hacker news with inline top comments    .. more ..    3 Mar 2013 Best
home   ask   best   5 years ago   
1
We Found Our Son in the Subway opinionator.blogs.nytimes.com
815 points by mccolin  2 days ago   174 comments top 27
1
tptacek 2 days ago 4 replies      
Sound reasonable to me. That judge is probably a parent. I suspect most parents understand: if we waited to be "ready", nobody would ever be a parent. Conventional parents get months and months of notice. If they're like me, they're still nowhere close to "ready". It's terrifying. But you, and these guys, and everyone else just do what we've been doing for hundreds of thousands of years.
2
kirinan 2 days ago 1 reply      
Renews faith in humanity. This belongs on HN, because it really does point out the humanity that we all want to touch with our development. These are real people, with real issues, with real emotions, and each one of them may be a user of our products, using them to improve their lives, their sons lives, or whatever. Its very important to be able to empathize with people, and be able to know their stories, this is the only way to build great things that people love. You can say that this isn't "technical" or "business" related, it is however very related to human beings and ultimately these "humans" are your business, your source of profitability. If anything, more articles like these should be on HN.
3
jpdoctor 2 days ago 2 replies      
Good god this has nothing to do with HN.

Good god am I glad that it got to the front page so I read it.

4
5
knodi 2 days ago 0 replies      
My grand-father when he was a young 15 years old farmer found a lost kid on an Indian train. After search for his parents for years with no luck. He adopted the lost kid, at the age of 18 he became a father of a 7 year old. Today the little kid is a retried doctor that resides in New Jersey.
6
Geekette 2 days ago 7 replies      
Ugh. This yanked a couple of thug tears outta me.

And for those wondering what place this has on HN, I actually read HN for interesting, often-not-technically-related news.

7
twstws 2 days ago 4 replies      
This was hard for me to read. I spent four years waiting to adopt a child.Did almost a year of training and home visits, then waited. And waited. Why does it take so long? Because we selfishly insisted that we'd only take one ortwo children. The social workers were not subtle in letting us know that we were selfish to not want a sibling group of 4 or 5(?!) kids all at once. They made it absolutely clear that we could not expect to have a newborn, and a child under 8 was unlikely.

So to hear that, on a hunch, a judge can give a newborn to a couple that had expressed no previous interest in having kids, wtf. It's a nice story, and I'm glad that it worked out so well for everyone. But for me it really underlines how fucked up the system really is.

8
siscia 2 days ago 9 replies      
Love the story.

When we talk about gay marriage and adoption I always need to query a little more, especially about the kids.

What's about Kevin ? His life is "perfectly normal" (how stupid is this expression) ? He is happy ? Does he have problem with his sexuality ?

Do anybody have any experience to share ?
Please to be obvious, in neither way...

(Why this is on HN ? Well, because I believe that HN is one of the best community on the internet, it is normal that people want to share stories and ask opinion to other they respect/admire)

9
RyanMcGreal 2 days ago 0 replies      
Well damn. Now I have to wipe these tears off my keyboard.
10
ck2 2 days ago 2 replies      
Lovely story but what kind of husband offers to adopt a child without even previously discussing it his wife?

Great relationship there. This story turned out well only because of her.

BTW this is why many cities now have a law there is no penalty to leave a newborn at a firestation, yet some cities still resist it.

11
gruseom 2 days ago 0 replies      
Pretty hard not to find that touching.
12
iaw 2 days ago 0 replies      
That is an amazing story.
13
ritchiea 2 days ago 0 replies      
Really heart warming. Also makes me wonder how they handled the financial challenges of raising a child as a young social worker and playwright couple in new york.
14
bobwaycott 2 days ago 0 replies      
What an absolutely beautiful story.
15
muriithi 2 days ago 0 replies      
This would never have happened in Kenya where the Children's Act expressly forbids homosexuals from adopting. Sad.
16
mynameishere 2 days ago 0 replies      
Foundlings are actually fairly common. The only novelty here is that the adoptive individuals are nontraditional.
17
paulnechifor 2 days ago 0 replies      
I'm wondering how many upvoted because they found the article worthwhile versus upvoting because they noticed the author is not a women and that's what's expected. I say this because to me it looks like it's something that's off-topic judging by the guidelines.
18
balabaster 2 days ago 0 replies      
Honestly if there was more of a proliferation of this kind of news instead of the constant barrage of negativity and fear that is pushed upon us through mainstream propaganda er... media channels then perhaps we wouldn't need the TSA with their hands up our butts feeling around for shit that isn't there... pun intended.
19
stretchwithme 2 days ago 0 replies      
My theory is that one of the reasons nature makes gay people is so that there are extra parents.
21
lysium 2 days ago 0 replies      
Touching story!
22
Taylorious 2 days ago 0 replies      
Good story. Am I the only one who read the title as "We Found Our Son in Subway?" As in the restaurant.
23
conroe64 1 day ago 1 reply      
What a corny story
24
chris_mahan 2 days ago 0 replies      
Excellent!
25
mtinkerhess 2 days ago 13 replies      
Great story. Can someone explain why this belongs on HN?
26
Mz 2 days ago 1 reply      
I don't know why people would say this does not belong here. Social hacking gets so little respect.

Two thumbs up.

27
mrb 2 days ago 3 replies      
It seems to be a fictional story. The author is a playwright and a screenwriter. No last names are given (except the author), and the desire for anonymity is not explicitly stated.

I am surprised the NYT Editor did not ask the author to make it clear if it is a fictional or real story.

2
Andrew Mason's statement about being fired as Groupon CEO jottit.com
625 points by robbiet480  2 days ago   183 comments top 39
1
sethbannon 2 days ago 12 replies      
Full text of his statement:

(This is for Groupon employees, but I'm posting it publicly since it will leak anyway)

People of Groupon,

After four and a half intense and wonderful years as CEO of Groupon, I've decided that I'd like to spend more time with my family. Just kidding " I was fired today. If you're wondering why… you haven't been paying attention. From controversial metrics in our S1 to our material weakness to two quarters of missing our own expectations and a stock price that's hovering around one quarter of our listing price, the events of the last year and a half speak for themselves. As CEO, I am accountable.

You are doing amazing things at Groupon, and you deserve the outside world to give you a second chance. I'm getting in the way of that. A fresh CEO earns you that chance. The board is aligned behind the strategy we've shared over the last few months, and I've never seen you working together more effectively as a global company " it's time to give Groupon a relief valve from the public noise.

For those who are concerned about me, please don't be " I love Groupon, and I'm terribly proud of what we've created. I'm OK with having failed at this part of the journey. If Groupon was Battletoads, it would be like I made it all the way to the Terra Tubes without dying on my first ever play through. I am so lucky to have had the opportunity to take the company this far with all of you. I'll now take some time to decompress (FYI I'm looking for a good fat camp to lose my Groupon 40, if anyone has a suggestion), and then maybe I'll figure out how to channel this experience into something productive.

If there's one piece of wisdom that this simple pilgrim would like to impart upon you: have the courage to start with the customer. My biggest regrets are the moments that I let a lack of data override my intuition on what's best for our customers. This leadership change gives you some breathing room to break bad habits and deliver sustainable customer happiness " don't waste the opportunity!

I will miss you terribly.

Love,

Andrew

2
sethbannon 2 days ago 3 replies      
I've had little respect for the way Mason ran Groupon, but I have immense respect for the way he's handling his dismissal.
3
kurtvarner 2 days ago 0 replies      
Here's a copy of his statement.

--

(This is for Groupon employees, but I'm posting it publicly since it will leak anyway)

People of Groupon,

After four and a half intense and wonderful years as CEO of Groupon, I've decided that I'd like to spend more time with my family. Just kidding " I was fired today. If you're wondering why… you haven't been paying attention. From controversial metrics in our S1 to our material weakness to two quarters of missing our own expectations and a stock price that's hovering around one quarter of our listing price, the events of the last year and a half speak for themselves. As CEO, I am accountable.

You are doing amazing things at Groupon, and you deserve the outside world to give you a second chance. I'm getting in the way of that. A fresh CEO earns you that chance. The board is aligned behind the strategy we've shared over the last few months, and I've never seen you working together more effectively as a global company " it's time to give Groupon a relief valve from the public noise.

For those who are concerned about me, please don't be " I love Groupon, and I'm terribly proud of what we've created. I'm OK with having failed at this part of the journey. If Groupon was Battletoads, it would be like I made it all the way to the Terra Tubes without dying on my first ever play through. I am so lucky to have had the opportunity to take the company this far with all of you. I'll now take some time to decompress (FYI I'm looking for a good fat camp to lose my Groupon 40, if anyone has a suggestion), and then maybe I'll figure out how to channel this experience into something productive.

If there's one piece of wisdom that this simple pilgrim would like to impart upon you: have the courage to start with the customer. My biggest regrets are the moments that I let a lack of data override my intuition on what's best for our customers. This leadership change gives you some breathing room to break bad habits and deliver sustainable customer happiness " don't waste the opportunity!

I will miss you terribly.

Love,

Andrew

4
jedwhite 2 days ago 0 replies      
"Nothing in his life
Became him like the leaving it."

King Duncan:
Is execution done on Cawdor? Are not
Those in commission yet return'd?

Malcolm:
My liege,
They are not yet come back. But I have spoke
With one that saw him die; who did report
That very frankly he confessed his treasons,
Implor'd your Highness' pardon, and set forth
A deep repentance. Nothing in his life
Became him like the leaving it.

Macbeth Act 1, scene 4, 1"8

5
NZ_Matt 2 days ago 0 replies      
Andrew Warner of Mixergy interviewed Andrew Mason in 2010 while Groupon was at its peak. I haven't had a chance to re-watch it yet but I imagine it'll be a very interesting watch given recent events.

Here's the video: http://blip.tv/mixergy/mixergy-groupon-andrew-mason-3852853

And transcript: http://mixergy.com/andrew-mason-groupon-interview/

6
choxi 2 days ago 0 replies      
I used to work at Groupon, and for all the shit it gets there are a lot of good people working on ambitious problems there and this letter is exemplary of the kind of character that inspired people to work there.

Best of luck to them as they try to turn things around.

7
sfink 2 days ago 1 reply      
Errrr... I'm not really getting the tenor of many of the comments here.

For one, look at what he isn't saying. But start with what we know.

He is being fired. That means he isn't leaving by choice, and most likely doesn't want to be leaving at all.

He is the CEO, and the CEO takes responsibility for the company's failures. Them's the rules of the game, for any leadership role. He is saying no more than that.

In particular, he never says he was wrong. He says he failed to continue being the successful CEO of this particular company. In fact, he somewhat obscurely implied that his intuition was right when what the company did turned out to be wrong. Why do you think the company did those things then? Did he tell it to, or did he lose the battle?

This letter was not written to us. It was written to the people at his company. People who are important to him. Which means it probably wasn't written for us either. The speculation that this is wholly a calculated move seem BS to me.

All that is just pointing out the known facts and suggesting likely deductions. More speculatively, I'd like to share my interpretation of the tone of the letter:

He's pissed. He's pissed but doesn't want to show it. He is staying well in control, writing a decent letter that puts something of himself into it but not too much, not enough to lose face or stir up conflict that could only harm the ones left behind. He's trying to bow out gracefully without capitulating, and I think he did a decent job of it. But this is no "wow, this guy is awesome, I bet he's learned some great lessons and I'd be stoked at the chance to work with him" letter. It's adequate, mainly admirable for hitting just the right level of adequacy when you know the guy probably wants to scream and rip someone or something's head off. He just got fired, dammit!

8
goronbjorn 2 days ago 0 replies      
I saw Andrew Mason speak at Startup School in 2010; the headline of his talk was 'Polishing your turds and GETTING SUPER RICH.'

http://www.justin.tv/startupschool/b/272030648

9
unreal37 2 days ago 0 replies      
I'm surprised that there's not more comment that they guy taking over, Eric Lefkofsky, is the "slimy one" that made Groupon such as sleazy IPO, not Mason, for cashing out $1BB+ pre-IPO.
10
rayiner 2 days ago 2 replies      
As a fellow Northwestern grad it disappointing to see him go, but as a lover of Chicago its probably for the best. I'd really love to see GroupOn succeed and help anchor a diversified tech presence in the city. We have some great startups, but you need big public companies in the same way a mall needs a Macys, Nordstrom, etc.
11
12
nhangen 2 days ago 0 replies      
How fitting for a man that built a predatory company to be ousted by predatory executives.
13
octatone2 2 days ago 2 replies      
Chrome throws a security error up for this site:

The site's security certificate is not trusted!
You attempted to reach www.jottit.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You cannot proceed because the website operator has requested heightened security for this domain.

14
millerc 2 days ago 1 reply      
Dear Andrew,

One bad year and a couple missed objectives, and your boss fires you? Looks like you were dealing with somebody who doesn't invest in training his employees... you'll be much happier working for somebody else.

Love,

an observer

15
kamaal 2 days ago 0 replies      
This is classy, glorious and full of honor.

Me personally, I would love to fail like this someday.

The most big wins in my life have come after big failures. This guy is set for something big in life.

16
Volscio 2 days ago 0 replies      
Check out Andrew Mason's bio blurb at WSJ. Weird. http://topics.wsj.com/person/M/Andrew-Mason/6435
17
Cherian 2 days ago 1 reply      
My biggest regrets are the moments that I let a lack of data override my intuition on what's best for our customers.

Are there more insights in this? What do you think are the intuition decisions Groupon took (that's public) that probably wasn't against data?

It might seem obvious in retrospect, but as a startup founder I'd love to learn in context.

18
brunorsini 2 days ago 0 replies      
Battletoads is definitely one of the best platform games ever created, kudos for the reference. It's playable on online NES emulators such as http://www.playnes.net/play/107/Battletoads.html
19
photorized 2 days ago 1 reply      
Sorry, I am not buying this.

He knows what he is doing.

20
kgosser 2 days ago 0 replies      
It's shocking to me how bad the HN community is getting when I check out of a comment thread every couple weeks or so.
21
wilfra 2 days ago 1 reply      
Your app crashed from the traffic
22
michaelwolfe 2 days ago 0 replies      
Andrew took Groupon further than 99.99% of all startups will ever go, then went out with a funny, accountable, and humble goodbye note.

If you honestly embrace startup risk and failure, you simply cannot bash this guy.

23
redact207 2 days ago 1 reply      
The problem isn't the CEO, it's the business model.
24
dylangs1030 2 days ago 1 reply      
Heads up, as of this writing, the website is down. I think we accidentally slashdotted the page.

Anyone confirm it's not just me?

25
sk2code 2 days ago 3 replies      
Another Steve Jobs in the making. This has happened with Steve as he was fired after founding Apple.
26
droithomme 2 days ago 0 replies      
That's a great letter.
27
beedogs 2 days ago 0 replies      
$25 IPO stock about to become an OTC stock.
28
camkego 2 days ago 1 reply      
Well done.

"I let a lack of data override my intuition on what's best for our customers."
Isn't it intuition that becomes the problem when faced with a lack of data?

29
joonix 2 days ago 0 replies      
I'm curious why he was "fired" rather than given the "opportunity to resign."
30
alxbrun 2 days ago 0 replies      
I don't like Mason, but I like this smart, classy, honest message. And he has a great sense of humour.
31
sideproject 2 days ago 0 replies      
an honest post. I haven't really followed what's going on with Groupon or the whole daily deal space, but good on him for driving the whole world insane with the daily deal craze. Seriously, two years ago, finding daily deals online was EVERYWHERE - it's not easy to start something like that.

It's like... Gangnam style for startups!!!

32
donflamenco 2 days ago 0 replies      
Groupon has Jeff Holden, who was an extraordinary exec at Amazon in the earlier days.

He might be a good fit for CEO.

33
kvirani 2 days ago 0 replies      
This is a true testament to the difference between startup and cube culture.
34
skulquake 2 days ago 0 replies      
Overall Andrew has done a awesome job, from just being a guy with a great idea and taking it to be the fastest growing company in history while inventing a new space is quite remarkable. I think everyone on this board would have liked to hit a homerun like this after only a couple hits at the plate.
35
codeme 2 days ago 0 replies      
He has made his money. Enough to do another startup.
36
aaronbird 2 days ago 0 replies      
I love how candid he is in this letter. Good stuff.
37
redment 2 days ago 0 replies      
Does anyone know how many employees Groupon has?
38
mmuro 2 days ago 1 reply      
I was okay with this until the third paragraph.
39
just2n 2 days ago 1 reply      
Groupon fires an excellent CEO while Yahoo's new CEO is utterly impervious (for whatever reason) and is getting away with waging a holy war against engineers? What is going on?

Can I expect the laws of physics suddenly to invert tomorrow?

3
Why was my email leaked? dropbox.com
497 points by chmars  2 days ago   257 comments top 41
1
inovica 2 days ago 7 replies      
Unfortunately I have seen their customer service go downhill recently. Not sure if they are having capacity problems or something. 2 weeks ago I signed up for a trial of Dropbox Teams and it said that after the trial I would be dropped back to my Pro account. I cancelled the trial as had made my mind up not to do it and it dropped me to a free account. Several emails to support, the account manager I'd been provided as part of the Teams setup and I still don't have my Pro account back and have had zero feedback from the. The only email I got was this one which is ridiculous:

Hi,

Thank you for your support request. Recently, we have been receiving a high volume of support requests and haven't been able to get back to you within a reasonable amount of time.

The volume of inquiries we receive on a daily basis prevents us from responding to all requests. Although requests from Pro and Teams users will be given priority assistance, we will do our best to get back to other inquiries when possible. If you are not a Pro or Teams user and you're looking to resolve your issue before we can respond, you may want to check out:

https://www.dropbox.com/help/

If you need to restore a large number of files and are unable to do so, please visit the following instructions to help us speed up the restoration for you:

http://db.tt/2QPImJ3g

If you are still experiencing problems, please reply to this message. We will try our best to get back to you, however we cannot guarantee a response. We're very sorry for the inconvenience.

Regards,
The Dropbox Support Team

2
markdown 2 days ago 3 replies      
While I can't speak for Dropbox and this specific case, we had angry customers like this two or three years ago.

Obviously we were very concerned, and spent days poring over server logs and trying to figure out where the breach was.

Turns out the service we used for newsletters (icontact) had been hacked. They never emailed to let us know. (They had a blog post up for a few days, then removed it, the slimy bastards!)

Since then we've used MailChimp, and had no problems.

3
Khao 2 days ago 4 replies      
The way the moderators handled this was pretty damn bad. Two different users tell the moderator they use UNIQUE e-mail addresses for dropbox only, and they received spam roughly at the same time and yet the moderator answers by assuming the users are idiots.
4
chmars 2 days ago 3 replies      
Sean B.:

Hi there,

We've been looking into these spam reports and take them seriously. Back in July we reported that certain user email addresses had leaked and some users had received spam as a result. At this time, we have not seen anything to suggest this is a new issue, but remain vigilant given the recent wave of security incidents at other tech companies. If you've received spam to an email account you only use for Dropbox, please send the message (including full headers) to support-security@dropbox.com to help our ongoing investigation.

Separately, we want to apologize for some of the dismissive responses from our volunteer moderators - since they aren't employed by Dropbox, they don't have visibility into issues like this. We want you to know that we've taken these reports seriously and began our investigation immediately.

https://forums.dropbox.com/topic.php?id=97303&page=2#pos...

5
WestCoastJustin 2 days ago 1 reply      
Brutal customer service! Especially since a user is giving you a heads up about a possible breach and leakage of their personal information. I can fathom these types of replies if this was behind closed doors, but when you have an open forum like this, you are asking for trouble with snotty replies.

This forum should be a PR beacon for awesome customer support!

6
Mahn 2 days ago 3 replies      
I just checked the spam folder of a gmail account I used for dropbox. Throughout the years I'd ocasionally (maybe once every two months or so) check the spam folder merely out of curiosity, but it was practically always empty.

Perhaps this is just a huge coincidence but I see three spam emails sent today plus another two sent this week. Some of them have cc recipients which seem legit addresses of other people, but I can't identify them. I never used Zendesk by the way.

Edit: here are the senders, in case it helps: no-reply@adsl.hu, no-reply@velkommenhit.no, no-reply@wdl.fr, no-reply@tataidc.co.in, no-reply@variationfm.com. Though it looks like these addresses may have been spoofed... the sender name is "{%FROM_NAME%}" in all of them.

Edit 2: It turns out Groupon Germany (former citydeal.de), which I checked out once with the same address, is responsible from what I can gather (link in german, but everything matches, company has yet to say anything): http://hukd.mydealz.de/diverses/groupon-verkauft-kundendaten...

7
jewel 2 days ago 4 replies      
I also give out a separate email address to every service I sign up for. So far geico, mint, and dyndns have lost or sold my email address. I haven't gotten any spam on my dropbox account, but I've only had an account since 2012-10-02.

I don't run any spam filtering, at all, and my email box is the catchall for my domain. These aren't just lucky guesses.

8
xer0x 2 days ago 4 replies      
Holy crap Dropbox's moderators make me want to terminate my account with them.
9
nathanb 2 days ago 2 replies      
Has anyone who created a Dropbox account AFTER July of 2012 noticed this spam increase?

If not, it may be that the compromised list of addresses from summer of last year has finally reached evil hands.

10
Havoc 2 days ago 0 replies      
Damn thats weak. Moderator "Andy Y." doesn't seem to grasp wth is going on at all and the rest of the moderators blatantly ignore ~5 people reporting unique email addresses being leaked.

So much for Dropbox...

11
lucb1e 2 days ago 0 replies      
Sean, who also posted in the forums on page two and apologised for the moderator's behavior, contacted me by e-mail to send him the spam e-mails that I received. It looks like they're taking it seriously now :) Needless to say, I provided all details that I have (connection log, full mail source).

For those who are curious, this is what I received:

Hi Luc,

My name is Sean, I work on the User Security team at Dropbox. We'd like to look into the issue you repoted on the forums. If possible can you forward the emails in question directly to me (xxxx@dropbox.com).

Thanks.
Sean

12
driverdan 2 days ago 1 reply      
I suspect this is a MUCH larger problem than people realize and not Dropbox's fault.

I've noticed in the past few months I've been getting spam to a lot of site specific emails I've used under my Gmail catch all. It's as if a spammer had access to all email addresses I've used for incoming mail. I've talked with friends and found some have had the same problem.

So where are spammers getting the email addresses we've received email from?

1. There's a vulnerability in Gmail / Google Contacts.

2. Some widely used app I've allowed to access my email has been hacked or has been selling email addresses.

3. An Android app that requires access to my email is compromised, either intentionally or unintentionally.

The least likely one I haven't mentioned is that many independent companies have sold my emails which I find very unlikely.

So what's causing this to happen?

14
dimadima 2 days ago 0 replies      
I'm all for busting some balls, especially if we're talking Dropbox. But shit like this happens all the time, and it's not like by busting some balls here we're going to improve the situation broadly speaking.

It's really absurd to expect that your information will actually be safeguarded by some entity that isn't you. As soon as you give any data to anyone, it's gone. You should pretty much assume it's public and get on with your life. Did ya'll catch that blog post up yesterday from the kid who deleted the USERS table at his job, because he was developing against a production database and running queries against it by hand? Experience has led me to believe that's the situation at like all things, everywhere, all the time. Ass clowns emailing around spreadsheets with user data; people getting malware installed on their Windows shit and entire infrastructure's data being compromised. It's a joke. Let's just always remember that while we're busting balls. But if you value your data, don't give it to anybody, ever.

15
lucb1e 2 days ago 1 reply      
Aha, that explains it! I've been contacting school about my e-mail address being spammed; I was certain I never publicly posted it. I used my school's e-mail address for the Dropbox Space Race a while ago.
16
robk 2 days ago 1 reply      
Just checked my spam folder and sure enough 5 spam emails to my unique dropbox address.
17
ph33r 2 days ago 1 reply      
Why do people continue to upload and trust their data to this company? I closed my Dropbox account back in 2011 when they had that 'bug' that made passwords for any account optional for four hours.

Since then they have had more security problems/breaches, and admitted to user info being stolen.

Today's news isn't anything concrete... but their moderators were jerks, which makes the company look bad whether they are employees or not.

18
DigitalSea 2 days ago 0 replies      
The part that made me laugh about all of this is the fact the moderators are saying that spammers most likely guessed all of the unique email addresses people are complaining have been spammed that are only used for Dropbox. That doesn't sound plausible at all, especially considering it's multiple people complaining of being spammed here.

Dropbox's customer service has really gone downhill, what happened?

19
TorKlingberg 2 days ago 0 replies      
This post in the forum thread may be on to something:

"I also have a unique dropbox email address, it was compromised on 2/6, but I tracked it down to a friends system that was hacked. I had shared a dropbox folder with them, they got the email from my dropbox address. Virus on their system collected my dropbox email from their system."

20
kiwim 2 days ago 0 replies      
> Just the fact that you listed your emails says it all.

Wow, that moderator is really professional.

21
FuzzyDunlop 2 days ago 0 replies      
This makes me think about why I've been receiving spam at my professional email, which I tend to use quite sparingly.
22
gottagetmac 2 days ago 1 reply      
I was skeptical at first, but the rest of the evidence makes it look like it's not a coincidence.
23
lawnchair_larry 2 days ago 1 reply      
I have a unique email address for dropbox that has not received any spam. I created it a couple years ago but only used it once briefly.
24
Foomandoonian 2 days ago 0 replies      
Dropbox should rename mods 'Support Volunteers' or something, just so users know what kind of help they're getting.

