hacker news with inline top comments    .. more ..    8 Oct 2013 Best
home   ask   best   5 years ago   
Mozilla bug 923590: Pledge never to implement HTML5 DRM mozilla.org
868 points by chris_wot  4 days ago   357 comments top 29
guelo 4 days ago 6 replies      
What's ridiculous about everybody bending over backwards for the Netflix usecase is that Hollywood isn't letting Netflix have the content anyway because they want to control and destroy yet another medium. Hollywood is a corrupting evil in our technical, legal and political systems and should be shunned, not accommodated, as much as possible.
Fice 4 days ago 2 replies      
DRM can't be properly implemented in free (as in freedom) software. Either you will not be able to run any modified version not signed by the vendor on your device, or any version you build yourself will lack DRM support. DRM is all about restricting the user control over their devices.

DRM-enabled Firefox would be effectively non-free software: you could not modify it and rebuild it from source while retaining the DRM functionality.

skrebbel 4 days ago 5 replies      
Can some of the more involved please explain the consequence of a choice like this? If Mozilla chooses to not implement this spec, will the effect be that:

    * Firefox is the only browser that can't play certain content    * Firefox is the only browser that plays all content

I would assume the first, because it should be easy for a content provider to just block a certain browser entirely (and that block could be circumvented, but the majority of people won't do that). People will blame Firefox, not the content provider.

ddebernardy 4 days ago 11 replies      
I think you're barking up the wrong tree... And that it has the potential to blow up in Firefox's face.

Remember what happened to html5 video. Everyone but Firefox was pragmatic, and implemented h.264 -- primarily, but not only for hardware acceleration reasons. Years later, Webkit-based browsers are ubiquitous, and Mozilla is developing a phone OS nobody will care about, in a desperate effort to become relevant again.

Imo, Mozilla ought to spare itself another embarrassment by being the only guys in the room with the contrarian opinion. Take the issue to the W3C directly -- or for that matter vote for your local pirate party. HN and other tech news venues might be the correct places to recruit support, but you ultimately want to lobby your case directly.

frozenport 4 days ago 4 replies      
I wonder if this will finally kill Firefox? Imagine a world where FF can't play YouTube or watch Netflix? What if DRM content becomes so prevalent it FF will render most websites like Lynx?
aaronem 4 days ago 2 replies      
I'm still trying to figure out how we go from "UA streams encrypted content to EME plugin -- oops, sorry, 'extension' -- and EME extension streams decrypted content back to browser" to 'View Source' being prohibited, copy-paste of text demanding micropayments to complete, dogs and cats marrying each other, and Satan going to and fro on the earth.
code_duck 2 days ago 0 replies      
They say,

"A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's a Web where user agentsbrowsersmust navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the "Web" technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."

Well, so essentially like the situation with native apps then. My guess is most consumers wouldn't notice at this point.

dingdingdang 4 days ago 0 replies      
Yeah, good luck the the DRM crap - it worked over so well with music (not) and I'm sure it'll fly super fine with video too. Tim Berners-Lee has sold his soul somewhere along the line. Following bit from Florian Bsch comment on article sums it up brilliantly:

"The W3Cs (and Tim Baner Lees) support of EME shows clearly that once again, the W3C has gone down a blind alley (like with XHTML) and is not interested to serve the real needs of the web. The WhatWG was the result of W3Cs stagnation on addressing real world needs. And once again the W3C is more interested in stagnation than real world needs with EME. It has to be expected that the relevancy of any W3C standard will substantially diminish in the future."

mmcclure 3 days ago 0 replies      
Mozilla wouldn't implement EME in the browser. It would come in the form of a plugin. It's absolutely incredible what a few uninformed blog posts will do to an otherwise very smart group of people.

I wrote pretty much the same thing in the comments on the blog post yesterday when people were freaking out about this then. EME is a plugin spec for implementing DRM, not something that would get baked into browsers.

Everyone put their logic pants on and stop freaking out for a second. This is might be a silly spec for implementing a stupid premise (DRM), but it's not the end of the open web.

lucb1e 4 days ago 2 replies      
I dislike this. Now sites will just say "View this site in Internet Explorer" and I'll have to boot a virtual machine to legally view the content. Well, if I ever get sued for it I guess I can always say Hollywood should provide me with a Windows license.
chris_wot 4 days ago 2 replies      
P.S. in case anyone asks, I submitted the bug on my iPad... Hope it's not too disconcerting to see the WebKit user agent on this bug! :-)
ProNoob13 4 days ago 5 replies      
First of all, making a bug-ticket for something that doesn't exists yet isn't going to solve anything. Second of all, why do you oppose DRM? It's been around for years. Games, DVDs... Nobody really had troubles with it until the bad (not so user-friendly) implementations came around. But, with W3 standardizing the spec for it, we get a win-win: We can watch all our (streaming) video without Flash (which was previously used for DRM), and content providers can be sure that the content we're watching is payed for.
Qantourisc 4 days ago 1 reply      
I'd like to make a comment, but does anyone know how this DRM works ? I mean either you trust the client, by binary-blobs/hardware or other form of protection, or you are delivering the content into the lap of the consumer.

So I wonder if FireFox CAN even implement it ?

AYBABTME 2 days ago 1 reply      
Maybe I have no idea of what I'm talking about, but my understanding over how this "Media and Piracy" plot has gone is:

  - Media purchase was inconvenient and overly expensive.  - People pirated because it was convenient and cheap.  - Streaming services offered convenient, low cost     solutions.  - People 'stopped' pirating because streaming is a decent,    convenient legal alternative.
At least that's how I've (and everybody I've asked about) gone through it. So in that perspective, it seems to be a useless attempt at defending from a fading threat.

chris_wot 4 days ago 0 replies      
I'm not sure I put this into the right category. It's really more than a Firefox issue, it's something for Mozilla as an organisation.
tpainton 4 days ago 1 reply      
until you see some slime profit from your hard work by simply copying it... it's easy to talk about how evil drm, and copyrights are. I know photographers, great photographers, that were stunned when they googled their images and found them front and center on some scumbags webpage, claimed as theirs. musicians go thru the same ordeal. This isn't just about Hollywood, it affects creators who are far from rich.
ksec 4 days ago 4 replies      
Realistically, how are content provider suppose to copy protect their properties without the use of DRM?
alkonaut 4 days ago 2 replies      
Either make way for content protection for video in some kind of standard, or we are stuck with Silverlight and Flash video forever. Why wouldn't I want some kind of standard platform for delivering protected video in my browser, rather than getting and updating 2-3 different insecure plugins all the time for doing the same thing?

Is this just a crusade agains DRM as a whole (good luck with that) from the free software movement, or do they have problems with this exact proposal from the w3c?

smegel 4 days ago 2 replies      
Well its either that or flash...think I would rather HTML5.
shmerl 4 days ago 0 replies      
I still wonder what was Tim Berners-Lee thinking, when supporting DRM? He should have known better.
devx 4 days ago 1 reply      
It's bad enough that governments are starting to restrict the Internet all over the world [1], almost in unison, why should the last bastions of freedom on the Internet fall so easily, too?

I see the corruption of W3C (because that's what it is) by corporations almost as bad as the corruption of NIST and the security standards by the NSA.

And for what exactly? The apparent "convenience" of not having a 3rd party plugin, but instead a "native" plugin in the operating system, that will only work on certain operating systems and browsers? HTML and DRM are incompatible in principle, and will be incompatible in practice, too. It won't give you any convenience, and will potentially make things worse in many other ways.

And all of this because we're starting to buy into the idea that the content companies are right and piracy is hurting their sales? I guess repeating a lie long enough, does make it true in the end - even though it probably isn't [2].

So once again, why are you letting our Internet freedom slip away without even a fight?

[1] - http://www.freedomhouse.org/report/freedom-net/freedom-net-2...

[2] - http://torrentfreak.com/piracy-isnt-hurting-the-entertainmen...

zamalek 4 days ago 0 replies      
"To view this website please download our plugin that enables DRM-protected content in your browser."
Zigurd 3 days ago 0 replies      
Tens of billions of dollars worth of JavaScript source code are squirted out to every person, good and nefarious, rich and poor, all over the planet without boundaries, every day as they use Web applications. Why is nobody promulgating a standard for hiding it?

The answer is that such proposals get laughed out of the room. They would break the Web, which is far more valuable than anyone's JavaScript source code. Has innovation in JavaScript suffered for lack of source code protection in Web standards? That's also a laughable idea.

So, why not the same answer for passive content?

ChikkaChiChi 4 days ago 1 reply      
Please implement this. The faster we lull these stupid media companies into a false sense of security, the faster we can get rid of Silverlight.
ialex 4 days ago 0 replies      
What a scary stuff is this?

Imagine the new world that would be open to the malware/spyware if DRM is enabled they will easily use this to hide their shitty stuff and not allowing anybody to see whats going on, how does w3c is going to let that happen :S

Hopefully Firefox wont be open to implemment this shit on their browser.

captainmuon 4 days ago 1 reply      
Implement it, but don't implement it properly. Always tell the server (or whatever does the checks) that DRM is available, and that the user is authorized to play the content. Or add a button or setting to unlock any content.

And even if they implement DRM, I could probably just grab the source and comment out a few ifs, and would be fine (assuming its not just a wrapper for Windows' DRM).

crazychrome 3 days ago 0 replies      
am i the only one to against the pledge?

here is the reason: if there was such kind of mechanism in browser, we probably already had snapchat years ago on browser instead of Apple's safe guarded garden.

there is no evil technology. it just depends on how to use it. i'm surprised so many are blindly naive.

thenerdfiles 3 days ago 0 replies      
The Grand Chancellor of English, or Webster's Dictionary, has confirmed that utterance of protected terms is in scope of the latest edition.
jheriko 4 days ago 0 replies      
well done. :)

as we all know drm is folly. if the data can be decrypted to use then it can be stolen /always/.

Attacking Tor: How the NSA targets users' online anonymity theguardian.com
624 points by brkcmd  4 days ago   175 comments top 29
shawn-furyan 3 days ago 6 replies      
One heartening aspect of the Snowden revelations as a whole is that they have pretty much just confirmed that the things we thought were strong (public crypto research, tor) are in fact strong and the things that we thought were iffy are in fact iffy(Certificate Authorities, Unvetted Crypto, Cloud Services, The Wires, Implementations). This bodes well for the prospect of navigating out of this whole mess successfully since on the whole we seem to have good instincts about what is trustworthy and what is untrustworthy. I think that it actually has tended to clarify thinking about security so that fewer and fewer engineers are able to delude themselves into trusting something that they know deep down is really untrustworthy.
tptacek 3 days ago 7 replies      

I've taken a jaundiced view of "liberation tech" efforts in the past and this is as good an illustration as any of why. Among "amateur" libtech projects, Tor is about as good as you get --- an active community, extremely widespread use, technical people with their heads screwed on right and as much humility as you can reasonably expect of people whose projects are (candidly) intended to thwart world governments.

If Tor can't provide meaningful assurances (here, there's a subtext that Tor actually made NSA's job easier), you'd need an awfully convincing reason for how you're going to do better than they are before "liberating" the Chinese internet, especially given that it your users who assume the real risks.

elwin 3 days ago 3 replies      
The more we learn about the NSA's capabilities, the more it seems like the Manhattan Project. They are developing the "cyberwarfare" equivalents of weapons of mass destruction. This exploit delivery network goes so far beyond any legitimate purpose it might serve that it belongs in the same moral category as hydrogen bombs.

EDIT: The above is somewhat hyperbolic and unclear. The NSA's capabilities may have legitimate uses. Similarly, there may be legitimate military uses for nuclear weapons. But building nuclear weapons creates the risk of worldwide nuclear destruction. Similarly, building this kind of highly efficient exploit system creates the risk of destroying all Internet security. The potential destruction far outweighs whatever good the weapons might accomplish. That is why I said they belong in the same category.

anologwintermut 3 days ago 0 replies      
This is one way the NSA can attack Tor. if they just want to de-anonymize a connection, not get access to the content, (.e.g to locate the Silk Road Sever), in theory they can just analyze all their passively collected data form major fiber backbones to identify and locate the user.

Tor, including hidden services, was never designed to protect against someone who could observe all or almost all traffic in the Tor network. Given that data, it's rather easy to correlate timing information. Indeed, Tor fundamentally allows this since it aims to be a low latency network.

Given the NSA's extensive tapping of key fiber lines, we should assume they can actually observe the necessary traffic.From the original paper announcing Tor: "A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary." --- Tor: The Second Generation Onion Router [0][0] https://svn.torproject.org/svn/projects/design-paper/tor-des...

kilroy123 3 days ago 3 replies      
Sounds like, if you're going to do something very sensitive on tor, you need to:

- always have an update to date version of tor bundle!

- compile the bundle yourself from source

- run it virtually, and always roll back to a clean snapshot (before installing it tor) when done

- if possible use from a network that is not your own (open wifi, public wifi, etc.)

- spoof your mac address

- do not run JS, Java applets, etc.!

I know this seems extreme, but from what I read, it's the best you can do to protect yourself.

spindritf 3 days ago 1 reply      
So how does Tails[1] stack up? It seems to thwart most of those attacks.

It block non-anonymized traffic and makes permanent changes difficult. OTOH, privilege escalation bugs happen frequently on Linux.


conductor 3 days ago 1 reply      
> Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term

It would be nice if somebody could honeypot them to find out the vulns and malware types they are using.

GigabyteCoin 3 days ago 1 reply      
Is nobody slightly concerned that the date shown in the PDF file which sparked this commentary ( http://www.theguardian.com/world/interactive/2013/oct/04/tor... ) shows the PDF as being created in 2007?

It looks like they had some trouble picking out users 5 years ago... lord only knows how easy it must be for them now.

chrisduesing 3 days ago 1 reply      
Wait, so simply by using Tor the government will install malware on your computer. How is that legal?
reirob 7 hours ago 0 replies      
In the slide titled "Exploitation: Shaping" the status says "Can stain user agents working on shaping."

How do they achieve to make tor use NSA/GCHQ nodes? If they achieved to do this 5 years ago (the PDF is from 2007) would it then be reasonable to assume that since then they have managed to modify the TOR source code in a way that nobody remarked to do exactly this?

jstalin 3 days ago 0 replies      
So how does one determine which sites are being intercepted through Tor and served malformed code? Start doing CURLs from within Tor and outside of it and comparing hashes?
aroch 3 days ago 1 reply      
At least according the the slides, Tor appears to be safe for the most part. Which is good.
danso 3 days ago 2 replies      
This accompanying article has useful context: http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack...

> But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

So only with "manual analysis" can intel agencies have any success, and that appears to be with a small subset of users who have other vulnerabilities. But when targeting a specific user, the NSA appears to have had no success in de-anonymizing them.

neves 3 days ago 1 reply      
I've been playing with vagrant and ansible to create a new server in a snap. Here is a good weekend project:

Instead of having just an Tor/browser bundle, build a vagrant machine specification that installs the Tor bundle. This virtual machine would be destroyed and recreated from time to time. Now put the machine specification in GitHub and let anyone use it.

coldcode 3 days ago 1 reply      
Sure these folks are smart and have all sorts of powerful weapons; what are the odds that someone out there could successfully repurpose some of these weapons? What is the likelihood that vulnerabilities exist in the NSA's systems? We can never know since it's all secret. If someone does take over these systems we wouldn't know that either.
espeed 3 days ago 0 replies      
Foxacid sounds like an NSA version of BeEF (http://beefproject.com/), which hooks browsers that would then be monitored from the Lockheed-Martin-style SOC (https://www.youtube.com/watch?v=x1tCJfy_iZ4 :-).

However, for those with more limited resources, Ryan Barnett is working on an open-source monitoring system for BeEF (https://vimeo.com/54087884).

ksrm 3 days ago 0 replies      
Can one use something like Lynx with Tor? I doubt there are very many exploits for it.
malandrew 3 days ago 0 replies      
If someone makes disposable Raspberry Pi Tor exit and non-exit nodes sealed in hard plastic resin, we could all buy them and drop them off in random places throughout the world on open networks. If enough people the world over does this, we would make it a lot harder for a global passive attacker to succeed.

Tor's biggest vulnerability is the risk associated with operating exit nodes means that the number of exit nodes remains relatively low at ~1000 worldwide. If hundreds of thousands of exit nodes started popping up all over the globe. It would be very hard to counter.

I'm also curious if enough governments unhappy with what is happening could go as far as hosting many tor nodes outside the control of the NSA. Is the Global Passive Adversary threat still valid if there are many of them that are non-cooperative with one another (i.e. China can't monitor US and Russian tor nodes, Russia can't monitor US and Chinese nodes, and the US can't monitor Chinese and Russian nodes)? My intuition tells me that the global passive adversary would have to be able to monitor most of the nodes, but if others came on the scene doing the same, they would dilute the percentage of nodes that any single global passive adversary could monitor.

welder 3 days ago 1 reply      
The NSA is like Tor's pentesters, except Tor doesn't get to see the results.
wil421 3 days ago 0 replies      
I am loving every minute of this NSA-Gate or Snow-Gate. Nothing like holding GOVT accountable for decisions they make behind closed doors, decisions that had an impact on the whole world not just US citizens.

Its also great all the technical details that are being released about how they Intel Agencies collect data. Its all fascinating.

pitchups 3 days ago 1 reply      
It appears that the NSA has been able to target only Tor users that are using the Tor - Firefox bundle. So if you are using Chrome or some other browser - configured to use Tor, you would be safe from these exploits. Wouldn't most sophisticated hackers - or other high value targets most likely to be of interest to the NSA - be already doing that, rather than using the Firefox+Tor bundle?
pygy_ 3 days ago 0 replies      
> FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag [LINK REMOVED] is given in another top-secret training presentation provided by Snowden.

Anyone knows what these tags look like?

rdl 3 days ago 0 replies      
Should really make a packaged vm in vm failsecure tbb equivalent. Nothing is really works from a usability standpoint while giving reasonable protections against this kind of endpoint attack.
galapago 3 days ago 0 replies      
This kind of news should encorage people to create and use better tools for find and fix vulnerabilities in software.
hawkharris 3 days ago 0 replies      
Apparently, John Grisham works for the NSA, naming its programs.
gcb1 3 days ago 0 replies      
what about the nonsense on the quantum system? i think the reporter left some key info out.

why does speed is a factor to mitm attacks? the slide shows a proper mintm diagram... or is this quatum thing exploiting a package arriving before the honest response? and why they would need to do that if they are in a position to do a proper mitm attack and not expose themselves for someone who monitors man-on-the-side attacks?

doug1001 3 days ago 0 replies      
don't forget that Tor publishes their exit nodes--they make them freely available to anyone. So a simple membership test on a client IP against that list of exit node IPs identifies that client IP as either having come through Tor via the onion router or else they are an exit node themselves.
frank_boyd 3 days ago 2 replies      
I remember somebody from Mozilla thinking out loud "we should integrate Tor in Firefox". Glad that didn't get done.
mcphilip 3 days ago 4 replies      
edit: removing meta discussion about flagging. the story should get the attention. apologies for the distraction.
Swiss to vote on 2,500 franc basic income for every adult reuters.com
612 points by selmnoo  3 days ago   559 comments top 48
tikhonj 3 days ago  replies      
A Swiss franc is currently worth a little bit more than a dollar, so this works out to $2800/month or $33600/year. By US standards, this actually seems to be a good salary: significantly better than working full time at minimum wage.

