hacker news with inline top comments    .. more ..    19 Jul 2013 Best
home   ask   best   6 years ago   
Do Things that Don't Scale paulgraham.com
1226 points by allang  4 days ago   207 comments top 65
graeme 4 days ago 3 replies      
I saw this on a miniature scale when I created a new subreddit (http://reddit.com/r/LSAT)

I spent about two weeks creating quality articles for the sidebar, personally replying to every submission/comment, manually recruiting anyone who mentioned the LSAT, and reaching out to moderators of related subreddits for links.

Mercifully, a subreddit is a small thing to launch, and after two weeks the place became self-sustaining and grew to 1500 subscribers.

I'm seeing the same thing again with a website I just launched (http://lsathacks.com), which has free LSAT explanations.

Very positive initial comments, but just letting people know about it hasn't resulted in a surge of traffic. Instead, I'm going to have to manually recruit people. Only then will I know if it's worthwhile.

My point is that this doesn't apply just to high growth startups. Almost anything new requires initial unscaleable effort.

Edit: The LSAT is the Law School Admission Test, a logic test required for admission to North American law schools.

guynamedloren 4 days ago 13 replies      
This bums me out. Majorly. I work at a YC startup (which will remain nameless), and we function exactly the opposite of how this essay suggests. We aren't huge by any means, but we focus heavily on scale, and suppress ideas that do not scale. Automate everything. Nothing should be manual.

I'm an engineer, but I recognize the importance of fantastic customer service. While building an iPhone app, I suggested that users should have easy access to our hotline at every step of the purchase and post-purchase flow in case they ran into issues. The founder rejected this. Why? "People would be calling us constantly". We also spent enormous amounts of time and resources tweaking the app design to perfection (pre-launch), and attempted a massive press launch with exclusive blog posts/coverage while turning our noses at any sort of manual user acquisition.

Fast forward 6 months. That product failed.

ggreer 4 days ago 1 reply      
You should take extraordinary measures not just to acquire users, but also to make them happy.

I'd like to elaborate on this point, because it's probably the most valuable thing I learned while working at Cloudkick.

Similar to how every Marine is a rifleman, I think every developer should be tech support[1]. It's an incredibly easy way to please users. Many customers don't realize how small your company is. They expect an experience similar to Comcast or Verizon: Listening to on-hold muzak interrupted by advertisements. Forced to enter obscure info such as an account number on a billing statement. Getting handed between people in various departments, each time repeating answers to the same set of questions.

To your users, it's as if they called Comcast and a cable modem firmware developer picked up the phone.

Could you imagine how much you would love Comcast if that happened to you? You'd still love it if the person said, "Oh sorry, that's a bug in our firmware. We'll probably have it fixed by tomorrow. I'll contact you with an update then."

That sort of support is impossible in a larger company. It makes your users outrageously happy. Many of them will praise you publicly and tell their friends how great you are.

1. Modulo standard disclaimers, working at a small startup, etc. I also think everyone should be in the on-call rotation, but that's another can of worms.

kevinalexbrown 4 days ago 3 replies      
I'd be curious to know good ways to balance these various things that don't scale. I speak from a position of inexperience, but I can't imagine a fragile startup could possibly max out any of them. Given that, what are some heuristics for allocating focus across several unscalable efforts? Put another way, what are cues to focus more on one thing than another?
peteforde 4 days ago 3 replies      
"The Perfect Store" is a book about the early days of eBay. The primary takeaway for me was how they deliberately went to swap meets, flea markets and garage sales all over America especially the rural flyover states and talked to people. They identified the key influencers and flew many of them to California to be given VIP treatment. Those folks returned to their communities as true believers and encouraged their flock to get on the train. 15 years later that investment paid off more than any of them could have hoped.

That said, I suspect that there are many founders who would be open to taking the show on the road. It's incredibly daunting to know what that looks like, or where to start. I feel like it's not laziness, just unknowable to people used to tech communities and test suites.

To that end, my friend Ted and I think we've figured out how to help these founders take the leap and get in front of real people. Those people might be clients, developers or community leaders.

If you're interested in what we're doing, let me know. I'm happy to answer any questions you have, here.

And if you need help with hard problems, you should definitely call Ted: http://usistwo.com/

kyro 4 days ago 0 replies      
The initial grind is a part of the startup fairytale that I feel is so often overlooked, yet is often the most interesting.

It shows just how the founders built their engine, the pieces they had to forge, parts that needed to be jammed together in some way to just barely function, components that were thrown out for costing too much and working too little. Every successful startup has their own engine. Some may be exact replicas of others. They work because the problems they tackle have been well explored. And others are bespoke, tailored specifically to handle truly difficult problems, and which require an immense amount of exploration, experimentation, failure, and restarts. That's why an Instagram can take off with less refinement and horsepower than an Airbnb -- we've developed the tools and built the maps to tread on one terrain, but not the other.

Jd 4 days ago 4 replies      
TLDR: Startups that try to focus on big launches are generally lazy. Success comes from putting in extraordinary effort to putting your customer first. This means you get super-enthusiastic users. This works by the principle of compound growth as users tell their friends.

Somewhat ironically I am of the opinion that:

(A) this is one of pg's best and most useful essays ever

(B) it is partially more useful because it is longer and more experience driven than some of his other "classic" essays (i.e. the theory behind why blub is bad and lisp is great)

(C) it is too long and could have been edited down a bit more

jmtame 4 days ago 0 replies      
This is probably my favorite PG essay to date, something I've spent a lot of time thinking about as well.

I think what separates novice investors from good ones is that a novice investor will start asking questions that only make sense at a later stage. They're committing a cardinal crime in startups: premature optimization. For some reason, even though they explicitly say they invest at the seed stage, they're looking at it from a warped lens of "let me think about how this works, in your current implementation, at enormous degree of scale." And of course the implementation will change, so the logic immediately breaks down on itself because you're assuming the thing you see now will be the same in 5 or 10 years. The baby analogy seems perfect for this reason. A baby will arguably have little to no resemblance to itself in 5 or 10 years, everything about it will have changed significantly.

The nice thing is you don't have to explain these things to the investors that "get it." It just clicks instantly, and I think this happens even before the meeting--it probably goes all the way back to the introduction that someone else makes for you. Good investors at a seed stage understand there's some degree of risk in a small yet still fragile startup that has at least some degree of promise to it. From the top tier people I've spoken to in the past, they focus less on the specific numbers and metrics, and more on the "does this fundamentally solve a problem in the market right now? Is there a real need for this thing to exist, and what's better about this than everything else out there?" They look at similar companies in different spaces and draw interesting comparisons. "You guys are like this other company, which started out much like you did, and you're applying a very similar solution. I think this will work!"

The really good investors don't try and evaluate your company as a Series D investment, they look at where you are right now at the seed stage and see it for what it is, and what it could be. I suppose this all sounds obvious, but the real world is full of surprises that contradict assumptions.

sethbannon 4 days ago 1 reply      
PG, can you give a couple examples of enterprise startups that took the "consulting" approach to establishing successful (largely productized) businesses?
eli 4 days ago 1 reply      
Totally agree.

It's been discussed on HN before, but here's another concrete example of this sort of thinking: killing the no-reply address. IMHO, there is no reason your startup should use no-reply for any emails, ever. Yes, it's a hassle to sort through all the out of office replies, but it's worth it.

Even if you tell people not to, they will reply to your newsletter or order confirmation or forgotten password message. And -- better yet -- they're often complaints! I like reading complaints. It's easy to find people to tell you you're doing great; I want to hear more about how we can improve. At my startup we make a point to reply to just about every message someone sends us (customer or not), but that's especially true of complaints. More than once I've gotten back replies like, "Wow I didn't expect anyone to read [my rant about how the site doesn't work on an Android 1.6 tablet]. Thanks for getting back to me!"

sriramk 4 days ago 6 replies      
I can think of quite a few startups that used a big bang launch with press with success. Off the top of my head - Instagram (MG's series of pieces on Techcrunch), Mailbox, Flipboard, Square, Path. I get where PG is coming from but press can help bootstrap a network effect if you have none.
graycat 4 days ago 0 replies      
Thanks, I needed that.

Since I haven't launched yet, I have a big file system directory (a folder)of articles on how to get initial publicityand users. While there is a lot good inthat collection, it has looked to me likein total it wouldn't be good enough to get my little airplaneoff the ground.

For an example of the contrast, PG's essay had essentially no mention ofan importantrole for publicity -- e.g., contacta writer at C|NET, TechCrunch, etc. for an article. Instead theessay had something that a foundercould do on day one -- contact peoplethey know and ask them to try it.Or try it for them and give them theresults. And find a way to get feedbackand then tweak the functionality.Good.

The essay just went to the top of mystack of how to launch. Best face validity with also the bestauthor credibility, experience, and background of anything I'vegot on how to launch.

Sounds good. Write a little more softwareand then launch, one user at a time-- people in the family, people I knew at school,neighbors on my street, the guy I buypizza from, the guy who repairs my car,etc.

Maybe I'll print up a supply of businesscards that invite people to connect to theURL and then use the e-mail address thereto give feedback!

Heck, maybe I will even be able to getsome useful feedback from some VCs!

blankenship 4 days ago 3 replies      
PGs point about a lot of startup founders having an engineering background is hugely relevant to this, beyond his assertion that customer service is not part of the training of engineers.

Systems that dont scale, or that are reliant on the grunt work of humans, are not part of the training of engineers either. For so many engineers, an unscalable, human-dependant system is a bug, not a feature.

Is it too hyperbolic to say doing things that dont scale runs counter-intuitive to an engineering mindset? (Im a left-brained, analytical, systems-minded designer, so Im definitely not trying to throw stones at my peers.)

gfodor 4 days ago 0 replies      
A great article. One major point that I think would have been worth including though is that if you are not interacting regularly with happy customers, and making unhappy customers happy, you are denying yourself probably the single most motivating factor when doing a startup. A single positive review on the App Store or through e-mail can get me through an entire day of grinding out bugs. If you don't have the humility and empathy required to genuinely enjoy providing customer service for a product you have developed, then you are probably in the wrong game.
thejteam 4 days ago 1 reply      
I was watching a presentation the other day and heard a relevant story. It was about one of the early internet companies during the first dotcom boom. It was a change of address service. You would input your information and the services you needed to cancel and/or change the address for and it would handle it for you. This was in the early days of the consumer web, so none of these companies had APIs for this company to call or even thier own web forms. This company processed its early orders using old ladies at typewriters and fax machines.

I really wish I could remember the name of the company, but theyr were acquired very quickly for a stupidly large sum of money.

PanMan 4 days ago 1 reply      
Great article. I also like Dereck Sivers post on manual work: http://sivers.org/hi doing things that don't scale
6thSigma 4 days ago 0 replies      
PG, I'm curious if you have any data among your startups that tests user recruitment methods. For instance, maybe you've seen that Reddit is great for gaining users in consumer startups but cold calling is great for B2B startups.

I think the biggest difficulty non-"famous" hackers face in user recruitment is it's hard to figure out where and how to successfully do it.

rmorrison 4 days ago 0 replies      
Instead we should try thinking of them as pairs of what you're going to build, plus the unscalable thing(s) you're going to do initially to get the company going.

This is probably the most important thing a new entrepreneur needs to realize. Envisioning a world where everybody is using your product isn't enough. You need to figure out how to get to that world from this one, and that is where many entrepreneurs don't have a strategy, and subsequently fail.

ph0rque 4 days ago 1 reply      
PG, thanks for this essay, it is such an encouragement for us, giving us a plan for how to approach our startup (http://automicrofarm.com/) growth for the next few months.
EGreg 4 days ago 1 reply      
This is great advice. But I wanted to briefly mention an alternative perspective. We did things very differently.

Now two years later we have 250,000 monthly users, and we're getting ready to roll out our technology to them in a few months.

When you are building an app for people, businesses, or whoever, you have to go where they congregate. Pick an existing social network with a messaging channel that people haven't grown apathetic to. Then you have to have an onboarding process that's simple. Then you have to develop a sales process and maybe even incentivize your existing users to sign up others. Viral coefficients decrease your user acquisition cost. And so forth.

That's why we built our framework. We spent two years solving the problem of "how do you build the next generation of successful, useful apps? And soon we will see if we were right.

I wrote this back in 2008: http://luckyapps.com/blog/?p=12

pshin45 4 days ago 2 replies      
I find it fascinating that, with YC and HN, PG has essentially created a "business school for hackers" that is free, open to anyone, and makes it faster and easier for any hacker to gain a solid understanding of business and marketing principles.

And yet on the flip side, I see no one in the MBA/business world who is effectively doing the opposite i.e. creating a forum and/or institution in the mold of YC/HN for "business guys" to develop a fundamental understanding of (and respect for) technical leadership and software engineering concepts. I wonder why... Is it because it's more difficult, or more because business people just don't care and never will?

People often say that YC changed the VC industry, but in a way I think the YC and HN models together are slowly but surely disrupting the "business education industry" as well.


nowarninglabel 4 days ago 2 replies      
It's still easy to mess up this process though, at least, that's how I feel about RepairPal. I got an e-mail from my credit union suggesting them, and it was perfect timing cause I had just bought a used car that needed some repairs. So, I signed up, put in the info, and...nothing. No response whatsoever. But then, their marketing team sent me a semi-personalized e-mail requesting feedback. Awesome, so I wrote about the service not providing me with anything, and stating that I wanted to still use the service, I just hadn't been provided any response. And...again...nothing.

Now, I'll never use RepairPal. They've wasted my time twice. So, if you're going to take the time to reach out to users manually, make sure to actually follow up on the responses you receive.

akshat 4 days ago 0 replies      
"But (like other ways of bestowing one's favors liberally) it's safe to do it so long as you're not being paid to."

We at blogVault love the above line. We often have our customers ask us for help with things completely unrelated to what we do. However, we always refuse to be paid for it. We always tell them that we are in the business of backups. Everything else we will help out but could not accept any payments for. It ensures that we don't have to commit to deadlines etc.

pixelmonkey 4 days ago 4 replies      
Loved this essay, but I'm a little confused by this footnote.

"[5] If you're building something for which you can't easily get a small set of users to observee.g. enterprise softwareand in a domain where you have no connections, you'll have to rely on cold calls and introductions. But should you even be working on such an idea?"

When pg says, "Should you even be working on such an idea?" -- is he saying that he questions any startup that is focusing on enterprise and which cannot be sold to fellow founders in a YC batch?

He once wrote "enterprise software companies sell bad software for huge amounts of money", so I suppose he doesn't love enterprise software that doesn't have a long tail customer base.

But, wouldn't this exclude a lot of interesting ideas in education, healthcare, government, finance, etc.?

larrys 4 days ago 0 replies      
"There are two reasons founders resist going out and recruiting users individually. One is a combination of shyness and laziness. They'd rather sit at home writing code than go out and talk to a bunch of strangers and probably be rejected by most of them. But for a startup to succeed, at least one founder (usually the CEO) will have to spend a lot of time on sales and marketing."

Mike Arrington, before he was of Techcrunch fame, recruited us personally for the new company he had been hired as CEO/President of, Pool.com. Lest anyone thinks he does not know how to hustle he does. He can and was very persistent and determined with anything I threw at him. That ended up being a great relationship lasting many many years after Mike left the company. I feel fairly certain that a regular biz dev guy would have given up with what I threw at Mike. You may not have heard of Pool.com but they made a ton of money and were very successful.

stephengillie 4 days ago 7 replies      
Who wants to start a user-acquisition startup?
dschiptsov 4 days ago 1 reply      
One more important thing to understand about Jobs "miracle" is that he was allowed to do what he was obsessed with. No idiotic "manager" or board member intervene with ideas of "cutting costs" on packaging or materials or any other fast-food technologies to reduce the product to the mix of cheapest and crapest ingredients imaginable. No idiots insisted that it is much more "effective" to just add a "theme" to and old code, to make it look like touch-capable (hi Symbian, WinCE) etc. No one said that re-implementing from scratch, because everything else is crap is costly and time-consuming, and so on.

There are lots of people with good taste, sense of style and quality (read Pirsig's book) and enough self-discipline to follow do what one is preaching, but it is an extreme rare situation when such people have enough influence to make things their own way.

I guess a half of YC business is about trying to spot an employ such obsessed individuals, no matter what exactly they want to accomplish. Early funding of even one of such guys worth waiting and funding hundreds of mediocre, especially if one has connections to channel or sell them off.)

Igor Sysoev was obsessed with efficiency (in that time c10k problem was actual), so src/core and src/os/unix should be taught in colleges (btw, the module system is already an over-engineered mess).

There are many other examples, but the big idea is simple - spot the right people, all that numerous micro-optimizations, while valuable, are superficial.

edanm 4 days ago 0 replies      
This is a great essay. But since it's long, I suspect some people won't get to the last few paragraphs, which are IMO the most important:

"The need to do something unscalably laborious to get started is so nearly universal that it might be a good idea to stop thinking of startup ideas as scalars. Instead we should try thinking of them as pairs of what you're going to build, plus the unscalable thing(s) you're going to do initially to get the company going."

As someone in the "Startup Scene" for many years, and especially as a Software Consultant, I've talked with hundreds of people about their startups. And this is probably the number one insight I wish more people had - startups are not just "having an idea" (what people used to think), they're also not just "idea * execution" (which is a great concept but incomplete). Rather, the fundamental building blocks of a startup is "what are you doing" and "how are you getting users". Almost everything else can be missing in the high level discussion, but not those two. It's taken me many years to understand this, and PG just put it in a very succint form.

asah 4 days ago 0 replies      
This is brilliant, easily a top-10 of PGs.

re: consulting-- one advanced technique is to put the consulting "into a box" i.e. define precisely what the consulting package is, and offer this standard service at a standard price. If investors/etc. give you flak, tell them that your customers need this anyway, and at least your getting paid for the trouble. FYI I'm doing this now: many of our customers are young companies that need advice, and instead of taking an hour+ to give it free, we take a few hours and charge them. The actual work can be delivered by a number of people, so it scales fine.

adam(6 startups, 3 IPOs - #7 takes this advice to a whole new level and we're winning big, in spite of concern from my friends in tech, who exactly fall into the trap PG is talking about)

johnrob 4 days ago 0 replies      
If you're willing to do whatever it takes, you can probably round up a group of early users (unless your idea is terrible). I think few founders really doubt their ability to do this. What the founders are really looking for is some validation that the users will eventually grow to a large number. But if the mentality is to compare your early startup with the early version of Pinterest, it will be very hard to find any evidence that yours won't find similar success. A startup is thus an inevitable leap of faith.

In a way, this essay deflates the concept of 'proof' in the lean startup mentality. There is no way to prove that an idea will be a good one (although you can probably filter out particularly bad ones).

danial 4 days ago 0 replies      
I'm sure a lot of this is not new for some of you. I'm working on a product [1] and had all sorts of assumptions that I am revisiting after reading this.

I should mention one sort of initial tactic that usually doesn't work: the Big Launch.

This set me right. I have been obsessing over the big launch. I laughed at myself after reading this.

And on a tuesday, of course, since they read somewhere that's the optimum day to launch something.

Yep, that's me. I'm anticipating ridicule from my friends.

The need to do something unscalably laborious to get started is so nearly universal that it might be a good idea to stop thinking of startup ideas as scalars. Instead we should try thinking of them as pairs of what you're going to build, plus the unscalable thing(s) you're going to do initially to get the company going.

I kept thinking that adding features was the way to keep getting more customers. My minimum viable product was a build system + share-new-version-with-beta-users. The laborious things I needed to do to acquire new customers I thought were adding new features: add a package manager, add test integration feature, add a code review tool, add iOS support, and so on. It just dawned on me that I haven't thought about the other laborious things I need to pay attention to: meet with the numerous mobile developers I know, do demos at local meetups, and constantly talk to people about my product.

[1] https://appramp.io/

alexjv89 2 days ago 0 replies      
I read this article 2 days ago in the night and that night I stayed awake all night. This is one killer article that made a lot of sense to me. As a freshly graduate engineer trying to startup, I am making the exact mistakes as mentioned in this article. I did try to automate tasks so that I can handle 1000's of users, when there is barely 2 people knocking at the door. What is even worse is that I do not even consider talking to these 2 people knocking on the door - I am an engineer, I am too busy trying to automate the process that I dont have the time to spend time with the customers, my code will. I cant believe how accurate the article is.

The reason for not talking to customers - I am hesitant - I am an engineer, I design stuff, I dont talk to people, that is not my job. I guess the problem and automate the system do that 100s of thousands of people can use it.

After reading the article, for the last 2 days I was very restless, maybe I still am. I was hesitant. But today I took the courage to take the product to the user and sat with him, showed the product and tried to solve just his problem, in a non scalable manner.

For those who might want to know exactly with respect what I am talking about. I launched a crowdfunding campaign for a hardware product - www.indiegogo.com/projects/tangle . The project is still live. The reason for doing the crowdfunding campaign was it because I was shy going around selling the product door to door. I did take feedback from friends but it I wanted to put it up on a platform and let things happen by itself. After launching the campaign, I realize how much people hustle to get the product to work on a crowdfunding campaign. Now I am taking the product offline and trying to sell it to customers directly.

This post is kickass... It just injected a lot of sense into me.

stcredzero 4 days ago 0 replies      
In other words, the only new markets that will be available will be the ones that are protected by some sort of "potential barrier." Otherwise, they would already be actively exploited.
tempestn 4 days ago 0 replies      
The point about paying extreme attention to a single user's needs reminded me very much of Stop Developing for the 90% Use Case: http://gist.io/5561992, which came up here a couple months back.

Basically it demonstrates the problem with aiming for the best ratio of user satisfaction to effort in each feature of your product. If each part of what you build covers 90% of users' needs, that sounds pretty good. But if your product has X main features, the percentage of users who will be entirely satisfied is 90%^X, which gets low very quickly.

You need to focus on servicing all of someone's needs, not most of everyone's, but consequently all of no one's.

davidw 4 days ago 1 reply      
> I have never once seen a startup lured down a blind alley by trying too hard to make their initial users happy.

Aren't lots of service companies killed this way? Bending over backward for some client? Maybe they are small companies rather than startups...

Guess I'm being picky though: pg's point is an excellent one.

soneca 4 days ago 1 reply      
I had an odd way to follow this advice. I am learning to code and in 4 months I went from no knowledge at all to learning basic CSS/Html to basic C# to basic MVC to be able to launch and start selling a useful enough SaaS to acquire a few paying customers.I am just not a good enough developer to automate everything, I can't even code properly without Visual Studio helping me.

I am not dangerous, but I now know enough to be useful. I am trying to make my customers happy. The first feature I added after launch was something my first paying customer asked.

My product helps senior citizens to control their medications (what, when and how many pills they must take, which days, and alert when they need to buy more pills). I will start to put handouts on drugstores. Better than hoping elderly internet users know their way through google ads.

I spent 3 hours watching the first prospect to ever use my product taking a look at it for the first time (that would be my father). I left with literally 50 notes of what I should do immediately and some more thoughts of future features.

I am not a hacker, but I guess this helped me thinking more about what people want, because there was not much I could do from my own ideas and knowledge.

dominik 4 days ago 1 reply      
Excellent essay. Good detail. I like the longer format.

Reminded me of, all people, Mother Teresa. She started in Calcutta in 1948. People mocked her: What difference do you think taking care of one poor person will make? But that was her focus: One person at a time. "Do small things with great love."

So too in the quite different field of technology startups.

chacham15 4 days ago 0 replies      
> And except in domains with big penalties for making mistakes, it's often better not to aim for perfection initially.

I feel like this exception is another potential pitfall because it is so easy to think e.g. "if this doesnt look polished, users will think that we arent professional" and that is a big hit.

Although that is a more clear case, there are more ambiguous ones: imagine that your startup is doing encrypted email. What level of encryption/protection do you go with at launch? Do you go with the best practices as good as the founders know of or do you get an audit from tptacek? The latter is probably wayy out of your price range as a startup, but if your security takes a hit people wont know if they can trust you with their important information. What is the right line to go with here?

gwu78 4 days ago 1 reply      
I like this essay a lot.

In the early days of Apple, the founders placed minimum orders for parts on 30-day credit, then built the computers in 10 days and sold them before the payment for the parts came due. There wasn't any sexy software at that point. Apple was a hardware startup.

Web startups are in general probably more attractive to VC, but I'm excited about hardware startups.

Patrick_Devine 4 days ago 0 replies      
Even though PG didn't say it, a lot of ideas in this essay reminded me of Eric Reis / Lean Startup thinking. Getting off your ass and giving your customers rock star treatment is essentially the same as the "Genchi Genbutsu" philosophy that ER goes on about. The idea of an initial "manual" service like which Stripe provided is the same thing as a "Concierge MVP".

I have to say, as someone who left a big Fortune 500 company (which was a start-up when I joined it) just one week ago to start my own company, it's pretty refreshing to read articles such as this one. It's completely antithetical to being stuck in a large software group where you're trying desperately to have any contact whatsoever with customers to try and figure out what they want.

EDIT: spelling

sambe 4 days ago 0 replies      
I think a key thing here is "plan to systematically do something that doesn't scale if the rewards are big enough". And the common bias is thinking that the rewards are not as big as they are. If it's in your top 3 problems and manual work is a path to scaling automatically, you should probably do it.

However, at some point short-term velocity is also contributing speed bumps that are barriers for reaching the next level. I certainly wouldn't want to be doing this ad-hoc or without consideration.

kyle_martin1 4 days ago 0 replies      
Holy shit. This is exactly what I've been doing and it's working incredibly well. For PG to confirm everything I've been doing...I'm on cloud nine.
marcamillion 4 days ago 1 reply      
Whoa....this footnote flies in the face of the 'charge early' crowd:

[8] If you have to choose between the subset that will sign up quickest and those that will pay the most, it's usually best to pick the former, because those are probably the early adopters. They'll have a better influence on your product, and they won't make you expend as much effort on sales. And though they have less money, you don't need that much to maintain your target growth rate early on.

Very interesting perspective.

jamesrcole 4 days ago 1 reply      
Good article. One small thing that wasn't clear to me is

The feedback you get from engaging directly with your earliest users will be the best you ever get. When you're so big you have to resort to focus groups, you'll wish you could go over to your users' homes and offices and watch them use your stuff like you did when there were only a handful of them.

Why can't you do that once the company gets to a certain size? I don't have any experience with these things, so it's not clear to me. Surely there must be some better alternative than focus groups.

andrewflnr 4 days ago 1 reply      
I've been thinking about this "narrow focus" idea, and I'm not sure how to or whether I should apply it to my own idea. I'm working on building a tool that's supposed to provide a free-form way to record and organize ideas. I think it could be especially useful to writers, and I use my prototype for task tracking. But if I target it to any specific group, I'm afraid it will get pigeon-holed as a "writer's tool" or "task tracking tool" or whatever, and it will be hard to generalize from there, especially once I start adding domain-specific features. How does one usually make the transition between niche and general markets?
omegant 4 days ago 0 replies      
Thank you PG!, this post it's perfectly timed for us. And I was a bit lost on how to begin looking for users. Not much better now but at least with a general direction to follow..
omegant 4 days ago 0 replies      
Thank you PG!, this post it's perfectly timed for us. I was a bit lost on how to begin looking for users. Not much better now but at least with a general direction to follow..
k-mcgrady 4 days ago 0 replies      
Took a lot from this essay. I've a pretty short attention span and usually drop out half way through essays this long but I read this to the end. As someone preparing to launch in a few weeks and trying to get some customers signed up for launch there was some great advice here on acquiring customers and treating them right. Thanks PG.
rdl 2 days ago 0 replies      
This is pg's best essay to date.
bsaul 4 days ago 0 replies      
thanks for the advice. I was thinking abiut hosting and scaling architecture before trying to sell my product, but this piece convinced me it's going to be ok if my first customers run on some dedicated server with everything on it. i'll have plenty of time to think about VMs and load balancer later.

Most useful post i've read from pg as well.

wildermuthm 3 days ago 0 replies      
Great essay. But I'm surprised PG didn't mention Pretotyping. Here's the Pretotyping PDF that hammers the point: make sure you are building the right IT before you actually build IT:


wslh 3 days ago 0 replies      
I think this is the best PG essay because it talks about the human being of flesh and bones. Probably only this subject deserves a site to fill with real stories.
laureny 4 days ago 0 replies      
It's cute that even though pg is an Internet veteran, he still doesn't understand how HTML (and the web in general) works and he hardcodes br tags in his text at 80 columns.
jayzalowitz 4 days ago 0 replies      
PG: Do you see any other things founders typically think are going to scale and don't? (not-quite-unlike conferences)
aylons 4 days ago 0 replies      
I am so glad to read something about hardware startups here. As a engaged hardware engineer who aims to build my own company soon, I miss reading more about hardware startups.

Funny thing, I read the whole OP thinking about how all these ideas would work in a hardware startup, and came to conclusions similar to his before reaching the point about it in the article.

Crowdfunding brought some fresh air to this world, but I still miss an active community as the software startup one is. Maybe I am missing something?

sinzone 4 days ago 0 replies      
PS: Brian Chesky of Airbnb came out first with advisig people in doing things that don't scale.
wodow 4 days ago 0 replies      
So the question is: what's the equivalent of an electric starter motor for businesses/startups?
tteam 4 days ago 0 replies      
We gotta say this. We have never been a fan of pg's essays.

BUT THIS ONE IS GEM. Probably the Best. Also remember, even after doing all this there is no guarantee that your startup will succeed. But this one has all the optimal paths.

brandonhsiao 4 days ago 1 reply      
It's interesting that what pg writes in this essay is implicit in the word scale. If you think about what it means to scale, it means your level of automation grows as your number of users grows. If you don't have many users, it doesn't make sense to automate too much.
spinachthrow 3 days ago 0 replies      
So the general idea is that lack of scalability within a domain is a barrier to entry? If so, then the real barrier to entry is finding the domain, not the actual schlep - big companies can schlep pretty well, right?
gadders 4 days ago 0 replies      
I realise this is sacrilege but the impression I get from a PG essay is that you could make the same points in 1/3 the length.
amac 4 days ago 0 replies      
Excellent read and dead-on. It's something I'm working on every day since launch and will be a good point of reference should I need reminding.
patkai 4 days ago 1 reply      
What does the Scotty vs. Kirk comment imply? I don't watch much TV and I'm not a native speaker so I don't get it.
al1x 4 days ago 0 replies      
Does anyone want to summarize this novel?
Quine Relay github.com
933 points by codeulike  3 days ago   176 comments top 43
danso 3 days ago 3 replies      
I know we shouldn't care about the source, crazy-insane as he obviously is, but FWIW, the author is Yusuke Endoh, one of the Ruby core members. RubySource had an interview with him here:


He lists his "hobby in programming" as: "writing a Quine and enjoying esoteric programming."

scrumper 3 days ago 6 replies      
I feel awful for pointing this out, but the author spelled Copyright incorrectly in the last line.

Fortunately, he can correct it without blowing out his Ascii art by deleting the extra space between '##' and 'Quine'.

I'd issue a pull request myself, but it'd be like me putting soy sauce on a piece of Jiro Ono's sushi. I am completely unworthy.

epidemian 3 days ago 1 reply      
Fascinating. Even the README generator is on another level of meta: https://github.com/mame/quine-relay/blob/master/src/README.m...
RyanZAG 3 days ago 6 replies      
That is both the most incredible thing I've ever seen, yet also by far the saddest thing I've ever seen. Props to the author for taking dedication to a whole new level.

Link to a description of what this actually is: https://github.com/mame/quine-relay

Rabidgremlin 3 days ago 1 reply      
If anyone wants to give this a go. I have created a Vagrant config which installs the OS, tools and runs the chain of programs. You can find it here: https://github.com/rabidgremlin/vagrant-quine-relay
jcromartie 3 days ago 3 replies      
The code that generates the quine is included. There's still lots of super impressive stuff here, but don't be intimidated thinking he wrote that monster by hand!


scott_karana 3 days ago 1 reply      

Same fellow who did the "rotating globe" quine a few years back:


mncaudill 3 days ago 0 replies      
I wrote a post about how to do these multi-lingual quines a while back: https://nolancaudill.com/2011/01/01/how-to-build-a-quine/
barbs 3 days ago 1 reply      
Wow, even the source code of the original file is arranged to look like the Star of David surrounded by the dragon-eel thing, Obfuscated-C-contest style:


vedant 3 days ago 0 replies      
I successfully compiled every intermediary, and posted all of the code in a gzipped tarball here: http://goo.gl/EBZFV.

I started a tiny stub post here, where I'd like to dig into the code over the next couple of days:http://vedantmisra.com/2013/07/yusuke-endohs-amazing-quine-r...

I also made an EC2 AMI, ID ami-744b351d, for anyone who would like to try this themselves.

quchen 3 days ago 7 replies      
In case someone is able to run this beast, I'd appreciate an upload of the intermediate source files.
codeulike 3 days ago 0 replies      
NB: I originally posted this with the link pointing to the QR.rb file, which is the main code file and also a piece of Ascii art. Looks like the mods switched the link back to the main project to provide more context. But to have people looking at QR.rb first and then reading about what it does afterwards was the idea. Amazing piece of work by @hirekoke.


NanoWar 3 days ago 0 replies      
The miracle happens here: https://github.com/mame/quine-relay/blob/master/src/code-gen...

Also the SVG to ASCII mapping is cool!

_pmf_ 3 days ago 0 replies      
Day 5462 on the internet.

Today, I have seen true madness.

tome 3 days ago 5 replies      
Why's there a Star of David in the middle?
duggieawesome 3 days ago 0 replies      
Yeah this is crazy. Just a taste, this is "Hello, world!" in Intercal.


jetru 3 days ago 1 reply      
My thoughts went from "This is amazing" to "But he must have taken a lot of time and brainpower to do this" to "This is useless really" to "So what? If I wanted to do that I would take a year perhaps if I ever could" to "This is amazing"
avivo 3 days ago 0 replies      
This should be in MOMA.
minikomi 2 days ago 0 replies      
I love his sense of humor too: https://github.com/mame/quine-relay/issues/10
dpayne 3 days ago 0 replies      
Here's another one of his projects where you can write ruby script using just underscores. https://github.com/mame/_
zw123456 3 days ago 1 reply      
This reminds me very much of the various types of mathematical exercises that seem to be very esoteric and academic but turned out to be very useful in some solution in physics (eg. lorentz contractions). I would not be surprised if some insight indirectly comes from this insanely amazing exercise.
sold 3 days ago 0 replies      
See also http://blog.sigfpe.com/2011/01/quine-central.html

That post discusses six languages but others can be easily added.

zerr 3 days ago 0 replies      
This is cool of course, but we are even more interested in knowing the mechanics and how it is done.

This is relevant to any similar cool thing what gets submitted on HN.

"what" is interesting, "how" is much more interesting.

zabcik 3 days ago 0 replies      
The best part is that the cycle is in alphabetical order.
isomorph 2 days ago 0 replies      
terabytest 3 days ago 4 replies      
Anyone care to explain how this actually works?
martin_ 3 days ago 0 replies      
The arrangement of the languages is alphabetical, did this complicate things at all? Would it have been simpler in a different order (though less elegant)?
tomasien 3 days ago 0 replies      
This is amazing. Think the concept can be taken to another level in some way? Begin a universal translator of some small level?
k-mcgrady 3 days ago 1 reply      
This is really cool. Considering installing Ubuntu to give it a try (don't think I could be bothered trying to get all those packages manually).
inaudible 3 days ago 0 replies      
Awe inspiring stuff! But as a Ruby illiterate, I am left wondering what it is about the Ruby language that draws in such a level of creative / abstract / esoteric genius to use it as a starting point. Is there something about Ruby in particular, or is just a case of an individual obsessing over a craft?
cbrauchli 2 days ago 0 replies      
He should add Subleq or some other OISC!http://en.wikipedia.org/wiki/One_instruction_set_computer
EGreg 2 days ago 0 replies      
Well, someone clearly paid attention in Programming Languages class :)
memming 3 days ago 0 replies      
Oh. My. God.
codereflection 3 days ago 0 replies      
If someone tries this, please post a video from start to finish. This is incredible.
joeblau 3 days ago 0 replies      
Holy crap. Codeception, now I can write in one language and run in every language :)
arde 3 days ago 0 replies      
What, no Erlang? Sheesh!Amazing work.
mrwnmonm 3 days ago 1 reply      
why did you choose that order, is there a reason for it?
JimmaDaRustla 3 days ago 0 replies      
If you could go ahead and explain WHY...that'd be grreeeaaaat!
celwell 3 days ago 0 replies      
I now know what a quine is. And learned of about 15 new programming languages.
karangoeluw 3 days ago 1 reply      
How does one debug code like this?
soheil 3 days ago 0 replies      
e3pi 2 days ago 0 replies      
Molecular biology?

If computer languages were evolving organisms, may this be a metaphor how genetic/chromosome encoding reshuffles itself, and this approximates some common minimalist packaging of the DNA among all these fifty(++?) programming languages? Can we consider this Quine Relay as a `prequel' ancestral "Hello Dad" gene, and also, how its wonderful aesthetic creativity, familiar layperson recognizable and understandable information and charming symbols at myriad representation levels, is enhancing its survival as a persistent executable(living?) `gene-meme'? Eg, is anyone else posting some of this on Facebook?

e3pi 3 days ago 0 replies      
Remember those delightful self-referential Scott Kim creations in Godel Escher Bach? Here, made alive, and becomes most everything in the known coder's world. A super-chameleon quine mime.
The Drone that Killed my Grandson nytimes.com
674 points by dr_  1 day ago   347 comments top 40
downandout 1 day ago 14 replies      
The American citizenry tends to be OK with this kind of thing as long as it happens far away from us. But imagine the reaction if the cafe where this occurred were in the US, and the drone was controlled by a foreign government. That singular event would ignite a US invasion or possibly nuclear assault against the country responsible.

People in other countries are also people. They have the same reactions and emotions that we would when a foreign entity blows up their businesses, families, and friends. We have so far been lucky that none of our victims have had the military power and political will to retaliate in the vicious and violent manner that we would. That will not always be the case, and I do not look forward to the day when our own brutality is visited upon us.

flexie 1 day ago 6 replies      
The sad and dangerous thing that has happened is that a new category of criminals has been made: Terrorists. Once someone is put in that category all his rights cease to exist. It's sort of like the outlaws of medieval Europe.

The only right thing to do is to start treating terrorist suspects exactly like those suspected of any other crimes, be it murder, theft, rape etc.

vacri 1 day ago 4 replies      
It should be noted that some people believe that governments should also be held accountable for killing innocents that are foreign citizens. I realise that "but he was a citizen" holds some cachet with the American national story, but really it shouldn't. An innocent is an innocent, and the concept of 'collateral damage' has no place outside total war.
neya 1 day ago 1 reply      
My first reaction was "What the fuck?" (Sorry for the profanity)

Imagine an alternative scenario wherein the grandfather had created his own drone that killed some random government agency dude (by mistake). He'd been labelled a terrorist. But, now the government officials that killed his grandson aren't terrorists because they work for the government.

What a skewed definition we (and the media) have set for terrorism! Sigh!!

runn1ng 1 day ago 3 replies      
An important note (that doesn't justify US government in any way, just completes the picture)

The father of the boy was Anwar al-Awlakihttps://en.wikipedia.org/wiki/Anwar_al-Awlakifrom wikipedia:U.S. government officials said that he was a senior talent recruiter and motivator who was involved in planning terrorist operations for the Islamist militant group al-Qaeda.

With a blog, a Facebook page, the al-Qaeda magazine Inspire, and many YouTube videos, the Saudi news station Al Arabiya described him as the "bin Laden of the Internet."

U.S. officials say that as imam at a mosque in Falls Church, Virginia (200102), which had 3,000 members, al-Awlaki spoke with and preached to three of the 9/11 hijackers, who were al-Qaeda members. In 2001, he presided at the funeral of the father of Nidal Malik Hasan, an Army psychiatrist who later e-mailed him extensively in 200809 before the Fort Hood shootings. During Al-Awlaki's later radical period after 200607, when he went into hiding, he was associated with Umar Farouk Abdulmutallab, the Nigerian who attempted the 2009 Christmas Day bombing of an American airliner. Al-Awlaki was allegedly involved in planning the latter's attack.

According to the original article though:

The government repeatedly made accusations of terrorism against Anwar who was also an American citizen but never charged him with a crime. No court ever reviewed the governments claims nor was any evidence of criminal wrongdoing ever presented to a court. He did not deserve to be deprived of his constitutional rights as an American citizen and killed.

cinquemb 1 day ago 2 replies      
This is what amazes me about our country:

We can get riled up over being told by mainstream media that we are being watched despite whistle blowers telling us so for years, incited by the same media to riot over an incident that happens every day untelevised, and not bat an eyelash when our own citizens are assassinated for the world to see by our government.

"Today, nobody cares but tomorrow, they will"

NoPiece 1 day ago 4 replies      
This is the wiki page for Anwar al-Awlaki, the son of the author who was the target of the drone strikes. It is worth reading for some context on the family.


joering2 1 day ago 0 replies      
Personal POV: if we have Democracy in US and its fine to drone other countries' people in the name of fight with terrorism, then I am looking forward to the day of Iraq being a full blown Democracy, which is the day that the former President George W. Bush (as seen by many Iraqs as a hard-core terrorist) will be droned down on US soil for a war crimes he committed in Iraq.
girvo 1 day ago 1 reply      
I do not understand how these extra-judicial killings cannot be challenged in a US court of law, in a democratic republic like the USA that attempts to "promote" "democracy" around the world.

Checks and balances... and yet, in this case, there aren't any. How the hell is that supposed to work, and what can be done about it? That's not rhetorical, what can a US citizen do about this?

victorhooi 1 day ago 2 replies      
Ok, I love how this page seems to have been swarmed with DOWN WITH THE US IMPERIALISTS, and AMERICA == TYRANNY style comments.

The parent article is incredibly slanted - the author ever so conveniently forgets to mention that his son was a senior Al-Qaeda recruiter, who was "advisor" to the 9/11 bombers, the Fort Hood shooter, the underwear bomber and a whole host of others.

Even his own Yemeni government tried him in absentia, and ordered him captured "Dead or Alive".

You can argue that the death penalty is wrong, and he should have faced a US court (although I somehow down he or say Osama Bin Laden was likely to actually show up in a US court, even if given half the chance).

However, please don't be another ignorant reader who doesn't know where Yemen is, or any of the context here.

semiprivate 1 day ago 0 replies      
How are we still allowed to be a member of the UN? If these aren't war crimes then they're surely still crimes, just you know, not-war crimes.

What boggles my mind is how these countries allow the US to run drone strikes on their citizens. I mean, Yemen has a government and they're like, "Yeah sure, target and kill innocent people and blow cafes and shit up in our country. Cos you know, terrorism and all that."

jurassic 1 day ago 0 replies      
The author's son, Anwar al-Alwaki, on why the world hates the US: http://www.youtube.com/watch?v=e-jf462h_Is
grey-area 1 day ago 0 replies      
This raises some questions which I think it's important to answer if you support this sort of drone strike, or even if you are just sympathetic to the concept of targeted assassination of suspects.

Is it legal to kill people on secret suspicion, rather than after conviction in a public court of law?

Is it legal to kill families and associates as well as the suspects themselves?

If this is legal for the US in Yemen, why is it not legal on US soil?

Is it legal and permissible for other nations to drone people in the US?

omarali 1 day ago 0 replies      
"Our position needs to be reiterated, and needs to be very clear. The fact that the U.S. has administered the death and homicide of over 1 million civilians in Iraq; the fact that the U.S. is supporting the deaths and killing of thousands of Palestinians, does not justify the killing of 1 U.S. civilian in New York City or Washington D.C. And the deaths of 6,000 civilians in New York and Washington D.C. does not justify the death of 1 civilian in Afghanistan." ~ Anwar Al-awlaki; October 2001


Roboprog 1 day ago 0 replies      


...For depriving us in many cases, of the benefits of Trial by Jury:For transporting us beyond Seas to be tried for pretended offencesFor abolishing the free System of English Laws in a neighbouring Province, establishing therein an Arbitrary government, and enlarging its Boundaries so as to render it at once an example and fit instrument for introducing the same absolute rule into these Colonies:...