I don't understand why the mods were so quick to defend DB, especially since they don't appear to have access to any privileged info. Dropbox has over 200 employees now and whatever precautions they take an occasional slip-up seems entirely possible.

25
adders 2 days ago 0 replies      
I use a catchall and give different email addresses to everyone. I've received 3 spam emails in the past month to my dropbox account, but they aren't the only ones with problems, for example the following are the number of spams for various sites:
* 2 emails Foursquare
* 6 emails Groupon
* 6 emails Rackspace
* 25+ emails Ticketmaster
* 50+ Absolute Radio (UK Radio station)

Absolute Radio was hacked, not sure about the others.

26
techpeace 2 days ago 0 replies      
They aren't letting me post to the forums, but I can also report receiving spam, but only on an address I formerly used with this account, not my latest address.
27
AbhishekBiswal 2 days ago 0 replies      
The Moderator thinks that the user who created that post and his supporters are idiots. How would someone get to know that a user has an email lala.dropbox@xyz.com, if the user hasn't used it anywhere else?

What happened to you Dropbox?

28
johngalt 2 days ago 1 reply      
Is that dropbox@domain.com email listed on any of your phone contacts? Ever had a virus on a machine that has sent or received an email from that account? How many people know that account exists? Only one of them needs to have a careless attitude about permissions.
29
codyko 2 days ago 0 replies      
That Chris guy should be fired. A laughable excuse for customer service.

EDIT: Looks like they're volunteers. But still.

30
hakaaaaak 2 days ago 0 replies      
Fortunately, GMail handles almost all of my spam, so this stuff is a non-event for me. But I don't like that they may have been a security breach. Thanks to whomever HN'd this so it would get attention.
31
tlrobinson 2 days ago 0 replies      
Why is Dropbox letting volunteer moderators represent them so poorly? Dropbox is a grown up company now, train and pay a couple people to moderate, or at least make it more clear they're volunteers not employees of the company.
32
alan_cx 2 days ago 2 replies      
I have to say, accusing Dropbox of leaking in the title of the thread, with out any actual basis, since it is possible that the user cocked up somewhere, is not the best way to get polite support. Yes the mods could have been a lot more professional, but I can see why their backs were up and why they would be defensive.

On the other hand, too often as a user I feel I have to walk on egg shells to avoid upsetting some over sensitive petal of a forum mod. One misunderstood word and you are banned for life, with no appeal what so ever.

All of which leads me to think there should be some third party arbitration for this sort of thing.

33
uptown 2 days ago 0 replies      
What about a possible leak from a 3rd party? Did you, by chance, use Mailbox? Do third-party apps (1Password, etc.) that sync using Dropbox get access to your email address?
34
pyvek 2 days ago 0 replies      
Everyone who received the spam should pastebin the emails along with the header and share them for comparison. If those spam messages are found to be similar then it can be pinpointed that they all have originated from the same person/group and it was no usual hit & miss technique by the spammers which the moderator is contemplating about.
35
unreal37 2 days ago 2 replies      
This dropbox forum is exploding. Fascinating to watch.

As an aside, who knew so many people had "dropbox only" email accounts. One guy with 10 random letters/numbers he uses only for dropbox. Wow. Is this a thing?

36
deeqkah 2 days ago 0 replies      
You know, it's funny because i got a very clever Pay Pal phishing e-mail this morning, linking to a PHP script hosted on renault-astrakhan.ru

What's worse is that i sent invitations to dropbox time ago to people that i have to now contact and say "Please be aware of this phishing e-mail disguised as a Pay Pal e-mail."

+1 for an alternative service, to be honest. Dropbox is very well done, but this is a good reason to stop using their service if they can't secure their clients' information.

It would greatly benefit them if they found the root of the problem, and reported if it were indeed an issue with them or one of the clients for dropbox.

37
ddrager 2 days ago 2 replies      
What about the possibility that end-users' computers are breached?

- User/pass is saved in the 'Remembered password' area of browser (this is decodable by malware)
- Email is screen-scraped by malware
- Email is sniffed during login at a wifi hotspot (Password is encrypted, user/email may not be)
- 3rd party apps that are linked to your dropbox account

I'm not saying that this wasn't caused by the database breach, but there are a TON of reasons that this could have happened. Some on Dropbox, some on the end users.

Don't expect your email address to stay private. That's what passwords are for.

38
trekkin 2 days ago 0 replies      
That's why client-side encryption is useful - even with the company (Dropbox) not leaking/selling their users' data on purpose, it is easy to inadvertently leak it.

Proper client-side encryption, while often not appropriate in critical environments, is useful to protect against this type of situations.

Disclosure: I run AES.io

39
reader_1000 2 days ago 0 replies      
I checked my e-mail accout that I used for dropbox and There is a spam mail coming from ...@direct.nacha.org which is the same domain which one of the customer in forum received. So it seems they are right, this is not a random guess.
40
bshanks 2 days ago 0 replies      
Slightly off-topic, but what kind of forum software does Dropbox use? I like the clean look and the use of the blue background for the Dropbox employee.
41
weix 2 days ago 0 replies      
why? welcome to the cloud world!
5
Heroku Fucking Console github.com
455 points by eik3_de  2 days ago   278 comments top 33
1
sneak 1 day ago 16 replies      
Nothing in computing is worse than software that knows exactly what you want it to do, then gives some shitdick excuse as to why it's not going to do it in an effort to get you to jump through meaningless hoops.
2
eik3_de 1 day ago 8 replies      
HN question: I submitted this story with the title "Heroku f.cking console" and the title was changed to "Heroku console".

Is the string "f.cking" considered unappropriate on HN? What about "f.,.ing" or "f'ing"?

Edit: replaced the asterisks with "." and "," for formatdoc

Edit: has been changed to "Heroku Fucking Console" at 19:02Z. I approve!

3
nswanberg 1 day ago 3 replies      
Swearing is like typing in all-caps or using an exclamation point. It's usually not necessary but when it fits it really fits. (Hedberg only swears a few times here but it sounds exactly right http://www.youtube.com/watch?v=Y5-46bj8b4w).

Used incorrectly swearing suggests someone who doesn't have much control over their emotions or vocabulary and lacks range of expression.

Yet this Heroku library, presumably created by someone who, stubbing their toe on that same problem over and over, is one big exclamation point all-caps rant, with all possible lines of code and input fields in Github (even the license!) filled with rage and satisfaction, and the nice thing is that the library ultimately fixes a problem and makes the solution available to all.

Separately, to anyone thinking this "unprofessional", take a look at Philip Greenspun's definition of a software professional: http://www.youtube.com/watch?v=JsPFdVrbGeE#t=41m20s incidentally, this entire lecture deserves to be bookmarked and watched).

Edit:
By the standards of Greenspun's definition the author of the library would be considered a consummate professional.

For those without time to watch, here is the link for the presentation he used (though he's an excellent speaker and the presentation adds much more):

http://philip.greenspun.com/ancient-history/professionalism-...

4
GhotiFish 1 day ago 2 replies      

    Provide a fucking help topic
210bbc9498 Browse code
tpope authored 16 hours ago

Initial fucking commit
a1b87e8b4b Browse code
tpope authored a day ago

I like how he has total commitment to his commits.

also. WTFPL!

5
egonschiele 23 hours ago 0 replies      
Another example: finding help on hadoop:

    [vagrant@localhost conf]$ hadoop --help
Error: No command named `--help' was found. Perhaps you meant `hadoop -help'
[vagrant@localhost conf]$ hadoop -help
Error: No command named `-help' was found. Perhaps you meant `hadoop help'
[vagrant@localhost conf]$ hadoop help
Exception in thread "main" java.lang.NoClassDefFoundError: help
Caused by: java.lang.ClassNotFoundException: help
at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: help. Program will exit.

6
xauronx 1 day ago 1 reply      
I don't use Heroku, so I have no use for this but I love this guy's enthusiasm.
7
johnnyg 1 day ago 0 replies      
This has bugged me too. Thank you.

Also, watch your language young man!

8
dysoco 1 day ago 1 reply      
And guys... this is what happens when you use Vim too much.
9
RyanMcGreal 1 day ago 0 replies      
+1 for releasing it under the WTFPL.
10
derleth 1 day ago 1 reply      
Is anyone else's page massively wider than it should be?

(Firefox 19.0, 32-bit build on x86_64 Linux.)

11
dreamdu5t 1 day ago 0 replies      
I'm amazed people put up with this crap just to host a rails app.
12
sheraz 1 day ago 3 replies      
This lacks class regardless of how useful the software may be. And yes, it does matter.

What is with all the crass language that has become so pervasive in this industry in recent years?

Why the need to express yourself so poorly?

13
rahilsondhi 1 day ago 0 replies      
This plugin is hilarious but very unnecessary.

I solved this a long time ago with a simple `alias hrc-='heroku run console --remote'`. That way I can type in console `hrc- production` or `hrc- staging`

14
antipax 1 day ago 2 replies      
What? `heroku run bash` also works and is shorter.
15
christopheraden 1 day ago 0 replies      
Hah! Tim Pope is a pretty funny guy. His Vim plugins are fantastic as well (Pathogen and Surround are indispensable).
16
andymoe 1 day ago 0 replies      
You know this is one of those times where editing the title is not helpful! The title of the project is actually "Heroku Fucking Console." The edit makes me think it's pointing to something official and it's not!
17
endgame 1 day ago 1 reply      
There are a lot of people in this thread who are complaining that "$some_program won't Do What I Mean".

Sounds familiar: http://www.catb.org/jargon/html/D/DWIM.html

18
auggierose 1 day ago 1 reply      
Programming, motherfucker!
19
tomhallett 1 day ago 0 replies      
One non-obvious landmine with the heroku console, it attaches to a running web process. One day I had a typo in one of my console commands:

Post = Post.count
# instead of "post = Post.count"

Which re-assigned the Post class to a number. Then we started getting production airbrake errors where the Post class was now a FixNum, /facepalm.

It was an easy fix, just restart all of the servers, but I was very surprised to say the least.

Note: I believe this was with the Bamboo stack. I'm not sure if this is still true with the Cedar stack.

20
slajax 1 day ago 0 replies      
I love it when software is written out of hatred for other software that "f*cking sucks".
21
binarycrusader 1 day ago 0 replies      
You haven't used software until you've used it in anger.
22
scottbartell 1 day ago 0 replies      
Because things should just fucking work.
23
squid_ca 1 day ago 0 replies      
"This is a long distance call. You must dial a 'one' plus the ten-digit number to complete your call."
24
mcnemesis 1 day ago 0 replies      
To hell with all yo other stale licensing- other than have none, the Fcking License included in this project just makes me want to frk this project!

The attitude is ill ;-)

25
jbaudanza 1 day ago 0 replies      
I love this. I also miss how the bamboo console would let me enter a ruby command locally and then execute it remotely when I hit enter. I've been meaning to make a gem to replicate this behavior.
26
hiddenfeatures 1 day ago 0 replies      
The true meaning of "opinionated software"...
27
vampirechicken 1 day ago 0 replies      
Tim Pope has a potty mouth.
28
whbk 1 day ago 0 replies      
This. Is. Awesome. Had to be done.
29
skhamkar 1 day ago 0 replies      
Thank you!
30
Cigano 1 day ago 0 replies      
Nice one, dude. Congratulations!
31
dholowiski 1 day ago 0 replies      
Very mature.
32
huhsamovar 1 day ago 3 replies      
I would be interested in this if it weren't for the foul language. This speaks volumes about the author's attitude.

If you're annoyed with something, have they even tried bringing it up with Heroku's support team? If so, have they tried shipping this tool that doesn't make the maintainer look like an arrogant troglodite?

33
nacker 1 day ago 0 replies      
You can tongue punch my fart box, Heroku fucking console!
6
Establishing secure connection wellsfargo.com
443 points by eloisius  1 day ago   141 comments top 35
1
ben1040 1 day ago 6 replies      
This reminds me of something we had at my office about 15 years ago because people were complaining their workstations were slow. In reality, their workstations were just slow machines; standard issue box for most people was a 70MHz Sun SS-5.

So we wrote a perl script that printed out a bunch of platitudes like these, while printing out an ASCII "progress bar." It had some randomly determined sleep() calls in there to make it seem like it was doing something.

  Optimizing priority queues...
Recalculating scheduler lookup tables...
Terminating unused system processes...
Recovering memory leaks...
Flushing network buffers...

Then it'd randomly pick a number X and report to the user "System reports X% faster."

We called it "speed" and deployed it to the app server. Some folks started getting into the habit of running it every morning and swore by it.

2
MattRogish 1 day ago 11 replies      
This is one of those things that is done by people going "We need our customers to 'feel secure'". I get the rationale, but is there actually any data that suggests this gives that actual feeling? That users "feel" more secure? Or are more trusting of the site? Or is this just cargo-cult UX?

edit:
I've seen this on too many financial apps to think it's an isolated incident. It's clearly a "thing" in financial apps (TurboTax.com does it all the time; I see it on my Bank app, lots of mobile apps, etc.)

There's gotta be a reason, even if it's wrong.

3
seldo 1 day ago 2 replies      
This sort of fake-loader animated GIF is pretty common; it's just a slightly more advanced version of a spinner GIF. I don't think it's really that bad.

What would be bad is if this page would accept a parameter to redirect you to somewhere, but it appears it doesn't do that -- it just closes itself. Presumably this page appears in an overlay that then closes itself.

4
rgbrenner 1 day ago 1 reply      
this page doesn't actually do anything. It loads two animated gifs from Akamai (one for the text, and one for the bar), and then uses some javascript to close the window.

If I had to guess, there's a login page. When you submit your login, this page pops up and displays while the login is processed.

source:

  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>

<head>

<title>Loading....</title>

</head>

<body>

<p align="center">

<img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/messaging.gif" width="300" height="30" border="0" alt="Loading Status" /><br />

<img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/statusbar.gif" width="300" height="30" border="0" alt="Loading Status Bar" />

</p>

<script type="text/javascript">

var selfClose = function() {

self.close();

};

window.onload = function() {

setTimeout(selfClose, 10000);

};

window.onblur = function() {

selfClose();

};

</script>

</body>

</html>

5
tptacek 1 day ago 2 replies      
Exactly the security I'd expect from a "CEO Portal". :
6
jmandzik 1 day ago 2 replies      
Somewhere, deep within Wells Fargo HQ, there was a depressed developer in a windowless office that died a little inside when asked to make this.
7
aqme28 1 day ago 0 replies      
If you were going to inspect to see if it was actually doing anything, let me save you the trouble. It just plays these two gifs ontop of eachother.

https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfa...
https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfa...

8
mattdeboard 1 day ago 2 replies      
TurboTax has something that struck me today as similar (in spirit) to this, though TurboTax's is a skeuomorphic thing.

It's the "Save & Exit" button TurboTax has. I'm sure that they are saving all info as it is entered, but users of QuickBooks, Excel, etc., I'm sure are used to having to save their data manually then exit.

I think all the guffawing at this progress bar is a little overblown. If a question or concern comes up in user testing multiple times -- "How do I know my connection is secure?" -- then why not put something in there that makes the user feel safer? What's the problem with that? Sure maybe it's a little overblown graphically but, c'mon, when you're a bank you need your customers to feel secure, in addition to actually being secure.

9
joshwayne 1 day ago 0 replies      
I see a lot of comments condemning this feature and saying it's ridiculous. However, you have to understand that people outside of the tech industry have a very different mental model of how computers work than the rest of us.

One example of this is shown in a usability study by the Baymard Institute on top ecommerce checkout processes [1]. The goal of the study was to determine best practices for checkout usability by testing the top 15 ecommerce sites. One of the more fascinating finds they made was that during the checkout process, users perceived certain fields as being more secure than others. Even though the fields were all part of the same form and on the same page, users still believed fields with a little lock icon were more secure than the rest of the fields! It didn't matter if the entire page was encrypted. Users would abandon the checkout process because the credit card fields didn't "feel secure" compared to the rest of the page.

To most of us, this looks like a frivolous feature suggested by a "UX monkey" (as one commenter put it) but don't underestimate the power of making users feel safe. For all we know, this stupid gif could have cut support calls 20%.

[1] http://baymard.com/checkout-usability

10
ripberge 1 day ago 0 replies      
I use this tool everyday and it has always made me laugh. The security of the CEO portal is actually legit though. In order to do anything you must login with: company name, username & password. Once inside in order to do anything important you must use your pin number + a random number from a security dongle like this: http://en.wikipedia.org/wiki/Security_token

Then someone else from within your company must repeat a similar process to approve your action. So you always need at least two people within your company to perform any action.

Typically the CEO portal is used for wire transfers where security is pretty damn important--once the money is gone--its really, really gone.

11
unsignedint 1 day ago 1 reply      
This reminds me of a story I heard about those ATMs. What I heard is that there are technologies out there that can make a machine to count/validate cash almost instantaneous while not sacrificing accuracy. But apparently, that makes some customers worry that their money is not being processed right, and thus, every time you deposit money to those ATMs, they make that grinding noise, appears to be doing something useful.
12
jlarocco 1 day ago 1 reply      
That's kind of silly.

But as a Wells Fargo customer, I've never seen it while using their website, and I use the site to check my accounts and transfer money between accounts once or twice a week.

13
salman89 1 day ago 0 replies      
Likely is security theater, but in all fairness they might actually be doing all those things and wanted a UI element to let users know what is taking so long.
14
daigoba66 1 day ago 0 replies      
"reticulating splines"
15
hy3lxs 1 day ago 0 replies      
"Locksmith gets less tips and more price complaints for being faster"

http://news.ycombinator.com/item?id=2007385
(807 days ago)

16
manaskarekar 1 day ago 0 replies      
Reminds me of this interesting reddit discussion:
http://www.reddit.com/r/AskReddit/comments/uc6qy/reddit_toda...

And the corresponding HN discussion that followed:

(Apple's iOS is "deceptively fast") http://news.ycombinator.com/item?id=4047032

In this case, we have security instead of speed. That's not to say it isn't secure anyway.

17
JadeNB 18 hours ago 0 replies      
The Mac OS X.4 PBE would display the estimated boot time on startup; I thought it was using sophisticated logic, but was later told that it just averaged the last, say, 10 boot times (which is probably at least as reliable). I seem to remember that you could even execute `/usr/bin/loginwindow` (or some such path) from the command line and watch it pretend to boot at any time. I forget when this 'feature' went"maybe as early as Leopard?"but it's not in Mountain Lion.
18
eclipticplane 1 day ago 0 replies      
We added progress bars and silly status messages to our 500 error pages in our web app. Things like a 15 second count down to "recalibrate" or "attempting automatic system correction". It, at minimum, stopped users from constantly clicking a button or link that was having server issues (and thus spamming our error queue). Instead, they'd wait the 15 seconds and then go try again.

If the issue was transient, like a dropped connection to the database or memcached or some obscure deadlock, the "automatic" fixes worked as expected from the user's perspective. We, of course, still got the full error report to diagnose the issue.

I even have a few gems in our user feedback system where the users outright praise the "automatic error fixer" and they wish every website/app had a tool like ours.

19
obilgic 1 day ago 1 reply      
It closes the tab when I click "inspect element". How does it detect that?
20
gesman 1 day ago 0 replies      
I envy consulting company that was tasked $100k to build such a "secure solution" :)
21
dumyCredentials 1 day ago 1 reply      
You can see this in action by trying to login using dummy credentials here: https://wellsoffice.wellsfargo.com/ceoportal/

:-)

22
ante_annum 1 day ago 2 replies      
So, it's actually possible to update a dynamically served gif to provide real progress updates. If that's what they were doing, I'd wonder why they did that rather than use js hooks.

But this is just a silly static image. What if the server takes longer than the image to load?

23
phpnode 1 day ago 0 replies      
hfs - your account has been dead for > 200 days
24
noblethrasher 1 day ago 0 replies      
Don Norman discusses why you would want to do something like that here http://businessofsoftware.org/video_09_dnorman.aspx (50:30).
25
mikegirouard 12 hours ago 0 replies      
As a fan of UX patterns I'm curious: what would this one be called?
26
arjn 1 day ago 0 replies      
Wow! I can't decide if this is hilarious or scandalous.
27
maxhe 17 hours ago 0 replies      
I noticed something similar on TurboTax: https://turbotax.intuit.com/tto/alias/dncanimation
28
bmle 1 day ago 1 reply      
I used to work for a major online tax software provider. I won't name them but I'm sure you can guess. Not sure if it's still there but right after you log in, there are some redirects that take you to the app servers hosting the product and you get the same type of loading image though no secure connections were being established.
29
DrewHintz 1 day ago 1 reply      
> ceoportal

Sounds about right.

30
bbq123 1 day ago 0 replies      
As a customer of Wells Fargo CEO Portal I no longer feel safe using it.

Fun aside this portal uses two factor authentication with RSA tokens (that were promptly replaced after RSA token vulnerability was found).

31
bestest 1 day ago 0 replies      
This felt uncanny. Like I was violated in some strangely wonderful peculiar way.
32
gfalcao 1 day ago 0 replies      
This is ridiculous
33
jseip 1 day ago 1 reply      
We need a progress bar!
~Brilliant MBA
34
adev 1 day ago 0 replies      
Been there done that. Software development is sometimes Social development as well.
35
borgchick 1 day ago 0 replies      
security theatre much? face palm
7
A new Light Table experience chris-granger.com
364 points by falava  2 days ago   142 comments top 48
1
pixelbath 2 days ago 6 replies      
This is a very pretty editor. That said, I have no freaking idea what I'm supposed to do. I've been messing around with it for around 15 minutes now, and I still don't understand it.

I added a PHP website folder and got no code hinting or anything else beyond "here is the match for your parenthesis" for either PHP or Javascript. This also resulted in my "navigate" tab being filled with SVN meta-files. I am quite confused.

Looking around on the site and some of the comments here, it appears you're using Clojure. Does this IDE only support Clojure?

2
manaskarekar 2 days ago 1 reply      
Apart from the other obvious praises, I just want to thank you for making something so beautiful with Clojure as a first class citizen.
3
Raphael_Amiard 2 days ago 1 reply      
It is absolutely gorgeous, but it is also looking a lot more like a traditional text editor from what i can gather.

I'll download and play with it a bit anyway, to see what i get from it.

4
Sandman 2 days ago 0 replies      
Every time a new version of LT playground gets released I feel like a kid in a candy store, looking for all the cool new stuff Chris and the rest of the team put in :). Awesome work, and it just keeps getting better. To be honest, since there weren't any updates in a while, I started having doubts about whether they'll be able to deliver, but I'm glad to see that the project is alive and well.

Judging by the comments I see that there's a lot of people who haven't yet heard of Light Table, which surprised me a bit because posts about LT frequently hit the front page of HN. If you're one of those people, you should take a look at their kickstarter page: http://www.kickstarter.com/projects/306316578/light-table

Finally, while there's a lot of people bemoaning the fact that some more popular languages (than Clojure) aren't supported out of the box, I, for one, am glad that somebody's developing such an awesome tool with Clojure in mind.

5
ollysb 2 days ago 2 replies      
I'd absolutely love to see ruby in Light Table, how are plans looking for this? If there was a kickstarter for adding ruby I'd pony up in a flash. I realise manpower is probably going to be the main issue though...
6
scottjad 2 days ago 3 replies      
How are you highlighting the matching characters in the fuzzy search results?

http://www.chris-granger.com/images/030/navigate.png

It looks like the same method I'm using in emacs/ido, which is to turn "la/clj" into

  "(l).*?(a).*?(/).*?(c).*?(l).*?(j).*?"

I've found this technique gives inferior results to whatever SublimeText is doing. For example, in your hits with "langs", such as "lt/objs/langs/js.cljs" I think "lt/objs/langs/js.cljs" is more intuitive than the result you give of "lt/objs/langs/js.cljs". (Sorry for the hard to read italics)

For another example, on a search of "completions" I think your technique will highlight "hacks-completions" as "hacks-completions" instead of "hacks-completions".

Does anyone know if there's an easy way to modify the regex (not LightTable) and get the user-friendly results of Sublime Text?

7
podperson 2 days ago 2 replies      
What going back over the old demo and looking at this post did was remind me of how nice jsfiddle is when it isn't insanely slow, which then led me to wonder how hard it would be to create something like jsfiddle that lived on top of github would be, or something like jsfiddle that lived inside my favorite editor, or just in a static html page on my desktop.
8
andreyf 2 days ago 1 reply      
Noooo! So many wasted pixels at the top! Why!? It was so much better before!

Aside from that: neat! :)

9
pjbrunet 2 days ago 0 replies      
Would be nice if font size changed by control+scrolling mouse wheel, most code editors do that. I can't imagine really needing (or wanting) to evaluate things in realtime (like the videos demonstrate) unless I was writing cryptic, mind-numbing algorithms all day every day. I like the idea in one of your videos, every function can have its own little window, but I wouldn't want that to create new files for me automatically in the background and it would have to be more useful than a straightforward "split window" editor function, which is already something I rarely use. The colors are cool but not as cool as my hacked Crunchbang+Geany colors. Maybe one day Light Table will be like a more graphical, user-friendly Emacs? I don't know. The videos are really eye-catching but realistically I can't imagine why I'd use Light Table. I realize there's already a lot of interest in this, but I would like to see more videos showing how this is actually more useful than Gedit or whatever.
10
sudowork 2 days ago 2 replies      
Small bug I found: When I change the editor theme to something other than `default`, the next time I start up the editor, the theme isn't loaded. Instead, I just get some light grey text on a dark grey background.