It would cover all my current expenses handily. Of course, I'm young and single but by no means frugal. (I find that the little costs involved in worrying about my expenses easily outweigh the money saved.) So this is quite an income.

One of the main questions about something like this is about who would do boring, low-paid work with this sort of basic income. What I would really hope is that people would still do many of those jobs, but for far fewer hours--largely as a way to get money for incidental expenses and luxuries beyond the basic income. One problem I find with most jobs is that it's much easier to get more pay than less hours, even if I really want the latter. There is a large drop-off between full-time and part-time work.[1]

Beyond a certain level, I would value having more free time far more than making more money. Unfortunately, mostly for social reasons, it's hard to express this preference. A basic income could make this much easier to do.

While I suspect this might not pass, I think it would be very valuable for the entire world. One of the unfortunate realities in politics is that it is really hard to run experiments; small countries like Switzerland can act as a test subject for the entire world. Or perhaps like a tech early adopter for modern policies.

Either way, this passing would be very interesting.

[1]: For me, this is not quite as simple. In reality, there are plenty of jobs where I would be happy to work relatively long hours. But this stops being a question of pay, or even "work": after all, I'm happy to spend hours and hours programming for free. Being paid to do something I really like is wonderful, but it really changes the dynamics in ways that probably do not apply to most people.

jre 3 days ago 5 replies      
As a swiss citizen, I'm really happy we'll have to vote on this. I'm not sure yet what I'm going to vote (I'm slightly bending towards a yes), but I think this is a very interesting debate to have. Especially because this is not a traditional left-right fight.

On the left, you have some unions saying this is going to be counter-productive and that it will reduce the leverage of employees in negotiation ("You've already got 2500, stop complaining"). Some other unions say it's going to give employee more leverage ("If you don't pay me more, I leave").

There are some people (including right-wing "economy-friendly" politician) who think this is a boost for innovation. By letting people work on what they want, without the risk of becoming homeless if it fails, you'll have more people trying to become independent / create companies.

And finally, you have what is still the majority reaction when told about this idea, which is that this is encouraging laziness.

spikels 3 days ago 3 replies      
I would greatly prefer a basic income to the thousands of poorly run programs that aim to help the poor. The poor are not helpless but simply don't make enough money for some minimal standard of living (i.e. they are poor). A side effect of many existing programs is that they make the poor dependent and actually discourage self-improvement. A basic income would minimize these unfortunate but real consequences of helping them.

More info http://en.wikipedia.org/wiki/Basic_income

sjwright 3 days ago 3 replies      
I've always liked the idea of a base salary for all citizens. However, this plan appears to set the base level far too high -- it needs to be barely enough to fund the most basic of life's essentials, and indexed to an inflation rate of essential commodities. Life on this salary needs to be difficult and unsatisfying.

The model I imagine would also:

* Be paid to all citizens from age zero. Which means it can replace many existing systems, from child support payments and old age pensions.

* Child salaries from ~3 onwards could come in the form of vouchers with limited scope, e.g. accredited education providers, accredited child care services.

And you need to combine it with some further reforms, e.g:

* No minimum wage.

* Pretty much all existing welfare scrapped.

* Reduced work rights (e.g. less onerous unfair dismissal rules)

The underlying goal of such a system would be to dramatically simplify the role of the welfare state, and put the responsibility back on the individual to manage their own welfare.

rmoriz 3 days ago 2 replies      
FYI: You have to live 12 years consecutively in Switzerland, pass a tests and a personal hearing done by the local government to get a citizenship by naturalization.

Switzerland has one of the most strict immigration rules in Europe.

Source: http://www.bfm.admin.ch/content/bfm/en/home/themen/buergerre...

sytelus 2 days ago 2 replies      
Obviously people proposing this aren't thinking it through or have no training in basic economics. Intuitively you can think of money as amount of labor that you owe from other human beings [1]. So let's say in some country you need minimum of $1000 /mo to satisfy your basic needs. What this means is that someone needs to grow your food, weave your cloths, run electricity plants etc and that amount of labor costs $1000 at the moment. Now imagine a government suddenly guarantees $2000 of income to everyone. What happens next? A lot of these people who were supposed to grow food for you, weave your cloths and run electricity plants for you will drop out of labor market. This means human labor gets in less supply and its demand suddenly increases. That means cost of labor suddenly increases. That means very soon $2000 is no longer enough to buy enough labor to satisfy your basic needs. In essence, $3000 would now be new minimum that is required for your basic needs. You are back to the square one with only effect being government essentially inflated the currency.

[1] In this simplification we assume that most raw material required to satisfy basic needs is available in sufficient quantity so the cost of goods is strongly a function of human labor rather than raw material.

eatitraw 3 days ago 2 replies      
There are so many people excited about all these "equality" bills, and nobody criticizes it.

So I'll just leave it there:http://paulgraham.com/inequality.html

pyritschard 3 days ago 1 reply      
I think it's worth explaining how swiss legislation works. There are several ways to propose a new law, one of which is for enough citizens to petition, which leads to a referendum style vote.

The basic income vote followed this process, and though it gathered enough interest to warrant people voting on it, it has little chance of passing.

Interestingly a similar vote recently passed which limited the income in a company to a factor of 12 (i.e: the CEO can not make more than 12 times the lowest salary of his company) which wasn't expected of switzerland (a rather liberal and conservative country)

iliis 2 days ago 2 replies      
As a swiss I'm quite excited about this. Even if I'm pessimistic about a successful vote.

I want to mention a side-point which I haven't encountered so far:In the 'problem of lazyness' (i.e. "who will do the boring work if you are paid anyway?") one answer that often comes up is automation. Menial/low-skill jobs will be done by robots.

It's a common image that in the future robots will clean our toilets and grill our burgers while the humans have ample time to enjoy life, build rockets and do fulfilling work.[1] However, if AI research has told us one thing it's that this view is quite wrong - the opposite is true. Things humans think of as 'easy' like walking around or doing laundry are actually very difficult engineering problems and 'hard' stuff like playing chess or doing rocket science are easier in an absolut sense.

The reason behind is simple: Evolution had millions of years to perfect walking on legs and interacting with the environment. Our bodies almost literally have an walkTo(Place) API, so the only thing 'we' (our conscious self) have to do is to call it. Abstract thinking is something new and our brains have to do it manually. It takes you less time to run over debris than to multiply large numbers and so we have a distorted picture of what is hard in an absolute sense.

The picture is true for humans but it falls apart when we want to automate it. We are still decades away of beating humans in soccer but Jeopardy is a solved problem.

I'm not convinced that 'low'-skill jobs are the first to fall into the hands of machines. [2]


[1] Ignore for the moment the fact that unclogging toilets can also be fulfilling.

[2] This is of course a broad argument. We still have no clue what Intelligence or Creativity actually is - It may still turn out to be very complicated. But I nevertheless think there's a good chance that we will figure out hard AI before you can buy a robot which washes your socks, mows the lawn and fixes your plumbing.

JDDunn9 3 days ago 1 reply      
A country that values science, education, peace AND cares about the poor! Have I stepped into another dimension?
ck2 3 days ago 1 reply      
I like to think I am progressive but this minimum income idea is a horrible idea in my eyes.

It is like student loans in the USA, everything will rise to the maximum price that people can obtain money.

wavesounds 3 days ago 1 reply      
Meanwhile, in America, the government is shut down to try to stop poor people from receiving subsidies on their private health insurance.
chmars 3 days ago 0 replies      
The text of the Swiss initiative can be found at http://www.admin.ch/ch/d/pore/vi/vis423t.html. Please note that it does not mention 2'500 Swiss francs as a basic income.

Rough translation into English:

Federal People's Initiative 'For an uncoditional basic income'

The federal constituion shall be amended as follows:

Art. 110a (new) Unconditional Basic Income

(1) The Confederay introduces an unconditional basic income.

(2) The basic income shall allow the whole population a decent life and participlation in public activities.

(3) The law defines funding and amount of the basic income.

tpainton 3 days ago 3 replies      
Atlas shrugged... and the leaches attacked. I find it hard to believe Swit doesn't already have some welfare system that provides for those who actually need it... but now, 30k a year just for breathing? Sounds like communism to me.... only you don't have to produce anything. Utopianism like this doesn't last. Eventually you run out of payers. it's human nature to eventually grow tired of working hard so someone else doesn't have to. When that time comes, you either join the leaches or you leave the environment. Eventually, you always end up with a negative balance. It is doomed to failure.. Eventually.
psuter 3 days ago 3 replies      
Before anyone gets too excited, let's remember that this is also the country where the people voted against raising the required paid holidays (2012), for substantial cuts in unemployment allowances (2010), and for increasing the VAT (2009), just to give some recent examples. Regardless of its merits, it is going to be nearly impossible to gather popular support for an idea such as basic income. But hey, at least we'll talk about it.
Kiro 3 days ago 5 replies      
Wouldn't basic income just lead to higher prices and inflation?
negamax 2 days ago 2 replies      
At the risk of mowed over by the crowd, I want to propose not calling it income. It's welfare. In no way should we equate it to result of someone's work.
patatino 3 days ago 0 replies      
We have about 3% unemployment rate in Switzerland. You have to know something about us, we love to work. Why? Because we are raised with the thought that's our strongest asset. Pretty small country with zero resources. Last year we voted for the increase of our holidays from 4 to 6 weeks. Result? 66,5% voted against it.

This vote will get something like 80% no votes because people are affraid this will change how people think about work.

LekkoscPiwa 2 days ago 0 replies      
So what happens if everyone in Switzerland is given 1,000,000 Francs? You really think they all will end up being millionaires? LOL, you will jut create a lot of inflation that's all. Amazing how economically illiterate leftists usually are.
ronaldx 2 days ago 0 replies      
I expect massive inflation on particular necessities (likely rent/housing, utilities) as rent-seekers squeeze the available money.

Necessities within competitive, or border-crossing markets (likely food) might not be subject to such inflation.

The consequences for luxuries are harder to predict, but perhaps they would still be out of reach of the unemployed/underemployed. This could motivate a majority to continue work.

If this balances to the point that 'poor' people can maintain a fair lifestyle without working, wages for cheap/exploitative labour will rise wherever people don't find value in the work. This will be balanced by pressure to take on immigrants to work. (Based on my understanding of Swiss politics, it feels unlikely they will receive the same benefits)

Not without economic consequences but overall, exciting stuff. A lot of people will have vastly more freedom: risk-taking, entrepreneurialism and general creativity will boom.

yason 2 days ago 0 replies      
I wonder if that just raises the bar and everything becomes the same again:

- everyone gets at least X for basic income

- for some people it makes more sense to not take low-paid shitty jobs because deducting commuting and lunch expenses from the low-paid salary you can probably make the same money on basic income, especially if you're willing to be a bit frugal

- more money gets offered for low-paid shitty jobs because there's high demand and low supply of workers

- the extra money is charged from the customers of the companies who employ the workers who do the not-so-low-paid shitty jobs

- the costs trickle upwards and cause inflated prices which in turn makes landlords raise rents accordingly

- the rents and price of food become painfully high for those who live on basic income

- we're back at square one: poor people have to take shitty, relatively low-paid jobs to make a living because the amount of basic income, X, is baked into pretty much all prices in the market

habosa 2 days ago 1 reply      
Economic question: won't this just eventually result in a rise in prices to reflect the fact that everyone has more money? I guess imported goods will remain about the same price, but things produced locally would almost definitely go up in price. If I knew all of my customers had $2500/month more, I'd raise prices.
badass 2 days ago 0 replies      
A basic income only serves to maintain the status quo for those at the top. It's a release valve on political pressure to bring fundamental changes to the system to better serve the lower classes.

In the US, one can look how the Section 8 housing program serves a similar pressure-relief function in the housing rental market. By giving essentially free rent to those who cannot afford current market rate rents, it relieves political pressure to reform housing policies that keep rental rates high while also inflating rents and property values, heavily distorting the rental market. I think one can easily view the Section 8 program more as welfare program benefiting property owners rather than lower class renters.

A basic income would have a similar effect on the general cost of living, inflating values and benefiting the wealthy. Again, like the Section 8 program, this will be a welfare program benefiting the wealthy because this basic wage will simply flow upward and concentrate at the highest economic rungs.

AndrewDucker 3 days ago 0 replies      
I'd imagine that for most people this would make little difference - you can adjust income tax and remove the basic allowance so that it balances out somewhere near the median wage.

The main thing it would do is to remove the welfare trap - whereby you can earn less from starting work. Suddenly, every Franc you earn adds something onto your income. And you get rid of a whole tranche of bureaucracy at the same time.

SCAQTony 3 days ago 2 replies      
If they did that in America 50% of the population would quit working and prices would quickly shoot up to MARS!

Less workers, higher wages, more money in circulation... What an inflationary mess that would be.

seeken 3 days ago 1 reply      
There have been experiments with NIT (Negative Income Tax) in the US. My impression was that they were a disaster, but in looking for them I found this article,[1] which explains some of the history of NIT in the US.


angularly 3 days ago 0 replies      
Wow, I hope they vote no. I moved to Switzerland recently to avoid the dominant socialism in northern Europe. But they are one of the last liberal stands down here, so there is a good chance it will fall through.
k-mcgrady 3 days ago 0 replies      
I like this idea and think it's something that's going to become more common. As more and more jobs are automated it makes sense that governments would eventually generate money through automating societies least popular jobs and use the money generated through that to pay citizens a basic salary.
transfire 3 days ago 0 replies      
It's a good idea, but that's too high. You want to keep people from starving and living on the streets; not keep them from doing something productive with their lives.
lettergram 3 days ago 0 replies      
Economically speaking this is not going to help anyone... If every person makes a specific lower bound limit all that happens is prices are increased. It probably takes a year or so for the full effect to be felt, at which point there is the choice to either raise it to combat the prices or set limits on how much stuff will cost. Either option sets a limit goods or wages in your country that will not be beneficial.

Not to mention, in combination with the other stuff being passed by the swiss there country can have some major problems coming up here.

notdrunkatall 2 days ago 0 replies      
Free money for everyone, what could go wrong?


marcamillion 3 days ago 3 replies      
If this passes, I suspect that Switzerland would see a MAJOR, MAJOR spike in inbound immigration requests.

I would love to see what that spike would look like.

hikarudo 2 days ago 0 replies      
"It is an elementary requirement of economic incentive as well as justice that the man who works for a living should always be better off because of that, other things being equal, than the man who refuses to work for a living." [1]

[1] Henry Hazlitt, The Conquest of Poverty

robomartin 3 days ago 3 replies      
Maybe I am too obtuse to understand how such things could work.

What happens if nobody has a job?

OK, that's a little extreme. Let's see, a family of five would get 12500 F per month unconditionally. That's probably a pretty good chunk of money for doing nothing.

I see images of five to ten people living together to collectively earn 25000 F per month.

In the same story they talk about limiting executive pay to 12x the salary of the lowest paid employee. Again, I just don't see it. In a global market I just don't see intelligent and capable people not looking past their borders seeking better compensation for what they have to offer.

How can you build a sustainable and competitive society this way? Again, I'll admit to not being mentally equipped to comprehend how this can work. Perhaps someone can educate me.

znowi 3 days ago 0 replies      
A separate proposal to limit monthly executive pay to no more than what the company's lowest-paid staff earn in a year, the so-called 1:12 initiative, faces a popular vote on November 24.

This is a peculiar initiative. Surely, a plot by the commies, or is it not?

danbmil99 2 days ago 0 replies      
I'll be on the lookout for lots of great Swiss bands to hit the scene around 2017 (if this gets passed).

Also lots of alternative art shows, post-feminist poetry readings, etc.

Should be fun

vaibpuri 3 days ago 0 replies      
This "might" lead to people actually working more in a certain sense. If a person is to receive an X amount of francs per month then employers will require 40 hour / weeks leading to approximately 15 francs per hour (12.5), which for a place like Switzerland is kind of fair.

Those who choose not to work enough might have to face inflationary affects in housing etc. needing to catch up to the median (not average) population income levels.

Eitherways, if the Swiss go wrong on this their system of voting is flexible enough to allow for change back.

sebilasse 3 days ago 0 replies      
2'500 CHF is about the budget for a student life-style in Zurich. I expect a lot of young Swiss going on long holidays to cheaper places like south-east asia or eastern europe.
ivoras 3 days ago 1 reply      
For those in the EU, there is currently an official (run by the European Comission) on-line petition in which EU citizens can vote for encouraging the application of the Basic Income idea at https://ec.europa.eu/citizens-initiative/REQ-ECI-2012-000028... .

This is not a "let's apply this now!" thing, but a petition to study the ways and means of how it could be applied.

tpainton 3 days ago 0 replies      
I have to chuckle at the thought of forcing the wealthy to pay other wealthy a minimum income. Or is the 'wealthy' excluded from the definition of 'every adult'. What a complete waste of time and paper.
namlem 2 days ago 0 replies      
Can someone explain how they are going to pay such a large amount? Isn't this more than their entire national budget? I punched the numbers into wolfram alpha and they don't add up. Am I misunderstanding something?
stretchwithme 3 days ago 1 reply      
Any petition getting enough signatures can place something on the ballot in Switzerland.

They've even voted on whether to abolish the military.

jes 3 days ago 0 replies      
Are the taxes to pay for this voluntary in Switzerland?
avty 2 days ago 0 replies      
Basic income is a basic human right.
frank_boyd 3 days ago 1 reply      
Switzerland has twice the amount of asylum seekers per capita, compared to the EU average.

That seems to be the result of a fairly open asylum policy. Some people find it's too open and complain about that.

With the concept of a basic income like this, I suppose their asylum policy would have to become more restrictive.

known 3 days ago 0 replies      
Very much desirable to prevent wage slavery in globalization
rickjames28 3 days ago 2 replies      
go for it. and let's see the extrapolation to a economic juggernaut like the U.S. It's always the "norway" argument. If Norway (pop 4 million or so) can do it so can the U.S.

Yes, I guess Los Angeles could do something like that, but..

Model S Fire teslamotors.com
566 points by shakes  3 days ago   238 comments top 31
gkoberger 3 days ago 20 replies      
I agree this isn't as big of a deal as the stockmarket may imply, but this line bothers me:

"That equates to 1 vehicle fire for every 20 million miles driven, compared to 1 fire in over 100 million miles for Tesla. This means you are 5 times more likely to experience a fire in a conventional gasoline car than a Tesla!"