I suppose this is next:

...He has kept among us, in times of peace, Standing Armies without the Consent of our legislatures.He has affected to render the Military independent of and superior to the Civil power.He has combined with others to subject us to a jurisdiction foreign to our constitution, and unacknowledged by our laws; giving his Assent to their Acts of pretended Legislation:For Quartering large bodies of armed troops among us:For protecting them, by a mock Trial, from punishment for any Murders which they should commit on the Inhabitants of these States:...

I don't know whose name to throw on this, though. King George, King Barack, ??? I suppose we need some kind of voting system overhaul (runoff, proportional, ???) to end the rule of the corporate sponsored 2 parties.

alan_cx 1 day ago 0 replies      
Truth justice and the American way: Judge and jury for Americans, cowardly drone strike murder for sub-humans.
Qantourisc 1 day ago 1 reply      
Isn't this a war crime because they are not at war with ?Telling you the rest of the world hates America land is the enslaved.

Ps.: I tend to avoid products made in any crappy country, this includes the US.

TallGuyShort 1 day ago 0 replies      
Part of the related legal battle happens tomorrow:

"Oral argument on Defendants Motion to Dismiss will be heard by Judge Rosemary M. Collyer of the United States District Court for the District of Columbia on July 19, 2013, at 10:00 am. "

Source: http://www.ccrjustice.org/targetedkillings

faceplanter 1 day ago 0 replies      
The first comment (as of right now) makes me sick to my stomach:

"Why are we providing a platform for families of terrorists to advocate against American national interests? They should have considered the consequences of targeting the United States and its citizens with violence before they walked down that path.

Our intelligence services and armed forces have done a commendable job keeping Americans safe. I thank them for their service, and for keeping my family safe.

I have no time or desire to listen to this sorry speech about human and civil rights from someone who did not stop his son from advocating violence."

InclinedPlane 1 day ago 0 replies      
ChikkaChiChi 23 hours ago 0 replies      
I guess I fail to see the point why a Drone is somehow less appropriate than killing with a rifle or dropping a bomb from a manned cockpit? Is there anyone in the world that actually thinks one is somehow worse than the other?

"To my mind, to kill in war is not a whit better than to commit ordinary murder." - Albert Einstein

Agreed, Albert. Drones included.

Buzaga 1 day ago 0 replies      
So, with the kill lists, it's 'one hop' that's 'allowed'...
Fuxy 22 hours ago 0 replies      
Drones will get cheaper to manufacture and then America will have a problem again. As they had with the nuclear arms race.

They could send drones to a foreign country but that would just make that country send their drones to America.

Until that happens America has got the upper hand but boy will any one appreciate the irony when Americans get killed by foreign drones.

Don't make everybody out to look like a terrorist and expect them to not get pissed off and become what you made them look like.

Hell this guy might not have been a terrorist before but now that he lost his entire family terrorism might not sound that bad.

I'm waiting for the day they mess with the wrong family.

gadders 1 day ago 2 replies      
Very sad that people die, but the father has blood on his hands and was a justified target. I also doubt that the son was just hanging out with his mates playing Chess. He was probably with his Dad's lieutenants.
tome 1 day ago 0 replies      
I don't get it. Isn't Yemen friendly to the US? That's why they allow these drone strikes, right? So why not just go and arrest the guy?
j2d3 1 day ago 0 replies      
I have no words. There is just nothing
username42 1 day ago 0 replies      
If we surrender all our civilization progress just because of a "war against terrorism", then the terrorism has won and we are not better than our opponents.
twoodfin 1 day ago 0 replies      
Who would have guessed that this submission's comments would be dominated by 9/11 truthers? Fascinating.

Keep these great posts coming!

wehadfun 23 hours ago 0 replies      
This is terrible but honestly the majority of Americans will not know much less care that this happened. Most could not even name their mayor. If you asked most American's what Yemen was they would probably think it was some sort of fish or something.

We need a leader. Like a MLK that can rally us to fight for stuff like this. Though I appreciate all the efforts that Al Sharpton, Jesse Jackson, and the rest of the black leaders do. If stuff like this continue we will all have bigger problems then overzealous neighborhood wanabe cops

jheriko 1 day ago 0 replies      
its a shame there is not such outcry about the many pakistani and other nationality civilians who have been and continue to be killed regularly by drone attacks... they far outnumber all of the american military personnel who have died in service over the last 10 years, except we have indiscriminate proportions of women and children and not people who chose to become tools of perhaps the most evil regime in the world today (at least when viewed from the outside objectively) :/

can we start trying us government officials as war criminals as if they came from any other country on the planet please?

ttt_ 1 day ago 0 replies      
Colateral damage aside, doesn't bombing rescuers and funerals classify as terrorism?


kumarski 1 day ago 0 replies      
One of my questions is, what can I do?

Which politicians have power/control over this situation and who are their funding sources?

Which of these funding sources can be pressured based on SEO/growth hacking/bad press?

rfctr 1 day ago 0 replies      
Suppose the US government is right, and it is totally OK to indiscriminately kill a bunch of bystanders and innocents to get to a single target who allegedly is an enemy.

Isn't it OK then to selectively, cleanly, kill one alleged enemy with Polonium tea?

Why these two cases get so different coverage?

dil8 1 day ago 0 replies      
An absolute disgrace that a so called democracy can have a list of people its going to kill...
rooob 1 day ago 0 replies      
Anwar al-Awlaki was a bad man, who lured a lot of young men to their deaths by his toxic propaganda. He exchanged emails with the Fort Hood shooter, the Christmas Day bomber, the Times Square Bomber, and who knows how many others. Wikipedia has a long, long list. I feel bad for his son, but not as bad I feel for his victims.

I notice one thing that is missing in Anwar's father's article is any sense of remorse-- any sense that Anwar's actions were wrong.

Bad things happen during war. Sometimes people are killed who shouldn't be. But when the instigators of said conflict refuse to take responsibility, I have no sympathy. Save your tears for someone who deserves them-- like the women who are killed in "honor killings" by assholes like this, the countries that are third world shitholes because of theocracies, or maybe the prostitutes Anwar apparently favored. But not for people who start a war, and then whine about the casualties to their side.

kkouddous 1 day ago 0 replies      
For a deep dive into this watch/read http://dirtywars.org.
salaami 1 day ago 0 replies      
are we the new, improved version of hitler's nazis? or is it the corporate greed looking to maintain the military-industrial complex that is looking for targets?
snambi 23 hours ago 0 replies      
whats the point of killing random people?
decryptthis_NSA 1 day ago 0 replies      
The government repeatedly made accusations of terrorism against Anwar who was also an American citizen but never charged him with a crime. No court ever reviewed the governments claims nor was any evidence of criminal wrongdoing ever presented to a court. He did not deserve to be deprived of his constitutional rights as an American citizen and killed.

Surprised he wasn't charged, just as a formality. At least then they would have said he "refused to answer to an arrest warrant...blah blah...plan to kill Americans." Unless the matrix is playing tricks on me, he did admit to https://en.wikipedia.org/wiki/Anwar_al-Awlaki a lot of stuff that we call terrorism. Generally speaking, if you refuse to surrender, they can't take you in and are plotting to kill someone, the police can kill you.

But to throw a freaking bomb from 10000 feet in a cafe just to kill a person...that's a huge no-no. It just doesn't win you any friends. If it was his car, I could see it, traveling with dangerous people, is dangerous.

badmadrad 1 day ago 2 replies      
I'm sorry but I find it hard to empathize with a man who himself and his son Anwar have taken so much from this country in terms of education and opportunity and returned nothing but religious vitriol, anti-american rhetoric, and bloodshed.
I understood gender discrimination once I added Mr. to my resume qz.com
626 points by Lisa2000  6 days ago   375 comments top 27
crazygringo 6 days ago 14 replies      
That's really, really sad.

And the worst part is, it's surely conscious on nobody's part. There have even been studies showing this effect.

What's even sadder is that there's no obvious or easy way to fix it.

cupcake-unicorn 6 days ago 5 replies      
I get this so much, although I've had the opposite experience, where when people notice that I'm female, certain companies get excited for the chance to have a "token woman" on their team. Isn't necessarily a bad thing. Anyway, it made me think of all the LinkedIn spam I get addressing me as sir, Mr., "we're looking for some cool dudes like yourself", etc.

Sadly it's not just the gender thing that's going on here as well, I'm thinking of some study they did where they attached photos with the resumes - the "attractive" people (both men and women) were rated as better skilled than the "normal" and "ugly" people that had the same resume. Although, I think that if I took some fancy photos of myself and primped myself up, I don't think it would do me any favors and I'd get some unwanted attention!

My name isn't even gender neutral, very feminine...I think I once was on some board online using my real name and people were still assuming I was a guy. When I asked how they could possibly think it was a male name, they replied, "I dunno, I was thinking it was like one of those fancy Italian names, like Fabio or whatever..Fabia..yeah, same thing...they always sound like girls names."

I've now started picking the most ridiculously cutsie usernames possible, like this one, to keep people guessing. Sometimes it backfires still and people just get homophobic, but I generally stick with it anyway for fun :)

robot_friend 6 days ago 4 replies      
I am female with a hybrid background in UI design and front-end dev. A while back I created a fake linkedin profile identical to mine except with a male name. Even though it has no profile picture and no contacts, the fake profile gets more recruiter messages than I do, and for more technical positions (I get ones for design, he gets ones for engineering).
Peroni 6 days ago 3 replies      
The fact that this post is getting so much attention is baffling me. There is literally nothing in this story to indicate that the name made any difference.

It's blatant confirmation bias. Nothing more.

Allow me to state, once again, there is absolutely no denying that sexism exists and that it's an issue that needs to (and eventually will) change however this article adds absolutely nothing new to the debate.

johnvschmitt 6 days ago 1 reply      
As a father, when I had my first kid, & read a few "Parents" magazines, I was so disheartened to see 99% of the references in articles referring to the parent as the "mom" or "She/her". I said, "WTF! Are fathers not parents!?"

Then, it hit me. As a male engineer, manager, etc... I just got a very small taste of the less than subtle gender biases that exist all around us. That made me appreciate my wife more (who is also an engineer), and all the others who put up with that crap even in this modern day.

This is the only forum I've complained about "Parent's Magazine"'s female gender bias. And, I only do so within a context that shows it's just a lesson in empathy for a much more severe bias in the other direction.

throwaway420 6 days ago 1 reply      
Interesting, enlightening, and thought-provoking article.

To me, another interesting experiment would be changing the first name of the resume to something that's nearly unambiguously male, say instead of Kim O'Grady to just Robert O'Grady, and seeing if that has the same effect.

Another interesting experiment would be adding "Mrs." in front of the name Kim and seeing if that has the same effect.

Personally speaking, I believe that technical people are sick and tired of the sausage fests at most technical companies and all other things being equal would go out of their way to hire more women.

JimmaDaRustla 6 days ago 0 replies      
Not to negate the point, but I witnessed some MALE gender discrimination when applying to a local IBM office for a college co-op.

Ratio of females to males is low in computer programming courses, but 100% of females were interviewed for an IBM position, and 0% of males were interviewed (approx. 6 females and 16 males). This happened twice in back-to-back years.

It seems the whole gender discrimination has taken a swing in the opposite direction for this small office - work hard to find female workers over male workers. But I haven't figured if they are doing this because they care about female workers, or they want to boost their public image? Are they giving females a chance to prove themselves to work for IBM, or are they just filling the most menial jobs with females to balance out their gender ratio?

This doesn't seem like the "give the job to the person best fit for it" mentality, but maybe to them the "first glance" isn't enough to make that decision. Plus, this was just a co-op, almost anyone in the class could perform the position. I decided to view IBM's actions as a form of tactic to develop female presence in IT industry rather than gender discrimination.

simonbarker87 6 days ago 3 replies      
We've been interviewing for our first 2 roles recently and I have to say that male or female doesn't bother me either way - we've interviewed in equal quantities and, while we're yet to fill the positions, I genuinely am not bothered if the successful person is male or female.

Reasons for this could be:1. I'm 25 so I wonder if I haven't experienced enough to bias me one way or another (what that experience would be I've no idea)? (don't claim I'm being ageist, I'm not it's just one possibility)2. My fianc is an excellent engineer so I might have had the male dominated field bias squashed by that.

king_jester 6 days ago 2 replies      
Interesting article. I wouldn't necessarily say you can understand gender discrimination just because you were affected by it as a side affect. It is true the author became aware or more aware of gender discrimination because of his name, but he still doesn't have the experience of living in a society where gender discrimination is a daily occurrence.

That said, gender bias a real thing in hiring and faculty practices in the US.


http://www.upenn.edu/provost/images/uploads/Gender.Racial_.B... pdf warning)

nashequilibrium 6 days ago 0 replies      
Okay HN, I knew this sounded familiar and then i remembered a similar story which was flagged and kicked off the front page. http://www.techyville.com/2012/11/news/unemployed-black-woma...

Could someone explain why one was flagged and the other not? I am honestly just curious.

ds9 6 days ago 2 replies      
I was very surprised to see the admission of his giving family information. Employers are prohibited from asking such questions here in the US, and I've always thought it improper to put it on a resume. It either invites unfavorable discrimination or comes across as a ploy for sympathy or favoritism.

It may have been a lesser factor in this case, but I would guess hardly anyone does this today, and I had thought it was no longer considered OK even before the 90s.

lsiebert 6 days ago 1 reply      
If your company is discriminating, it's not getting the best applicant for the job, it's getting the best young male for the job. That is missing out on at least 60% of applicants. That should be all the reason any intelligent person needs to be concerned about these factors. It is hard to hire good people. Also the pool of individuals discriminated against by other employers is perhaps more likely to contain qualified people who have not been hired.
jessriedel 6 days ago 1 reply      
There is much better data out there concerning the effect of gender (and race) on CVs. That would be much more useful than this guy's anecdotal experience.
redwood 6 days ago 0 replies      
Interestingly, it's not just a case of gender: Rather the uncertainty and its associated cognitive dissonance, leaves a negative feeling in the mind of a reader.

There are many other kinds of uncertainty present in a resume; and its always a risky factor because folks like to understand context.

Have an ethnic name? Assume people might think you're an immigrant. If you don't want them to assume that: emphasize where you're from, etc. This is good personal branding. Is it unfortunate that you might feel a liability here? yes

For example, in my office when someone doesn't show their picture in our email system: I feel negative about them. When they don't show a picture and have a name that makes it difficult to know how to refer to them, I'm doubly-frustrated.

Much of this frustration is subconscious but people need to be congnicent of how they come across to others in many contexts.

here I choose to be 100% identity neutral, because I can be. But in work this is a big mistake, because formal expectations are applied in correspondence and you need to feel you're meeting those expectations with a job applicant.

If you're in this position, you've done yourself a disservice: "Dear Sir or Madam, We are sorry to inform you that we cannot offer you a position"

Is this a problem with our society? yes.

eikenberry 6 days ago 1 reply      
Not to argue that gender bias doesn't exist. But this is not a good study case as he tainted his resume pretty badly from the start. Not being currently employed is a red flag to a lot of employers and gets you immediately discarded. And putting personal information, even if seemingly innocent, triggers the lawsuit avoidance mechanism at a lot of places and immediately gets you discarded.
crazysaem 6 days ago 2 replies      
I am graduating in a few month and also applied for some jobs in the USA (I'm from germany). I found it somewhat intresting that every employer I sent my resume to was asking what gender and race(!) I was before I could submit. You could also choose the option not to give an answer, but I have never seen that in germany.

On the other hand some people on HN find it odd to have a picture of you on your CV - which is the norm here.

rachelbythebay 6 days ago 1 reply      
I really want to read this, but the site goes completely bonkers on iOS. I can see some content but it's wedged behind this top banner. They don't really expect people to read through a tiny gap in their images, do they?
eldude 6 days ago 0 replies      
Since this is entirely devoid of any discernible facts, it's a little disturbing that this has made it to the front page of HN. When did random assertions become unquestioned truth?

This feels a lot like a sensationalized modern day witch hunt, "Burn the misoginists! Burn the sexists!"

Also, for whatever it's worth, never have I heard "Kim" considered anything but a woman's name.

betterunix 6 days ago 1 reply      
Maybe it had to do with the resume appearing more formal. Try another version with "Ms." and another with "Mrs." to really make this something we can draw conclusions from.
cm2012 6 days ago 0 replies      
I kind of doubt that this is true. Wouldn't the managers see that she was a female in the interview, and ask why she misrepresented herself or take that opportunity to not hire her?
lucb1e 6 days ago 0 replies      
Oh my god. I'd seriously write fuck you letters in 72pt bold comic sans ms to all other companies, explaining what dicks they were. Seriously, 4 months of nothing (must have been lots of applications), and then the word "Mr" changes it all? Incredible.
nkorth 6 days ago 0 replies      
I would love to read this article, but quartz.com is horribly broken in Opera Mobile on my phone...

I'll just wait and read it on my laptop, but this does look like a sign of Webkit bringing back the days of sites "best viewed in Internet Explorer 6".

thehme 6 days ago 1 reply      
This is so sad...wow! I cannot imagine what goes through people's heads when they see a very qualifies individual and then they decide it's a woman and skip even considering her.
niccl 6 days ago 0 replies      
This is scary. I go out of my way to remove gender hints from my CV. In particular I use a shortened version of my first name which is slightly more commonly associated with women. And I have had problems finding work recently. Now, do I change things because I need work? I could even pretend it was a bit of research to give a second data point to this story.
Dirlewanger 6 days ago 1 reply      
This was the late 90s. A lot has changed since then. Yeah, there's still problems with male-dominated industries but it's gotten a lot better. Nowadays it's more about getting women even interested in the fields.
typon 6 days ago 2 replies      
Is it weird that this article doesn't have many comments?
Human-Powered Helicopter Wins the $250,000 Sikorsky Prize popularmechanics.com
585 points by comatose_kid  7 days ago   95 comments top 16
iandanforth 7 days ago 2 replies      
For much more detail on the design I recommend the Draft FAI World Record Claim they are submitting. (https://dl.dropboxusercontent.com/u/5093348/Draft%20Atlas%20...)

Interesting tidbit:

"The pedaling of the pilot pulls on and reels in four Vectran cords, which are pre-spooled onto each of the four rotor hubs. The action of unspooling the cord and pulling on the rotor hub drives each rotor to overcome the drag force."

ChuckMcM 7 days ago 4 replies      
The shape of things to come I suspect. While folks talk about blimps and what not there is value to having "permanent" points of presence in the air above, be it a communications node, surveillance node, or early warning theatre defence. 'Human powered' is a good predictor of 'solar powered' since the total energy extractable from humans per pound payload is lower than solar. Thus if you're doing the calculus for keeping something up 24x7, this is a good indication you are close.
msandford 7 days ago 4 replies      
It was only a matter of time until the materials got good enough for this to happen.

I'm always surprised that these teams never seemed to try and recruit pro athletes for this kind of thing. I've got a friend who's a professional cyclist and his 30 second power rating is something like 1100 watts and I'm sure at a minute it's only degraded by 50-100 watts.

rdl 7 days ago 2 replies      
Is there a good overview of materials improvements over, say, the past 150 years? It seems like one of the areas, along with IT and biotech, which has had huge gains even in the past 20 years, contrary to the "end of innovation" thesis of Thiel et al. You can get carbon fiber in everything now, ceramics are more used in things other than pottery, and companies like Crucible made a lot of awesome steels (including...cast stainless steels!) from the 1970s to now. Sure, the properties don't get 10x better, but a 1% improvement in strength-at-2000C for the blades makes a jet turbine a lot more efficient.
makmanalp 7 days ago 0 replies      
Wow, I love that the blades seem to be spinning so slow, yet it all works.

Exciting times to be a human.

incision 7 days ago 0 replies      
Interesting that Aerovelo won this. As I recall, they were the only contender not using electronic assists which were set to become invalid this month:

'With the pilot using both hands and feet to power the aircraft, UMD faced a challenge developing a control system for the Gamera II. But an attempt to clarify the rule prohibiting energy-storage devices inadvertently opened the door to electronic controls being used on both the Gamera II and Upturn II.

AHS has closed the loophole, but both teams have until July to attempt winning the prize under previous rules.[0]

0: http://www.aviationweek.com/Article/PrintArticle.aspx?id=/ar...

michael_miller 7 days ago 5 replies      
To me, this is really cool, since presumably it means the materials have gotten light enough for an electric helicopter to become a reality (beyond the crappy Firefly project). Imagine what it would be like if you could commute from the suburbs of NY to the downtown heliport without paying for fuel or expensive maintenance. It could transform the way people commute to work, eliminating traffic and the effect of accidents.
WestCoastJustin 7 days ago 0 replies      
Here is the official release [1], their homepage also have a great video of what looks like the successful run [2].

As one of the people that donated to the Kickstarter this make me very happy!

[1] http://www.aerovelo.com/2013/07/11/aerovelo-officially-award...

[2] http://www.aerovelo.com/

thetwiceler 7 days ago 0 replies      
This is really cool!

On a similar note, for those of you who may not be aware, there has also been a human-powered airplane: http://en.wikipedia.org/wiki/Gossamer_Albatross

I am totally amazed by the Gossamer Albatross. It was made in 1979. And here's the most awesome part - a cyclist flew it across the English Channel!

peteretep 7 days ago 2 replies      
I wonder if this will be like the four minute mile ... now it's been achieved a little, people will smash it, and my helicopter is on its way soon...
jtchang 7 days ago 2 replies      
Nothing short of astounding. Some people didn't think it could be done. And now we have something that truly proves it.

What's next? Lighter materials? I'd love to play around with something like this and not have to be a world class cyclist.

psb 7 days ago 2 replies      
Is cycling the most efficient way to extract power from human muscles? I would guess something like deadlift/rowing motion to be better
methehack 7 days ago 0 replies      
Awesome! It's inspirational to see people attempt something they're not sure they can do, work hard for a good while, and finally do it. Just what I needed to start the afternoon!
farinasa 6 days ago 0 replies      
This doesn't actually seem to be a helicopter. It looks like a multicopter. There is a significant function and theoretical difference.
oh_teh_meows 7 days ago 2 replies      
It is possible, perhaps through a clever arrangement of gears and what not, to create a human powered copter that can create sufficient lift with just one rotor?
sadfaceunread 7 days ago 0 replies      
Pretty cool result. I'd wonder what the performance would be with ~150 lb of batteries, motors and electronic sensors/controllers instead of a human. I wonder if given the same mechanics of this system a human is the optimal motor just because of the built-in automation and control system (probably not).
Feds, We Need Some Time Apart defcon.org
563 points by rosser  8 days ago   250 comments top 30
david_shaw 8 days ago 15 replies      
This is going to be my tenth (?!) year at DEF CON.

The culture of DEF CON, and especially its evolution, is a very interesting one. When I first attended DEF CON, it was a bunch of seemingly scary hackers. Fortunately, it turns out most of them were amazing people.

As the conference grew (and changed venues several times), the culture began to evolve. The barrier to entry--in terms of being "accepted" into the subculture--lowered significantly. DEF CON stopped being a scary place, with goons that would "de-tech" you and throw you in the pool, and more of a mainstream event. For the most part, I'm completely supportive of where DEF CON's going. I'm definitely supportive of air conditioning in the venue, instead of standing outside in the sweltering Las Vegas summertime heat.

That said, though, it's not really a "hacker conference" anymore. Not more than its sister conference, Black Hat, or something like RSA, anyway.

DEF CON used to be about hacking. Not in the HN sense, but in the "illegal entry into networks" definition. Now, it's less about hacking and more about the actual information security industry; this is probably related to the fact that everyone I knew at the first DEF CON I attended (myself included) currently works in the infosec industry.

With growth, exposure, and the inclusion of white hats, DEF CON naturally became a recruiting ground for federal agencies, including law enforcement, the military, intelligence, etc. The 'spot the fed' game that began as a joke (with prizes!) soon seemed silly, since there were so many federal employees/recruiters/agents.

I'm all for DEF CON entering the mainstream. It's a conference and community that I've grown to love, and the lessons I've learned there (not to mention the friends I've made) have helped me immensely--both personally and professionally. That said, though, there's pretty much zero chance that this announcement DT made will have any effect whatsoever on federal agents, recruiters or representatives attending the con. More than anything, it's a huge publicity stunt.

After all, most of the staff and "old school" attendees work for "the man" now. For some, like me, it's just hacking for money; many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?

Personally, I don't think so.

PS: If you're considering going to DEF CON and you've never been, you should! It's a booze-fueled learning, partying and networking event unlike any other. Plus, you get to hang out in Vegas for a weekend!

ENOTTY 8 days ago 2 replies      
So I assume Dark Tangent won't attend his own con? Jeff Moss sits on the Homeland Security Advisory Board and is the CSO of ICANN.[1] If that's not "the man", I don't know what is.

[1] http://www.dhs.gov/homeland-security-advisory-council-member...

typicalrunt 8 days ago 1 reply      
I applaud Jeff's (DarkTangent) stance on this. I've been to 7 Defcons now and the Feds have always been treated fairly. Even the media has been treated with respect, so long as they are transparent and honest about being media [1]. Honesty and openness have been betrayed this year with the Snowden leaks, and I'm glad people are finally taking a stand.

I'm curious other security conventions will take the same stance.

[1] One year a reporter disguised herself as an attendee instead of admitting she was a reporter, and was attempting to get hackers on record saying that they've hacked into <this> and <that> important system. She was found out and summarily chased (literally) out the convention.

danielsiders 8 days ago 3 replies      
Entry (since the site is down):

"Feds, we need some time apart.Posted 7.10.13

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent"

mirkules 8 days ago 3 replies      
I'm skeptical. For the past few years that I've been attending, defcon felt at some times like an instrument for fed recruiting while paying lip service to its original "underground" feel. DT's message almost felt like posturing to underline the latter rather than a sincere statement to curtail the former. I won't pretend that I'm a long time attendee (my first was DC16), so I would love to hear from some more seasoned attendees if my impression is correct.

Edit: the reason for that impression is that there is no declaration of a policy in his message (e.g. "feds are prohibited from soliciting employees at DC21"), rather a soft "time-out". With all due respect to DT, neither we nor the feds are in the third grade. Contrast this with their strict journalist policy and recall how that undercover reporter was outed and kicked out/chased away a few years ago.

_delirium 8 days ago 0 replies      
A curious aspect is that the person who wrote this message (Jeff Moss) is actually a fed himself. Does he plan to exclude himself from the conference?
smokeyj 8 days ago 2 replies      
As hackers we have an ethical obligation to refuse service to tyrants and dictators. Like mercenaries who profiteer off war, we should ostracize those who act against humanity.
anonymous 8 days ago 0 replies      
I will attempt to translate Jeff's short message:

In light of recent events, this is not an opportune time for recruiting and so the feds will not be attending the conference in their usual numbers. However, they will of course still be monitoring all communcations at the event, so they will be there in spirit.

ferdo 8 days ago 0 replies      
"It is difficult to get a man to understand something when his salary depends upon his not understanding it."

-Upton Sinclair

anonymous 8 days ago 0 replies      

In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser,"... "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"

mcantelon 8 days ago 0 replies      
Note the "this year". Defcon is just looking after their branding. If they had concern for privacy they wouldn't have had the NSA directory keynote last year and let him lie to their audience.
ianhawes 8 days ago 5 replies      
My understanding is that the overwhelming majority of Federal employees on official duty from FBI, DHS, DOD, NSA, etc.. that attend DEFCON (and related conferences) are actually not agents at all, but rather low ranking analysts whose job at the conferences are to assess the material presented and report back. This is opposed to, say, recruiting CIs or surveilling targets.

Source: I asked a Fed.

rdl 8 days ago 0 replies      
I was assuming Defcon 21 would be down on fed count this year due to 1) the sequester hurting travel budgets and 2) recent (well, in the past year) high profile wasting of money in Las Vegas by the GSA.

There's also OHM running in parallel, which will draw off some of the European attendees (probably not law enforcement/intel, though). If I got to pick between OHM and PW/BS/BH/DC (all 4 running in Las Vegas that week), I'd probably pick Ohm.

mcot2 8 days ago 1 reply      
DefCon is a joke. Nobody with any skill takes that conference seriously.

This is a complete farce as one of the key speakers last year was Gen Keith Alexander. NSA was fairly open about recruiting directly from DefCon and DefCon leadership had no problem with it. Anyone with even a slight security background could have predicted Prism and other programs just by the AT&T whistleblower from the mid 2000's.

DefCon is just too big, too mainstream for any real technical value. I don't need to fly to Vegas to watch umpteen panel discussions with crazy EFF people.

jonathanwallace 8 days ago 0 replies      
Try the non-SSL version if you're having trouble accessing the site. http://www.defcon.org/#dc21fedbreak
Canada 8 days ago 2 replies      
The feds have all the 0 day and privileged access now. What do they need Def Con for anyway? Well, I guess they'll miss out on getting drunk.
Shank 7 days ago 0 replies      
It seems quite clear to me that Dark Tangent is attempting to stop something bad from happening at DEF CON. He doesn't want a fight or a brawl breaking out, or implied threats or negative community interaction. His advice isn't so much a 'no feds allowed' sign, but more of an open warning that coming as a Fed might cause undesired tension and circumstances that weren't previously present in such high volumes.

Calling the situation ironic because DT is a fed is unrelated - he may work for the government, but he isn't in a position that has a conflict of interest with a hacker conference (read: he doesn't work for the NSA). If you say "Dark Tangent" to a person in the security community, people recognize him as the creator of a hacker conference; not a government employee.

guiambros 7 days ago 0 replies      
It's important to remember that DEF CON is not banning the feds, but instead asking them to not participate this year. There's a big difference here. The former is mandatory, unilateral; the other is an invite to pause and reconsider the relationship.

Now I'm curious on how government agencies will respond. They may go anyway -- and have to deal with a very unwelcoming mood, or respect the request and give some space for the sec community to discuss the case more openly.

I, for one, fully support DT's request, and really hope the feds understand that the problem is not who they are or what they represent, but their tactics and methods recently exposed.

They can't expect to be welcomed anywhere, given the obvious abuses that are happening against U.S. Citizens (and everyone else, for the matter), under the excuse of "war on terrorism".

femto 8 days ago 0 replies      
Did anyone else look at the defcon21 logo and see a hand giving "the finger"? ("def" are the fingers, 21 is the palm, the top of the d is an extended finger
adaml_623 8 days ago 0 replies      
Is it possible that this post is a message to many who work for the government to evaluate what they are doing and decide whether they are comfortable with what their job involves. After all there's a huge spectrum of possible actions between whistle-blowing and unthinkingly following procedures. And you can work for change from within... perhaps.
rawrly 8 days ago 4 replies      
Defcon is cancelled.
microb 8 days ago 1 reply      
Keith Alexander, Director of the NSA spoke at DEFCON last year to a standing-room-only audience. Every year "the feds" have a presence at DEFCON.
Selfcommit 8 days ago 1 reply      
HN effect on the site?
maqr 8 days ago 1 reply      
Does a "time-out" mean that they're discouraged from attending or that they won't be issued badges?
GigabyteCoin 7 days ago 0 replies      
If the feds can get air traffic controllers in other countries around the world to down the Bolivian President's jet... I don't think they'd have any trouble getting into DefCon if they really wanted to.
kGrange 7 days ago 0 replies      
I don't think this is about "taking a stand." As has been pointed out, Dark Tangent is himself working for the Feds.

> recent revelations have made many in the community uncomfortable about this relationship.

They just don't want to deal with fed vs. non-fed tensions at the con. Maybe they're afraid fights would break out.

gavinlynch 7 days ago 0 replies      
Is half the Security industry just attending conferences? Seriously.
GoldfishCRM 8 days ago 0 replies      
Smart move. Then people not feds has to come in order to prove they are not feds.
codezero 8 days ago 0 replies      
It's not just you.
exgeocitiesuser 8 days ago 0 replies      
interseting times we live in
Cello: Higher level programming in C libcello.org
509 points by mntmn  3 days ago   156 comments top 36
breckinloggins 3 days ago 6 replies      
I want to make a few observations about this, and why I found it seemingly less "hacky" than other such attempts:

- As I said in an earlier comment, "var" is just a typedef'd "void *". The downside is that libCello code is essentially untyped, but the upsides are that the C preprocessor is now enough to do the processing needed for the rest of the macros in the language, and that you can still mix regular typed C with libCello code for a "best of both worlds" mix.

- Looks pretty, right? What you're responding to is not just the nice non-capitalized macros and the $ keyword, but the syntax highlighting in his examples. Fire up a text editor and write you some libCello code without this highlighting and it probably won't feel as nice.

I'm extremely interested in the idea of taking the syntax highlighting, formatting, and code completion OUT of these specialized IDEs and plugins and into some kind of standard "bidirectional channel" between a language processor or compiler, its macro system, and the user's editor of choice.

We should be able to make entire DSLs and specialized syntaxes that not only compile, but are able to provide rich information to the surrounding development environment in a standardized way. I'm not alone on this. F#'s Type Providers do exactly that. But imagine being able to control not only the "intellisense", but also the syntax highlighting, argument/return tooltips, documentation, preferred formatting, snippets, etc.

And by "surrounding development environment" I mean everything from the command line to vim and emacs all the way to Sublime Text, Eclipse, and Visual Studio. Even github! Why do you have to register a new syntax highlighter on github for a language and hope they turn it on?

jacquesm 3 days ago 0 replies      
Super stuff this, that's a very interesting approach.

I spent the better part of the last two years writing a (closed source, sorry) library that does some of this, and some other stuff besides (state machines, events, 'proper' strings with automatic garbage collection and allocation, message passing).

Maintaining static typing was a big pre-requisite for that library, without it too much of value would be lost to offset the gains. It was a very educational project for me, it definitely re-inforced the 'half of common lisp' meme.

To program a piece of software using that library no longer felt like programming in C, every now and then you'd see a bit of C shine through in the lower level code. The whole thing relied to a ridiculous degree on macro cleverness (something to be avoided, for sure) and other deep knowledge of how C works under the hood to get certain effects, and I found this part of it less than elegant (even if the results were quite a big step up from programming in C).

The main justification for doing all this was to straighten out a project that had become bogged down under increasing complexity and a failure to abstract out the common elements. Choosing C for this project was a poor decision but since there was not going to be any budging on that front I tried to make the job work out as good as possible.

It's quite interesting to see how far you can push C but at the same time you really have to ask yourself if you are on the right road if you find yourself doing things in such a manner.

Like Cello, the lib I wrote is a way to force the language to become another language, which always has drawbacks in terms of unintended side effects and long term support.

Probably better to switch to a platform that is closer to your problem domain (in this case, such as erlang, clojure or even go), as much as I liked tinkering with C it felt like we were making life harder than it needed to be.

makmanalp 3 days ago 6 replies      
Slightly related tangent:

I'm looking for standards / set of libraries / best practices for "modern" C development, but I've yet to find a comprehensive resource.

Stuff like typedefing a manual fixed sized int type to be cross-platform compatible, that books don't really tell you to do but are important and come up often.

I'd be okay with a small, well written example library too. Does anyone happen to know something like this?

edit: Ah, sorry if I misled you, that was just an example of the kind of tips and pointers I was looking for. Or weird bits like the linux kernel list_head. http://kernelnewbies.org/FAQ/LinkedLists Or common libraries like bstring that make life easy. Or even a single, comprehensive implementation of good data structures, since everyone seems to have their own vector.h and/or hash.h that fails to cover much other than their own use case.

breckinloggins 3 days ago 2 replies      
Note that "var" is a typedef'd "void *". This essentially bypasses C's typechecker for libCello code. The author admits as such, and maybe that's just fine for what you need to do, but you should be aware of it.
mjn 3 days ago 0 replies      
Wow, this is an impressive amount of high-level feel for relatively little preprocessor code (and a fairly lightweight C library underneath that). Holds together pretty consistently, which is hard to do with syntax extensions built on top of the C preprocessor, vs in languages with more convenient syntax-extension or macro systems.
hugs 3 days ago 0 replies      
I spent the last hour trying to get the example programs on the front page of the libCello site to compile on OS X (10.8.4). I discovered I was missing some include flags. This is what finally worked:

$ gcc -lCello -std=c99 -fnested-functions example.c -o example

Hope this helps someone!

JonFish85 3 days ago 1 reply      
An interesting experiment, but even as the author states "it's a fun experiment". It makes things easier to read & understand for beginners, maybe, but he even states that it's not for beginners. If I have to be a C power user to use it, I imagine I'd feel more comfortable without it. Just my opinion though.
dcope 3 days ago 3 replies      
After looking at the source, this appears to be a great beginners resource of how to build on top of C. The source is very concise and straightforward. I'm curious to see what will come from this.
robododo 3 days ago 0 replies      
It looks pretty, but I'm already having nightmares about stepping through this in a debugger.
ExpiredLink 3 days ago 2 replies      
People interested in real-world high(er)-level C programming should take a look at this book, "especially the class methodology in Chapter 4": http://www.duckware.com/bugfreec/index.html

Side note: this book would certainly be down-voted on r/programming but I expect more grown-ups here.

ambrop7 3 days ago 5 replies      
What is this? It claims to be a (GNU99) C library, but I don't see how this can be the case, considering all the non-C constructs in the sample code ($(), try/catch, foreach). So it this just a language of its own that is compiled into C?
JoachimSchipper 3 days ago 0 replies      
Pretty cool, even if I don't want to see the compiler warnings. ;-)

In the same vein, but more C-like: http://p99.gforge.inria.fr/p99-html/.

jnbiche 3 days ago 1 reply      
This looks very nice indeed. The main thing that will interfere with usability for me as a non-C guru is the lack of thread support. But I am really grateful for the effort since my "spiritual home" among programming languages is definitely the dynamic languages, yet I appreciate the need and beauty of C in many instances when performance is necessary. libcello's apparent optional static typing (the "var") is really nice -- it's one of the wonderful things about using Cython alongside Python.
popee 3 days ago 1 reply      
Chello is nice proof of concept, but personally i'd like to see only one or two changes to C standard:

1. sizeof(function) -> would give user ability to copy functions around.

2. maybe new reserved keyword _Func -> function tagged with _Func would indicate that function must be compiled as function object (defined sizeof) and compiler needs to address fact that function may be moved around and used (relative addressing and i guess bunch or others problems that would arise). Only code, nothing to do with ELF or other formats.

Another interesting thing to do would be to, somehow, eliminate function pointers with _Func.

In any case, user would be responsible for creating environment for that (lambda?) functions, like manually setting mprotect or setting up stack (prologue.h & epilogue.h ???).

_Func int example_prototype(int i, int j) {

  return i + j;

And then do something like:

example_prototype func0;

memcpy(&func0, example_prototype, sizeof(example_prototype));

struct prologue_t *p_ptr = &func0;

p_ptr->sp = 0xdeedbeef; // Or some address that is used as stack

z = func0(5, 6)

So, what do you thing how hard would it be to implement something like that?

sspiff 3 days ago 0 replies      
The fact that this uses "void *" as a universal type makes me somewhat reluctant to try this out.
sovande 3 days ago 1 reply      
Not thread safe. For instance the exception stack is global.
georgeg 3 days ago 1 reply      
This is the kind of functionality that D language is really good at. If I were to go beyond the fun bit of this project, i would have a look at D language.
Demiurge 3 days ago 0 replies      
This looks nice. A lightweight macro for Class, that is just a struct with function pointers, and I will use it over c++ :)
eonil 3 days ago 0 replies      
Interesting at first, but lack of static type-check (or notation) voids everything.
ilitirit 3 days ago 2 replies      
Why would one choose this:

  var int_item = $(Int, 5);
over this:

  int int_item = 5;
What am I missing?

dubcanada 3 days ago 2 replies      
So, because I am a nub in this stuff... When it says C library, does that mean anything that works with C (say a gui library for example GTK) will work perfectly fine with this? I would just change the syntax as required and call it good?
smegel 3 days ago 1 reply      
"Constructors/Destructors aid memory management"

Does it do RAII? Really, calling destructors implicitly on auto variables on scope exit is the main thing missing in C here.

dsego 3 days ago 0 replies      
If there is already new syntax, why not just make a completely new language that compiles to C, like vala or something similar?
guilloche 3 days ago 0 replies      
It seems interesting but I did not get it. Does it try to add some c++ syntax sugar? Does it have performance advantage over c++ for similar functionality?

I am not a fan for C++ syntax, can I still get something from cello?

guard-of-terra 3 days ago 0 replies      
They should neither use C++ keywords nor invent parallel terms (real vs float) in order this to fly.
halayli 3 days ago 0 replies      
Just use C++11.
deletes 3 days ago 2 replies      
Does it have inheritance and polymorphism?
akadien 3 days ago 3 replies      
Harrumph. Our http://github.com/redjack/libcork.git library is better.
oscargrouch 3 days ago 0 replies      
i hope this get more and more popular.. in a way that the next natural step would be implementing a special parser for it in GCC and Clang (as some sort of C subset)..

totally awesome!

mogui 2 days ago 0 replies      
loving it, definitely I was playing with these sort of things these months and eventually I was ending with something similar, but that is far away what I was doing.I think I will contribute to this lib if i can instead of continuing my shit :)
jlebrech 3 days ago 0 replies      
Someone build an nginx (openresty?) module with this.
brambit 3 days ago 0 replies      
Use macros?
mortdeus 3 days ago 0 replies      
claudiug 3 days ago 0 replies      
create a webframework now like rails/django and you will have some marketing :P
cad 3 days ago 0 replies      
Why, why, why didn't I break his legs!
anuraj 3 days ago 0 replies      
Well - this looks more PHP now - given that PHP interpreter is actually a shell on native C - I think it already achieves this.
Use "Amazon 1 Button" Chrome extension to sniff all HTTPS websites kotowicz.net
493 points by jamzed  6 days ago   58 comments top 19
taway2012 6 days ago 5 replies      
This sort of abusive, insecure extension poisons the well for all extension developers. Now, I wish to submit a couple of feature requests to the Chrome team.

1) I wish there was a way by which an extension could declare its access patterns in much more fine-grained manner (kinda like CORS headers). Then I can prove to my users that my extension cannot do the sort of ugly crap that Amazon is doing.

2) Second is an API to expose details of an XMLHTTPRequest's (or maybe even 'document' object's) SSL server certificate. Even a binary blob will do: I can parse it in JS. Without this, you can't do "certificate pinning" for extensions.

Chrome extension permissions are too coarse-grain. Why is DOM write permission not separated from DOM read perms?

If Google doesn't crack down on abusive extensions like this, they risk users losing trust in the Chrome "brand". Just my 2 cents.

makmanalp 6 days ago 1 reply      
Cached: http://webcache.googleusercontent.com/search?q=cache:http://...

The "news" part of this is that the extension allegedly reports all the URLs you've visited to amazon, including https ones, plus some reporting of site contents to alexa.

Kerrick 6 days ago 1 reply      
That's why in my Chrome extension that allows you to discover whether pages have been submitted on reddit as you browse [1], I was cautious with the fact that reddit is sent the URLs over HTTP.

It has a Privacy section in the settings that lets you enable Wait For Click so URLs are only checked upon explicit request. It also lets you exclude domains or URL regular expressions from automatically checking the URL, forcing those to be Wait for Click.

Plus, it comes with smart defaults. Default excluded domains include popular banks, Gmail and Google Docs. Default excluded regular expressions match Google/Yahoo/Bing SERPs and various protocols that you probably don't want checked.

All it takes are some smart defaults and a small amount of development [2], and you can protect your users' privacy. It's worth it.

[1]: http://kerrick.github.io/Mostly-Harmless

[2]: https://github.com/Kerrick/Mostly-Harmless/blob/d61d79aa85a6... 20 LOC in my extension)

lazylland 6 days ago 1 reply      
My paranoia in installing extensions is finally justified. If Amazon is pulling these kind of stunts, then imagine the kind of mischief the smaller apps are pulling off.