UX Annoyance: When clicking on an exception, there's no visual indication that it's been clicked on. I found that Shift+Tabbing brings you back to the editor pane (other than using the mouse).

A couple more things that could just be me being stupid. When I try to eval using Ctrl+Shift+Enter, nothing happens. Instead, I have to eval each line one-by-one. I tried creating a new key binding, but couldn't figure out how to delimit my keys to allow modifiers. I also can't figure out how to pop up documentation or data flow as demo'd in the original light table (this is my first time using any version of light table). I tried `(doc <foo>)`, but it just evaluates to `nil`.

Anyways, hope these comments might be useful in terms of my user experience as a first time user.

11
abecedarius 2 days ago 1 reply      
So how do you see these inline results? I'm told cmd-enter or cmd-shift-enter will evaluate code; on Windows 7, for me, none of ctrl-enter, alt-enter, or windows-enter seem to do anything. ctrl-shift-enter in a .js file creates a checkmark next to my first line, 2+3; (though not the lines I'd written after it). Trying to create a .clj or .cljs file, by 'Create a new file' and then 'Save file', it remains as 'untitled', and ctrl-shift-enter doesn't seem to do anything.

Anyone else on Windows at the moment with tips?

(The 'bindings' command lists things like Cmd Enter; since it lists Ctrl for other keybindings, I'm guessing that's meant to mean Alt.)

12
paulhodge 2 days ago 0 replies      
I love these updates, the tool is looking more awesome every day.

I'm wondering if there's a roadmap for Light Table's release, specifically if there's a point where the code will be available? I have a programming language in progress and I'm interested in potentially hacking LT to support the language. It seems like it would be a good fit.

13
fnordfnordfnord 1 day ago 1 reply      
If you're going to make it vi-like, please put some effort into introducing the modal-concept, and lots of help for new users. There are reasons that many people avoid vi. You may not think that you need to make it a teaching tool, but everything else about lighttable makes it well-suited as a teaching tool.
14
btipling 2 days ago 3 replies      
You gotta be kidding on the sideways text as an important part of the UI. Also adding the vim integration is a waste of time as long as you don't have buffers, registers, ranges and can't parse my .vimrc nor use my modules you might as well not do it.
15
amckenna 2 days ago 1 reply      
I know python support is planned, but will it be integrated alpha/beta or will we have to wait until after the 1.0 release?
16
DigitalTurk 2 days ago 1 reply      
It just so happens that I started playing with Clojure yesterday! I didn't quite manage to get anything to work in LT, however.

E.g. if I do Cmd+Enter on a definition, I get this:

  clojure.lang.Compiler$CompilerException: java.lang.RuntimeException: Unable to
resolve symbol: defn in this context, compiling:…

If I click 'Make current editor and instarepl' I get errors like this:

  clojure.lang.Compiler$CompilerException: java.lang.RuntimeException: Unable to
resolve symbol: subs in this context, compiling:(NO_SOURCE_PATH:9)

It's all rather confusing. Maybe there's a manual somewhere I should read, but I couldn't find it.

17
Macsenour 2 days ago 1 reply      
As a game dev guy, I'm looking at the two new Open game platforms, Ouya and GameStick, and thinking that LT might be a great way to get kids into coding.

Getting kids to code games is so much easier than any other project, even if the game is extremely simple.

Anyone care to comment?

18
eaxbin 2 days ago 1 reply      
I'm getting Access Denied when trying to download the OS X version. Other versions are working fine.
19
bbq 2 days ago 0 replies      
This looks great! It's getting more and more usable.

It would be nice if, when a computation is running in the instarepl, the computation indicator would display inline e.g. with the previous result - perhaps graying the result out?

How would I go about implementing this myself? Or is LightTable reflection not yet publicly available?

20
edoloughlin 2 days ago 0 replies      
Currently downloading at 9-10KB/s. Anyone seeding a torrent?
21
glesperance 2 days ago 0 replies      
What is the project direction in relation to complex JS apps?

i.e.: How do you guys expect the instarepl idea to be used in apps made of serveral node.js modules/libs or several files meant to be loaded together via RequireJS ?

22
fdb 2 days ago 1 reply      
There's something weird going on when using the trackpad on OS X. My trackpad is set to "natural scrolling", but if I scroll really fast the editor seems to scroll in the other direction.
23
cheald 2 days ago 0 replies      
I've tried to add a workspace directory from a Samba mount, and it's been stuck for about 10 minutes now.
24
programnature 2 days ago 0 replies      
Congrats, the improvements are quality.

Would love to switch to light table, but I need paredit. Can't switch without paredit.

25
agentultra 2 days ago 0 replies      
Nice work.

Seems to me like it's becoming emacs (which is a good thing, you should poach more ideas from it).

26
Meai 2 days ago 2 replies      
You should add mousewheel scrolling of tabs, I'd like that. Also a white theme, because black themes look sort of sketchy at work.
27
marizmelo 2 days ago 0 replies      
Small drag and drop problem.... On OSX I can drag the divisor for files/texteditor OVER the option of tabs (left options)... if I drop the editor there I cannot resize the view anymore and have to restart the program.
28
truncate 2 days ago 0 replies      
It still depends upon on libudev.so.0. Hence can't use it on ArchLinux (unless I fool it by linking it with latest so). :(
29
pjmlp 2 days ago 1 reply      
Eventually the editors of Smalltalk and Lisp environments of the early days will be rediscovered by youth generations it seems.
30
companyhen 2 days ago 0 replies      
I'm a web designer (PSD -> WordPress) and I started learning programming around the time Light Table was funded on KickStarter. It's been nice to see the project grow with my programming skills. Although I still don't feel like a decent programmer, it's nice to see what my small $15 investment has helped create. :)
31
octix 2 days ago 2 replies      
Has anyone started using LT? Is it productive? Should java devs even bother with this? Thank you.
32
rsamvit 2 days ago 0 replies      
Beautiful Editor.
I'd switch to it completely if it supported a more complete vim emulation -- for now I use it as a repl
33
auggierose 2 days ago 3 replies      
Does anyone know what Light Table is programmed in? It seems to be cross platform, how does it achieve that? I assume some kind of mix between Clojure and using browser technology as a UI, but does anyone know specifics?
34
sc0rb 2 days ago 0 replies      
I can't wait for this to support Java so I can at least have some beautiful tools to get me through the soul sucking days of Spring development :-)
35
karlokeeffe 2 days ago 3 replies      
I get the error:

"LightTable.app" is damaged and can't be opened.

I'm running OSX 10.8.2.

Anyone else having the same problem?

Are there any dependancies I need to have installed before running the app?

36
pjbrunet 2 days ago 1 reply      
I downloaded Linux 64 and it doesn't work in Debian. No readme either?
37
devy 2 days ago 0 replies      
How do I open a new client like what Chris demo'd in the video to eval JavaScript & CSS?
38
dpick 2 days ago 1 reply      
Stack Size Exceeded when trying to open a ~3500 line clojure app :(.
39
almost_usual 2 days ago 0 replies      
Awesome, really nice to have such great Clojure support
40
dimitris99 2 days ago 0 replies      
Looks really nice. I want to use it. I also like vim.

BUT could do with some more documentation.

41
null_pointer 2 days ago 0 replies      
I've been playing with this editor, except it seems Syntax Highlighting doesn't work (Linux x64). Which is kind of a killing point for me. Does anybody know of a forum / mailing list I can get on to figure out configuration and such? I have heard so much about this IDE, but it kills me that it doesn't seem to be working properly.

EDIT: Restarting twice seemed to fix the problem.

42
shuma 2 days ago 1 reply      
Which languages does it support?
43
baby 2 days ago 0 replies      
More than 300k raised? Isn't that way too much? How much is a developer getting paid in the valley?
44
billyvg 2 days ago 1 reply      
How do I go into vim mode?
45
arrakeen 2 days ago 0 replies      
any reason in particular that this doesn't support osx10.6?
46
ttty 2 days ago 0 replies      
how to open those cells like they do in the video?
47
zenbowman 2 days ago 0 replies      
Beautiful stuff
48
tapichu 2 days ago 0 replies      
great, happy to see the vim mode!
8
Why Python, Ruby, and Javascript are Slow speakerdeck.com
349 points by jasonostrander  2 days ago   190 comments top 34
1
DannyBee 1 day ago 6 replies      
Speaking as a compiler guy, and having a hand in a few successful commercial JITs: The only reason he thinks they aren't slow is because they haven't yet reached the limits of making the JIT faster vs the program faster.
Yes, it's true that the languages are not slow in the sense of being able to take care of most situations through better optimization strategies.
As a compiler author, one can do things like profile types/trace/whatever, and deoptimize if you get it wrong. You can do a lot. You can recognize idioms, use different representations behind people's back, etc.

But all those things take time that is not spent running your program. On average, you can do pretty well. But it's still overhead. As you get farther along in your JIT, optimization algorithms get trickier and trickier, your heuristics, more complex.
You will eventually hit the wall, and need to spend more time doing JIT'ing than doing real work to make optimizations to some code.
This happens to every single JIT, of course.
This is why they try to figure out which code to optimize.
But even then, you may find there is too much of it.

Because of this, the languages are slower, it's just the overhead of better JIT algorithms, not slower code. In practice, you hope that you can optimize enough code well enough that nobody cares, because the ruby code takes 8ms, and the C code takes 5ms.

For example: Almost all of the allocations and copying can be optimized, but depending on the language, the algorithms to figure out what you can do safely may be N^3.

Also, PyPy is still pretty young in its life cycle (in this iteration of PyPy:P) for folks to say that they can make stuff much faster if they only had a few things.
It really needs a very large set of production apps being rin by a very large set of folks for quite a while to see where the real bottlenecks still are.
Past a certain point, you run out of optimization algorithm bullets. The way compilers get the last 20% is by tuning the algorithms for 10 years.

Of course, i'm not trying to slag on PyPy, I think they've done an amazing job of persevering through multiple rewrites to get somewhere that seems to be quite good now. I just am a little wary of a fairly young JIT saying that all big performance problems fall into a few categories.

2
pcwalton 1 day ago 3 replies      
Related to this is the importance of deforestation. Some good links:

* http://en.wikipedia.org/wiki/Deforestation_%28computer_scien...

* http://www.haskell.org/haskellwiki/Short_cut_fusion

Deforestation is basically eliminating intermediate data structures, which is similar to what the "int(s.split("-", 1)[1])" versus "atoi(strchr(s, '-') + 1)" slides are about. If you consider strings as just lists of characters, then it's basically a deforestation problem: the goal is to eliminate all the intermediate lists of lists that are constructed. (It's something of a peculiar case though, because in order to transform into the C code you need to not only observe that indexing an rvalue via [1] and throwing the rest away means that the list doesn't have to be constructed at all, but you also need to allow strings to share underlying buffer space"the latter optimization isn't deforestation per se.)

I don't know if there's been much effort into deforestation optimizations for dynamic languages, but perhaps this is an area that compilers and research should be focusing on more.

On another minor note, I do think that the deck is a little too quick to dismiss garbage collection as an irrelevant problem. For most server apps I'm totally willing to believe that GC doesn't matter, but for interactive apps on the client (think touch-sensitive mobile apps and games) where you have to render each frame in under 16 ms, unpredictable latency starts to matter a lot.

3
irahul 1 day ago 1 reply      
Mike Pall of luajit fame has an interesting take on it.

http://www.reddit.com/r/programming/comments/19gv4c/why_pyth...

<quote>

While I agree with the first part ("excuses"), the "hard" things mentioned in the second part are a) not that hard and b) solved issues (just not in PyPy).

Hash tables: Both v8 and LuaJIT manage to specialize hash table lookups and bring them to similar performance as C structs (1). Interestingly, with very different approaches. So there's little reason NOT to use objects, dictionaries, tables, maps or whatever it's called in your favorite language.

(1) If you really, really care about the last 10% or direct interoperability with C, LuaJIT offers native C structs via its FFI. And PyPy has inherited the FFI design, so they should be able to get the same performance someday. I'm sure v8 has something to offer for that, too.

Allocations: LuaJIT has allocation sinking, which is able to eliminate the mentioned temporary allocations. Incidentally, the link shows how that's done for a x,y,z point class! And it works the same for ALL cases: arrays {1,2,3} (on top of a generic table), hash tables {x=1,y=2,z=3} or FFI C structs.

String handling: Same as above -- a buffer is just a temporary allocation and can be sunk, too. Provided the stores (copies) are eliminated first. The extracted parts can be forwarded to the integer conversion from the original string. Then all copies and references are dead and the allocation itself can be eliminated. LuaJIT will get all of that string handling extravaganza with the v2.1 branch -- parts of the new buffer handling are already in the git repo. I'm sure the v8 guys have something up their sleeves, too.

I/O read buffer: Same reasoning. The read creates a temporary buffer which is lazily interned to a string, ditto for the lstrip. The interning is sunk, the copies are sunk, the buffer is sunk (the innermost buffer is reused). This turns it into something very similar to the C code.

Pre-sizing aggregates: The size info can be backpropagated to the aggreagate creation from scalar evolution analysis. SCEV is already in LuaJIT (for ABC elimination). I ditched the experimental backprop algorithm for 2.0, since I had to get the release out. Will be resurrected in 2.1.

Missing APIs: All of the above examples show you don't really need to define new APIs to get the desired performance. Yes, there's a case for when you need low-level data structures -- and that's why higher-level languages should have a good FFI. I don't think you need to burden the language itself with these issues.

Heuristics: Well, that's what those compiler textbooks don't tell you: VMs and compilers are 90% heuristics. Better deal with it rather than fight it.

tl;dr: The reason why X is slow, is because X's implementation is slow, unoptimized or untuned. Language design just influences how hard it is to make up for it. There are no excuses.

</quote>

Also interesting is his research on allocation sinking:

http://wiki.luajit.org/Allocation-Sinking-Optimization

4
cschmidt 1 day ago 1 reply      
A nice talk. The punchline for me was:

    Things that take time
•Hash table lookups
•Allocations
•Copying

Interestingly, that's exactly how you write fast C++ code. His point is that languages like Python lack good API's for preallocating memory.

5
kingkilr 1 day ago 1 reply      
Author/speaker here:

I don't have time to read all the comments now (thanks for all the interest though!). I just want to say I think when the video comes out it'll answer a lot of questions people are having.

6
njharman 1 day ago 5 replies      
Meh, MEH.

I'm almost never waiting on my python code. I'm waiting on network or disk or database or joe to check in his changes or etc.

I'm sure there are people who do wait. But that's why numpy, c extensions, all the pypy, psycho, and similar things exist.

Python and more broadly "scripting" languages are for speed of development. Something else can take on speed of execution faster than 90% of people need it to be.

7
defen 1 day ago 1 reply      
Back when I wanted to investigate the numeric performance of v8 I wrote a Runge-Kutta integrator + Lorenz attractor in C and in JavaScript as a simple-but-not-entirely-trivial benchmark. I was actually pretty impressed with how fast the v8 version was. On the downside, it's fairly non-idiomatic js and not that much nicer to look at than the C. Doing a million steps on my machine takes 0.65 seconds in node.js v0.8.4, 0.41 seconds in C compiled with gcc -O0, and 0.13 seconds with gcc -O3. Here is the code if anyone is interested. Note that it's not commented, not thread-safe, and doesn't free memory, so use at your own risk :)

https://gist.github.com/anonymous/5066486

    gcc strange.c rk4.c; ./a.out

node strange.js

8
moreati 1 day ago 1 reply      
Great presentation, thank you for making me aware of an aspect of Python performance. One slide struck me as odd - the "basically pythonic" squares() function. I understand it's a chosen example to illustrate a point, I just hope people aren't writing loops like that. You inspired me to measure it

    $ cat squares.py
def squares_append(n):
sq = []
for i in xrange(n):
sq.append(i*i)
return sq

def squares_comprehension(n):
return [i*i for i in xrange(n)]
$ PYTHONPATH=. python -m timeit -s "from squares import squares_append" "squares_append(1000)"
10000 loops, best of 3: 148 usec per loop
$ PYTHONPATH=. python -m timeit -s "from squares import squares_comprehension" "squares_comprehension(1000)"
10000 loops, best of 3: 74.1 usec per loop
$ PYTHONPATH=. pypy -m timeit -s "from squares import squares_append" "squares_append(1000)"
10000 loops, best of 3: 46.9 usec per loop
$ PYTHONPATH=. pypy -m timeit -s "from squares import squares_comprehension" "squares_comprehension(1000)"
100000 loops, best of 3: 8.67 usec per loop

I'm curious to know how many allocations/copies a list comprehension saves in CPython/PyPy. However I wouldn't begin to know how to measure it.

9
Zak 1 day ago 1 reply      
The creators of Common Lisp knew what Alex is talking about. Lisp is, of course just as dynamic as Ruby, Python or Javascript, but it exposes lower-level details about data structures and memory allocation iff the programmer wants them.

Features that come to mind include preallocated vectors (fixed-size or growable), non-consing versions of the standard list functions and the ability to bang on most any piece of data in place. There are fairly few situations in which a CL program can't come within a factor of 2 or 3 of the performance of C.

10
wheaties 1 day ago 0 replies      
Great bit of slides. Straight and to the point. If you've ever ventured under the hood of Python you'd see this in the code. If you've ever had to optimize the bejeesus out of code in C++ or C, you'd know exactly the kinds of things he's talking about.
11
riobard 1 day ago 0 replies      
Completely agree. APIs are so important for many optimizations to pull off.

I'd really like to use a lot more buffer()/memoryview() objects in Python. Unfortunately many APIs (e.g. sockets) won't work well with them (at least in Python 2.x. Not sure about 3.x).

So we ended up with tons of unnecessary allocation and copying all over the place. So sad.

12
CJefferson 1 day ago 2 replies      
One main thought on this topic -- languages like Haskell and lisp also have very poor support for direct memory control, but tend to be viewed (perhaps untruthfully?) as much closer in performance to C than Python/Ruby.
13
dicroce 1 day ago 3 replies      
As a C/C++ programmer I find these slides kind of amusing... These languages are popular because they make things simpler, and his suggestions may very well get a nicely jit'd language on par with C, but I suspect you'll then have the same problems C does (complexity).
14
revelation 1 day ago 0 replies      
Looking at CPython and the bytecode it uses, it's not very hard to see why it would be slow. It's basically designed as a reference implementation, with only very tame optimizations.
15
meunier 1 day ago 1 reply      
Someone actually posting notes with slides! It's a miracle!
16
estavaro 1 day ago 0 replies      
My own piece of feedback based on my experience. The slides were good. But like others, JIT is not all rosy. In V8 and Dart and .NET, code gets compiled to native code as soon as possible. I think that's the best case scenario in general. You then don't have to guess as much.

The author didn't mention method dispatching. I think it's an issue for many languages. In Dart, they tried to optimize it by the specification by mostly eliminating the need to change methods at runtime. In Ruby I watched a video by one of the core Ruby developers and he said that in Ruby method dispatching can be very complicated requiring up to 20 steps to resolve them.

As important as getting the best performance out of programs is to get the programs created in the first place. That's why I'm against shying away from larger codebases. I'm in favor of OO programming exactly because I think getting things done comes first, even if that could complicate the implementation of the toolset. And OO is all about layers of abstractions that bring more performance costs with them.

That said, I absolutely abhor type annotations. They make code hideous and decrease the opportunities for experimentations. Instead of reading a + b = c algorithms, you may need to parse A a + B b = C c source code.

In Dart we have Optional Types. But the core developers are fond of type annotations, so most samples they post come with them. I take relief in being able to omit type annotations while experimenting, researching and ultimately prototyping. Although in a way I feel like a rebel in the community for this disregard. Thankfully there is this chance to share a community with them.

Reading the part that you don't like adding heuristics to help programs to go faster reminded of adding types to them even if they are mostly disregarded as in Dart.

Then again, not all "dynamic languages" are the same. Some are truly dynamic with eval and runtime method changes. Others, not so much. Sometimes the tradeoffs allow for other kinds of gains that could come into play like when deploying. So there is a lot more to it than just getting the algorithms correct.

17
wting 1 day ago 1 reply      
I have a few comments about some of the slides, feel free to correct any misunderstandings.

Dictionary vs Object:

Lookups in both data structures is O(1), the difference being the hashing cost (and an additional memory lookup for heap) vs a single memory lookup on the stack (1 line of assembly).

Squares list:

> ... so every iteration through the list we have the potential need to size the list and copy all the data.

This is no different than stl::vector which has an amortized cost of O(1) for a push_back().

It's not going to be as fast as C, but I'd also argue for a generator version instead:

    def squares(n):
return (i*i for i in xrange(n))

One of the main reasons people choose Python is for expressiveness and not manually managing memory, although pre-allocation does seem like a good idea.

18
csense 1 day ago 0 replies      
The example he gives for strings could be optimized to near the efficiency of the C version by a sufficiently smart compiler:

    int(s.split("-", 1)[1])

If the JIT knows that s is the builtin string type and the split() method has not been overridden [1], it can speed this up by using "pseudo-strings," where a pseudo-string is an index and length into another string. This would require only O(1) time and space.

Garbage-collecting pseudo-strings would be an interesting exercise, but I'm sure it's a solvable problem [2] [3].

[1] If the preconditions for your optimization don't hold, you can always fall back to interpreting it. As noted by the speaker, this sort of logic is already a critical part of many JIT's including Pypy.

[2] The problem is actually GC'ing the parent. When the parent string is gc'ed, you have to compact the orphan strings to reclaim the remaining space; otherwise it'll be possible to write user code that uses a small finite amount of memory in CPython but has an unbounded memory leak in your compiler.

[3] You can avoid the trickiness in [2] if the parent string can be proven to outlive its children, which is the case in this example. You could probably optimize a lot of real-world code, and have an easier time implementing the compiler, if you only used pseudo-strings when they could be proven to be shorter-lived than the parent. As a bonus, this partial GC would build some infrastructure that could be recycled in a general implementation.

19
cheald 1 day ago 4 replies      
Kind of a poorly-named deck. It's really about why programs use features of these languages that end up causing poor performance relative to C, rather than why the individual VMs themselves are slow. It's no surprise that trading the byte-precision of C for the convenience of a garbage collector and heap-allocated data structures results in a performance decrease.

Dynamically-typed languages are often easier to program in, but require more copying (and memory allocation) as a result. Hash tables are heap-allocated and have to be garbage collected, but they're flexible - something you don't get with structs. Allocating and freeing memory has a cost, and that can add up quickly. Your primary line of optimization in most of these languages is "avoid the GC", which really boils down to "don't allocate more than you need to", which is sound advice in every language, scripting or otherwise.

20
bithive123 1 day ago 1 reply      
If you want to learn more about what the Ruby VM has to do in order to execute your code, and some of the performance challenges for Ruby implementors (such as it's extremely flexible parameter parsing) I suggest this talk by Koichi Sasada: http://www.youtube.com/watch?v=lWIP4nsKIMU
21
edanm 1 day ago 0 replies      
Very interesting talk

Leads me to wonder - has anyone done a study of any large-scale program to check where the slow spots are? It's not that I don't trust the speaker, he makes excellent points and is obviously a great memeber of the community.

But it would be very interesting if he were able to say: "Using PyPy's secret 'hint' API, only in drop-dead obvious places, improved performance by a factor of 5".

22
gingerlime 1 day ago 0 replies      
Interesting slides, and good point about having better APIs.

Perhaps I'm nitpicking, but with a function called `newlist_hint`, I struggle to see how anybody would adopt it. I had to go back to the slides maybe 3 times, and I still don't remember the name of this function... Those APIs must have the most obvious, logical and simple names.

23
coldtea 1 day ago 0 replies      
Speak about Python and Ruby.

Javascript is insanely fast, with V8 and its ilk.

And I'm not talking about "toy benchmarks" either, I'm talking about envolved stuff written in plain JS (no C extensions), from the QT port to JS/Canvas, to the h264 encoder and such. Try doing those on Python and you'll see what you get. And of course all the toy benchmarks also agree.

Javascript with v8 is like a faster PyPy (with less performance deviation): 10 to 20 times faster than plain Python code.

Sure, you can extend Python with fast C code. But as the core languages are concerned, JS beats CPython hands down. (Oh, and you can also extend JS with fast C/C++ code if you need that. Node modules do it all the time).

24
oscargrouch 21 hours ago 1 reply      
Its time to face it:

People start to create computer languages without carrying too much about the target processor opcodes (because in that time processor were just getting faster with time) and focus more on programmer convenience, and wild beasts like python and ruby were born..

C is fast because it was created with processor awareness in mind.. pretty simple...

these days kids are all about trying to create more and more crappy convenient sintax languages.. and they get worry when the languages dont scale? for what computer they design the language? from venus ?

nobody should be doing any serious software in python or ruby.. is such a waste of talent .. use it for education.. for fun.. or for the things they are best.. wich is not in the system/plumbing side of things

25
d0mine 1 day ago 1 reply      

    atoi(strchr(s, '-') + 1)

What does this do? Finds the first instance of a -, and converts the remainder of a string to an int. 0 allocations, 0 copies. Doing this with 0 copies is pretty much impossible in Python, and probably in ruby and Javascript too. </quote>

The copying could be avoided in non-idiomatic Python:

    int(buffer(s, s.find("-") + 1))

26
arocks 1 day ago 5 replies      
It is almost time that people stop referring to Languages as Fast or Slow. It is an implementation that is fast or slow, not a language.
27
mixmastamyk 1 day ago 3 replies      
Question:

    def squares(n):
sq = []
for i in xrange(n):
sq.append(i*i)
return sq

A basically idiomatic version of the same in Python. No list
pre-allocation, so every iteration through the list we have the
potential to need to resize the list and copy all the data. That's
inefficient.