Americans drive an aggregate of 3 trillion miles every year, while Tesla drivers have done 100 million (and they don't cite this number; are they including test drives?). That's well over an order of magnitude difference. Plus, the average Tesla driver is currently probably a superior driver (if for no other reason than they have a brand new expensive car) and has taken better care of their car (since it's within 2-3 years old, tops). In theory, Teslas will eventually become more mainstream over the years -- resold, price drops, lower-end models, etc.

Again, I don't think their conclusion about Teslas being safer overall is wrong. However, their conclusion of the likelihood of a Tesla catching on fire seems off, and the exclamation mark makes this press release seem glib.

mixmax 3 days ago 1 reply      
My boat's hull happens to be made of 1/4 inch metal plate (6mm) which is apparently the same as the protected underside of a Tesla. I've hit a concrete block, gone aground a few times and generally have a bit of excperiencing with impacting hard immovable objects with a vehicle protected by a 1/4 inch metal plate.

It takes a LOT of force to pierce 1/4 inch plate. My boat weighs 12 tons, and it hardly has a dent from the collissions I and previous owners have been in.

abalone 3 days ago 1 reply      
Question: Is it really that unusual to have 25 tons of force applied to a point of the underside of the car in an accident? Does anyone know?

My conjecture: The Model S is a heavy car. Hit something pokey at speed and you've got an awful lot of forces channeled to a point.

I also thought it a bit much that Musk tried to compare this to severing "fuel supply lines" in a gas car. The likelihood of a 3 inch puncture severing a fuel line or entering the gas tank is vastly lower than compromising a battery pack that runs the length of the underside of the car.

The Tesla's underbelly vulnerability zone is vastly larger than fuel tanks and lines.. and a punctured battery doesn't need an ignition source to start a fire, either.

patrickg_zill 3 days ago 6 replies      
I think the write-up is pretty good.

I would only point that 25 tons of force, isn't really a lot - I mean, the small jack that you use to lift your car can be a 5 or 6 ton device.

You have a vehicle traveling a decent rate of speed, for it to strike or run over anything at all will involve tons of force.

Neat explanation of the sort of math involved, with both SI and US units http://hyperphysics.phy-astr.gsu.edu/hbase/carcr.html . In the example, a car going 30 mph (50km/h) striking a tree will hit with about 48 tons of force.

codex 3 days ago 2 replies      
It looks like they're backing off the claim that the fire was contained to only one cell. It's unclear, but if the fire were contained to only one cell, it's likely they would mention it:

"A fire caused by the impact began in the front battery module the battery pack has a total of 16 modules but was contained to the front section of the car by internal firewalls within the pack."

If the fire was able to jump cells, does this make the battery pack "fundamentally unsound", as Elon has described the Boeing battery? Not necessarily. However, merely puncturing the gas tank of a ICE car in this way is not guaranteed to set the gasoline on fire. The ignition temperature of gasoline is over 500 F and the gas tank itself is plastic, most likely. Gasoline vapor is explosive, but the car was traveling fairly rapidly and a there's a fair amount of wind to dispel vapor. The ignition source would have to be heat from the metal of the debris self-striking metal of the debris, or though both layers of plastic to the auto frame itself, and that spark would have to find some gasoline, which is pooled at the bottom of the tank and not near the top. I suppose it's possible. Car crashes do produce burning gasoline, though usually it's a very severe crash that mixes gas vapor with the heat of the engine.

bsullivan01 3 days ago 0 replies      
Fire happens. Maybe Tesla performs better, maybe not but cars do catch fire. I, however, will not be buying Elon's explanations simply because he seems like a cheesy salesman and a media whore. http://www.bloomberg.com/news/2013-04-02/tesla-to-begin-mode...

(Knowing the Elon is the Sun God among many here, I want to say this: I do not particularly care about karma, I'm saying 100% of what I am thinking.)

EStudley 3 days ago 1 reply      
Tesla's write-ups on their blog are the most informative reports I've seen written by a company about their own product. It's awesome to see this kind of transparency as opposed just a copy-paste statement like "Tesla is investigating the event."
Shivetya 3 days ago 6 replies      
I really don't care about "it would be worse if it were a gasoline powered vehicle". That statement is simply trying to redirect attention. Leave statements like that out of the problem diagnoses and simply concentrate on what went right.

Otherwise it looks like making excuses and that is bad.

ebiester 3 days ago 1 reply      
Two things.

1. I have had my gasoline car catch on fire in my lifetime. (That was the end of the car.) However, it was having a lot of trouble at the time and we had just taken it to the mechanic. (That's right, it caught on fire at the mechanic's shop. We were still waiting to talk to the mechanic before going back home when it caught on fire.) This was not the only on-fire incident among our friends. One had his minivan catch on fire in a gas station.

But both of them were old cars. What is to say that most of the cars that catch on fire aren't much older than the Tesla? What is to say that the Tesla won't have more trouble as it gets older?

Oh yeah. The batteries will have to be replaced before the car is run down as much as our old beaters were. And Tesla owners will have the money to maintain their cars better than we did as teenagers.

So, what I'm saying is that the real test will be in a decade. More fires will probably happen, just like regular cars do.

Either way, it's probably not dangerous enough to be worth avoiding buying a new one.

001sky 3 days ago 1 reply      
Initial attempts to douse the fire were unsuccessful. The fire appeared to be extinguished, then reignited underneath the vehicle, the report said. Firefighters had to use a jack to turn the Model S on its side, and then cut a hole in the car to apply water to the burning battery.

He seemed to skip that last bit. (?)

001sky 3 days ago 0 replies      
A little closer reading of the report[1,2], shows that only 26,000 automobile fires occur on public highways. That makes Tesla's single datapoint worse than a conventional Auto.

All cars: 1 fire per 116 million vehicle miles/year

Tesla: 1 fire per 113 m vehicle miles/since inception

Obviously, the Model (s) being a newer Tesla model does not have the full historical amount of "Tesla" Miles as the denominator.

[1] http://www.nfpa.org/~/media/files/research/nfpa%20reports/ve...

[2] Furthermore, only 2% of non-deliberate fires start in the fuel line or fuel tank of a normal vehicle

devy 3 days ago 4 replies      
Is Elon's claim, "the effective combustion potential is only about 1% that of the fuel in a comparable gasoline sedan", accurate?

AFAIK, all the Lithium Ion Battery electrolytes are flammable (they are pressurized in the battery container too). Depending on the chemistry of the Lithium-ion battery that Model S uses, some (I.E. LFP) are safer than the others, but still, 1% potential?

EVs like Chevy Volt, Fisker Karma and even Boeing 787 Dreamliner and UPS/FedEx freight flights had been caught Lithium fires in air before.

anoother 3 days ago 0 replies      
As much as I admire the work Tesla and Elon Musk are doing, I can't help but feel that the press releases issued by the company are at times overly defensive.

We all know there is negative rhetoric bouncing around about this incident. It seems to me that, precisely because of this, there really isn't a need to write in such a mannertrying to block all possible avenues of attack as if one is a afraid of what will be written in response.

The tone, to me, betrays insecurity, and this seems something at odds with the bullish, innovative nature of the non-PR aspects of the business.

tn13 3 days ago 1 reply      
The following statement is wrong at many levels.

"That equates to 1 vehicle fire for every 20 million miles driven, compared to 1 fire in over 100 million miles for Tesla. This means you are 5 times more likely to experience a fire in a conventional gasoline car than a Tesla!"

- All Tesla cars are new and almost all of them have superior drivers.

- They drive their cars only on certain roads where as Gasoline cars are almost everywhere.

- You can not compare 100m sample set with 2 trillion size sample set.

lafar6502 3 days ago 2 replies      
Wow, first serious Tesla road accident and all they can say is how unlikely it was. It was impossible before, now it's only extremely unlikely. Until next time? There are probably many other ways to destroy the battery in a collision, how likely is it to ignite when damaged?
RyJones 3 days ago 0 replies      
I wonder what he means by 1/4" armor plate - AR500? Is it actually rated for armor plating, or just built with material from which you could also build rated plates?
smoyer 3 days ago 0 replies      
Excellent post-mortem!

And who would have thought a side-effect of disrupting the automotive industry would be training fire-fighters on the correct techniques for battling a lithium fueled fire?

rdl 3 days ago 6 replies      
So a truck driver who couldn't be bothered to secure his fucking load just cost Tesla shareholders $1b+?
uladzislau 3 days ago 1 reply      
The title is missing word "incident". My first thought was that Tesla has a new model "S Fire".
Kiro 3 days ago 0 replies      
Why are people on HN so keen on defending Tesla at all cost?
jmount 2 days ago 0 replies      
I've blogged a fun writeup of the math in the (unimportant and actually against Tesla) formal bias in evaluating a failure rate right after the first failure: http://www.win-vector.com/blog/2013/10/estimating-rates-from...
robomartin 3 days ago 2 replies      
> This means you are 5 times more likely to experience a fire in a conventional gasoline car than a Tesla!

I LOVE THE COMPANY. I DON'T ENJOY OR APPRECIATE THE LAME MARKETING ATTEMPTS THEY SOMETIMES MAKE. Just like that whole business of jumping through hoops to make it seem like there was some new magical way to finance a Tesla, this is wrong.

Trying to create a safety metric by comparing the number of fires to the number of miles driven per vehicle type is pure nonsense. You have to look at the causes and mechanisms of the fires and dig a lot deeper than that in order to even hope to generate a meaningful metric.

Here's an imperfect analogy (numbers made-up): One million people run marathons every year world wide. 1000 have heart attacks and die. Ten thousand people have run marathons with our shoes and only one had a heart attack and didn't die. You are far less likely to have a heart attack and die if you run marathons with our shoes.

Nonsense. Right?


Almost anyone would look at that and recognize it as a poor attempt to create a nexus where one does not exist. I think it's bad marketing.

Now, if we started to dive into the statistics and identified location, weather conditions, age, physical conditioning, pre-existing conditions (heart problem they did not know about), etc. we might actually be able to attempt a comparison between people wearing the new shoes vs. the other brands. Even then, the nexus would be tenuous at best.

A similar exercise would be needed to compare car fires between brands and types with any degree of validity. I don't have the time to dive into the stats. It was easy enough to Google [0][1][2][3] and do a quick scan:

It is easy to see that young males are more likely to be involved in a car fire.

There are statistics about different brands having different fatality rates (not necessarily related).

Lots of fires are caused by running equipment. Lots of fires originate in the engine compartment. Mechanical and electrical failures seem to account for over 60% of fires.

The point is simple: Far more extensive and detailed statistical work needs to be undertaken before anyone can conclude absolutely anything on the merits of any particular car or design as it pertains to potential to cause fires.

Elon and his team are very smart. They know this. And this is why some of their marketing of late feels really dirty and beneath them. This is Tesla reacting to news that affected their stock price and, potentially, buyer sentiment, with marketing rather than the truth.

Are Tesla's safer than all gasoline cars? That question is probably not an easy one to answer at all.

There's the potential for a theoretical sort of an answer based on design. For example, there are no fuel lines to rupture. Does that mean it is safer? Hard to say. What do you compare that to? Perhaps you can list all the potential sources of ignition and sort them by probability and MTBF? Not sure.

Of course, then you have the real-life probability. Once you get a million cars on the road with all kinds of people, driving in all conditions, roads and levels of maintenance and neglect things can change dramatically. If I remember correctly Tesla has somewhere in the order of twenty thousand. There's a reason we see major car companies recall hundreds of thousands of cars every so often. Shit happens. Design error are made. And it can take time and a massive installed base to discover them.

THE TRUTH OF THE MATTER is these are the kinds of tests electric cars will have to endure over a period of time in order to reach wide adoption. Despite what's been said here a full tank of gasoline is far safer than a fully charged battery pack with enough energy to go 300 miles.

Before anyone mauls me, consider how many gasoline cars have been driven and, yes, crashed, world-wide since gasoline cars came into mass production. Not last year. Since forever.

There have probably been millions of accidents without fires, even with fuel leaks. There's probably no imaginable way to compare the two at this time. We simply don't have enough data. And, no, linking to a horrible crash video on youtube involving gasoline igniting does absolutley nothing to support arguments on either side.

The one issue with electrics that is not spoken of is the fact that you have a several hundred volt high energy system that could very well electrocute passengers. I fully expect that to happen one day (in general, not necessarily Tesla). If and when that happens you can bet it will set the breaks on electrics for a while and relevant stocks will plummet.

I still believe electric cars are the future. We simply need to go though the evolutionary process that will make them really safe for hundreds of millions of electrics to share the road. What happens when you have a pile-up of ten or twenty electric cars on a fogg-covered highway? A pile of mangled wrecks with 400 Volt high energy systems is unimaginably dangerous. I can think of a few horrific scenarios under those conditions.

At some level part of me thinks that fuel cells are the future, not batteries. Having something relatively benign that can leak out would be a good thing.

A few months ago there was a horrific crash in my neighborhood. This 18 year old kid decided it was OK to go 100 miles per hour on this avenue. He lost control and plowed into a bunch of cars parked by the side of the road. He absolutely destroyed seven of them before coming to a stop. Most of the cars were mangled beyond recognition. He was driving an SUV with a lot of mass. His SUV was nearly cut in half and impaled into one of the cars to a degree that made it difficult to see where one car started and the other ended. Almost like taking two lumps of play-doh and mixing them together.

No fire. Gasoline all over the place but no ignition at all. He hit the first car, fused into it and the "ball" formed by the two cars proceeded to destroy the other six. Absolutely amazing display of how much kinetic energy was dissipated.

Had this been eight fully-charged electric cars I am almost certain there would have been a horrific fire as well as the potential for absolutely impossible to describe electrocution of some of the passengers. And, to make matters worst, it would have taken the rescue crew far longer to remove the victims as they would have to be worries about electrocuting themselves and the victims (at the very least).

Until there are enough electric cars on the road to have a massive pile-up accident [4] where most cars are electric we will not really understand the practical reality of a world where every car on the road is electric. Imagine having to walk out of a one hundred mangled car pile-up where every car has a battery pack storing enough energy to drive 300 to 400 miles and they are wired to produce hundreds of volts. I can't imagine anyone who understands electronics and electricity that would tell me all would be well after looking at the pictures from this accident [4] if all cars were electric. Look at pictures 1, 8 and 11. No fires. Gasoline isn't all that bad in this regard.

[0] http://www.usfa.fema.gov/downloads/pdf/statistics/v13i11.pdf

[1] http://www.usfa.fema.gov/statistics/reports/vehicles.shtm

[2] http://www.chandlerlawgroup.com/library/national-vehicle-fir...

[3] http://www.statisticbrain.com/driver-fatality-stats-by-auto-...

[4] http://www.cnn.com/2013/09/05/world/europe/uk-huge-chain-rea...

sgustard 3 days ago 0 replies      
If Toyota owners got one of these emails every time one of them caught on fire it would be sort of a downer, so I guess you only have a few chances to make it a PR event.
nodesocket 3 days ago 0 replies      
I wrote a blog post on this last night (Tesla model S and the three laws of robotics).


senthilnayagam 3 days ago 0 replies      
Stakes are high, for sure

Elon Musk & Tesla would review its design, would possibly add protection for these type of accidents.

Will any other gasoline car manufacturer be willing to participate in such crash test what model S encountered, I doubt anyone will.

fus 3 days ago 0 replies      
"Had a conventional gasoline car encountered the same object on the highway, the result could have been far worse."

Diesel-powered car would be much safer, since oil requires something like a wick in it to burn. It's hard to argue with Tesla's statement, since argument is true; but it doesn't include this issue in electric vs ICE vehicle competition.

hkmurakami 3 days ago 0 replies      
Totally thought this was a name for a new model S model, a la kindle fire.
zw123456 3 days ago 0 replies      
Tesla, recall is coming, that is obvious. You will be forced to put in stronger armor underneath. So drop the price by $10K, or do the recall sooner. Either way that is the reason for the stock hit, people know one or the other or both are coming.
hipaulshi 3 days ago 0 replies      
wow. reading their report always inspires me to be a better engineer
indus 3 days ago 1 reply      
> "highway speed"

crafty writing. read it as "high speed"

oddshocks 2 days ago 1 reply      
He is just great
Time to hand over the reins before Capistrano costs me my youth? groups.google.com
458 points by codebeaker  1 day ago   235 comments top 20
patio11 1 day ago 7 replies      
Thanks for creating software which has been an immense service to the community, and which I rely on quite a bit.

Tangent mode on:

Somebody really, really needs to write the How To Deploy Rails Without Losing Your Sanity handbook. I will buy a copy. It will sell thousands of them.

A lot of the problems with people's interactions with Capistrano are environment/ops problems which have known solutions that work, but which rely on people having a great understanding of arcane trivia which is spread across conference presentations, blog posts, commit messages, and the practical experience of the best Rails teams. Unless you're prepared for an archaeological expedition every time you start a new Rails project, you're going to do something wrong. You should see the bubblegum and duct tape which I came up with, and it mostly works, but I know it is bubblegum and duct tape.


Non-deterministic deploys of code from (usually) un-tagged source control

I feel lucky in that I was mentored by an engineer who decided to teach me, one day, Why We Tag Shit. But for the Why We Tag Shit discussion, I would be like almost every other intermediate Rails engineer, and be totally ignorant of why that was a best practice until lack of it bit me in the keister, at which point the server is down and one has to rearchitect major parts of the deployment workflow to do things the right way. Why We Tag Shit is only about a 500 word discussion, but it's one piece of organic knowledge of the hundreds you need to do things right, and it is (to the best of my knowledge) not covered in docs/QuickStarts/etc because that seems to be out of the purview of the framework proper (I guess?).

I'm sure that I'm ignorant of several of the hundreds of pieces of things one needs to do to do deployment right, as evidenced by my fear every time I execute my deploy scripts. I, and I must assume many other companies, am willing to pay for an option which gets me to a non-bubblegum and duct tape outcome.

Seriously, folks: there is a product here.

forsaken 1 day ago 9 replies      
I just wanted to point out how poisonous our community is. It's something that I've been struggling with for a long time, and trying to slowly change.

The fact that people read this article, and don't feel the need to mention his fear of releasing software just shows how broken things are. It shouldn't be an accepted fact of open source that if you release new code that might be backwards incompatible, you get vitriol for it.

His quote:

... but I too cowardly to release it and make it mainstream, as Im afraid it'll destroy whatever good will for open source I have left when the flood of support questions inevitably comes in, followed by all the people who are unhappy with what I've built and feel obliged to tell me how bad I am at software.

bretthopper 1 day ago 3 replies      
Some unsolicited advice from someone who's never run an open source project as popular as Capistrano:

* Ditch v2 ASAP (seems like you've already decided on this). It's pretty obvious you aren't motivated to work on that codebase anymore. I've looked at v3 and it's much better thanks to relying on Rake tasks.

* Be selfish. It's your project so if you think v3 is the way to go forward, go with it and who cares what the "community" thinks.