This whole "scorched earth"-style permissions model that users can't make educated decisions about is what annoys me about current platforms like Chrome, Android and iOS.

JavaME had an interesting model where the app asks permissions after it is installed (e.g. internet access, local file system access) for each thing it wants to do. And the app has to consider the fact that the user can decide not to grant that particular permission. Of course, once you decide to trust the app, you could disable the prompts.

slig 6 days ago 0 replies      
Let's see if we can remember about Amazon doing this kind of shit as well as we remember about Linode's security breaches.
jessaustin 6 days ago 0 replies      
I'm not exactly encouraged by Amazon's "fix": they simply started serving their custom spy instructions over https. It almost tempts me to write a different extension to observe these instructions and then crowd-source a database of them. What nefarious shit are they doing, that justifies this extra layer of indirection?
nkozyra 6 days ago 5 replies      
Can anyone fathom a potentially benign reason Amazon might do this?
borski 6 days ago 0 replies      
Sadly, Amazon isn't alone in this. There is no secure CSP that Chrome implements for any of its extensions, and they don't require and sort of legitimate oversight, so I would venture to guess that there are at least a few dozen extensions that are just as bad.

We wrote about one, incidentally, a few months ago, that has hundreds of thousands of installs: https://www.tinfoilsecurity.com/blog/building-a-browser-exte...

thyrsus 6 days ago 0 replies      
I'd like to snoop on my (self initiated) https traffic so I can write a monitor for a third party web app that is only available over https. In a similar situation but with clear text, I've made use of a perl proxy that generates code mimicking the browser initiated transaction, which can then be lightly modified into a Nagios managed monitor for that kind of transaction.

The described technique looks like it might get me some of the way there, but it's kind of a square peg to my round hole. My google/stackoverflow searches aren't getting me very far; I found a reference to jmeter acting as an https client proxying http, but that looks like a similarly deep hole. Maybe it's easier than it looks; I don't know.

I'm no browser expert, but I'm not particularly afraid of javascript.


taopao 6 days ago 0 replies      
So can I buy hiybbprqag on Amazon now?
gwu78 6 days ago 1 reply      
So if the user has Javascript disabled, what happens then?

It seems so many exploits rely on Javascript.

Would a user ever be willing to sacrafice a little "user experience" (accomplished with Javascript) for protection against easy exploits?

Is that question ever left to the user?

Not if a website provides Javascript-free means of interacting with it; and demands that the user enable Javascript (=you "must" enable Javascript to use this site).

chmars 6 days ago 0 replies      
The extension is available in the official Chrome Web Store. Apparently, Google doesn't verify extensions for malicious behavior or maybe such behavior is even desired
rbreve 6 days ago 0 replies      
Before you install the extension you agree that it will "Access data on all websites" here is a discussion on that issue http://productforums.google.com/forum/#!topic/chrome/tqwFMlk...
josh_blum 6 days ago 0 replies      
Why is this a big surprise? I'm sure that you would find similar features on the eBay extension or any other 3rd party online store. The problem is really in how the permissions are displayed and users are so willing to give full access to their browser through extensions.
astupidquestion 6 days ago 1 reply      
Stupid questions:

1) Would a plugin such as Disconnect.me stop this from happening? (Yes, I am aware of the irony...)

2) What's the best way for a non-technical person to monitor traffic to ensure that plugins are not "phoning home"?

trotsky 6 days ago 0 replies      
wow, i'm shocked that amazon would stoop so low. what's next, the yahoo toolbar stops being a convenient and secure way to search the web and gets into the spyware business?
liorn 6 days ago 0 replies      
Try PriceDrop instead to follow Amazon product prices: http://pricedrop.stuffstuff.org . It's not evil.
fuzzbizz 6 days ago 0 replies      
So, it's like Lumi, but for shopping?
signy 6 days ago 1 reply      
This is exactly the reason why I came up with Signy. The only secure 1 click login button that gives you total privacy. http://signy.launchrock.com/
Linus on "acting professionally" marc.info
473 points by blacktulip  3 days ago   480 comments top 87
columbo 3 days ago 15 replies      
This is another great example of why you can't take successful people and distil them down to their base components and say "ah, this is what made him great!"

I believe being a loud-abrasive-dictator works for Linus because he is famous for being a loud-abrasive-dictator.

That's not important. What is important is the reader. Let's be clear on a few things

#1 - Linus doesn't run a business. He's the kernel admin, he's a popular figure, he manages millions of lines of code. That's an entirely different game than what is necessary to run a small/mid/large business. Comparing the two is an apples-to-hammers comparison.

In a business, or small open source project, you have to be willing to deal with what you get. You will make sacrifices, it wont be easy. You might have this great idea but only 2 people are willing to work the occasional weekend on it; are you about to start an email chain calling them all dogshit coders?

Linus doesn't have that problem. He's famous for being Linus. You are not famous for being you.

#2 - YOU need to know how to be critical and polite. I don't care what Linus gets to do. You as a developer, you as a person who isn't famous, you as someone working in a team must (MUST) learn how to give constructive criticism.

"Bob, This isn't up to our quality standards, here's an example (cite)".

Easy, no frills, no shit-sandwich, no sugar-coated-political-correct-everyone-holds-hands-and-sings-around-the-campfire filler text. It's clear and it gets straight to the point. Learn how to do this, or fight an uphill battle with diminishing returns.

Linus can start a project tomorrow and have a hundred developers working on it, you cannot.

#3 - I'd take Linus' opinion on business culture with about the same size of salt as I would when listening to Jonathan Ive's opinion on middle-eastern-politics.

Everyone gets to have an opinion on something. I'm sure Tim Cook has an opinion on healthcare, and Bill Gates has an opinion on footwear. This doesn't make them experts on the subject or even any more informed than your average person. They're famous for doing X, listen to their opinions on X, take everything else as amateur opinion.

Linus is the kernal admin. I want to know how he manages 15 million lines of code, I want to know how he forks/branches/merges this code, how he handles bugs, how he tests it, and how work is handed out. I want to get his opinion on managing code not managing people. He doesn't deal with payroll, 401ks, employee vacations or benefits, he doesn't care about retention, he cares about code.

jdietrich 3 days ago 14 replies      
You don't get to tell Linus what is or isn't professional. He has led one of the most important human endeavours of the last hundred years. However he decides to get that done is his business.

Call it rude or impolite, call it thoughtless or insulting, but don't call it unprofessional. If there's one thing that nobody can dispute, it's that Linus knows how to get shit done and knows how to run an effective team.

There's nothing stopping anyone from mounting a coup d'etat. Anyone can fork the kernel, build a team of developers and usurp Linus. They'll struggle to build that team, because Linus is deeply trusted with the stewardship of the kernel, in no small part because of his "unprofessional" behaviour.

ealexhudson 3 days ago 12 replies      
Linus is dead wrong here. When he says acting professionally means "fake politeness, the lying, the office politics and backstabbing, the passive aggressiveness, and the buzzwords", he's attacking a straw man: none of that behaviour is professional, and to say that professional behaviour must degenerate to that behaviour is a stretch at best.

Aggression is not warranted in a professional environment; neither overt (a la LKML) or covert (passive). Lying is not warranted under any circumstance. Being professional means not calling people names.

All of this stuff is what you get taught in kindergarten, it's not rocket science. Mental abuse is no better than physical abuse, and given I don't buy that hitting developers with sticks makes them "better" somehow I'm also not going to buy into clue-by-four beatings being any better.

jakobe 3 days ago 8 replies      
Torvalds seems to be a real bully. And it hurts me to see all these responses justifying his behaviour, as if this is the way it must be.

Just look at this message:http://webcache.googleusercontent.com/search?q=cache:1TUvG3J...

There is no justification for this kind of behaviour. If anybody else behaved this way, they would be sent to a psychiatrist. But apparently since it's Linus Torvalds, he's just being a little "harsh" and that's necessary to get his point across.

acjohnson55 3 days ago 1 reply      
Show some intellectual curiosity, people. The same way some hackers get mad at others' unwillingness to dig into math/tech, many of you are refusing to put just a little bit of effort into being civil. It can be difficult to separate what's actually factually making you upset from the basal urge to express raw ire by cursing and belittling, but it becomes easier with practice. Just like math, or any other intelligence based skill.

Once you put some practice in, you can even do it with the same level of brevity as a immature tirade. I have immense respect for Linus and his accomplishments, but he frankly doesn't deserve a medal or apologetics for his refusal to increase his interpersonal intelligence. There is a higher level of humanity to aspire to than yelling at one another like cavemen OR Machiavellian passive-aggressive faux-politeness.

When I taught high school in Baltimore, I taught a lot of students whose most basic frame for interpersonal interaction was might-makes-right yelling and cursing. One of my goals was to demonstrate that no matter what, it's possible to conduct yourself without devolving to that level. It admittedly made it difficult for me to get my points across sometimes, but on the whole, I think I taught my students a very valuable lesson--that there is an alternative. In the end, there was a certain level on which my students always trusted me to treat them with human respect.

I expect more from a professional than a high school student. Being "politically incorrect" can make it easier to express your emotions, but it can also cause deeply held long-term resentments that manifest in unpredictable and damaging ways. Crying foul about political correctness is just making excuses about refusing to put in the effort to see things from others' points of view. And it also refuses to acknowledge that you yourself have your hot buttons that will set you off as well. And when emotional buttons are getting pressed, intellectual messages are getting lost.

CrLf 3 days ago 2 replies      

This is the start of the thread. It is pretty obvious that no one is being serious about actual violence. It's just banter. Harmless (and not at all unhealty) banter.

The type of communication in the LKML has always been straight to the point and without unnecessary diplomacy. Sometimes it reads as assertiveness, sometimes it reads as rudeness. The point is that it works.

Every community has its "rules". Those rules are made by its members, all its members. If you disagree, act differently. If you are right and the others are wrong, they will follow you.

Asking for "professional behavior" when others are just acting normally is whining for politically correctness, which is pretty annoying and a sure way to not change anything.

sixbrx 3 days ago 2 replies      
In a long term relationship, I don't like subtlety and politeness. It just leads to emotional amplification on the receiver side - the receiver just learns to "turn up the volume" on anything said to try find the true signal. (Was that praise just a bit faint this time, hiding some kind of displeasure with my work? What was that slight smile about?)

Some of the most offensive put-downs come as faint praise from people who are just so convinced that they're always reasonable to the nth degree. I'd rather someone come out flailing so I can defend myself and my work, with both of us being wrong (and open about it) from time to time so it's not something unusual or noteworthy.

officemonkey 3 days ago 1 reply      
Linus gets to do what he wants to do because he was extraordinarily successful in his field from a very young age. In other words, he's spoiled.

If he had to "work for a living," ie: work in a job he needed, rather than a job he wanted, he would likely have had a job which enforced behavioral norms. He probably wouldn't have been as happy, but he likely would more polite.

One of the things schools do is to socialize us to maintain civility. This only works for some people. It's clear to me that Linus is rather incapable of realizing he's being a douche, and even if he does realize it, he's not interested in changing for other people. And since it's Linus' sandbox, you either deal with it or go home.

However, the main point of his argument is valid. People are different and we should align ourselves with people that support our preferred way of working. If you can't work with Linus directly because he's a douche, then you better find an insulating support structure, or find another project.

bguthrie 3 days ago 0 replies      
Who cares if he acts professionally or not? But he's certainly not kind, and that counts.

Whenever someone talented acts like a dick, take a moment to think of all the talented people in history who managed to remain civil despite their accomplishments. It's a long enough list to matter. No one gets a free pass.

shubb 3 days ago 1 reply      
Agreement not to be nasty to people mostly protects people in a weak position. It's a long time since that has been Linus, so it's not surprising he's forgotten the merits of it.

Say 'Sarah Sharp' was hired by her company as a kernel developer. She knows that, if she makes a commit and Linus doesn't like it, he will write up what she has done like it was terrible (rather than slightly careless, or even just different from how he'd do it), and her boss will doubt her competence. Twice, three times, appears on google when he searches for her name... maybe she'll need a new employer...

So Sarah can either throw away her Linux expertise, and go work on BSD for way less money, or live in fear of Linus. Personally, I don't like living in fear. But presumably, she likes renting a house for her kids to live in. So there is nothing she can do except wake up in the night, unable to sleep until she checks the mailing list one last time.

I'm sure Linus doesn't care if she cusses at him. His worst case isn't homelessness.

Tyrannosaurs 3 days ago 0 replies      
People seem to be mistaken about why most teams accept certain standards. It's not about artificial politeness, it's about trying to get the best out of the team.

Not shouting people down is good because it means that people who are more reserved but who have valuable things to add get their say.

Not calling people stupid is good because generally people working on a project such as this aren't stupid and you're missing a chance to find out what really went wrong (misunderstanding, miscommunication or whatever).

Even if what they have said IS stupid, not abusing people for mistakes is good because abuse is a sub-optimal way of teaching.

Yes modern organisations have taken much of this too far and ended up as insincere, inefficient behemoths, but some of the standards within the community seems to be throwing the baby out with the bath water and taking almost gleeful pride in doing so.

scrrr 3 days ago 2 replies      
I'd rather have my feelings hurt in exchange for an honest opinion than to hear worthless words that sound nice. Always.

And I'd always prefer a competent asshole boss to a friendly guy that doesn't know how to do his job.

Personally, I think too much niceness and, by extension, political correctness is bad for honesty, truth, effectiveness and, ultimately, for culture. The culture in the office and the culture as a whole.

We shouldn't expect to go through life with everyone being nice all the time. It's not realistic. Tough love is good. I don't want to live in an environment of friendly bullshit.

And thus I am happy that Linus is the way he is. A very accomplished man that doesn't care about your precious political correctness.

(I assume Steve Jobs was similar in that regard.)

droob 3 days ago 0 replies      
This is the nerd equivalent of "MAN UP, BRO."

It's not how grownups deal with each other.

rachelbythebay 3 days ago 3 replies      
I only have one Linus story. Way back in 2007, he was supposed to come and give a talk on git. I had to do an on-site interview with a candidate immediately beforehand, but managed to get it done and got there in time to see the talk start. I had never seen him in person and figured it might be interesting, particularly since I had actually used git on some projects prior to that point.

This wound up being recorded, and it's online here: https://www.youtube.com/watch?v=4XpnKHJAok8

I think I lasted ten minutes and left after deciding it was too much. There was enough of that kind of energy going around already to willingly sit there and take in more. Besides, I had an interview to write up.

reirob 3 days ago 1 reply      
I like Linus - he has character, style and he fights to stay himself no matter how often people want him to change.

Some quotes I liked:

So as far as I'm concerned, the discussion is about "how to worktogether DESPITE people being different". Not about trying to makeeverybody please each other.

I'm also not going tobuy into the fake politeness, the lying, the office politics andbackstabbing, the passive aggressiveness, and the buzzwords. BecauseTHAT is what "acting professionally" results in: people resort to allkinds of really nasty things because they are forced to act out theirnormal urges in unnatural ways.

davorak 3 days ago 0 replies      
A good quote from Linus in the link is:

> So as far as I'm concerned, the discussion is about "how to work together DESPITE people being different". Not about trying to make everybody please each other.

One method of getting people to work together despite people being different is to get everyone to agree to a standard communication protocol when dealing with each other. This is often consider getting everyone to act professionally and in many/most organizations the standard of conduct is enforced from the top down.

It can be enforced from the top down because the people at the top can provide the right mix of incentives and can cull those who do not conform.

In most volunteer communities it can be difficult/undesirable to enforce a detailed/strict code of conduct. It can limit your access to volunteers and is one more hurdle to joining the organization. Think of how much sales/conversions can drop if a user has to click through one more screen or is required to click one more confirmation, now add on top of that the user is trying to volunteer, an action which is more complex if not more costly then a simple purchase. It would be interesting to quantify the codes of conduct(how they are enforced not written) from different web forums and correlate it with member growth, retention, and level of interaction.

So in a diverse volunteer community it seems advantageous to first encourage members to be generous of what they accept before encouraging them to be careful with what they share.

nicolethenerd 2 days ago 0 replies      
The fact that so many people have popped up here to defend or justify Linus's behavior terrifies me.

There is no excuse for being mean. Period. Full stop. This is basic human courtesy - they teach it in grade school.

It doesn't matter if you're famous, or if you lead a project with tons of users and contributors, or you're nobody - anything that you can yell at people, you can also tell them politely. And you can argue about the technicalities of what constitutes "professionalism" or "abusive speech" all you want - the fact is, what Linus said was mean, and nobody should have to be on the receiving end of that. It doesn't matter if it's said in public or private, or whether the person he was talking to did something "stupid" (and haven't we all, at some point?) - nobody should have to be treated that way.

And if you think otherwise, well, I hope I never have to work with you.

i_c_b 3 days ago 1 reply      
I wish more comments engaged his actual argument. Here, there's a lot of "Torvalds is a jerk and unprofessional" versus "Blunt is good, and screw the PC police talk!" That's not his argument.

Torvalds is saying, "Some people think there SHOULD BE a universal 'professionalism' that 'we' can haggle over in the public sphere and then enforce on bystanders in local contexts" and "Other people think there are just local relationships in groups to be negotiated ad hoc in those local contexts." And he works as though the second statement is more credible.

Saying "we" should be "professional" is actually assuming a bunch of very contestable propositions from the first word. There absolutely ends up being a bullying component when you invent a broad "we", declare other people to be members of it, and then try to enforce norms on that imagined "we".

And I say all this with the caveat that Torvalds is probably too blunt for me. But that doesn't make him wrong.

tmoertel 2 days ago 0 replies      
The historical evidence suggests that when it comes to massive social systems like the Linux kernel project, Linus knows more about keeping them vigorous and relevant than just about any other person in existence. He runs what is probably the most successful software project in human history. He has created a sustainable, growing social system that, for over two decades, has accomplished monumental technical feats and shows no signs of slowing. As impressive as Linux is as a technical achievement, it pales in comparison to the social achievement that is the Linux kernel project.

Therefore, I dont put much stock in people telling Linus how the Linux kernel project ought to be run. When he writes,

The fact is, people need to know what my position on things are. And I can't just say "please don't do that", because people won't listen. I say "On the internet, nobody can hear you being subtle", and I mean it. [1]

Im inclined to believe him. Correspondingly, I have a hard time taking seriously the claims that the Linux kernel project, as a social system, would be better if Linus stopped doing what hes doing and did something nicer instead. The historical evidence suggests that what Linus is doing (whatever it is) works better than what everybody else is doing.

[1] http://marc.info/?l=linux-kernel&m=137391223711946&w=2

whydee 3 days ago 0 replies      
I call bullshit on that entire argument. Assholes will be assholes no matter what the context, and while I don't know Linus personally nor have I worked with him, I can spot his in-defense-of-being-an-asshole argument from a mile away. That's all it is. That entire text can be summarized as "I like to be an asshole sometimes, deal with it or leave".

The people who curse and yell and throw angry hissy fits are the exact same people who infuse work environments with the fake politeness, the lying, the office politics and backstabbing, the passive aggressiveness, and the buzzwords when forced to operate in a professional environment.

If his self-description really is accurate ("I'm not polite, and I get upset easily"), then telling other people "deal with it" is just an asshole move to do, nothing more nothing less. He could stand to become a better person by figuring out why he gets upset so easily and finding ways to either mitigate or work around that deficiency. Because however effective he may be right now, he would be even more effective then.

DevX101 3 days ago 1 reply      
There is HUGE difference between 'your code sucks' and 'you suck'.

I'd argue the former is more effective at addressing the problem at hand, while hearing the latter from someone you respect can be emotionally devastating for some people.

Fuxy 3 days ago 0 replies      
I like this guy more and more every time i read some of his comments.

I agree acting professional is not healthy for a real social interaction and you need real social interactions when you're building a collaborative system like Linux.

The only time i act professional is when somebody pissed me off and I'm not in a position to tell him he's a moron without being fired or otherwise get into trouble.

Karn 3 days ago 2 replies      
I'm glad Linus isn't budging on this one. As soon as you start considering how not to hurt someone's feelings, you're putting speed bumps in the paths of your thoughts. If something is fucking stupid, then someone needs to say exactly that, not "That's a good idea, but it seems to me and my mealy mouth that such and such may be another way of doing it...?"

The fact that the hacker community is full of mean gits is no coincidence. Let's consider where the opposite type of people (the ones who'll smile charmingly while stabbing you in the back) congregate - HR, PR, management, politics - all fields where creativity is less important than manipulativeness.

I'll take a brutally honest genius over a charming "socially intelligent" liar any day.

sz4kerto 3 days ago 2 replies      
The reason why Linus (or anybody else) might want to act 'professionally' (or nicely, whatever) is because some people feel bad when they are shouted at. It's completely valid to argue that shouting is just a culturally different, but acceptable way of expressing one's thoughts but then you need to be aware that you'll potentially lose people who just simply hate this form of communication.

So this discussion is not about whether shouting and cursing is morally acceptable or not. It's about who's going to make compromises, who's able to make compromises and who are we going to lose in the process. What Sarah (probably) implicitly says is 'I hate this, and I don't want to work in an environment like this - and there might be other people who feel the same'. If Linus thinks that he cannot work in a different way then (because he's pretty important for Linux) probably Sarah is going to be sacrificed in some way. That might be all right, but again: this is not a moral issue.

nilved 3 days ago 1 reply      
The most interesting thing about this post is that, were it not Linus, this comments page would be full of people calling him out.
martin-adams 3 days ago 2 replies      
>> Because I can pretty much guarantee that I'll continue cursing. To me, the discussion would be about how to work together despite these kinds of cultural differences

So if I get this right, we just need a Linus communication adapter that can translate messages so they are compatible with either side.

Does that mean when someone talks to Linus it should add swear words to be compatible with him? :)

I see his point, but it comes at a cost. People may start trying to work around him for fear of backlash rather than working with him. Or worse, just not try at all. We can only trust his technique has a greater net benefit.

coldcode 3 days ago 0 replies      
Linus can do whatever he wants because of what he does and how good he is at it. I'm just glad I don't have to work with him. It's possible to be honest and truthful and not be an asshole about it. It's just not possible for him.
scrrr 3 days ago 0 replies      
Video where Linus addresses the subject in response to an audience question (2:50 mins): http://www.youtube.com/watch?v=-ZRvHbHxr-k&list=PLAD73BF2CF9...
k-mcgrady 3 days ago 0 replies      
His last paragraph sums it up perfectly. When people hide behind false politeness and act passive aggressively they tend to let someone else know about their frustrations which leads to rumours, backstabbing etc.

It's also important to remember that tone doesn't come across well online so you shouldn't overreact to what you're reading. If someone curses online you could read it very aggressively. But if you were to hear them speak it it might seem much less threatening and aggressive and most or a speech pattern/way of phrasing things/way of making a point.

andyhmltn 3 days ago 0 replies      
I think he is correct. If you censor yourself in order to act 'nice' and 'polite' then you won't be able to put across the points you could've before.

Anyway: just because you act nice and act like you like somebody, doesn't mean you do.

I would much rather a person called me out on my bullshit than them politely skirting around the issue in an attempt to make me feel better and protect my feelings.

I personally have no experience writing kernel code, but I can imagine it's incredibly important that you get things right. So then if getting cursed at means you won't fuck up as often and learn from your mistake, then it works.

petercooper 3 days ago 0 replies      
If someone pushed their cart in front of him at the grocery store checkout and said "I hate lines. This is just how I roll." I wonder if he'd be OK with this other person's "expectations" of behavior.

The argument that acting "professionally" is an act or compromise we must try to avoid is bizarre to me. I dislike compromising over all sorts of things but having manners and not just doing everything or acting in a way your impulses desire is much of what it means to be an adult than an adolescent.

Forget the term "professional" even, let's just go with "courtesy" or "having manners." Fake, they may be, but people who act upon negative impulses in public whether sexual, violent, or even just bad language aren't typically going to have a good time.

jasonlotito 3 days ago 0 replies      
I think it's fine that Linus act that way in the context that he's in. However, there are far too many people agreeing that his way is the best way in all environments (or at least, in all "professional" environments). The reality is, each context is different. There are times when he's not going to curse at people. When he's not going to act the way he does.

Which leads to my point: you shouldn't be using his reasoning to justify your own actions. You are not a kernel developer replying to people on the kernel mailing list (unless you really are =)).

The fact that people look up to him and admire him does mean his cursing and attitude does have a harmful impact: people see him doing and use that as qualification for their own attitude.

There is also the assumption that professionalism means a lot of negative things. The truth is, it doesn't. Being a professional isn't about office politics (despite what some might want to believe). Professionalism is all about context. To slap a definition to professionalism and assume it applies everywhere equally means you need to accept those defining profanity as abusive everywhere in all context.

Basically, if you are using Linus as a justification to allow you to curse or be rude, you are doing it wrong and missing the point.

p.s. I should also note that I believe that anything that worth doing well takes effort. And while it's easier to skip being polite all together, I find that it's usually worth the effort. In the end, you spend less time dealing with discussions of profanity, and get to discuss the actual point. Context matters of course, which is why it works on the kernel mailing list, but not in many others.

kfcm 2 days ago 1 reply      
"Profanity is the language common to all programmers".

This entire thing is the clash of two cultures: corporatism (and its drive to mediocrity/milquetoasts) vs "getting sh*t done right"-ism.

It all comes down to this: do you value political sensitivity, or calling a spade a spade (granted, profanity isn't required for this, but it certainly helps)?

Give me the latter any day. I'm an adult; I can handle it.

aymeric 3 days ago 3 replies      
I find his answer very reasonable (although I also found some of his past answers quite harsh).
skc 3 days ago 1 reply      
I feel the people defending Linus are being a tad hypocritical. I feel as though because you like Linus or Linux, his behavior is effectively being excused.

A thought experiment would be to replace "Linus" with someone you don't particularly care for and see if you don't wince just a bit.

Zikes 3 days ago 0 replies      
I swear he must have some copy/paste responses for this by now. It seems like it pops up every couple of months, when someone shows up seemingly completely oblivious to the way Linus has behaved for the past what, two decades? And decides they want to be a part of the kernel team? How does that even happen? I only have a passing familiarity with Linus and his kernel development team and I fully know what I could expect if I decided to become a part of it.

Regardless, why would anyone think they can tell him what is or is not professional? I think once you've created something on the scale of Linux, you get to define that word for yourself. It reminds me of the line from Parks & Recreation: "Everything I do is the behavior of an award winner because I HAVE WON AN AWARD."

Don't screw with the formula folks. Linux is too damn important to screw up, and Linus obviously knows what the hell he's doing.

gadders 3 days ago 0 replies      
See, the danger with Linus, and to a similar extent Steve Jobs, is that you will now get a bunch of mediocre developers or managers believing that the best way to get stuff done is to act like an arsehole.

It worked for those two. There are probably a few other people in history it has worked for as well (Patton?). You are not them. If you treat people badly it will bite you in the arse.

xradionut 3 days ago 0 replies      
If you are a Linux kernel programmer/submitter, you should know the situation by now. You don't have to submit code to Linus as he has stated, you can go through an intermediary. Don't waste his time, that's the most valuable thing he has.

As far as professionals cursing, I reckon most of the individuals on HN have never been in the military. There's a fine art of stressing the importance of paying attention to details, which good noncoms and shipmates enforce through creative profanity and rich English. It stress the importance of the situation.

gnoway 3 days ago 0 replies      
I think we need to remember that the words and the intent of the words are two different things. If he's just given to rudeness and profanity, that in and of itself is not a big deal. There are plenty of very abrasive people who do good work and aren't trying to hurt anyone. If Linus was out to actually harm people - maybe he is, I don't know - that would be a problem IMO.

He's absolutely correct that everyone doesn't have to like and be able to work with everyone. All the people who continue to find ways to complain about his behavior just don't like him. OK. Fork the project.

See: OpenBSD and DragonflyBSD for domain examples of what to do when you have personality conflicts in an open source OS project.

flog 3 days ago 0 replies      
There's a big difference between tolerance and respect. The two have become blurred in modern society. Respect is the higher goal.
rfctr 3 days ago 0 replies      
I strongly believe now Linus' mother had an affair in Russia !

(Its only 100 or so kilometers to the border)

That kind of working environment: "I openly tell you when you do s--t but I do not hold grudge against you, it is for our mutual benefit" was common in Russian software companies around year 2000. This is largely a part of the culture.

It looks like a rudeness for an unprepared Western folks, but in fact it is not -- it is just unwillingness (or lack of proper training) to play games when one can do work instead.

I left Russia in 2003, and in the following years got adjusted my ways to be... nice.

I work from home in my pijamas too, so I wonder why Linus didn't catch that skill?..

JulianMorrison 3 days ago 1 reply      
Aren't they talking past each other?

Sarah says: quit being sexist, racist, and stuff.

Linus says: I'm a shouty dude and that's fine.

To which I say: surely these are non-overlapping concerns?

oellegaard 3 days ago 2 replies      
Ugh, mailing lists. I wonder why so smart people as Linus doesn't invent something thats slightly more comfortable to use. Maybe they just like to be left alone, without interference from mortals.
siscia 3 days ago 0 replies      
I agree completely with Linus, what he is saying is simple: people are different and they behave in different ways; you cannot force anybody to behave in a way that don't belong to him/her.

Then is raising the point: "How we manage a team of different people who need to interact each other ?"

It is not "if you don't like get out", it is more something like: "I know why you don't like, you don't like because you are expecting thing that you should not expect, so change your expectation."

Then him is using a very powerful language, maybe too powerful for a public mail list, but again is just the way Linus is, so get mad for it simply means to don't have understand a single word of his speech.

kapilkaisare 2 days ago 0 replies      
Regardless of the rectitude of either point of view, I consider it important to develop the resilience necessary to soak in difficult language. You can't decide - or always influence - how your peers or bosses talk to you. More importantly, you may miss the feedback the language comes with - feedback that might help you improve yourself.

I deal with a yelling boss by hearing him out and then, once the moment has passed, rerunning the event and mining it for real criticism, minus the emotional baggage it came with. If I find nothing, I disregard his gibber entirely; if I find something substantial, I make note of it and (in the days that follow) try to weed it out.

Worst case: I get nothing useful, in which case the boss was simply venting. Best case: I learn something about myself, and get better in the process.

kyberias 2 days ago 1 reply      
All I can say is, people should read the whole thread. I don't think the examples presented by Sarah are all that good. Yes, Linus uses strong words but they are not really ad hominem. He doesn't hate the people who made the errors, but he is angry since they "should have known better". He has a great point about email communication: that one really has to be more honest and open about feelings. And that obviously includes feelings of anger and frustration.

Start from here:


Update: bad -> good.

kraemate 3 days ago 0 replies      
As always, Linus is right. 99% commenters here probably work for businesses which are surviving only because of the Free and amazing kernel which he has managed to build.

Linus has explained his directness and lack of sugar coating several times. Sugar coating something, he believes, dilutes the importance of the message AND confuses his subordinates. "We can try avoiding X" is more ambiguous than "X is crap, you dumb morons". The latter statement is absolutely clear where Linus stands. Which is what communication is all about?

Plus, i reckon it is different in a "Proper Business" where employees are paid to do work directly under a manager. To avoid connotations of servitude and slavery, modern businesses decided that managers should be polite so that their subordinates feel that they aren't slaves. With Linux, no one is forcing you to commit "bullshit" patches.

RANT: I reckon a deeper problem is that a lot of kernel developers are now paid to work on it (as observed in this thread). So i reckon that in this case, the developer expects the same kind of feel-goody emails as her corporate manager keeps sending her.

jasallen 3 days ago 0 replies      
I actually agree with him on the term "professionalism", and I've come out against the term "maturity" for the same reasons.

That said, Linus is a jerk. He says things that are aimed to hurt people. It's one thing to 'not think about it', or to not 'play into the game'. But he goes well beyond that, saying things that are mean and vitriolic. He can get away with it, he's a genius coder, yeah, all true. He's still a jerk.

vacri 3 days ago 0 replies      
I think that there is something of a mismatch in taking the contents of a private email public to complain about them, then complaining about a lack of professionalism on the part of the other person.
dionidium 2 days ago 0 replies      
Robert Heinlein had something to say about this:

"Moving parts in rubbing contact require lubrication to avoid excessive wear. Honorifics and formal politeness provide lubrication where people rub together. Often the very young, the untravelled, the naive, the unsophisticated deplore these formalities as "empty," "meaningless," or "dishonest," and scorn to use them. No matter how "pure" their motives, they thereby throw sand into machinery that does not work too well at best."

mhd 3 days ago 0 replies      
I think that apart from Linux specific peculiarities (cf. 'git'), I guess that part of this might be due to European/American differences. My personal impression is that overseas work environments tend to be rather non-confrontational, with even raised voices often being seen as a persona attack, instead of a temporary "airing of grievances". In places I've worked in Europe (Germany/Ireland), this often was treated as the same reaction you have when you hit your finger with a hammer -- meant as a stress relief, not as attacking someone's core values and competences.

Anecdatal, sure, but I've heard people tell of similar experiences. And my US data points included blue collar workers in Jersey, not exactly the pinnacle of PC, I'd say.

agentultra 3 days ago 0 replies      
The one thing that annoys me about posts like this is the lack of context. We get one post from Linus trying to rationalize his outbursts. And we end up with a debate about whether we have the right to swear and call unsatisfactory commits, "stupid."

It's not about this LKML thread. The discussion is about justifying a certain set of behaviours that a certain group identifies with. Posts like this polarize the discussion. No one wins when there are only two options.

Personally I think losing your temper in public is a weakness. Swearing is a rude form of language. And I don't take people very seriously who are too quick to point out how stupid other people are (it's a sign of insecurity).

ilitirit 3 days ago 0 replies      
RE: Linus

There are/were other people in similar positions who did not act in that way to their peers. If people that thought that treating others with respect, or remaining emotionally neutral toward them was something worth mentioning, HN would be flooded with newsgroup posts and emails. Most of the time we really only talk about Linus because he's an asshole. Usually noone really cares about the technical merits of his arguments. I don't really think it belongs on TBH.

whiddershins 3 days ago 0 replies      
What matters is that Linus isn't attacking someone for WHO THEY ARE (identity). He is attacking them for WHAT THEY DID (actions). I think this is the gold standard for whether behavior is abusive.

Other than that,

This concept of "professional standards" of behavior is completely parochial. Try going to a constuction site. Or bootcamp. Or working on a pig farm. Standards of behavior vary dramatically between organizations, industries, and cultures.

HNJohnC 3 days ago 0 replies      
I think this is largely generational. People over 30 are not surprised at all to run into abrasive, hard nosed people at work, people under 30 in many cases have a very hard time with any amount of criticism or negativity and consider even tiny amounts "bullying".

It's become a well known issue in professional sports with coaching where old time successful coaches have had to completely change their style to deal with the latest generation of athletes who do not respond well at all to the traditional dictatorship that coaches used to run.

Now a lot of hand holding is reportedly required. I'm not judging but struggle to think of anything great that was ever built by a committee.

peterwwillis 3 days ago 0 replies      
This really stands out: "people resort to all kinds of really nasty things because they are forced to act out their normal urges in unnatural ways."

Stop considering emotional outbursts, negative attitudes, lack of compassion and childishness as "normal urges". Regardless of your opinion on professionalism, it's just fucked up to be rude to people.

gtt 3 days ago 0 replies      
He poses an interesting question: "How to worktogether DESPITE people being different" yet leaves it unanswered. It would be interesting to see the answers.
escapedmonkey 3 days ago 0 replies      
I have very few code projects that I really truly feel passionate about. In my opinion Linus' violent reactions stems the fact that he truly cares about his product. These violent outburst kinda proofs my point. A tech lead that cares about the product will of course get mad when other messes with their "baby". I myself at times have "lost-it" like that but only when I truly cared about the code. The stability of the Linux kernel is a direct result of this kind of passion. Like it or not the proof is in the pudding.
grannyg00se 2 days ago 0 replies      
Anytime one of these "Linus is too harsh" topics comes up, it always seems like he's completely reasonable and level headed. I'd like to see the whole thread here so we know why he accused her of playing the victim card.
throwwiffle 2 days ago 0 replies      
Since Linus is not actually impolite in this email, I'm just going to ignore that and comment on the main thing he talked about:

Calling things "professional" is just more of the same -trying to enforce some kind of convention on others by trying to claim that it's the only acceptable way.

Being professional is similar to being politically correct. Don't say anything impolite or you'll offend people, don't say anything 'unprofessional' or you'll get fired, don't say anything 'not politically correct' or (in some countries) you'll have the police knocking at your door. That is where it leads and that is why I support his argument.

Additionally, in my experience, the above behavior leads to behind-the-back sneaky and spiteful behavior. People who don't like something xyz is doing, so instead of risking confrontation by telling someone politely that it's annoying / won't work, they'll talk to the manager or get back at someone 3 weeks later.

dirktheman 3 days ago 0 replies      
Making a private conversation/quarrel public like this isn't exactly 'professional' either...
ksec 3 days ago 0 replies      
I think is it has more to do with Human Interaction, or working as Remote.

When I dont see your face, listen to you directly, It is rather hard to understand the importance of something. Especially when they are working on kernel, which is the most critical component.

Would Linus have said it loudly in front of hundreds of other Engineers? I would have properly called it verbal abuse. But in real life at least i can rise my voice and tone and shout without having to use a single abusive word.

quizotic 3 days ago 0 replies      
Amusing post! Linus makes a nice point about finding ways to work together without imposing expectations on each other. OTOH, Linus seems to expect that everyone has "names will never hurt me" world view. Most of us can be deeply hurt by the kind of verbal abuse Linus so freely supplies. And why should anyone work with someone who hurts them?

Isn't OP's appeal to "professional behavior" exactly the same as Linus' point? Professional behavior is the set of rules the world has evolved to find ways to work together when we're all different. Those rules work statistically well ... except for outliers like Linus.

I don't know much about Linus other than his brilliance and his verbal abuse... which reminds me of Bobby Fisher - breathtakingly beautiful chess mind and pathetic garbage heap of a person. I hope Linus is better than that, and suffers from nothing more than anger management and healthy rebelliousness

wging 3 days ago 0 replies      
Vornir 3 days ago 2 replies      
I know now what I could tell to a young nerd who's been bullied:

Don't worry, later you'll be able to do the same

I guess it's a great example for young peoples that you can get away with any despicable behaviors as long as you have done something worthwhile in your life. People are then able to rationalize that by saying it was "warranted" or "thought provoking" or any garbage they can find to justify it, because somehow that person is in their "tribe".

Yes it's more efficient to say "I don't like that because X, Y or Z, change that." than "I don't like that because X, Y or Z, CHANGE THAT PIECE OF SHIT". Otherwise, you're implying that without swear words, Linus wouldn't have any power over the kernel.

Ridiculous isn't it?

mkramlich 3 days ago 0 replies      
This is a brilliant piece of writing by Linus. Love it. Rarely seen his points expressed that well.
ferdo 3 days ago 0 replies      
Linus is a brilliant asshat.
inaudible 3 days ago 0 replies      
This is out of context, and while Linus is an entertaining and impassioned writer, it really shouldn't be discussed outside of the group who's job it is to read it, albeit on a public list.

I guess that Linus generally achieves results from a direct and terse tone, but that may also be the fastest way to get through his vast inbox. It's far from diplomatic bureaucracy and that's going to rub some people, but the parent was probably right on calling him out.

I just don't think this is the forum for this kind of gossip, why not leave it to lowest denominator tech journalism?

NTDF 2 days ago 0 replies      
Honestly, if Linus was my boss, I'd quit my job cursing him. He has a lot going for him. I understand why he needs to be like this and why it works, but in all seriousness, I'd much rather be like Eric Schmidt or Bill Joy.
Maven911 3 days ago 0 replies      
I think that most people who have no peoblem with profanity and unprofessional behaviour have not worked in a office where it regularly occurs. trust me its not a fun place to work.
puppetmaster3 2 days ago 0 replies      
I'm in the group that agree w/ Linus and disagree w/ user Columbo. Columbo may be a manager, but Linus is a leader.Leader of thousands of software developers, a leader that inspires. A manager is someone you can fire and you software company works better.
hoodoof 3 days ago 0 replies      
Each to his own. I wouldn't behave the way he does but I sure do respect that he stands up for what he thinks is right.
D9u 3 days ago 0 replies      
All I can think of is when Linus said told Nvidia "F... you!" and flipped the bird.


This isn't just an isolated incident either, but I'm no shining example of acting professionally.

tls 3 days ago 0 replies      
this did not need to be aired out infront of anyone - just like theo handles his business, let linus handle his how he wants. maybe theo rubbed off on him. maybe people like OP can go fuck themselves.
pivnicek 3 days ago 0 replies      
He's correct about the cultural aspects. Many cultures value directness in criticism. Why should an open source community be bound by an American ideal of "correct behaviour"?
antitrust 2 days ago 0 replies      
He reminds me a bit (in a good way) of Steve Jobs.
eeky 2 days ago 0 replies      
Linus is awesome. He gets things done. He calls out bullshit when he sees it. And he doesn't afraid of anything.
rogerchucker 3 days ago 0 replies      
Has he ever tasted his own medicine?
puppetmaster3 2 days ago 0 replies      
And sounds a lot like Steve Jobs.
oleganza 3 days ago 0 replies      
Linus makes a great point here. While I personally don't think I'd enjoy working with Linus, I have to agree with him. He can behave how he wants and it's my responsibility if I don't like it. Linus does not run after me with curses and I don't want to do that to him either.
enterx 3 days ago 0 replies      
argv & argc! :
puppetmaster3 2 days ago 0 replies      
A lot like Steve Jobs.
mortdeus 3 days ago 0 replies      
The only professionals in this business are the people who are coding while everybody else is typing words that dont compile.
professee 3 days ago 3 replies      
It figures a top voted comment on Hacker News is that Linus is wrong and we should all hold hands and sing camp songs.

There are tons of useful discussions that simply don't happen on HN because anybody with an actual strong opinion gets helbanned. For instance Google's Go language is lauded here because of fake politeness, but almost universally dismissed elsewhere.

This discussion has already achieved its real goal: to put "Linus Torvalds" and "Sarah" in the same sentence; this is the bullshit politics Linus talks about.

abdel 3 days ago 0 replies      
love it
Ask HN: I'm quadriplegic can you help me with my security?
469 points by escapologybb  2 days ago   168 comments top 56
giberson 2 days ago 3 replies      
Forgive the off the cuff suggestion here, it's the quickest and simplest thing I can think of though not an optimum way to use your laptop and you're probably hoping for a more elegant solution.

What if you install virtual box w/ some free OS (like ubuntu). Store all your personal information within the virtual machine which is configured with a secure login. Then you can leave the laptop unsecured so you can use your other apps to dictate the password to the ubuntu OS for login.

mikeash 2 days ago 1 reply      
How about bluetooth-based locking and unlocking, using an app like this?


It looks like it may work with any BT device, so even if you don't have a BT-enabled phone, you could get a cheap BT headset or something, and keep it on you.

I'd also like to say that it's great to see you doing so well with technology. I had a quadriplegic friend when I was little (he was an adult) who had a nice setup for the time, but his independence was limited to a few things like Clappers for lights, TV remotes, and such. I sometimes wonder just what crazy things he'd be getting up to if he was still around today with a setup like yours.

samwillis 2 days ago 4 replies      
Hi! I'm on the train with bad internet right now and so can't go looking but have you considered face recognition software using the laptops camera? There must be an app that takes a look at the webcam when a password challenge is presented.

Anyone know of anything?


Found one! https://www.keylemon.com/download-other-versions/

willvarfar 2 days ago 1 reply      
When I messed with army radios - these being the made-by-the-lowest-bidder-and-not-secret analogue variety - they were throat-operated. You spoke silently, and the microphone - pressed to your throat - sent speech over the radio.

It took practice to talk perfectly clearly, but it could be mastered.

Google "throat microphone".

bcoates 2 days ago 0 replies      
It should be possible to make an OSX app that disables the hardware keyboard and touchpad, that can be toggled by voice password.