Is that true? I'd expect .append() to change a pointer or two, not "resize and copy" the list. Even an .insert() should just move pointers at the C-level... no need to "defrag" it. I guess the key word is potential.

28
kristianp 1 day ago 0 replies      
As a ruby lover, I'm interested in the ruby implementation the Author wrote and mentioned, topaz [1]. Has anyone here tried it?

"Topaz is a high performance implementation of the Ruby programming language, written in Python on top of RPython (the toolchain that powers PyPy)."

[1] http://docs.topazruby.com/en/latest/

29
jderick 1 day ago 0 replies      
I think the preallocate APIs sound like a cool idea. Perhaps there could also be some kind of 'my hashtable is an object' hint that could let the compiler do the same kind of optimizations on hashtables that it does on objects (assuming that your hash keys don't change much).
30
jdhuang 1 day ago 0 replies      
Interesting presentation, but it can't be the whole story. Even projects like SciPy which use the most rudimentary data structures (basically just a large array of floats) and algorithms (sometimes just looping through the elements in order a few times) see a considerable advantage when rewritten in C.

http://www.scipy.org/PerformancePython

31
Nate75Sanders 1 day ago 2 replies      
He mentions that he couldn't find a pure C hash table.

http://linux.die.net/man/3/hcreate

32
ippa 1 day ago 0 replies      
His suggestion for better preallocate APIs made me think of this ruby patch from Charles Nutter: http://www.ruby-forum.com/topic/173802

4 years later and they still discuss it, heh.

33
rjzzleep 1 day ago 1 reply      
i'm actually surprised noone ever talks about perl. isn't perl crazy fast compared to the other interpreted languages?
34
rasmusfabbe 1 day ago 6 replies      
This is misleading and contains errors like calling C++ "C". Unless you have a great deal of knowledge about these things already, I urge you not to learn from this but read the slides purely for entertainment.

Question: The author claims to be a compiler author. After some digging I haven't found any information on what compilers he has written or are part of writing. Could someone point me to the compiler(s) Alex is involved with? Thanks.

10
Evernote hacked evernote.com
318 points by tlogan  1 day ago   200 comments top 34
1
UnoriginalGuy 23 hours ago 10 replies      
The following blog post is also being sent to all Evernote users as an email communication.

Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions.

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.(http://en.wikipedia.org/wiki/Salt_(cryptography) ))

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com(https://www.evernote.com/Login.action).

After signing in, you will be prompted to enter your new password. Once you have reset your password on evernote.com, you will need to enter this new password in other Evernote apps that you use. We are also releasing updates to several of our apps to make the password change process easier, so please check for updates over the next several hours.

As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your data safe very seriously, and we're constantly enhancing the security of our service infrastructure to protect Evernote and your content.

There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:

Avoid using simple passwords based on dictionary words
Never use the same password on multiple sites or services
Never click on ‘reset password' requests in emails " instead go directly to the service
Thank you for taking the time to read this. We apologize for the annoyance of having to change your password, but, ultimately, we believe this simple step will result in a more secure Evernote experience. If you have any questions, please do not hesitate to contact Evernote Support(http://evernote.com/support).

The Evernote team

2
Ensorceled 23 hours ago 3 replies      
I'm kind of annoyed they didn't send an email, just flagged my password. So I couldn't use the iphone/mac apps and had to login via the web interface to reset. Which I didn't know because they didn't send an email, just got an invalid password error.

Their lack of encryption and lack of 2 factor auth just became a much bigger issue for me...

3
rdl 23 hours ago 1 reply      
I've never really understood the security model for Evernote. It's "an exocortex" -- your personal notes, which are likely to be more security sensitive than general documents, email, etc. And yet they have even less security than Dropbox, themselves not exactly an exemplar of robust security.

They've got competent people operating the service; it's just not well designed for security.

4
melvinmt 23 hours ago 1 reply      
That's why I don't use any fancy services for my notes, which usually contains sensitive data. I simply use Notational Velocity which encrypts my notes and stores it locally. It does provide a synchronization option with SimpleNote but they can't even be bothered with using SSL.
5
ams6110 21 hours ago 2 replies      
we have found no evidence == "we really don't know"

Sorry, I'm sure the Evernote tech team is competent, but clearly some marketing spin has been put on this announcement.

6
makeramen 22 hours ago 1 reply      
I managed to reset my password to the same that it was before. I changed it again right away of course, but there should definitely be some protection against that.

(FWIW I didn't get the email so I was simply locked out and used their "forget password" form instead of trying to log in, which may have a different reset process).

7
seldo 22 hours ago 0 replies      
I note that when Twitter released their breach notice on a Friday afternoon there were comments accusing them of trying to "bury" the news:

http://news.ycombinator.com/item?id=5154502

While there are (so far) no such comments about Evernote releasing this stuff on a Saturday morning. I think security breaches are just discovered at inconvenient times.

8
jerrya 22 hours ago 0 replies      
I find evernote tremendously helpful and I pay the $5 per month for a premium service, REGARDLESS, a google of https://www.google.com/search?q=evernote+two+step+authentica... says little good about how Evernote respects me or their many many other customers whom have repeatedly asked for two factor authentication.
9
kmfrk 23 hours ago 1 reply      
Service currently unavailable. Here is their latest tweet:

    Important: Evernote just implemented a service-wide
password reset. Please read our post for details and
instructions

Said post is unavailable by the look of it.

Can someone post a paste of the blog post in here?

10
tlrobinson 17 hours ago 0 replies      
Any suggestions of migration paths to more security conscious alternatives?

I'd even be happy with an encrypted disk image on Dropbox if there's a good way to OCR scanned docs, then be able to search them.

11
bthomas 22 hours ago 0 replies      
> we have found no evidence that any of the content you store in Evernote was accessed

This depends on how hard they looked - do people believe content wasn't accessed?

Is it fair to ask them for a technical post about why they don't think content was hacked? I'd love to know how they separate auth from content, and how they ensure that a hacked auth node can't view notes

12
moe 21 hours ago 0 replies      
Let me be the first to say: HA-HA! </nelson>

Over the past few years I've told everyone to refrain from using Evernote. I told them that Evernote doesn't use end-to-end encryption and that eventually this would happen.

Hardly anyone would listen ("You're just paranoid", "I don't store anything private in there anyway, except.. oh").

For once I take cruel pleasure in being "that guy". The general public needs to learn this lesson.

13
mieubrisse 18 hours ago 0 replies      
In the post, they say:

"The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords. Please create a new password by signing into your account on evernote.com."

What it doesn't say is how the passwords were dumped in the first place, or what they're going to do to ensure it doesn't happen again (outside of taking "additional steps"). I understand that not all users of Evernote are technical, but I'd like some peace of mind that a similar thing is less likely to happen in the future.

14
jrockway 16 hours ago 0 replies      
I finally made the switch to randomly-generated passwords for everything, so for once I can finally not care at all that this happened. It's just a reminder that I need to close my Evernote account.
15
Stratoscope 21 hours ago 1 reply      
For anyone who is as puzzled as I was about how to change the password in the Android app, the answer is you can't change it in the app. (!)

Instead, you have to tap the "authentication failed" notification. Then you can change the password.

16
marcuspovey 21 hours ago 0 replies      
Good they're being proactive here, but two things:

1) I'm sick of going through this password reset crap every month or so. Please lets get rid of passwords.

2) Could Evernote please look at some sort of oauth based signin for mobile devices? I have to enter this unique and very long password multiple times on every device I own.

It'd be nice if my linked phone and tablet didn't need me to use the same login system as a human.

17
lysium 21 hours ago 1 reply      
I'm wondering how they perform the password reset.

Surely, you must know more than the username. But they cannot rely on the old password either, because the whole thing was set off by assuming that the old password is hacked. And they advise their user to ignore instructions per email.

So how do / could they do it?

18
SonicSoul 22 hours ago 1 reply      
i didn't get the email, and my original password still works, it just took me directly to change password screen.

i guess they're counting on compromised passwords not being used individually to create new ones?

19
rburhum 22 hours ago 0 replies      
Funny enough, logging in to Evernote was the first thing I did after laying in bed spending 1hr+ watching this amazing video about http/https man-in-the-middle attacks using sslstrip http://www.thoughtcrime.org/software/sslstrip/ . Not a good way to start my morning.
20
eliot_sykes 23 hours ago 0 replies      
21
apapli 16 hours ago 2 replies      
Frustrating, I thought they would have done security better than most given the type of information stored here.

Does anyone know a decent password keeper? I have a list of logins/passwords for my key sites in a word .doc file stored locally, but given I have a work mac, home mac, tablet and iPhone it really is a pain to access the locally stored file.

I thought about saving this file on google drive, but their 2-factor auth doesn't seem to apply for drive (only gmail).

How do others do this - is there a way to store an encrypted file somewhere online, then typing in a known password to unencrypt / open it when I need to access it?

22
colinmegill 22 hours ago 0 replies      
"Please create a new password by signing into your account on evernote.com(https://www.evernote.com/Login.action).
After signing in, you will be prompted to enter your new password."

Why couldn't an attacker do that at this point?

23
mmagin 23 hours ago 0 replies      
And another example of how badly Wordpress scales.
24
mourique 23 hours ago 1 reply      
whew, i was shocked when my evernote client asked me to enter my password because i did not recieve the e-mail. It seems like this was a precautious step as nothing was 'really' hacked, or was it?
25
mdp 19 hours ago 0 replies      
They've never really been focused on security in the past. Honestly, I love the service, but their lack of concern about keeping it secure has never sat well with me.

I wrote up a post with some of my security concerns. http://news.ycombinator.com/item?id=5311010

26
senthilnayagam 22 hours ago 0 replies      
Anybody considered the zendesk link http://m.techcrunch.com/2013/01/08/zendesk-evernote-25k/

Twitter, tumblr, Pinterest hacks are all having zendesk connection

People on Dropbox have issues too

27
ga0bi 23 hours ago 0 replies      
I filed a ticket this morning after I was unable to login to the Mac client. Here's their response:

"Dear Valued Customer,

We're truly sorry for the inconvenience this has caused you this morning. We are attempting to contact our entire userbase about this matter, but we feel that immediate action in these cases is the most prudent course."

The rest of the email contained the contents of their blog post.

28
santiagoIT 19 hours ago 1 reply      
I got the email and reset my password (web browser on desktop). I then launched the MaxOs client app and it asked me to enter the new password, however the iOS app shows its initial loading screen but then just crashes. It never gets around to asking me for the new password. Anyone know a solution to this?
29
yabatopia 22 hours ago 0 replies      
I didn't get an email (yet) so I visited the Evernote Forum. I was a bit surprised to see that I had to sign in with the same username and password of my Evernote account. It's convenient, but I prefer seperate accounts, especially since they're using third-party forum software.
30
lucb1e 22 hours ago 0 replies      
I am impressed by how well this is handled. Much better than I've seen from other companies!
31
Nyr 23 hours ago 0 replies      
And following the announcement, the blog it's down and emails didn't arrived yet. Well done, Evernote.
32
DocG 19 hours ago 1 reply      
Not cool. I use evernote for throwaway email passwords.
And storing some usernames, without passwords. Just to remember usernames.

I wouldn't lose anything, it would be just inconvenient for me.

33
xutopia 19 hours ago 1 reply      
Anyone know a good Skitch replacement?
34
jms703 23 hours ago 2 replies      
I don't understand why they don't offer encryption.
11
The Secret Tesla Motors Master Plan (2006) teslamotors.com
310 points by mactitan  19 hours ago   158 comments top 23
1
spullara 18 hours ago 7 replies      
When I ordered my Tesla S I also needed to get a 240V charger installed in my garage. Tesla sends you over to SolarCity for that and they can install it for you. This also gives them the perfect opportunity to offer you solar panels as well since they can show you, based on your electricity bill and the number of miles you are going to drive, how much it is going to save you.

Long story short, bought a Tesla S from Tesla, a outlet installation from SolarCity and now have also signed up for 8.8Kw solar panel system for my house.

The vertical integration of his investments is awesome. I just hope he somehow integrates in SpaceX ... maybe solar microwave power from orbit?

2
wamatt 12 hours ago 0 replies      
Musk's plan in a way serves as a reminder for those of us that tend to overestimate the role luck plays in the personal journey towards entrepreneurial success.

While generally HN users are open minded, no small number have derided the notion that others (perhaps far less capable than Musk), are capable of having a meaningful vision.

Of course having a justified belief and plan is a different approach to the lean startup philosophy. Lean effectively aligns more with the randomness worldview and iteration with an impartiality (or even celebration in some cases) of failure. Whereas OTOH, the visionary approach usually has more confidence in a self-directed path.

Those with this visionary quality (in varying levels of ability), can arrogantly dismiss others too, with behavior that is equally cringe worthy. Moreover, it would be hard to objectively and meaningfully argue either approach is universally "better".

However, perhaps the most significant indiscretion, is not in picking a side that works for you, but rather failing to see that two sides exist at all.

3
angstrom 17 hours ago 0 replies      
They've followed the plan well. I'd also like to point out a lesser known article from 7 years ago: http://money.cnn.com/magazines/business2/business2_archive/2...

The New Power Play

The Investor: Elon Musk, co-founder, PayPal

What he's backed: SpaceX, Tesla Motors

What he wants now: As Musk's two most recent investments - in a space rocket and an all-electric sports car - suggest, the 35-year-old entrepreneur likes to think big. So he's intrigued by the promise of a next-generation battery called an ultracapacitor, capable of powering everything from cars to tractors. Unlike chemical batteries, ultracapacitors store energy as an electrical field between a pair of conducting plates. Theoretically, they can be charged in less than a second rather than hours, be recharged repeatedly without sacrificing performance, and far outlast anything now on the market.

"I am convinced that the long-term solution to our energy needs lies with capacitors," Musk says. "You can't beat them for power, and they kick ass on any chemical battery."

Musk would know: He was doing Ph.D. work at Stanford on high-energy capacitors before he helped get PayPal off the ground. At least one startup, EEStor in Texas, and a larger company, Maxwell Technologies in California, are working on ultracapacitors. Yet Musk believes a university-based research group has an equal shot at a commercial breakthrough, since universities are where the most promising research is bubbling up. "The challenge is one of materials science, not money," Musk says.

The team to pull this off, he says, would need expertise in materials science, applied physics, and manufacturing. Musk wants to see a prototype that can power something small, like a boom box. "Make one and show me that it works," Musk says. "Then tell me what's wrong with it and how it can be fixed."

What he'll invest: $4 million over two years for a working prototype

Send your pitch to: mbb@spacex.com. -- M.V.C.

4
ChuckMcM 19 hours ago 1 reply      
August 2, 2006

The Secret Tesla Motors Master Plan (just between you and me)

From 2006. Nice to know they are still sticking with it :-)

5
surrealize 17 hours ago 3 replies      
> the second model will be a sporty four door family car at roughly half the $89k price point of the Tesla Roadster and the third model will be even more affordable

Tesla cars so far have definitely been luxury cars. If they keep going downmarket into the mainstream, I wonder if they'll want to create a separate brand for their mainstream stuff, a la acura/honda, toyota/lexus, and infiniti/nissan.

If they do, the low-end brand should be "Edison".

6
codex 18 hours ago 3 replies      
"Without giving away too much, I can say that the second model will be a sporty four door family car at roughly half the $89k price point of the Tesla Roadster."

A Model S for $45K? Where do I sign? The average selling price of a Model S is probably more like $90K.

7
jessriedel 18 hours ago 6 replies      
Can anyone point me toward Musk's reasoning about why solar will beat out wind power in the long term? I know he owns a solar company, but why did he choose that over wind?

(I'm aware of the basic pros and cons of both. I'm really just looking for Musk's thinking.)

8
jasonshen 18 hours ago 1 reply      
Nothing builds credibility like doing what you said you would. =)
9
NoPiece 19 hours ago 8 replies      
I am rooting for Tesla, but if they are counting on a "solar electric economy," that makes me worry. Let's target something practical, like a nuclear/natural gas/solar electric economy.
10
btipling 17 hours ago 0 replies      
(2006) on the title please.
11
chenster 17 hours ago 3 replies      
> However, let's assume for the moment that the electricity is generated from a hydrocarbon source like natural gas, the most popular fuel for new US power plants in recent years.

Above statement is mostly true in state of California where natural gas generates one third of its total power (source: http://energyalmanac.ca.gov/electricity/total_system_power.h...)

Not so true national wide. According to US Energy Administration, the energy sources and percent share of total for electricity generation in 2011. Note the the combined renewable energy sources is below 10% still in 2011.

• Coal 42%

• Natural Gas 25%

• Nuclear 19%

• Hydropower 8%

• Other Renewable 5%

• Biomass 1.38%

• Geothermal 0.41%

• Solar 0.04%

• Wind 2.92%

• Petroleum 1%

• Other Gases < 1%

(source: http://www.eia.gov/tools/faqs/faq.cfm?id=427&t=3)

Coal is still the king.

12
zacharycohn 16 hours ago 1 reply      
I am a huge fan of Elon and have a lot of faith in anything he's involve in.

I am interested, however, in how this reconciles with the Innovator's Dilemma. He's starting at the top of the market and working his way down.

My possible explanation (assuming he will be successful) is:

There isn't enough of an existing market to be disrupted for the Innovator's Dilemma to apply. What I would be worried about here is the other electric cars that ARE on the market are on the lower end (comparatively. The Leaf is $23,000 vs Tesla @ $52,000).

Nissan is working on using cheaper tech, and then will find ways to improve that cheaper tech versus Tesla using expensive tech and finding ways to make it cheaper.

Opinions?

13
uptown 17 hours ago 0 replies      
Not that he's presumably anywhere near the end of his life - but does Tesla or SpaceX have a contingency plan should something happen to Elon Musk? Don't get me wrong - I absolutely love everything they're doing. It just scares the crap out of me that such a grand movement opposing very powerful forces is led by a single individual. Please tell me there's more brilliant leaders with the same mindset involved in his mission, ready to take the reins should the need ever arise.
14
TechNewb 16 hours ago 0 replies      
Secret: One of the reasons I want to get a good job is so I can afford a Tesla... Don't tell anyone.
15
DanBC 15 hours ago 1 reply      
How rare is lithium for lithium ion batteries? And how recyclable is it?

Should I be buying lithium now to sell it later?

16
mactitan 12 hours ago 0 replies      
Hybrid vs EV: .56 vs 1.14 km/mj.

Xprise 100 mpg winner seriously considered EV but won with
Gas engine. Where's the discrepancy?
At least Germany is a good case study in the feasibility
Of a solar electric infrastructure. I thought diesel/ hybrid is best bet but it's good musk is here pushing the envelope.

17
vignesh_vs_in 11 hours ago 0 replies      
Here is a video documentary by Nat Geo on Tesla, Model S. https://www.youtube.com/watch?v=qvPosSzUGVI

Elon explains the master plan himself.

18
HyprMusic 14 hours ago 0 replies      
I find it incredible how one many seems to be driving such a change in the future of our planet. Considering people have apparently been putting time and money in to this for decades, why are we not seeing more attempts like this? Is it because it's not considered lucrative enough for the capitalist market? Or is Elon just a very good at convincing us (me) he's breaking new ground?
19
chenster 16 hours ago 3 replies      
Richard A. Muller, Nobel Prize in Physics, posted an short article on energy efficiency and pollution in gasoline, hybrid, and pure battery powered cars. Gasoline vs best battery powered car is a factor of 40.The only car has zero pollution is the hydrogen powered.

http://muller.lbl.gov/teaching/physics10/old%20physics%2010/...

20
AlexeiSadeski 12 hours ago 0 replies      
Assuming all observed warming is anthropogenic, the amount of global warming caused by the cumulatie emissions of all of America's cars ever: 1/40th of 1 degree Centigrade.
21
zaidrahman 17 hours ago 0 replies      
A CEO who sticks by the grand plan. This is refreshing.
22
slevcom 16 hours ago 0 replies      
Total man crush on Elon here. He's like a science fiction author except he makes the spaceships for reals instead of writing about them. Meanwhile a large chunk of the entrepreneurs continue to optimize ad delivery and photo sharing (myself included), just sayin.
23
mynameishere 14 hours ago 0 replies      
Yeah, right. He just wants pollution moved from rich areas, where traffic density is located, to poor areas, where power generating stations are located.
12
How Search Works google.com
304 points by vijaydev  1 day ago   101 comments top 28
1
philsnow 1 day ago 3 replies      
I missed most of the content on this ... page ? Exhibit ? Installation ? whatever it's called, because it told me to scroll, I did, and I scrolled through a bunch of what looks like empty space and arrived at the end ("and that's how search works"). The user is apparently supposed to stop and watch some animation at certain places, but it's not clear where to stop scrolling.

Perfect example, near the top there's some text about "It's made up of over[........] 30 TRILLION[.........] INDIVIDUAL PAGES[........] and it's constantly growing." But there's nothing to indicate that I should stop somewhere and wait for some more text to show up.

Maybe they should limit how far down you can scroll by setting the height of some element, and only increase it when the animation is finished.

Edit: the key problem here isn't the "scrolling makes things happen" gimmick that's popular lately. the problem is that it starts certain animations or fade-ins some time after I've already skipped past an apparently blank space.

2
dangrossman 1 day ago 2 replies      
The most interesting thing there is the live view of the most recently deleted webspam. I wonder what blackhat SEO firms can learn from that to better avoid the filters.
3
franze 1 day ago 2 replies      
thx matt and the google search team for doing this. it's nothing new for technically inclined people, but every little bit helps. helps for what? teaching people to worry about the right aspects of search and the impact on their business, instead of worrying about bullshitphrases that were planted in their head by a SEO agency key account or a blogpost from 2008. so well yes, thx for doing this. i will send it to my clients (and tell them to click on the bubbles, even though they don't look clickable)

now an anecdote (because i feel like telling one): this week started for me with an interview that finally got published http://werbeplanung.at/news/marketing/2013/02/interview-mit-... it's german) in that interview i claimed that

* 80% of everything written about SEO and Google is bullshit

* that all the rumors, tipps and trends are actually hurting business

* that we should treat SEO as a numbers based craft of constant optimizations

* instead of the esoteric bullshit art it is currently

* and, if search traffic is important for the success of a business, they must rid themselves of external (agency) dependencies and develop internal structures

nothing to far fetched i think. everybody knows the SEO vertical is full of bullshit, i just took some time to estimate a number (based on a random sample of collected blogposts (that at least one person tweeted about))

yeah, i got a lot of angry emails, skype messages, linkedin messages, xing messages after the interview was published.

most of them mentioned at least one of these words

  * pagerank
* whitehat
* blackhat
* grayhat
* linkjuice
* panda
* pinguin ...

so yeah, thx google for educating people about search. keep up the good work.

4
tmoertel 1 day ago 4 replies      
Has anyone deciphered the fat-mustache diagram in the "Query Understanding" circle? It's in the Algorithms section.

At first I thought it was supposed to represent a Gaussian-like probability distribution. But when I clicked on it, the resulting animation showed a series of such distributions getting flattened by some kind of distribution-flattening hydraulic press. The accompanying caption: "Gets to the deeper meaning of the words you type."

If I was confused before, now I was completely lost.

How is deeper meaning represented by distribution flattening? I'd think it would be just the opposite, raising probability mass around the likely meanings, not spreading it out into a uniform distribution over all meanings.

Baffling.

If anyone has figured it out, please do share.

(Maybe I'm taking the diagrams too seriously.)

EDITED TO ADD: New option: If you don't have any clue what it means either, come up with an entertaining yet plausible story that fits the hydraulic-press-vs-mustaches animation and share that story instead.

EDITED TO ADD: Example: At Google's new eco-friendly data centers, NLP computations are performed by genetically enhanced inchworms. Difficult queries, however, can cause the inchworms to get cricks in their backs. In such cases, Google's innovative back-massager descends and restores the inchworms to their preferred position (prone), from which they can return to their computations with renewed vigor.

5
dylangs1030 1 day ago 1 reply      
I don't know what to take from this.

That search is very complex (I knew that, but not with this technical detail).

Or...that Google is trying very hard to maintain user interest with gimmicky shows of why it's cool and cutting edge and necessary.

Not that Google isn't those things...this just seems like an unnecessary expenditure of time. We know it's complex Google. Improve some other features and stop shutting others down instead of making these web 2.0 animations.

6
eykanal 1 day ago 0 replies      
I was halfway through before I realized that some of the content was clickable.

Very nice page, though.

7
jojopotato 1 day ago 0 replies      
Interesting that they show the approximate number of searches / second at the bottom. Is that an otherwise publicly available number?
8
area51mafia 1 day ago 1 reply      
It's nice overall, but the timing for making items appear is a little slow. I was past most headers by the time they appeared, and I don't think I scroll too incredibly fast.
9
aviswanathan 1 day ago 2 replies      
Scrolling is really becoming the new thing in UX design. It's an interesting contrast to the 'movie-like' flash animations of a few years ago that required no interaction on behalf of the user.
10
prezjordan 1 day ago 2 replies      
They left out the part where they index your emails and choose items you agree with over items you don't :
11
JDDunn9 1 day ago 1 reply      
Their characterization of their spam procedures is grossly misleading. They do not send emails to most people that have been penalized, nor do they give clear instructions on how people can fix their sites.