* Seems like you already have a few people helping out, so continue and maybe make formal "core" team. There's nothing with yourself taking a step back from the heavy coding. But I believe that Capistrano would be better with your guidance than without it.

codebeaker: There was no mention of Harrow in that post. Are you still working on that? I'd assume that if you were you'd continue work on Capistrano since it's based on it.

codebeaker 1 day ago 18 replies      
I'm the OP of the mailing list post, and have maintained Capistrano for the last 5 years. I'm passionate about providing great open source tools, my business and reputation are built on Capistrano and I don't want to give it up, but it's destroying me.
AlexMuir 1 day ago 1 reply      
My first thought was "I owe this guy, Capistrano is the main reason why I have spent ~ $100 per year on VPS servers and not $100 per MONTH on Heroku et al.

I'd suggest Lee runs a Kickstarter type thing and I'd very happily throw in $100. But I don't think he will because it doesn't seem quite right.

So here's a (wild and completely off the cuff) startup idea - a pre-emptive Kickstarter. Someone creates the project "Lee Hambley, continue working on Capistrano." and we all pledge into the pot. If Lee agrees to do it, he gets the money. If not, we don't pay anything.

gnufied 1 day ago 2 replies      
For real long time Capistrano v2 has been exclusively going forward with Pull requests and next to no new development while Lee worked on v3 on separate branch, which looks like a rewrite.

As a result various releases of v2 were buggy. Capistrano is a hard to test application agreed but its test coverage is plainly woeful.

About 6 months back when 2.4.12 release was broken (https://github.com/capistrano/capistrano/issues/434) I suggested to remove asset pre-compilation stuff from Capistrano. Capistrano is a general purpose tool, company where I work we use it for deploying java, php, ruby and all sort of stuff. I don't understand why it should have poorly tested asset pre-compilation things built in.

I don't know what made Lee work on a rewrite. I can only imagine how difficult it must have been for him to work on something so big singlehandedly while running a company.

His last point is very valid about using RVM, rbenv etc in production. I don't know why people do that. Does that make it easier? Aren't people aware of something like - https://launchpad.net/~brightbox/+archive/ruby-ng ?

alrs 1 day ago 4 replies      
As always, it bears repeating: rvm/rbenv don't belong in production. They exist to allow developers on Macbooks to sync their version of Ruby with whatever is packaged in the Linux distro or BSD variant that runs in production.

If I had a Mac I'd skip the ad-hoc Ruby environment switchers and skip straight to Vagrant.

joevandyk 1 day ago 0 replies      
Really looking forward to Docker being 1.0.

What you want to do is build a single package of everything your application needs (which includes the application code and all dependencies -- libc and up), then copy that package to the production servers.

It shouldn't matter if your application server has Ruby 1.9.3 and you need 2.0.

It shouldn't matter if the last deploy of your app needs Nokogiri compiled against libxml 2.8 and you now need 2.9.

It shouldn't matter if you are running 5 different apps with 5 completely different set of dependencies on the same machine.

It shouldn't matter if you need to use the asset pipeline.

It shouldn't matter if github or rubygems drops out half-way through the deploy process.

All the production server should get is a single package of all that your application needs, then a 'restart application' command.

Docker should be able to handle all this simply.

ealexhudson 1 day ago 0 replies      
A good decision - get out while things are still positive. Not enough people are brave enough to step down at the right time (or even when it's obvious it's already the wrong time).
AhtiK 1 day ago 2 replies      
Does anyone know what's wrong with the Rails asset pipeline that is mentioned in the post as one of the issues?
ChikkaChiChi 1 day ago 0 replies      
As much as this is an open invitation to rail on the RoR community, I think this is a problem that is a lot more indicative of this brave new software culture both open source and (independent) commercial.

If your tool sees any sort of uptake, it suddenly no longer is yours. The community suddenly expects you to not only to continue to modify the base code to improve functionality, but to also adhere to a sort of backwards compatability so that everything they know and loved about your baby never changes.

I can't imagine how much more taxing this would be once the tools you built become integral part of other team's workflow. The burden and stresses of keeping "the world" afloat would cause many a sleepness night for people of strong constitution.

kawsper 1 day ago 0 replies      
I am a bit sad that he feels this way about it.

I have used Capistrano a lot, I built my "default" setup, compiled it into a gem, and released it here: https://github.com/kaspergrubbe/simple-capistrano-unicorn and moved on with my life as a developer.

I know of at least two bigger organizations that depend on Capistrano (and my gem) for their deploys. I feel like Capistrano is the way to go if you manage your own servers, and need to deploy to them.

Capistrano started my Rails experience, and I am very grateful for the work put into it. But I never wrote and said "Thank you" or "Great job", maybe we need to be more vocal to the people that put in time and energy to build the software that we use a lot.

joeblau 1 day ago 0 replies      
It's sad to see when an open source project becomes overwhelming. On one hand the project is open source, so hopefully, someone else can pick up the torch. We saw this happen in the node.js community and node's been moving along. On the other hand, based on what Lee is saying, it looks like situation is pretty bleak. I'm not a Rails user, but I feel like most of the "hot-startups" in San Francisco run a Ruby stack. From an observer looking into the community and platform though this post, I never realized how many challenges there were in that development environment.
tomdefi 1 day ago 1 reply      
For anyone interested in an overview of Capistrano v3, I wrote an introduction last week - https://medium.com/p/ba896a142ac
grandalf 1 day ago 0 replies      
Check out fabric as a much faster alternative to Capistrano. Combined w cuisine.py it's a simple and powerful alternative to chef solo.
chrismealy 1 day ago 7 replies      
I love ruby and rails, but yeah, I'd switch to any framework in any language that made deployment stress-free. Except php.
yannk 1 day ago 0 replies      
"Whilst I believe strongly in Capistrano as a general purpose tool [...] I do think the future of software deployment is in small, containerised VMs and so-called PaaS, as what we're all doing right now has to end, some time."

Kudos. It takes a lot of courage to admit your baby is not going to fulfill the future you had initially imagined.

machbio 1 day ago 0 replies      
Thanks for the awesome software.. I just started learning about capistrano recemtly, just amazed by how simple it is..

I believe when you said that PAAS will go, only reason I use heroku and dokku(from docker) is due to its easy deployment.. and for no other reason than deployment..

joaomsa 1 day ago 0 replies      
Capistrano really has saved us multiple times, sad that a vocal part of the community tends to exhibit such behavior.

At our company, we develop multiple RoR apps and we've run into many of these issues (mostly related to the asset pipeline), yet none of them actual problems with Capistrano. Since it's the bridge between so many things, I can imagine why it's easy for it to become cannon fodder.

We've tried to standardize many of our recipes such as local asset precompilation into a single cohesive gem (https://github.com/innvent/matross). That has saved us the trouble of debugging the same issues over and over when they inevitably pop up across applications.

stevewilhelm 1 day ago 0 replies      
Check out 'Deploying Ruby Applications to AWS Elastic Beanstalk with Git' [1]

[1] http://ruby.awsblog.com/post/Tx2AK2MFX0QHRIO/Deploying-Ruby-...

Nuclear fusion milestone passed at US lab bbc.co.uk
419 points by olegp  17 hours ago   175 comments top 25
sam 15 hours ago 8 replies      
It is an important milestone. But to have a commercially viable fusion reactor, you'll need a factor of 50-100 more energy out than in to make up for inefficiencies in electricity generation using this kind of scheme.

The real story here is that this facility allows the US to do nuclear weapons research without violating the nuclear test ban treaty. If the goal was to develop a commercially viable fusion reactor, the $3,500,000,000 spent so far could have been put into projects geared towards small scale fusion experiments investigating novel confinement schemes.

Like the one I was working on, http://meetings.aps.org/Meeting/DPP07/Event/71002 whose funding has since been cut and has been mothballed.

dekhn 15 hours ago 4 replies      
A good place to start if you want to understand the purported rationale for the NIF (stockpile stewardship), I suggest reading and understanding this light introduction to modern nuclear weapons.http://en.wikipedia.org/wiki/Thermonuclear_weapon(the rhodes books, Making of the Atomic Bomb is required background reading, as is Dark Sun, if you want to get into the backstore).

In particular:The NIH experiment recapitulates many of the design aspects of a thermonuclear weapon, but does so in a highly controlled lab environment.

I'm a biophysicist. I know a fair amount of engineering, although I'm not a weapons physicist. Nonetheless, after years of reading about the NIF and various fusion projects I've come to believe that there is little justification for their expenditure. In particular, we can do stockpile stewardship without this device, more cheaply, nor does NIF present an economically viable method to production of power at a large scale in even the most rosy predictions.

I still think the experimental design is cool, but I can't see this as a rational expenditure (HUGE opex and capex) compared to other investments we could be making.

Most likely scenario I see in 20 years is that china will be mass-manufacturing small, safe fission reactors and making a mint selling them to the rest of the world. That's got far less reqiurement for massive capex and opex. It's just that the western nations decided to go stupid about fission because OH GOD NUCLEAR MUTATIONS and stop investing in building more reliable, safer, and smaller plants.

nickpinkston 16 hours ago 2 replies      
This is awesome news - I visited the NIF a few months ago and they seemed a little downtrodden when asked about results.

I bet they're all cocky now!

They also told us that the lasers they use, if built with modern tech today, would actually only be the size of a 40' cargo container (as opposed to like 100K sq-ft building), and cost like 1000x less. Pretty epic...

If we invested in fusion power like we did water power less than a century ago, I can only imagine the possibilities...

dtap 15 hours ago 0 replies      
There was not an overall net gain.

Direct from the source http://1.usa.gov/1e4Na9Q.

8 kJ out from 1.7 MJ (1700 kJ) in. At the end of the month they were able to get 14 kJ. I believe they are referring to the energy released within the hohlraum.

Also, if you are interested there are privately funded companies doing this, General Fusion (http://www.generalfusion.com/) and TriAlpha Energy (secretive and funded by the Russian govt., but in California). The VC fund I work for has invested in GF and obviously we think there is promise :)

Jormundir 16 hours ago 4 replies      
I think Nuclear Fusion is the single most exciting up-and-coming technology. I can't believe we're not throwing a hundred billion dollars at it.

Make fusion, not war.

breckinloggins 16 hours ago 0 replies      
I keep seeing this same story pop up (from what I presume is the same September event).

Is there anything new this round? Perhaps some new results from post-experiment data analysis? The article isn't really clear on this point.

Mizza 16 hours ago 1 reply      
Ah, okay, cool!

I remember this being announced a while back, but I didn't understand why it was significant if the energy in was less than the energy out. This article helps to clear it up.

The missing piece was that I didn't understand how this reactor works. I thought they just blasted a lot of lasers directly at the hydrogen isotopes. Instead, it seems like that use the lasers to shoot something else, which then creates a lot of x-rays which actually start the reaction.

The significant thing here is that the energy produced is greater than the amount of energy coming in from the X-rays, but not the lasers which power those X-rays.

Is that correct? (Not surprisingly, I'm not a physicist!)

sliverstorm 17 hours ago 1 reply      
Not really well-informed enough to comment on details, but it's fantastic to see the field is still moving, even if slowly. Proud that we are still funding this kind of research.
knappador 16 hours ago 2 replies      
Producing net-energy is a different story than collecting net-energy. NIF just blows up a canister with a pellet and takes forever to reload a shot. On the other hand, an at-least-as-promising technology like Dense Plasma Focus (http://en.wikipedia.org/wiki/Dense_plasma_focus) is still receiving minuscule funding. I'm hoping to be able to meaningfully support DPF and other fusion technologies soon. DPF has my attention so far because of its scaling characteristics.
guimarin 16 hours ago 1 reply      
tl;dr - Another article about the US nuclear weapons research facility at Lawrence Livermore, AKA NIF, and its sideshow 57th priority.

On a related note. It's been really sad to see the US slowly lose its edge in plasma based fusion tech, specifically tokamaks, which seem to be the only credible long-term method of sustaining a fusion reaction for power-plant purposes.

pslam 15 hours ago 0 replies      
On the article itself: why did it take 6 paragraphs of text to finally mention what the milestone was? I hate this style of article writing, and it's usually a good bullshit-signal for any story. That's a shame, because it looks like this is the Real Thing (in a small way).
manimalcruelty 1 hour ago 0 replies      
What is the opinion on Lockheed Martin's Skunkworks High beta fusion reactor?http://en.wikipedia.org/wiki/High_beta_fusion_reactor

How does this stack up against the more conventionally theorised techniques?

ck2 10 hours ago 0 replies      
Is it plausible this lab is trying to figure out how to make nuclear explosions without the radiation?

Because just imagine how terrifying the world would become from a superpower that didn't have to fear the radiation aftermath.

Fusion research seems like just a complete cover up.

rpedela 16 hours ago 3 replies      
Great, but I don't see how these extremely expensive nuclear fusion projects will ever beat price/kW of coal without heavy subsidies. My bet is that dense plasma focus is the future of cheap, clean power. Only time will tell though.


unreal37 15 hours ago 2 replies      
If reliable fusion technology were developed, would the government share it with the public or would it be kept hidden away?

Sadly I'm not joking. I think there's a 50-50 chance that any cool science that gets development by the U.S. government just becomes a classified DoD missile project.

moca 10 hours ago 0 replies      
"the amount of energy released through the fusion reaction exceeded the amount of energy being absorbed by the fuel" means it is at least 4 orders of magnitude away from being useful.

Since we still depends on nuclear power for decades to come, it is much cost effective to invest safer and cleaner nuclear fission reactors. The kind of fast reactor that can burn down nuclear waste so we don't need to build nuclear waste storage system, which nobody knows how to build anyway. That would give us power supply for several centuries (along with renewable energy). Too many countries wasted too much money on fusion reactors for decades, while we are still running nuclear reactors designed/built more than 30 years ago. Just wrong priority order.

drjesusphd 9 hours ago 0 replies      
> the amount of energy released through the fusion reaction exceeded the amount of energy being absorbed by the fuel

So what? What if the fueld didn't absorb anything? What do they mean by "absorb", anyway? This article is lacking in details, peer-reviewed literature, or even the names of scientists willing to stake their reputation on this claim.

The BBC should know better.

jimmcslim 15 hours ago 2 replies      
What would be the impact of a 'fusion economy', assuming realistic evolution of the technology for the purposes of commercialisation? (i.e. I'm assuming "Mr Fusion" powerplants on top of one's DeLorean aren't ever going to be practically feasible).

What would such a world look like? Does it promote world peace; through greater energy security for nations, would less reliance on fossil fuels for baseload electricity generation have a significant impact on price of air travel/sea cargo?

Apocryphon 16 hours ago 1 reply      
Glad to hear that this is continuing at LLNL despite the shutdown. Too bad no politician is going to use this as an example of why gov't investment is not a bad thing.
2muchcoffeeman 13 hours ago 2 replies      
What ever happened to the polywell reactor design?
fuddle 14 hours ago 0 replies      
I can imagine everyone driving around in Tesla cars powered by Nuclear fusion in the not too distant future.
gnator 16 hours ago 1 reply      
Not much of a physicist myself but I am wondering if the technology developed for nuclear fusion would have any use in progressing other fields
enupten 15 hours ago 0 replies      
This is wonderful news, go NIF !
drjesusphd 9 hours ago 0 replies      
What milestone? Be specific.
devx 16 hours ago 2 replies      
Wow, I remember seeing this project start up a few years ago, about how they wanted to make a "sun" on Earth. It seems it only took them 5 years to achieve this:


In a way, it reminds of Spiderman, too, but let's hope things don't go as badly as in the movie, once we start to make that "sun" big enough to provide a ton of energy.

Center of the universe orangecoast.com
408 points by pudakai  4 days ago   115 comments top 18
mistercow 4 days ago 6 replies      
Oh oh! I remember this technique from Cialdini's Influence. During the Korean war, the Chinese used the same technique on American POWs:

For instance, prisoners were frequently asked to make statements somildly anti-American or pro-Communist as to seem inconsequential(The United States is not perfect. In a Communist country, unemployment is not a problem.). But once these minor requests werecomplied with, the men found themselves pushed to submit to relatedyet more substantive requests. A man who had just agreed with hisChinese interrogator that the United States is not perfect might then beasked to indicate some of the ways in which he thought this was thecase. Once he had so explained himself, he might be asked to make alist of these problems with America and to sign his name to it. Laterhe might be asked to read his list in a discussion group with otherprisoners. After all, its what you really believe, isnt it? Still later hemight be asked to write an essay expanding on his list and discussingthese problems in greater detail.

michaelwww 4 days ago 2 replies      
Pxtl 4 days ago 1 reply      
That's moderately horrifying. It's also a sad reminder - so many of us go through life having to chisel and scrape that kind of affection out of the world. I can see how having it freely given could be very enticing.
sethev 4 days ago 0 replies      
I'm not sure if this anything to do with why this is on HN but Jay Roberts is Jason Roberts's brother (Jason Roberts is co-host of the TechZing podcast).
elwell 4 days ago 2 replies      
Gives a different meaning to "Hacker News". But seriously: a very engaging, honest story.
peteforde 4 days ago 3 replies      
Creepy and fascinating story. Thanks for sharing.

I do have two questions, though:

1. Polaroid wasn't making a black and white integral film in 1980, and FujiFilm didn't make instant film until 1981. Kodak's instant film was color. So how did Kraft produce an instant B+W image?

2. Did you really drink 2-3 beers and then get on a motorbike?

MrJagil 4 days ago 1 reply      
If any of your would like to read more about "underrated" serial killers after this harrowing story, Albert Fish comes to mind. Even just the wikipedia article is about as scary a horror tale as they come. Many friends have been unable to finish reading:http://en.m.wikipedia.org/wiki/Albert_Fish
popee 4 days ago 0 replies      
This story is for great (non-blockbuster) movie. Almodovar, but with good ending :-)

But it's interesting to think why is author still alive. Is killer possessive gay that is willing to kill guys that are ignoring/rejecting him? Because author didn't reject him as many others that are now in the grave?

Also, even if author is wrong, really interesting and non-intrusive emotional overview.

drderidder 4 days ago 0 replies      
I know there's a policy to keep the title of the source article, but if admins are going to blindly change post titles to remove all useful context and revert to meaningless, misleading headlines, can't they at least come up with a prefix for it? There's Ask HN, Show HN... in this case "Distract HN" might have been appropriate.
moocowduckquack 4 days ago 0 replies      
This'll get turned into a multi series drama on HBO.
nnnnnn 4 days ago 0 replies      
Not sure if I'm excited that the first time I've seen an alum from my college (Claremont McKenna) at the top of Hacker News it is Randy Kraft...
HaloZero 4 days ago 1 reply      
Isn't Randy Kraft still alive? I imagine the author has decided not to actually try to arrange some type of conversation with him?
robdimarco 4 days ago 2 replies      
whoa, I used to work with Jay about 10 years ago. Small world.
FrankenPC 4 days ago 0 replies      
WOW! That's some powerful stuff! Lots to think about in the mind of a serial killing monster. This is a great premise for a indie drama.
Sarien 4 days ago 0 replies      
ffrryuu 3 days ago 0 replies      
It's the Earth.
blahedo 4 days ago 10 replies      
Once again, some admin has changed the title from better to worse---it was "How I met a serial killer when I was a marine", which is considerably more descriptive.
Melatonin gwern.net
374 points by gwern  4 days ago   217 comments top 65
ChristianMarks 3 days ago 9 replies      
Gwern comes close to suggesting filtering blue light, but I will repeat a previous post. I've tried melatonin, but it is no substitute for for filtering blue light in my experience, and it tends to induce horrific, apocalyptic nightmares (granted, a night dreaming of EAS Emergency Action Notifications is better than no sleep at all).