The laptop only being accessible via voice recognition and one button should be enough to render the entire system unusable to casual snoops.

edit: Looks like you can disable/reenable the builtin keyboad/touchpad with terminal commands, so it'd just be a matter of scripting them to voice shortcuts: http://superuser.com/questions/214221/how-can-i-lock-the-mou...

ps: be sure to have a plan B to reboot your laptop while experimenting with this in case it locks out your controls somehow.

ealexhudson 2 days ago 0 replies      
Maybe use your current system with a rolling password, so that the previous password no longer works?

Obviously that would take a little feat of memory, or at least some kind of prompt, but you could memorize a poem or something and use that - it would prevent replay attacks.

Or, use an algorithmic password, perhaps one where you do a sum based on the time of day.

All these solutions require some level of coding sadly, but I would have thought it would be something a freelancer could knock up relatively cheaply.

cpleppert 2 days ago 0 replies      
>>But I can't password lock my whole laptop because OS X requires that password before it will load up any applications, and I can't put a password in without my apps.

Why not just have the mac autologin and then immediately go into screensaver mode?

At the very least set /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app to open on start

Thinking about solving this programmatically, it wouldn't be too hard to set up a secure locking replacement for a screensaver that would offer a challenge response system to unlock the system without using a password anyone who hears could repeat.

wissler 2 days ago 1 reply      
Here's a simple idea (lacking in specific implementation details, sorry):

- Figure out how to add a text filter between DragonDictate and your system.

- Program the filter to look for a special sequence, e.g. "cipher_mode"

- When in cipher mode, feed characters through a simple cipher. E.g. A -> C, B -> D, etc. No passerby is going to be able to figure out what you're doing.

- When the filter sees "cipher_mode" again then it stops filtering.

ig1 2 days ago 5 replies      
Maybe some kind of NFC device that you could wear so that the computer would lock/unlock when you were near it ?
camus 2 days ago 1 reply      
Since you are here , a few questions (not related to the current subject):you might be surfing on the web , given your condition , what are the annoying stuff you encounter that makes your surfing harder and that could be ,easily fixed if web developpers actually cared about accessibilty.

Do you have exemples of websites that use technology to facilitate surfing for disabled people , that could be shown as an exemple of good accessibility practice ?

thanks and take care.

luke_s 2 days ago 0 replies      
Your adversary is extremely simple. You haven't mentioned in your post if you are open to or able to do any custom coding.

I would suggest writing/getting an app written that runs in fullscreen and looks exactly like an OSX login screen. Bonus points if it can disable multi-tasking shortcuts such as the 3 finger swipe up. The app can be hardcoded to only accept one password - yours. Since the app is running with OSX logged on you can use your usual tools to enter the password.

It goes without saying that this won't fool anyone determined - you can just reboot the laptop to make the app go away. However it should be enough to stop casual passers-by.

3amOpsGuy 2 days ago 0 replies      
Would something like Keycard[1] work for locking the screen when you're not nearby?

I wonder if it could be set to lock at boot unless your phone (or BT headphones or whatever) is nearby.

I doubt this can be all that secure since it can be downloaded from the App Store, I'm pretty sure that means it can be force quit (it could not prevent this key combo since its restricted in the sandbox). It may be just enough.

[1] http://www.appuous.com/products/mac/keycard.html

Helgosam 2 days ago 1 reply      
As Tyler E suggested:

"Wonder if he could somehow get his one-button clicker to translate morse code into ascii."

Use the Arduino Leonardo to send native keyboard key strokes into the USB port of the Mac - it's robust and works every time - plug and play (once it's been programmed).

The Leonardo could be programmed to listen out for a specific pattern of switching and then send the entire password down the USB cable, or alternatively it could have some simple or complex feedback (lights / tones / onscreen keyboard display on a second mini screen) to allow individual characters/keystrokes to be sent down the USB cable from the Arduino.

I've been making stuff like this in the UK for the charity Scope, and their users - often people who have cerebral palsy. I could potentially make you something and post it over - if you are interested drop me a line.

DanBC 2 days ago 2 replies      
Yubikey would work if you could mount it so that you can touch the touch-pad with your nose. I don't know if that's acceptable to you?
s_q_b 2 days ago 0 replies      
Okay, sounds like an interesting challenge. Let's describe the problem and examine possible solutions.

Goals:1. Securely login to websites.2. Securely unlock a Macbook Pro.

Solutions to (1):A. (1) Can be solved with a password memorization app, once we solve (2).

So let's examine 2.

Solutions to (2):

Seems like there are two parts to this problem: authentication and OS X integration.

OS X has a login API that can be used to build extensions, or since the adversary is unsophisticated we could use an input blocking regular application.

Okay, so the integration piece is possible, and we can flesh that out later. So let's look at authentication.

A. Use Physical Authentication: Bluetooth, RFID, and Wifi devices come to mind. All of these require purchasing additional hardware. Buying new hardware seems inelegant though, so let's table this option for now.

B. Biometrics: Voice print ID or facial recognition. More promising, but false negative rate is too high, especially for accessibility purposes. Really don't like the idea of a temperamental biometrics program keeping you out of your computer.

C. Speech Recognition: Get voice recognition working on the log in screen. Apple has APIs for dictation and log in. This one seems promising. But then you might need a rotating set of passwords or an algorithmic password,, as others suggested, to keep passers-by from overhearing your password.

One more thought. Is there a way to set up Dragon Dictate as a native input device? If so, Mac lets you access the input device switcher from the log in menu.

ricardobeat 2 days ago 1 reply      
If you are using AbleNet's "Hitch" switch interface, by their description it should be able to emulate keyboard input without the SwitchXS software being loaded, but a manual doesn't seem to be publicly available.

This product called "Swifty" (http://www.orin.com/access/swifty/) also takes a switch as input, and can emulate a standard usb keyboard. With VoiceOver enabled in the login screen (Settings->Users->Login Options) this should allow one to login without using the keyboard.

Hope this helps.

nathan_f77 2 days ago 1 reply      
I would love to help build something if you can't find a solution. Maybe you could lock or unlock your laptop via facial recognition [1], or you could add an accelerometer that automatically locks the laptop if someone picks it up. Or just physically lock the laptop to your chair.

Or you could plug an Arduino into the USB port and use it as a keyboard device to send a stream of keypresses when you touch a button (just like a yubikey, except you could put the button anywhere.) The first button press could type in a password to unlock the computer, and the second button press could press a keyboard shortcut to lock it again. Or you could program it to recognize a simple morse code sequence. Let me know if you're interested in that idea, and I would be happy to program one and mail it to you.

[1]: https://www.macupdate.com/app/mac/36762/keylemon

lifeisstillgood 2 days ago 1 reply      
Just a thought but would a inverse keylogger work?

I would guess something like this- an arduino hooked up to something you can operate (BigBuddy?). This could then ask you for your PIN code (2 taps, 3 taps, 2 taps)

Once arduino is happy it will quirt a pre-stored key sequence into the USB port, acting as a keyboard, and unlock what you need.

I have no idea if it is really viable but its the best I have.

fnordfnordfnord 2 days ago 2 replies      
Hi, do you have any movement or dexterity in your fingers at all? If so, please offer details of this or any other control you have that might be exploited. I have a colleague who once-upon-a-time built a system of low-force buttons and other goodies that enabled a quadriplegic person to work a telephone very effectively, as in they were subsequently employed to do some kind of work over the telephone. Would something like that be of use?

I think you might also be able to make use of a kinect or Andriod/iPhone and some eye-tracking.

Also, do you know of these guys? It's where my colleague worked about twenty years ago. http://www.tirrfoundation.org/

anonymous 2 days ago 1 reply      
I used to work with quads.I would use Sikuli.org (python script) automate most things.

Read this post about new treatments in China.Spinal Cord injury therapies and medical situation in ChinaMajor spinal surgeries in China. Advances in repair of cord.http://nextbigfuture.com/2013/07/spinal-cord-injury-therapie...

quadstick 2 days ago 0 replies      
http://quadstick.com is developing a mouth operated programmable joystick/mouse/keyboard. A sequential combination of up to eight input signals (specific joystick movements and/or a sequence of hard or soft sip & puffs on four different tubes) can trigger the sending of up to six preprogrammed keyboard keys, or it can just recognize characters traced out on the joystick and send them one at a time.
yk 2 days ago 0 replies      
Perhaps voice identification could help. There seem to be quite a few solutions [1]. Unfortunately I do not have any intuition how good they are, but probably they can be broken with a simple recording of your voice ( or a recording of a passphrase). So before you trust these, you should probably play a bit with an mp3 player.


laumars 2 days ago 0 replies      
A simple solution might be to "double lock" your system. In addition to your password manager, use face recognition (via the laptop webcam). I know such a system can be easily spoofed, but it will stop the casual opportunists you described in your brief, and without requiring too much effort on your part to unlock (and I can only imagine how long-winded many of the otherwise simple tasks might be given your unfortunate position).
pbrumm 2 days ago 0 replies      
Maybe you could use a usb device that is physically attached to the chair, then a thin usb ribbon cable that plugs into the computer, but pulls out quickly. that way if the computer is taken it would auto lock the machine when the ribbon is removed.

It would take work to get setup again, which may make the NFC setups better.

you should also follow the leap motion device. https://www.leapmotion.com it could enable some facial recognition apps, or new approaches for data entry that are not just voice control.

Also, something like this may make it less desirable to steal, and be another way to mount it to your chair.https://www.stoptheft.com/products/stoplock

snom380 2 days ago 1 reply      
Does DragonDictate still work if you switch users? If so, you could encrypt your home directory, add a second user, and set OSX to auto-login to that user (and auto-launch DragonDictate).

If not, I think your best bet is a Bluetooth solution or some hardware token. For instance, an Arduino or Teensy ($20) programmed with your login/master password, and with a small microphone connected would be able to respond to certain voice commands and act as a regular USB keyboard, typing in your pass phrase.

You could also have some software on the Mac to automatically lock the screen or shutdown the computer if the Arduino is removed.

peacetara 2 days ago 0 replies      
You have a button you can push (#3 in your list above). So this means you are well on your way. You would need to create(or have created for you) a password app, that would open on startup, and prompt you for your password. Of course entering a password using a keyboard isn't so great, but since you have a button, you can ask for a certain set of button pushes, in a certain order. (Whatever works well for you).

i.e. you spell 'cat' in morse code with your one button. Or whatever. The important thing is that it's something YOU can do, and is likely not anymore easily guessed/caught than someone shoulder surfing someone typing the password on the keyboard.

That said.. I want to point out, you mention this is because you are worried about your PA's that are helping you with things maybe taking liberties you don't want them to. If you don't trust your PA's I think you should work on getting their trust (and vice versa), or look into replacing them with people you trust. If you need help with advocacy around this, reach out to your local Independent Living Center.

Good Luck!

dobbsbob 2 days ago 0 replies      
Was this posted by Hal Finney? He's unfortunately a quadriplegic now but still programs.
asselinpaul 2 days ago 1 reply      
When you talked about the yubikey, it's actually not too hard to built a two factor token yourself. Using an arduino, you could wire it in a way that would be convenient for you to operate.



X4 1 day ago 0 replies      

a) How about buying an external Fingerprint reader that's close to your thumb or wearable?There are tools that automatically find windows with input fields.

b) OR, instead of dictating a password, you could hire someone to write software that extracts a fingerprint from your VOICE's characteristics. You would have to train it to diferent types of voices you have (morning voice/tired voice/hoarse voice etc.)

Every person's voice has characteristics that make it unique and cannot be reproduced by another human. Only a computer could do that and that would require a lot of effort to break the unknown algorithm used in your computer first

c) use existing software like this: http://demo.authentify.com/biometric/ or similar. I just googled for voice authentication/fingerprint.

escapologybb 2 days ago 0 replies      
Wow, I went to bed not expecting much of a response but you guys have come up with some excellent solutions, I'm getting round to specific answers as quickly as I can!

I'm clearly missing something obvious, but I can't for the life of me figure out how to edit and update my original question; can someone put me out of my misery? :-)

im3w1l 2 days ago 2 replies      
Questions on the threat model:

-Is the computer turned off or on?

-Do you want toa) protect your computer from being stolen?b) protect your weird fetish from being discovered?c) protect your online banking credentials?

noivad 2 days ago 1 reply      
There are bluetooth screen lock utilities that allow one to auto-lock and unlock the machine based on the signal strength of whatever Bluetooth device you pair it with. I would look into the hands-free Bluetooth speakers (meant for auto use) with a Wheelchair power to USB convertor (most likely the easiest would be via an auto 12V DC adapter). That way you can have a mic/speaker mounted on the wheel chair to control the machine as well (if you dont have a wireless mic already). Any Bluetooth device capable of being paired will work though. This will prevent someone going through your laptop while you are away. I actually have one I use on occasion at coffee shops called Bluetooth Screen Lock available on the App Store, but there are other free and low cost apps that do the same thing available. The on I use allows me to set the sensitivity so that it will lock after being about 6 feet or more away, and unlock when I am within that distance. I can also set it to lock at the maximum BT signal range as well.
mkhalil 2 days ago 0 replies      
Face recognition is the best answer I can come up with to unlock the computer. Setup a usb-wrist band that when you computer gets pulled away from will auto lock.
gabriel34 2 days ago 0 replies      
Unlocking a computer programatically is hard and should be so. Locking on the other hand isn't. Perhaps you could lock upon fail to NFC authenticate every x seconds.That only answers part of the question, since the attacker would still have x seconds to snoop around every time he logged in, but would be such a nuisance that he probably would give up.
nicwise 2 days ago 0 replies      
I'm out of my depth in more than one way here.

How about rigging a bite switch to the ubikey (either directly or via something like a raspberry pi / beagle bone). That's assuming that the only issue with the ubikey is you pressing the button.

Maybe (if it has an rpi) it needs a sequence. Bite. Pause. Bite bite. Pause. Bite. Etc.

I suspect you'd need someone to build it for you but I doubt there is a shortage of capable or willing people here. Sadly, my electronics skills are not up to it :(

I'm always impressed by people with accessibility issues using technology (or whatever is the correct term - sorry if that's at all offensive :( ). I've managed to make one of my apps a lot more useful to blind/partial sighted people after talking to a guy who can't see. It took me about 30 mins, and made the world of difference to him.

fsck0ff 2 days ago 1 reply      
Well I guess you could use something like that:http://notimpossiblelabs.com/eyewriterwith some software modification (pure speculation as I haven't even checked the code) you could use eye movement and blinking to simulate mouse input and with on screen keyboard you should be able to write your password somewhat securelyhttp://www.ted.com/talks/mick_ebeling_the_invention_that_unl...

also shouldn't be expensive to build...[edit] link to the github repothe software can be found here https://github.com/eyewriter/

gaetan 2 days ago 0 replies      
I dont know much about Apple computers but on a Windows PC I wouldnt use startup password to avoid friction when starting the PC.For login in a website, I would use an application like Keepass. For my private data, I would create a virtual encrypted disk with Truecrypt.If you leave your PC alone or take a nap, just close Keepass and Truecrypt and your data are secured. And to enter the password when you start Keepass and Truecrypt, I would create a few pages text file on my desktop and just copy/paste a combination of 2 or 3 words so I wouldnt need to speak my password loud.
johlindenbaum 2 days ago 0 replies      
There's an application that lets you lock individual applications, but which should allow you to unlock it with dictation, as the rest of the OS is still working. Mac App Blocker (http://knewsense.com/macappblocker/)

There's also QuickLock which was/is a workaround to lock OS X quickly without using the screen saver + immediate password requirement. http://www.quicklockapp.com/

Note: I haven't used either, I'm just googling and looking at videos.

gcr 2 days ago 0 replies      
Would some sort of active face verification be close to what you're looking for? Your webcam would always run, then when it sees you, it unlocks; when it no longer sees you, it would lock.
gmrple 2 days ago 0 replies      
If you're interested in a custom hardware solution, the folks at hackaday.com may be helpful.
photorized 2 days ago 0 replies      
Don't know if this has been discussed already - have you considered a proximity-based sensor, where your device is locked when it's away from you?
voltagex_ 2 days ago 0 replies      
It may be possible to enter Morse code using the single button switch. I knew someone who used one of these for a while, but not for password entry.
bauer 2 days ago 0 replies      
The next Kinect is supposed to be able to detect eye movement. I don't think it would be too hard to implement something that would prompt for a sequence of eye movements after pressing the single button switched described by OP. I don't know if this would take care of both use cases, but I think it would take care of the first.
wehadfun 1 day ago 0 replies      
Could you re-route the keys to random unicode values so that if someone types 'a' they get '%' instead. That way if someone took a few pecks they would hopefully get frustrated
gillis 2 days ago 0 replies      
How about some way of voice recognition? Maybe through a raspberry pi with a mic connected to it. There are surely some pre-made algorithms / scripts for this sort of thing. So once the voice recognition is passed and validated the password would be entered via the raspberry pi.

Just my two cents!

trekky1700 2 days ago 1 reply      
There's a program out there that can use a webcam to detect where you're looking on a screen. It performs a "click" if you hover over a button for a few seconds. Mix that with an on screen keyboard and that might work. I don't know if those options work with OSX though.
maerF0x0 2 days ago 0 replies      
someone could build a login sequence that uses yes/no questions that only you know the answer to. Then it would just be a matter of how many bits of protection you want. eg: 32 questions would be something like 32 bits of entropy. Kind of laborious but also fairly secure because the order and selection of questions could be randomized, so someone would have to shoulder surf many questions in order to break in.

eg: Is this your mom? (with a picture). Is this your favorite color (a color showing). Is this your phone number? Is this your house? Do you like cheese? Do you like candy crush (ok, no entropy there, the answer is always "yes") .

now, does someone want to make this product?

itswitch 2 days ago 0 replies      
If you could have a seperate, physical voice to text converter, it would act as a physical keyboard and type in your password, etc.
quasistoic 2 days ago 0 replies      
If I understand correctly, you use neither the traditional keyboard nor the trackpad. Can you disable both, or at least configure them to be very difficult for the casual passerby to use? As an example, any non-traditional keyboard layout that doesn't match the labels on the keys is likely to confuse and annoy the average user to thr point that they give up very quickly.
deodar 2 days ago 1 reply      
You can set LastPass to prompt for the password every time you need to login to a password[1]. This presumably disables password caching in the plugin. Would that solve the your first problem?

[1] https://helpdesk.lastpass.com/account-settings/security/

obk1352 2 days ago 0 replies      
have you thought about using your single switch with an onscreen keyboard? I am not sure if OSX will let you automatically show an onscreen keyboard for the login screen (not sure why they wouldn't), but this would be as secure as you typing in the password via a real keyboard, and you wouldn't have to deal with all the other things that can go wrong.Also, have you tried to use a Quadjoy mouse http://www.quadjoy.com/ this gives you full mouse use, and gets you out of jams when Dragon decides to stop working and your PCA isn't immediately available.
boojumz 2 days ago 1 reply      
couldn't you just completely disable the keyboard?
tater 2 days ago 0 replies      
Using multiple keychains would also help.
UnclePeepingSam 2 days ago 1 reply      
In your case, would you like to wear a brainwave sensor, so to manipulate your laptop directly ?
ngoertz 2 days ago 2 replies      
We have patented something called PassRules which does not disclose your secret during normal use. It's the perfect solution for you but unfortunately we don't have a version for Mac -- only Windows. But if there's sufficient interest we might just develop one. Check us out at www.itsmesecurity.com
nawitus 2 days ago 2 replies      
If you're not using whole disk encryption (or even partial encryption), then it doesn't really matter if you use a login password or not. The attacker can just clone the hard drive to gain access to your files.
EFF sues the NSA Over Illegal Surveillance eff.org
464 points by grey-area  2 days ago   36 comments top 12
rayiner 2 days ago 8 replies      
They're playing this smart. Among the plaintiffs are three religious groups and three gun-related organizations.

The standing issue is going to be a little challenging for Count I (1st amendment). The EFF's argument is basically that these organizations' expression has been chilled by the general knowledge that their communications are being collected. Laird v. Tatum seems like challenging precedent to overcome: http://en.wikipedia.org/wiki/Laird_v._Tatum Court held that the fear that the army might cause some harm in the future with information collected pursuant to surveillance was an insufficiently concrete injury to support standing).

The Due Process claim is iffy because it does not seem that any plaintiff has actually been prosecuted pursuant to a vague legal interpretation. If some poor sap got prosecuted in a case involving that legal interpretation, that would be a much better basis for a lawsuit.

I hope they make some progress with this, but I'm not optimistic because of the standing issues.

As an aside:

I personally don't think litigation is the best way to approach privacy issues. I strongly recommend watching this documentary on Prohibition: http://movies.netflix.com/WiMovie/Ken_Burns_Prohibition/7019.... Carefully pay attention to the section describing the Anti-Saloon league, and specifically this guy: http://en.wikipedia.org/wiki/Wayne_Wheeler.

When you think about it, the 18th amendment is a marvel. Prior to the 18th amendment, the federal government derived 30-40% of its revenues from liquor taxes. The beer barons had paid off plenty of political types. The nation was full of Irish and German immigrants who loved to drink. Yet, in 1919, the Anti-Saloon league and associated lobbyists got the 18th amendment passed to ban liquor. It was an incredible political maneuver.

They didn't accomplish this via litigation. They accomplished it via single-minded politics: Wayne Wheeler would lend the League's support to anyone who was in favor of Prohibition, regardless of their stances on other issues. He drew on the Protestant community, anti-Catholic sentiment, and the womens' vote (the suffrage movement in the U.S. was heavily driven by the desire of womens' groups to ban alcohol). They had a singular, clear, if ambitious, end-goal: the banning of alcohol.

If people are interested in electronic privacy, I think there is a lot to be learned from the success and methods of the Anti-Saloon league.

mythz 2 days ago 1 reply      
Happy to see the EFF leading this initiative for change, one of the few companies I would trust to do all they can and not to be commercially influenced or leveraged into accommodating the wishes of the NSA/US Govt.

I've always thought the EFF was driven by tin-foiled paranoia, but recent events are now showing that our worst big-brother fears that were initially inconceivable, are now from the limited info we're allowed to know, closer to reality.

The secret courts where "justice" and misinterpretations of the constitution are decided behind closed doors and suppressed, puts in-place about the most corrupt framework I can think of.

This is not the country I want to participate in, so I'm doing my bit and have just shown my support by donating to their cause: https://supporters.eff.org/donate

philfreo 2 days ago 1 reply      
The EFF is doing some great work... here's a reminder to setup a monthly donation, even if small, to help them keep it up.


Osiris 2 days ago 1 reply      
I'm curious how this will turn out. It's obvious that the State will try to assert state secrets, but we've already seen another court say that now that the information is public, they can no longer assert that privilege.

When Snowden first came out, I was skeptical that the information leaked would actually cause any real change to occur within governmental institutions. If lawsuits like this continue to pop up, we may begin to see the courts restraining the executive in a significant way.

A big problem here is that people in the executive firmly believe that these programs deter terrorism in the same way they believed that torture would provide actionable intelligence. They need to stop and re-evaluate whether other tactics may be as or more effective than blanket surveillance.

jlgaddis 2 days ago 0 replies      
I have never been disappointed to see how my contributions to the EFF are being spent. I have just renewed my membership for the second time in less than a month and am thankful that I am fortunate enough to do so.

I understand that not everyone who wants to contribute is able to do so, financially. If that's you, please review the EFF's list of "Ways You Can Help EFF" (without spending a dime): https://www.eff.org/helpout

beedogs 2 days ago 0 replies      
I'm sure the EFF will now be branded a terrorist organization by people who don't deserve to call themselves Americans.
coldcode 2 days ago 1 reply      
I wonder how much better this would be for an NSL receiver to publicly challenge it; at least they would have standing to contest the whole idea of a secret request.
vijayboyapati 2 days ago 2 replies      
The state as an institution is the final arbiter in judgments against itself. So it often surprises me that folks think they can achieve any kind of success against the state by litigating in this way. The grade school civics class that Americans are taught as children that there are separate branches of government competing with each other and keeping each other in check is an incredible caricature of what actually happens. These "branches" of government are all part of the same institution - the state - and the only competing they do is which of them can arrogate as much power to themselves as possible at the expense of the population, not at the expense of each other.
busticated 2 days ago 0 replies      
I know this isn't exactly adding to the discourse but... YAY! Thanks EFF.
Mustafabei 2 days ago 1 reply      
Guys, pardon my ignorance as I do not have extensive knowledge on US law, I could not see EFF among the plaintiffs. Are they referred to under another name?
crockstar 2 days ago 0 replies      
I'd personally be surprised if a court even agreed to hear this.
White Coke wikipedia.org
463 points by annapowellsmith  2 days ago   236 comments top 27
chewxy 2 days ago 5 replies      
You can make your own white/clear Coca Cola too! I play with my food a lot and have experimented with this.

All you need is an old/used Brita filter and a beverage carbonator (or if you're like me, you have some sort of multigas siphon).

1. Pour Coke into Brita jug (with filter in place)2. Retrieve colourless solution, and then recarbonate.

It tastes like Coke but is colourless. I had also messed with other variants that require fancier filtration (special carbon filters for example) and centrifuging, but the Brita filter has pretty good results.

davidw 2 days ago 3 replies      
This anecdote is mentioned in this book: ( http://www.amazon.com/dp/B002STNBRK/?tag=dedasys-20 ) which is an interesting look at world history via popular drinks: beer, wine, distilled alcohol, tea, coffee and coca cola. None of it is probably all that new in terms of the history portions, but it's an interesting and novel way of looking at things and makes for pleasant reading.
snowwrestler 2 days ago 2 replies      
"One, Two, Three" is an hilarious comedy about the establishment of Coca Cola bottling plants in Europe--specifically in Western Germany, where of course hijinks ensue with East Germans.

The daughter of the Coke CEO visits, falls in love with, and marries a young "true believer" East German communist. When the CEO comes for a visit, they have to turn the communist into a proper American capitalist in 2 days.

hkmurakami 2 days ago 4 replies      
Totally expected to see an article about a white form of carbon (which would have been fascinating!) but this is a decent second option!


jhull 2 days ago 2 replies      
I bet it's these types of missions that Presidents really love. It's not the obvious stuff that is asked of (one of) the most powerful people in the world, like declaring war or making executive orders or living in the White house. It's the slightly quirkier stuff, like brokering a clear version of Coke. I bet Truman loved this. It's like working at a company doing the same thing everyday, but being most excited for this little side project you have going on.
kayoone 2 days ago 1 reply      
Ignoring the special circumstances its funny how drinking vodka in public was more acceptable than coke. Gotta love the russians...
roel_v 2 days ago 3 replies      
Is this just an interesting tidbit about the history of a popular drink, or a subtle anecdote about how under socialism all animals are equal, some just more than others?
lifeisstillgood 2 days ago 0 replies      
Near perfect HN fodder - intellectual curiosity satisfied, just enough food-tech for a perfect top comment and a little bit of politics to garnish

My hat is tipped to annapowellsmith and of course all Wikipedians.

jlgreco 2 days ago 5 replies      
The article doesn't seem quite clear on this: did they simply remove the coloring, or did they add something to the drink that would break down/bind to the coloring molecules and render them colorless? I'm not really sure why you would need a chemist to do the first.
weavie 2 days ago 0 replies      
Only in Russia do you disguise your coke as vodka to look respectable.
philwelch 2 days ago 2 replies      
Zhukov wasn't the only communist with a taste for Coca-Cola: http://m.taringa.net/post/info/El_Che_y_la_Coca_cola-4575995...

(Disclaimer: I speak zero Spanish so I have no idea what that article says. I just like the photo.)

scotty79 2 days ago 0 replies      
Funny how the wiki mentions all the names of stupid politicians/soldiers, Managers down to a "technical supervisor" but it credits the guy that actually made white coke as "a chemist".

F##k historians.

Trufa 2 days ago 1 reply      
While this is pretty interesting/amusing I don't see how it has anything to do with HN, maybe http://www.reddit.com/r/todayilearned/
moomin 2 days ago 0 replies      
White Coke: Made for Reds.
t0 2 days ago 4 replies      
Is there any actual evidence this actually existed, such as a picture?
swamp40 1 day ago 0 replies      
I've never seen a Hacker News thread get so off track...
squozzer 2 days ago 0 replies      
Hey, what can one say? Amerika uber alles in the consumer product department.

In other news, McDonald's is setting up shop in Vietnam. Now we can REALLY declare victory and go home.

sp332 1 day ago 0 replies      
Old joke: During the Cold War, the Russians paint the moon red. An American general immediately sends up a team with white paint... to add a Coca-Cola logo.
justincormack 2 days ago 0 replies      
Mark Pendergast's book For God, Country, and Coca-Cola linked in the references covers this and more and is a good read. It also has the recipe for Coke in the back and the story of how he found it.
billpg 2 days ago 3 replies      
Vodka is white? I thought it was transparent.

(I've only ever seen the drink on TV, so I really don't know.)

lucastheisen 2 days ago 0 replies      
I love how it was more acceptable for your general to be drinking vodka by the glass full than it would have been to drink the "American Imperialist" drink.
ck2 2 days ago 3 replies      
Because mixing in a little milk to make it look like coffee would have been too efficient and inexpensive.
grumpusbumpus 2 days ago 0 replies      
I am baffled and amused that this is a top story on HN.
sodafountan 1 day ago 0 replies      
God if you had an original unopened bottle of that it would be worth a fortune.
pud 2 days ago 8 replies      
Pepsi made a clear cola in the early 90's called Crystal Pepsi:


Here's an old pic of me drinking it. (and eating a turkey leg).


cehlen 1 day ago 0 replies      
This is why I love Hacker News!
Yahoo wins motion to declassify court documents in PRISM case cnet.com
462 points by falk  3 days ago   86 comments top 15
pvnick 3 days ago 7 replies      
I'm switching back to Firefox and exploring Yahoo equivalents to google products? Hell must be getting pretty cold right about now.
tomelders 3 days ago 3 replies      
It's good, but it's not US Constitution good. None of the companies involved should obey the law in this matter, and they should adhere to their moral responsibilities and reveal everything they know.

Plus, I doubt locking up the CEO's of the worlds largest tech companies would work out well for any government.

locusm 3 days ago 2 replies      
At least they stopped getting Chinese dissidents locked uphttp://en.wikipedia.org/wiki/Criticism_of_Yahoo!
rfctr 3 days ago 1 reply      
> "The Government shall conduct a declassification review of this Court's Memorandum Opinion of [Yahoo's case] and the legal briefs submitted by the parties to this Court," the ruling read.

What I don't get here: it was told many times that FISA court only hears one side, namely government. Here though Yahoo seems to be named a party in the Court. Has rules change? o_O

Groxx 3 days ago 1 reply      

>Yahoo has previously denied the allegations regarding participation in the program, calling them "categorically false."

That's what they say, but doesn't this just show that while they fought it, they did participate because they lost the fight?[1]

I'm not aiming to say "liar, liar, pants on fire" since they were probably required to say that (if my reading is accurate). I'm just wondering if they were required to say that, as this is nearly evidence of it, which would cast even more doubt on the other companies' denials.

[1] https://www.eff.org/deeplinks/2013/07/yahoo-fight-for-users-... (thanks, cmwelsh!) in particular this quote:

>Ultimately, the Court of Review ruled against Yahoo, upholding the constitutionality of the Protect America Act and ordering Yahoo to turn over the user data the government requested.

Though they can't say what was turned over.

count 3 days ago 0 replies      
Hmm, it doesn't say they get to declassify, only that the classification must be reviewed, and then the document published with any properly classified information redacted.

Expect a letter of all black lines.

yaix 2 days ago 0 replies      
I'd love to switch to ymail, if it didn't suck so bad. I just read, that Y! will be /reassigning/ email adresses that have not been used (no login) for a year.
motters 3 days ago 1 reply      
The leaked slide says that Yahoo was assimilated into PRISM on 3/12/2008. I assume that must be some time after the secret court decision.
brymaster 2 days ago 2 replies      
Wow. First they lie and deny, now this.

What does this mean for Google and the others participating in the program? I'd love to read some explanations from Page, Yonatan Zunger, Matt Cutts and friends. These guys were swearing up and down that Google had no involvement.

mindslight 3 days ago 2 replies      
So wait, if PRISM is merely the process by which NSA et al request data on individual suspects which are then reviewed and fulfilled with human involvement (as the denials by Google etc purport)... why did Yahoo see fit to challenge their involvement?
perlpimp 3 days ago 0 replies      
.. "redacts any properly classified information" ..

Who gets to decide what is property classified information? They can redact the document in such a way that it carry only vacuous material and thus passively aggressively refuse even if they are compelled.

Mordor 3 days ago 0 replies      
This proves nothing, since PRISM likely isn't the only program run by the NSA.
_pmf_ 3 days ago 0 replies      
So brave.
michaelxia 3 days ago 1 reply      

yahoo, the internet giant whose products gather data from evuhreybaddy, is on our side!

now all our problems are solved and we can sleep at night

oh wait...

How Microsoft handed the NSA access to encrypted messages guardian.co.uk
447 points by shakes  7 days ago   156 comments top 30
pvnick 7 days ago 9 replies      
Microsoft's June 7th statement:

"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we dont participate in it."

One down, several to go. If I were Google/Facebook/Yahoo executives I would be very worried right now as to what soon-to-be-released revelations say about their NSA cooperation. Sure, they may have only done that which was compelled by FISC order, but that won't preclude them from being perceived as culpable.

brown9-2 7 days ago 11 replies      
To play devil's advocate here, what else would people have Microsoft do? Is there a scenario in which they can successfully resist enabling surveillance features in their products while operating in the US?

CALEA applies to telecommunications providers, which is a label that would seem to clearly apply to Skype. http://en.wikipedia.org/wiki/Calea

Are major companies based or operating in the US allowed to provide secure email and/or data storage without options for lawful surveillance from law enforcement?

If people do not like these policies and the cooperation from the companies operating them, I think the proper place to direct your anger is at the laws that require them to cooperate.

losvedir 7 days ago 2 replies      
I must be in the minority here, but I'm no more concerned now than before reading this, and I'm still not super concerned if it works the way I think it does. It doesn't answer the main question of HOW MANY USERS are being watched like this.

We already knew from Prism that Microsoft is providing data to the NSA, and we already knew that it included real time video, emails, messages, etc. So this is more of a behind-the-scenes of how it's done, but if you stopped to consider before what Prism meant then it sort of implies everything here.

BUT, I still don't know whether this tapping of Skype calls, providing of decrypted messages, etc, applies only to a few specific people who the government has warrants for, or for all of Microsoft's users. I still think it's the former based on that Prism slide that said it cost $10M/yr, which is clearly not enough to handle ALL of Microsoft's and Google's and Apple's data.

If anything, I applaud Prism in that it's just a more efficient way of doing what the NSA is already cleared to do.

I'm MORE concerned about the warrantless Verizon metadata tracking for millions of subscribers, Clapper's lies before Congress about said data, the DoJ classifying the FISC's rulings that something or other is unconstitutional, the inability of companies to discuss NSLs.

But this release is just clarification on what we already knew, and we still don't know whether PRISM is oh-my-god-the-government-is-tapped-into-everything or just a convenient front-end on the government's warrant-obtained data (which is a good thing, AFAICT).

mythz 7 days ago 2 replies      
Marketing: "Your privacy is our priority."


"Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats"

"For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

"analysts will no longer have to make a special request to SSO", "this new capability will result in a much more complete and timely collection response". "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

"One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture',"

znowi 7 days ago 2 replies      
Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio

This is pretty scary. When you talk about emails, it's sort of "impersonal". But collecting audio and video data from your casual chats on Skype is a fucking break in.

redthrowaway 7 days ago 0 replies      
>In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

>The articles describe court-ordered surveillance and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

>They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."

Does anyone else get the impression that this is an attempt by the government to limit commercial damage to these companies that may result from the revelations and subsequent exodus of customers? I imagine that, while they're certainly lobbying for increased transparency, tech companies are putting a great deal of pressure on the government to take the blame for the programs and emphasize that the companies had no choice.

acqq 7 days ago 2 replies      
Allow me to be surprised this time, I don't see much new here, compared to what we already saw about Prism (all the slides). Maybe the only thing newsworthy this time is that additional documents confirm that Prism exist?

I applaud this article of course, as it gives less chance for unnatural interpretations of the slides that we saw by pro-status-quo writers ("it's not really a direct access") -- now we have additional confirmations it's a "query API" access and a "start real time monitoring" access.

Unrelated, I'm impressed with the absolutely perfect timing for an article on the day when Microsoft presents the new reorg. Heh.

My question remains can anybody recognize something otherwise new here?

acqq 7 days ago 0 replies      
A perfect lesson on how to write "denials" that are accurate but aren't what most of the public can understand:


"It has been suggested that as a result of recent architecture changes Skype now monitors and records audio and video calls of our users.


The move to in-house hosting of supernodes does not provide for monitoring or recording of calls. .."

There are more paragraphs that follow, but they can honestly say they didn't lie, since obviously they had the functionality to monitor and record the calls even before they introduced the supernodes so it is false that they introduced the supernodes for that, but it is not false that the Skype conversations can and are monitored by authorities.

Note that it's by law the job of FBI to do such monitoring, when it's about US citizens, and it's NSA's job for non-US citizens. Microsoft is definitely not breaking any laws. So when they say that it's all lawful what they do it's also true.

antocv 7 days ago 0 replies      
Microsoft made more fuss and put up a better fight against FOSS than here, for this, for its users, its core ideas and values nothing... oh right, money and power is above all.

Or is it just so that all these companies, Google, Facebook, Microsoft, Apple got something big in return for their cooperation with NSA?

Perhaps they will or got intel on their international competitors?

As so many people seem to be involved in this, at every company sysadmins, managers, developers etc, perhaps many of them want to leak but dont know how, they are close to the devil so to say and fear they cant really do anything about it as they already know the extent of the surveillence?

sinak 7 days ago 1 reply      
The marketing language MS used in http://www.scroogled.com/ - "YOUR PRIVACY IS OUR PRIORITY" - seems pretty amusing now.
ratscabies 7 days ago 0 replies      
I'm sure the NSA can hardly wait for XBone's to start showing up in people's houses. "The telescreen recieved and transmitted simultaneously. Any sound Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever the wanted to. You had to live- did live, from habit that became instinct- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized."-1984, Book 1, Chapter One, George Orwell
grey-area 7 days ago 1 reply      
Microsoft: Your privacy is our Priority.

This slogan now deserves to live on in infamy alongside other prominent examples of doublespeak, like Plays for Sure, and Don't be evil.

What concerns me in these responses from Microsoft is the distortion of the term lawful to include any request from the NSA. If you change the meaning of words like lawful, domestic and intercept, you can of course make anything legal in some sense, but distorting meanings like that is very dangerous, and using secret interpretations of it really damages our confidence and trust in the rule of law. That said I can't see any difference on this issue between MS and any other US tech giants, apart from Twitter, who are to be commended for staying out of this program. With the breaking of encryption on things like outlook chats and delivery in real time, it appears we simply can't trust any guarantees of privacy from these companies at all. Even if they did implement client-side encryption, they'd still feel obliged to break it for the NSA (and its many partners worldwide), so no offering from them is going to protect our privacy.

This was interesting too from one of the documents:

"enables our partners to see which selectors the National Security Agency has tasked to Prism...The FBI and CIA then can request a copy of Prism collection of any selector"

This indicates that any NSA PRISM search can be accessed by any one of these agencies, so once it is in the system, this information will spread widely. Given the guidelines on access of the NSA, that could include all foreign data being automatically available to any FBI or CIA agent. I wonder if they have any limits on access to 'foreign' data at all?

As long as you're American, and not covered by a bulk court order by the NSA, and not encrypting anything, and not communicating outside the US, and don't have a 51% chance of communicating outside the US (what does that even mean?).

No longer

jlgaddis 7 days ago 0 replies      
On a related note, I don't know how many more documents there are that Snowden provided to Greenwald or that will be released to the public but I certainly hope that they keep coming for a looooong time.
jivatmanx 7 days ago 1 reply      
"ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

I have a feeling the FTC won't go after them for violating truth-in-advertising laws.

forgotAgain 7 days ago 5 replies      
If this is true then SkyDrive and Azure are toast. Perhaps all cloud storage as well.
mtgx 7 days ago 5 replies      
I don't get Microsoft. Are they really that hypocritical to the core and so shameless? Why in the world would they launch a "privacy" campaign against Google when they're in a glass house themselves, and so vulnerable? Why the hell would they even put themselves on the spotlight like that?

Or are they really that comfortable with lying, that they have no problem attacking others over something, even though they are just as bad, or worse(as this revelation seems to imply) Giving pre-encryption access to NSA? Really Microsoft?

To make things worse, they've just put the guy who came up with that Scroogle crap in charge of their whole marketing department, so expect a lot more hypocritical/nasty stuff like that from Microsoft in the future:


spoiler 5 days ago 0 replies      
U don't consider PRISM such a big deal, to be honest.

Yes, they spy on innocent people, in an attempt to flush out (or whatever the term is) the dangerous or potentially dangerous ones. However, I genuinely doubt my privacy is very compromised, because I refuse to believe someone is getting paid to sit and read through Facebook posts or messages about my obsession with Supernatural (great TV show on CW), or read through "IF YOU DONT SEND THIS TO 7 OTHER PEOPLE A PIANO FROM THE HEAVENS WILL CRUSH YOU INTO THE PAVEMENT" emails my neighbour is forwarding.

Also, I have a friend who talks in acronyms most of the time (over Skype chat) and I have a file called deectionary.txt (her name is Dee) with around 200 lines, I find it very amusing to think some analyst spent hours trying to decode her message because it contained "bomb" in what looks like "mtwbi bombing m/i shc play asg ol" which means (used near-real example) "my twat brother is lagging my Internet so he can play a stupid game online". She has no disability, she's just very "efficient," I guess!

Besides, I don't have anything to hide, so I don't really care. If I had some top secret business I needed to attend and would care to keep secret from the NSA or CIA, I would probably (as would many of you here, too I believe) make my own thing to do the job, because I wouldn't take someone's word that they give a rat's furry bottom about my privacy.

smegel 7 days ago 0 replies      
A well placed (Russian) friend told me recently that the KGB (and whatever name it goes by now) still uses typewriters (yes, mechanical, ink based thingos) for all internal documentation and correspondence, and that electrical/digital devices are banned in most secure areas.

In other words, they realized decades ago that if you value your privacy, get as far away as possible from a computer, especially one connected to the internet.

jlgaddis 7 days ago 1 reply      
FTA: "Secret files show scale of Silicon Valley co-operation ..."

Since when is Redmond considered Silicon Valley?

dendory 7 days ago 0 replies      
The bigger deal here to me is the data sharing. Who cares if one agency isn't allowed to spy on Americans? Or if another agency has this or that court oversight? All the data collected is shared between the NSA, FBI, CIA, foreign intelligence, etc. This means regardless of who you are or what you are doing, there's someone who has the authority to spy on you, and now they have all your data as well.
ig1 7 days ago 0 replies      
Key line: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands."

That sounds a lot like "we will introduce backdoors in MS updates".

vermontdevil 7 days ago 0 replies      
All this on the day Microsoft announced their restructuring. They neglected to mention a new division called "NSAlite"
nullc 7 days ago 0 replies      
Where are the documents? The text seems to be referring to something that isn't showing up for me.
altcognito 7 days ago 0 replies      
I'm going to purchase a subscription to the Guardian out of principal. I invite you all to do the same. This is absolutely fantastic work they've done.
yulaow 7 days ago 0 replies      
I want to remember to all of you the campaing that microsoft was/is doing in the last months -> http://www.scroogled.com/

motto: "YOUR PRIVACY IS OUR PRIORITY"Yeah, now it seems a bit mh... ironic. Not because i think that google is more privacy friendly, but surely microsoft is not at all.

akadien 7 days ago 0 replies      
Was I the only person who thought "Did the NSA really need Microsoft's assistance?"?
im3w1l 7 days ago 0 replies      
If the revelations continue at this pace, we'll soon hear there are DMA rootkits directly in our network cards.
mtgx 7 days ago 0 replies      
I bet that Microsoft engineer who told us Skype was not re-built for spying is feeling pretty silly right now.