Thousands of small sites were killed by Panda for no good reason, and have little hope of getting their traffic/incomes back. Google's spam policy is skewed heavily in favor of large sites and their own properties.

12
ywyrd 1 day ago 3 replies      
I keep checking every so often, but searching for "this phrase" or +absolute +requirement is still broken. Even "Verbatim", isn't. If they can't even get simple search right, who would trust them with anything more?
13
johnmurch 1 day ago 2 replies      
Is this just PR for Google? Would rather see a more technical approach - although great for forwarding to clients when asked :)
14
sytelus 1 day ago 0 replies      
There are some good facts and numbers hidden in rather toy explanation:

1. Spam detection is automatic

2. There 6 types of spam

-Unnatural outbound links (link selling)

-Content copy/manufactering

-Keyword stuffing

-Forums/user generated spam

-Parked domains

-Sites hosted on spammy DNS

-Different content humans and bots

-Hacked sites

3. Google is removing as many as 50K spam sites per month, they get 8K reconsideration requests

4. Google's machine learned relevance model may be using about 200 features

15
Xorlev 1 day ago 1 reply      
38,800 requests/second according to their estimation.
16
manojlds 1 day ago 4 replies      
> By the way, in the 47 seconds you've been on this page, approximately 1,813,260 searches were performed.

Aren't these just some random numbers that they pull out of the air?

17
joshhart 1 day ago 0 replies      
Answer: It uses a bunch of skip lists.

Source: I do hacking on top of lucene.

18
lysium 1 day ago 0 replies      
Nice scroll-UI! Took some time to see the clickable items. Interesting bits about spam pages.
19
cryowaffle 1 day ago 1 reply      
Whoa... really, 100 MILLION gigabytes to store "The Index"? Wow. That's big.
20
denysonique 1 day ago 0 replies      
Some of the live listed 'spam' pages appear to be genuine to me.
21
state 1 day ago 0 replies      
The better people understand their tools, the more effectively they can use them.
22
OGinparadise 1 day ago 3 replies      
"We write programs & formulas to deliver the best results possible"

There's a slight oversight, it should be: "We write programs & formulas to deliver the most profitable results possible for this quarter"

23
aeon10 1 day ago 0 replies      
A beautifully designed page more than anything else
24
moeedm 1 day ago 0 replies      
An awful way to learn anything.
25
wfunction 1 day ago 0 replies      
"We write programs & formulas to deliver the best results possible."

No kidding.

26
yarou 1 day ago 0 replies      
vijay: very interesting link. thought it was interesting, despite the obvious slant.
27
moha24 1 day ago 0 replies      
This is not how search works!!
28
asawant 1 day ago 0 replies      
This is brilliant !!!
13
WebKit for Developers paulirish.com
302 points by paulirish  3 days ago   36 comments top 14
1
maerek 2 days ago 0 replies      
Very interesting article. I never really understood the nuances of the different WebKit ports (and once naively assumed that WebKit === WebKit). I also didn't have an appreciation for the amount of work going in behind the scenes. The link referenced in the article (http://trac.webkit.org/browser/trunk/LayoutTests) is a fascinating line of sight into the testing that goes on for the core.
2
eridius 2 days ago 2 replies      
> So first, WebKit parses HTML the same way. Well, except Chromium is the only port so far to enable threaded HTML parsing support.

Nope. Recent WebKit Nightlies have threaded HTML parsing as well.

https://www.webkit.org/blog/2259/last-week-in-webkit-threade...

3
kybernetikos 2 days ago 2 replies      
This is why the webkit- prefix is nearly worthless. I've had a lot of problems where chrome and safari were rendering prefixed things differently and I couldn't target them individually, because they both use the same prefix. This is the whole point of having the prefixes!
4
taeric 2 days ago 1 reply      
I don't really get the initial point. The browser is, for most developers, a black box. And it should probably stay that way. Ideally, it is an exchangable black box.

Still a neat article. I just find that point odd.

5
daredevildave 2 days ago 0 replies      
I'm a little surprised by this line, in reference to Chrome on iOS:

    "Also, for what it's worth, JavaScript is so rarely the
bottleneck on mobile that the lack of JITting compiler
has minimal impact."

But then I'm making HTML5 games so JavaScript performance is pretty much the only thing I care about.

6
petepete 2 days ago 2 replies      
I'm interested to see whether Opera's move to WebKit means the end of the Dragonfly suite of tools (which are fantastic, by the way).
7
WayneDB 2 days ago 0 replies      
Just curious - How close is WebKit in terms of complexity, to the Linux Kernel?
8
cpleppert 2 days ago 2 replies      
Does anyone know why there are two different font paths and how WebCore chooses which one to use? I assume the difference between fast and complex would be very platform dependent.
9
ireadzalot 2 days ago 1 reply      
Is anyone aware of any resources that shows you how to setup your machine to see how an HTML page is rendered in Webkit, step by step, like remote debugging?
10
leeoniya 2 days ago 1 reply      
in FF, on every page load the page scroll jumps to around the "Opera just moved to WebKit. How does that play out?" section. is this intentional?
11
zenocon 2 days ago 0 replies      
I'm working on a project to embed WebKit in vehicles. One of the things I'm interested in doing is running a suite of tests to ascertain things like compliance with various specs and performance. I see the 28k layout tests in the WebKit repo, but would be interested in any other tests -- especially those that can be easily loaded into an iframe.
12
zobzu 2 days ago 1 reply      
Reading the article, it sounds like "its cool because now you only have to 'dev for webkit' and forget the rest".

Makes me uncomfortable.

13
buildnship 2 days ago 0 replies      
Levi Weintraub has a really great tech talk hosted at airbnb, where he talks abouts all the different aspects of WebKit and it's components: http://www.youtube.com/watch?v=GGzmST5nNSM&playnext=1...

Some more really good tech talks @ https://www.airbnb.com/techtalks

14
autoreverse 2 days ago 0 replies      
@paulirish FYI the link to CoreFoundation is invalid

http://developer.apple.com/corefoundation/%3Cbr%20/%3E

14
The Story of Bageshwori, Watsi's First Patient watsi.org
267 points by pg  2 days ago   59 comments top 34
1
pg 2 days ago 1 reply      
I keep a tab open with this image

http://media.tumblr.com/c8a33a98917d46ca8d3220183dfd6e5e/tum...

because I know I'll click on it accidentally a few times a day.

I do it to remind me that there are more important things than whatever fire I'm currently fighting, and also simply because it makes me happy.

2
mherdeg 2 days ago 2 replies      
In case anyone is wondering, if I am reading their FAQ correctly, they don't actually wait until the crowdsourced treatment is 100% funded before they provide medical care -- per https://watsi.org/faq#am-i-really-funding-medical-care-for-t... .

"Am I really funding medical care for the patient?
Yes. Your donation directly covers the cost of care for the patient you choose. Medical Partners provide care to patients accepted by Watsi operating under the guarantee that the cost of care will be paid for by donors. In this sense, Watsi operates much like a traditional health insurance company. When you go to the doctor, your doctor calls your health insurance provider to ensure they'll cover the cost of care. Your doctor then provides care operating under the guarantee that it will be paid for by the insurance company."

(And thank goodness they don't wait! That would be pretty scary.)

This is a bit different, I think, from the thing people found confusing about Kiva ( http://blogs.cgdev.org/open_book/2009/10/kiva-is-not-quite-w... ) which was that they were inviting investments in microloans which had already been disbursed. But it may be similar enough that you find it interesting if you like to "follow the money".

3
danielpal 2 days ago 1 reply      
With Watsi's 100% of funds going to patients and the fact that they make it so easy to donate, I decided last month to start donating 2% of my monthly income through Watsi. Basically at the start of each month I choose 2 campaigns and donate $50 on each. Is very easy, you should try it.

Whats I find even more interesting is that by end of year I'll donate $1,200. Which turns out to be roughly the amount of 1 life saving surgery in Nepal. So basically I'll save 1 life by the end of the year.

4
liber8 2 days ago 2 replies      
I mentioned this before (http://news.ycombinator.com/item?id=4816337), but I haven't seen it implemented and think it's worth repeating:

I love what you guys are doing and hope you can fund hundreds of these at a time. But, right now there's only six people who I can donate to. I want to support the organization as well, to make sure you guys can keep helping people.

How about a "fund our operations" button, or at least some pool that I can donate to if there aren't any people left who need a treatment right this second (as occurred the last time I left this comment).

Otherwise, cheers. I just made another donation. I think what you're doing is spectacular.

5
TomGullen 2 days ago 0 replies      
Incredible, and saddening to think if Watsi was any later this young human being probably wouldn't be around today.

Watsi seems to personalise charity to a level I have never seen before. It's very exciting!

Watsi looks absolutely amazing and I want them to succeed more than any other startup.

6
smoyer 2 days ago 1 reply      
Everyone wants to change the world, but Watsi changed "her world" and gave her the opportunity to pass it on. If Watsi never makes a dollar ... or even if they never help another soul, it would be sad, but they've left a legacy that few companies can claim regardless of their size.

Well done!

7
picklefish 2 days ago 1 reply      
I'd like to see them add a "monthly donation" where someone can just set their cc / bank account up to fund $50 a month. They'd allocate the money to specific cases and send you an email to the one(s) they used your money to fund.
8
lanstein 2 days ago 0 replies      
9
noonespecial 2 days ago 1 reply      
There's something I always wondered about 3rd world medicine. If her surgery was $1125 and the average person makes $0.90/day (less than $1) that means her surgery cost 3.42ish year's wages.

Could I get the same surgery here in the USA for $171233 (median income in the US assumed about $50,000)?

Is there some sort of balancing feedback function thats stretching the cost of a certain level of medical care to a certain predictable multiple of a local year's median wage?

It would at least be an interesting rabbit hole to descend.

10
joezydeco 2 days ago 1 reply      
Beautiful site and a great way to introduce the concept via Bageshwori. Maybe it's because I'm a parent myself, but I'm still tearing up at these pictures.

I'm donating today, and saving the link for the next person that bitches to me about another Kickstarter delay.

11
kayoone 2 days ago 1 reply      
I dont know, but somewhere i think it has an unethical side to it, and i mean donating money for charity as a whole.

Basically people buy themselves peace of conscience by donating a small amount of money that doesnt hurt them to feel good about helping somebody (yay, 2% of my yearly income saved a life!). Then go back to surfing the web on their made-in-china-under-miserable-working-conditions macbook pro. You get the idea, i am guilty of this myself.

I mean of course its a wonderful thing that somehow we can help these people and it has to be done (i do too), but we shouldnt forget that many of these sufferings are symptoms of our excessive lifestyle in the western world.

12
PaperclipTaken 2 days ago 3 replies      
I normally hold the philosophy that a person should not recieve health care unless there is money to pay for them, and I woudn't ever advocate that someone donate to a charity like that. Life is hard and not everybody can make it.

But the smile on her face, especially in that last photo, is really something. And especially at $1125, the chance that she'll contribute more than that back to the global GPD some day is good.

And it might even be enough for me that she might live a normal life.

13
Anil-Shrestha 2 days ago 0 replies      
Born and raised in Nepal,I ,am so sad and happy at the same time. And thanks 100000x to watsi.org. I know there are many such cases in Nepal and just a little help could save so many human lives in countries like ours. I am a computer science student myself at Silicon Valley, and if there is any technical help necessary for Watsi.org or any such organizations, I am more than ready to volunteer. In the mean time, Thanks again for saving Bageshwori's life.
14
soneca 2 days ago 0 replies      
Great work! I've been working on the philanthropy sector for a few years now. This P2P donation system is very powerful and this particular model can scale very fast. But there are a few traps on the way, I hope I can help you see some of them.

The first trap is the self-sustainability one. See the comments, everyone loves that their money is going 100% to the patient, they are glad they can be 100% sure you are not frauds. But no one cares about how are you going to survive or how much money will you need to be active in 10 years, reaching hundreds times more patients. This, as I see it, is a problem of anchoring. If you are a non-profit, they anchor you on Mother Teresa, you should be a volunteer, have a vow of poverty, be a saint. Anything less than that, you are a simply a fraud, no middle ground, you only deserve the rocks. On the other side, if you a regular startup, aiming for profit, they anchor you on Gordon Gekko, so you just try to be cool and "do no evil" and that's it, they love you. That is the trap also of personalizing the donation. People donate more when they see a face, but then they only care about that face. If you go bankrupt in about a year, they don't care. They only care that THEY saved a life (they did, writing a check, painless, easy, they saved a life with a few clicks, not your hard work, they did) and blame you for not being competent enough. So, the trick is to keep the donation personal and transparent, while raising awareness in donors that your work is relevant (and tough, and expensive).

The other trap, is more a conceptual one. IMO P2P donations are a great tool to connect very different words. When you put a face on it, third world health problems are not just statitics from Gates Foundation reports, they are real problem for real people. This is a great change of empathy level for donors. The trap here is to let that be enough, and fade. As behavioral economics shows, a good action give ones self-indulgence enough to neglect further involvement. It is important to educate people about why this donation is necessary. Explain how big are the health system problems in the country of the patient, explain more about the local conditions of the patient's family, neighborhood, hospital and doctors. Explain why a "cheap" surgery is not already covered. Explain how things might be better in the future, explain how they might be worse. Educate donors so they understand the world we live in. It would be a great service and potentialize the social impact of Watsi.

15
raheemm 2 days ago 0 replies      
Hey Watsi, you could probably help some folks here in Bangladesh. Let me know if you need any on-the-ground assistance here.
16
trhtrsh 8 hours ago 0 replies      
Any plans to support EBT, to avoid exorbitant credit card fees?
17
matznerd 2 days ago 0 replies      
It is awesome to be able to actually see the people you are helping. This literally puts a face on "giving." I like it.
18
trhtrsh 8 hours ago 0 replies      
How does Watsi prevent fraud on the part of Medical Partners (misdiagnosis, not providing treatment, etc), and how can donors feel confident that Watsi's controls are effective?
19
fiatpandas 2 days ago 0 replies      
It is truly outstanding that 100% of the donations reach the medical partners. Watsi is doing it right. Their level of transparency is also admirable.

Nyaya Health, the partner this blog post is about, uses the same funding model, where all donations made are 100% used for patient care in Nepal (unless you explicitly want your donation to be used for US staff/operations)

Bravo to both.

20
elliottcarlson 2 days ago 0 replies      
I love the idea of Watsi, and finally got to donate this time, as the last time I was at the site, every single cause had been fully funded.

My only request of the site would be to make it easier to see the outcome of the patients even for those who haven't funded the procedure for that person. Currently it requires finding the transparency document, and checking the link there for each patient - it might be useful to show more info for the ones that have been fully funded so people know how many people have been treated - that their money is going to make a difference.

21
codegeek 2 days ago 0 replies      
Kudos to Watsi for doing this. The transparency is the key which is differentiating it from other non-profits and wish them all the best. Even though we know, but it is sometimes hard to keep in mind that for a mere $1200 , you could save someone's life and what it could mean for them. Sometimes, I forget how lucky I am to have sound health, great family and a roof over my head. We take it for granted while millions of people in this world fight every day just to get some of it.
22
ajtaylor 2 days ago 0 replies      
I wish I had a hundred up votes to give! Sitting at my desk at $work, I'm struggling to keep back the tears. You guys are awesome! This is a startup that truly makes a difference. :)

One feature I'd love to see is the ability to setup a regular donation. Doing it via credit card is fine. You can give it to a random person as it makes no difference to me. The option to donate to the operating costs would also be great and then I could do both. The key feature is to make it regular and automatic. In my case, I get paid fortnightly so you could take $25 every two weeks and split it between patients and operating expenses. Will the upcoming Stripe integration allow this?

23
josefswann 2 days ago 2 replies      
Did anyone else notice that most of the organizations that are facilitating these treatments seem to be Watsi clones, or at least very similar in spirit?

http://amhf.us/,
https://secure.cure.org/curekids/donate,
http://rickhodes.org/ricks-patients/,
http://www.csc.org/donate.php,
http://www.nyayahealth.org/donate/

This makes me worry that this is not direct donation, but through one or more layers of brokering.

[Links taken from the transparency document,
https://docs.google.com/a/google.com/spreadsheet/pub?key=0Ah...]

24
togasystems 2 days ago 0 replies      
I just donated and was quite impressed with the process. It was painless, no sign up, just direct to Pay Pal. Good job.
25
malandrew 2 days ago 0 replies      
You guys should try getting ads with patient profiles in public places with a short URL to that profile where someone can donate. It'd be great to see this in places that those TV ad displays that constantly change. I reckon these TV ad spcae providers would be more than happy to donate space. I'm curious how well they would perform to help raise money.
26
ishansharma 2 days ago 0 replies      
This is amazing. One good way Internet is changing lives! Before this, I didn't know about Watsi. But now that I know about difference they make to people's lives, I'll definitely contribute.
27
tsotha 2 days ago 0 replies      
This is a great program.

I wouldn't want to be the one sorting through the cases deciding who gets treatment and who doesn't.

28
namank 2 days ago 0 replies      
Thank you, Watsi founders, thank you.

rock on

29
tunnuz 2 days ago 0 replies      
This is a great story. That's what you can do with computer science.
30
withinthreshold 2 days ago 0 replies      
Just donated and it feels so great.
31
papaver 2 days ago 0 replies      
wow, totally awesome. the scene needs more startups like this. congrats guys. this is one of the coolest startups ive seen in a long time.
32
royalghost 2 days ago 0 replies      
A great story on how internet and technology can make a real impact on human lives. Good Luck to Watsi Team.
33
nchase 1 day ago 0 replies      
Ever since I donated to Watsi I've been getting paper mail from other charity organizations making pleas for me to donate money to them.

Has anyone else had this experience?

34
petegrif 2 days ago 0 replies      
Wonderful story.
16
Resurgence of Neural Networks github.com
251 points by marmalade  3 days ago   57 comments top 19
1
moron4hire 2 days ago 5 replies      
Really interesting stuff.

I had once attempted to build a genetic algorithm for manipulating the synapse weights, specifically because of the problems of traditional back-propagation falling into local minima (unfortunately, some serious shit at work made it drop by the wayside). This RBM approach sounds better than back-propagation, but it also sounds like it would be prone to runaway feedback.

One of the performance problems with neural networks is that the number of cores on a typical machine are far less than the number of input and intermediate nodes in the network. The output nodes are less of a concern as you're trying to distill a lot of data down to a little data, but there is no reason to treat them differently. There are (very few) examples of NNs on GPUs, so that helps, but I've recently been curious to try a different, more hardware-driven approach, just because one could.

Texas Instruments has a cheap DSP chip that you'ns are probably familiar with called the MSP430. It's pretty easy to use, the tool chain is free and fairly easy to setup (especially for a bunch of professional software devs like us, right? right? Well, there's an Arduino-like tool now, too, if not), costs around 10 cents in bulk for the simplest version, requires very few external parts to run (something like a power source, 1 cap, and two resistors), and it has a couple of serial communication protocols built in. I'm quite fond of the chip; I've used it to build a number of digital synthesizers and toys.

For about $50 and quite a bit of soldering time, you could build a grid of 100 of these, each running at 16Mhz, and I bet with a clever design you could make them self programmable, i.e. propagate the program EEPROM over the grid. Load up a simple neural network program, maybe even having each chip simulating more than one node, and interface it with a PC to pump data in one end and draw it out the other. It might not be more useful than the GPGPU approach, but having physical hardware to play with and visualize node activity through other hardware would be a lot of fun.

2
maaku 2 days ago 2 replies      
Great post, and thank you for the link to Hinton's coursera page - I didn't know about that. I also hope to learn a thing or two from your github code. But it was so depressing to read this:

> Now, when I say Artificial Intelligence I'm really only referring to Neural Networks. There are many other kinds of A.I. out there (e.g. Expert Systems, Classifiers and the like) but none of those store information like our brain does (between connections across billions of neurons).

This is a middle-brow dismissal of almost the entire field of A.I. because it does not meet an unnecessarily narrow restriction. (Which, by the way, neural nets don't either. Real neurons are analog-in, digital-out, stochastic processes with behavior influenced by neural chemistry and with physical interconnectivity and timing among other things not accurately modeled at all by any neural net. It's closer modeling to the mechanisms of the brain, but far from equivalent and as a CogSci student you should know that.)

A.I. is the science of building artifacts exhibiting intelligent behavior, intelligence being loosely defined as what human minds do. But in theory and in practice, what human minds do is not the same thing as how they do it.

The human mind does appear to be a pattern matching engine, with components that might indeed be well described as a hidden Markov model or restricted Boltzmann machine. It may be that our brains are nothing more than an amalgamation of some 300 million or so interconnected hidden Markov models. That's Ray Kurzweil's view in How to Create a Mind, at any rate.

However it is a logical fallacy to infer that neural nets are the only or even the best mechanism for implementing all aspects of human-level intelligence. It's merely the first thing evolution was able to come up with through trial and error.

Take the classical opposite of neural nets, for example: symbolic logic. If given a suitable base of facts to work from and appropriate goals, a theorem prover on your cell phone could derive all mathematics known up to the early 20th century (and perhaps beyond), without the possibility of making a single mistake. And do it on a fraction of the energy you spend splitting a bill and calculating tip. A theorem prover alone does not solve the problem of initial learning of ontologies or reasoning about uncertainty in a partially observable and even sometimes inconsistent world. But analyzing memories and perception for new knowledge is a large part of what human minds do (consciously, at least), and if you have a better tool, why not use it?

Now I myself am enamored by Hilton-like RBM nets. This sort of unassisted deep-learning is probably a cornerstone in creating a general process for extracting any information from any environment, a central task of artificial general intelligence. However compared with specialized alternatives, neural nets are hideously inefficient for many things. Doesn't it make sense then to use an amalgam of specialized techniques when applicable, and fall back on neural nets for unstructured learning and other non-specialized tasks? Indeed this integrative approach is taken by OpenCog, although they plan to use DeSTIN deep-learning instead of Hilton-esque RBM's, in part because the output of DeSTIN is supposedly more easily stored in their knowledge base and parsed by their symbolic logic engine.

3
bsenftner 2 days ago 2 replies      
I've been working for several years as the "applications developer" for a neural net lab. The neural lab has spent 11 years developing and refining a neural net pipeline - a series of neural nets which given one or more photos of a person's face, the pipeline performs forensically accurate 3D Reconstructions of the person's face and head. The system is used by government & police agencies the world over when trying to determine what a "person of interest" looks like given random photos of their subject. I've additionally exposed an "entertainment" version of the technology which can be seen at www.3d-avatar-store.com. There one can create a 3D avatar, get a Maya rigged version for professional quality animation, as well as license my WebAPI to embed avatar creation into your own software. And the best part is the avatars look just like the person in the source photo.
4
tansey 2 days ago 1 reply      
Nice write up. I gave a presentation on DBNs for my Neural Networks class in Fall 2011. If you'd like references to the relevant papers and some more details on the algorithms and applications, here are the slides: https://docs.google.com/presentation/d/18vJ2mOmb-Cbqsk0aNoUM...
5
dave_sullivan 2 days ago 2 replies      
Oh, backprop isn't so bad...

After all, a deep belief network starts with an RBM for unsupervised pre-training, but the finetuning stage that follows just treats the network as a standard MLP using backprop.

Also, you can use an autoencoder instead of an RBM, which I think are getting better results these days? And there are better regularization techniques for backprop now--weight decay, momentum, L1/L2 regularization, dropout, probably more that I'm leaving out.

The pre-training (RBM or autoencoder) helps to not get stuck in local minimas, but there's also interesting research that suggests you're not even getting stuck in local minima so much as you're getting stuck in these low slope, high curvature corridors that gradient descent is blind to, so people are looking into second order methods that can take curvature into account so you can take big steps through these canyons and smaller steps when things are a bit steeper. Or something like that :-)

All that being said, anyone care to weigh in on the pros/cons of RBMs vs something like a contractive autoencoder? No such thing as a free lunch, so what are the key selling points of RBMs at this point? I keep seeing them pop up, but afaik, they don't provide a particular advantage over autoencoder variants.

Great article though, I'm really glad to see more and more people getting interested in neural networks, they've come a long way and people are just starting to wake up to that.

6
return0 2 days ago 2 replies      
First, it's Geoffrey, not Gregory Hinton.

Here's a very good tech talk from him about RBMs: http://www.youtube.com/watch?v=AyzOUbkUf3M

That said, both approaches loosely mirror the function of the brain, as neurons are not simple threshold devices, and both backpropagation and the RBMs training algorithms do not have a biophysical equivalent.

7
jph00 2 days ago 0 replies      
I'm the President and Chief Scientist of Kaggle, which ran the drug discovery project mentioned in the article. As it happens, I did my Strata talk on Tuesday about just this topic. I will be repeating the talk in webcast form (for free) in a few weeks: http://oreillynet.com/pub/e/2538 . I'll be focussing more on the data science implications, rather than implementation details.
8
leot 2 days ago 0 replies      
I remember running into Hinton one afternoon back in 2005 while on St. George. He was walking home, and especially cheerful from having just figured out how to do learning efficiently on deep belief nets. It's amazing to see the influence this work has had.
9
boothead 2 days ago 1 reply      
As mentioned in this thread by nicholasjarnold, Jeff Hawkins work on HTM (detailed in his excellent book "On Intelligence") seems superficially similar to this. Has anyone had experience of both approaches. HTM seems to have much more structure in the network, but I know next to nothing about AI and would love to hear from those who know a bit more.
10
nicholasjarnold 3 days ago 2 replies      
If you're really interested in understanding more about he "hierarchy of filters" quote, and much more related to that theory of how our brains operate, I strongly suggest the book On Intelligence by Jeff Hawkins. Super interesting stuff!
11
scottmp10 2 days ago 0 replies      
It is great to see more interest in neural networks, but the types of neural networks the author describes are missing some key aspects of what the brain is doing. I work with Jeff Hawkins at Numenta, and while our product is based on a type of neural network, it is quite different from the class of NN described in this post. For background:

A recent blog post by Jeff:
https://grok.numenta.com/blog/not-your-fathers-neural-networ...