I used to be an owl for years--decades. A regular 9-5 schedule seemed out of reach. All previous attempts quickly led to backsliding and accusations of moral failure. However, I found that an involuntary physiological response to artificial light in the range 460-484nm was involved.

This May I changed my environment by filtering out blue light after 8PM, turning off white lamps and turing on amber compact fluorescents. I'm asleep ~ 10PM and up usually ~ 5AM. This is now my regular schedule. It would have been inconceivable for me six months ago.

I use the following:

1. Inexpensive Uvex amber goggles from Amazon: http://www.amazon.com/Uvex-S0360X-Ultra-spec-SCT-Orange-Anti... Wear them at least an hour or two before bedtime. I also have the considerably more expensive glasses from lowbluelights.com. In my experience, the inexpensive goggles work just as well, although the more expensive glasses filter more blue light.

2. I replaced most of the white compact fluorescent lights in my apartment with amber compact fluorescent lights https://www.lowbluelights.com/index.asp

3. And I use a sunrise simulator alarm clock. http://www.amazon.com/Philips-HF3520-Wake-Up-Colored-Simulat...Sometimes I forget to set the clock--now I don't seem to need it.

Not to mention f.lux (pardon the paralipsis), though again, in my experience, filtering is necessary.

Concerning the scientific basis for the claim that blue light in the range 460-484nm suppresses melatonin production, here is one reference: http://en.wikipedia.org/wiki/Photosensitive_ganglion_cell

Moral: Nagging and moralizing was both uninformative and ineffective. Science and engineering was both informative and effective.

jobu 3 days ago 7 replies      
My youngest daughter is borderline ADHD, and rather than trying Ritalin we've been using Melatonin in the evenings to help ease the bedtime process. (In the hopes that more sleep will help her cope with problems focusing.)

The change has been dramatic. Previously it was a 3-4 hour battle each night for her to get ready for bed and stay in bed. Now with 3mg of Melatonin she spontaneously decides to get ready for bed herself and goes to sleep in minutes.

The most interesting thing about Melatonin isn't that it makes you drowsy or helps you sleep, it's that it increases the _desire_ for sleep. While I don't usually have trouble sleeping, it's often hard to break myself free from a computer or a device at night, and Melatonin changes this. As the author says, "It works."

realitygrill 4 days ago 3 replies      
I use melatonin regularly to regulate my sleep cycle. It's a very effective part of a regimen (sleep hygiene, f.lux, etc) that allows me to manage a nearly-decade long problem of insomnia.

However, from a psychological standpoint, it's a very good thing melatonin is so safe. Every single person I've ever recommended melatonin to, I've directed to this article and discussed it with them. Every single such person then went ahead to promptly forget the discussion, NOT read the article, and take mildly retarded doses. For example, "one (5mg) pill didn't work, so I took 8 more at 4am." Another uses it almost recreationally - large doses to intensify his dreams; pretty much zero attempt to use it to improve his sleep. I don't talk to people about melatonin anymore.

For a quicker idea of where melatonin sits vis--vis other sleep drugs (WARNING: Hilarious Ambien Walrus referenced):http://slatestarcodex.com/2013/09/28/sleep-now-by-prescripti...

jtheory 4 days ago 2 replies      
I don't have personal experience with it; but my sleep schedule is horrible (I tend to stay up to 5am on alternate nights), so I may give it a try to enforce a normal bedtime, and kick the procrastination monster down a bit (if I don't have the option of doing the unpleasant work at 2am, it's far easier to force myself to do it during normal hours).

But: see here, this is very relevant: http://hpmor.com/notes/98/

Search MetaMed (a few screens down) for Eliezer Yudkowsky's experience with a sleep disorder (his normal day is 24.5 hours): after spending years trying a whole laundry list of solutions including melatonin, he finally paid MetaMed somewhere north of $5K for their analysis, and got a solution using melatonin that worked (but was not the normal approach to melatonin supplementation).

"their best suggestion, although it had little or no clinical backing, was that I should take my low-dose melatonin 5-7 hours before bedtime, instead of 1-2 hours, a recommendation which Id never heard anywhere before.

And it worked.

I cant #&$ing believe that #$%ing worked.

(EDIT in response to reader questions: Low-dose melatonin is 200microgram (mcg) = 0.2 mg. Currently Im taking 0.2mg 5.5hr in advance, and taking 1mg timed-release just before closing my eyes to sleep. However, I worked up to that over time I started out just taking 0.3mg total, and I would recommend to anyone else that they start at 0.2mg.)"

bane 3 days ago 1 reply      
My wife is a terrible sleeper -- around bed-time she'll suddenly want to do various household chores, vacuum, chat endlessly etc., that combined with irregular and often stressful work, my usually very regular sleep pattern has been totally annihilated over the last 5-10 years.

It also reached the point in the last year that I needed to be at one work site a few days a week, but at 6am, then another site different days at 9am, then work from home the rest of the time which meant trying to "catch up" with a 10-11am wakeup.

I finally broke down and started taking 3 mg of Melatonin, but only if I've had 2 recurring nights if bad sleep. The effect is kind of strange. About 20-30 minutes after taking it, my strongest desire in the world is to want to go to bed, but it doesn't exactly make me "sleepy". After my head hitting my pillow, I'm asleep in about 10 minutes. If I need to, I'll take it multiple days in a row until I feel like my sleep cycle is sorted out, then I stop. I'll also take it if I need to suddenly change my cycle and get up very early the next day or something. Wakefulness comes smoothly and refreshingly, not jarring.

I finally got my wife to start taking it and now all the fuss over getting her to go to sleep has ended completely. As soon as she starts wanting to do things and it's late at night, she pops a Melatonin pill and is asleep inside of 40 minutes.

It's absolutely transformed our sleep/work/live/wake cycles. It feels like I can finally wrestle a bit of control back from an overburdened modern life.

The only problem is that the next day I usually feel very cloudy headed the entire day and have a mild urge to go back to bed until mid-afternoon.

ChikkaChiChi 4 days ago 7 replies      
The problem with a lack of FDA regulation is that there is no guarantee on what you are taking. The freshness of the product and the veracity of what's in the pills will always be suspect to me.

If I could trust where I get my melatonin from, I would gladly take it. But I've learned too much about how terrible this industry is.

pesenti 3 days ago 3 replies      
Melatonin is a clear-cut Good Thing. The gains I have laid out are large enough I consider it irrational for someone not to use it.

I consider it irrational for someone to believe that a limited number of hand-selected studies can give you absolute confidence.

ufmace 4 days ago 0 replies      
Haven't read the article yet, but Melatonin does wonders for my sleep habits. Without it, it seems like my body really wants to function on a day that's 26 or so hours long. That tends to put me in a constant cycle of being not tired enough to go to sleep yet, falling asleep too late, not having enough sleep and being tired all day, then going to sleep the next night too early and starting over again the next day. Melatonin has made it much easier to get about the same amount of sleep every night.
mrcharles 3 days ago 2 replies      
I've been using melatonin on and off when I hit a patch of insomnia. It's pretty good; it just makes me super sleepy. Even with a low dose I end up groggy in the morning, however. But being able to actually fall asleep when I would otherwise lay awake for hours is worth the price of admission.

I don't use it regularly but sometimes I just know when I'm going to have trouble falling asleep, and will take one about a half hour before I'd like to be asleep. Works like a charm.

nulagrithom 4 days ago 4 replies      
Melatonin does work wonders, but you never know how your own body might react to it.

I have many issues with my sleep cycle and quality of sleep. Melatonin is one of the few things that alleviates my problems. However, for me, it's only good for one night. I can take melatonin for one night out of a month, and get a blissful, restful night of sleep. If I take it two nights in a row, evil side-effects start creeping up.

It begins with a headache. If I take melatonin two nights in a row, the next day I will wake up with a headache that's hard to shake. My dreams, while very vivid and pleasant the first night, become more gloomy and depressing the second night. By the third day, my dreams are full-on, vivid, terrifying nightmares. I feel depressed and angry all day, and the headache borders a migraine. After four days of melatonin, I'm a wreck. It no longer puts me to sleep, nor gives me restful sleep. It becomes nothing more than a pill full of nightmares, depression, anger, and a bad migraine.

The first time I started taking melatonin, I had no idea it was causing these side effects. It took a while to pin down, and I just assumed it was related to my ongoing battle with sleep. I do recommend it, just know that you may have adverse reactions to continued use.

llimllib 4 days ago 0 replies      
krmmalik 3 days ago 1 reply      
I've had on and off problems with insomnia, but have finally come up with a pretty reliable method for overcoming it. Some of my methods were used by others as well.

I think it's important to identify what's causing the insomnia. It's not always going to be the same thing for everyone, or even for you, every single time.

Some days, for me, it's just simply because I have too much on my mind. Other times, it's because I've had too much stimulation and some times, it's just because I haven't had enough physical exertion during the day (most of my work is on a laptop).

Here's the routine that I now employ and I've been really good for a number of months straight (I helped a friend create a similar "routine" and he even blogged about it).

So my routine is as follows

1. No HN, book reading ,or any kind of blogs, reddit etc (basically anything intellectually stimulating) after 8pm.

2. Some strenuous physical exertion (e.g. Gym) every 2nd or 3rd day

3. Anything that puts me into a more relaxed state, e.g Some fresh air at least half an hr before bed time, writing in a journal if my mind is going crazy with ideas, or reading some poetry/fiction (but nothing intellectually stimulating. i.e. something entertaining or relaxing).

4. No computer screens at least 45mins before bedtime

5. 1 teaspoon of blackseed oil 5 minutes before bedtime

6. A decent mattress (Mine is a silentnight miracoil) - Some people don't realise how important your mattress is and how badly it can affect sleep.

7. No stimulating conversation at least 45mins before bedtime, that includes emails, text messages, in-person conversations and phone calls.

I also make sure that i'm out of bed before 8am each day if i want to make sure I get good sleep for that night.

Basically, i've whittled it down to identifying which state is not in a relaxed mode and getting it to a desirable state .

i.e. emotional state (writing in a journal or meditative exercise), mental state (avoiding anything intellectually stimulating), physical state (physical exertion/blackseed oil/mattress)

robmcm 3 days ago 1 reply      
I cut caffeine out of my diet, (apart from chocolate) which has more or less cured my issues with sleeping. I think I could start drinking it again, but only pre mid day.

It is very hard to do (headaches, sleepy in the day etc), but worth a shot.

I also use earplugs, which I find it very hard to sleep without now (unless drunk). They not only block out noise, but you get conditioned that when you put them in it's time to sleep, it kind of gets you into a sleep mind set.

The other thing I find helps is if I find my mind racing I try and slow my breathing down as much as I can. I think it works on two levels, I focus on breathing and free my mind of jumping all over the place and it also slows your heart rate and therefore oxygen to the brain, which I think has the same effect :P

snowwrestler 3 days ago 2 replies      
Interesting data about melatonin, but I am very wary of appeals to "nature" and "natural" in articles like this. Such references are often proxies for the concept of "good" or "healthy", but that's not necessarily true. Epidermal sun damage is natural too.

For example biphasic sleep is a pattern that arises when the darkness period is significantly longer than the human need for sleep. If the darkness period is reduced to about the same length as the sleep need, then the sleep period is less interrupted. But humans are not any more or less healthy under either sleep regime.

da02 4 days ago 3 replies      
Why didn't you mention about the effects of a calcified pineal gland resulting from a Vitamin D and magnesium deficiency? Those are very common among the older folk, resulting in poor sleep quality, poor immune system, even increased chance of heart attacks.
yan 4 days ago 0 replies      
I found melatonin to be very effective, especially on mountaineering trips, where I'm not guaranteed a decent sleeping environment but really need to get some sleep when given the opportunity.

My girlfriend however reported nightmares when she started supplementing with it, but it appears to have gotten better.

polshaw 3 days ago 1 reply      
I'm disappointed to see no comments here whatsoever that are addressing one of the central (and AFAICT unsupported) claims of this article-- that regular melatonin use can reduce the amount of sleep needed by almost an hour.

I have no doubts that melatonin is very useful for getting to sleep quicker, but if the reduced sleep claim is accurate, then it may move from an occasional use when needed, to a default use.

There are many melatonin users here- any regular users care to share their feelings/anecdotes (or better!) on this?

rfreytag 3 days ago 0 replies      
The pharmacokinetics of pill-form melatonin may be responsible for the uneven-, or late-onset and morning grogginess. Others here have reported that and I experienced it as well.

I have yet to see others mentioning the following answer so ...

My doctor advised using sprayed liquid melatonin (purchased at Whole Foods). 1-2 sprays under the tongue and held there for 30 seconds, then washed throughout the mouth (a highly vascularized area) and swallowed, transports the hormone consistently so that sleep is compelled in 1 to 1.5 hours with no morning grogginess.

dimitar 3 days ago 0 replies      
I've used melatonin and it definitely works, especially for improving the quality of sleep and sleeping under the sun.

However I've found that just not eating for 6-8 hours before you go to bed helps much more. Even eating an apple can disrupt sleep. This works really well because if you suppress eating before you got to sleep, you also wake up on time and pretty fresh to boot.

The only downsides are that some people get tempted too easily to eat before bed or that if you absolutely have to stay late an hour or two more, you'll still wake up 16 hours after you stopped eating, leaving you with less sleep than intended.

gregd 4 days ago 1 reply      
It's my understanding that taking Melatonin supplements will mess up your bodies natural ability to make it's own Melatonin (as will taking a lot of supplements). You are far better off trying to get your body to produce Melatonin on it's own.
karlkatzke 4 days ago 1 reply      
Interesting. I work on call shifts. (Linux sysadmin, one week out of three is 24/7 on call -- which works much better than rotating one day out of three.) I've used Melatonin for years to 'regulate' my sleep cycle so that I can stop my tirelessly creative brain from thinking about that article I read a few hours ago on Hacker News.

My other 'hacks' to keep my sleep cycle regulated are f.lux where possible, using only dim incandescent lights in the evening around the house once I am ready for bed, and NOT using a laptop, iPad, or anything with white/blue LEDs in bed. Wake-up is accomplished with an alarm clock that activates a piece of "wall art" that slowly changes color spectrum to full daylight using LEDs and shines on the bed.

Having good control of my sleep cycle keeps jet lag, time changes, mid-night alerts, and other things that disrupt most people from disrupting me as much for as long.

scotty79 3 days ago 0 replies      
Melatonin may help to battle cancer along with chemo: http://virtualtrials.com/pdf/williams2013.pdf Page 46)

My life partner started taking 20mg melatonin per day when she started her chemo and radiation treatment after surgery for grade III anaplastic glioma (fully resected) about year and a half ago. She's taking it ever since. No side effects. It doesn't seem to help her sleep. She always fell asleep easily and slept good.

We decided it should be safe for her as there was a research (can't locate it now) where some women were given 20mg/day dose for, I guess two years or so, in hopes it shows some contraceptive properties. It didn't but no side effects showed up.

mattchew 3 days ago 0 replies      
I tried melatonin thanks to this article (thanks gwern!).

It does help me get to sleep. I've used it about 10 times now and only once did I still have trouble falling asleep, and even then I did within an hour or so.

Unfortunately, it does NOT stop me from waking at 4:30 or 5 AM and then having trouble falling back asleep. Still, this is less stressful than not falling asleep in the first place.

Note that the probable effective dose is much lower than what you're likely to get in one pill from the store. I couldn't remember the effective dose, got 5mg pills, ended up quartering them.

I don't have any hangover effects, and I wonder if you all that do are taking too much.

It's worth trying if you have sleep issues.

smokey_the_bear 3 days ago 2 replies      
I used to have a wildly erratic sleep schedule. Then I had a baby. Now I sleep from 10 pm to 7 am every single night.

While I know a lot of people have sleep disorders, I think a lot of people have bad sleep schedules simply because they can.

adamzerner 3 days ago 0 replies      
1) I don't think it's known how big the "addictive" effects are. Meaning, if you use it a lot, you might get "used to it"(downregulation), and require more to get the same effect. See the link at the bottom; My doctor told me not to use it more then 4-5x a week; I have anecdotal evidence of it being less effective from my use

2) It might not be as effective as you're making it. It surely isn't as simple as "replacing the melatonin you're lacking". Melatonin you naturally produce happens in a series of step; the melatonin you take via a pill surpasses some of these steps, which means there isn't the same effect.

See http://www.supermemo.com/articles/sleep.htm#Melatonin

DanBC 4 days ago 5 replies      
There are some problems with Melatonin (as supplied) - you don't really know how much (if any) you're getting. Investigators found that quality control was very poor and some brands contained very little melatonin. (I can't find it now, but it was something like Consumer Reports or similar?)

It's a prescription only med in some places (UK) so you might not be able to get it.

But it is "remarkably effective"[1] for jet lag.

You might want to consider sleep hygiene[2] as well as (or instead of) melatonin or other sleep meds. (I really like zopiclone.)

[1] (http://summaries.cochrane.org/CD001520/melatonin-for-the-pre...)

[2] (http://www.nhs.uk/Conditions/Insomnia/Pages/Treatment.aspx)

petercooper 3 days ago 1 reply      
Melatonin is not easily obtainable here in the UK (as far as I know) so when I saw some in a regular store in the US, I grabbed some to try it.

And boy.. I usually have no trouble falling asleep except when travelling or otherwise "out of sync" so I tried it and I felt like I wanted to sleep almost constantly for two days. So it works, but perhaps a bit too well for me, even with a single tablet. Maybe I have an abundance of melatonin already coursing my veins? :-)

gesman 4 days ago 2 replies      
I works great when you have this "thinking in your sleep and wake up even more tired" syndrome.

Melatonin related supplemements helps you relax quickly and really sleep deep.I personally found that taking 1/3 of recommended dose works perfectly. Taking full doze making me wake up in such a limb state - that it takes me literally one hour for muscles to get back into their ability to move the body.

Another thing is that I found that taking it for a week or two (no more) is optimal. Few cycles of deep, relaxed sleep are enough for body/mind to get into relatively better balance than before.

Adding regular physical exercise to the mix helps to reignite the whole system back.

jmulho 3 days ago 0 replies      
Melatonin is this persons religion. I wonder how much time they spend thinking and talking about it.

Stranger still is the herd of commenters who condone the stuff. Do you really think this will make you need an hour less sleep than everyone else?

Sleep is important. Dont intentionally destroy your bodys ability to regulate it. If you arent already addicted to melatonin, its not too late:

Go to bed and wake up at the same time every day.Dont drink caffeine after breakfast.Expose yourself to natural sunlight every day.Dont play Grand Theft Auto after midnight.