I know his excuses seemed "reasonable" (if you're a smart liar, you don't try to blatantly bullshit someone on their face - you find a "good reason" to hide it), but it was no less of a bullshit excuse as Microsoft's earlier rejection of WebRTC (and they ended up supporting it anyway - guess they didn't feel that strongly about that security claim to begin with).

This was the same way. Yes, it may have improved Skype's reliability a little bit, but I honestly doubt that was the main purpose for doing it. As we learn in this revelation, they don't seem to have a problem with adapting their service to suit NSA.

hype7 7 days ago 0 replies      
small but annoying thing in the article: microsoftsilicon valley
loginalready 7 days ago 0 replies      
The headline is surprisingly understated, where usually the opposite is the case.

After reading the article, the headline might as well have been "Microsoft handed the NSA the keys to friggin' everything."

The tin-foil hat conspiracy theory of the NSA having a backdoor in every Windows system on the planet suddenly doesn't seem that far fetched anymore.

Android saves wifi passwords in plaintext to the cloud code.google.com
444 points by JanLaussmann  2 days ago   163 comments top 19
enginous 2 days ago 12 replies      
What key are you going to encrypt these passwords with?

If you were to encrypt passwords in the cloud with a key that's stored on the device, you can't unlock the passwords on a different device (or the same device after flashing), which is the whole point of backing it up in the cloud.

If you were to encrypt them with the user's Google Accounts password, the device would need to ask for that password on every startup or store the GA password on the device at all times (the latter option is a far greater evil than the current "situation"). As long as Google is ever given the clear text password (i.e., before hashing), this would be open to interception by Google -- or infiltrators thereof.

If the GA password were to be used to authenticate in a way where Google doesn't get access to the clear text password (through digest-like authentication), a user wouldn't be able to access the backups after resetting her password. However, this method is not reliable if you don't trust Google (or its infiltrators), because Google provides the clients that would do the hashing before sending the password, so they could obtain the clear text password (by skipping the hash step, or by sending it through side channel) on any client they control such as HTTP login pages or mobile apps provided by Google.

Like all things security, it's a trade-off between security and convenience.

bhauer 2 days ago 1 reply      
Yet another place where I feel a tinge of anger that VPNs utterly failed to deliver on the potential of private secure connectivity to personal data storage from anywhere. Several of us here at HN set up and manage home networks to which we connect over an encrypted channel. To us--well, to me at least--it seems plain as day that my device should allow me to backup its sensitive data to a file that I store on a file system of my choosing. I would store it on my encrypted disk array at home (which is then backed up to a data center disk array).

But to a layperson, the lack of a secure private channel to personal data storage remains an infeasibility. So laypeople embrace third-party "cloud" storage offerings, this one included. These services offer omnipresence of data. They don't offer personal control, but many people are willing to concede control because omnipresence is such a convenience.

Putting all of that aside, however, and accepting the world as it is, with VPNs the tragedy of user experience that they are... An open question remains: why not ask the user to create a passphrase for use in encrypting the device's data before storing it at the GoogleCloud + NSACloud?

The seemingly obvious answer to the rhetorical question is a worry about user experience pain ("woe is me, I need to remember another passphrase now"). So perhaps the user would be instructed to provide a passphrase if and only if they are concerned about their backup being stored on the NSACloud. If they are not concerned, they can leave the field empty.

Kurts 2 days ago 4 replies      
You can turn it off if you like:Settings > Privacy > Backup my data, backup application data, Wi-fi passwords, and other settings to Google servers.

Every few months someone rediscovers that Google also syncs Wifi credentials between devices (perhaps when logging into a new device and finding it tethers itself nicely to the network on its own).

It's a matter of convenience, Wifi passwords are only applicable at a certain range, and other restrictions could be applied even then (like hardware whitelisting etc) it's not your bank credentials.

Here's a reddit discussion (from 2 years ago!) http://www.reddit.com/r/Android/comments/g6ctt/just_upgraded...

rsync 1 day ago 0 replies      
The title is, I think, a bit misleading. That's because it is not Android per se that is sending your wifi passwords to the cloud, it's the use of the "backup my data" tool.

If you're interested in robust, secure storage of your data, the candy-flavored OS built-in-cloud-tool may not be your best bet. It's only there to check a feature box on a sales card.

"Oooh but I get 5 gigs for free!"

spdy 2 days ago 1 reply      
With the street view wifi scandal, this on going encryption problem and the revelations about prism this looks very bad.
jmngomes 2 days ago 3 replies      
This reply "This report applies to a mobile Google application or service, and the issue tracker where you reported it specializes in issues within the Open Source source code of the Android platform." is a bit off, IMO.

The developer reported a bug found on Android to the Android forum. The reply he gets sounds like a dismissal, which is quite strange given that the problem is not only related to Android but also with a Google product.

A few days ago I submitted an Android bug verified on a Samsung phone. The reply was something in the line of "that's Samsung's problem, talk to them".

I'd say this isn't the right way for Google to handle a severe issue such as this, i.e. simply rejecting accountability. It's like having a team say "go talk to some other team" when they're actually all aboard the same ship. Is big company bureaucracy / turf wars getting to Google? Hope not...

DanBC 2 days ago 0 replies      
Frustrating that it's really hard to make my android phone show me the saved password it's using for a wifi.
pedrocr 2 days ago 0 replies      
Google could use this to bootstrap a FON like worldwide network. Have an additional option in the settings for "Make this network part of Google Free Wifi" and then any android phone anywhere can connect seamlessly to the network. If you change the security settings they are immediately updated because you also update them on your own phone.

At least for networks that are already designed to be public (e.g., coffeeshop wifi) this would be awesome. For my home network I'd have to first setup a second SSID myself that I firewall from the rest so that I don't expose all my wifi devices to any passer by. That bit isn't very user friendly.

nodata 2 days ago 1 reply      
..otherwise it wouldn't work.

You can disable backups when you setup your phone.

brudgers 2 days ago 0 replies      
The most plausible explanation for this behavior, if the assertions are true, is that Google is acting in a way which serves its customers interests.

If you don't write checks to Google for a service, you are not among Google's customers.

babesh 1 day ago 1 reply      
No need to belabor the point given the many examples beyond this one. If you want security, you're not going with Android. If you want configurability, you're not going with iOS.

Android: slurping phone numbers, texting behind the scenes on your behalf, etc...

iOS: no access to apps that Apple doesn't approve, no replacement of built-in apps with third-party apps, etc...

These systems were not built exactly with your benefit in mind. Android was built to prevent Apple domination of mobile and thus continue selling ads by providing services. Apple has several services that would be much more useful cross platform but are not: Facetime, iMessage, etc... and that reinforce platform lock-in.

keithnoizu 2 days ago 0 replies      
That's a feature, saves NSA from the effort of building up rainbow tables.
jpalomaki 2 days ago 0 replies      
I guess it would be fairly difficult to make this truly secure without making it too difficult to use. Simply encrypting the data with your Google account password does not do much good, since you are going to provide that password to Google and they could obviously use that to decrypt the data (should the government request it).

One option would be to use separate password for protecting the data, but that would not be very convenient for the user. Very easy to forget such password since you are not going to need it very often.

foley 2 days ago 2 replies      
And all for nothing - none of my Android devices have ever restored my wifi passwords, it is always a mission to find and input my password on a fresh phone.
durkie 2 days ago 0 replies      
I know it doesn't really address the issue at hand, but as an alternative here Android features a little-documented local backup feature that can be done through adb, and can be encrypted.

Even google's official adb page has no mention of it, but I've done it and it works fine: http://tutznet.com/1283-perform-full-backup-android-phone-ad... (not my blog -- just the least spammy site i could find)

ksowocki 2 days ago 0 replies      
If anyone hasn't downloaded [cloud to butt](https://github.com/panicsteve/cloud-to-butt)

Let [this](http://cl.ly/image/1X0o212T3B0Y) be your reminder to do so.

krapp 1 day ago 0 replies      
At this point I feel you might as well assume that every device and every website stores your credentials in plaintext until explicitly proven otherwise, I guess. Or maybe unsalted md5 if they're a bank.
somesay 2 days ago 1 reply      
Of course, they don't ask for a specific password.

"Encrypt synced passwords with your Google credentials" is impossible in times of app specific passwords, right?

tazjin 1 day ago 0 replies      
I would like to know how this works with 802.1X credentials. Does this "feature" save my company internal LDAP password that I use to authenticate to the network to the cloud? Unencrypted?
Effeckt.css h5bp.github.io
440 points by apunic  1 day ago   93 comments top 41
paulirish 1 day ago 0 replies      
A little bit of background on Effeckt: The idea is we need reusable transitions and animations [0], all classy but most importantly they must perform well on mobile. The project is still very much a WIP, and as some comments below indicate, there are still janky interactions that are unacceptable. We're looking at integrating something like Topcoat's Benchmark server [1] to have CI setup for CSS performance regression testing. Identify and improve (or cull) any effects that are inappropriately slow.

The project started over on lazyweb-requests [2] and Chris Coyier has led development of the project from early on. It's a very open and community-driven project, so there are plenty of opportunities for everyone to get involved and move things. Lastly, the readme [3] helps explain a lot of the goals and ideas of the project.

[0] http://youtu.be/Qc40YDFA4Bg

[1] http://bench.topcoat.io/

[2] https://github.com/h5bp/lazyweb-requests/issues/122

[3] https://github.com/h5bp/Effeckt.css#readme

dclowd9901 1 day ago 1 reply      
Since none of the comments here are outright positive, let me be the first to say 'holy shit, dat Make Way! modal transition!'

I love open source.

ChikkaChiChi 20 hours ago 0 replies      
I understand that this sort of thing isn't for everyone, but the level of trolling negativity in this thread is on par with Slashdot.

If you are somehow disappointed that clicking on a link to something that defines itself as CSS Effects (it's there in the name) and you ended up on a page with CSS animations...you are a clod.

gtaylor 21 hours ago 0 replies      
Looks neat, but some of these animations run pretty slow on my i7 running Chromium on Linux. I've got an Radeon 5870 with proprietary drivers, and I understand that Chromium's acceleration situation is weird, but I guess I was discouraged to see it struggle.
tnash 1 day ago 4 replies      
Is the modal text really blurry for anyone else, or am I going insane?
dhotson 1 day ago 6 replies      
Very cool!

I've been playing around with an animation concept for submitting a note: http://dhotson.github.io/envelope/ .. is it too much? :-)

egonschiele 1 day ago 0 replies      
The placeholder images you use for captions are getting scaled up so they look very blurry for me. Might be better to get bigger images and have them scale down? placehold.it also allows you to specify your own text there by passing in the `text` parameter.

This library looks great!

eob 14 hours ago 1 reply      
Very cool!

Side comment: one problem with modern web apps is JavaScript bloat. And one pressure on libraries is to keep growing. These two things seem to be at odds. It would be nice if someone created some kind of { CSS, js, HTML } build system that allows components to be built and packages separately.

Kiro 1 day ago 1 reply      
It says it's performant but for me it's laggy compared to http://tympanus.net/Development/ModalWindowEffects/

Why is that?

eterpstra 1 day ago 1 reply      
From the site:

"Ever notice how small flourishes and subtle transitions dramatically increases the value of the experience you enjoy with an app or site?"

I agree that a very slight fade or slide can help reduce the jarring effect of a contextual transition (such as the appearance of a modal, or a menu), but what value is added by the not-so-subtle effects like the 3D transforms (that incidentally cripple mobile devices and older browsers)?

jarek 1 day ago 1 reply      
And here I just want stuff to happen fast
bsaul 1 day ago 1 reply      
I love the blur behind modal. On my Chrome the blur effect starts after the modal is displayed. I suggest that you make it progressive, inside the same animation as the background turning to gray (not sure it's possible though).
tehwebguy 15 hours ago 0 replies      
Navigation: Left Push is the best CSS "drawer" I've seen on iOS so far. It's choppy coming in but perfect going back out on this page.

Do you think it has to do with the number of elements on the content page? I'll make another demo to test it out later, just on my phone now.

mrinterweb 1 day ago 0 replies      
Performance was not quite on par with other CSS3 animations I have seen on my Nexus 4. I think part of the perceived performance issue may have been the artificial 300ms delay android adds after press/click.
lifeformed 22 hours ago 0 replies      
The Scroll effects were a little too distracting for me, but the rest were pretty cool!
RodericDay 23 hours ago 0 replies      
"Ever notice how small flourishes and subtle transitions dramatically increases the value of the experience you enjoy with an app or site?"


drawkbox 1 day ago 2 replies      
I wonder if this is part of stroll.js or inspired by or vice versa: https://github.com/hakimel/stroll.js demo page: http://lab.hakim.se/scroll-effects/ hakim.se has lots of cool stuff like that.
emehrkay 1 day ago 1 reply      
The modals barely work in chrome on this HTC one. However, everything works beautifullyon an iPhone 4s. When will mobile chrome catch up?
jv22222 11 hours ago 0 replies      
animate.css has been around for quite some time and is also very impressive: http://daneden.me/animate/
ArekDymalski 1 day ago 0 replies      
This is amazing. As a form of thank you let me share a glitch which I noticed on latest Chrome in Windows 8 http://i.imgur.com/bRHRBK6.jpg As you can see there are no scrollbars for the lists and weird artifact is visible on the middle list. This doesn't happen on IE 10. Also,some of the effects start with a noticeable delay (but work smoothly).
kaushikt 22 hours ago 1 reply      
The scroll effects reminds me of Stroll.js http://lab.hakim.se/scroll-effects/

Amazing work you guys. Fork - Contribute

kbrackbill 1 day ago 3 replies      
Everything is smooth and looks great in Chromium, but the whole page is sluggish in Firefox (on linux at least, and usually firefox on windows is worse).

This has been generally true in my experience playing with CSS animations. Are there any tricks to optimize stuff like this in Firefox, or is it just an area where Chromium is still way far ahead in performance?

kayoone 1 day ago 1 reply      
great stuff, sadly its almost unusable on mobile (tested with a quadcore HTC One).
PhilipA 1 day ago 4 replies      
It runs a bit slow on my iPhone 4S, especially the list effects. Are anyone else experiencing lag on their mobile phones as well?
hardwaresofton 22 hours ago 0 replies      
This is the most awesome thing I have seen today. Instantly shared with some of my comrades in web arms.

Keep up the awesome work

novaleaf 10 hours ago 0 replies      
doesn't work with ie8 or below,

looks like it could with some tweaking though.

tsenkov 1 day ago 1 reply      
Great job. What is the licensing on Effekt.css? (I couldn't find it in the repo or the demo page
fmax30 1 day ago 0 replies      
The Library seems awesome , but the off screen navigation bar feels a little jerky when turned on.
airencracken 21 hours ago 1 reply      
Ugh. It's like people decided the solution to crappy flash, was to make stupid flash stuff native in the browser.
GoldfishCRM 1 day ago 0 replies      
Hakim you the man. An other great swedish developer delivers.
arms 1 day ago 0 replies      
Very nice. I was looking for something similar to this a couple of days ago. This will fit the bill nicely :)
shaydoc 1 day ago 0 replies      
Really well done on this, the power of open source is unreal.....
spinachthrow 1 day ago 0 replies      
Is it just me or is this kinda blurry?

Pretty dope though, that from top=>tilt fall was pretty exciting

anuragramdasan 1 day ago 0 replies      
This is cool. Makes the prototype web page design easier for the back-end developer.
cdhack 1 day ago 0 replies      
Looks great, smooth to use, attractive 3D view. Can't wait to try it out!
be5invis 1 day ago 0 replies      
Tested on IEXWorks well

(unlike zepto, which uses the evil __proto__)

RoryH 1 day ago 1 reply      
for ROFL's and LOL's open the page in IE8
BaconJuice 1 day ago 1 reply      
no love for IE8? :( Saved anyways, Thanks for the great share!
it_learnses 23 hours ago 1 reply      
sorry if this sounds stupid, but are all the effects done using only CSS?
ronaldsvilcins 1 day ago 0 replies      
Love it!
joelle 20 hours ago 0 replies      
This is so dang cool! I love it :-)
Don't be evil: Moving everything off of Google samwhited.com
424 points by SamWhited  7 days ago   299 comments top 54
alan_cx 7 days ago 11 replies      
Depressing thread this....

I think this thread demonstrates why the privacy issues with the likes of google, facebook, etc are pretty much vapor complaints. Essentially, people are happy in the end to sacrifice privacy for convenience. With that mind set, we can easily see why no one really cares about NSA slurping. As far as they are concerned, all the NSA has is what facebook, gmail etc, have. So, what is the problem exactly? And you know what, I can understand the point. I disagree, but equally, I understand.

Having read about how people won't move form FB because it easy to stay there, since their "friends" are there, I now realize most people really are not committed to privacy while it means some sort of inconvenience. There is even a reply here where a friend who wont use facebook is referred to as an "outcast"... Understandable, but also says it all.


danieldk 7 days ago 8 replies      
Whenever I read such posts (moving everything off Google/FaceBook/...), whatever the rationale, I feel like I am living in a parallel universe.

All my friends are on Facebook and as much as I dislike Facebook's piracy invasion, it's an excellent tool to keep in touch with people.

I could drop Google Talk, but as much as federation is a good thing, ironically I wouldn't have many people to talk to, since they use Google Talk/Hangouts.

Perhaps a decentralised file sharing tool is better. But everyone is using Dropbox and Bittorrent Sync will be too outworldish for colleagues/family/friends.

buro9 7 days ago 6 replies      
I get the point of moving other services to places that are encrypted, private, secure, and cannot be reached by NSA, GCHQ, etc.

But... email?

It goes over the internet in plain text, has substantial meta-data, and even the contents are trivially small to store.

When people want to come off of G+, Facebook, etc... great, that makes some sense. If they want to stop using Chrome Sync, and to use Firefox, install add blockers, anti-trackers, change their hosts file, use VPNs, enable Tor, change DNS provider... great, that makes some sense.

Email makes a lot less sense though. It's effectively public and what security exists is about effective as your front door lock. It keeps out the average person that passes by and little more than that.

There is actually some argument to be had that if most of your contacts use Gmail that you should stay on Gmail as the email wouldn't route via the public internet.

I am sticking with Gmail, but am using a Google Apps for Domains account for it as that allows you to configure the domain to fully disable other Google and related services (G+, YouTube, advertising, Drive, etc). I then access Gmail via Chrome Incognito and live the rest of my internet life in Firefox.

Effectively Google for me, starts each day afresh, sand-boxed in a private browser session, and with no permission to do anything else.

The only other Google things I used they have already shuttered or have announced they're doing so. Effectively when this happens I am one of the n% who don't move to G+ and roll off of Google services.

I do wonder if we'll ever hear what % of users didn't go to Hangouts when they re-branded and closed Talk. What % of Latitude users will vanish when G+ gets whatever location sharing capability. Maybe it's negligible to Google, but it doesn't feel negligible when I speak to friends who used to use Google a lot more.

gordaco 7 days ago 4 replies      
"When youre paying for your social network, it makes you a customer instead of a product".

Wrong, you're still a product. The "consumer vs. product" dilemma is a false one.

cromwellian 6 days ago 2 replies      
Any web service could "go at any time", in fact, the smaller players are more likely to fold up shop, not give advanced warning, and not offer something like Google Takeout. It's happened before. Some smaller players in the past didn't even have good backups, and simply lost user data. You could self-host, but again, unless you want to put a lot of labor and money into reliability and security, you can also lose.

I'd call the reasoning used in this article "Reader Derangement Syndrome".

babuskov 7 days ago 1 reply      
The site uses Google hosted jQuery. Guess being tracked by Google is not an issue for them. ;)
Kiro 7 days ago 8 replies      
Am I the only one who want the opposite? I love having everything seamlessly tied to one ecosystem. The synergy effects are worth it and I can't see a better company than Google to handle it.
dmytton 7 days ago 3 replies      
http://dbpmail.net/essays/2013-06-29-hackers-replacement-for... is a good tutorial on replacing GMail.

GMail is excellent at search and spam filtering, everything else is just a standard e-mail service. The tutorial points out how you can at least try and match the level of spam filtering with the community based Pyzor.

vacri 7 days ago 1 reply      
any of my services could go at any time [, like] Google Reader

... a lead time of months, with daily notifications in the final month? But he's willing to go with other cloud services?

As for the total abandoment of google products, it seems petulant. 'I won't do Android, I'll do Cyanogen instead!'?

moreentropy 7 days ago 3 replies      
You can't call it "everything" if you keep Gmail.

Personal email would be the most important service to get under your own control, and it's the hardest of all problems to solve.

efa 6 days ago 0 replies      
>>why do I want my calendar to be online anyways

Wow, my Gmail calendar is the one thing I can't see doing without. View from anywhere, seeing my team members schedule, adding invites to each other's calendars. It's pretty much my task (or reminder) list as well.

jusben1369 7 days ago 0 replies      
As we know all services are vulnerable at any time to disappearing. Startups failing, large companies sunsetting. It then appears the question becomes "What is the cost to me of this service going away?" where cost can be how long it would take to move to a comparable offering at that time. Then you way that up against "How much am I giving up each day/week/month if I use a service I want less but am doing so due to my fear of being "all in" and at the mercy of Google's whims?" So when I see an article like this (which I enjoyed) I tend to think the above is simply out of whack with a "I'm getting off every service"
tomkarlo 6 days ago 0 replies      
Maybe if he was using Google to host his site, it would still be up.

(Yes, I'm being glib, but with a point - there are real downsides to moving away from services like Google that have industrial-strength cloud services behind them. Just because you can move to other things or self-host to improve privacy doesn't mean there aren't major tradeoffs.)

ssharp 7 days ago 0 replies      
Such action is extremely impotent if you still keep Gmail. Aside from chat, email is the most private service on the list and failing to give up on that exemplifies how people value convenience over privacy. This type of "activism" is almost negative if you're fighting for better privacy.
visarga 7 days ago 0 replies      
I think it's a time of opportunity now. Someone could become the provider of private internet experience to uproot Google, Apple, MS and the rest.

We need a single, all in one solution for all the basic things: email, search, video, photos, social networking, calendar, sync and maps. Have I forgotten anything? Another essential app is a Tor-like browser with strong privacy support.

All of this needs to be bundled in a private cloud app capable of handling from one person to a group with thousands of people, like, for example, a university.

We need to be able to own our own data, to have access to our logs and to be the only party who has access to our logs. This whole thing needs to be open source and thoroughly tested.

znowi 7 days ago 0 replies      
The recent Google Reader shutdown and Google Hangouts disabling XMPP federation made me realize that any of my services could go at any time and I didnt want to be so dependant on a single provider or the integrations between services.

It's interesting how the recent NSA revelations didn't play a role in this decision. Providing NSA access to user data - Fine, whatever. Shutting down a service - How dare you! Evil company! Consumerism trumps the civil rights.

robotmay 7 days ago 2 replies      
Thanks for the Photographer.io mention! I was about to deploy Dutch and Polish language support when I noticed the traffic rolling in, so I'll be leaving that for a few hours now in case I break it.

If anyone has any questions about privacy on Photographer.io or any other general questions then I'd be happy to answer. You can also email them over to support@photographer.io if you prefer.

jalada 7 days ago 1 reply      
All good suggestions, but heavily focused on non-collaborative solutions. For example a paper calendar is no good if you regularly use your colleagues calendars to schedule events and know what is going on.
edem 7 days ago 1 reply      
As for music I think that for Linux (I guess you probably use Linux since Windows is just as evil as Chrome or Facebook) XMMS is still the best player. I use it for years now and I never had problems with it. It also comes with a Winamp-like interface and functionality.
Joeboy 7 days ago 2 replies      
Paper calendar suggestion seems kind of defeatist. I just switched to http://radicale.org/ from my old nokia phone calendar, not from google) and it seems fine so far.
nathanb 7 days ago 0 replies      
FWIW, I use Linux and am fairly happy with Amazon Cloud Player.

The lack of Linux support for their downloader is annoying, but I don't feel the need to download entire albums particularly frequently. When I do, spinning up a Windows VM is the work of but a moment (I haven't tried running the downloader under wine, but it probably works well).

I don't mean to excuse Amazon for their Windows-only mindset or suggest that lack of Linux support won't be a big deal for you, but don't let this post discourage you from trying it in case you're a Linux user who wants to give it a shot.

lambda 7 days ago 3 replies      
One problem with moving away from Google is Google Maps. While OSM does have some fine maps, they don't have navigation or business search. I use Google Maps on my phone all the time to find "where's there a restaurant around here, and how can I get to it?"

Is there any privacy-preserving service that does anything similar?

tn13 7 days ago 4 replies      
Most people are ignoring the biggest problem that Google is causing. Gmail's virtual dominance in email field is going to be extremely hurtful for the rest of the hacker and startup community.

At the end of the email marketing remains the numero uno method of user acquisition and retention. With the new features such as priority inbox and automated classification of personal emails/promotion emails it is going to make it impossible for new consumer web startups to succeed.

superuser2 6 days ago 0 replies      
Where is he hosting this stuff? What makes you think Linode/DigitalOcean et al would violate US law to protect a customer?
Estragon 5 days ago 0 replies      

   I had a bit of trouble adapting to the kinds of results I    was getting and what sort of language I used when    searching (I didnt realize how tuned-in to Googles    search algorithms my subconscious had become), but after    using it for a while I began to love it.
I'd love to read a tutorial about how to adjust search queries to suit DDG. Maybe this is why I find it to be such a pain, and always switch back.

blacktulip 6 days ago 2 replies      
OK, IMHO if you keep gmail, you have not left google. Having one service with them and having multiple services with them are essentially the same.

I am trying to do the same thing. Problem is, I used my gmail address everywhere already. My contacts know me by my gmail address. Dropbox identifies me by my gmail address .. you know what I mean.

I moved my custom domain emails to fastmail. But my @gmail account can't be moved. I really don't know what to do with it. I am stuck.

neya 7 days ago 1 reply      
Isn't this something like pre-mature optimization? Most services (like Blogger for example) haven't shut down yet and probably won't. So, just because Google didn't support some open source protocol, doesn't mean we should suddenly decide to move away from a service that's really been good so far.

If the service is good enough, then why bother switching providers? At the end of the day all businesses want to profit . Also, it's a matter of personal preference - Some like Gmail and some like Hotmail. But moving away from a really good provider because it doesn't provide a 'feature X' (unless it impacts you in anyway and makes it unusable) then I see no point in moving away at all.

spoiler 5 days ago 0 replies      
I am very happy with the fact that Google personalises my search results, because 99% of the time it does it right! I remember one time where it got in the way, and getting "around" it didn't require too much effort.

Also, if I need to find a replacement I will do it when necessary. I enjoy being Google's slave, because I feel treated nicely & I am happy!

Although, the fact they dropped XMPP support is a bit sad.

rednukleus 7 days ago 0 replies      
Its a shame that they put such a ridiculous linkbait title on an otherwise good article.
stettix 7 days ago 3 replies      
Another cloud file storage service worth checking out is Jottacloud (http://www.jottacloud.com). It has similar features to Google Drive and Dropbox but being based in Norway, it complies with stricter laws on privacy and data ownership. See for example the question "What does it mean for me that my files are stored in Norway?" in their FAQ (http://www.jottacloud.com/faq/).
SamWhited 7 days ago 1 reply      
Thanks for the comments and suggestions all; I've updated the post with some of the suggestions people have emailed to me (diff: https://github.com/SamWhited/blog.samwhited.com/commit/62f00...).
markshepard 7 days ago 1 reply      
Interesting, I have been in this line of thinking. Google has been as cavalier about user data as the rest except that it has the holier-than-thou attitude.

Made the painful move back to firefox on all my computer after being used to Chrome. I have started using DDG in desktops but still depend on google on my mobile devices. Email, I am still stuck with gmail as the primary mail box (Which I am actively working on to move out to paid account).

olegp 7 days ago 1 reply      
I agree that it seems a little premature, but it's a good thought experiment: could you move off Google if you wanted to?

At StartHQ we provide a list of automatically generated alternatives, in case anyone wants to give it a go: https://starthq.com/apps/?q=google

Rustan 7 days ago 0 replies      
I've done the same, but switched to:* Autistici/Inventati (http://www.autistici.org) for email and jabber* owncloud for files, calendar, news, contacts* cyanogenmod and f-droid instead of vanilla android and google play
ds9 7 days ago 0 replies      
Lots of cheap web hosting providers offer webmail for one's own domain. Having never used Gmail I can't compare the interface, but I find it friendly enough and have no difficulty syncing the web view and Thunderbird (debranded as Icedove) at home. Even semi-technical people can do this with a little effort.

I do use the Google search sometimes, and sites that retrieve from GoogleAPIs, but frequently dumping all cookies, cache and such and changing browser details will keep you off the radar if you wish.

People speak as if it's a big hassle to avoid depending on big companies - or to avoid the tracking and wiretapping - and but it's really just a question of the relative values one attches to privacy and convenience.

SamWhited 5 days ago 0 replies      
Did another round of edits; if you sent me suggestions and they're not in there I decided not to include them for some reason (or forgot about them). Full diff here: https://github.com/SamWhited/blog.samwhited.com/compare/979c...
ikusalic 6 days ago 0 replies      
Keeping GMail invalidates almost all the other efforts. That is the frist element of Google addiction that needs to go away. GMail is tying you down to Google and is unfortunately hardest to break free from. My choice (at least for now) is Fastmail.

Disclaimer: I feel strongly about this topic [1] and think that most of HNers should too.

[1]: http://www.ikusalic.com/blog/2013/06/04/case-against-google/

hellcow 7 days ago 0 replies      
I've been extremely happy with Fastmail.fm. It's a few bucks a month, and you can't tell the difference between it and Gmail--as long as you delete emails after you no longer need them, of course.

I also started using a pen & paper planner by moleskine rather than iCal. It's actually very nice.

emehrkay 7 days ago 0 replies      
Damn, Google may have people locked in more than Microsoft of the 90s
samweinberg 7 days ago 1 reply      
>Theres no free membership, but I consider that a good thing.

You can sign up for a free App.net account with an invite. I have a few, anyone interested?

yuhong 6 days ago 0 replies      
Let's trace the problems. I don't think Larry, Sergey, Eric, or Marissa have security clearances, do they?
conformal 7 days ago 0 replies      
i did this several years ago, feels good knowing that google has to work hard to spy on me versus me just giving them all kinds of info about myself via search, etc.

the only thing i use is a throwaway gmail address that is mostly a spam magnet.

Mikeb85 7 days ago 5 replies      
This seems silly. Google has been consistently less evil than Microsoft, Apple, and even Amazon, and has the best services.

I'm all for alternatives (especially open source and non-US based alternatives), but if Google is still the most convenient service provider at the moment, I'll continue using them.

phxql 7 days ago 2 replies      
https://mail.opera.com/ is not that bad.
_pmf_ 7 days ago 0 replies      
The sad thing is that one would think that these migrations away from their services should worry Google, but they are apparently offset by the benefit of being able to concentrate on serving the sheeple.
pedromorgan 7 days ago 1 reply      
Maybe Google should create GoogleEurope, a seperate comany.. The already got one offshore from the USA.. and it would bypass the USA also.. ;-
jpd750 7 days ago 1 reply      
Good idea, I may make the switch more entirely as well. I already have started with DuckDuckGo
thinkinggorilla 5 days ago 0 replies      
I am a poor man using services of Google. Thanks Google.I want to know how the alternative service users are so sure that this will solve their privacy issues by not using Google services. Are they insiders in NSA, or NSA cannot track you on other alternative services. HOW DO YOU KNOW ?
tteam 7 days ago 0 replies      
If you want a easy file storage, sharing and sync solution consider our Tonido product (http://www.tonido.com)
puppetmaster3 7 days ago 0 replies      
You can use EU based GMX.com for email in USA. I do.
unclekreepy 7 days ago 1 reply      
why be a google hater? .. they arent going anywhere for a while and only the non used services get shut down.
paranoiacblack 7 days ago 0 replies      
Fuck it, I'm going to start writing my programs on punchcards and mailing it to Github HQ to test the results of it. Then I'll handwrite letters to my coworkers to finally switch away from the evils of email. For blogging, I'll literally stand outside of coffee shops on a soap box and talk about how boring I am. My only file storage will be a cabinet in my house. I'll hand draw my own maps. I'll do organic searching through newspaper listings. For social networking, I'll go outside and announce to the world how I'm feeling, only accepting their emotions if they like it. For photography, I'm going to buy a polaroid camera and keep the pictures in my cabinet. Fuck Android, I'm bringing back rotary phones. My feed reader will be the random clippings at starbucks.

Stay classy, HN.

antonwinter 7 days ago 1 reply      
i kim dotcom gets his crypto email going, we can help google be less evil by moving to that.
xwei 7 days ago 1 reply      
Move from one evil to another. Wasting the time.This is real world please!
Yahoo's Fight for its Users Earns the Company Special Recognition by EFF eff.org
424 points by jasondemeuse  3 days ago   71 comments top 12
mythz 3 days ago 0 replies      
Ironically the only major tech company not to deny NSA involvement, is seemingly doing the most for its users privacy.Fighting against the overreaching arm of the US Govt in secret courts for the last 6 years, without any potential for publicizing their plight exemplifies Yahoo's true stance on user privacy. Actions speak louder than words, what you do when no-one's watching, without any potential of direct benefits or exposure shows Yahoo's true colors.

Which is in stark contrast against other major tech companies strategy of instead deny direct involvement, launch marketing campaigns promoting users privacy as their top priority and go as far as launching anti-privacy campaigns criticizing the privacy policies of their competitors, whilst simultaneously providing an indiscriminate fire-hose of private user data directly to the NSA.

joshuak 3 days ago 2 replies      
I have hated yahoo because of their poor products, bad user experience, ridiculous design sense, and what appears to be just brand marketing for a brand's sake.

However, I have to say this news gives me a strong reason to reevaluate yahoo. And my own feelings about this makes it clear to me there is a market in customers who are interested in having their rights respected. I'm looking forward to the new wave of strong security, and corporate user rights policies as a feature.

stdgy 3 days ago 1 reply      
Companies should be commended for their efforts to fight these orders. However, let's not forget that Yahoo also handed over information to the Chinese government that led to the arrest and prolonged imprisonment of multiple people, and then tried to cover up their behavior by pretending they didn't know why the information was being requested.

I suspect that the backlash from those actions may have led the company to appeal the FISC orders, fearing similar potential future liabilities.

Source: http://arstechnica.com/tech-policy/2007/11/yahoo-calls-withh...

aniket_ray 3 days ago 2 replies      
The complete tally for different companies is here: https://www.eff.org/who-has-your-back-2013
cinquemb 3 days ago 2 replies      
Good luck meeting your GDP numbers after that.

It's ok, that is what the Federal Reserve is for[0] ;)

[0]: http://www.federalreserve.gov/monetarypolicy/files/BSTcombin...

diff_sky 3 days ago 1 reply      
"Yahoo went to bat for its users not because it had to, and not because of a possible PR benefit"

Good for them, but also perhaps motivated from poor PR resulting from this episode:http://en.wikipedia.org/wiki/Criticism_of_Yahoo!#Outing_of_C...

jjp9999 3 days ago 2 replies      
Only in 2005, Yahoo helped the Chinese regime prosecute a journalist. That wasn't the only time that happened, either. (Source: NYT - http://www.nytimes.com/2005/09/07/business/worldbusiness/07i... )
tptacek 3 days ago 1 reply      
Subhed: "The truth begins putting its pants on."


znowi 3 days ago 2 replies      
Well, this is a little weird... Yahoo that joined PRISM in 2008 gets a gold star from EFF?
yuhong 3 days ago 2 replies      
Notice the name of the law used is mentioned in this article.
benatkin 3 days ago 1 reply      
It seems like an odd choice to leave the exclamation point out. http://en.wikipedia.org/wiki/Yahoo!
e3pi 3 days ago 1 reply      
"... While Yahoo still has a way to go in the other Who Has Your Back categories (and they remain the last major email carrier not using HTTPS encryption by default)..."

Why? and how vulnerable to Eve, not using HTTPS?

Trends that will create demand for an Unconditional Basic Income simulacrum.cc
418 points by nkoren  8 days ago   655 comments top 74
crazygringo 7 days ago 17 replies      
> "How would we pay for it? We could start by getting corporations to pay their taxes."

I don't know why people keep harping on corporate taxes. If anything, taxing corporations is regressive -- the taxes ultimately get passed on to consumers through higher product prices, regardless of their income levels.

Taxing corporations doesn't produce magic money -- it's still taxing people in the end, but it's the consumers. Far better is higher tax rates on investments, and higher taxes on the rich. We should be taxing the people who own the corporations, or are paid huge salaries by them -- that is, if you believe in progressive taxation.

tokenadult 7 days ago 5 replies      
I see no one in this active discussion has mentioned yet Charles Murray's book In Our Hands: A Plan to Replace the Welfare State,


in which Murray goes into detail about how much a program of guaranteed income for everyone would cost in the United States, and some probable effects that would have on everyone's everyday behavior. I read the book a year or two after it was published.

Murray's own summary of his argument


and reviews of his book





may inform the discussion here. Big public policy proposals are not easy to discuss, but the big public policy proposal of a guaranteed basic income for all is a response to existing policy of supposedly targeted social welfare programs that are just about equally expensive, but more costly to administer.

steveplace 8 days ago 5 replies      
Basic income on top of everything else doesn't make much sense (cost-wise).

But if we could trade B.I. for Social Security, Medicare, Medicaid, SNAP, and other social progams-- it would probably be more cost efficient as individuals look after their money better than other people do.

Here's a video from Milton Friedman (not Tom Friedman!) who is advocating for a negative income tax-- a variation of basic income.


zxcdw 7 days ago 8 replies      
I don't understand how people oppose unconditional basic income without also opposing the fact that automation decreases the amount of working hours available for a person(or in other words, the amount of jobs), and thus decreases the amount of income per person, while maintaining productivity stable if not increasing it, thus making all sorts of goods cheaper.

Someone enlighten me. These discussions always seem so damn complex and heated for some reason. What am I missing, when I believe that UBI/BIG(basic income guarantee) is the future, and that in future people don't need to work 40 hours a week?

Before anyone counters with saying that "people don't need to work and thus just leech the system", I will cover this now. People will need to work, because UBI/BIG will not cover anything but the very basic income. This means cheap housing, cheap food, clothing and whatever else is considered basic income. Perhaps this would be something like 800 USD per month, or 200 per week, give or take some. People would most definitely want to have more income, and as such they would want to work. A full 40 hour week? Perhaps not -- maybe 20 or 30 hours a week. Whatever they feel fit best for them.

(note that I live in a country with the nordic welfare system, where most people live on a rent rather than own a house, which perhaps makes a difference, or then not. I don't know, hence why I discuss.)

cdoxsey 7 days ago 6 replies      
I think in the end this wouldn't work. It'd play out something like this:

A certain percentage of the population would stop working entirely since they no longer need to. (Particularly when politicians push the basic income amount up to placate constituencies)

Because workers bow out of the system certain industries lose productive capacity. Maybe we stop producing enough food, or enough fuel.

Prices rise (assuming a moderately free market), which causes the basic income amount to rise and it spirals out of control from there.

The state is forced to intervene. Either by forcing people to work certain jobs (ala https://en.wikipedia.org/wiki/Professional_Air_Traffic_Contr...) or by capping the basic income and reincentivizing work.

Hayek: The curious task of economics is to demonstrate to men how little they know about what they imagine they can design.

jeffdavis 7 days ago 2 replies      
Though some more reasonable forms of this idea exist, this particular description has some major problems:

* What if the money you pay someone does not go as far as expected? Maybe they lose some of the money in various ways, or maybe they are just very bad at negotiating economic transactions or buy the wrong kinds of things from the wrong places. Maybe they are trying to live in an expensive area -- do we kick them out?

* There will be a significant class of people who simply know nothing at all about work or participation in the economy. That may have all kinds of bad effects for those people, one of which may be a greater likelihood of the problem above.

* Some people who would otherwise be productive will put off both education and work for a while. When the time comes that they want to be involved, it will be hard for them to make the transition, and many will just stay out of the workforce forever. So, some of the ultra-productive people the author is expecting to do the heavy lifting will not exist.

* There will be pressure to stop granting new citizenship/residency to almost anyone, because the potential cost will go way up. Even if, in the long term, immigrants are good for the economy, in the short term it could be crushing if each one gets a comfortable living regardless of work.

* There will be an imbalance in which jobs are actually done. The number of computer programmers might be higher, but the number of nurses might go way down. If having a nurse is required to make some people comfortable, how do we remedy that?

* "Comfort" in general is a moving target in this process because changing the basic income will have a big effect on the economy. It's hard to say whether you could ever really find a stable value that offers anything resembling "comfort" for those living on it.

dkrich 7 days ago 1 reply      
I think the main problem with this argument that software is eating everything and automation is replacing jobs is that it imagines the world as it is today, with the current set of jobs as fixed. Lest we forget a time when all goods were physical and there were no digital goods. The extent of what can be consumed by technology does have limits. But more than that, we as a society become wealthier, not poorer, when things become faster, cheaper, and easier to produce.

There was a time when people spent nearly half their income on food because food production was an incredibly inefficient process. Eventually much of food processing became automated and advances made it much more plentiful. What had a larger impact on the economy? The millions of people no longer needing to spend valuable time producing food, or the fact that people now had much more disposable income to spend on other things?

grecy 7 days ago 5 replies      
Australia already has essentially this setup. Every person in the country can be paid $492.60 every two weeks ($12,800 yearly) and up to another $121 every two weeks ($3,146 yearly) to help with rent.

Everyone qualifies, forever, irrelevant of past job history, education, family status, etc. etc. There is no time limit for the payments.

The only difference between this and the article, is that if you get a job, whatever you earn is deducted from your payments.

I personally think it does a fantastic job of making sure there is no poverty in the country, and it means Australia has an enormous middle class.

(Link updated)[1] http://www.crikey.com.au/2013/01/16/dole-around-the-world-ho...

khill 7 days ago 7 replies      
Wouldn't the basic income value need to vary across regions? For example, the notion that:

"Every single adult member receives a weekly payment from the state, which is enough to live comfortably on"

would mean a different value in San Francisco than in Grover, NC.

If the government adjusted the basic income to account for regional cost-of-living, I imagine it would be popular to maintain a fake residency in an expensive area while actually living somewhere cheaper.

If the basic income wasn't adjusted for different areas, you would probably see some areas become rich elite enclaves while other areas become basic income ghettos.

brador 8 days ago 5 replies      
With basic income, wouldn't the economy adapt to the fresh money supply and rents and other costs raise to account for it? It would effectivly be additional currency inflation by a different name?
JonSkeptic 7 days ago 3 replies      
The author of this is article is more than a little bit out of touch. To be honest, HN is the only place I have ever even heard people discuss the concept of an Unconditional Basic Income or call Bitcoin a "radical economic ideology". Most people in the US have never even heard of Bitcoin or an Unconditional Basic Income.

The author is so far removed from reality that it's almost humorous. He cites an example where Instagram has apparently replaced Kodak, an example as ignorant as it is misguided. Having known one of Kodak's chief inventors from before the company began its steep decline, it is evident that Kodak collapsed from a series of bad decisions and a failure to secure its territory in IP space. Comparing that to Instagram isn't a comparison of apples to oranges, it's a comparison of oranges to a desk lamp.