And more detailed information on the technology (I would recommend the CLA white paper):
https://grok.numenta.com/technology.html

12
theschwa 2 days ago 1 reply      
That Coursera class has been showing a start date of "Oct 1st 2012" for a while. Does anyone know when the next class might be?
13
sherjilozair 2 days ago 1 reply      
MNIST is not a good dataset to show any artificial intelligence on. The dataset is so simple, a good programmer can probably write 100 lines of python to write a classifier for it, based on no machine learning.

Neural Network techniques which work so well in small, easy and trivial datasets like MNIST do not generalize to more serious datasets, and that's where the "and this is where the magic happens" component is needed.

14
smalieslami 2 days ago 0 replies      
In fact we're only scratching the surface when it comes to the generative capabilities of deep models. See e.g. our recent work on using Deep Boltzmann Machines to learn how to draw object silhouettes: http://arkitus.com/ShapeBM/
15
m12k 2 days ago 0 replies      
I looked at Restricted Boltzmann Machines for a while when searching for a topic for my master's thesis. One very interesting use is to train an RBM with animations, and then use it generatively to create new animations - Hinton and one of his students, Graham Taylor, wrote a paper about it (http://www.cs.utoronto.ca/~hinton/csc2515/readings/nipsmocap... PDF)). Imagine if it was expanded, so animators could train an RBM with a body of animation from a character, then simply specify "go from here to here" and the RBM would create an interstitial animation. Afaik a lot of animation work is just boilerplate like "line the character up so we can fire the sit down animation".
16
Rnnguy 2 days ago 2 replies      
Sitting in a class right now reading this while Hinton is teaching neural nets.
17
mhluongo 2 days ago 0 replies      
Check out the rest of Geoffrey Hinton's work as well- http://scholr.ly/person/3595934/geoffrey-e-hinton
18
frooxie 2 days ago 2 replies      
Does anyone have a link to a web page (or to a book) that would be useful if you want to learn to program a Deep Belief Network?
19
spin 2 days ago 0 replies      
You can play with a Python version of this same algorithm (cd for rbm) here: https://github.com/Wizcorp/Eruditio

(I wrote it... :-)

17
Scientists Uncover Invisible Motion in Video bits.blogs.nytimes.com
248 points by Libertatea  3 days ago   53 comments top 20
1
reginaldo 3 days ago 2 replies      
Last June, when this first came up, I commented:

I was thinking about the implications of using this technique to analyze e.g. political speeches and try to catch people lying on the act. Your application (winning on card games) seems very interesting too

Now, with the Google glass getting closer to being a real thing in the market, the possibilities are endless (for the good and for the bad). Unfortunately, my mind is kind of twisted and I think about the bad first. Must be a side effect of all the security issues I'm researching.

For instance:

# Google glass + Eulerian magnification + facial expression recognition = Instant "Lie to Me"-like[1] microexpressions expert.

# Google glass + Eulerian magnification + TSA agent: "picking" suspects by the way their pulse react as they get closer to the agent using the "apparatus". Of course, the real criminals would just take some kind of drug to avoid being detected...

http://en.wikipedia.org/wiki/Lie_to_Me

2
antirez 2 days ago 2 replies      
I bet the iPhone app will be great. A few months ago I had some weekend fun implementing this algorithm in a trow-away iPhone application, and indeed I was able to observe the color change in my skin, and when watching to the veins of my arm the movement was greatly amplified.

I was missing a lot of the filtering required in order to amplify more and performance was a bit poor (frame rate) since it was just an hack. Something like that done in the proper way will be cool.

3
timthorn 3 days ago 1 reply      
Philips launched an iPad app to do this over a year ago: http://innovation.philips.com/pressreleases/nurturing-bg_vit...
4
archivator 3 days ago 1 reply      
The paper from last year's SIGGRAPH - http://people.csail.mit.edu/mrub/papers/vidmag.pdf
5
0x09 3 days ago 0 replies      
6
mistercow 2 days ago 0 replies      
What I find neatest about this (if I recall the paper correctly), is that it's essentially the same concept as an unsharp mask filter, only taken over time instead of over space.
7
31reasons 2 days ago 2 replies      
How are they able to change the video frame to show the motion amplification. In the last example, they are amplifying baby's breathing and showing it using some changes into the video frame itself. How are they able to stretch baby's cloths and body without knowing its 3D geometry, even wrinkles on the baby's cloths seems to shift. I am puzzled.
8
bluetidepro 3 days ago 1 reply      
They mention that they posted the code last year, in August. Does anyone have a link to that code? This is so incredible to me!
9
mattvot 3 days ago 1 reply      
Someone should take the code and make a site/app that can take YouTube videos in and enhance. I would try, but video processing goes way over my head.
10
speeder 3 days ago 0 replies      
Someone posted this same link yesterday, but I think I am with a ban that make my upvotes don't count, since the arrow go away and the vote count don't change. Goad that someone tried again and made this go to front page, I think it is vert amazing and awesome, maybe animators will be able to use this tech to learn how to avoid uncanny valley
11
peripetylabs 3 days ago 1 reply      
Computer science that can improve people's wellbeing -- in this case, medical diagnostics -- is particularly amazing. I can see this being used by emergency workers to take pulse quickly without having to fumble with electrical leads. The algorithm is also very simple and elegant.
12
Geee 3 days ago 1 reply      
13
addandsubtract 3 days ago 1 reply      
Can someone explain how they are amplifying the video of the eye moving and the baby in the crib breathing? If they are only analyzing the changes in color, how are they amplifying movement of shapes with that information?
14
hmsimha 2 days ago 1 reply      
My first thought when watching the segment where a clip from Batman is shown is, if this can be applied to movies, it may ruin some of the magic when the video picks up the microscopic motions of supposedly 'dead' characters (as the actors are still breathing and pulsing).

I think this is groundbreaking technology though -- I've read that there are subconscious responses to seeing things we like, such as a delicious food or an attractive individual of the preferred gender; a widening of the pupil or an increase in heart rate and body temperature. Devices that capture these changes can have applications in everything from marketing to security to courting.

15
konstruktors 3 days ago 0 replies      
Someone should port it over to HTML using canvas, native video and lots of javascript.
16
hartator 3 days ago 0 replies      
Waho, I think this project is fascinating. Anyone wants to work with me something like 2/3 days to release a web app, that transpose their code in a more "webby" way?

(We have their own solution: http://videoscope.qrclab.com/ but with all the respect this guys deserve! It's unfortunately far from perfect.)

I am based in Austin, my email is hartator_AT_gmail.com

17
pla3rhat3r 2 days ago 0 replies      
I find this fascinating especially that the code is open source. Makes me wonder what kind of applications can be built. Maybe even using some sort of Leap Motion application in conjunction with the amplification algorithm.
18
jbrooksuk 3 days ago 1 reply      
I imagine that the only real problem is it'll never be able to be 100% real time as you need to sources of colour. I guess you could get pretty close though.
19
31reasons 2 days ago 2 replies      
Can blood pressure be monitored in realtime with this technique ?
20
laurencei 3 days ago 3 replies      
"The system works by homing in on specific pixels in a video over the course of time. Frame-by-frame, the program identifies minute changes in color and then amplifies them up to 100 times, turning, say, a subtle shift toward pink to a bright crimson"

So really the title should be "Scientist amplify motion in video" - because that is what is occurring. There is nothing "invisible" being discovered - it still needs a visual change.

18
Stripe launches beta in the UK techcrunch.com
247 points by whyleyc  2 days ago   103 comments top 22
1
whyleyc 2 days ago 4 replies      
Have been waiting a long time for this :)

When announcing it onstage Patrick said anyone interested in participating in the beta should email him:

  patrick [at] stripe [dot] com

I hope he's ready for the email deluge !

2
pc86 2 days ago 3 replies      
I'm starting to hate Stripe threads because all it becomes is people complaining it's not available in their country.

And of course people complaining about people complaining about it not being available in their country.

3
Geee 1 day ago 3 replies      
"Article 49 of the Treaty on the functioning of the EU (the freedom of establishment principle) allows entrepreneurs to set up a company in any EU country."

http://europa.eu/youreurope/business/starting-business/setti...

Also, "Any business legally established in an EU country may open a secondary establishment (office, agency, branch or subsidiary) in another EU country."

http://europa.eu/youreurope/business/expanding-business/open...

Now, someone should set up a web service which makes it easy for EU citizens to incorporate in the UK.

4
RobAley 2 days ago 1 reply      
Does it support Verified by Visa or Mastercard SecureCode? Not that I like them much, but they provide some protection for merchants against chargebacks.
5
TomGullen 2 days ago 0 replies      
I was wondering why Paypal were phoning me up a lot recently to see how I was doing and if I needed any help with anything!

We're lucky enough to be on the Beta, can't wait to dig in and start the transition.

6
tomelders 2 days ago 1 reply      
Today is a watershed moment for UK developers. I don't think it's hyperbole to say that. In a few years, we will look back on our lives before this day and wonder

a) Why the hell we put up with all that crap for so long.
b) Why didn't we build Stripe ourselves.

7
jbrooksuk 2 days ago 0 replies      
This is one of the best things that's happened to the UK in the payment industry in years.
8
nulluk 2 days ago 0 replies      
Really good news. Can't wait to start taking payments by stripe for our "Stripe for Magento" extension, how about that for meta?
9
jonascopenhagen 2 days ago 2 replies      
Awesome. Here's hoping Denmark/Scandinavia is next.
10
TomAnthony 1 day ago 1 reply      
This is great.. but when is it coming to the UK!?!?

...

Oh.

11
rikacomet 2 days ago 1 reply      
stripe should launch in India, I'm more than ready to help out with that. The market here, for stripe is huge! A lot of alternatives exist, but all of them frankly su%k!
12
sschueller 2 days ago 3 replies      
Cool, I hope Switzerland won't be last. 7m people isn't interesting enough for many companies. :(
13
10dpd 2 days ago 1 reply      
Awesome news!

Is it possible to use Stripe to handle third party payments? E.g. A site owner (A) creates a website. A user (B) of that site wants to sell a product. (B) creates a product page and accept payments from their own customers (C). Ideally (C) would pay (B) using Stripe, and (A) would receive a percentage of the revenue received from (C).

14
egze 2 days ago 2 replies      
Any plans for Germany?
15
konradb 1 day ago 1 reply      
Out of interest what makes Stripe compelling over other alternatives such as Sagepay?

This seemed to be an already solved problem ([company like sagepay] -> merchant account -> bank account) but there's a lot of fanfair here so I must not be understanding what makes Stripe different.

16
nicholassmith 1 day ago 1 reply      
This is great news for UK businesses, welcome to our wonderfully miserably cold shores Stripe.

Although, you know it's much nicer up North outside London. Much nicer.

17
chaghalibaghali 1 day ago 0 replies      
I'd like to give a shout out to the guys from Paymill (www.paymill.com) - they sponsor the HNLondon events and when Patrick from Stripe turned up a few nights ago they were the ones that asked him to get on stage and give a quick talk, despite the obvious overlap of their products.
18
NuZZ 2 days ago 4 replies      
Australia is pretty much dominated by Paypal. Was excited to get to use Stripe for a new project but got sad when I realized it wasn't available here.
19
lotsofcows 2 days ago 1 reply      
How does Stripe mitigate PCIDSS requirements?
20
cohort 2 days ago 1 reply      
Is there a sign up form for beta?
21
kevbam 2 days ago 0 replies      
Finally!!!!!!
22
thomseddon 2 days ago 3 replies      
Does anyone know why the link has changed from TNW (http://thenextweb.com/uk/2013/03/01/stripe-uk-europe-launch/) to TechCrunch?

It's not really important, just curious if this is some kind of mod preference for TC? :)

20
Clojure 1.5 groups.google.com
238 points by llambda  2 days ago   46 comments top 9
1
JeanPierre 1 day ago 1 reply      
There's a lot of new small improvements in this update which are great for Clojure users, but the fundamental difference between 1.4 and 1.5 is the reducer library which was implemented. It's added mostly for performance reasons: By using this library, you will utilize Fork/Join in Java, but with a functional interface instead of the "gory" one. Very interesting, because the complexity of a typical `(reduce (map ...))` won't change, and you're suddenly utilizing all the cores on your computer. Rich Hickey had a talk about the new Reducers library[1], and I'd recommend you to see it, as it gives you a good understanding of how it works (and why it was implemented that way).

Another slightly interesting thing is the sudden enhancement to read-eval and EDN[2]. That's mainly because of the rough weather Ruby/Rubygems was in with the YAML-exploits, which caused a heated discussion on how the Clojure reader should act by default[3][4].

[1]: http://www.infoq.com/presentations/Clojure-Reducers

[2]: https://github.com/clojure/clojure/blob/master/changes.md#21...

[3]: http://dev.clojure.org/jira/browse/CLJ-1153

[4]: https://groups.google.com/d/topic/clojure-dev/zG90eRnbbJQ/di...

2
jashmenn 1 day ago 2 replies      
Shameless self plug:

If you're interested in keeping up with clojure news,
I recently started a clojure newsletter where we cover this sort of thing: http://defnewsletter.com

3
manaskarekar 1 day ago 2 replies      
Reducers look interesting! The linked blog post by Rich hickey is an interesting read: http://clojure.com/blog/2012/05/08/reducers-a-library-and-mo...
4
nivertech 1 day ago 1 reply      
How do I upgrade just 'lein repl' to use Clojure 1.5?

    [bin]$ lein version
Leiningen 2.0.0 on Java 1.7.0_15 Java HotSpot(TM) Client VM
[bin]$ lein repl
nREPL server started on port 41384
REPL-y 0.1.9
Clojure 1.4.0


I understand that Clojure is just a jar dependency, just need to find where lein's dependencies specified...

For a new project I would have specified Clojure 1.5 in defproject, but for REPL?

5
pbiggar 1 day ago 3 replies      
The conditional threading macros are nice. I've been using them from clojure.core.incubator for a while as -?> and -?>>. Anyone know why the name change?
6
jballanc 1 day ago 1 reply      
I've seen many, many attempts at "automatic parallelization" over the years. Clojure 1.5's reducers are the first approach I've seen that I think might actually work!
7
douglasisshiny 1 day ago 5 replies      
Perhaps this isn't the best place:

I eventually want to move on beyond ruby and java and try out a functional language. Clojure, Scala and Haskell all seem interesting. Haskell because it's pure functional. Scala and Clojure because they're functional and on the JVM, and out of the two, Clojure.

So it's between clojure and haskell in my mind. Haskell has a great tutorial book/website (http://learnyouahaskell.com/). Is there a great resource like this for clojure? (obviously there are many books, but what's the best, and ideally, does it have a free online version that I can try out before buying)

8
adestefan 1 day ago 0 replies      
That's it I really need to buckle down and learn clojure. I just got the perfect project today since I have to use a certain Java only library and then do some text processing on the copious results of that library's processing.
9
jsilva 23 hours ago 0 replies      
I would like to to know if clojure has big memory footprint. Since is doing dynamic class generation and so on. I did find something[1] on stackoverflow but i would like some more info from real production usage.

Thank you all.

[1]http://stackoverflow.com/questions/4058430/how-well-does-clo...

21
Bradley Manning's Statement bradleymanning.org
234 points by ivancdg  20 hours ago   57 comments top 12
1
jacquesm 3 hours ago 3 replies      
Just by how Bradley Manning was treated and by the continued existence of Guantanamo bay's facility the United States has lost a large chunk of its voice the world over when they start talking about human rights.

How far the US Government will sink before they realize that every time they do something like this they are hurting their own interests is anybody's guess. Be it drone attacks that kill children as collateral damage (Oh, but we apologized) or torture dressed up as self protection it hardly matters.

If you want to criticize the world then you need to set an example, not by taking out your rage on others but by wondering what it is that you are doing wrong and then correcting that.

Slowly but surely every 'own goal' is reducing the United States' importance on the world stage. And that's a real pity because we really do need an entity that is a little larger than most that can serve as a role model for the rest. As it is the role model seems to be that might makes right and that if you deny your problems and your mistakes that you can get away with it. The rules apply to everybody but you.

2
ck2 8 hours ago 2 replies      
You cannot look at any statement from him without realizing he's been kept in extremely hostile conditions, just this side of torture, WITHOUT TRIAL for over 1000 days (nearly three years!) being told he's facing execution or life imprisonment.

Any of us would say ANYTHING facing that. Anything.

They are roasting him alive now, government has over 140 "witnesses" to put on the stand.

They are going to make an example out of him, it's going to be horrible.

3
smutticus 5 hours ago 0 replies      
50 years from now everyone involved in these proceedings still alive will be ashamed of what transpired. We'll be issuing apologies and talking about 'how this never should have happened.' Then it will happen again in slightly different circumstances and the people alive then will find slightly different justifications for their actions.
4
mpyne 13 hours ago 2 replies      
I think the thing I was most surprised about is that the Iraq and Afghanistan war logs were the very first thing Manning had uploaded to WikiLeaks, and this happened far before Manning had been given the order to determine what other anti-Maliki literature was being drummed up by the FP 15.

I had always had the impression that Manning had been generally dissatisfied by American geopolitics but that the FP 15 order had been the last straw for him and that he'd started divulging information to WikiLeaks all at once.

It wasn't like that at all. He released the Iraq/Afghanistan actions database way before any of that. Before he saw the "Collateral Murder" video. Before the FP 15. Even before he punched a soldier in the face (around 8 May 2010, which was his "altercation").

WTF. He was essentially a WikiLeaks mole working on the inside... even though he made clear that no one from WikiLeaks pressured him into divulging information he also freely admits that some of the information he went out of the way to find, was simply because it was a matter of discussion in the WikiLeaks IRC/Jabber chat.

He freely admits releasing documents that he felt could possibly harm the U.S. as well: "Of the documents release[d], the cables were the only one I was not absolutely certain couldn't harm the United States."

And why did he release these cables if they were the only documents that were risky? "I believed exposing this information might make some within the Department of State and other government entities unhappy."

He also talked about reading quotes after WWI, about how "the world would be a better place if states would avoid making secret pacts and deals with and against each other." Certainly true! However he seemed to have missed the history lesson from WWII, where the U.K. and the U.S. both enjoyed significant military advantages thanks to their signals intelligence and codebreaking feats.

If Manning were as smart an intelligence analyst as he claims to be then he should know full well that information which is unclassified individually may still be a risk to national security (and therefore classified) if released as an aggregate.

The U.S. did this to the Japanese several before the Battle of Midway; for instance an increase in message traffic from the Japanese Naval base at Truk was a clue to the intelligence analysts at Station Hypo at Pearl Harbor that the Japanese fleet was prepping for a major operation, even though they couldn't break the code. (A good book to read regarding this is Ian Toll's "Pacific Crucible").

I suppose at least I can't say he was doing this to get back at the Army per se, since he'd done everything before they reduced him in rate. But conversely, much of what he leaked was not "war crimes" at all, but merely stuff to "start a debate".

I'm not really sure what to think about all of it. It seems to me that based on his very half-hearted attempts to go to the media that he was intending all along to go to WikiLeaks (whether consciously or not), and that the reasoning for it was not about specific things at all (at least the initial leaks).

I wish he would have talked about why he felt the need to brag to Lamo about it. Maybe that (talking to Lamo) was brought on by his stress from his punishment from the Army, it would almost be doubly ironic if the way he unmasked himself ultimately came about from his own fist hitting the face of another soldier.

5
codemac 19 hours ago 1 reply      
Website is offline, here is the google cache:

http://webcache.googleusercontent.com/search?hl=en&safe=...

6
throwaway125 19 hours ago 1 reply      
A lot has been written and said about Bradley Manning but it always seemed such a distant thing. Reading this statement made me realize how he's a real person that I can identify with rather than just some guy in a news article.
7
ok_craig 15 hours ago 1 reply      
The third from last section, titled "Facts regarding the unauthorized disclosure of Other Government Documents" is very vague. While all other sections detail the information released, this one does not. Possibly, I suppose, because it never made it to the public. Does anyone have any idea what it could be referring to?
8
breakall 19 hours ago 3 replies      
Interesting that Manning tried to contact the Washington Post, but got blown off... Tried the NYTimes, and they didn't return his call. That may say something about the media, but I'm more curious if the reaction by the US government and other officials to the leaks would have been the same if those papers had published the material, instead of Wikileaks?
9
grecy 15 hours ago 3 replies      
Interesting there was no mention from him about how he was treated while incarcerated, or about being held for so long without charge/trial.
10
porsupah 12 hours ago 0 replies      
I am terribly, interminably indebted to Bradley Manning. I cannot possibly repay the debt of conscience he managed to summon up.
11
cake 16 hours ago 1 reply      
It's funny to see how common the tools he uses are :

Dell laptops, WinRAR, wget...

You would think the army has some fancy tech, apparently not.

12
marze 16 hours ago 0 replies      
About time.
22
Zurb Launches Foundation 4 zurb.com
228 points by forrestkoba  2 days ago   78 comments top 21
1
mokash 2 days ago 4 replies      
I don't understand the whole mobile first thing? Isn't Foundation already responsive? Don't most websites built with Foundation's grid system automatically fit nicely on mobile devices? Am I missing something?
2
wilfra 2 days ago 9 replies      
What's the advantage of using Foundation over Bootstrap?
3
FilterJoe 2 days ago 4 replies      
I couldn't find any examples on the site of using "the magic of Scss, you can now remove almost all of the presentational classes from your markup." Could someone provide an example, or provide a pointer to an example of html markup which removes all presentational classes?

I did look at their templates site:

http://foundation.zurb.com/templates.php

and I still see presentational markup.

EDIT: I'd also like to see a sample SCSS mixin which attaches the style to the HTML. Something as simple as styling a few "Hello world" phrases arranged in a grid would be great.

4
alwillis 1 day ago 0 replies      
The Zurb guys just pushed out version 4.0.3 with a bunch of bug fixes and documentation updates: https://twitter.com/foundationzurb/status/307647218951811072
5
eCa 2 days ago 0 replies      
The "Clone now" link on http://foundation.zurb.com/ is a little boring on Windows. (It's currently pointing to github-mac://openRepo/https://github.com/zurb/foundation)
6
aioprisan 2 days ago 1 reply      
7
thedangler 2 days ago 1 reply      
Docs page doesn't seem to be loading properly for me... It's as if the CSS file isn't loading. I've tried it in 3 browsers.
8
mamcx 2 days ago 1 reply      
"Not tested in 4" for add-ons http://foundation.zurb.com/icon-fonts.php.

Thats unexpected. With bootstrap the whole package is ready-to-go in each release...

9
iaskwhy 2 days ago 1 reply      
10
throwaway420 2 days ago 0 replies      
I love Foundation 4 so far, but I still find the top-bar nearly useless. Maybe my opinion or experience is atypical, but that's the one aspect of the framework that I usually find myself replacing when using Foundation. Most of the rest of it is logically designed and useful right out of the box.
11
elclanrs 2 days ago 0 replies      
I understand why people praise these frameworks but in my case The Semantic Grid [1] + HTML5 Boilerplate [2] + Nib [3] is all I need to get started with any web project. I first prototype in vector and once I have the general wireframes I start mocking up the layout in HTML+CSS manually. Once the layout is done, I style the UI elements from scratch as well. Am I the only one tired of Bootstrap looking sites?

[1] http://semantic.gs/

[2] http://html5boilerplate.com/

[3] http://visionmedia.github.com/nib/

12
baby 2 days ago 1 reply      
13
jeffpersonified 2 days ago 2 replies      
To me, the most interesting part of this is the switch to Zepto. Can people weigh in on its performance over jQuery, and the overall tradeoffs?
14
pacomerh 2 days ago 3 replies      
seems kinda of a problem that "The Grid, Layout/UI and JS", aren't compatible with IE8 and bellow no?.

http://foundation.zurb.com/docs/support.html

15
leoalves 2 days ago 0 replies      
One of the authors of bootstrap also released, today, a version of the Bootstrap framework (with another name since he left twitter) using mixins and mobile first.
But built with less and not sass.

http://markdotto.com/2013/02/28/reintroducing-preboot/

16
funkyboy 2 days ago 0 replies      
I reaaaaly prefer Foundation to Twitter bootstrap.
17
joeblau 2 days ago 1 reply      
Wow this looks amazing. The off-canvas layouts for mobile look great. I think I'm going to migrate my Github page from Bootstrap to this.

Does anyone know if Foundation has any CDN's?

18
matteodepalo 2 days ago 0 replies      
My experience with Foundation has been great. The only thing I really didn't like was the markup full of classes a la bootstrap, and now they've fixed it! There has never been a better time for the semantic web.
19
yefim323 2 days ago 2 replies      
Is there a list of changes anywhere?
20
wildchild 2 days ago 1 reply      
Is there something like wrapbootstrap.com for Foundation?
21
gummydude 2 days ago 0 replies      
there might some minor glitch on Ipad, main banner on zurb's website doesn't fit properly into viewport.
24
Hackathons are bad for you chinpen.net
217 points by sayanee  2 days ago   123 comments top 46
1
michaelochurch 2 days ago 9 replies      
The real crime is that programmers have so little time for the exploratory work that the career requires that they have to do all of that off-hours.