MikeCapone 3 days ago 0 replies      
I take 1.5 mg every night before going to bed. It has solved pretty much all my sleep problems, and allows me to control my sleeping schedule much more easily (ie. on weekdays I go to bed at 12:15 AM, but on weekends I usually go to bed at 3 AM. I have no problem re-transitioning back to weekday schedule now, but I used to).
driverdan 4 days ago 1 reply      
Keep in mind that melatonin is a hormone. Exogenous hormones can downregulate your body's natural production. Like anything hormonal you should not take it continuously for long periods of time.
mickgiles 4 days ago 1 reply      
I take it when I travel across time zones to reset my internal clock. Works great! If I take if for more than 3-4 nights in a row it seems to lose its effectiveness.
AndyNemmity 4 days ago 1 reply      
I've taken meltonin for 19 years now. I've moved up my dosage in the last few months. I stayed on a very low dosage for a really long time, but am up to 10mgs now, and sleeping wonderfully.

The main side effect is being much more tired when you wake up, and that is cured by coffee. I love the stuff.

moultano 3 days ago 0 replies      
Melatonin has made a huge difference in my life. I don't use it regularly, but when there's a day when I absolutely need to get a good night's sleep or other things will go badly, I no longer have to worry about it. I take 3mg of melatonin and wake up refreshed.
linohh 3 days ago 1 reply      
Melatonin is prescription only in Germany. Bad luck, I guess.
IanDrake 3 days ago 3 replies      
I take 3mg and it works to help me sleep after an hour. I try to get to bed by 10:30.

My biggest problem still is that my alarm at 6AM wakes me during my active dream cycle and most restful sleep. I'm not sure how to time shift that to meet my needs.

Any advice?

yannk 3 days ago 1 reply      
I'm sure Melatonin is great, but it won't ever solve the "kids are waking up" problem.
simpsond 3 days ago 0 replies      
I experienced a strange side effect when experimenting with melatonin: My vision degraded as if I was having a migraine. I experienced tunnel vision and colorful artifacts without the headache. I can't say with 100% certainty that melatonin was the cause, but there was a correlation... and I have not experienced the problem since I stopped taking it.
bcRIPster 3 days ago 0 replies      
Just throwing this out there... a bit of lost research on the subject. Pitty not all of the images were cached.


trefk 3 days ago 0 replies      
I didn't see any citations for his claim that melatonin saves you an hour sleep per night. His entire argument is premised on this, but he barely discusses it - he just states it as a fact. Did I just miss something? Is there research supporting this claim?
dajohnson89 3 days ago 0 replies      
I've tried pretty much every Over-The-Counter sleep aid there is. Melatonin is indeed the most effective one I've tried, but my experience is that tolerance builds up rather quickly. I can use it every night for maybe 2-4 weeks, but after that, the amount required to achieve the same effects become absurdly high.

Also, one thing I like about Melatonin is the lucidity of the dreams I experience while sleeping with it. Colors, sensations, and my memory of the dream the next morning are very intense.

Currently I'm using Valerian root[0], which is all-natural, and I don't develop a noticeable tolerance.

0: http://en.wikipedia.org/wiki/Valerian_%28herb%29

garrickvanburen 3 days ago 0 replies      
A couple years back I was taking 3mg of melatonin nightly. It worked brilliantly for about 3 months. After that, while I'd feel sleepy and fall asleep as expected, I'd be wide awake 1 sleep cycle later (~90min).

I'd still recommend melatonin as a short term way to re-establish a regular bedtime/routine. Long term usage - less so.

Sunlis 3 days ago 0 replies      
Given that this is a naturally-occurring hormone, is there any chance that taking Melatonin regularly could cause your body to "get lazy" and eventually produce less of its own?
nargella 3 days ago 0 replies      
I have had issues with going to sleep my whole life (nap time in preschool I was last to fall asleep and last to wake up). First I have to say I took 3mg as a test run and it did nothing. My gf then said they give 10-15mg for patients at the hospital.

9mg was too effective at putting me out in 30 min (I weigh 200lbs). It was too difficult to wake up in the morning. 6mg seems best. My minds eye feels like it's wearing a sleeping mask because dreams are few and far between.

When I stopped taking it, dreams became vivid and memorable. I also took ZMA before and that does nothing in terms of getting to sleep, but you get some crazy strong dreams while on it.

PaulHoule 4 days ago 2 replies      
If I take Melatonin I feel like I've got St. Elmo's Fire and I can't sleep at all for hours.
patrickdavey 3 days ago 1 reply      
I had been taking concentrated cherry juice which is high in natural meltonin.. made no discernible difference to me.. so I will try to see if melatonin tablets are available here (in New Zealand) and give it a go.

One thing I would love to know is (I may have missed it in the article) is whether melatonin supplements help with staying asleep. I fall asleep just fine (10-15 minutes, often earlier) but it's when my brain gets into a routine of waking up at 3 or 4 am that I find particularly hard to deal with. I've simply not worked out strategies around it yet.

whitewhim 4 days ago 0 replies      
I used to deal with periodic weeks of insomnia. As a stifle I really could not afford to spend a whole week without sleeping more than 5 hours as I would be basically non functional after a couple days. I began supplementing a single 5mg dose of melatonin and it has almost completely erased my insomnia. I have found that it has improved the quality of my sleep as well. The only side affect I've noticed is increased dreaming while taking it, however I quite enjoy that.
ck2 3 days ago 0 replies      
I tried it for a short while but it gave me vivid nightmares.
j_m_b 4 days ago 0 replies      
Melatonin supplements have helped me numerous times to get to sleep after tossing and turning in my bed. It is something that I've taken as needed and as a nightly supplement. The biggest drawback to melatonin supplements is that you can sometimes wake up slightly groggy the next morning. The stuff is dirt cheap and commonly available. If you haven't tried it, this could be the sleeper supplement your missing.
snarfy 4 days ago 0 replies      
It doesn't really make me fall asleep. It improves the quality of my sleep, making me wake up in the morning much easier.
darkmuck 4 days ago 0 replies      
I don't think my body handles Melatonin very well... it definitely helps me sleep great! But the next day I am groggy for nearly half the entire day
posnet 3 days ago 0 replies      
There is currently a study being conducted at the Woolcock Institute in Sydney in its effectiveness to treat delayed sleep phase disorder among other circadian rhythm disorders.http://www.abc.net.au/news/2013-08-24/new-hope-to-treat-misd...
mkhalil 3 days ago 0 replies      
I have been taking Melatonin for a while now. However, I do not take it daily. I usually take it to adjust sleep schedules after a poor pattern. Sunday night for example I would take it to fix my poor weekend sleeping schedule. I think it's great to FIX sleeping schedules, not necessarily to take daily.
atlanticus 3 days ago 0 replies      
The key to using melatonin is to stop every few days and see if you sleep through the night. If you don't keep going otherwise wait until you have two nights without proper sleep. I had major sleep problems but this system has worked great and I have not had to use melatonin in quite a while. Like everything, moderation is key.
srehnborg 4 days ago 0 replies      
I've taken it and really does help me sleep better. It helps me fall asleep easier if I wake up in the middle of the night. I was taking about 1/3 of a 3mg tablet.

I did stop taking it though because I felt depressed after about 2 weeks of taking it every day.

I will probably take it again periodically if I am traveling.

erikcw 4 days ago 0 replies      
I've tried it a few times. I find that I sleep like a rock, but have a dull, throbbing headache in the morning. My wife swears by the stuff...
melatoned 3 days ago 0 replies      
What no one is talking about but should know:

Melatonin is amazing for people that smoke weed. If you're one of those people that casually smoke but wake up the next morning feeling groggy and out of sync, take melatonin at night as directed in this article and other places. Getting into your bed will feel amazing. You will drift off to sleep, even if your iPad or music is on. And you will wake up like a normal person, except a bit more relaxed. As I became more and more successful I smoked less and less because of how it affected my performance the next day. With Melatonin I can smoke like Sophomore in college enjoying Adult Swim on a Sunday for the first time.

What no one else is talking about:

Melatonin can make you super constipated. Eat fiber, take fiber pills, eat a balanced diet high in vegetables and it should else. If you're on a neckbeard died, say goodbye to pooping regularly and when you do, it will be compact.

benrapscallion 3 days ago 0 replies      
A new report in yesterday's Science (http://www.sciencemag.org/content/342/6154/85.full) indicates that vasopressin receptor antagonists might be the jetlag drug of the future.
rodedwards 3 days ago 0 replies      
Nightmares and sleep paralysis! Wheee!Advil works better as a sleep aid for me.
vldx 2 days ago 0 replies      
Anyone used Melatonin w/ 5-HTP?

Is it safe (is it worth it) taking Melatonin if you're under 30 years old?

nickthemagicman 3 days ago 1 reply      
This is very interesting. Wish hacker news had more hacking the human body articles.
DanielBMarkham 3 days ago 1 reply      
I've been using melatonin for years every night. As a person that has extreme obstructive sleep apnea, I credit melatonin with providing me a modicum of restful sleep for the years I didn't use a CPAP. Now that I have one, melatonin helps improve my "normal" sleep patterns.

Anecdotaly, I find melatonin usage helps my brain rewire itself every night. My belief is that increases the number of connections and associations that various concepts have, and it also elevates my mood. Not bad for something that costs mere pennies!

During the time I had almost no sleep, I would take quite a bit of melatonin in a desperate attempt to get some kind of rest. At times I would pop 25mg or more. I found there were no side effects, except perhaps being sleepy for the next couple of days.

I've also quit a number of times for various reasons. Just a few months ago I quit for three months due to surgery. I found quitting to be completely symptom-free, which kind of amazed me. I figured with years of usage, quitting would make it impossible to sleep. I based this opinion on numerous studies that show when you replace a naturally-occurring hormone with a supplement, your body stops producing it. Instead, I slept fine. Once I was out of the no-supplements period after surgery, I started back up with the melatonin. No side effects, and I almost immediately noticed an increase in creativity and mood.

I'm a supplement junkie. It's that irrational thing that I do, my black swan interest. Yes, I know, most of the market is just BS and marketing hype. But not all of it. Melatonin is one of the 2 or 3 supplements I use that I believe really make a huge and immediately perceivable difference. Can't recommend it highly enough.

arikrak 3 days ago 1 reply      
Why are all these Gwern.net posts showing up now?
ffrryuu 3 days ago 0 replies      
See lef.org for more info
taigeair 3 days ago 0 replies      
why is it so pro melatonin?
You Must Try, and then You Must Ask akamai.com
356 points by mfringel  3 days ago   47 comments top 26
mef 3 days ago 3 replies      
This is so great.

By forcing yourself to try for 15 minutes, you gain a deeper understanding of what you're troubleshooting so that, even if you don't fix it in 15, next time you're in a better position to troubleshoot than you were the last time.

And by forcing yourself to ask for help after 15, you not only limit the amount of banging-your-head time, but you also get to see how the other person solves the problem while all the details are still fresh in your mind, so that you'll more likely have a deeper understanding of why what you were doing to fix it wasn't working, and why the ultimate solution actually worked.

joshdance 3 days ago 2 replies      
Often times I start writing out my question like I would post it to StackOverFlow. The very process of writing out what I know, what I don't, and what I have tried very often leads to a solution.
nhebb 3 days ago 1 reply      
I'm a one-man shop with no one to bounce problems off of, so I rely on Google and Stack Overflow (or other forums). In the past when I got stuck and posted a question, frequently I'd solve the problem myself almost immediately afterward.

So now when I'm tempted to ask a question on SO, I write out the question in a text editor, giving as much detail as possible. It's not a 100%, but I've found that going through the process of trying to frame a question intelligently goes a long way toward figuring it out myself.

falcolas 3 days ago 0 replies      
This works if, and only if, the cost of you failing is limited to the cost of your time. If you're starting work on a metal lathe, ask before trying (the cost of failing is your life). If you're working with an expensive physical material, ask before trying (the cost of you failing is the loss of that physical material).

More relevant to HN viewers: If you're doing work on a production server, ask before trying. The cost to your corporation of you failing and bringing down a mission critical service is typically greater than the context switch of one additional person to make sure you're doing it right.

emilsedgh 3 days ago 0 replies      
This is very similar to 'How To Ask Questions The Smart Way' written by Eric Raymond.


Strongly recommended to hackers.

tmoertel 3 days ago 0 replies      
I like this rule for one reason beyond those the author mentioned: it benefits the people you're asking for help, by sharing with them problems that have been pre-qualified as interesting.
mkramlich 2 days ago 0 replies      
There's a wisdom in his rule, but not if applied too strictly. The opposite is also a problem. To wit, at times the web seems to be overflowing with people who neither tried too hard, if at all, nor did the obvious set of things that an intelligent competent person would have done in their circumstances. Also the more you try, the deeper, the harder, broader, the more you learn, which makes you more efficient in the future. And it gives you deeper, more inter-connected understanding of the world. Something that will give you an edge over the masses who just Google for answers, looking at every problem as a flat-time key-value lookup. If you never learn how to start with the key, and manually reach that value (the answer), the old fashioned way, you'll be missing out on a lot that will serve you well all the rest of your days. And help make you more of a producer and problem solver yourself, rather than a parasite or info polluter. Become the person everybody else turns to when they're stuck. Don't become the person who always has to turn to others. A world full of this latter kind of person is a world that will suck and eventually fail. Optimize in the other direction. Everybody will be better off.
goshx 3 days ago 1 reply      
I like the rule.

I'd suggest to try also with a step in between. Something like: try for 15 minutes, if you still can't find the solution, go for a quick break, like getting a coffee, and if the solution still doesn't magically appear, ask someone.

I lost count of how many times I solved a problem while getting up to get coffee, after trying hard to find the answer for a few minutes. I can't be the only one.

pasbesoin 2 days ago 0 replies      
Trying first reduces the burden on the person you eventually ask. If you made a good effort, you will go into the conversation knowing a lot more and having a contextual awareness (in detail) that you otherwise would not have.

The person you ask can focus on the parts that you didn't figure out for yourself. And, you may have gained a different perspective and/or insight into deficiencies or additional options that is actually of interest to the person you talk to (write, IM, etc.).

Viola. You just turned a lecture into a more interesting and engaging conversation.

616c 2 days ago 0 replies      
This is very cool, and this is how I have approached my sysadmin and programming work over the years.

When I started, I had very little experience, but a willingness to learn. My boss hired me anyway, and it moved from pushing paper to labs to "OK, we need to update this web application" and "I need you to learn how to deploy a very customized Windows image for 300 computers, and learn to maintain them." Since I was much younger, first as a student and then a full-time employee at uni, it was easy to ask my bosses (the first, if you can believe this, actually wrote his own code to hide a password in the bootloader to run some admin task on the first boot after imaging and then delete after completion; with Windows installations and incosistency, it took him months to get that write; he now is a full-time lit nerd and author, talk about renaissance man) and tell them everything I did and needed help. Not only did that teach me to solve the problem, it taught me how to approach computer problems (kind of like the OSI stack, but more general than networking, and not as shitty as "turn the computer on again and off again") and then onto "how do I debug stupid coding mistakes in scripts with the least time possible" (answer: it might not be a production app, but make sure your scripts have good on-and-off logging infrastructure or you will be sorry).

Unfortunately, I moved on from that job. And if this long-winded post is any indication, I am now seen as too chatty and annoying with this approach where I work. Some people get it, while as the other more senior infrastructure people see it as me questioning them when I ask for explanations or better tips to troubleshoot issues I could see (not that are there, but potentially could see) from my end and know when to leave them alone. As others pointed it, it is essential to enforce this on everyone, and in many institutions, that is seen as being chatty and nosy.

I learned a lot through my mentors, and I wish this could be imposed everywhere I worked and work, but many oppose this as questioning authority. I wish it was different, but oh well.

jonahx 3 days ago 1 reply      
I run into this phenomenon often when posting on SO.

In the process of writing up a clear and detailed post, which often involves simplifying the problem into something reproducible on jsfiddle, I suddenly see the answer.

Instead of hitting submit I can just close my browser tab.

diminoten 3 days ago 1 reply      
Is 15 minutes enough time? It might be a small point of contention, but why not an hour?
cruise02 3 days ago 0 replies      
This is a pretty good rule of thumb for posting questions online (Stack Overflow) as well as asking your co-workers. Take the time to understand the problem yourself so you can better present it to someone else.
toadi 3 days ago 1 reply      
Sometimes whie trying to explain the problem to someone else. I find the solution myself. So maybe after the intial 15 minutes try to explain it.
umsm 3 days ago 0 replies      
Whenever I get stuck on a problem, I try to clear my head. That usually involves tackling another task, getting some fresh air, or just going home.

I noticed that going home early and tackling the problem early the next morning helps more than the 2-3 hours I spent with no success.

johnpmayer 3 days ago 0 replies      
This is great advice, and very difficult advice if you have a ego that dislikes not knowing the answers. It's also something that is doubly important for devops - don't let production issues sit idle because you're afraid to ask how to fix something! I know that I still struggle, but I'm getting better and am much better than when I started.
joeblau 3 days ago 0 replies      
I've learned a lot and wasted a lot of time doing this. Sometimes I think I'm almost there and 15 minutes turns into 2 days.
cl3m 2 days ago 0 replies      
Amazing rule but as a developer I'll probably try for more than 15min :-) however I'm sure it make sense at the company level.
SilasX 2 days ago 0 replies      
I agree, but you have to have to be on guard for the opposite problem, which is taking too long on your tasks because "you don't ask for help enough".

I, um, "know people" that have been on that end of the spectrum.

DrPhish 2 days ago 0 replies      
"I do not believe that any scientific teaching ever was more thorough, or better fitted for training the faculties, than the mode in which logic and political economy were taught to me by my father. Striving, even in an exaggerated degree, to call forth the activity of my faculties, by making me find out everything for myself, he gave his explanations not before, but after, I had felt the full force of the difficulties; and not only gave me an accurate knowledge of these two great subjects, as far as they were then understood, but made me a thinker on both."

   -John Stuart Mill: Autobiography

badman_ting 3 days ago 0 replies      
I like this rule.
Apocryphon 2 days ago 0 replies      
This is a great idea. I'm sad that I didn't learn it earlier, in college. I wonder why it seems like most of us in this thread hadn't, as well?
vsvn 3 days ago 0 replies      
We use and apply this basic rule at work and it works wonder. A lot of time, the developer could figure out the answer before asking or during the discussion with another developer.

I think the reason why this works well is because you are force to document and make it as easy to understand as possible. There are complex problems, but it is easier to solve if those problems are broken down into solvable pieces.

bifrost 3 days ago 0 replies      
Well said. Matt Ringel is spot on here.
namenotrequired 3 days ago 0 replies      
I suspect this would work great even if you don't have direct workmates but know some people with expertise in your area anyway. I'd love to try it!
squozzer 3 days ago 0 replies      
I might try for 30 minutes, but maybe I'm just stubborn.
And Then Steve Said, Let There Be an iPhone nytimes.com
355 points by apress  3 days ago   144 comments top 24
JunkDNA 3 days ago 4 replies      
I always like stuff like this because you see that these people who knock it out of the park apparently effortlessly actually struggle like all the rest of us normal humans behind the scenes. They couldn't figure out how to make a touch screen, the processor wasn't available, Sir Ive's case was impermeable to RF, the LCD was causing interference on the multitouch display, etc... This stuff is hard. Really, really hard. Any one technical obstacle could have killed the whole thing.
ianstallings 3 days ago 5 replies      
Reading this makes me think of Jobs as a Railroad baron of old. Kind of heartless, gruff, and willing to crush anyone in his way, but a guy with a vision so strong he will do anything. And it changed the world, it's hard to overstate that.