I could go on, but there's no need. This article is crap factually, logically, and intellectually. I understand that the title panders to the closely held ideologies of many on these boards, but if you have to look this hard to find arguments for why we're moving toward a UBI, then we're probably not moving toward it at all.

smothers 7 days ago 0 replies      
An interesting repercussion of such a system is the potential for unrestrained creative endeavour. Fear of meeting basic needs will no longer be the primary motivator for most workers. Free to think of and most importantly act on new ideas, our massive population will be able to attempt to function like a distributed network. There will be those who choose to only consume, but that is no different today, many people are simply required to perform a meaningless job in order to do so. I would imagine that the benefit of freeing millions of willing inventors outweighs the drain imposed by all those who only consume. Then again, this only makes sense assuming that most repetitive and "busy" work can be automated.
speeder 8 days ago 8 replies      
And where the money to pay for that will come from? I suspect if you just tax the rich like crazy, they will just move out to somewhere else.
bsbechtel 7 days ago 1 reply      
Arguments like this are completely selling ourselves short on our ability as a species/society to innovate and come up with new ideas that improve our life for everyone. I'm sorry, but it drives me absolutely nuts! Come on guys, are we really saying that we aren't capable of continuing to come up with new ideas and grow them into sustainable businesses that lift a majority of Americans out of poverty?? What a positive, optimistic this author has on our future, not to mention his faith in the capabilities of fellow human beings.

Instead of jumping into many of the circular arguments below of where costs are truly incurred from things such as taxes on the rich and on corporations, let's think of taxation in a different way - as valves controlling where capital flows in our economy. Think of taxes as valves in a hydraulic system or switches/relays in an electrical system. If those valves aren't directing the right amount of electricity or hydraulic oil to the right parts of the system, the entire system stops working. In the same line of thinking, if not enough capital is going to the right places in our economy, our economy slows down and stops working.

So, the question becomes, where do we need to adjust the valves to get the entire system working again? Where can we cut taxes, to give that sector of the economy a boost? It's small businesses, innovators/inventors, and early stage startups. Why? Because if 1 out of every 1,000 businesses started turns into the next Microsoft or GM and employs 100,000 people, then we need 10m people out of work right now/100,000 jobs per Microsoft startup*1,000 startup businesses = 100,000 startups.

There's a reason the first round of capital for starting a company typically comes from friends and family - because it's extremely risky, and those closest to the entrepreneur can make that investment at the lowest risk possible because they have insider knowledge of the entrepreneur's skillset. If we have a disappearing middle class, that means that very first round of capital is disappearing too, because it comes from the middle class, which means 10 years from now, we will have even fewer jobs for the middle class. I'll leave it up to everyone else to debate how we can get more money into the hands of the middle class, but taxing the rich and providing a basic income for everyone is not the answer.

josephlord 7 days ago 0 replies      
I really like the concept (and have for at least a decade and a half). The linked article misses one thing which is that minimum wage legislation can probably be removed too.

What I don't know is actually what the level of the basic income could realistically be at what levels of income tax (I assume that there would be a single flat tax rate for all income additional to the Basic Income).

It would be great to get good statistics of earned/savings income distributions for a few countries and current income tax, capital gains tax and National Insurance takes and build a tool to see what incomes and rates a feasible. I picture being able to adjust basic income and see the effect on the tax rate and vice versa. Ideally you could make the income distribution adjustable so that you could try different scenarios such as the effect of more people doing no work.

I'm not sure how children should be handled in these models either as there are real costs and you don't want child poverty but you don't want to make breeding too profitable which may occur if they attracted the full rate Basic Income.

dgallagher 7 days ago 8 replies      
Every single adult member receives a weekly payment from the state, which is enough to live comfortably on. The only condition is citizenship and/or residency.

Sweet! None of us have to work anymore! Party at my place every night for life!

You get the basic income whether or not youre employed, any wages you earn are additional.

Few, that's a relief. It'll be nice to close all of the school's down and tell kids they can go home, play video games indefinitely, and never have to worry about their future again.

The welfare bureaucracy is largely dismantled. No means testing, no signing on, no bullying young people into stacking shelves for free, no separate state pension.

Down with welfare, up with communism!

Employment law is liberalised, as workers no longer need to fear dismissal.

Hey boss, fuck you! Why? Because fuck you, that's why! What are you going to do about it? Fire me? Ha!

People work for jobs that are available in order to increase their disposable income.

That's cool. Make sure to tax them high enough to pay for all of my house parties.

Large swathes of the economy are replaced by volunteerism, a continuation of the current trend.

Who wants to volunteer to clean my toilet and mow my lawn? Anyone? Even if I say thank you when you're done?

The system would be harder to cheat when theres only a single category of claimant, with no extraordinary allowances.

I can't figure a way to game it either; it's mathematically and economically perfect!

jonnathanson 7 days ago 0 replies      
It's a fascinating idea, and it's a real challenge to market capitalism as we know it in the long run.

But the biggest problem with any such system is unequal need. Need states are stochastic at the individual level. They might appear to be neater and more deterministic at the aggregate level, but a system designed in aggregate is bound to have challenges at the margins. I could easily see this system becoming, essentially, a fixed amount that just shifts everyone's personal needs/income graphs up by X amount a year. Above that point, everyone still needs income to fit any needs not met by X.

An unintended consequence, for example, would be that this system places an extra burden on the disabled, or the parents of multiple children, or the elderly, etc., to take on more work to meet their greater needs. By eliminating need-based welfare and replacing it with a flat payment structure, we'd basically be handwaving away the fact that need states are variable.

It's possible that I'm misunderstanding how this system works. And many of the same arguments I'm making against this system could certainly be leveled against our current system. I guess I'm struggling to see how this system has greater utility and fewer externalities than the current one.

lettergram 7 days ago 5 replies      
I disagree with this article almost entirely. Yes, labor jobs are on the decline, but service jobs are staying steady if not increasing. The "demand for unconditional basic income" is a joke, yes it's possible to attempt to initiate something where every person receives $10,000 a year, but the money has to come from somewhere.

If the money for this basic income comes from taxation, then both the government loses net income and the corporations lose as well. You can think about it an entropy or friction, there is always a cost for doing something. If corporations essentially pay their customers (via the government) to buy their goods the world would eventually collapse.

If the money for basic income comes from printing money (or equivalent) it devalues to insignificant amounts too quick to do virtually anything with it.

This idea is a fantasy, perhaps the population of the world needs to DECREASE to maintain its stability in a technological world. If there are less jobs, maybe there's less need for humans.. If this is the case, perhaps it is time to move to Mars or something, like a cell that has replicated enough DNA/organelles to split in two and create a new daughter cell.

You cannot suitably hold by basic unconditional income. Any college economics class/text book would probably make this much more clearer than I, but the "trends," conclusions and potential sources for the basic income would fall apart under close inspection. For example, if the need for labor decreases, the cost of labor decreases (the net company expense), therefore people may have worse pay, but also the products are cheaper.

The point is basic economic theory define this as an impossibility.

joejohnson 7 days ago 0 replies      
>>>As Jaron Lanier points out, Kodak once provided 140,000 middle class jobs, and in the smouldering ruins of that companys bankruptcy we have Instagram, with 13 employees.

This argument is just plain wrong. Kodak was not replaced by Instagram. Kodak was replaced by Apple and Samsung and a bunch of other asian manufacturers. They have way more than 13 employees.

norswap 8 days ago 2 replies      
Won't the basic income drive prices up to the point where you need to work anyway?
btilly 8 days ago 5 replies      
I've got a twist on this basic idea.

Fund basic income with a large tax on various CO2 producing activities. With the idea that - on average - people can pay this tax out of the basic income received from it. And people will have direct incentives to find ways to reduce CO2 consumption. Then get rid of silly specific legislation that tries to achieve the same goal in less successful ways. Thus fuel efficiency, California's attempts at cap-and-trade, incentives for renewable energy - all should become unnecessary.

klausjensen 7 days ago 0 replies      
We have a light version of this in Denmark. It makes a lot of people not want to work and is the main reason behind why the effective tax is somewhere in the neighborhood of 70%. Pay 45% income tax, 200% car tax (literally - a 10.000USD car costs 30.000USD), pay high property taxes, "green" taxes like on gas - and when that is done, please pay 25% VAT of everything you buy after that.

And you know what? About 80% of the Danish love this system enough to not want to change it. A party suggesting a 40% flat tax is considered extreme in Denmark.

I happen to hate it, but that is just me...

sliverstorm 7 days ago 0 replies      
Every single adult member receives a weekly payment from the state, which is enough to live comfortably on.

Maybe we at least start with "enough to live somewhat uncomfortably on"? That way nobody starves or goes without basic necessities, but still have an incentive to improve their lot- and it isn't that hard, because they are on the cusp of living comfortably.

Another important factor, IMO, is how you index how much the income should be. Do you index it based on where the recipient lives? (I.e. everyone who lives in New York should get enough to live comfortably in New York) Do you index it based on average nationwide cost of living? Personally I'd be inclined to the latter.

MartinCron 7 days ago 0 replies      
Friendly reminder: People work for all sorts of reasons, having enough money to not starve is just one of them.

What's the first question people ask you when they meet you? In this country, it's usually "what do you do?"

I'm just as OK with people being motivated to work by status or prestige or ego societal pressure as they are by the threat of financial ruin.

conanbatt 7 days ago 0 replies      
I actually think Argentina would be a great place to impose basic income.

Argentina has a long time standing issue with 'welfare' programs being abused in corruptive ways, such as government employees cashing in, their relatives, etc.

Middle class despises the way those funds are used because they are not regulated or productive: as a foreign national, you could get welfare within 6 months of moving in to argentina. Plus free college education.

Also, argentina has a long-time standing issue with inflation, which in this case could be worked to its benefit, which is it can fund this strategy.Currently, the government uses welfare programs to target vulnerable sectors and generate dependency, but if everyone got it, they wouldnt have that kind of edge anymore, and if they wanted to better one sector, they would be forced to help every sector.

But i will still think that although basic income is very forward-thinking, it has veery unforeseen consequences. We dont know what is going to happen to a city or a country if such a thing is implemented, for better or worse, in terms of sociology, more than economics.

I also wonder how to actually make it practical. By basic supply and demand, this should create a strong increase in demand, which raises prices and the very basic income would then become less effective.

jeffasinger 7 days ago 1 reply      
One worry I have with Basic Income discussion is that what most people think the minimum required just to live is very high, which frames the discussion wrong.

Basic Income probably shouldn't cover much beyond rent in cheap, shared accommodation, heat and some electric, and groceries, and healthcare, if that is provided separately.

aneth4 7 days ago 2 replies      
I agree that a basic income may be the best solution to the decline in demand for labor. And I consider myself economically conservative. There is still much to be learned about the societal effect. Its something we need to consider as an alternative to social upheaval.

However other parts of this article concern me, in particular:"Employment law is liberalised, as workers no longer need to fear dismissal."Employment laws should be entirely at will in such a system. Workers should fear dismissal. And after all, they have a basic income to fall back on.

Combining basic income with "liberal" employment law would be a disaster.

unclebucknasty 7 days ago 0 replies      
>"...wealth creation will increasingly be confined to those with capital, and things start to follow a Marxist logic. The middle classes (and their elected representatives) will not let that happen."

In the absence of real campaign finance reform, is the middle class really that empowered to "not let this happen" through their elected representatives? Those representatives, after all, are currently much more beholden to their financial masters--the corporations and its wealthier beneficiaries (executives, prominent shareholders) which provide large campaign donations.

Not that it can't change. There are just a lot of steps between here and there.

axuaq 7 days ago 3 replies      
Can we come up with a solution that doesn't strong-arm workers into keeping society's dead weight around? Why make sure that every non-worker in society has enough money to eat McDonalds and watch cable TV at the cost of the freedom of everyone to make and spend money as they please?
Mizza 7 days ago 0 replies      
Very excited to see more and more discussion around this concept - I think Universal Basic Income should be a goal for humanity in the 21st century.
aidenn0 7 days ago 0 replies      
The single biggest issue with BI is that there is some fraction of the population that will fritter it away and starve.

Most people proposing BI are economic liberals so have the point of view "If we gave them enough money to live off of and they wasted it, it's no longer our problem" but that doesn't sit will with the rest of the population that aren't economic liberals.

Even if you buy into that view, you still have to deal with the increased crime from starving desperate people; it costs a lot more than $10k per year to keep someone incarcerated, so inevitably non-violent offenders will be paroled only to offend again.

[edit] Perhaps those downvoting me could let me know why? I'd like to know how my comment detracts from the conversation on this article.

jchrisa 7 days ago 0 replies      
Obligatory link to "What's Wrong with a Free Lunch" a short synopsis of the main arguments and responses of people against basic income. http://www.amazon.com/Whats-Wrong-Lunch-Democracy-Forum/dp/0...
csomar 7 days ago 0 replies      
We could start by getting corporations to pay their taxes. As I mentioned above, corporate profit margins have hit an all time high, and that money will circulate far faster if its placed in the hands of consumers.

This is very wrong when you think about large scale. The model simply can't work when you apply it to all the population. Think about the point when it'll break.

There is no free money. Giving money to someone by taxing someone else, is not a stable equation. This will create a tension between those who produce and those who consumes. Corporations will move to States/Countries with better tax schemes.

My strategy is simpler: Liberalize everything. Everybody pays for his own consumption; and shared resources are paid by people equally. There should be no taxes, and also no subventions. That means people pays for the gov. bills equally.

Well, but that's only on my perfect world view.

dorkrawk 7 days ago 2 replies      
What happens if I squander my basic income on something frivolous and I can't get a job? Wouldn't there still need to be social programs to prevent people who fuck up from just starving to death? How would a basic income coexist with current systems of debt?

Could this exist without VAST healthcare reform? What happens when people get (expensively) sick?

Who gets a basic income? Every citizen over 18? Every non dependent? Isn't a basic income for someone with 5 kids fundamentally different than a single person? Wouldn't a basic income even in the same state be vastly different (say Chicago vs Urbana in Illinois)?

This is certainly an interesting idea and I'm interested in people's thoughts on these and other details.

marc0 7 days ago 1 reply      
Just imagine what one could do with one's life, backed by an unconditional income! One could strip off parts of the daily worries; one could try out more things; one could develop ideas, big ideas, without having to fear that a possible failure risks your and your family's lives.

Today, only very few people with a solid financial background can afford to work on big ideas. What a waste! Think of all those geniuses out there who can't just afford to take the time to read a book because they have to work so hard to feed their families!

I also want to argue, that merely the knowledge that you can't completely fail in your working life will cause a huge benefit for public health, physical and mental. I would bet that many diseases would just disappear, due to the lowering of the general distress level.

joshuaellinger 8 days ago 5 replies      
It misses the fact that work is fulfilling for (most) people.

I've heard talk of the government being the employer of last resort, which has its own problems. But just paying people to breath has problems as well.

washedup 7 days ago 0 replies      
I disagree with the first couple facets of the new system definitions:

"Every single adult member receives a weekly payment from the state, which is enough to live comfortably on. The only condition is citizenship and/or residency."- This is a government.

"You get the basic income whether or not youre employed, any wages you earn are additional."- This is welfare.

"The welfare bureaucracy is largely dismantled. No means testing, no signing on, no bullying young people into stacking shelves for free, no separate state pension."- So a government run welfare program to replace the welfare bureaucracy. Doesn't sound to radical, in fact, it sounds the same.

"The system would be harder to cheat when theres only a single category of claimant, with no extraordinary allowances."- Some one can always cheat the system, and there will always be extraordinary allowances because there are people in the system whose desire is for those things. Opportunism has always been a part of evolution. Sure we don't "need" it

medell 7 days ago 0 replies      
Read NPR's beautiful article "UNFIT FOR WORK - The startling rise of disability in America" if you're not convinced on the costs of the current system and how people cheat it.http://apps.npr.org/unfit-for-work/
yaddayadda 7 days ago 1 reply      
I find it interesting that the author mentions BitCoin early on, but then never addresses how an Unconditional Basic Income would work if corporations switched to BitCoin or other anonymous, decentralized monetary system.

In concept, I'm a firm proponent of a Unconditional Basic Income/Guaranteed Minimum Income/Negative Income Tax, but I think BitCoin is going to be a prohibitive cog in the financial wheel.

drakeandrews 7 days ago 0 replies      
The big issue with UBI entirely replacing the welfare system is that it ignores those who require more money due to disabilities. Person X can subsist on Y/week, but person Z needs fooprazatine which costs a non-negligable quantity of Y (there are also other, more nuanced scenarios but drugs come to mind first). Of course there are ways around it and medical benefit fraud is already incredibly low (it's hard to fake that you need a carer or an expensive regimen of drugs (painkillers notwithstanding)).
baltcode 7 days ago 0 replies      
This will be another nail in the coffin for the rights of those who are already neglected[1] in the current system : stateless people, and unpopular minorities who can be made stateless.

1. The neglected non-citizen: statelessness and liberal political theory. http://www.tandfonline.com/doi/abs/10.1080/17449626.2011.558...

dannypgh 7 days ago 0 replies      
I think it would make a lot of sense to have a BI and to also double-down in R&D to improve all levels of understanding and capabilities in the fields of AI and robotics. The protestant work ethic is deeply engrained in this society, but perhaps now we should be thinking in terms of "how do we free as many people as possible for pursuits they haven't yet found" -- and investing heavily in removing jobs that the most hours are worked in.

The necessary investment in all levels and types of STEM would be huge, and the result would be tons of technology that can be used to replace current work. To prevent the technology from simply being used to make a very small number of people rich, vast amounts (if not all) of the research should be released as free & open source technology. I do admit however that FOSS is not a pancea to address concerns of excessive wealth concentration - and taxes will continue to play that role.

In a sense, the wealth created by the increases in automation will be captured back in the form of taxes, and use to fund additional investment in automation as well as a basic income to sustain all the residents of the society which decided that it was worthwhile to try to abolish work, instead of continuing to fetishize it as a moral obligation.

jeena 7 days ago 0 replies      
Shouldn't we also kind of tax machine work and not only human work?
mikeurbanski 7 days ago 0 replies      
My favorite quote about this comes from Douglas Rushkoff:

"Our problem is not that we don't have enough stuff -- it's that we don't have enough ways for people to work and prove that they deserve this stuff."

Are jobs obsolete?: http://www.cnn.com/2011/OPINION/09/07/rushkoff.jobs.obsolete...

mathattack 7 days ago 0 replies      
I like this conceptually, but where you set that wage is the tricky part. If most folks don't have to work, most won't. Less people to tax too. That will in turn cause inflation, as there's less supply of goods. Then you'd have to increase the wage to follow suit.

To get any kind of equilibrium that preserves an incentive to work, you'd need that universal payment to be fairly low. This isn't to say, "Don't do it" - it's just to be careful with it.

trg2 7 days ago 0 replies      
This was really an incredible writeup, and I personally can agree with many of the long term trends. Loved the Dan Pink citation as well.
stefantalpalaru 7 days ago 0 replies      
Here's an in-depth analysis in the form of a documentary[1] (German audio, English subtitles).

[1]: http://www.filmsforaction.org/watch/the_basic_income_2008/

brettinlj 7 days ago 0 replies      
Regarding this quote: "Ive lived in a country that had a period of 'full employment' and now has 14% unemployment, and I dont see how anyone can be so misanthropic to claim that those 14% of people just got lazier."

I hesitate to take someone's radical economic ideas too seriously if they either can't do math or does not know the econ 101 definition of "full employment".

codex 7 days ago 0 replies      
From each according to his ability, to each according to his need.
anExcitedBeast 7 days ago 0 replies      
Nothing about this would work.

Significantly fewer corporations with a drastically smaller workforce paying greatly increased tax rates with a substantially weaker dollar to benefit an unthinkably higher quantity of citizens? I assume we still want to keep our military, education, and surveillance programs funded, too.

It simply does not math.

tocomment 7 days ago 2 replies      
I read this thread his morning and I'm having a really difficult time figuring out how the discussion has changed since then. Which comments are new? Which comments are valuable?

Does anyone else have this problem on HN? Any solutions?

diydsp 7 days ago 1 reply      
Ok, yes to: "towards" and "trends." However, not "forces" the bring us "all the way to."

OP misses the point that even though I am listening to free electronica on youtube right now...

1. It was once sold for money by its creators 2. Its creators tolerate it being given away for free in order to develop their reputations and bring in an income through performance and sales. This an example of symbiotic capitalism, not volunteer work.3. My listening is driving ad revenue for google.

So it's not really free out of the goodness of the creator's heart. It's free +to me right now+, b/c atm I'm not currently in its "for-pay whirlpool." Advertisers, clubs and music afficiandos are in its for-pay whirlpool.

Finally. OP claims "we are motivated by autonomy, mastery, and purpose, but not money." This is only true for a small cluster of artisans.

antitrust 7 days ago 4 replies      
The problem with unconditional basic income is that there's no incentive to do anything beyond the minimum.

Like most utopian plans, this idea relies on the belief that humans will get up and do things in large numbers.

We can't even get them to voluntarily recycle and quit beating their kids.

MattyRad 7 days ago 1 reply      
While I think this article makes some sweeping generalizations and assumptions, the question it poses is what's important. If we as programmers continue to automate the world (as is our job), and as previous jobs therein are rendered unnecessary, how does one reallocate the workforce? Is the workforce unnecessary at that point?
mikekij 7 days ago 4 replies      
Do you have any idea how many people would just not work, sit at home, watch TV, and collect their BI check?
hosh 7 days ago 0 replies      
I think it would be better to focus on lowering the cost of living (approaching zero) than to provide an unconditional basic income.
h0w412d 7 days ago 1 reply      
There was an experiment with this called Mincome in Canada. They found that the only two groups of people who worked less were new moms and teenagers. https://en.wikipedia.org/wiki/Mincome
kemofo 6 days ago 0 replies      
Taxes reward those who don't produce and punish those who do produce. But, taxes are the price of living in an organized society. Also, there is no such thing as a free lunch.

Money isn't the problem, it's a lack of education about how money work that is the real problem. If you give poor or lazy people money it'll just find it's way back into the pockets of people who understand how money works (the rich).Even if we take everything from the rich, they'll just get it back because the average person, with no financial education, is incapable of preserving or creating wealth.

blackaspen 8 days ago 0 replies      
For all of these "Trends" that seem to "push us towards an unconditional basic income" I'm sure there are stronger "Real Quantified Trends" that push us in the opposite direction.
iheart2code 7 days ago 2 replies      
How would a system like this scale to different regions? I can see this working in a smaller country, not the US. I would need a much larger subsistence wage to survive in the SF bay area than I would in most other places in the country. And if certain (already overcrowded) regions are allowed larger wages, you'd probably see people flocking there for the increased wages. I can also see this placing strain on the system for the first few decades if people decide to have more children, since both parents don't need to work anymore.
Balgair 7 days ago 1 reply      
If money is any object or record that is generally accepted as payment for goods and services and repayment of debts in a given socio-economic context or country,( https://en.wikipedia.org/wiki/Money ) then what are persons who receive this money paying? What changes hands? The state gives Chad cash and he gives them what in return? Is a minimum income even money anymore?
justncase80 7 days ago 0 replies      
This reminds me of "For Us, The Living", by Robert Heinlein. Where he discusses a very similar society and explains the economics of how it might work:http://www.amazon.com/For-Us-The-Living-Customs/dp/074349154...
forgotAgain 7 days ago 1 reply      
But then we'd all have to die at thirty.
pieterhg 7 days ago 2 replies      
Can somebody explain to me how basic income can work in terms of the cycle of spending? If companies have to pay for all of people's income through a taxable percentage of their income, then these companies will only receive a share of that amount back through consumer spending? So the economy will shrink in a vicious cycle, right?
deweller 7 days ago 0 replies      
This will not happen in the United States of America in our lifetime.
ezxs 7 days ago 2 replies      
Russians tried it with USSR. Every time new technology is introduced everyone gets scared that jobs go away. Over time the level of service and innovation requirements go up providing more jobs for those that adapt. Such as life. Don't make the world what its not. It most likely won't work. :-)
sbhere 7 days ago 1 reply      
> - You get the basic income whether or not youre employed, any wages you earn are additional.>> - The welfare bureaucracy is largely dismantled. No means testing, no signing on, no bullying young people into stacking shelves for free, no separate state pension.


skndstry 7 days ago 0 replies      
In Switzerland there are over 100'000 people that support the idea, which means the public gets to vote on it in the next 2-3 years.


typorrhea 7 days ago 1 reply      
What is the advantage of doing this in terms of "income" and "currency" rather than in terms of "rations" and "allotments"? Is it a purely rhetorical difference?
adventured 7 days ago 0 replies      
100 million * $20,000 = $2 trillion

No matter how you shake around the minimum income scales, you'll end up near those types of massive figures.

That's $2 trillion dollars that doesn't exist right now and would have to be magically conjured up. And I suspect a comfortable wage would need to be higher than $20,000. I think the financial disaster of this arrangement would be closer to $3 trillion.

It's mathematically impossible.

blacktulip 7 days ago 2 replies      
So Communism wins
mk3 7 days ago 0 replies      
Worthless blabber. Giving people good social guarantees leads to more people unwilling to work. If you want examples take a look to Norway.Also another dumb question how the hell this article ended up in frontpage of Hacker News in first place?
COOLIO5676 7 days ago 1 reply      
My vote goes toward less hours, and higher wages. it's another way of solving the same issues. Everyone could work half as much, for twice as much, and you still double employment.
cpursley 8 days ago 3 replies      
Please keep the do-gooder central planning away from my bank account. Thanks.
Show HN: I hacked my microwave with a Raspberry Pi madebynathan.com
407 points by nathan_f77  8 days ago   110 comments top 31
edent 8 days ago 1 reply      
Brilliant! Having suffered an expensive microwave with a dreadful UI - I love this concept.
ianterrell 7 days ago 0 replies      
> Can use a barcode scanner to look up cooking instructions from an online database

> There weren't any online microwave cooking databases around, so I made one


negativity 8 days ago 7 replies      
There are 4 really bad ideas from the article:

  1. Clock is automatically updated from the internet  2. The microwave has a web page so you can control it      from your phone (why not), and set up cooking      instructions for products  3. Tweets after it's finished cooking something   4. Can be controlled with voice commands       ...not that bad, but subject to pranks and false positive             microwave commands, from people in the same room
This is all REALLY bad from a safety perspective. Exposing household appliances to the wilds of the internet is all kinds of dangerous. You shouldn't advertise that this is a good idea, and leave readers with the assumption that maybe it's password protected or maybe not (it is: http://www.microwavecookingdb.com/products/new?upc=871100027...), or maybe it's wrapped up in TLS/SSL and maybe not (it's not: http://www.microwavecookingdb.com/users/sign_in). Is the internet control framework just security by obscurity, operated by arbitrarily obscure URL parameters? Who knows? Maybe? (here's the code: https://github.com/ndbroadbent/raspberry_picrowave) I mean, yeah it's just a DIY project, but immediately, I see some opportunities to wreak havoc.

First of all, it's not merely polling an internet time server, but that's one port exposed to the internet, that anybody can just start dumping malicious payloads on. Second, and worst, it can be switched on from the internet. Third, it gives feedback that can be accessed by the entire internet, tells the internet what it is, and what it's doing, right now in real time, allowing an attacker to monitor the success of malicious efforts. This way, you'll know as soon as you're able to send a command to power up the microwave for one second, to test and prove the ability to control it.

People will attack these kinds of openings, just for the sheer amusement of running up a total stranger's electric bill, nevermind start a fire. This article seems relatively smart and competent, and so maybe we should ASSUME that proper security exists?

This is the kind of design inspiration that's going to encourage some other engineer (or worse, an MBA in charge of some stupid startup) to go out and expose the electric grid to twitter with some poorly tested SCADA system, and on a dark, stormy night, in the far flung future, I'm going to be eating cold beans from a can, in the dark, because of it.

andor 8 days ago 1 reply      
These guys are building a machine that can cook recipes from fresh ingredients:


joshfraser 7 days ago 2 replies      
Before you think about opening up your own microwave, you should know that microwaves contain high voltage capacitors that will seriously shock or kill you even when they are unplugged. I knew a guy who got thrown across the room and was in serious condition for months. He didn't even touch anything, but he was wearing a wedding band and his hand got too close. Microwaves are serious business.

That said, I HATE the UI on my microwave & would love to fix it. Do people really eat that much popcorn that it deserves it's own button??? For me, I want exactly 3 controls: a time wheel, power up/down & a start button. Hit start for a quick minute, twice for 2 minutes, etc.

pbharrin 8 days ago 2 replies      
This is a great idea. One thing I would like to point out is that microwaves come in different power levels. A large one may be 1200W while a small dorm microwave may be 750W. The cooking instructions in your database will need to account for this.
lucb1e 8 days ago 0 replies      
Amazing, wish I could do things like this. I bet if this was made by a common microwave manufacturer, it'd be advertised as the microwave of the future and cost $3500!
homosaur 8 days ago 2 replies      
Missed opportunity to use phrase "Raspberry Picrowave"
chiph 8 days ago 1 reply      
I like the new control pad definitions.

One of the problems I have with GE microwaves is that the number pad isn't always for entering time - if you touch "2" in preparation for entering 20 seconds, you get programmed time #2. Unless you hit the "Time" button first... Bad design, General Electric.

brizzle 7 days ago 0 replies      
Very cool project, but I would imagine that an internet connected microwave might result in these headlines:

"Apartment complex burnt to the ground by toddler with iPad"

"Chinese hackers crash US power grid using Microwave exploit"

NFC or Bluetooth control might be better suited for this than full web connectivity.

brokentone 8 days ago 1 reply      
Great project! I would have suggested FoodEssential's API for preparation instructions (ran into them at SXSW, seem really cool), but they don't have prep, only ingredients and nutritional data.http://developer.foodessentials.com/
gridspy 7 days ago 0 replies      
This was a fantastic article and a wonderfully complete software and hardware task spanning many disciplines. Nathan's done a great job on this. I'd love to hire him.

Circuit design, soldering, graphic design, firmware and even a standalone website.

If you've worked on electronics and software projects like this please give me a call (details at http://gridspy.com) because we need you.

JD557 8 days ago 2 replies      
Very nice project.

One thing that it seems to miss (that all microwaves that I know miss) and that would probably be very easy to implement is a mute button for late night snacks.

nkozyra 8 days ago 2 replies      
A lot of fun, but one of the primary issues with smart appliances is you end up having to physically interact with them anyway. It's almost more of a hassle to physically load up the microwave, give a voice command and then physically open and remove what you cooked then to just do the whole thing right there.

The Jetsons-eque toaster oven still requires you to put the bread in.

kalleboo 7 days ago 0 replies      
I'm surprised there's still so much manual entry going on for people with microwaves. I guess my needs are much simpler than for most. 70% of my microwave needs are met by just pressing the "Heat/Start" button and letting the microwave auto-heat to 75 C. 20% are met by just pressing "Defrost" then "Heat/Start". It's quite rare I actually need to set the time manually (it's basically only for popcorn...)
JonnieCache 8 days ago 2 replies      
Another consumer tech suggestion culled from reddit: my TV should have a button on the side which causes the remote to emit some kind of noise so I can find it.
DigitalSea 7 days ago 0 replies      
Being able to scan a barcode and know how long food should be cooked for? It just makes sense and I wonder why it hasn't been thought of before. I think this is a genius hack and definitely the scanning of a barcode for cooking times makes sense, this guy should definitely pitch it to the likes of Samsung.
lessnonymous 7 days ago 0 replies      
This is an awesome project. But by far this is the most amazing and innovative part of the article:

> If cooking instructions are posted for a 1000W microwave, you can request the instructions for a 700W microwave, and the cooking times will be automatically adjusted

Arnor 8 days ago 1 reply      
If you're not planning on marketing this, please share your process. I'd love to give this a try (if I can get my wife's permission... crosses fingers)!
ddunkin 7 days ago 0 replies      
Don't you have to get up and stir every once in a while?
thechut 8 days ago 0 replies      
Awesome job! This goes above and beyond for a 'hack'. You should have it upload cooking data to Xively so you can keep track of what you cooked over time.
samweinberg 7 days ago 0 replies      
I saw the post that inspired this project on /r/CrazyIdeas too. Very cool to see how you've implemented the idea! If I ever get my hands on a Raspberry Pi, I'm going to have to try this.
jsingleton 8 days ago 0 replies      
This is fantastic. I love how the Raspberry Pi is getting used in hardware hacking so much. It's ideal for it.

So far my efforts have been limited to hacking electricity and gas meters but this microwave is much more complex. I gave a talk on this last night at the HN London meetup. Slides will be online at http://unop.co.uk/dev/raspberry-pi-electricity-monitor/ soon. The videos will be online soon too I hope.

gigq 8 days ago 1 reply      
Unfortunately this idea was patented 13 years ago:


Makes you realize why there are no commercial implementations of this and why patents are terrible.

Yuioup 7 days ago 1 reply      
See you CAN run Linux on a microwave. If only somebody can get it to run on a toaster...
mrdiran 8 days ago 1 reply      
Thank you for this! It's about time someone disrupted the microwave.
post_break 6 days ago 0 replies      
This has to be the coolest use for a Raspberry Pi I've ever seen. I honestly wish I had the skills to make this happen.
afs35mm 7 days ago 0 replies      
Interesting that the redesigned touchpad was designed (subconsciously?) taking cues from bootcamp css...
angrydev 8 days ago 0 replies      
Really great project, and well documented too!
septerr 7 days ago 0 replies      
mfraggs 8 days ago 0 replies      
Email exchange between Edward Snowden and former GOP Senator Gordon Humphrey guardian.co.uk
402 points by piratebroadcast  2 days ago   214 comments top 20
pvnick 2 days ago 8 replies      
"Further, no intelligence service - not even our own - has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).

You may rest easy knowing I cannot be coerced into revealing that information, even under torture."

I am very interested to hear some of his anti-intelligence efforts. I assume he's either talking about the Defense Intelligence Agency [1], or that this is a typo for CIA?

Also, everytime I hear from Snowden, I can't help but "fist pump" and cheer for the guy.

[1] http://www.dia.mil/

tokenadult 2 days ago 18 replies      
It's always interesting to me that as a new statement from Snowden to the press comes out, most comments on Hacker News take him totally at his word, and assume that his interpretation of events and policy is by far the interpretation most likely to be true. Because I was already past Snowden's current age and current experience level in living in other countries by the time Snowden was born, I see a lot of holes and a lot of callow bravado in much of what he is saying. I hope he is correct that the information that he claims to have extracted from NSA servers cannot be extracted from him against his will, but I don't assume that to be true in the absence of evidence. That's an extraordinary claim, so it requires extraordinary evidence. Some aspects of Snowden's story do NOT look like a thoughtful plan to defend freedom and fair play around the world, but rather a haphazard rash move by Snowden to see what he can get away with. The high degree of cooperation many countries appear to be giving the United States so far in efforts to have Snowden return to the United States for legal proceedings suggests that quite a few experienced national leaders with very different constituencies to represent agree that there is more harm in Snowden being on the loose than in his standing trial to weigh his claims against United States law.

P.S. Remember, I was one of the rather few HN members to go out in public to protest the NSA on Restore the Fourth evening here in the United States. I can be appalled by some of what I read about the NSA without agreeing that Snowden is taking the best approach to doing something about that.

diminoten 2 days ago 0 replies      
Everyone's focusing on the fact that Snowden claims he is torture-proof, when in reality he never said that. He said that he "cannot" be tortured into revealing information he is protecting.

For example, Glenn Greenwald may hold a private key which must be used IN CONJUNCTION with Snowden's key to decrypt the information Snowden has. It's possible/probable that Snowden does not have access to the secrets he protects without Greenwald's key, as well as possibly many other keys. He may have a network of people he's made part of the group such that any two of them plus Snowden can decrypt the information, but Snowden himself can't without two keys plus his own, and he could make it such that his key is required in the group of three to decrypt. Hopefully someone else here can provide the name for this kind of encryption (something like n-key encryption, it's escaping me currently) and a link to how it works, but this is all very sound and entirely doable from a math standpoint.

So no, Snowden himself isn't torture proof, but his security is, if he's doing something like what I outlined above. They'd have to go after Glenn Greenwald too, or whoever else is involved, before gaining access to the intel.

Edit:This link[3] might explain it slightly better, but I once read a great primer on the topic, filled with examples and was pretty simple to understand (the layman could grasp at least the concept). I'll add more links as I find more info.

[1] http://en.wikipedia.org/wiki/Secure_multi-party_computation

[2] http://www.iacr.org/archive/eurocrypt2001/20450279.pdf

[3] http://en.wikipedia.org/wiki/Threshold_cryptosystem

[4] http://www.tcs.hut.fi/Studies/T-79.159/2004/slides/L9.pdf

[5] https://www.cs.cornell.edu/courses/CS5430/2013sp/L.SecretSha...

(thanks ##crypto for the help!)

Osmium 2 days ago 5 replies      
Completely off-topic, but oh-my-god if the Guardian mobile website doesn't look so much better on a desktop browser than their non-mobile website... I thought they'd had a redesign for a moment.
grey-area 2 days ago 0 replies      
What I find interesting here is that a former Senator is commending a dissident from the United States and wishing him good luck in evading the government and seeking asylum from the US.

Lots of respect for Senator Gordon Humphrey for speaking out with what will be a very unpopular opinion in Washington. I'd like to hear the same from UK politicians past or present on Tempora, but have heard nothing of consequence from any of them.

brown9-2 2 days ago 1 reply      
As Joshua Foust points out, Snowden gave some info to Der Spiegel that they chose not to publish which seems to conflict with some of the "no harm" statements here:

SPIEGEL has decided not to publish details it has seen about secret operations that could endanger the lives of NSA workers. Nor is it publishing the related internal code words. However, this does not apply to information about the general surveillance of communications. They dont endanger any human lives they simply describe a system whose dimensions go beyond the imaginable.


The Guardian and Washington Post also decided to not publish the majority of the Prism slides for similar national security reasons, even though Snowden's initial push was to have them all published (and almost immediately after receipt by the Guardian and WaPo).

btbuildem 2 days ago 2 replies      
"identify, remove from office and bring to justice those officials who have abused power"

This, here, is the crux of the matter. Drag into the light the parasites that consume the living flesh of this society.

mrt0mat0 2 days ago 2 replies      
Edward Snowden makes me proud of my country, and the people that fight for it. But he also makes me ashamed of my Government and the people that hide behind it.
vijayboyapati 2 days ago 1 reply      
This young man is an American hero
6d0debc071 23 hours ago 0 replies      
"Further, no intelligence service - not even our own - has the capacity to compromise the secrets I continue to protect."

I currently suspect this to be false or a straight up lie:



"Snowden, a former systems administrator for the National Security Agency in Hawaii, took thousands of documents from the agencys networks before fleeing to Hong Kong in late May, where he passed them to Guardian columnist Glenn Greenwald and documentary filmmaker Laura Poitras. The journalists have handled them with great caution. A story in the German publication Der Spiegal, co-bylined by Poitras, claims the documents include information that could endanger the lives of NSA workers, and an Associated Press interview with Greenwald this last weekend asserts that they include blueprints for the NSAs surveillance systems that would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it.

But Snowden also reportedly passed encrypted copies of his cache to a number of third parties who have a non-journalistic mission: If Snowden should suffer a mysterious, fatal accident, these parties will find themselves in possession of the decryption key, and they can publish the documents to the world."


From the sound of it, you can compromise him by expedient of killing him.

antocv 2 days ago 0 replies      
I will just leave this here as an encouragement for anyone to write to their representatives, media, journalists and mention this in debates about this issue.

> remove from office and bring to justice those officials who have abused power, seriously and repeatedly violating the Constitution of the United States and the rights of millions of unsuspecting citizens.

This is what we should be focusing on and now Snowdens character, his this and that, I and many with me are tired of celebrity-culture and gossip around him.

Lets talk about the US officials, NSA higher-ups who must be removed from office, put on trail or investigation and lets get those companies Google, Facebook accountable.

Anyone know who the NSA high-ups are, names? We know companies CEOs, lets put them under the spotlight instead of Snowden, what did they know? When, how come they did not know, where they coerced or fooled into it? Do they deserve to continue being CEO when such grave mistakes happen under their watch?

capnrefsmmat 2 days ago 3 replies      
The most interesting part of this is the following paragraphs from Snowden:

Further, no intelligence service - not even our own - has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).

You may rest easy knowing I cannot be coerced into revealing that information, even under torture.

While he may be overconfident (it's easy to say you can resist torture, at least until you're tortured), this shoots down the unverified claims that the Chinese or Russians could easily already have copies of his data. Not unless he's willingly handed it over or he's much less competent than his data theft would suggest.

rodolphoarruda 2 days ago 1 reply      
"...one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China)."

Interesting. Is it from a technical/IT standpoint or more of a "social engineering" one? Or a bit of both? That's a genuine question because I really don't know how feasible this type of work could be when done from within the US.

MikeCapone 2 days ago 1 reply      
Sometimes I wonder if the intelligence community doesn't have people who's sole job is to write comments on websites/forums to help shape public opinion. It would be something fairly trivial for them to do and help further their interests...
pbreit 2 days ago 1 reply      
Can anyone provide some concrete examples about how the NSA, using the tools that many of us would rather they not, "keeps us safe"?

Are there specific incidents that have been avoided (that wouldn't have otherwise)? Is it just that we are generally "safer"?

outworlder 2 days ago 0 replies      
> " While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China)."

Mr. Snowden has come a long way from "just a sysadmin". It appears people were trying to downplay the role he had in his line of duty.

2na 2 days ago 1 reply      
This is like a dialogue from a spy movie, the good guy is on the run trying to save his country, while this very nation is hunting him down.

I think Wesley Snipes plays the good guy! :-)

Jokes aside I salute Snowden, he's doing a very very brave thing.We should come up with a hacker salute for his cause.

scorpionian 2 days ago 0 replies      
I thought he said in the conference with WikiLeake staffer that he has shared everything he knows. Now in the email he is talking about protecting more information. Now I am confuse.
mathattack 2 days ago 0 replies      
I just wish this wouldn't be such a politically partisan issue.
e3pi 2 days ago 0 replies      
>I hope he is correct that the information that he claims to have extracted from NSA servers cannot be extracted from him against his will, but I don't assume that to be true in the absence of evidence. That's an extraordinary claim, so it requires extraordinary evidence.

>... an extraordinary claim, so it requires extraordinary evidence,


"Normally ciphertexts decrypt to a single plaintext and hence once decrypted, the encryption user cannot claim that he encrypted a different message. Deniable encryption allows its users to decrypt the ciphertext to produce a different (innocuous but plausible) plaintext(s) and insist that it is what they encrypted. The holder of the ciphertext will not have the means to differentiate between the true plaintext, and the bogus-claim plaintext(s)."



"Secret sharing (also called secret splitting) refers to methods for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number, of possibly different types, of shares are combined together; individual shares are of no use on their own."


Let the shared secret be deniable-crypto plaintexts. Threshold T sharers may release plaintext_1 while ignorant of a different sharer subset intersection may release a different plaintext_n, benign or otherwise, for example.

At another level of deniability, Snowden may also not even know the current identities or nos of secret sharers participating.

Enough with the JavaScript already slideshare.net
386 points by gulbrandr  4 days ago   221 comments top 47
hrktb 4 days ago 3 replies      
Before "js everything", it wasn't just a plain simple pure web. It was flash and gifs and "dynamic html" that would break in half of the browsers, and you'd show a special version of your site saying "we're not paid enough to support your browser, go get another one".

Clients never were reasonnable in their demands, nor did most of the site owner have good and simple tastes and care about efficiency, nor did half of the internet care about user experience first above everything else.

Saying that the use of js has because heavy handed is cool and fun, but for any serious discussion there should be more acknowledgment of why we are in this situation in the first place. I'm not sure it's so much worse than 5 years before, at least we can read most things on mobile devices.

As a side point, I've done project on ultra weak platforms were every js had to be hand written to gain speed and memory space. I wouldn't try to do the same on some cookie cutter corporate site with a 600k slideshow loading on the front page, where having easily replacable components and tried and true pieces to test on the 20 combinations of browsers is far more critical that cutting 20k of compressed script.

ebbv 4 days ago 6 replies      
JavaScript is a tool. Once it becomes trendy idiots will always abuse a tool. It's not JavaScript's fault people are bad at web design and development. If it wasn't fucked up JavaScript these people were contacting you about it'd be something else, be glad you have a job.
krosaen 4 days ago 2 replies      
It's not really an either or thing. You can go too far with client side rendering. But progressive enhancement can only bring you so far in delivering an interactive experience - it's typical that his example is a simple tabs implementation - of course that's easy to do without much js.