Doctors can read medical journals and call it "working time". Most programmers have feces thrown at them if they're caught learning on the job. This is just something we have to suffer until we develop a stronger tribal identity and demand the conditions of a profession (including ethical rights and obligations that supersede immediate managerial authority).

Do surgeons spend 40 hours per week, 50 weeks per year, cutting open bodies? Of course not. No one would allow it. They work a full work-week, but they spend a lot of that time keeping current with the field. That's how professions are supposed to work. Your metered work obligation is ~15 hours per week, and the other 25-40 you spend keeping current, networking, and performing other off-meter, self-directed work that is important to you and the profession.

Now, hackathons. There are two things one should know about that. The first is that the association of programming with the night hours is a bit of cultural legacy. Forty years ago, when computing resources were shared and scarce, night was the only time you could get low-priority (exploratory) jobs to run. So the hobbyists (young people, usually with access through a connection or favor) did their work at night. Now, we have enough in the way of resources that people can work at any time. Some people are most productive between 6 and 10 in the morning. Others are best from 8 pm to midnight. Whatever works.

The second is that hackathons seem, in many organizations, to exist to recapture the college lifestyle for people who haven't realized yet that It's Gone Forever. The hackathon recreates the "good old days" (?) of the 3:00 am, caffeine-fueled coding fests to get that hard-ass final project to work. It's not terribly unhealthy when you're a college student and have that kind of schedule autonomy (you can crash for a week) but it's a terrible idea to mix that lifestyle with the 9-to-5 regular workday. Also, most final projects are Done, submitted for a grade, and never need to be looked at again. This isn't the case for real-world software.

I tend to see most company's 20%-time and hack-day programs as negative spaces that define anything programmers actually enjoy as "not real work" (because they can be tricked into doing it "for free"). I can't even count the number of times I've seen people using 20%T programs to do things that, if they didn't have short-sighted imbeciles for managers, would just be regular-ol' working time.

2
qdot76367 2 days ago 2 replies      
The best piece of advice that no one ever seems to give about hackathons:

--

Hackathons may or may not be for you. Try it once. Don't stay the whole time if you don't want. If they aren't for you, don't go again. If they are, great, have an awesome time.

--

For some reason, they're touted as this end-all be-all social event that if you don't go to YOU ARE MISSING OUT AND YOU WILL NEVER RECOVER. As many people posted here, the situation's combination of adrenaline and seratonin depletion gets people into some pretty seriously fucked mental states that causes odd group dynamics. Some will thrive on this. Some hate it.

Case in point: I grew up in the rural midwest, but had computers. So computers are something I deal best with in situations with little to no people around. Hackathons are the opposite of that. Took me like, 2 attendances to realize that, and now I just avoid them. Hell, I even avoid career situations that put me in that environment, because I don't work well there.

Not to say I haven't pulled some insanely stupid hours in my time, but I still even did most of those alone, and I'll continue to do so.

3
alanctgardner2 2 days ago 3 replies      
All of these are valid criticisms, but in my mind a hackathon is a treat: pizza, soda and staying up all night is fun sometimes, regardless of whether you play Halo, watch movies, or write a cool app. I agree with a lot of the comments that say you can't get much done; it's mostly a case of connecting existing libraries and data sources to create a sort of 'mash-up'.

That said, being able to prototype quickly is an awesome skill, and it completely exercises different parts of my skillset than my normal job. Going from coding a large C application, to hacking together a Ruby app is a very refreshing experience. Maybe if you spend your whole day working on the same stack in the same domain, it's less fun.

Finally, it's a good way to get something you've had in mind done. If your whole life isn't made of crunches, the occasional high-stress, urgent deadline situation is (once again) a welcome change. For people who work under these conditions all the time, yeah, it's probably not fun.

4
kevinconroy 2 days ago 3 replies      
Hackathons run by companies have always seemed to me to be a way for them to unleash creative thinking without having to devote significant company time to it or make strategic tradeoffs.

The best companies find a way to build the spirit of hackathons into the daily culture and provide scheduled, dedicated time to do this during normal business hours.

That being said, if you're young and have no kids then hackathons are probably a lot of fun. After you have other commitments in life, it just doesn't work.

5
DigitalSea 2 days ago 1 reply      
Hackathons to me have almost been about pushing developers to the limits within a 24/36 hour time frame for free, an excuse used by companies to exploit the "hacker" gimmick and keep most of the IP afterwards. Give them some beer, some pizza and energy drinks and make them stare at a screen all night. I often code at night, but I would never code 24 hours straight, let alone 36 hours.

I only ever entered one hackathon and it wasn't as great as some would tell you. The peer pressure you feel to keep going even when you feel like you're going to pass out from exhaustion is immense. Not a great feeling and I wouldn't recommend it, the fun part is overrated.

6
TeMPOraL 2 days ago 0 replies      
Part of the confusion here is that, I think, people treat different kind of hackatons differently. I took part in 48-hour coding contests long before they were even called 'hackatons' (back then we called them Jams). Those are some of the best coding experiences in my life. Working in small teams on something fun and creative with tight deadline was absolutely exhilarating and reinvigorating. But there's one caveat.

We did this by ourselves, for ourselves. For fun.

What I personally strongly dislike are the 'company hackatons', in which developers from a company are basically tricked to do some unpaid work for the company. In my opinion, it's dishonest. You can feel the difference in the air - events that are created by the dev community for themselves to play and improve just smell different than the ones started by managers.

So for me, the problem with hackatons boils down to the problem of "fun" vs. "work". Things started as fun, but they seem to be turning more and more into work. Just like in case of SEO and the Web, it's all great until someone from outside comes who wants to profit on this, and this is why we can't have nice things.

7
jrockway 2 days ago 3 replies      
Caffeine isn't a diuretic if you use it regularly. From Wikipedia: "Regular users of caffeine have been shown to develop a strong tolerance to the diuretic effect, and studies have generally failed to support the notion that ordinary consumption of caffeinated beverages contributes significantly to dehydration, even in athletes."
8
fakeer 2 days ago 0 replies      
Attended one sometime back. What hit me was that they didn't even bother to bring water and they remembered when I needed some. Needless to say there was pizza(and the way it was spread around was "yuck"), there was soft drink and beer and there was no water; neither any fruit or even trace of some healthy food or just food.

Nothing new or innovative came out other than sore backs, necks and a guy puking. Yes, there were some 'nice' hacks like "this guy build this using that hooking into that that API and showing this again".

Midway, I felt like sleeping - there wasn't any space and I was sort of looked down upon with scorn - as in "he doesn't belong here". Well, I didn't. I had built a little web app that did some basic(very) search with Tw/Fb. Nth I would like to see or ponder over again. I slept in a corner anyway(had my sleeping bag).

Bad thing it wasn't fun either.

Moral of the story - it's good for sort of a meet-up, not for 'breaking the ground' with your ideas :-)

And if you have to organize one - make sure there's food, water and some place to rest. Proper lighting which can be adjusted in different corners/parts of the hall(or the large room).

PS. And yes, keep it spacious and airy. Man is a messy animal :-\

9
mamoswined 1 day ago 0 replies      
I think the dysfunctional approach to "hackathons" described here leads to a lot of people just not participating. Maybe it's a stereotype, but for myself and other women I know, the idea of not getting enough sleep and eating crappy food while working for hours and hours isn't very appealing at all.

An exception were the Food + Tech hackathons I went to when I lived in NYC. They took place during the day and there was a variety of good food to eat no matter what your food preferences were. I'd love to organize something like that in Chicago.

I did try to organize a gourmet hack night but it didn't go so well. I got duck confit on my keyboard.

10
pjreddie 2 days ago 1 reply      
At my last job I worked at a YC startup where the entire codebase was written in the 3 months leading up to demo day when the team was under a lot of time pressure. Sure it worked fine as a demo, but with the pace of startup land this same code was then thrown into production and as the startup grew the codebase couldn't quite keep up. There weren't many catastrophic failures but there ended up being a lot of patching that had to happen on a daily basis. I would say 80% of my time was spent tracking down weird bugs in the code and trying to figure out what the hell the original authors were thinking when they designed things so poorly.

The point is, you probably will write really bad code if you are under a lot of time pressure. Hackathons seem like they are probably useful for some things like bouncing around ideas and quickly fleshing stuff out but please, for the love of god, if you decide to take your hackathon idea and run with it DELETE ALL OF YOUR CODE. Just do it. Then take some time and think through your overall design because trying to make major modifications when there are paying customers relying on your site every day really sucks.

11
asveikau 1 day ago 0 replies      
I remember the first time I heard the word "hackathon" was in the context of OpenBSD. The folks that worked on that were geographically distributed throughout the world, and approximately once per year they'd meet in a hotel in Canada and have their one chance to work collaboratively in person instead of over email. It sounded cool.

I don't remember when I first heard the Bay Area usage of the word "hackathon", but it sounded decidedly less cool.

12
hashbanged 2 days ago 0 replies      
We had an internal hackathon at work two weeks ago. I'm really new to the industry and this was my first one and I gotta say I agree with this guy on all counts.

It seems to mesh well with another part of the developers lifestyle though: a severe lack of free time.

"But in the end, I really feel that Hackathons are beneficial less as a place and time to code out your next big idea, but more of a time to mingle and bond with the community. It's like a gathering of the tribe. And personally, there is more value in that than actually developing anything."

Perhaps in the future I will focus on hackathon projects that are technically unstressful and allow me real time to bond and discuss with the community.

13
rinon 2 days ago 0 replies      
I'll say this up front... I love hackathons (and similar events: ICFP programming contest). I have fun hanging out with a bunch of like minded people, and I find that I learn a ton when I force myself to sit down and actually make something. I can certainly see the points about food/drink, however, the events I've been to (and hosted a bit of) did have healthy options. I think there would be a mass lynching if there weren't unhealthy options too, but ah well, caveat emptor.

However! I actually don't think that occasional hackathons (everything in moderation) is harmful to hacker culture. People do not model their lives around hackathons. As a participant, I can tell you that I do not want to feel that crappy on a regular basis under any circumstances. Rather, hackathons are a reflection of a culture that already exists. Fix the culture, not the results, because I'm sure that lack of good sleep, diet, and exercise are far more pervasive and prevelant problems outside of hackathons.

14
mgkimsal 2 days ago 0 replies      
may be related...?

I was part of the 'startup weekend' in raleigh last april. Our team came in 2nd out of 20 (actually, there was a 3 way tie for 2nd).

Most other teams had somewhere between 4 and 8 developers or related technical folks. Our team had 1 - me. I know other teams got mired in arguments about what version of Rails to use, which gems, and various other technical trivia, I had just me to answer to, and I got quite a lot done. Other teams got a lot done too, no doubt, but one person just hacking with some non-dev minds to bounce ideas off of was just as effective - perhaps moreso - than a team of developers.

At the halfway point we chatted with another team. I showed what we'd (I) had done, and one guy smirked some. He then showed their system - a mobile app that did XYZ, had some neat features, and was pretty far along. Someone on my team said "but we've only got one developer", and the guy changed his tune, and became visibly impressed in what I'd been able to build in... at that time, around 12 hours. They'd had a team of, I think, 6 devs.

The point is not that I'm some super coder, but that focused concentration and time blocks with a handful of people can get a lot done quickly.

15
tg3 2 days ago 1 reply      
> Working late into the night and not sleeping for days is lauded and almost considered a necessity by many these days.

> And leaving long-term health out of the equation, lack of sleep hasn't been known to improve your focus or the ability to be logical or creative, all of which are critical skills for developers.

For me personally, I code late at night because it's the only time during the day when I can truly be distraction-free. No incoming emails, no meetings, no phone calls, no running into people. Coding happens best when you can concentrate for long periods of time [1], and the best time to concentrate is when the rest of the world is asleep. YMMV.

[1] http://www.paulgraham.com/head.html

16
saraid216 2 days ago 0 replies      
If you're attending every single hackathon ever, you probably have problems that aren't purely physical.

If you aren't, then recognize that occasional deviations from an otherwise healthy schedule and lifestyle aren't lethal or actually bad.

17
Kurtz79 2 days ago 0 replies      
Disclaimer: I have never been in a hackaton.

That said, I simply don't think it's something people do every day, or every week, or frequently enough so that can severely alter one's lifestyle.

The author makes some good points, but they really apply to a more general day-to-day lifestyle.

There is nothing inherently damaging in a hackaton if you normally get enough sleep, eat healtily etc...

18
paranoiacblack 2 days ago 0 replies      
The hacker community is pretty interesting. Someone hosts an event and brings a bunch of random junk and alcohol, telling people to get cracking on cool ideas. People don't get sleep, sit around, partake in random junk and alcohol, and it's the event's fault somehow. Pretty interesting.
19
richo 2 days ago 1 reply      
Alcohol is bad for you. So is going outside and waking up every morning.

I enjoy doing these things in moderation though, do we need more nanny stating to tell me what I can enjoy doing?

20
rlu 2 days ago 0 replies      
sigh

it's meant to be fun. As long as you're not doing them all the time - who cares?

21
gailees 2 days ago 1 reply      
Large-scale Hackathons are the best thing that's ever happened. I've learned new languages/frameworks, tools, platforms, and even learned nearly everything I know about programming at hackathons.

Its hard to find a better environment for learning than one in which you are building something you are passionate about and overcoming obstacles like nobodys business with a hard external deadline and plenty of incentive without having to even worry about getting food/drinks/anything at all.

22
adeaver 2 days ago 0 replies      
I've done a couple hackathons and while I did lose a good amount of sleep and loaded up on caffeine I found them to be fun and thoroughly enjoyable.

Too be honest I didn't find them any different than the times I have picked up a new game or book and stayed up all night playing/reading or spent time with friends playing marathons tournaments.

Hackathons are no better or worse than a majority of the other things we do, they just happen to be sponsored events where you don't spend all your own money on junk food.

23
Moto7451 1 day ago 0 replies      
A couple points from my experiences, which are really just a sample of corporately sponsored hackathons in LA:

1. In about 6 hackathons over the course of the year, none had alcohol and only one had a post event get together at a bar (Startup Weekend).

2. Generally speaking the food tends to be pretty good quality if you behave yourself. I've never been to one where fruit and salad weren't available. You can drink a gallon of soda and eat a lot of fattening food if you prefer.

3. If you're paying attention you'll find that the people who leave at a decent hour, sleep, and come back early rested and refreshed get more done. I've always finished every project I've been a part of because I stay sharp.

24
Tichy 2 days ago 0 replies      
Or learn from women: the Berlin Geekettes provided "real food" and a relaxation area with a Yoga coach for their Hackathon http://berlingeekettes.github.com/hackathon/
25
Ovid 2 days ago 1 reply      
I am totally lost by this post. I've attended several hackathons, but they're nothing like what's described. They tend to be 9-to-5 affairs stretched out over several days. The food at the last one had a lot of fruit, healthy sandwiches, plenty of water, juice, coffee, tea, (and yes, some junk food). We saved the boozing for dinner.

And the hackathons weren't a distraction. Yes, some people ran around and talked a lot and there was definitely socializing going on (if you're not a people person, a hackathon may not be for you), but really: a lot of the talk was with people who were experts in the problem area we were gathered to deal with and this made us so much more productive. I've been to five or six hackathons now and generally just about everyone turns out plenty of great stuff there.

We got a lot of great stuff done, had some fun, caught up with old friends and got to visit a new country (well, not me. The hackathon was here in Paris).

26
mncolinlee 1 day ago 0 replies      
I disagree with his insistence that one must lose sleep to win a hackathon.

Our >40k employee corporation had our first annual corporate hackathon in 2012. I led the team of six that beat forty-seven other teams to win the whole hackathon. No one on my team took any less than twelve hours off between day one and day two.

A hackathon is about developing an impressive minimum viable product and demo. It is not about building a finished product.

27
adamsaleh 2 days ago 0 replies      
I have never experienced a hackathon, most similar thing that comes to my mind, that I was part of are hackfests on some open-source conferences and those were pretty great.

Usualy a hackfest meant bunch of coders interested in a project sitting in a room for ~5 hours and doing bug fixing, new features, or just discussing. Everything is good in moderation, I guess.

28
spullara 2 days ago 1 reply      
...said by someone that is no good at hackathons. :)

Honestly though, hack on something you can finish in a few hours and go home and come back the next day to tell people about it. I'm still running twickery.com from the last F8 opengraph hackathon I went to. Spent a few hours and still use it now.

Hackathons give you an excuse to scratch an itch, learn something new and challenge yourself.

29
nthnb 2 days ago 0 replies      
Hackathons are just a formalization of what we already do when we're building something we care about. Everyone should take care of themselves but if you care deeply about something and want to change the world, hacking all night once in a while can be invigorating.
30
YZF 1 day ago 0 replies      
When I was much younger (high school) I used to stay up all night with friends, code, drink Coke, eat unhealthy foods - for fun. No exchange of currency involved. Then I would go and sleep until 2PM. Now I can't do that any more.

The other point is that even activity that is generally considered healthy, like sports, when forced upon you by various means, is going to be a negative. Forcing someone to run adds stress. Running because you enjoy it and want to run reduces stress.

31
abraham 1 day ago 0 replies      
32
jami 1 day ago 0 replies      
I've only been to hackathons that last eight hours tops and usually involve terrific beer and food (ahh, Portland...).

Especially as a mom with a full-time job, I love the focus on getting things done at hackathons, as contrasted with other nerd gatherings, where the focus is on chit-chat.

Startup Weekend's 48 hours with no sleep model sounds very unhealthy to me, but an excuse to crunch away at a side project for a few hours with free beer and friendly nerds? Yes, please.

33
stormbrew 2 days ago 0 replies      
Sometimes people do things that aren't exactly healthy because they enjoy doing them.
34
davidkassa 2 days ago 0 replies      
I'm at a work-sponsored hackathon right now! It's an annual thing so there's novelty. Several a year would be quite rough.
35
i386 2 days ago 1 reply      
Link is dead. Anyone got this in their cache?
36
mattbarrie 2 days ago 0 replies      
Stop being a party pooper. They are a good way to do something different, unleash some creativity and have some fun.
37
dquail 2 days ago 0 replies      
The energy, collaboration, exposure to new technology, people, ideas, creativity … far outweighs the cons here. No one's forcing you to stay until 5AM and eat nothing but skittles and trail mix.
38
mmahemoff 2 days ago 1 reply      
Agreed on food and drink.

At least provide healthy options, particularly bottled/filtered water instead of just soft drinks and booze.

39
zestyping 2 days ago 1 reply      
The most serious problem with hackathons is that many of them create the misconception that anyone can build a product in a weekend. Most cannot.

A few can build a great prototype; an even smaller miniscule few can build a product. But most hackathon participants produce either no code at all or terrible code.

This is fine if all you want is to make friends or build working relationships or make a throwaway prototype.

But, if you want to make a lasting code contribution, it's almost certainly got to be a small feature or bugfix on an established project, for which the problem definition, skill set required, and relevant parts of the codebase were documented in some detail before the hackathon. Very few hackathons have this level of preparation.

Better preparation or better expectation-setting -- that's what is needed.

40
jasonlotito 2 days ago 0 replies      
Maybe the author has had a run of bad luck, or I've been lucky in the numerous hackathons I've attended, but I've never been a part of a hackathon where it met his "standard recipe for a Hackathon."
41
brador 2 days ago 1 reply      
It's a hackathon. The whole point is to push yourself.
42
baby 1 day ago 0 replies      
They are bad because they're bad for health. Bouhou. So are LANs. And it makes it fun. Why complain about it?
43
jbackus 2 days ago 3 replies      
Health isn't everyone's first priority. It certainly shouldn't be viewed as a first priority in every context.
44
rogeriopvl 2 days ago 0 replies      
Moderation is the key. If you attend hackathons often, it really has negative impact on your health, just like spending all weekend nights in a disco, drinking alcohol until morning also does (and allot more people do the latter).
45
codeme 2 days ago 1 reply      
I think Hackathons are still a good way to meet like minded people and find co-founders.
46
gr33nman 2 days ago 0 replies      
Lack of sleep alters human gene activity
http://news.ycombinator.com/item?id=5298948
27
Why Watching DVDs on Linux is Illegal in the USA howtogeek.com
204 points by vilgax  1 day ago   124 comments top 18
1
spindritf 1 day ago 3 replies      
In Poland you can make a backup copy of a DVD circumventing "security" measures where necessary. More, you can share that copy with members of your family and people in your social circle. It's considered fair use.

Anyway, while this law seems completely and horribly broken, technology allowed us to escape it a bit. I don't even have optical drives in my computers any more.

Of course, this means that watching any movie or tv show on a computer requires downloading it from... a source because popular online players (some offer content for free, like TVN, a large private broadcaster; and not just a clip here and there " full episodes, even whole films) usually require Silverlight which doesn't really work on Ubuntu. Luckily, that " downloading copyrighted materials for personal use " is, again, legal†.

† some exceptions apply.

2
JohnHaugeland 23 hours ago 6 replies      
This isn't even close to correct.

What the DMCA says is that you can't strip and redistribute the content, not that you can't strip and watch it. This is an old false stalking horse.

And even if this is correct, this wouldn't make you a criminal; since nobody knows, this does not rise to the level of intent.

Notice how if this was true, people would be making a fortune going after TiVo.

http://en.wikipedia.org/wiki/Moral_Panic

Notice that he's also saying that it's legal to jailbreak a phone (it isn't, anymore,) and that the reason it was legal was an exemption to the DMCA (which is completely incorrect.)

Notice that the thing he's claiming is illegal is a link to a thing that's actually about a completely different topic - space shifting, ie they claim, taking the DVD, decoding it, then transferring that decoded version to another device.

Oh, and that place he's citing is also wrong. This isn't what the problem is in the eyes of the copyright office. Space shifting is perfectly legal, and is done on large consumer devices all the time. iTunes can do it, your Archos can do it, the SlingBox can do it, the high end TiVo can do it, I think the Hopper might be able to, et cetera.

Quoting the source he claims said this was illegal:

> "And the RIAA and the MPAA agree with you. In
> 2005, their lawyer (now the Solicitor General of
> the United States) assured the Supreme Court that
> “The record companies, my clients, have said, for
> some time now, and it's been on their Website for
> some time now, that it's perfectly lawful to take a
> CD that you've purchased, upload it onto your
> computer, put it onto your iPod."
>
> Movie executives agree as well. Mitch Singer, the
> Chief Technology Officer of Sony Pictures Entertainment
> explained to author Robert Levine that the idea for
> the movie industry's UltraViolet program evolved out
> of Singer's own frustration with transferring movies
> between PCs in his home.

And, of course, the Fair Use clause of the copyright act makes it perfectly clear that you're allowed to do this as long as you aren't transmitting it to other people. Have fun. Go nuts.

There was a point at which it was, briefly, illegal to decode DVDs under Linux, but it had nothing to do with any of this, and it's long since undone. What was actually going on was that the MP3 decoder is under patent by Fraunhofer AG, and back in the mid-1990s, before most people understood what Linux was, but when MP3 players were starting to become popular, Fraunhofer started to assert their patent to take money from device manufacturers.

A few MP3 makers protested that they were using the MP3 stuff built into Linux, and as such they weren't the ones using the tech, Linux was, and Fraunhofer ought to go after Linux. Fraunhofer fell for this, and in response, the community removed MP3 stuff to insulate itself from legal nonsense. A couple months later Fraunhofer figured out what Linux was, and issued a free use license like decent people, but the community was so long since neckbearded out over the topic that they never put any of it back in.

And then the legends of what was going on began.

This is why you don't take legal advice from random programmers on the internet.

This is a bunch of moral panic over a misunderstanding of the copyright system. There's absolutely no reason that it's illegal to watch a DVD in America. This just isn't true at all.

3
anoncow 1 day ago 3 replies      
We continue trying to find ways to create new outlaws. 6 strikes came into effect and nobody is bothered. The govt does not represent the people. What is said is not meant. We live and are expected to live chasing things we don't want and as slaves to masters, hoping to be masters someday. It is extremely disturbing to be able to think about all this and live life. It is no wonder that some people choose to ignore all of the negativity and live whatever is left of their lives.
4
jzwinck 1 day ago 7 replies      
Equally weird is that watching PBS content online is blocked if you're not physically sitting in America. For those who don't know, PBS is a US non-profit TV network, partially funded by the federal government and to varying degrees the states. Yet their website actively blocks would-be viewers outside the US, including US citizens (who are required to pay US taxes wherever they live).

Oh, and when I took my Korean-made but US-bought TV to the UK, guess what? Its Netflix feature stopped working completely.

Whether buying a DVD or streaming video online, I'm tired of not getting what I pay for.

5
bpatrianakos 1 day ago 7 replies      
This is nothing to get in a tizzy about. DMCA is stupid, we know, but the reality is that laws are made all the time that have some asinine edge-case side effect that makes a totally innocent action a criminal offense. The important question here is, are you likely to be prosecuted for such a dumb thing. I think it's relatively safe to say you won't. Obviously we can't say the same for those of us who'd be inclined to build our own DVD playback software but to use it to view a DVD is, in reality, not going to get you in trouble.

I'm not saying I support this. I absolutely don't. My question is, what's the point here? To me, this comes off as another article meant to get all the anti-copyright, anti-DMCA people to all come together and pat each other on the back for how smart they are for being against such silly laws. This stuff is good to know and interesting but I'm still a little disappointed its on the front page of HN. It seems like exactly the kind of thing the guidelines say not to post. It's an easy up vote - who can't get behind the idea of DVD playback on Linux being illegal being, well, ludicrous.