I remember seeing the iPhone unveiled and thinking "It's cool, but will people really buy such an expensive phone?". I think it was $600. That was pretty expensive at the time. I also remember thinking about how they wanted all apps to be web-based. A disaster for certain I thought. The phone market was all over the place and brand loyalty was in short supply. I'd seen compaq go from dominating PDAs and nosedive off the cliff. Motorola took their brand loyalty (remember how many people had Razrs?) and went into hiding. Time and again I'd seen phone platforms rise and fall. I was skeptical.

All I knew was one thing - I certainly wasn't going to buy one.

Years later and I now program for iOS a lot. Everyday pretty much. I'm a full blown Mac convert and I'll be honest, the iPhone was what caused it. I bought my first iPhone at version 4. Then I specifically bought my first Mac so I could use the SDK for that phone. I fell in love with the platform, in all its insane glory.

I might move to another platform one day, but I can honestly say I never imagined this is what I would be working on.

pinaceae 3 days ago 2 replies      
i am glad to be old enough to remember the time before the iphone. seems like a stupid thing to say, right? but go to any tech forum and it seems like all of it is forgotten already, 2007 is kinda blurry and Apple producing smartphones completely normal.

when the rumours started swirling about apple launching a phone people could not believe it. like at all. apple, the ipod guys, building a phone?! no way, what a joke. you had the photoshops of ipods with a dial, etc. analysts explaining why this was completely wrong, impossible and apple was doomed.

same at the launch of the iPad. same at the launch of the iPod (less space than a nomad, no wifi, lame). what the fuck is a nomad one might say today.

those great photoshops of steve holding a giant iphone to his ear, hilarious. an iPad, buhaha, bunch of retards at apple. but now the galaxy note makes perfect sense. to exactly the same neckbeards who laughed at apple's idiocy before.

apple is indeed the most frustrating company. it somehow has defied gravity in the second jobs era and proven that large swaths of the tech world couldn't define taste and style if their life depended on it.

and perfection, like the iphone launch, is a matter of style and taste.

PhasmaFelis 3 days ago 1 reply      
"Very rarely did I see him become completely unglued it happened, but mostly he just looked at you and very directly said in a very loud and stern voice, You are [expletive] up my company, or, If we fail, it will be because of you. He was just very intense. And you would always feel an inch tall."

"Compounding all the technical challenges, Jobss obsession with secrecy meant that even as they were exhausted by 80-hour workweeks, the few hundred engineers and designers working on the iPhone couldnt talk about it to anyone else. If Apple found out youd told a friend in a bar, or even your spouse, you could be fired."

Christ, what an asshole.

hayksaakian 3 days ago 2 replies      
Talk about literally "fake it till you make it"

-----(regarding the presentation)

They had AT&T, the iPhones wireless carrier, bring in a portable cell tower, so they knew reception would be strong. Then, with Jobss approval, they preprogrammed the phones display to always show five bars of signal strength regardless of its true strength. The chances of the radios crashing during the few minutes that Jobs would use it to make a call were small, but the chances of its crashing at some point during the 90-minute presentation were high.

ultimoo 3 days ago 3 replies      
>> The 55 miles from Campbell to San Francisco make for one of the nicest commutes anywhere. The journey mostly zips along the Junipero Serra Freeway, a grand and remarkably empty highway that abuts the east side of the Santa Cruz Mountains.

While scenic, the 280 is certainly not 'remarkably empty'. I make the commute from San Jose to SF everyday and wish I shared the enthusiasm of the author. Apologies for commenting on something completely orthogonal to the point of the OP.

padmanabhan01 3 days ago 1 reply      
Articles like this help to show all the work involved in the path from a vague idea to a finished product. That's the hard part. Guess that's why they get upset when some other company just sees the end product and just makes a clone of it, without having to face all the hurdles to arrive there from the initial idea..
siglesias 2 days ago 0 replies      
Amusingly, there was one technical snafu during the presentation. Steve's clicker stopped responding [1]! Of course, the way he handled it, in my opinion, made the presentation that much better and that much more human.

1) http://www.youtube.com/watch?v=9hUIxyE2Ns8&feature=youtu.be&...

forgottenpaswrd 3 days ago 1 reply      
"The thinking goes, why let bad Internet or cellphone connections ruin an otherwise good presentation? But Jobs insisted on live presentations. It was one of the things that made them so captivating. Part of his legend was that noticeable product-demo glitches almost never happened."

What is interesting is that product-demo glitches happened all the time. We went to one presentation in which Steve had to ask for people not to use the Internet because they had not enough bandwidth.

But mistakes were so "naturally handled" that people just did not care.

I think Edison said, you will not be remembered by your mistakes, but from your successes.

cbr 3 days ago 4 replies      

    "The solution, he says, was to tweak the AirPort software     so that it seemed to be operating in Japan instead of the     United States."
Great solution, but illegal. Did they get permission or just do it?

Aloha 3 days ago 3 replies      
The technical details of the presentation are interesting, but less relevant than how well the device worked at launch. It worked. The iPhone was a success not because it was the first, but because it was the first really usable device, it put everything that came before it to shame.
mcenedella 3 days ago 4 replies      
It's easy to forget how far Apple had already come by this point. I re-discovered this super-insulting dude asking an obnoxious question to Steve at WWDC 1997: https://news.ycombinator.com/item?id=6497475
codeulike 3 days ago 1 reply      
Watching the original iPhone unveil, it was pretty surprising to see all the Google love from Steve, and Eric Schmidt come bounding onto the stage http://www.youtube.com/watch?v=OxUDiS3AR0M
plg 3 days ago 1 reply      
"In the span of seven years, the iPhone and its iPad progeny have become among the most important innovations in Silicon Valleys history. They transformed the stodgy cellphone industry. "

What other stodgy industry is there that Apple could easily disrupt? How about this: how does it make you feel when you use the DVR box that your cable / satellite company forces you to use, to watch tv? I know the answer for me. Seems like low hanging fruit with potentially enormous payoff for Apple.

chernevik 3 days ago 0 replies      
The timing of the project launch is pretty remarkable. It seems that Jobs wanted to do this for some time, but was waiting and watching for technical feasibility. From the effort they had getting the demo to work, it seems that they launched the project something like immediately after the progress of the component technologies brought that feasibility into view. And even then they had to manage risks, and then they had to get the thing into production.

And while that suggests some pretty deep technical savvy at executive levels, they still had heartburn over seemingly simple questions like "can you put radio waves through aluminum?"

It seems to me that the genius of Jobs was 1) to envision customer experiences based on really remarkable extensions / integrations of existing tech and 2) to judge the moment when those visions had gone from "someday" to "now".

valgaze 3 days ago 0 replies      
The unsuccessful partnership with Motorola (& Cingular wireless) mentioned in the article was probably w/ the "Rokr"

See press release:http://www.apple.com/pr/library/2005/09/07Apple-Motorola-Cin...

mistercow 3 days ago 1 reply      
>What worries Apple fans most of all is not knowing where the company is headed.

As a former Apple fan, I actually find the iPhone's hemorrhaging of market share and Apple's uncertain future extremely encouraging. I always attributed the things I liked about Apple to their struggling underdog status. They lost that with the iPhone, and they've never been the same since.

It will be fascinating to see if some of the old Apple shines through in the years to come.

AndrewKemendo 2 days ago 0 replies      
I think it is hilarious how Jobs basically reinvented the wheel when it came to operations security, when there have been major organizations doing secret things for decades that he could have pulled the lessons from.
YOSPOS 3 days ago 1 reply      
Keep this story in mind when idiots on the internet talk about a "rectangle with rounded corners".
ChikkaChiChi 2 days ago 0 replies      
A nice reminder that the screen sharing built for the initial demo still doesn't exist without jailbreaking a device. :
yashg 2 days ago 0 replies      
I always thought Apple took the iPod and added phone radio to it, then they took out the radio, made the screen big and called it iPad. Not anymore. This is interesting stuff.
daned 3 days ago 0 replies      
I thought I had it tough as a Sales Engineer but I am a piker compared to these guys.
vonsydov 3 days ago 0 replies      
I'm still on 4s with ios 5. don't use siri.
bitwize 3 days ago 5 replies      
iOS is starting to regain marketshare from Android. Now that Apple is making serious downmarket moves with the 5C, it may soon be time to rethink whether Android was ultimately successful at competing with Apple.

Within two years, non-iPhone smartphones will be niche players with partisan user bases, but the bulk of mobile development will be once again for iOS.

Ocean acidification due to carbon emissions is at highest for 300m years theguardian.com
319 points by anon1385  4 days ago   144 comments top 25
JumpCrisscross 4 days ago 3 replies      
How credible a source is IPSO, the author of the report backing this story? From what I can tell it's a U.K. non-profit hosted by the Zoological Society of London [1], itself a U.K. non-profit [2]. Alex Rogers, IPSO's Scientific Director [1], is also a Professor in Conservation Biology at the University of Oxford [3].

Paper article is based on: http://www.stateoftheocean.org/pdfs/Bijma-et-al-2013.pdf

[1] http://en.wikipedia.org/wiki/International_Programme_on_the_...

[2] http://en.wikipedia.org/wiki/Zoological_Society_of_London

[3] http://www.zoo.ox.ac.uk/people/view/rogers_ad.htm

moultano 4 days ago 1 reply      
In a bit of cosmic irony, most fossil fuel was created from mass extinctions that accompanied changes in ocean chemistry: http://en.wikipedia.org/wiki/Anoxic_event
hcarvalhoalves 4 days ago 4 replies      
The short-term scenario is not good, but from the little I know about aquatic biology/chemistry, it might not be as catastrophical as the article pictures it.

Increased CO2 levels should just cause algae/cyanobacteria blooms, which will balance CO2/O2 levels back again and foster primary consumers (solving over-fishing as a bonus). Also, H2CO3 gets buffered by all the Ca/Mg content in the ocean, so I don't think it's even possible for the pH to just drop forever (as in the graph someone posted in one of the comments here).

colmvp 4 days ago 2 replies      
The Seattle Times did an interactive article about this very subject last month:


Smudge 4 days ago 3 replies      
"This story has broken an embargo and will shortly be taken down. It will be relaunched to the site at 6.00am BST. Apologies"


SCAQTony 4 days ago 3 replies      
Let's presume it is all true. Gizmag quoted a study that 15-container ships (just 15) dole out the same amount of pollution as 760-million cars. (I shit you not):


God knows what coal and power plants produce but nonetheless, why does the IPSO and The Guardian have to scare the shit out of everyone instead of offering some sort of real, solution?

If this is all true and this is as dire as they say, one would think or suggest that the military take over the shipping duties of these 15-container-ships and use 15-nuclear-powered vessels instead? this would remove the carbon footprint of these polluting vessels and/or 750-million cars per day with way less waste?

Next, onto the power plants instead of the barbecues and lawn mowers?

kmfrk 4 days ago 2 replies      
I hope you like jellyfish.
IanDrake 3 days ago 2 replies      
Just thinking out loud here...

Can anyone think of other cases where science is used to predict the future of complex systems more than 2 years in advance?

I'm not talking about moore's law, but statistical models used to predict the future. How many solar flares will there be in 2020? What will the DOW be in 2050? How many democrats will be in congress in 2021? Stuff like that.

So far, the only ones I can think of are models that always spit out the same message... "The earth is dying and we're at fault."

I'm just curious if anyone knows of any predictive models that weren't created to scare the shit out of people.

j_baker 4 days ago 1 reply      
They talk about the oxygen content falling by 7% by 2100. This makes me wonder: let's assume the worst and earth is headed for a mass extinction event. How long do these events usually take? Are they slow processes, or does everything just die one day?
genwin 4 days ago 1 reply      
> imperilling marine life, on which billions of people depend for their nutrition and livelihood

Nature always win in the end! Hopefully the plunge in human population can be handled mostly by attrition.

protomyth 4 days ago 4 replies      
Can the CO2 be removed from the ocean and broken into C and O2? Is this geo-engineering we can do?
Demiurge 4 days ago 2 replies      
Is there any reason no one is talking about terraforming seriously yet? What kind of technologies can be used to draw the CO2 out of the atmosphere, how much would it cost to make a difference?
efnx 4 days ago 2 replies      
It's sad to me that this is not the top post. It seems that fact is a reflection of the problem at hand. We don't care about the oceans as much as we care about Twitter. :(
xsace 4 days ago 0 replies      
It's like playing Sim Earth on my dad SE30 as a kid.I could never get it right and always ended up with a desert or icy planet :(
ommunist 4 days ago 2 replies      
This is one more 'climate change' BS. It does not stop fascinate me how self important climate change advocates are. Humans are not geological factor. Besides no one really have time machine to check validity of such claims. And we know very small about actual chemistry of the oceans, especially when it is deeper than SF beaches.

Disclaimer: I participated in research of lake sediments looking for insights about metal pollutant trends.

AsymetricCom 4 days ago 1 reply      
Kind of off-topic: if ocean temperatures are increasing, isn't this the same thing as the ocean having more potential energy? If energy generation from waves was increased substantially, would this cool the ocean or act as a dampener against the earth's rotation? Perhaps both?
graycat 4 days ago 0 replies      
Yup, why do I suspect that this articleis more of the same from the big movementto claim that humans are evil, carbonis filthy, filthy humans are ruining theplanet with evil carbon, or evil humansare ruining the planet with filthy carbon,and the only hope for the planet is massive,UN directed carbon cap and trade to sendmassive amounts of money from the evil,rich nations to the noble, poor nations,and that humans should junk their carsand either walk or use bicycles, and therich nations should feel ashamed andguilty for their grossly excessive useof the finite resources of our pure, precious,pristine, delicate planet, right at thetipping point of total devastation?

Do I have that about right? Or we couldborrow from the Mayans and kill peopleand pour their blood on a rock to keepthe sun moving across the sky or, in thiscase, save the planet from filthy carbonfrom evil humans. Or, we need a boys'band complete with uniforms to counterthe sin and corruption of a pool tablein town. Let's have some more flim-flam,fraud scams!

16s 4 days ago 0 replies      
The sun is going to burn out some day. When that happens, no one will care about ocean acidity.
shire 4 days ago 0 replies      
And this might get worse because population is increasing so rapidly.
ffrryuu 3 days ago 0 replies      
Acidic loving species rejoice!
eonil 4 days ago 1 reply      
I think radioactive garbages in Pacific ocean from Fukushima would do better job.
rubyalex 4 days ago 4 replies      
What does 300m years mean? Is that 300 or 300 Million?
ancarda 4 days ago 4 replies      
While I recognise this question might be abrasive, I feel compelled to ask it.

Why does this belong on Hacker News?

This isn't technology. This isn't legal news (i.e. software patents). This is in no way related to Hacker News. I have no problem with interesting articles being upvoted, but I feel we need a place to put these or a tagging system similar to lobsters.

A "Hacker's" Guide to the Bay Area islandofatlas.net
299 points by presty  2 days ago   127 comments top 35
GuiA 2 days ago 5 replies      
Nice! I've lived here for almost 2 years and a half now, and love the Bay Area. Some personal responses to the article:

- re:exercize, I highly recommend climbing. It's easy to pick up, you can do it alone (bouldering) or with a partner (great thing to do with a date/SO :-), and the equipment cost is minimal, it uses all the muscles in your body and is oddly technical. The Touchstone network is great; it includes Mission Cliffs (SF, Mission); Great Western Power Company (Oakland). In the valley, Planet Granite is good. Swimming is also similarly great but harder to find nice clean pools in the city.

- re East Bay: I highly recommend living there if you work in downtown SF. Your commute will be slightly more expensive than if you lived in SF, but it could end up being shorter (I live near 12th St Oakland and get off at Montgomery- 25 minutes total commute).

- re:rent - the situation in SF sucks and will keep sucking for a while. It's a constant competition, you have to kiss the landlord's ass and fight with 20 other people at open houses, etc. Once again, the East Bay is highly recommended (Oakland for a city feel, Berkeley if you like to have a yard and be surrounded by trees- but the commute will be longer). In the valley, roommatehood is recommended. I lived with Stanford med students for a while, which was amazing because a) they were poor so they encouraged me to live frugally, b) they were delightful people and it's always nice to hang out with non techies, c) they were mature and focused on their studies so there was zero drama and zero messiness in the house.

- re:food - learn a dozen or so basic recipes, and cook yourself. You will save money, and what you eat will be way healthier. Also as a European I find US portions huge and feel bad about throwing out food everytime I eat out.

- re:meetups: it can be hard to make friends outside of work when you're out of college- meetups are amazing for that. For romantic aspirations, I would also recommed online dating. OKCupid is heavily used by young people in SF, and also allows you to meet people from outside the tech circle.

- re:meetups^2: at first, it can be tempting to go to meetups 2-3 times a week or more. I've found it to be pretty draining after a while - not all meetups are created equal, sadly. These days, I tend to do more 1-2 meetups a month tops, but of very high quality (to me- naturally, high quality for me is not necessarily high quality for you, and vice versa). Of course, finding high quality (in terms of interests, but also in terms of the kind of people you get along with best) meetups can only be done through experience - so if you've just moved here, go insane and explore!

- The valley is minuscule and after being there for a bit it feels like everyone is within 2 degrees of separation. Be professional, friendly and respectful of everyone, and don't burn any bridges. Keep in touch with people you like - a coffee/meal once a month or so is a great way to do so. If you can, find mentors (ideally not at your workplace- your boss is rarely the best person to go to for career advice) whom you can look up to.

- re: Hacker Spaces - I really love noisebridge and its mission, but it can be a little grungy (mostly because of SF's socio-economic shape at the moment). Especially in the recent months, there has been a lot of drama due to some people not playing by the rules there. Sadly, it can hurt the atmosphere a bit. I would recommend checking it out, but be aware of that. Hacker Dojo is way more PC and family friendly. I've heard great things about Sudo Room in Oakland.

- side/open source projects are important for your mental and intellectual sanity, for your "personal brand", and because they can lead to positively unexpected situations. However, some employers frown upon them (some will subtly discourage you from partaking in them or submitting a talk proposal to that conference, while others will outright forbid them cough cough Apple cough). In those cases, I like to apply the "forgiveness rather than permission" and "what they don't know can't hurt them" heuristics :-).