That's why I like knockoutjs - it makes it easier to sprinkle in the data-bound rich interactive UI to the pieces of your page that need it and leave the rest as normal server side rendered content. It doesn't force you to go whole hog client side.

One key area of performance where js rendered UI helps a lot is in customizing an otherwise uniformly served (and cached) page. 95% of the page is uniform to everybody, so render that server side and cache the heck out of it (varnish or whatever). Then, bind the pieces of the UI after page load and customize them based on the user - their login status, their location, etc.

jrochkind1 4 days ago 0 replies      
Another presentation making similar conclusions, but with different arguments, that I recently saw on reddit (not sure if it made it to HN).



(back to me...)

I wonder if the pendulum is finally swinging back, to working with the affordances of the web, instead of fighting them. I hope so.

This might have an interesting relationship to the rise of mobile. It's still not possible to rival native apps with HTML apps on mobile (a controversial assertion, but one that is 'trending' too) -- so if you ARE building a web app, you've got to actually have reasons to prefer web apps. Even if that's just cost/speed of development. But if you've actually chosen to build a web app, maybe you're more likely to want to work within the web instead of fighting it. If you don't like the architecture of the web, you could have just written a native app instead.

steveklabnik 3 days ago 1 reply      
I don't know if I should laugh or cry: I had to temporarily disable NoScript for both slideshare.net and slidesharecdn.net to read these slides.
weixiyen 4 days ago 2 replies      
2013 - I stopped paying attention to every new framework or MV-whatever that comes out. What matters is the product and end user experience, and every single decision on how to go about making that product should be made with that thought in mind.

For me, it's not even javascript anymore. Objective-C and Java rule 2013 since web apps are not as pleasant to use on mobile.

kenster07 3 days ago 4 replies      
One can do a great many things with disciplined Javascript, and I shudder to think what Twitter was trying to do on their front-end that caused a 5x increase in load time compared to server-side template-rendering.

That being said, I would very much welcome a high-performance alternative to Javascript that also runs in any browser -- something in the spirit of C or Java, which could be embedded in Javascript and vice versa.

tracker1 3 days ago 0 replies      
A few points of contention... First, it doesn't seem like TFA is opposed to JS, as the linkbait title would seem, but the overhead of some sites/libraries.

I think that jQuery is probably a bit larger than it may need to be. Most of this is to work around edge cases or missing features in supported browsers. I think that the biggest issue may well be cost(s), and trust. It would be entirely possible to have a jQuery-like framework that would bring in only those shims as needed as part of loading from a central source. Unfortunately, that has costs in terms of both maintenance as well as deployment/cdn. It's probably not worth it.

Second, you are getting a lot of unused features with most frameworks (like jQuery), however this can be mitigated by using a common CDN, where caching helps a lot. Using the google, or ms cdn for jquery is a no brainer for a public facing application. I think that jQuery is too useful to just be replaced with one-off components.

As to jQueryUI, when you compare what it does with other toolkits, it's actually very impressive. Just look at the load size for the JS for Bootstrap for example... and bootstrap doesn't do all that jQueryUI does.

More and more frameworks have checkbox build options to give more fine grained builds specific to your needs with less overhead. Also, as pointed out in a few slides, you can load certain scripts and features as an on demand or post-load approach.

For example ALL my scripts tend to be at the bottom before the closing body tag (unless it's a single page application). Even then, the analytic scripts are last... imho the page being served to the user is the most important thing... it should be mostly functional without JS. And in terms of scripts, in the larger sense analytics are pretty low pecking order... when you have 10k users an hour, missing 2-3 analytics loads is no big deal.

16s 4 days ago 2 replies      
All the includes are insane as well. Run Noscript or any other JS blocker and visit a few big sites and you'll see that you end up running JS from half the Internet.

I'm joking of course, but some sites have dozens of includes from other sites, advertisers, CDNs, etc.

gwu78 3 days ago 1 reply      
JavaScript assumes a "web browser". What happens when we're not using a "web browser"?

A few days ago, I was actually downvoted for even suggesting that a user could disable JavaScript and that this might reduce her vulnerability to exploits. I'm always fascinated by the strength of the bias in favor of JavaScript.

I'm guessing that so many developers are now so heavily invested in JavaScript that if it were to become less popular they believe they would suffer somehow. They will thus defend this language with fervor. That's my guess.

Days ago we saw Dan Bricklin, who is no stranger to a world without a web browser and is responsible for the app that literally launched the PC into the mainstream, put in his plug for JavaScript. But we also learned he's written entire spreadhseet applications in JavaScript. It appears he's heavily invested in this language. It stands to reason he would defend its use.

On this thread someone mentioned that Bill Joy thought Java applets would power the web. Not surprising considering his company was responsible for Java, and he has called James Gosling, the father of Java, his favorite programmer.

I think when we look at JavaScript we need to ask ourselves who stands to gain the most from it. My belief is that it benefits developers more than users. It's aesthetically pleasing to most developers, but more importantly, programming in JavaScript requires less work than using a language with manual memory management that does not expect to be run inside another application (a "web browser"). JavaScript boosts productivity.

Users, I believe, do not see the same benefits. (e.g. I have seen Marissa Mayer while at Google state how important speed is to users. We might accept that speed is one benefit that users would recognize.)

Because the love for .js is so strong and criticism of it is not well received, I won't go into any more detail. But suffice it to say, if there are problems with using JavaScript, I believe it is not developers who would suffer the most from them. I believe it is users who would bear the burden.

cliveowen 4 days ago 9 replies      
I wonder if there'll ever be an alternative to Javascript. I'm not talking about those things that eventually get translated to Javascript, I'm talking about a native platform well thought-through and based on a typed language that isn't a mess. Yeah, I know: it's not Javascript that's broken, it's the DOM. I'd argue that both should be replaced by something else, otherwise the future will be 90% native mobile apps, which isn't a bad prospect if you can afford to develop and iterate for two different leading platforms.
chestnut-tree 3 days ago 0 replies      
There is a place for Javascript, but it feels like it's being excessively overused.

Anyone who browses with Javascript disabled (using, for example, the noscript browser add-on) will be aware how many sites, even those with mostly text content, fail to load without Javascipt.

Google's blogger/blogspot service is one of the worst offenders. Here's an example: the official Android blog from Google. The page simply won't load with Javascript disabled. Once it is enabled, you have a page of mostly text. This is simply bad web practice in my opinion.


andrenotgiant 3 days ago 5 replies      
Many sites already use Google's hosted javascript libraries for JQuery, Prototype, etc...

Could Google reduce load time in Chrome by building these into the browser, so that anytime they see the include pointing to Google CDN, they just skip it and let the pre-included library take its place?

siddboots 4 days ago 0 replies      
Slide 19 seems broken for me.

I remember from last time someone posted this that slide 19 was like slide 18 but with all of the features over in the JS box. In this version, both slides are identical.

netmute 4 days ago 1 reply      
Enough with the no-context-attached slides already.

Seriously, if you don't have a recording of the talk, or a transcript, at least provide an article or something.

dreen 4 days ago 3 replies      
Why store state in DOM? Isn't that bad practice?

I remember reading DOM access is the slowest part of JS [needs verification]. So you want to trade performance for few dozen kilobytes of assets that can be cached?

ChikkaChiChi 4 days ago 0 replies      
In every situation that you allow your engineers to develop for the technology instead of for their customers, this is going to occur.

Does the customer care that the latest MVVM JS tool is being used? Not unless your customers are only other developers. The customer cares about getting whatever widget you are selling them quickly and with as little thought as possible on their side to consume it.

d4vlx 4 days ago 1 reply      
To bad you have to pay $399 to watch the videos.


I realize it costs money to run a conference but that seems excessive.

cromwellian 3 days ago 0 replies      
On many sites, the (cached) load of 500k of gzipped JS is dwarfed by the amount of HTML, CSS, and images loaded.
lukifer 4 days ago 0 replies      
Though I would like to see the talk in its fullness, and I am a full-on Javascript fanboy, I have to agree with the core thesis. In 99% of cases, there's no reason to do all rendering client-side, especially on content-centric sites. And devs do sometimes get too dependent on kitchen-sink libraries, rather than rolling their own native JS to address their own specific need.
agentultra 4 days ago 1 reply      
Javascript itself has warts and they are easily overcome. I've found that the biggest hurdle for me, someone who's written native desktop applications, are the libraries are a huge hurdle. I still don't understand the obsession with MV* "design patterns," in GUI code.

It's made worse by the fact that the model we have to base our GUIs off of is a based on hierarchal documents.

metaphorm 3 days ago 0 replies      
I'm really perplexed by one of the central complaints in this slide deck. JS load time is just not a serious problem in my experience. The use of CDN's and the browser cache has made loading scripts almost irrelevant in terms of page performance. Its a problem for first time visitors who have a cold cache. And then it amounts to adding an additional 1-2 seconds of load time once and only once on their first visit. I really don't get bent out of shape by that. I'd be worried if that 1-2 second overhead was incurred with every single page load with every single user. that's just now what happens though.
aaronsnow 3 days ago 1 reply      
This deck is really hard to flip through on an iPhone. Nothing a little JavaScript couldn't fix.
larister 4 days ago 0 replies      
Airbnb's Rendr seemed to be a nice solution to this problem


matteodepalo 3 days ago 0 replies      
Just because it's badly abused doesn't mean it's bad per se. Let's say you build your SOA: JSON API + Mobile App. At this point, if you plan to build a web app to browse your content, it's very hard to render pages server side without code duplication/collision with the API. If you go with the full js MVC approach you can reuse your api and just worry about the templating and event binding. Maybe this approach doesn't yet scale to the size of Twitter, but I hope the web moves towards fat clients optimization.
rhokstar 3 days ago 0 replies      
The reality is... JavaScript is here to stay. So stop your complaining, that's such as waste of time. Rather than complain, champion better solutions. Be bold and advance a new and more efficient agenda.
ghostdiver 3 days ago 2 replies      
I see one problem:

- Entire generation of programmers may not have any knowledge about how computer works

joeblau 4 days ago 0 replies      
I think the summary is more helpful than looking at the slides. Does anyone have a link to the video talk about this?
hvs 4 days ago 1 reply      
Amusing, this article was submitted 2 weeks ago and got no comments.


as_if 3 days ago 1 reply      
Funny thing is, I use JavaScript libs like Ext JS because they don't impose HTML/CSS on me.

I can write the whole application in JavaScript and I just have to mess with the DOM and it's ugly friends when in trouble.

bytelayer 4 days ago 0 replies      
What I don't get is the sites that load ALL their content using JavaScript. Sure, I see the point in loading more content if the user scrolls down to the bottom of the page, but why would you do that straight away?
umsm 3 days ago 0 replies      
I love how the tech community promotes something until it's over used and only AFTER everything breaks then we THINK about how / when we can use a technology...
GnwbZHiU 3 days ago 0 replies      
A lot of JS usage on web browser is as a tool to manipulate DOM. A bigger part of the problem, I think, is the DOM API. Another big part of the problem is of course inconsistencies between browsers. Because of those 2 problems, our client-side code becomes complex. Changing JS with "$LANGUAGE_X" wouldn't help much.If the DOM API is much better and web browsers behave the same way, things would be much different.
pcole 3 days ago 0 replies      
If I had time to get something up and running where the html could be rendered on both client and server using the same code base in the early stages of a project then I would.

It all depends on the project of course but currently here is the order in which I tend to do things:

1 Write an api

2 Write web/mobile apps to consume it

3 Optimize by pre-rendering the html when needed if the project becomes popular enough or if it really needs to be crawled.

duylamnguyenngo 3 days ago 1 reply      
I don't always read Hackernews, but when I do I read it with this - http://nojs.herokuapp.com
gokulk 3 days ago 0 replies      
If you use it in the right way, there would be no problems.
yawaramin 2 days ago 0 replies      
Ironically, slides are hosted on a JS implementation of presentation software.
wereHamster 3 days ago 1 reply      
Store state in the DOM? Really?
coldnebo 3 days ago 0 replies      
There is a very important reason client-side js apps are appearing: managing stateful apps over a stateless protocol means spending about half of your time and complexity budget dealing with state transfer. Js clients bring us back to the days of true application programming. They use REST and HATEOAS in a very natural way that most app servers have not. Maybe it's time to let the server side handle what it's good at?
Gravityloss 4 days ago 0 replies      
Who's the superman?
adambom 3 days ago 0 replies      
Did anyone else think this was pedantic?
lnemeth 3 days ago 0 replies      
Very nice, but unfornately, it seems we lost a lot of information from just watching slides...
Duhck 4 days ago 1 reply      
This slideshow lost all credibility when it said to put your analytics in the <head> tags. Sure some analytics providers might recommend you do that, but that is wrong and only serves to

A) Slow your site downB) Introduce a single point of failure into your webpage

All scripts should be loaded either async or at the end of the dom.

Arnor 3 days ago 0 replies      
Bird gotta fly, fish gotta swim, hater gotta hate. I love JS!
speedyrev 3 days ago 0 replies      
OK, who clicked through all 84 slides?
saurik 4 days ago 2 replies      
This was clearly a talk you were supposed to watch, not attempt to read the slide deck through later. Many of my talks are like that, and to avoid people complaining online "your slides suck" even though the people at the talk usually were in agreement that "that was an amazing talk", I always go out of my way to use presentation technologies that are as random and esoteric as possible to make certain that when I am asked "can we have a copy of your slides" the answer is "I guess, but it will be really hard and of no use to you".
DrinkWater 4 days ago 0 replies      
To say it in the words of @fat: hi haters https://pbs.twimg.com/media/A_G3NghCIAEAGbM.jpg:large
Statement by Edward Snowden to human rights groups at Sheremetyevo airport wikileaks.org
386 points by pvnick  7 days ago   238 comments top 23
brown9-2 6 days ago 14 replies      
These nations, including Russia, Venezuela, Bolivia, Nicaragua, and Ecuador have my gratitude and respect for being the first to stand against human rights violations carried out by the powerful rather than the powerless.

Are people really not bothered at the irony in this sentence? Russia, as a country that stands against abuse of the powerless by the powerful?


If the posthumous prosecution of Sergei L. Magnitsky, the lawyer who was jailed as he tried to expose a huge government tax fraud and died four years ago in a Russian prison after being denied proper medical care, seemed surreal from the moment the authorities announced it, the verdict and sentencing on Thursday did not disappoint.

By all accounts, it was Russias first trial of a dead man, and in the tiny third-floor courtroom of the Tverskoi District Court, it took the judge, Igor B. Alisov, more than an hour and a half to read his decision pronouncing Mr. Magnitsky guilty of tax evasion.

It doesn't matter if it is hypocritical of an American like me to point this out, when it goes on in my country/government as well - but I find it willfully ignorant to label the Russian government as a defender of human rights like this.

edit: here is some more reading on Russia and this topic: http://www.hrw.org/news/2013/04/24/russia-worst-human-rights...

droithomme 6 days ago 3 replies      
It's very odd both that the US government would use Human Rights Watch to convey messages (which are essentially threats or warnings) to Mr. Snowden, and that Human Rights Watch would feel the need to agree to convey messages of that nature on behalf of the state apparatus that is targeting Mr. Snowden.

It was also odd when I earlier read that Human Rights Watch was the only agency which received an invitation from Mr. Snowden which felt the need to release the message in advance to the media, including the time and place of the meeting.

To see the problem with these events, consider it in any other situation where a political prisoner who is in hiding, let's say a North Korean, is meeting with representatives from human rights agencies. How would it be perceived if one of those human rights agencies announced the location in advance and took the opportunity to deliver a personal threatening message they had privately received during a personal conversation with Kim Jong-un.

ChuckMcM 6 days ago 3 replies      
Whomever is speech writing these statements (or editing them) is doing a great job. Not only does Snowden make the US out to be a corrupt and despotic nation, willing to subvert its own laws and principles to shut one person up, it manages to position the US' character below that of countries run by South American dictators and ex-KGB colonels.

It is my sincere hope that this event ends the political careers of a number of US politicians, and engages enough voters to disrupt the status quo.

tokenadult 6 days ago 4 replies      
I would have a lot more regard for what Snowden is claiming about United States government actions if he would come back here to the United States and stand trial. More and more of what is being said in his statements to the press (which plainly are receiving editing help, at least, from Wikileaks) are not making sense in the overall context of how different countries behave in the community of nations.

When all the smoke is cleared away from Snowden's allegations, and there have been congressional investigations into the data-gathering and surveillance practices of United States government agencies and private companies, most Americans will still be quite supportive of their federal government (in the usual complaining United States way) and tens of millions of people around the world will still desire to settle in the United States.


To date, I am persuaded that United States government programs related to foreign intelligence need more effective oversight--not least because they hire snafus like Snowden. I am also persuaded that most countries with governments subject to the discipline of a free press and free and fair elections largely are willing to cooperate with the United States in the kind of programs the NSA intends to run, because there are genuine threats from terrorist plotters in those countries.


I'd be glad to see NSA programs reviewed by Congress, and possibly curtailed in their operation to ensure their lawfulness. I'd also be glad to see Edward Snowden go on trial according to United States law to weigh his actions against any defenses he may be able to assert at trial. I've lived elsewhere twice for long stays in my adult life, and after talking to people from around the world about this, I'm still glad to be living in the United States at the moment, and still mostly glad that the United States system of rule by law operates as it does.

mythz 6 days ago 1 reply      
The US Govt illegal activity couldn't have been exposed by a nicer guy. He's self-less and motivated by altruistic goals that serves everyone's interest but the US Govt's (and other Govt's they can influence).

It certainly helps our cause that he's both intelligent and articulate.

The fact that the US Govt can continue operating at full will irrespective of legal and constitutional boundaries shows just how much power and influence they already have.

resu_nimda 6 days ago 0 replies      
The Human Rights Watch representative...had received a call from the US Ambassador to Russia, who asked her to relay to Mr Snowden that the US Government does not categorise Mr Snowden as a whistleblower and that he has broken United States law.

That's just...hilarious, and absurd. What purpose does that call serve; what goal is it working toward? Is it some sort of legal requirement? Can we just do without the inane posturing, for once?

Edit: apparently there is some dispute as to whether this conversation actually took place.

koops 6 days ago 2 replies      
Not only is Snowden brave, and smart enough to outwit (so far) the most powerful institutions of our day, he's also an excellent writer.

To David Brooks and all the others who mock him for not finishing high school, take this statement as a model of clarity and forthrightness.

malandrew 6 days ago 1 reply      
Anyone asking him to come back and face trial under the current conditions is either nave or a fool. However, I think that he should at least put conditions on the table under which he would return to the US to face trial.

The most important condition would be strict adherence to the 8th amendment, which means no possibility of solitary confinement or other cruel and unusual punishment and reasonable bail, so he is afforded the same rights that Daniel Ellsberg was after leaking the Pentagon papers.

The other required condition would be changing the jurisdiction in which charges are brought back to where they should have been filed, which is Hawaii, not Virginia. Cherry-picking a jurisdiction where many of those that will be on the jury may work in the IC community or have close ties to the IC community is not justice. In fact, it is a perversion of it.

Lastly, (and I know this would never happen), but I would love to see a Frost v. Nixon type debate involving Glenn Greenwald, Edward Snowden, Barack Obama, Gen. Keith Alexander and James Clapper live on national TV unrehearsed.

lambda 6 days ago 1 reply      
> The Human Rights Watch representative used this opportunity to tell Mr Snowden that on her way to the airport she had received a call from the US Ambassador to Russia, who asked her to relay to Mr Snowden that the US Government does not categorise Mr Snowden as a whistleblower and that he has broken United States law.

Am I the only one who found this whole statement pretty odd?

Let's see. A "whistleblower" is a term for someone who blows a whistle. This is generally meant to indicate someone who is making some kind of loud noise to report a crime; someone (maybe a cop, maybe just someone who is a victim of a crime) trying to get attention that a crime has been committed.

Now, when reporting a crime, do you generally expect the perpetrator of that crime to be the appropriate person to determine whether or not a crime has been committed, and thus whether or not labeling the person a "whistleblower" is appropriate?

The whole idea of whistleblower laws that don't protect someone from reporting to the public about crimes committed by the administration is laughable. What the hell is the point of any kind of whistleblower laws or protection if you can't actually blow the whistle on your bosses?

chunkyslink 6 days ago 0 replies      
Thank you Edward Snowden. You are a true hero.
llamataboot 6 days ago 3 replies      
Now hopefully Russia will do the right thing and at least let him leave the damn airport. There are a number of routes from Russia to Venezuela that don't cross over Western European or US airspace -- can't VZ just send a private plane with a military escort over there and bring him back?
StavrosK 6 days ago 1 reply      
Hmm, what he said about the grounded plane made me wonder: What if he (or a supporter) falsely tipped off US authorities that he was on that plane to see whether he could travel to South America securely, or if the US would somehow intercept the plane?

A dry run, as it were.

llamataboot 6 days ago 1 reply      
In semi-related news that I can't post because I get the hacker news "please slow down" warning -- hacker takes over website of VZ daily El Nacional and warns govt not to give asylum to Snowden or face leaks of corruption/bribery/etc


turar 6 days ago 1 reply      
I regularly read reader comments on NYTimes regarding NSA/Snowden affair, and this is the first time that vast majority of highest-rated comments there are negative toward Snowden. Previously, the majority was overwhelmingly pro-Snowden. Very curious. http://www.nytimes.com/2013/07/13/world/europe/snowden-russi...
bpatrianakos 6 days ago 0 replies      
The fact that the US doesn't recognize Snowden as a whistleblower doesn't prove persecution or anything at all. He broke the law. He and others may not like it or agree and they don't have to but its still clear he broke the law. What has Snowden told us that we didn't alreay know since 2006? He gave us classified documents and the names and operations of classified programs. Programs we already knew about but just didn't know the name of or how they worked. Hell, even with what he did give us we still don't actually know how they work. But we sure as hell always knew our calls and Internet activity were being monitored.

I'm not a fan of what the NSA is doing but I don't think Snowden is even remotely close to a hero either. Did you know you can take that position? That there's a difference between ones position on NSA spying and whether Snowden is a whistleblower? I'm of the opinion that Snowden and the NSA are criminals.

gavinlynch 6 days ago 5 replies      
Ryan Lizza of the New Yorker purports that the US Ambassador to Russia is denying the conversation stated in the 1st paragraph ever occurred: https://twitter.com/RyanLizza/status/355717218895536129

I don't find Wikileaks as a credible source on this topic in general.

bedhead 6 days ago 2 replies      
In all seriousness, is there even a single HN commenter who doesn't support/worship this guy? Is the diversity of thought that nonexistent on this subject? I'm just sorta curious and ask the question sincerely.
mansigandhi 6 days ago 0 replies      
Is there anyway we, as a people, can help other than just support? Is there a petition running to the UN?
mtgx 6 days ago 0 replies      
The Western European countries are actively standing in the way of him going to Venezuela, and are actively opposing his asylum.

So what do we do now?

mikemoka 6 days ago 0 replies      
granting asylum to Snowden will just influence relations between US and Russia,and is not done to be coherent with previous standings of the country on the topic of human rights,almost always different.Russia and others clearly try to challenge the rest of the world to increase their power in times of crisis, how nice,the sooner world leaders realize that the internet is an early glimpse at the future of society and start researching and doing things together the sooner things will improve,for everyone.

Every individual has the particular interest to live in a healthy society,and not to have his possibilities limited by his country of birth if you ask me.

anovikov 6 days ago 0 replies      
I wonder why he can't travel to Latin America. Is it just the issue of not being able to transit through Western Europe or U.S. airports and the lack of direct air connection? Why Mr. Assange does not arrange a private jet flight for him? Moscow to Caracas is under 10K km so it should not be a problem. Even if that's expensive (maybe $200-250K), a few months of living in Sheremetyevo will eat up as much money, or more.
rmdoss 6 days ago 0 replies      
Next few days will be interesting to see what Russia will do there.

They do not have the best track record in terms of privacy or human rights, but helping him will make them look good internationally.

wwhitman 6 days ago 0 replies      
Wikileaks is using him as a meat puppet and now he is totally fucked, whatever shred of credibility he had is lost by praising Russia for their dedication to human rights. I suppose you can defend their record but you will be fighting uphill.
Why We Can No Longer Trust Microsoft pcmag.com
379 points by domdelimar  4 days ago   299 comments top 45
cs702 4 days ago 9 replies      
GNU/Linux, and Free software and hardware in general, look to be the BIG winners out of the NSA brouhaha, because all non-US governments, businesses, organizations, and individuals around the planet who need to safeguard their private or confidential information now have reason to mistrust proprietary (unauditable) software and hardware.

Free, open software and hardware are less likely to have secret 'back doors' installed or embedded in them because their innards are under constant public review by multiple eyes -- out in the open, not behind closed doors.


Edit: added last sentence.

acqq 4 days ago 9 replies      
This is a financial disaster waiting to happen. Microsoft is oblivious if it is not doing something to divorce itself from the NSA.

Apple, on the other hand, could have come out smelling like a rose, but following the death of Steve Jobs, who apparently refused to play ball with the NSA, it stupidly jumped on board to join the PRISM club.

According to the Prism slides, it really looks so:

   "Dates when Prism collection began for each provider   Microsoft 9/11/07   Yahoo 3/12/08   Google 1/14/09   Facebook 6/3/09   PalTalk  12/07/09   YouTube 9/24/10   Skype 2/6/11   AOL 3/31/11   Apple (added Oct 2012)"
Steve Jobs: February 24, 1955 October 5, 2011.

If it's true, it's one reason more to deeply admire him.

And can you just imagine how much more sales Apple would get now for not being on that list?

LinaLauneBaer 4 days ago 6 replies      
A couple of years ago at a Linux conference in Germany I had a discussion with a Microsoft employee at their booth. At that time I was a 'hardcore' linux user with no trust in Microsoft at all. The discussion with the employee went like this:

  Me: "Hello. Could you tell me what Microsoft is doing at this Linux conference? I honestly want to know that."  Him: "We are here to show how our products can work well together with Linux related products."  Me: "Why would I as a Linux user use Windows or any other product from you? We all know that you spy on me - at least indirectly."  Him: "Oh no. You are misinformed. We have a lot of business customers with very sensitive data. Can you imagine what would happen to us if they found out that we spy on them? Business users are very sensitive in that area. We were screwed. And we do not spy on regular users as well. You may also know that this would be totally illegal according to German law."  Me: "So you are saying that you do not spy on businesses or other kind of users of your products?"  Him: "Yes! We were screwed otherwise!" *giggle*
He had a smile on his face for the whole discussion. Maybe because he had this discussion with those paranoid Linux users for the last couple of days of the conference. Paranoid!

Microsoft is so screwed guys.

Edit: I was not rude to this guy. We had a beer together later that day. I am sure he did not know anything about PRISM and was just doing his job.

xiaoma 4 days ago 0 replies      
This reminds me of Ken Thompson's famous Turing Award paper from 1984. In that paper, he described a malicious compiler that added security holes to properly written C programs.

The real question isn't about whether you can trust Microsoft. It's can you even trust Intel?

"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."


mikevm 4 days ago 2 replies      
Dvorak's article is a regurgitation of previous HN discussions on this topic.

I have said in the previous HN post and I will say it again here: don't pile on Microsoft alone. These spying policies make every US-based services company untrustworthy to whomever privacy is important. Come to think of it, I'm not sure whether you can rely on European services either because it seems that gov't surveillance is widespread.

On the other hand, maybe if we do pile on Microsoft, and stop using their products for this reason alone (even though Google, Apple and others are in the same boat), it will force them and their lobbyists to influence their gov't shills to put a stop to these programs.

diego_moita 4 days ago 1 reply      
John Dvorak sounds like a tech version of those economic & political loudmouths that spread definitive and absolute truths with very little evidence (Rush Limbaugh, Bill O'Reilly, Ann Coulter). That's because their purpose is not to generate light but to generate heat; to cause controversy instead of inform. It is the journalism equivalent of the Rolling Stones and Madonna: scandal as a marketing tactic.

These people remind me of the Austrian writer Karl Kraus: "The secret of the demagogue is to make himself as stupid as his audience so that they believe they are as clever as he."

The fact is that for almost all big corporations there is so much money, training and culture involved in MS platforms that a shift away from it is just to hard to do, unfortunatelly.

polarix 4 days ago 2 replies      
"Microsoft is oblivious if it is not doing something to divorce itself from the NSA"

No John, unfortunately it is not really an option to move 57,000 employees and a headquarters out of the United States. That is what would need to be done. None of the people making statements for these large corporations are lying voluntarily.

p37307 4 days ago 1 reply      
I think it is time to rethink everything, Not just Microsoft. Cloud computing is at risk now too. From Amazon to Google Drive, Gmail, etc. Shared hosting is not even secure any longer. Our connections from our isp can be the source of their spying.

People want the ease of computing not secure computing. The polls show it. In the US everyone but the geeks are OK with the NSA. Sad.

The system is going to have to change to federated data. Email, Social media, everything. Appliances owned by the individual. Either located in the home or small server appliances "rented" at a colocation facility and every user's info on their appliance. Any warrants are served to the individual not the "processing" or interpreting host that parses the data in their UI or service. The host, whether Facebook, Google, Yahoo, Microsoft, etc would notify the requester that that info is on a server rented solely by the user and they have no standing to grant or honor the warrant as they are the wrong party.

Please note I use voice typing due to fine motor control and this comment may contain errors.

mbesto 4 days ago 0 replies      
Microsoft, despite denials, appears to be in bed with the NSA. Apparently all encryption and other methods to keep documents and discussions private are bypassed and accessible by the NSA and whomever it is working with.

With that said, do you really want to buy a Microsoft product?

Notice the words appears and apparently. Until there is specific evidence to take those two words away from those sentences, hardly anything will change.

pydanny 3 days ago 0 replies      
Wait a second... they trusted Microsoft?


Seriously though, if you don't play ball with the NSA, they come after you, your business, and your family with the full weight of the US government. Your wealth or status means nothing against it.

Which means, as a parent, I can relate.

Yes, you and I can sit here on my keyboard and say we would have stood our ground, but when you have a children and a mortgage, suddenly things are very different. Suddenly, you think that maybe fighting this one particular fight isn't worth the damage to you and your family.

That, my HN friends, is why the whole NSA PRISM thing is so evil and why it outrages us: Even those normally beyond the law (the rich and famous) are suddenly victims like the rest of us.

josteink 4 days ago 0 replies      
Someone on reddit asked a very interesting question with regard to all this information about US snooping...

What about UEFI? Should that be assumed fundamentally insecure from this point on?

jrabone 4 days ago 1 reply      
But WHAT, exactly, can't we trust? I've seen NO technical detail to any of these discussions, yet there are a number of sub-systems that might be compromised:

- low-level crypto APIs (the 'DLLs' referred to obliquely in the article); these are more interesting. I imagine they could be compromised for weak session key generation or other leakage of key / plaintext, or generate the session key in such a way that the mythical 'NSAKEY' can decrypt it. Huge impact, if so, but only to certain software; AFAIK Mozilla doesn't use the Windows crypto API / certificate key store (but Chrome does).

- SSL certificate generation (built-in CA for Windows Server builds); certificates stored and replicated via Active Directory; does anyone actually use this? In fact, does anyone actually use client SSL? It is likely also used for domain peer replication, which could potentially be over an external network (but why would you not use a VPN there?)

- Encrypted File System; already contains an escrow key-recovery mechanism to allow administrators (including domain admins) to recover a lost user key. Only likely to be relevant if hard disk or backup images seized, so less impact.

- BitLocker drive encryption; similar to EFS but uses a hardware TPM and is per-machine rather than per-user. Fairly sure escrow key recovery at the domain level is possible here too. Again, only likely to be relevant if hardware or backups seized.

- Office document encryption; did anyone SERIOUSLY think this was worth using anyway? There are so many key recovery services out there for this (Elcomsoft et al)

- Communications applications (Skype et al); again, did anyone SERIOUSLY think this wasn't already being monitored, even before Skype became a Microsoft product?

- Some other OS-level 'phoning-home' behaviour. I simply don't believe that no-one has spotted this happening, if it's there - we can do traffic analysis too, and there are plenty of people running Wireshark on their own networks.

ksec 4 days ago 0 replies      
To be honest I dont blame too much on Microsoft. Being a business they needed to survive. It is not like they have a choice and government could very well bring another antitrust trial. Microsoft refuse to play balls to US government at first and they were nearly spitted into 3 different companies. So like any big cooperation they have to pay money for lobbying to buy them safety.

And Microsoft is evil, I mean in Google's sense of evil and even Microsoft admit it.

But What about the one who claim them self do no evil and itself being so righteous. Joined Prism on 1/14/09?

And I would really love if the Movie could add bits on Prism agents coming in like some fucking retard, and Steve would tell him to Fk off.

NewsPaper and Media, intentionally or not trying to diversify the hate and focus on PRISM away from Government.

They are ultimately the one to be blamed.

sounds 4 days ago 2 replies      
Any serious discussion of moving US businesses off Microsoft stalls when it reaches the "non technical" departments.

I put "non technical" in quotes because many of the people in HR, Accounting, Marketing, etc. are very tech-savvy. Marketing folks, for example, would love an all-Mac office setup, but they generally have to have Windows PCs for Powerpoint, Visio, and CRMs, to name a few. HR needs their IE6 in-house apps. Accounting can't even hire anybody who wants to try getting their work done on a Mac.

I realize I'm not even talking about Linux here; I think that just underscores my point.

Does anyone have a counterexample? Because I would pay top dollar for a Linux solution to these problems, but haven't seen anything worth buying.

69_years_and 4 days ago 3 replies      
I don't think native MS apps running on a local machine are a risk, I imagine (with a little nieviety) that if MS apps/OS were phoning home on a regular basis with the content of ones documents - someone would have noticed and raised a flag (or did I miss it). Nor is exchange BCC a copy to the NSA - again someone would have noticed. Cloud services excluded.

PS. It's *buntu that spins my propeller.

PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.

joshuaheard 4 days ago 1 reply      
The same thing is happening at Facebook, Google, Yahoo, and other tech companies. Why single out Microsoft?
yason 4 days ago 0 replies      
Uh, I might sound like a clichy old grumper but is this really any news since the 90's which is when Microsoft found the internet?

It's practically been the operative description of Microsoft for decades that they're interested in profits (and potential profits in certain circles disjoint from the end users), not the privacy or security of their users.

quackerhacker 4 days ago 0 replies      
I'm a fan of Steve Jobs and Bill Gates, so it's sad to see when a company's founder steps down. I feel like the ambition and drive sometimes disappear...then bottom line and dividends matter over pride.
Fice 4 days ago 0 replies      
No longer? Like if there were not enough reasons not to trust them (or any other proprietary software vendor) before.
mathattack 4 days ago 0 replies      
"So the first news I see regarding Microsoft today is that Ballmer refuses to talk about the company's wearable computing strategy. My first thought was, "This is its priority? Wearable computers? So it can spy on your day-to-day activities?" The next story I read was about how Microsoft is going to reshuffle the organization, which prompted me to wonder, "Re-org? Why? So it can put some intelligence agency folks in charge?""

Seems like Microsoft has a lot of issues to worry about. Doing a reorg when the company is struggling just to put an agency person in charge seems like a lot of work. Why not just put them in charge in a small internally announced move?

stinos 4 days ago 0 replies      
rely on Microsoft Office with any confidence

This seems to imply using Office, like in Word/Excel?, somehow poses a privacy risk. Is that true? And how exactly?

areski 4 days ago 2 replies      
Linux for all the things! That's the only viable solution
jpkeisala 4 days ago 1 reply      
Actually, why nobody mention anything about Intel and Cisco? I would image it would be much more effective to build backdoor to network appliances if you want to spy someone.
xradionut 4 days ago 0 replies      
Trust or not, I'm still writing code today for the 95% of people that are running Windows and Office. The irony is that the code interfaces to PGP/GPG...
dredmorbius 4 days ago 1 reply      
/me reads article.

/me checks byline.

Holy crap. Yeah, I remember when Dvorak was quite the Microsoft fanboi.

My how times change.

Fuxy 4 days ago 2 replies      
Windows should be banned in all countries except America. Open source OS is the only way to go. I'm not saying Linux since it's not exactly the most non technical friendly OS for people requiring more than basic usage but windows definitely isn't the OS for the future and it needs to die.
bradbenvenuti 4 days ago 0 replies      
The fact that the url of this article ends in .asp kind of makes me laugh a little. Although I would love to see movement away from Microsoft products, its clearly much more difficult than the article makes it out to be.
ferdo 3 days ago 0 replies      
I want to know who trusted Microsoft to begin with.
mtgx 4 days ago 1 reply      
> "With that said, do you really want to buy a Microsoft product? Do you want to buy anything that gives easy access to snoops poking around at their leisure? If you'd think twice about this, then why would a foreign government rely on Microsoft Office with any confidence? Personally, if I were any foreign government or corporation, I'd stop using all Microsoft products immediately for fear of America spying on me. Nothing can be secret."

That's exactly what I'm hoping will happen. It may be the only way to actually roll back most of this shameless and abusive mass spying of everything and everyone. I'm not sure what else would stop it. Americans protesting it? I'm not holding my breath for that one, and even if they do, they'll only try to fix the spying internally, as they couldn't care less what they do to the world as long as the government keeps telling them "it's to keep them safe" (which obviously trumps everyone else' rights).

robmclarty 4 days ago 0 replies      
Question: when did we start trusting MS that we now can no longer?
JohnLBevan 4 days ago 2 replies      
When a company does what's asked of it by a government and people are upset with the company something's seriously wrong. A company's main priority is typically to make money within the bounds of the law. A government's should be to improve the quality of life and uphold the moral values of its citizens.

I have a feeling had Apple been first on board rather than last the journalist would argue that Microsoft were evil for not complying with a government request and that Apple clearly had the vision to help the nation's security, but maybe that's just me?

skc 4 days ago 0 replies      
The more interesting discussion for me would be around which large IT players we actually can trust?
rodolphoarruda 4 days ago 0 replies      
AFAIK, if you control the layer 1 fiber lines, it doesn't matter the OS, the vendor or the application in question. NSA will intercept your data while on transit. Of course, if you can have DLLs packaging everything the way you like, appending the right file extensions and cleaning all the metadata... that's more than welcome.
puma1 4 days ago 0 replies      
I don't think any large company has any choice in the matter. And this article targeting Microsoft. Apple is doing the same exact thing, who cares if they signed on afterwards? All the major tech companies are, and no one is going to stop using any of them. Get real.
njharman 3 days ago 0 replies      
Trust no longer!? You shouldn't trust any corporation to do anything other than maximize profits.
_ak 3 days ago 0 replies      
We never really could. NSAKEY, anyone?
leopoldfreeman 4 days ago 2 replies      
The reason is obvious in China. Google is blocked by GFW, but Bing is not. So, there must be some dirty business between Microsoft and government of China. If Microsoft can do this in China, they can do this anywhere, even in USA.
abdel 4 days ago 0 replies      
I don't remember last time I used bill's products.
j2d3 3 days ago 0 replies      
We can no longer trust Microsoft?

Crazy. I've been trusting Microsoft all this time, and now, what to do!?!

tigroferoce 4 days ago 0 replies      
So, after SElinux, another big push form NSA to open source community?
jmaddox 3 days ago 0 replies      
"Why We Can No Longer Trust Microsoft" Are you kidding when did anybody trusted microsoft.
likeclockwork 3 days ago 0 replies      
When could we trust them?
nfoz 3 days ago 0 replies      
Someone trusted them before?
timbrooke 4 days ago 0 replies      
> Why We Can No Longer Trust Microsoft

LOL. Who was dumb enough to have ever trusted them?

Trinity College experiment succeeds after 69 years rte.ie
368 points by duggieawesome  1 day ago   113 comments top 32
robomartin 1 day ago 4 replies      
The first thought that popped into my punny little brain was: Why didn't they use a centrifuge to accelerate results?

The one variable that could be controlled is the gravitational force on the substance. If we were on the moon the experiment, as designed, would take far longer to produce a drop. By using a centrifuge they could have easily simulated significantly greater gravitational forces and arrived at a result much sooner.


The Queensland experiment data says that it takes about 13 years for a drop to form and fall [1]. You'd need less than 5,000 g's to make it happen within a day or about 160 g's to get results in 30 days.

[1] http://www.nature.com/news/world-s-slowest-moving-drop-caugh...

peterkelly 1 day ago 3 replies      
I bet the grad student involved is celebrating now that they can finally submit their thesis
chm 1 day ago 2 replies      
"The experiment was begun by a colleague of Nobel Prize winner Ernest Walton in the physics department of Trinity in 1944."

Am I the only one who finds this insulting? They could at least name the guy!!!

kfury 20 hours ago 0 replies      
People have waited through so many failed attempts to record the drop that nobody wants to mention that they didn't 'really' record an unassisted drop. The bead is still connected when it hits bottom, and the tail doesn't break until they raised up the suspended platform.

Check the video and notice that the suspended vessel jumps about 2 inches higher just after the drop.

It's a good recording, but I'm looking forward to a better one in 2026.

throwit1979 1 day ago 3 replies      
Um, not to take away from the achievement of the result, but couldn't this result have been obtained in much less time with higher force than 1G in, say, a centrifuge?
jkn 1 day ago 2 replies      
While I'm fond of this type of down-to-earth experiments, I'm curious about the scientific value of waiting for decades to observe the drop falling due to Earth's gravity, versus placing the apparatus in a centrifuge, which I imagine would dramatically accelerate the process. Maybe the higher forces would affect the way the drop is formed, in a way that was deemed undesirable?
duggieawesome 1 day ago 1 reply      
It should be noted that this experiment is different than the Queensland experiment, which is still going on.


elmuchoprez 23 hours ago 2 replies      
"Over several decades a number of drips did form in the funnel and fall into the jar, giving credence to the hypothesis that pitch is indeed viscous."

It sounds like the experiment, as designed, reached a conclusion in far less time than 69 years. It just took 69 years for someone to think about video taping it.

finnh 1 day ago 1 reply      
I call shenanigans. In the time-lapse, the funnel "jumps" upward right when the drop falls (0:56). Unless the funnel's mounted on a spring (?), this is a clear indication that somebody interfered with the drip. I declare this video null and void!

...or maybe the video camera just got jostled when all scientists started dancing around in their glee =)

Peroni 1 day ago 1 reply      
I think (hope) it's worth noting the location of this experiment. Trinity College, and the Irish in general, tend to gravitate towards romanticised notions. Even our scientists.

It honestly wouldn't surprise me in the least if the experiment was initiated knowing full well it would take decades to complete but they went ahead anyway 'for the craic'.

shabble 20 hours ago 0 replies      
The Beal seed viability experiment[1] has been running for 120+ years, and iirc they keep increasing the interval between trials because there are only so many seeds stored, and so far they haven't had a significant failure in germinating and growing them.

[1] http://www.amjbot.org/content/89/8/1285.full

tragomaskhalos 22 hours ago 0 replies      
My favourite thing about this story is the various times that this and similar experiments around the world missed capturing the actual drip due to various glitches and snafus; imagine the howl of anguish of the researcher coming in one morning to find that yes something has finally happened after all these years, only to discover that some doofus had left the lens cap on ....
ryen 22 hours ago 0 replies      
Have they analyzed the dripped substance? My first thought is that it could be from condensation formed on the pitch over a large amount of time due to temperature gradients.
matt1 23 hours ago 1 reply      
For a bit more background on the history of this experiment and why the previous drips were missed, check out this recent Radiolab podcast:


morb 1 day ago 0 replies      
Radiolab had an interesting segment about the Pitch Drop Experiment, interesting to listen: http://www.radiolab.org/2013/feb/05/never-quite-now/
wooptoo 1 day ago 1 reply      
The title is misleading. The experiment did succeed before, it just hasn't been captured on camera.
ISL 20 hours ago 0 replies      
If you wanted to do this experiment with reasonable statistics, it's quite amenable to parallelization. Pitch is cheap, funnels are cheap, dusty basement shelves are (potentially) cheap, and webcams are inexpensive. Doing ~300 of these in parallel wouldn't be hard, and would allow considerable investigation of systematic effects.

