, yet still consider themselves American by choice.
So I think it comes down to giving up one's identifying culture. The ironic thing, is that Chinese (and many other foreigners) do it all the time when they immigrate to the West. To me, that is the quandary of immigration: how do they manage to embrace the host culture so much that they no longer identify with their native one. It seems so much easier to do from East (India, China) to West (US, mostly). It seems like it's much easier to go from a culture of community to one of individuality than vice-versa. Why is there a lack of symmetry?
This is not only damaging to society in China, but to the rest of the world as well. So much potential to do good, squandered because of fear of revolution.
Scarily reminiscent of education in the U.S.
The main problem, I think, is the Chinese's jungle-ruled platform associated with its single-party tyranny. What happens is they will invite you in and give you lots of promises and flexibilities at first. They will learn from you. And when you get too big, they will change the rules to favor their owns, and kick you out, robbing you if necessary. It's not so much that you're a Caucasian foreigner.
I believe that a lot of outside investors and companies will eventually (unless they are big) find out that doing business with the Chinese will end up looking like this person. I am not anti-Chinese as a people or a culture, but I have seen this type story again and again.
Some of the main causes, and by no means the only causes for "racism":
1, those you don't understand, you don't trust -- vast of Chinese have not met many foreigners and Chinese culture tend to differ greatly from western cultures.
2, as noted, China is a very segregated country, you get discriminated against for all sorts of reasons. But if you are from a powerful American family, you will find your respect in China; if you are a poor China man, even your (slightly better off) neighbours would look down upon you.
Same reason Jd's love could not marry him, she will not marry another China man either, if he is not from a respectable family or occupying a respectable position.
On a final note, I don't believe in racism. Not that racism does not exist, but it's too easy of an explanation for your misfortunes; It's too easy to blame something you cannot change and call it a day. Real life is a lot more complex than that, and it's best to look for resolvable problems and fix them, increasing your chance of success, than to blame someone else.
I think the most poignant section was this:
>A deal had been struck. Deng had promised the Chinese people material wealth they hadn't known for centuries on the condition that they never again asked for political change. The Party said: âTrust us and everything will be all right.â>Twenty years later, everything is not all right.
But I would disagree with the overarching theme that the problem of an ascendant China / China in general / etc. is that China is too inward-looking, that "You'll never be Chinese." I know you'll never be Japanese, but I think China and its people and culture are quite different; I didn't spend as much time living in China or studying Chinese as the author, but in that time and in my experiences I think there is a lot more interest and openness of people (and many elites) than is given credit.
Unfortunately, there are huge structural and institutional barriers too...
You can't be Chinese right now, but that doesn't mean you'll never be Chinese.
Governments do fall and rise at the drop of a hat in China. People know that right?
there's something of that in this article, i think.
also, it's very hard to be neutral when you live in a place. and living in a foreign place is hard (more for some than others, of course). it's easy to bear grudges, no matter how aware you are that "it's just cultural differences".
huh. voted down for that? sigh...
I am curious, where in the world is that acceptable (especially during lunch) and where disgusting..