6
caf 1 day ago 0 replies      
I was a little taken aback to realise that a new generation of hackers that doesn't remember a world without the DMCA is now here. DVD Jon isn't a kid anymore... he'd be pushing 30 by now.
7
pfortuny 1 day ago 4 replies      
I just realized the other day that public projection of a DVD in an oil rig is illegal (yes, they appear explicitly in the banner). Funny: hospitals, schools, ..., oil rigs!

Unbelievable.

8
craftman 1 day ago 1 reply      
Guys, the best way to react to this is to create our own content (music, films, books, theater, whatever...) then share and appreciate with friends. We dont need those companies to invent our life.
9
ishansharma 1 day ago 1 reply      
I don't love in USA but I have an impression that laws like this are made just to put more money in pockets of RIAA and other similar ass.es.

Most of the copyright laws are standing on the line of sanity and one small change can make them appear like creation of a kindergarten kid.

10
waterlesscloud 1 day ago 1 reply      
The weirder thing on Linux is that you can watch Amazon's streaming videos in Firefox, but not in Chrome. Apparently the Flash plugin for Chrome on Linux removed drm for some reason, so Amazon killed it as a supported platform.
11
flexie 1 day ago 0 replies      
Yet another marginalization of freedom serving the interests of a the few well-lobbbied rightsholders.
12
SeppoErviala 19 hours ago 0 replies      
This is not limited to Linux but affects all players that use libdvdcss. For example, Windows and OSX versions of VLC come bundled with the library.
13
sbouafif 18 hours ago 0 replies      
In France using VLC to watch a DVD is illegal too.

http://en.wikipedia.org/wiki/DADVSI
http://www.videolan.org/press/eucd.html

14
jdhuang 1 day ago 1 reply      
Curious to hear whether these weird Linux-asymmetries apply to Blu-Ray or online digital media (e.g. Hulu/Netflix) too.

I would be willing to accept the fact that DVDs were invented so long ago that some of their restrictions are a little archaic.

15
dimadima 1 day ago 0 replies      
Whaaaaaat? This is the oldest news ever. I'm going back to sleep, and when I wake up, this site better not be a throwback to 2002, OK?
16
zabuni 23 hours ago 0 replies      
Minor quibble with the article. Handbrake is not illegal. It does not break encryption, it merely transcodes. It, by design, does not come with a copy of libdvdcss, and you have to download it through other means. It will also, on a mac, go find VLC's copy and use it.

The people behind Handbrake are somewhat touchy about this, for good reason.

17
unreal37 23 hours ago 0 replies      
Who are these people who want to play DVDs on Linux? I have Windows and I have played a DVD on my computer exactly "never" times in the past 20 years.

If you want to play a DVD on Linux, boot Windows for that. Or use a DVD player. Or don't watch DVDs any more. Or crack it in the comfort of your own home for only your own use, and noone will ever prosecute you.

18
lysium 1 day ago 1 reply      
It's also illegal to do so in Germany.
28
Name.com hijacks non-existent subdomains and redirects to their servers destructuring.net
200 points by tnorthcutt  2 days ago   89 comments top 30
1
machrider 2 days ago 6 replies      
My workaround for this was to add a TXT record for *.mydomain.com that just returns a string like "Unused". This seems to stop them from hijacking any subdomains, and it's not an A record so undefined subdomain names do not resolve, just like if you had not defined them in the first place.

(Workaround shouldn't be necessary of course, but this kind of bullshit is par for the course with cheap hosting companies.)

2
nbpoole 2 days ago 1 reply      
Some previous discussion on this issue (almost 2 years ago):

http://news.ycombinator.com/item?id=2443710

I'll say the same thing I said then:

As an anecdotal counterpoint, I'm an extremely happy Name.com customer. I transfered several domains to them a year or so ago from GoDaddy. They support two-factor authentication, their interface is uncluttered, I pay them less money than I paid GoDaddy, and I haven't had a single issue. I would highly recommend them to anyone looking for a registrar.

That being said, I don't use them for DNS. If this is a feature of their nameservers, I do find it strange that they don't offer a way to opt out (other than using alternative nameservers).

I am still an incredibly happy Name.com customer and would recommend them as a registrar to anyone who asks. I just would point them somewhere else for DNS hosting.

3
miles 2 days ago 1 reply      
Name.com is surprisingly open about this spammy practice, and even highlights methods for circumventing it:

http://www.name.com/blog/general/domains/2012/01/pro-tip-how...

Of course, it would be better for them to simply charge a bit more and get rid of it altogether, especially since it breaks standards.

4
joshka 2 days ago 1 reply      
I ran into the same issue several years ago. Now I actively recommend against name.com because of this practice, which I consider very dodgy. Their support was unable to provide any real resolution to this and so I moved elsewhere. On recollection, I should have asked for my money back. Not for the meaningful amount that it cost, but to highlight how stupid this practice is. I'd encourage anyone with name.com to do the same as a form of protest.

A previous series of support emails:

--

I own the joshka.net domain registered with name.com.
When I attempt to resolve a subdomain that does not exist I expect this to
return a NXDOMAIN result.
Instead, the name.com name servers return an IP address of spammers.

How can I setup my account to return NXDOMAIN for this domain?

--

Hello Joshua,

I have set your domain to a wildcard 'A' record, that accepts any
subdomain, and points it to your hosting IP address. I ran a 'dig' [ping]
command on 'stuff.joshka.net' as a test, please see the results below:

--

I think we have a slight misunderstanding. I do not want a wildcard A record
(and have removed the record that was setup).
Resolving any subdomain that I have not explicitly created a DNS record
should return a NXDOMAIN result.
This expectation is in line with ICANN's memorandum titled "Harms and
Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar
Technologies) at Registry Level" at
http://www.icann.org/en/announcements/announcement-2-24nov09...
Providing this default wildcard service where it is not requested or
required is a disservice. I can't imagine why I would want or need this.

--

Hello Joshua,

I apologize for the misunderstanding with the wildcard DNS record. We have had multiple customers request this in the past, and this feature was used with success in those cases. I have consulted our management team to see if there is a different option that we can provide you. Please look for a response concerning this issue tomorrow.

--

Thanks Elicia,
I'll look forward to hearing from you.
It's not the wildcard DNS itself that I couldn't see the use of. I
understand why that would be useful in narrow situations.
What I don't understand is why name.com provide the default wildcard A
record redirecting to a site full of advertising. I don't know how this
would be useful to any business or entity that does not want to use wildcard
subdomains of their own.

I understand that section 19 of the registration agreement seems to cover
this use of wildcards (though the wording is fairly vague), but it also
states "At any time, you may disable the placeholder page by updating,
modifying or otherwise changing the name servers for the relevant domain
name."

--

Thanks for getting back with us. Yes you are correct, by changing the DNS or name servers for this domain, it will no longer point to the parking page.
I have discussed all options for allowing this wording to show, with our support management team, and the systems administration group. We sincerely apologize, however our DNS servers are not able to show the 'nxdomain' that you mentioned.

This option is possible should you wish to use your own custom name servers for this domain. Should you wish to setup your own name servers, here are instructions for registering these name servers from within your Name.com account

<snip>

5
pi18n 2 days ago 0 replies      
Even worse; their customer agreement seems to indicate that you are responsible for the content. They also refuse to turn it off if you send them an email. What a shitty little company to be inflicting this on their customers.
6
ceejayoz 2 days ago 3 replies      
The more stories like this I read the happier I am that I use a paid service (Route 53).
7
zx2c4 2 days ago 1 reply      
I'm in the process of switching to gandi.net. It's not as cheap as name.com (3 dollars difference...), but their DNS service seems really topnotch. Also, they're open to acting as a secondary DNS server and mirroring my own NS via AXFR, which is pretty nice.
8
jstanley 2 days ago 3 replies      
It's really not that hard to run your own nameserver. While I obviously disagree with what they're doing, I think you should have been running your own in the first place.
9
xpose2000 1 day ago 1 reply      
I contacted Name over twitter and their response was sarcastic and they don't seem to care. https://twitter.com/namedotcom/status/307523296910532608
10
jbarham 2 days ago 0 replies      
FWIW I run DNS hosting service SlickDNS (https://www.slickdns.com/) and hijacking non-existent subdomains is a non-feature. It's free for personal use for 2 domains and paid plans start at $10/month.
11
krichman 2 days ago 0 replies      
21. Parked domain service

All domain names registered via Name.com will automatically be provided a Parked Domain Service. All domains will default to our name servers unless and until you modify your default settings. At any time, you may disable the placeholder page by updating, modifying or otherwise changing the name servers for the relevant domain name.

Domain names using our Parked Domain Service may display a placeholder page for your future website. These placeholder pages may include contextual and/or other advertisements for products or services. Name.com will collect and retain any and all revenue acquired from these advertisements, and you will have no right to any information or funds generated via the Parked Domain Service.

You agree that we may display our logo and links to our website(s) on pages using the Parked Domain Service.

Name.com will make no effort to edit, control, monitor, or restrict the content displayed by the Parked Page Service. Any advertising displayed on your parked page may be based on the content of your domain name and may include advertisements of you and/or your competitors. It is your responsibility to ensure that all content placed on the parked page conforms to all local, state, federal, and international laws and regulations.

It is your obligation to ensure that no third party intellectual or proprietary rights are being violated or infringed due to the content placed on your parked page. Neither Name.com nor our advertising partners will be liable to you for any criminal or civil sanctions imposed as a direct or indirect result of the content or links (or the content of the websites to which the links resolve) displayed on your parked pages.

As further set forth above, you agree to indemnify and hold Name.com and its affiliated parties harmless for any harm or damages arising from your use of the Parked Domain Service.

12
MatthewPhillips 2 days ago 1 reply      
I caught Hover.com doing something similar[1] a couple of years ago. They were adding forwards not for subdomains but paths of the root domain. I actually switched to Name.com for this very reason, troubling to see another pulling this stuff.

[1]http://matthewphillips.info/posts/no-thanks-hover.html

13
nathanhammond 2 days ago 0 replies      
I posted about this almost two years ago (http://news.ycombinator.com/item?id=2443710) ... I am eagerly looking forward to DNSimple (http://dnsimple.com) entering the market as their own registrar (instead of reselling enom). Their founder has said that is a high priority goal for them this year which will immediately make them the registrar and DNS provider for all of my domains.

Oh, and don't use name.com, they hijack DNS. :)

14
fuser 2 days ago 2 replies      
Can't you just do a CNAME entry with a wildcard pointing to your primary domain?
15
arikrak 2 days ago 0 replies      
Bluehost puts ads on subdomains and directories that you haven't set up yet.
16
SODaniel 2 days ago 0 replies      
Well domain.com uses 'parked' domains to ear themselves advertising dollars until you 'use' them so it seems most domain registrars are in on the 'racket'.
17
ajju 2 days ago 0 replies      
I love name.com but I find this irritating enough that I plan to find another provider unless they fix this.
18
RKearney 2 days ago 1 reply      
By default, every 404 page hosted with HostGator puts an advertisement for HostGator hosting on your site.
19
unreal37 2 days ago 1 reply      
A bit off topic, but I used to work for a company called NAME that had the name.com domain. They went out of business in the dot com bust of 2001, and I guess the domain got sold. I can't see name.com without thinking of that.
20
antsam 2 days ago 0 replies      
This is generally why I stay clear of using the "free DNS" provided by registrars. But then again, they can still be more reliable than hosting your own.
21
lowglow 2 days ago 0 replies      
I'm building a registrar we'd want to use. I'd like to hear a list of "love to haves" for people interested in the project. Try out what I have so far http://nametagup.com/
22
fvdsvcfhgyju 2 days ago 0 replies      
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@destructuring.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

23
2xlp 2 days ago 0 replies      
Thanks. That was my post. Sad to see others have dealt with this before. I went through their TOS, and there's no way in hell their "Parked Domains" clause is applicable to DNS failovers. What they are doing is just totally wrong. I wrote a second post about it as an Open Letter to them here : http://www.destructuring.net/2013/02/28/an-open-letter-to-na...
24
circa 2 days ago 0 replies      
I have never used name.com but I mainly use hover.com and namecheap.com - never had bad experiences with them or register.com either.

GoDaddy is the absolute devil though. We all know that.

25
iamtherockstar 2 days ago 0 replies      
I actually just ran into this. I had a client forget to add a www CNAME record, so they thought the site was "hacked" when they added the www to their domain and got this parked site. Luckily, it's not a cached record, so when we fixed it, DNS servers started finding the right record immediately.
26
jacob019 2 days ago 1 reply      
Switched from godaddy to namecheap for my 20+ domains a couple years ago. I couldn't be happier.
27
pidg 2 days ago 0 replies      
This applies to customers of DomainSite too (same company). Annoying, as they've been really good otherwise for many years.
28
mikehc 2 days ago 0 replies      
I was not aware of this. Adblock just showed me a blank page.
29
circa 2 days ago 0 replies      
wow Subdomains? That is pretty low.
30
didyousaymeow 1 day ago 0 replies      
badger.com - haven't looked back once.
29
Ten years of PyPy morepypy.blogspot.de
196 points by DasIch  2 days ago   32 comments top 9
1
jamesjporter 2 days ago 2 replies      
I'm personally very excited about the prospects for NumPy in PyPy, as this is my main use case for python.
Relatedly, on the PyPy homepage, you can give money to help grease the wheels on development of specific PyPy features: http://pypy.org/. There's also quite detailed proposals that describe where the money will go, how it will help each feature's development, why each feature is useful/cool, etc. To me this seems like a really awesome way to organize donations for an open source project and gives me greater confidence that my donation will have an impact.
2
bdr 2 days ago 1 reply      
Awesome. Is there somewhere they've documented the wisdom they've gained in more detail? I'd love to hear more about the issues encountered with JavaScript, ctypes, and LLVM, and lessons learned in general.
3
opminion 2 days ago 2 replies      
To make it more likely to be accepted, the proposal for the EU project contained basically every feature under the sun a language could have.

How common is this in EU projects?

4
throwaway54-762 2 days ago 0 replies      
This reminded me to make another donation towards py3k support =). Keep on rocking on, pypy.
5
evilpie 2 days ago 0 replies      
I actually find it very impressive that they have a quite well working tracing JIT. For Firefox we had TraceMonkey, but the code was hard to maintain and hacked into the infrastructure. And it turned out that most stuff doesn't trace very well in the real world. (not SunSpider, argg!)
I haven't looked very recently but I guess the pypy frontend for JavaScript is still not actively maintained? I think I remember seeing some thesis about that recently.
Best of luck to them in the coming years!
6
slurgfest 2 days ago 2 replies      
From the article: "the first usable PyPy was released in 2010." For most practical purposes PyPy is only two years old, not ten.
7
TheCondor 2 days ago 0 replies      
I recommend using it. It's a great platform. Well done guys
8
pjmlp 2 days ago 0 replies      
Still hoping one day CPython gets replaced by PyPy as default Python implementation.

Good work guys.

9
daemon13 2 days ago 0 replies      
According to PyPy site it can run Django.

Was it tested or anyone used it in production to run Dj 1.4? Dj 1.5?

30
Torvalds clarifies Linux's Windows 8 Secure Boot position zdnet.com
195 points by mtgx  3 days ago   144 comments top 18
1
trotsky 2 days ago 8 replies      
Having read through the entire thread instead of just the expletives, in my opinion it's a rare case of Linux and Greg being totally wrongheaded on the issue.

The problem crops up because redhat submitted a pull request to enhance the existing in kernel live inclusion of additional trusted x.509 certificates. Note that this is 100% upstream and live. The pull was to add the ability to extract these x.509 certificates from UEFI PE binaries, as this is the only format they are available in from the only CA UEFI secure boot computers are guaranteed to trust - Microsoft's CA.

Linus decided he didn't like it because he didn't like the idea of extracting a certificate instead of having it alone. Understandable, probably, except that leaves you in a situation where a secure kernel that was executed due to a microsoft CA chain of trust now can't make use of that CA's code signing services to decide if it wants to run a module solely because linus doesn't approve of parsing the file format that contains the key.

The biggest place this comes up is binary only graphics drivers from ati and nvidia - without changes os's like fedora are going to refuse to run them because they're unsigned, which is unfortunate considering how uneven some of the open source 3d drivers are and the heavy reliance on 3d in all modern desktops environments.

Meanwhile microsoft is perfectly willing to sign these drivers and has an existing substantial CA operation. Both ati and nvidia submit their windows drivers for signing to this CA all the time, so it'd be almost no extra effort for them to get their linux shims signed as well.

But because linus thinks parsing a PE for a signed module key is asinine, he goes on to provide a series of rather off the cuff alternatives:

a) Every distro should parse the PEs and add every key of every 3rd part module they wish to allow to run and embed these in their signed kernels, issuing a new kernel every time a driver revs.

b) ok, maybe that's not ideal. how about every distro that wants to allow binary drivers to run builds their own CA infrastructure, verification and qualification team and revocation infrastructure. So that's a team at cannonical, redhat, novell, mint, oracle, ibm, etc. etc.

c) ok, maybe full ca teams are a bit burdensome. How about all you distro guys just blind sign the binary drivers with your own signing key - worrying that MS might revoke your key because you blind signed an exploit is pointless fearmongering.

d) ok, you're right this is harder than i thought. let's just collectively decide that users with secure boot enabled will be prevented from running any module not shipped by the os vendor. Aka fuck off unless you're using intel video.

e) alright, maybe that's a little severe. Instead let's just punt entirely - even though we're going through the trouble of a chain of trust from firmware to boot loader to kernel to most modules, let's allow any unsigned binary module to be loaded by default.

f) ok, i guess that kind of defeats the purpose. None of this is good security anyway - what we should be requiring is any user that wants to use secure boot should generate their own signing keys, add them to the firmware and then parse and sign everything they trust, repeating the process every time they update while of course protecting the signing key from attackers.

I think that about covers it. Linus is really smart, but sometimes he makes a snap decision and then will perform whatever mental gymnastics are necessary to defend it to the death. And most of his inner circle will publicly go along with it because of the real chance he'll pay you back by randomly torpedoing something of yours sometime in the future.

Linux's signed code infrastructure is currently the worst in the industry and Matthew and Redhat have provided the bulk of the improvements that everyone is using. It's going to provide real user benefit, even if the users are paralyzed by FUD. Getting in the way of the process or trying to punt it out of mainline and onto everyone who ships a distro isn't going to help anyone.

2
speeder 3 days ago 6 replies      
I always thought that the secure boot is a very, very, very bad idea.

In fact the whole UEFI in general I think it is a clusterfuck of mishmashed random ideas, some good, many bad.

What I intend to do personally, is attempt to don't use secure boot.

And this all might explain the e-mail I got from Lenovo 10 minutes ago...

I asked them for a non-Windows machine.
They replied saying that they from now on only manufacture machines with Windows. At first I was: "wtf? why?" now this article remembered me that now we have firmware tied to Microsoft, and this explains then why ThinkPads must come with Windows.

Here in Brazil this is illegal, and Lenovo for example got sued (and lost) once. I hope a rain of lawsuits make this shit stop.

3
UnoriginalGuy 3 days ago 7 replies      
The thing about secure boot is that it is a GOOD idea done very badly indeed.

What was needed was for a trusted neutral party(or two) to be the owner of the root key, and for that organisation to hand out child keys (e.g. Microsoft, Open Source Initiative, Apple, etc) who could in turn generate child keys (all of which could be revoked). Essentially we need the "internet model" of key exchanges for this too.

I cannot understand who thought it was a good idea for Microsoft to be the only authorised party to generate keys. Even from Microsoft's perspective it is just asking to get anti-trust-ed again.

4
kogir 3 days ago 0 replies      
From my read of the article, Linus simply states his preference to actually support secure boot (and verify signatures), or not support it at all. He thinks attempts to "Secure Boot" a loader which then allows arbitrary code execution are a waste of time, and they are. If you don't want boot time signature verification, you should turn it off, not break the chain of trust.

In fact, done right, perhaps hardware vendors that currently only provide binary blobs could be coerced into providing source. "Oh, you want to boot on our distribution? We don't sign blobs, but if you commit source we'll build and sign the module."

If ever hardware does come out that doesn't allow you to opt out of signature verification or provide your own keys, just don't buy it.

5
bcl 3 days ago 0 replies      
6
belorn 3 days ago 2 replies      
> What they've told us privately is that as long as no-one comes along with a plausible exploit for Windows based on using a secure boot enabled Linux system, they don't care what we do.

I guess we need to hide all those forensic distributions that can modify and access data on a windows machine. To name a few: backtrack, CAINE, and DEFT. If technology can modify and access data, it can also be used in an exploit. Some might even argue that running a forensic on a computer without the owners permissions is an exploit in itself.

Edit: How could such technology be used you say. Package a usb drive that once plugged in, will reboot the machine and load a Linux distribution. Once loaded, it automatically modify the windows system and transfer any interesting data it find. Afterward, it erase itself and reboots, thus looking like any empty usb drive once windows boots up. If that is not an plausible exploit which an ordinary Windows users could trigger and become compromised, then I would like to hear the definition of an "plausible exploit".

7
negativity 2 days ago 0 replies      
I'm glad Linus Torvalds is smarter than your average developer. Truly a solid chap.

If he were lacking these kinds of personality traits, and shrank like a mouse every time there happened to be an opportunity to compromise the integrity of his project, Linux would have died long, long ago.

8
_account 2 days ago 1 reply      
Physical access is god access. Admin/root is god access.

Guard them both with your life.

I fail to see how handing over control of your boot to some 3rd party who clearly doesn't have the same interests that you do is anything but a horrible idea.

Just physically secure your boxes(or VDI them) and use permissions and ACLs to do what they were designed to do[control and delegate authority].

A good first step for Microsoft, if it cares so much about security, is to stop making its users automagically admin for fogging a mirror, during new PC setup.

9
foohbarbaz 2 days ago 0 replies      
Do I read this right? Is somebody suggesting teaching kernel to read some stupid shit MS "PE binaries"!?

Go, Linus. Let kernel NOT even boot on these secure boot machines, see who runs back crying first.

Dells and HPs of the world are already hurting from Windows 8 disaster. Let them lose some of the server market and all the commercial customers that buy PCs and give them to devs who install Linux right away.

10
RexRollman 3 days ago 0 replies      
What a clusterfuck this situation is.
11
Toshio 3 days ago 0 replies      
ZaReason spoke out on this issue at FOSDEM (direct link to webm file):

http://ftp.osuosl.org/pub/fosdem/2013/maintracks/K.1.105/UEF...

12
aphexairlines 3 days ago 1 reply      
How are PC vendors hoping to sell laptops to corporate buyers whose IT departments want to reimage all those machines (a lot of them with Linux images) without wasting time going into UEFI setup menus to turn off Secure Boot one machine at a time?
13
Nux 2 days ago 0 replies      
I'm just going to put my fingers in my ears and not listen to anything anyone might say (write) that gets close to excusing the current situation or defending Secure Boot!

As such:
Secure Boot is just another lame attempt by Microsoft to slow down/control the competition; they are abusing their position on the market once again, like they did in the past, like they will do in the future. This is their way, "the wolf changes its coat, but not the disposition".

This shows that now more than ever Microsoft is shitting their pants because of Linux/Android/Google/Ubuntu/RHEL/LibreOffice/FOSS SQL/etc; they are slowly but surely losing the war, they are losing market share on every front. The way things are now in 10-15 years I bet they will no longer have the 90% of PCs share they have today, but Secure Boot might give them some help.

I can already imagine mr. Ballmer rubbing his hands in satisfaction: "oh, nice, we'll have the keys to all PC hardware".

My advice: do not buy Microsoft, do not buy hardware on which Secure Boot cannot be disabled. We _must not_ have all PC hardware controlled by a single company - it is just stupid.

And of all systems they chose CA? Really? After the epic way it failed time and again in the SSL cert industry - think Komodo or DigiNotar.

Not to mention keys given to USA and other governments that will be able to easily install malware and other crap to control the "sheep" (the germans already have some "official" trojans lol).

This is madness people.

14
humanspecies 2 days ago 0 replies      
Solution: UEFI should not exist. Period.

We don't need to argue over UEFI or anything about it. We need to get rid of it, simple as that.

If Intel goes through with this, we need an antitrust case against them and we need Intel broken like Ma Bell.

UEFI must not exist, period.

15
narrator 2 days ago 0 replies      
What if Microsoft refuses to sign your kernel because it violates their patents?
16
guilloche 2 days ago 0 replies      
MS becomes so hateful with the secure boot trying to control everything. I will never buy any machine with secure boot enabled and will boycott any MS product.
17
ycomb7 2 days ago 1 reply      
Is it possible to "sign" windows 8 and other windows drivers with your own root key so you can have your own key in UEFI and have windows still work?

I'm guessing that microsoft has no options for this at all, but I don't know for sure.

18
cooldeal 3 days ago 2 replies      
Linus posted a NSFW rant about it a few days ago. The story mysteriously went off the HN front page and subsequent submissions of the story went [dead].

http://news.ycombinator.com/item?id=5279531

Rankings graph showing a deep dive.

http://hnrankings.info/5279531/

Part of Linus' email:

>Guys, this is not a dick-sucking contest. If you want to parse PE binaries, go right ahead.

>If Red Hat wants to deep-throat Microsoft, that's your issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.

       cached 3 March 2013 16:11:01 GMT