Decade-scale experiments aren't hard, but they do require planning.

carlsednaoui 21 hours ago 0 replies      
Heard about this the Pitch Drop Experiment on Radiolab couple weeks ago. Very interesting episode: http://www.radiolab.org/2013/feb/05/never-quite-now/

"...the Pitch Drop Experiment is so slow, you can watch it for hours (check out the live cam) and not detect the slightest movement. But that doesn't mean nothing's happening. Professor John Mainstone tells us about his desperate attempts to catch the flashes of action hiding inside this decades-long experiment."

user24 23 hours ago 5 replies      
I sort of take issue with "experiment succeeds". You don't (shouldn't) set up an experiment to prove or disprove something, merely to discover.

I'm sure the issue, if indeed there is one, is with the reporting not the scientists though.

adjustafresh 1 day ago 0 replies      
Anyone else reminded of those old Heinz Ketchup ads...Anticipation https://www.youtube.com/watch?v=uoLoyg3JKRQ
defective 1 day ago 1 reply      
I think, after a few missed drops, that I might have added a backup camera.
codezero 16 hours ago 0 replies      
Science has been confirming results for a long time without the aide of video proof. This sounds like fluff. It's cool fluff, but it's pretty ridiculous to assert that the theory couldn't be proven without video proof.
aarondf 20 hours ago 0 replies      
That pitch was a little thick and quite slow. 6/10.
dokem 20 hours ago 1 reply      
why did the pitch have to drip? Isn't the fact that a drip was forming proof that the pitch was flowing?
thehme 19 hours ago 0 replies      
This is really cool. I only wish we knew the name of the "colleague of Nobel Prize winner Ernest Walton", so he can get credit for this.
mathattack 1 day ago 0 replies      
There couldn't have been an easier way to test this?
juice13 1 day ago 0 replies      
What's up with one sentance per paragraph? Feels like reading the simple wikipedia.
adamrneary 1 day ago 0 replies      
"...the scientific value was questionable..."
marco-fiset 23 hours ago 0 replies      
Am I the only one to think that this is pretty boring?
cupofjoakim 1 day ago 3 replies      
Dude, I'm finding this hilarious. 69 years to prove that something is a fluid? I picture two really old scientists watching the tape, only to have one of the old geezers turning to the other to spill the sacred words: "Told you so".
Fuck Off As A Service (FOAAS) foaas.com
385 points by choult  4 hours ago   75 comments top 35
binarymax 3 hours ago 2 replies      
Feature request:

returns ':name, Thou clay-brained guts, thou knotty-pated fool, thou whoreson obscene greasy tallow-catch! - :from'

e.g. /shakespeare/Falstaff/Prince%20Henry returns 'Falstaff, Thou clay-brained guts, thou knotty-pated fool, thou whoreson obscene greasy tallow-catch! - Prince Henry'

16s 3 hours ago 2 replies      
Telnet is simpler... I call this my random insult service and it can run on any TCP port. It's not as rude as saying "Fuck Off" as it is meant to be humorous and is intended for all the script-kiddie port scanners out there:


dasil003 2 hours ago 2 replies      
Cute. But now you're on the hook to maintain it, and I can already see the abuse you'll have to take from your target demographic whenever this goes down.
maaaats 3 hours ago 0 replies      
> Not Written in Mozart.

I thought they were talking about this mozart programming system: http://www.mozart-oz.org/And thought to myself "who would ever write anything big in that"?

jedahan 23 minutes ago 1 reply      
I made a few cruder services like this at my old job:


They are both running on heroku and slow as hell. Pull requests (http://github.com/jedahan) or better free hosts are welcome, but I get like 50 visits a year so whatevers.

We used in in chat rooms when management was being dumb, mostly.

akadien 1 hour ago 0 replies      
This is fantastic. It's the best thing since StarLogs (http://starlogs.net/#johnzachary/libcork)
squid_ca 17 minutes ago 0 replies      
For the ultimate "fuck you", this should be written to use SOAP.
ianstallings 1 hour ago 0 replies      
I'm too old for this shit.
JonSkeptic 2 hours ago 0 replies      
Name collision!

I've been telling people to do me a service and fuck off for years!

lotsofcows 3 hours ago 1 reply      
I think there's an extraneous parameter in /this/:from Oh, and minor niggle, you haven't replaced :from in the final three examples.

Also, please can you add localisation? The word "donut" makes me feel physically sick. http://foaas.com/you/%22donuts%22/lotsofcows

toyg 2 hours ago 1 reply      
Italians (well, many of them) can use this localised version, "SAAS: Soccmel As A Service": http://soccmel.taldeg.me/
MattBearman 3 hours ago 0 replies      
Legendary! Always good to have an early afternoon laugh :) I shall be spreading this forthwith!
wilhil 2 hours ago 0 replies      
And this has much better documentation than many APIs I have to use!
nicholassmith 3 hours ago 0 replies      
They should put the source up somewhere, I'd love to see what the filthy minds of the hacker community could add on.
Torn 2 hours ago 0 replies      
So you're ignoring customers in other countries because you can't communicate with them? Why are you not immediately hiring a native speaker/coder to expand your market there?

Or is it an IP protection issue in that you've found that certain countries (China?) will steal your evaluation code and run with it?

rullopat 33 minutes ago 0 replies      
So, GMail filters other people spam and put their own paid spam directly on inbox. Brilliant!
Jd 2 hours ago 0 replies      
Didn't zedshaw already design something like this? Where is he when you need him?
zipppy 46 minutes ago 0 replies      
My one feature request would be to have the word proceeding 'fuck' as an argument:

/:thing/:fromWill return content of the form 'Fuck :thing. -:from' e.g. /SaaS/Foaas will return 'Fuck SaaS. -Foaas'

tehwebguy 3 hours ago 1 reply      
License? Can't use this without one.
jjsz 2 hours ago 0 replies      
I thought this was going to be a list of all the services who can fuck off, like AT&T and Time Warner Cable, with an API to either: launch a DDoS attack at them, formally fuck them off by sending them a letter or a proper complaint to the correct address, while connecting your social media accounts with the correct hashtags- updating your status. Telling actual _people_ to fuck off caught me off guard...then I got the joke of applying an API to everything, especially if it's easier to do it in person...You should add mailing real letters if enough people request the service.
dcuthbertson 52 minutes ago 0 replies      
Nicely done. It needs:

returns 'Fuck you very much. - :from.'

peterkelly 3 hours ago 0 replies      
Man, I'd love to see what would happen if you submitted this as a student project for a class on web services
hughdbrown 1 hour ago 1 reply      
Feature request

returns 'F*ck me gently with a chainsaw, :name. Do I look like Mother Teresa?' - :from

devgutt 2 hours ago 2 replies      
This should use POST instead of GET, because you are proposing an action.
joeblau 2 hours ago 0 replies      
LMAO. I just burst out laughing so hard. Why is this platform not open source :)?
kfk 3 hours ago 1 reply      
I think you should include hashed urls. You can guess the content of the link from the url.
kiplinger 3 hours ago 0 replies      
How usefully useless
MrBra 29 minutes ago 0 replies      
way to go :)
uKV6kWT3 2 hours ago 0 replies      
Are code contributions welcome? If so, is there a repository I can send a patch to?
sushaantmujoo 1 hour ago 0 replies      
new http 403 msg
abdel 3 hours ago 0 replies      
i like the roadmap
piqufoh 1 hour ago 0 replies      
I fucking love this.


3pt14159 3 hours ago 5 replies      
This isn't Hacker News material.
Why Is Netflix Secretly Cropping Movies? flavorwire.com
350 points by nreece  1 day ago   147 comments top 33
devindotcom 1 day ago 2 replies      
Netflix almost certainly just licenses the pan-and-scan versions of movies for maximum compatibility.

I really don't know why this is blowing up all of a sudden. We've had pan and scan versions of films on TV and streaming for decades.

The only really troubling thing is that there's no "The film you're about to see may have bee modified from the original version" warning at the beginning of some, and it should definitely be clear that is the case.

mullingitover 1 day ago 3 replies      
Call me crazy, but I doubt Netflix has permission to modify the films in this way. Something tells me the studios are providing them to Netflix pre-cropped.
kijin 1 day ago 3 replies      
Whenever I watch a movie with some of my extended family, there's always someone who asks why the movie doesn't fill the entire screen. They want either the black bars removed and the area filled with images (like Photoshop Content-Aware Fill?), or the whole movie zoomed in (cropped) so that the sides are lost. I, along with some of the other serious movie-watchers in the family, have to convince these individuals every time that no, that's not how you watch a movie. (My favorite argument: "That area is reserved for subtitles.")

But I don't think most of the general public cares about the aspect ratio, only about utilizing the maximum square footage of their overpriced TV. Netflix is just catering to this demographic, just like DVD vendors who came up with 4:3 versions of 2.39:1 movies. The number of customers who complain about the wrong aspect ratio is probably much smaller than the number of customers who complain about the black bars.

joelmichael 1 day ago 1 reply      
I saw this interesting overview of the history of aspect ratios the other day. There's a lot more variety than you'd think.


nwhitehead 1 day ago 0 replies      
My guess is that this cropping is being done by video editing service companies at the request of the studios.

Netflix and a studio come to a distribution agreement. Netflix tells the studio the technical requirements for the digital files to send over. The studio realizes they don't have exactly the right format on hand, so they contract out to some firm to encode their content. The studio may not realize that there is an aspect difference, and the service company might automatically adjust the cropping to make it fill the screen to fulfill their contract and meet the technical specifications.

wilg 1 day ago 3 replies      
What a misleading title! It's really not Netflix's doing, and it's definitely not some kind of evil conspiracy.

The studio isn't going to pay for a new transfer just for Netflix, or maybe they have a better one but are only realizing it on Blu-Ray. Netflix just gets whatever version of the movie the studio happens to already have on hand, which is likely the HDTV version, which is sometimes pan-and-scan.

But that doesn't make a very sensational headline.

atwebb 1 day ago 2 replies      
Isn't it just the content providers sending altered movies?
timfrietas 1 day ago 0 replies      
Ah, this is close to my heart, and I have worked in video and streaming video for ten years, for many companies. Which is why I am so surprised the author does not realize that Netflix is not making this decision--video is supplied by third parties and sometimes this is out of control of Netflix or other streaming video vendors. Sometimes the pan and scan version is all that exists as a digital encode. Generally Hollywood studios are resistant to spending any extra money or labor to put our widescreen versions that customers can't generally discern from the pan and scan versions (and re-encoding costs are often absorbed by the streaming video service, in this case Netflix).

Netflix is generally making a smart business decision here--expanding selection and using a product that appears identical to 98% of viewers--and I say that as one of the 2% who can tell and do care.

In short, the author should know this, and have said it themselves, citing their video clerk experience--customers, if anything, think widescreen is the inferior product.

rmrfrmrf 1 day ago 0 replies      
I've actually noticed this (because, technically speaking, widescreen films should still have black bars on them even with "normal" widescreen televisions). I always assumed it was Netflix just accommodating the average user who would get pissed that they bought a widescreen TV and the picture is still showing up with bars on it.

Also consider that the average user usually watches television with their TV that auto-crops and/or zooms and stretches pictures, not to mention interpolates 120Hz viewing for a delicious soap opera effect.

I have to say, though, that cinemaphiles complaining about Netflix quality is a bit like the audiophiles that buy $10k sound systems to listen to their MP3 collection.

jordanthoms 1 day ago 1 reply      
Ugh. Now I need to look up each Netflix movie to see if they have messed with it before playing?

Shouldn't be difficult to give us an option, Netflix is already encoding in many different formats.

ultimoo 1 day ago 2 replies      
" and Milos Forman made a decision when he chose to show both Jim Carrey and Jerry Lawler."

I'm amazed that Netflix edits the frame to a degree that may actually change the meaning of a scene or a dialog. I know that cropping even a few mm off the edges is bad, but 'cropping' one entire guy from a scene involving two people is outrageous.

ChuckMcM 1 day ago 1 reply      
Well if you believe in conspiracy theories, Netflix subtly alters the film so that if it shows up on Bittorrent they know where it came from :-)

But I suspect that Netflix isn't doing the altering, rather their source material comes that way. Either because the distribution channel gets it that way or because the content providers want it that way. Like the author I suspect that if it wasn't being done by the media companies there would be a big stink about it.

grbalaffa 1 day ago 0 replies      
HBO and the other "premium" cable channels also do this. Not every single time, but much of the time. Try watching any of the Lord of the Rings movies on HBO or Cinemax for example. They're all 16:9, even though they were 2.39:1 "scope" in the theater.[1]

Forcing everything to be 16:9 has become the new "pan and scan", and it's actually been around for a while.

[1] Some of the time a movie has been filmed in a format which contained extra space on the negative, such as "Super 35", and in some cases the 16:9 might actually be showing more of the image rather than less, but it's very hit-and-miss and requires a custom transfer and master of the movie (which HBO has been known to do in at least some cases).

jordanthoms 1 day ago 1 reply      
I contacted Netflix support about this, and they claimed that this isn't the case generally, but it might happen with some devices. Has anyone been able to reproduce this?
wazoox 1 day ago 1 reply      
It's crazy; almost all forms of broadcasting are made without any consideration of proper display. 4:3 TV shows from the 80s and 90s are cropped to 16:9 (which kills the resolution to abysmal levels); films on VOD services and TV are cut down from cinemascope to 16:9; black and white sources are colorized and made weird and ridiculous. why on earth would I ever want to pay for any of these services? Well, I don't. I don't watch TV anymore; I buy a couple of DVDs here and there, and that's about it.
JulianWasTaken 1 day ago 1 reply      
OT: site is unreadable on my Android device with Chrome (latest).

It disables zoom but is too wide for the screen and doesn't reflow the text (I should just turn off allowing sites to disable zoom...).

jotux 1 day ago 0 replies      
Why is it a change without some giant announcement is suddenly some sort of secret conspiracy?
circa 1 day ago 0 replies      
This also reminds me of how they take TV originals, like Seinfeld, for example and originally shot for 4:3. They enhance them for 16:9. I would like to see a comparison of that too.

However, I will admit I think the Seinfeld enhancements do look pretty good from what they used to.

icodestuff 1 day ago 0 replies      
I just noticed this a couple weeks ago with "Serenity" - I mostly watch TV on Netflix, rather than movies - but they absolutely should be giving us the whole picture. TV's have anti-letterboxing modes, and the people who don't know any better than "the picture isn't taking up my whole TV" should use them. And of course there's no reason whatsoever for them to provide anything but the original version on the website.
ancarda 1 day ago 3 replies      
Personally I've never understood the 2.39:1 aspect ratio. My TV, computer monitors, laptop and phone are all 16:9. TV shows I watch are 16:9 as well. Other than 4:3, it seems like the universal ratio. So why are movies shot at 2.39:1, a ratio that causes black bars on any device you watch it on?
rogerbinns 1 day ago 0 replies      
When I look for the majority of the movies in the article and linked site, they come up as unavailable (US netflix). Kind of makes it all moot.
shaggyfrog 1 day ago 1 reply      
I'm not sure if it's intentional irony or not, but the site is too wide on my iPhone and doesn't allow me to pinch/zoom.

If the author intended that to inspire frustration with mobile readers... then well played, sir/madam, well played!

fernly 1 day ago 0 replies      
Does anyone know if Amazon streaming does the same?
area51org 1 day ago 0 replies      
There's an outside chance that Netflix only has a license for the pan-and-scan versions, and the studios want more $$$ for the widescreen versions.
chiph 1 day ago 1 reply      
What are the chances that this person had the DVD flipped to play the 4:3 version of the film? (Studios sometimes release pan & scan and the widescreen on the same disc, but on opposite sides).
bgruber 1 day ago 0 replies      
this is usually the case when watching a movie on the HD feed of HBO/Showtime/what have you as well. They're probably getting the same source as netflix.

It seems that some directors have the clout to demand that their movies are distributed in the original aspect ratio. Or perhaps they're willing to trade some cash for control of that aspect of distribution.

lo_fye 22 hours ago 0 replies      
I contacted Netflix about this on twitter. They say it ain't so.https://twitter.com/lo_fye/statuses/357851185140596736
jccalhoun 1 day ago 0 replies      
Next you'll tell me that their movies are compressed and not at the same quality as blurays!
circa 1 day ago 0 replies      
That first paragraph had me rolling. I worked for Transworld from 99-2002ish and had to explain the exact same thing to people. Got the same result. Glad I can laugh at it now. At the time it pissed me off more than anything.
shurcooL 1 day ago 0 replies      
The iPad app used to let you watch the movies in both portrait and landscape modes. I found portrait mode worked better for me when watching a movie in bed.

As of a month or two ago, they took away the ability to watch in portrait. Why. It just made the app worse.

jbinney 1 day ago 0 replies      
Ironically, you can't resize the article to read the full lines on mobile safari.
gcb0 1 day ago 0 replies      
summary: the article does not answer why.
hoodoof 1 day ago 0 replies      
The NSA wants the cropped out bit.
Bose founder, Amar Bose, has died at 83 mit.edu
350 points by jefftchan  6 days ago   159 comments top 26
Anechoic 6 days ago 2 replies      
It's not well known, but Dr. Bose had a stroke a few years ago. I was an officer of a local Acoustical Society of America chapter in Boston. Dr. Bose had been awarded a plaque at the national ASA conference in the summer of 2011, but he wasn't well enough to travel to accept the reward, so we volunteered to host a reception in Cambridge to give him the award and recognize other prominent acousticians. At that point, none of us knew what had happened to prevent him from traveling (I figured he was just really busy), but we were informed shortly before the reception.

When he arrived he was clearly still recovering (he had difficult walking and needed time to collect his thoughts before speaking), but he was still able to make a barn-burner of an acceptance speech. Afterwords, he took the time to speak to anyone who wanted to talk to him, including me.

I know audiophiles and enthusiasts have a low opinion of Bose products and their litigation strategies (some of which I share), but I had Dr. Bose as a professor in college and he was a fantastic instructor (even without the free ice cream during tests!). Students would often challenge him based on audiophile beliefs, and he would always use sound engineering arguments to refute them. And he was the only MIT prof I have saw who regularly ate meals at the Lobdell Food Court.

RIP Dr. Bose.

camera-phone picture of James Barger, Dr. Bose, Christopher Jaffe and Eric Unger at the aforementioned reception: http://twitpic.com/d2amd3

edit: bose.com has a memorial up: http://www.bose.com/remember/index.html

pud 6 days ago 10 replies      
Bose got a bad rap.

In the 80's, everyone agreed Bose products were pretty but overpriced. Unfortunately that reputation stuck.

These days, we all gladly pay extra for good aesthetic design (see: Apple, and almost every electronic gizmo on Kickstarter).

Bose was ahead of their time.

curiousDog 6 days ago 0 replies      
"In 2011, to fulfill his lifelong dream to support MIT education, Dr. Bose gave to MIT the majority of the stock of Bose Corporation in the form of nonvoting shares. Under the terms of the gift, dividends from those shares will be used by MIT to sustain and advance MITs education and research mission. MIT cannot sell its Bose shares, and does not participate in the management or governance of the company."

Wow. Respect.

savrajsingh 6 days ago 3 replies      
Sorry to hear. One of Bose's greatest contributions may be the Bose Suspension, which (to my knowledge) hasn't been put into production yet: http://www.youtube.com/watch?v=eSi6J-QK1lw
robg 6 days ago 0 replies      
Never took venture capital or IPO'd; gave his company to MIT.
peterarmstrong 6 days ago 0 replies      
Wow, someone dies and there's so much negativity about headphones.


I should leave it there, but since everyone is talking about headphones, I'll play too...

I love the QuietComfort headphones. This is true, even though they are expensive and I've broken a number of them. They are simple, so my bluetooth Sennheiser headset remains on the shelf. They are light and comfortable: I often wear them for 12 hours in a day. They have good sound. They have contributed to so many coding and writing zones over the past ten years I've lost count. They're probably the single most important productivity tool I own. They don't leak sound (unlike open headphones -- I had a pair of really great Sennheiser headphones that made my cubicle neighbours crazy years ago, as Portishead apparently sounds like torturing cats when listened to on open headphones). They are great for air travel. Hell, when you combine them with earplugs they even make float plane trips passable.

So, thanks Dr. Bose for one of your company's products.

sunnybythesea 6 days ago 0 replies      
His last lecture here for those interestedhttp://video.mit.edu/watch/dr-amar-g-bose-last-lecture-of-fa...
mrkmcknz 6 days ago 0 replies      
Bose.com have a pretty nice tribute running right now:


cmbaus 6 days ago 0 replies      
I'm glad to see this article at the top of Hacker News. It is easy to not realize how big audio was in consumer electronics all the way up until the early 80s.

Many of the great engineers of their day worked in audio, and I find myself continually attracted to their creations. Many who work in software today, may have been building amplifiers and speakers in the 60s.

tt 5 days ago 0 replies      
His Acoustics class was arguably the best course I took at MIT. His numerous anecdotes about hard work, perseverance, and applying thought process to every challenge we face really stuck with me. The end-of-semester field trip left a long lasting impression. He made me a better person I am today. I'll really miss him.
chiph 6 days ago 0 replies      
I had a set of Bose 901 speakers in the 1980s. They were a really innovative design, and certainly not "wife-friendly" with their requirement that the wall behind them be a certain size and distance away.

It had 8 smaller drivers facing towards the wall, angled to reflect off it and produce a more ambient sound. And one driver facing towards the listener to provide the direct sound needed for vocals. The speakers (heavy, heavy speakers, btw) had an earlier version of their waveguide technology, which channeled the back pressure of all the small drivers and combined them to provide the bass that a larger driver would have produced.

In order to correct some of the bad behavior of the small drivers & enclosure, there was an external electronics box that you inserted between your preamp and amp, or in a tape loop if you had a receiver (it had pass-thru capability) to get the speakers to sound right. Once DSPs became affordable, they changed over to them, instead of the analog components the series of 901 that I had used.

I think I paid $1300 at the military exchange for the pair, and the (essentially required) Bose stands were another $200 or so. Which was a lot of money at the time (CD players were still $500). But I had bragging rights until I got written-up by playing them too loudly. The 901s definitely preferred a high-current amp -- I used a Hafler 200 watt MOSFET amp. A Sony integrated-circuit based receiver went into shutdown trying to drive them.

rb2e 6 days ago 1 reply      
As a ex sound engineer and now self described audiophile, I deeply admire and respect Bose products. Though expensive, I loved my Bose speakers till they fell off my computer desk onto the floor. The small cube satellite design with the sub on the floor, filled the room considering there such small size. They were good enough for me to mix and master with for my friends projects.

RIP Dr. Bose

pvdm 6 days ago 0 replies      
He was an inspiring speaker but I avoided his company's products. Due to no fault of his own, the company that bears his name turned into a marketing driven company rather than engineering driven.
tapsboy 6 days ago 2 replies      
The Bose trio is an inspiration to many in India1) Jagadish Chandra Bose2) Satyendra Nath Bose3) Amar Bose
b1daly 6 days ago 0 replies      
He obviously was a tremendous achiever, but the current Bose products I have heard are terrible sounding.

The signal processing they add to create the "spacy"effect destroys the mix, the balances of the instruments, the placement, it's all lost in a hazy phase fog of sound. I don't get it.

To my ear, even many of the cheap desktop systems from companies like Logictech sound better.

If you're looking for decent sound at a low price, there are many low cost powered studio monitors that sound pretty good, like these from M-Audio:


I don't think they are good as professional monitors, but for everyday listening pretty damn nice.

pdevr 6 days ago 8 replies      

Are there any other faculty members (not necessarily at MIT) who have managed to start their own companies which became successful, and yet have stayed on as a faculty member? That itself seems to be a rare achievement.

paul9290 6 days ago 0 replies      
Any audiophiles here know if we'll ever witness Bose or Sonos type speakers(sound) built into our mobile devices?

Full disclosure - We created a web app that plays audio in sync across multiple Internet devices (http://SpeakerBlast.com) & are curious about the advances being made in this field.

Could our IP devices used alone or in harmony ever produce the same sound quality of a Bose or Sonos speaker?

aarondf 6 days ago 0 replies      
I remember being blown away by Bose active suspension, and wondering why Bose was doing it. Seems like a Google play in a way: make a bunch of money in one area (audio/ads) and do awesome stuff in another (active suspension / cars, glass).

Video of active suspension: http://youtu.be/q8sVDenpPOE

Incredible company. He'll be missed.

shiven 6 days ago 0 replies      
Dr. Amar Gopal Bose, you will always be remembered. Thank you for the inspiration. R.I.P.

A short biographical sketch:http://flic.kr/p/f8wZ6R

Another write-up:http://flic.kr/p/f8wZee

jpswade 6 days ago 0 replies      
This is a great loss, a man that I only recently learned about through reading "Autobiography of a Yogi", which mentions his great achievement as an eastern scientist, breaking out into a western world.

I hope Hacker News black lines today out of respect for this man.

AlexPandian 6 days ago 0 replies      
Bell, Morse, Land, Kurzweil, Bose, ... the list of Boston associated inventors is never ending. Then again Polaroid or Bose corporation can't compete with the limelight of the web world.

Most audiophiles buy stuff very few people have heard off, and Bose products themselves are on the fence of trying to be audiophile, yet popular ... a tricky space to be in.

nanospider 5 days ago 0 replies      
Interesting that in the spirit of the usual startup discussions here on Hacker News, no one has mentioned that this is/was a single founder company. http://en.wikipedia.org/wiki/Bose_Corporation

Kudos to Dr. Bose.

rblion 6 days ago 0 replies      
My name is Amar too. A sad day for innovators named Amar. Shine On buddy, thank you for the contributions to audio technology that has enriched millions of lives. :)
bzelip 6 days ago 0 replies      
damn, i loved my dad's 380ZX soundsystem. its what turned me onto hi fidelity. neat to know it was named after someone and that he went to MIT. peace
gprasanth 6 days ago 0 replies      
jellyfish 6 days ago 0 replies      
Exactly, his companys tactics go directly against the making the world a better place hacker ethos.
Show HN: Floobits Remote pair programming done right floobits.com
338 points by ggreer  22 hours ago   129 comments top 50
ggreer 21 hours ago 2 replies      
If anyone's curious, a long time ago I wrote about why I chose to make this: http://geoff.greer.fm/2012/10/19/cross-editor-real-time-coll...

I didn't realize it would be as hard as it's been. Operational transformation is hard. Persistent network connections in editor plugins are hard. OT + network connections in editor plugins is comically hard.

yesimahuman 21 hours ago 2 replies      
Looks great, going to try it out. Some feedback: it seems I was able to do a private session on the free plan, but the error message indicates I've used 1 out of 0 private sessions.

I think it's important to be able to trial the private session. As I am doing work for my company, I don't want anyone else looking at the work, but I want to try out the product on something real.

danso 22 hours ago 1 reply      
Very cool idea, trying it out right now. I have one caveat though...I get that there's a distinction of "public" and "private", with the latter being reserved for free accounts. But I don't know what "public" actually means...I'm assuming that at minimum, it means that anyone who guesses a URL of my workspace can join in on the fun. But how do other users discover new workspaces? Is there an "Explore" endpoint similar to Github's, where people can just see what others are doing in public?
sgrove 20 hours ago 1 reply      
Been watching this for awhile, it's what we've wanted for years now (we thought about building this as dev offering for Bushido's platform).

Finally giving it a go in emacs, I just get a Floobits buffer that continually spits out "floobits agent says: ... select(): No socket." non-stop.

Edit: Trying it again a second time seems to have worked. Temporary bug, or pebkac perhaps?

gleb 19 hours ago 2 replies      
Very neat. Quick patch to make (require 'floobits) work:

  diff --git a/floobits.el b/floobits.el  index 5f05d33..029e6bd 100644  --- a/floobits.el  +++ b/floobits.el  @@ -451,3 +451,5 @@ See floobits-share-dir to create one or visit floobits.com."           (cons 'added added-text)           (cons 'deleted deleted))))           (floobits-send-to-agent req 'buffer_list_change)))))  +  +(provide 'floobits)

plg 20 hours ago 3 replies      
Why does it have to be organized around a centralized server requiring user accounts? Why not make it peer to peer instead? Haven't we learned our lesson?
thom 17 hours ago 1 reply      
So does this support emacs on one side, vim on the other? If so, thank you, you're awesome.
MichaelGG 15 hours ago 1 reply      
When joining the hn_feedback, the edit button seems to fail:

  discarding because event origin is   Object ?follow=1:62  Connecting to https://floobits.com:8448/ ...   b8cb474e2761.js:427  Joining workspace Floobits / hn_feedback   b8cb474e2761.js:445  room_info   Object   b8cb474e2761.js:4535  Uncaught TypeError: Cannot read property 'path' of null   b8cb474e2761.js:205  (anonymous function) b8cb474e2761.js:205  x.event.dispatch jquery-2.0.3.min.js:3  y.handle jquery-2.0.3.min.js:3
Chrome on Windows 7. Seems like none of the buttons (like delete) work, either. I don't see any activity other than people in the chatroom. Just a black center screen.

agentultra 20 hours ago 0 replies      
Glad to see more people experimenting in this space!

Currently I'm using sqwiggle + screenhero and it'd be killer if they could somehow have a baby together.

Screenhero allows me to share my emacs (or any window). Works like a charm.

jalopy 20 hours ago 0 replies      
Holy cow this is an awesome concept. Haven't tried it yet, but if it works it's completely transformative. Can be used as a teaching tool for anything - not just for pair programming.

Very, very cool! Thank you for charging money so you can build a real business and keep improving on it.

Please, please work with the JetBrains folks to integrate w/their suite of products? Please?!

lsiebert 15 hours ago 2 replies      
I like that you have free organization plans, but I think you need some sort of intermediate option for a classroom type environment and student groups. The ability to a teacher or TA pair program, or set up students to work in small groups on a semester long project would be awesome.

However A 12 week class with 30 students is 1.5k, if I am understanding how your plans work correctly, and I don't see that happening. Given that it's less likely to be always on programming when it's students and teachers, I think a significant deduction would be reasonable.

Alternatively, you could spin off a classroom focused version.

Maybe something that will need to wait for when you are more profitable, but if you get people used to your service as a student, they will carry it with them.

kansface 18 hours ago 2 replies      
As an experiment, this room is publicly writable- let us know what you think.

edit: I'm taking down this link as we are completely crushed- I suppose getting DOSed by our own users is the best way to go down.

oceanician 4 hours ago 0 replies      
This looks really good. Just need another Ruby programmer to try it out with now :) Anyone free a week today - next Friday, 26th July?
swalsh 21 hours ago 1 reply      
I had this idea a while ago, Notch was having one of his programming live streams. I thought, man what if instead of us just watching this guy write code we could all be working on it at the same time.

I don't know how well it would work, but it would be cool to use a platform like this to try it. Maybe some open source app. It would be like an Amish barn raisin'

garlandbinns 12 hours ago 0 replies      
Congrats Geoff and Matt! Geoff, I randomly bumped into you on Freenode a couple of months back and chatted w/ you briefly and you were telling me about this. So happy for you all to see this on HN getting such great feedback. Nice job working hard and making it happen! :)
meowface 15 hours ago 1 reply      
This is surprisingly cool.

With some more polish, this could become a real wave-maker.

You could consider making it a bit more of a "freemium" model. Something like allowing users to set up 1-2 private coding collaborations for free, but without any version control, terminal-sharing, or the other bells and whistles.

cheesylard 13 hours ago 5 replies      
So um..... call me ignorant, but how is this any different from:

person 1:

    screen -t "foo"
person 2:

    ssh person1@blahblah.com    screen -x "foo"

daurnimator 20 hours ago 2 replies      
Trying to install in sublime I see:

Package Control: Error downloading package. URL error unknown url type: https downloading http://github.com/Floobits/floobits-sublime/archive/0.17.5.z....

StavrosK 22 hours ago 1 reply      
Hey, this is pretty interesting. One feature request: Do you think you could add Mozilla Persona for authentication? I don't like yet another u/p, and that Github permissions screen left me a bit uneasy (although I didn't see anything untoward).
parennoob 22 hours ago 1 reply      
I went to 'Sign in with Github', and got:

"Sorry, but an error made this operation impossible."

Is this feature not enabled here, or is the site slashdotted?

arikrak 13 hours ago 1 reply      
Douglas Engelbart would be proud.

I wonder which will be more common in a few years - something like this, or collaboration fully in the cloud, like c9.io.

jivid 21 hours ago 1 reply      
This looks great, good job! A couple of things:

1. I renamed the default FLOOBITS_README.md to teach.py, but the path at the top of the page still showed the README filename. teach.py showed up in the left nav, so I don't really know what was going on there.

2. When I was loading one of the workspaces under https://floobits.com/u/ggreer, clicking on the files in the left nav took really long to load, about 8-10 seconds. I almost thought that all the files were blank at first and were there just to show the nested directory structure.

Apart from that, I think this is really cool! I'm definitely going to be using it over the next few days.

aantix 21 hours ago 1 reply      
Hopefully they will create a plugin for RubyMine. Not sure, but maybe if they create a plugin for IntelliJ, they'd cover the entire family of Jetbrains editors? (IntelliJ, Rubymine PyCharm, PhpStorm)?
tommoor 21 hours ago 0 replies      
Really interesting idea guys, looking forward to giving it a try. If you're in San Francisco i'd love to hook up and talk remote collaboration :-)
cpolis 21 hours ago 3 replies      
This is a fantastic idea and I'm really excited to start using this - I wanted to develop this kind of program for a while.

This is my use case:I work with designers who are hesitant to use git and make changes really quick and test them on a live WP or similar site. Often times we have two or three people needing to edit a single css file and everyone has to open/close the file often to not overwrite the changes of others. Maybe there is a better workflow, but a collaborative editing tool like this will go a long way in streamlining this process.

jhartikainen 22 hours ago 2 replies      
Looks interesting, but I get the feeling using something like ScreenHero would work better. I've used ScreenHero for sort-of pair programming and it works extremely well + it's not limited to editors.
mustardhamsters 21 hours ago 1 reply      
This still had a bunch of issues when I tried it: The user I connected with saw many instances of my user because I was trying to connect with Sublime Text, and couldn't give permission to all of them. The system didn't sync well from ST to the browser, but it worked the other way around. At some point we began typing over each other entirely. Screenshot here: http://grab.by/oAgS

Really want to see this working well!

ThomPete 22 hours ago 0 replies      
So this could potentially become a pair programming tool that would allow a single person to oversee the work of several people too.

Could be good for remote education. In fact I would be willing to pay someone to teach me objective-c this way.

t4nkd 19 hours ago 1 reply      
Maybe I'd know the answer faster if I just tried, but, does this let people pair from, lets say, SublimeText to Vim? From the screenshots it seems to be one-way(sharing from a native editor to Floobits web editor).
nwenzel 19 hours ago 0 replies      
Pretty sure this could be part of the answer to the pros/cons debate of working remotely... productivity vs collaboration.
johnnyg 16 hours ago 0 replies      
TextMate? Guess I'm going extinct. :-)
RobotCaleb 20 hours ago 1 reply      
Any support for private networks or networks not on the internet? Not everyone wants/can send their code through a third party.
efm 22 hours ago 1 reply      
New ways to collaborate remotely and easily are valuable. Travel time is a waste.

David Socha from the University of Washington is looking for teams to video for his research into collaboration.


kapad 18 hours ago 0 replies      
Getting an errorUnable to create workspace: <urlopen error unknown url type: https>

Have tried both the master branch and teh 0.17.5 tag. Same issue.

The package control install was not working so just copy pasted the directory into sublime packages. Could this be the issue?

geekbri 19 hours ago 1 reply      
Gave this thing a whirl. The terminal sharing is nice, however the person I paired with had a real hard time seeing any of the commands I was typing. The PS1 modification flootty makes pushes almost everything right out of their window and they claimed they were unable to scroll vertically
lince 20 hours ago 1 reply      
Awesome tool.

I don't know why, but I was expecting a place to get in touch to other programmers to do Pair Programming (i.e. for small katas or side projects). Does it exists?

If it doesn't, does anyone wants to have a bit of fun doing Pair Programming to create it together? :)

stevenklein 20 hours ago 0 replies      
We use Floobits a few times a week to pair and it's incredible.
njoubert 15 hours ago 1 reply      
From Sublime: Unable to create workspace, maximum recursion depth exceeded.
dannyolinsky 17 hours ago 0 replies      
We're big floobits fans. Using it to pair remotely with Sublime.
KurtMueller 19 hours ago 0 replies      
Madeye.io is fun and allows "swarm programming".
kaushikt 21 hours ago 0 replies      
Great job. I just signed up. I think you should have requested my email address from github as well. So that, i would have my gravatar on Floobits.

I am not missing anything, am i ?

kansface 17 hours ago 0 replies      
Floobits is down...

and back up.

bagels 15 hours ago 0 replies      
Why does the demo have ascii art penises? I think it detracts from the otherwise quality presentation.
ggchappell 9 hours ago 0 replies      
Figlet sighting. :-)
cmrx64 22 hours ago 0 replies      
Been watching floobits since you announced it. Very excited to see it launch with bunches of new features!
GrinningFool 20 hours ago 1 reply      
Looks great - any plans to offer self-hosted for those who want behind-the-firewall solutions?
coldman333 4 hours ago 0 replies      
hi all , i have some error in msgs.floobits.log , on Windows 7 / Sublime 3

"Error handling room_info event with data {... }: path is on mount 'd:', start on mount 'c:' "

have fix this?

contingencies 15 hours ago 1 reply      
What's the point of video when programming? That's just a distraction.
ctb_mg 21 hours ago 1 reply      
Can you comment on the technical details on how this works at the network level? How secure is this?
shaunol 15 hours ago 1 reply      
This is quite awesome - Visual Studio support would rock!
The NSA Admits It Analyzes More People's Data Than Previously Revealed theatlanticwire.com
336 points by j_baker  1 day ago   134 comments top 22
spikels 1 day ago 6 replies      
This is even worse than it seems. A "hop" can go both ways. So if a terror suspect calls Comcast's main 800 number (or any other high volume number) they can track everyone who ever called that number. And obviously they have to deal with the fact that many people have multiple numbers and treat them as a single node. Three hops from a few thousand suspected terrorists each with multiple phone numbers might include a large fraction of the US population.

Not sure how this could possibly be helpful in an investigation if everyone is a suspect. At some point you have to narrow it down.

Edit: Apparently there are 875,000 names in the "Terrorist Identities Datamart Environment" (TIDE) [1]

So if each of those suspects can be connected to 20 people (hop 1 - 20 people) and each those people can be connected to an additional 20 people (hop 2 - 400 people) and connected again to 21 more (hop 3 - 8,000 people) you could reach the entire world's population.

875,000 x 8,000 = 7 billion

[1] http://www.reuters.com/article/2013/05/03/us-usa-security-da...

ChrisAntaki 1 day ago 4 replies      
Rep. Justin Amash has brought forth a bill to defund the NSA.


300bps 1 day ago 0 replies      
Analysts look "two or three hops" from terror suspects when evaluating terror activity

I bet they investigate Kevin Bacon a LOT.

nateabele 1 day ago 2 replies      
"We are not collecting [geolocation] data," Inglis said, "under this program." (emphasis added)
darkarmani 1 day ago 2 replies      
> The author of the Patriot Act, Jim Sensenbrenner of Wisconsin, reminded the government that the act was up for renewal in 2015. The provisions for phone metadata collection, he warned, have "got to be changed otherwise in a year or year and a half you're not going to have it any more."

Wait? That's the threat? Shouldn't they have to prove that they have sensible "provisions" before they get to keep doing it? Or how about, we are going to take immediate action and you come back to us when you have sensible provisions.

marshray 1 day ago 0 replies      
It's like playing the Kevin Bacon game except with an 864,999 additional Kevin Bacons in the mix.


mrt0mat0 1 day ago 1 reply      
response offered by DNI counsel Robert Litt. Asked by committee chairman Bob Goodlatte if the government really thought the massive collection of phone records could be kept from the American people, Litt replied, "Well, um, we tried."

I don't get why they are so "shoulder shruggy" about all of this.

famousactress 1 day ago 2 replies      
I wonder (and would not be surprised) if the nodes are always defined by phone number alone. Meaning, if you made a restaurant reservation at the italian place by your house, you're two hops from everyone who's ever called or been called by them.
nobodysfool 1 day ago 0 replies      
I think it's more people than people think...

10% of people living in america are not citizens. 90% of people are. If their definition of 'foreign' is 'non-citizen' and they only have to be 51% certain that someone is foreign, that is a 49% error rate, which means (at a maximum) 90% of the people they have in their databases and are tracking are american citizens.

If they had to be 91% certain, that's a 9% error rate, and they would have a database that 52% are american citizens...

waivej 1 day ago 1 reply      
From "The Tipping Point" on page 47:

"Tjaden actually sat down and figured out what the average Bacon number is for the quarter million or so actors and actresses who have played in television films or major motion pictures and came up with 2.8312 steps. Anyone who has ever acted, in other words, can be linked to Bacon in an average of under three steps."

lawnchair_larry 1 day ago 1 reply      
The longstanding question of whether or not phone metadata collected by NSA includes geolocation data has been answered. "We are not collecting that data," Inglis said, "under this program."

Well that's a relief. ;)

DigitalSea 1 day ago 0 replies      
3 hops is a lot of data. For example I have about 100 friends on Facebook. One of my friends I know has around 500 friends on Facebook and if they're friends have a lot of friends that is a ridiculous and unnecessary amount of data being harvested about people I have never met, have nothing to do with and will never meet.

How can Obama keep on allowing this to happen? This is just getting ridiculous now and if it weren't for Snowden leaking the information, we wouldn't even know it was happening...

D9u 1 day ago 0 replies      
It's not about "terrorism," it's about control.
sdoering 1 day ago 0 replies      
Using a German Business-Social-network, I do have 120 contacts (first hop and I am not a power-user there). After the third hop there are about 1.1 million people.

And that is just one network. Use telephone, other social networks, snail-mail, et al.

Might be massive...

Kapura 1 day ago 2 replies      
I don't care about if it's two hops or three; they're collecting a metric shit-tonne of info. It's like really large amounts of money: if a corporation makes a million dollars or five million dollars, it's all just numbers on a page for me. This "revelation" doesn't change the game at all, because I know that there's still a lot of shit that the NSA isn't telling us about their activities. Feels like hit bait (and it's worked).
Mordor 1 day ago 0 replies      
"two or three" is the same as "at least three", in other words "everyone".
bane 1 day ago 0 replies      
Since I met Dennis Rodman on his way back from North Korea, does that make everybody on HN 3 hops from Kim Jong Un?
babesh 1 day ago 0 replies      
Synopsis: The NSA analyzes EVERYONE'S data.
late2part 1 day ago 0 replies      
"Oooops, our bad." -NSA
repdetec 1 day ago 0 replies      
Shocking. SHOCKING
e3pi 1 day ago 0 replies      
Guardian's take:

"....."The statute says 'collection'," congressman Jerrold Nadler told Cole. "You're trying to confuse us by talking use."

"...One senior member of the panel, congressman James Sensenbrenner, the author of the 2001 Patriot Act, warned the officials that unless they rein in the scope of their surveillance on Americans' phone records, "There are not the votes in the House of Representatives" to renew the provision after its 2015 expiration."

"You're going to lose it entirely," Sensenbrenner said.

NSA warned to rein in surveillance as agency reveals even greater scope

NSA officials testify to angry House panel that agency can perform 'three-hop queries' through Americans' data and records


vijayboyapati 1 day ago 0 replies      
       cached 19 July 2013 15:11:01 GMT