- on a similar note, Silicon Valley has a very friendly atmosphere, and as it was put- there are no other places in the world where you can work in sandals while eating M&Ms. However, don't forget that at the end of the day, your employer is your employer - not your wife, or your girlfriend, or your parents, or your kids. It's a two way street - you should be getting as much out of the job as the job gets out of you - and jobs in Silicon Valley are very demanding and tend to take a lot from you. Don't feel bad about quitting a job that does not jive with you just because your boss is a cool guy who will play beer pong with you on Friday nights. Be thankful for what you have, but remember that engineers are in high demand. "Company loyalty" and "company culture" are words that employers know how to use to their ends. In what I've seen of Silicon Valley Companies who claim loudly that they have "work/life balance" and actually do encourage it are a minority (that can't mean that it's impossible to achieve- just that you may have to work a bit for it to get it).

Finally, a tip for fresh grads: it can be pretty mindblowing for people right out of college to have a 5 figure (or in some cases, 6 figure) salary after living on ramen for years. Some people spend it by getting a really nice place, buying a fancy car, and going to Tahoe every other weekend. I would recommend trying to put aside 50% or so of your take home paycheck every month - it's easily doable without compromising too much, and if you want to treat yourself down the road (take 3 months to travel the world, or dive into your own startup, etc.) you'll be happy to have several months (if not years!) of living expenses saved up.

dmethvin 2 days ago 2 replies      
> One of the biggest shocks I faced when I arrived to the Valley was finding out that it was a very suburban environment. Mountain View, Palo Alto, Sunnyvale are completely suburban.

I suppose it depends on your definition of "suburban". Each one of those cities has a bona-fide city center and nearby residential development dense enough to allow a very walkable environment. It's a lot worse in many places back east including my area.



gue5t 2 days ago 2 replies      
I am, without any sarcasm, very glad to see the scare quotes around the word "hacker" here. I'm thankful that there's a dawning collective agreement that the term as used in this community ("someone who makes websites or software, generally as a career") has completely devalued its original meaning, which is not without merit, and which is very hard to bind to another term at this point.
timr 2 days ago 5 replies      
There are lots of other gyms in the city besides the wretched, filthy 24-hour-fitness syndicate: Club One (slightly more expensive, but better), Crunch Fitness (ditto), World Gym (caters toward meatheads), Fitness SF (formerly Gold's; tends toward gay/female clientele), Sports Club LA (super expensive; incredibly nice), Equinox (also super deluxe/expensive), Bay Club (ditto), Mission Cliffs and Planite Granite (climbing/hippies/hipsters), Planet Fitness (almost as cheap as 24hr; fewer locations but much cleaner), and the YMCA (moderately cheap, clean, functional). There are tons of smaller gyms, as well...mostly expensive crossfit and personal training outfits, but some boutique all-purpose gyms, too.

If you're looking for a gym, do yourself a favor and don't just sign up for a 24-hour fitness membership without looking around. You can do a lot better for not much more money. About the only thing you can say in favor of 24h is that they're cheap and open late.

If you can afford ~$60 a month, you have a lot of options, particularly if you negotiate. The YMCA is a good option in this range, and they don't jerk you around with contracts and high-pressure sales.

nilkn 2 days ago 3 replies      
$700 seems way, way too low as a starting point for rent in downtown San Francisco or Palo Alto. Double that and you might get a crappy studio--maybe.
samatman 2 days ago 0 replies      
The San Francisco Bay Area is named after our largest bay, the San Francisco Bay.

Which was named after St. Francis in 1769. Later, there was the Mission, San Francisco, in 1776; later still, the village of Yerba Buena took on the name San Francisco.

Welcome aboard!

lnanek2 2 days ago 1 reply      
As long as we're talking about being cheap and transportation, there's a pretty quick bus completing the loop from the end of the BART to the south in the East Bay to San Jose and Caltrain. As someone who rents in deep East Bay, Walnut Creek, it's often faster to go along the bay like this to get to Ebay/Paypal/whatever than BARTing into the city and taking the Caltrain down. OAK airport is very nice as well, with SFO constantly closing runways due to weather.
Decade 1 day ago 1 reply      
Haha, not bothering to explain the wired Internet situation. Short version: You probably should get Sonic.net.

The dominant companies are AT&T and Comcast. I hate them both, but I hate AT&T more, because of their poor customer service and slow speeds and high prices and defective software. In much of Europe, 6Mbps is not considered broadband. In the San Francisco Bay Area, 6Mbps is the standard.

If you're stuck in an area with AT&T, and you're unable or unwilling to deal with Comcast, then you should use Sonic.net. They use AT&T phone lines, but their business model is based on Free.fr. I'm hoping that the more customers they get, the quicker they can get around to installing fiber in my neighborhood, like they said they would 2 years ago.

And then there are various other, small Internet providers. In select neighborhoods of San Francisco, you can get Monkeybrains fixed wireless. In select apartment buildings, you can get Webpass fiber to the premises. If you want cable without Comcast for some reason, there's Astound.

That's about it for San Francisco, unless you're a business spending loads of money. Also, one neighborhood each of Palo Alto and Sebastopol have test runs of fiber from Google and Sonic.net, respectively. I don't know what else is available in the rest of the bay area.

joebeetee 2 days ago 3 replies      
We moved here 3 days ago from the UK, so some other random tips (more family oriented than single person)

1) In addition to Craigslist, Livelovely.com seems to be a great amalgamator site for finding houses.

2) Be careful when about booking a place without seeing it (we booked a 1 month Airbnb while we searched for places) There are lots of INSANE hills that are totally impossible with a stroller. Even driving up and down them was daunting.

3) Credit score seems to be important for everything. We had to put an additional $400 down on each phone because we didn't have credit.

4) Saying that - so far every landlord who we've spoken to has been open to some other kind of deal - normally an extra months rent as a deposit, or paying a month or 2 in advance.

pg 2 days ago 3 replies      
Palo Alto: Palantir
kristjan 2 days ago 0 replies      
On housing, I'm happy to report that Craigslist isn't the only option. http://apartmentlist.com is somewhat more pleasant to use and less full of duplicates / other nonsense.

Disclosure: I work at Apartment List. Since someone already mentioned LiveLovely, I suppose I'll recognize them too :-D

cgtyoder 2 days ago 2 replies      
Thanks for not mentioning the 280. We're trying to keep that a secret.
pshin45 1 day ago 0 replies      
I just recently moved to San Francisco, and for the "Housing" section, I highly recommend mentioning "Padmapper" (web app & mobile app) to quickly navigate all the different Airbnb and Craigslist listings in one place.

They have a great map-based UI that easily lets you see how many listings are available where and for how much, and you can easily filter by price, type of stay, # of bedrooms/bathrooms, etc.

michaelochurch 2 days ago 3 replies      
Someone should write, for the starting-out 22-year-olds out there, a guide on how to do technology outside of the Bay Area.

The Bay Area had a great run, spanning several decades, but the VC darlings and private equity carpetbaggers who never belonged in the tech scene, in their zeal to turn everything into a shitty New York knock-off, ruined it.

It's not the land of opportunity any more. You're not going to get rich on 0.05% "equity" (inequity?) in some hail-Mary startup, nor are you even going to get the implicitly promised (but rarely delivered) investor contact and the mentoring to be a founder in the next go; get real, the train has left the station. I don't know where the next emerging opportunities are, but if you're 22 right now and have no inherited connections, the VC-funded nonsense is far along in its decline process that, by the time you'll be positioned to take advantage of it, the opportunities will all be gone.

Bay Area VC-funded companies are now the conservative, boring choice. They don't involve much risk. There's almost no upside, because engineers aren't respected in that world any more. It's what you do if you're 22, intelligent, prestige-focused, and can't think of anything else. There's nothing wrong with it, as such-- most 22-year-olds have no clue what the fuck they want to do with their lives, that's nearly universal, and it's generally not a mark against the person-- but it'd be better to see more material pointing the young to something that still has real opportunities. VC-istan social climbing ain't it. It's become like the investment banking analyst program, but instead of getting a bonus every year, you get a get a bonus at "liquidity" if that ever happens-- and if you're an engineer, it's a mediocre one and you'd have done better at a hedge fund.

If I were just coming out of school, I'd move to Chicago or Austin before San Francisco, just to avoid the effective debt bondage of exorbitant rents. New York's also nice if you're into finance, although its tech scene is pretty pathetic.

The real goal should be to end the tyranny of location, because it hurts people on both sides. First, it forces people to move out to San Francisco who really don't want to be there; that's probably half the Bay Area tech industry-- people go for the opportunities that are there, not the place itself. Second, it drives up rents and ruins things for the natives who've lived there forever and love the city-- and it should be given back for them.

therandomguy 2 days ago 5 replies      
Hi. I moved to the Bay Area last week. I'm a family guy with little kids. I split my time between San Mateo and San Jose. Regular tech job. In about 6 months I will start lookin for a house to buy. I don't mind upto 50 mins of commute each way. Any recommendations?
js2 2 days ago 0 replies      
Under activities, you must add a link to http://www.bahiker.com/
trishume 2 days ago 0 replies      
I loved this guide. I appreciated the information on expenses, transportation and the summary of which companies are where. I'm impressed that it is possible to live on 30k/year even with the high rents and other costs.
ww520 2 days ago 0 replies      
The Bay Area has a lot of hiking trails where not many people know. Marine county alone has hundreds of trails. Lots of trails in the mid-peninsula, inland, in the mountains, along the coast, along various reservoirs, lagoons, or lakes. East Bay has lots of trails in the mountains. Evan SF has some. Land's Ending at the Pacific coast is perfect for an easy sunset hike.
yaelwrites 2 days ago 1 reply      

This is cool. One addition: a great place to work out for those who like throwing heavy shit around is Catalyst Athletics in Sunnyvale. http://gym.cathletics.com/ Disclosure: I work with the monthly journal they put out--but only b/c they're awesome.)

welder 1 day ago 0 replies      
One thing is missing: bay area bike share


dylz 2 days ago 0 replies      
Suggestion for more food: East Bay? Berkeley Bowl is pretty awesome.
joeblau 2 days ago 0 replies      
I wish I had this two years ago when I moved here.
ttdan 1 day ago 0 replies      
Thanks for the guide I just moved out here this week to start as a founding engineer in a new VC-backed startup in San Francisco. Anyone have any recommendations for finding roommates in the area?
fersho311 2 days ago 1 reply      
My friend and I curate a secret list of fun events to go to in the bay area, most of them tech and startups. Hope someone finds it useful! http://events415.com/
patrickmclaren 2 days ago 0 replies      
How is the nightlife in the Bay Area?
t413 2 days ago 0 replies      
The fitness section missed rock climbing! It's a great community that's very popular with young engineers. Mission Cliffs (touchstone gyms) and Planet Granite are the big names and there's endless beautiful real rock around the area to be found too.
mstepniowski 2 days ago 1 reply      
Now, does anyone know of a similar guide, but for Seattle area?
architgupta 2 days ago 1 reply      
What do you guys recommend for health insurance as a freelancer?(Short term and medium term visit
cloudwizard 2 days ago 0 replies      
What about the Peninsula? Close to SF but with sun and car friendly. Close to SV but easy drive to SF. Personally, I like being within an easy drive to SF but not be in SF.
pacifi30 2 days ago 0 replies      
You are so good, I love all the details about the day to day requirements you included in your blog.
akoo 2 days ago 0 replies      
excellent article. Why doesn't this exist for every city in the world?
dbieber 2 days ago 0 replies      
Don't forget Google Shopping Express!
bradL 2 days ago 4 replies      
The Bay Area is not Northern California. It is Central California. Examples of places in Northern California include Yreka, Eureka, Redding, and Klamath Falls.

I have found that (Bay Area subset of N. CA) is a very common misconception of people who have recently moved to the area.

wudf 2 days ago 0 replies      
This is really great. Recent grad from Boston here :)
briankim 1 day ago 0 replies      
Great guide, thank you
A Big List of D3 Examples christopheviau.com
298 points by biovisualize  19 hours ago   42 comments top 18
brucehubbard 26 minutes ago 0 replies      
Had some traffic to my site from random places in the world (Brazil, Sweden, India) and had no clue where it was coming from until I saw this thread in my twitter feed. Mine is the Facebook Mutual Friends one.

You could also check out my slides from one of my d3 talks (with interactive examples):


jedbrown 13 hours ago 1 reply      
When I need to make graphics for research talks, I usually turn to TikZ [1] since I currently make talks using latex-beamer. But I'm always impressed when I look at D3.js and I think it would be great to have a more reliable way to add animations, as well as putting interactive content on my website.

Given that LaTeX math is important to me, should I make a serious effort to learn D3.js (and one of the HTML slide deck packages) or stick with LaTeX? Note that figures usually can't be directly reused between talks and papers anyway, but a modest amount of tweaking is usually enough. Using HTML/D3.js instead of latex-beamer for talks would probably make reuse in talks more difficult.

[1] http://texample.net/tikz/

sakai 19 hours ago 0 replies      
Ugh, I clicked a few of the earthquake examples (did a similar viz in the past) and saw that none of them was working.

Then looking at the curl responses one gets, "Due to the Federal government shutdown, usgs.gov and most associated web sites are unavailable. Only web sites necessary to protect lives and property will be maintained."

One can only wish they saw these and similar APIs as important infrastructure that needs to remain functional.

Otherwise -- this is very helpful! Thanks so much for assembling the collection.

javajosh 18 hours ago 3 replies      
1900 D3 examples.

1723 of them by Mike Bostock! [1]

[1] number is made up but almost certainly close.

shmageggy 18 hours ago 1 reply      
1171: null was my favorite.


joeblau 11 hours ago 1 reply      
Does anyone know if there is a good D3 example of something like noflo [1]? Most of the graphs D3 has are great for data visualization but not as helpful if you're trying to build a system for interaction between nodes that you don't want bouncing all over the place.

[1] - http://noflojs.org/dataflow-noflo/demo/

thrownaway2424 18 hours ago 0 replies      
Timely! I've been searching for "Zoomable Sunburst" but was unable to find it. If it's "a treemap, except it uses a radial layout" why don't they call it a radial treemap, instead of a sunburst?

Anyway, recall problems aside, this gallery is fantastic.

tieTYT 19 hours ago 1 reply      
I wish this had thumbnails of the link I will be redirected to. Still a good list though.
kbar13 19 hours ago 1 reply      
The title is a bit more literal than I hoped.

Opened link, saw huge list of text links, closed.

You know, it would be cool if the list of d3 examples was itself a cool interface powered by d3.

boothead 18 hours ago 1 reply      
Any thoughts on vega? http://trifacta.github.io/vega/
jeybalachandran 18 hours ago 0 replies      
dzink 16 hours ago 1 reply      
They forgot mine!http://www.doerhub.com/of/dzink

D3 based profile visualization of interests and stages of needs in each field.

More about what it means here: http://www.doerhub.com

danso 19 hours ago 4 replies      
It's interesting that some of the NYT visualizations are static graphics that normally, back in the print-only days, been done in Illustrator. Here's a map of Chicago killings done by Mike Bostock et al:


I wonder if making static charts via D3js has some time-savings/production advantages when the dataset is large enough? Before you say "maybe they just wanted vector graphics that worked for high-res"...that's obviously a benefit, but not enough on its own to give the web devs a graphic that could've been done via the traditional means (many of the Times stories include static graphics as PNGs in the sidebar)

photorized 18 hours ago 0 replies      
D3 is awesome. We use it a lot.
adamb_ 19 hours ago 2 replies      
First link I tried was dead... #48
wildmXranat 16 hours ago 0 replies      
nice compilation
viggity 19 hours ago 1 reply      
very cool, christophe, thanks for taking the time to compile this list.

The one thing that always astounds me about people who generate dataviz with d3 is that they almost never do anything interactive with it (filter, zoom, etc) and if they do, they won't use any of d3's insanely cool/easy transitions to make the visualization smoothly morph from one state to the next.

Really, if you're going to start messing around with d3, read about Mike Bostock's thoughts on change blindness and object constancy.


amazing example 1:http://bl.ocks.org/mbostock/1256572

cool example 2:http://bl.ocks.org/mbostock/3808234

Appmaker mozillalabs.com
293 points by co_pl_te  2 days ago   90 comments top 31
davidascher 2 days ago 2 replies      
Whoa. Definitely wasn't ready for HN-style exposure.

As bmoskowitz pointed out we have some rough words about the project. For this group, I'd in particular point out the roadmap and CONTRIBUTORS.md documents on the github repo:

  https://github.com/mozilla/appmaker/blob/master/ROADMAP.md     https://github.com/mozilla/appmaker/blob/master/CONTRIBUTING.md
I wrote some earlier words at https://github.com/mozilla/appmaker-words/wiki, but that's quite possibly out of date.

At the highest level, we're exploring whether it's possible to make a tool that lets non-devs (_not_ you folks!) who currently see their phones as a pure engine of consumption, as a place where they can create something fun or useful.

It's very, very early software, and it's public mostly because a) we kinda don't know how to do anything else, and b) we're going to use early and frequent user feedback to correct the aim on the product.

If people are interested, we're more than happy to entertain questions either here or on github, irc, the mailing list, etc.

Oh, and yeah, many of the components are broken, brittle, etc. This is still just a prototype.

That said, we're getting positive reactions from people close to our target audience, such as high school teachers, people teaching others how to make their first app, etc.

I'm sure we have loads of x-browser compatibility bugs, as well as known issues with respect to accessibility, absent localization, no great mechanism for contributing new components, and many more.

Oh, and the gamification bits in particular were really just testing the gamification APIs -- the levels we have in place are deeply unuseful =).

JoeCortopassi 2 days ago 12 replies      
"Oh wow, that seems neat. I should check that out"

clicks link on Hacker News

"Hmm, not sure what this is about. I'll just hit the 'Start' button"

Hits start button. 'Add a button' dialog pops up

"That seems pretty straight forward, I'll just add drag that thing labelled 'Button' from the left window pane, on to what looks like a smartphone"

Drags button over. Gets 'Congratulations' box

"Wow, this is really intuitive so far. With a little effort, something like this would be a real game changer in the mobile space!"

New dialog pops up: 'Add a randomcat component to your app

Looks around for anything labelled 'randomcat'

"Huh, thats strange. I wondered if it's labelled something else and I'm just missing it"

Looks for 'random', 'cat', 'Cat.random()', and any other possible combination

"Wtf mate?"

Gives up and leaves

davidascher 2 days ago 3 replies      
Hey HN, if you're curious about this, I suggest you watch this video (http://youtu.be/RaRIdLgZTPI) which shows a quick demo, and/or:

- opt out of the levels thing on first load, it's not ready. - instead, jump straight in the designer and run through these few steps:

- drag & drop a button, click on it, notice it sends out messages on the blue channel- D&D a counter, notice that it listens to a blue channel, and that the button clicks cause it to increment (that's how we "program" these components- D&D another button, make it emit on a different color, and configure the counter to "count down" on that color. That way one button increments, the other decrements

- D&D the fireworks component, configure its "shoot this many rockets" to a third color (and clear "shoot rocket); make the counter emit on that color. Enjoy the fireworks show.

- Other components that work well for understanding things are:

- ratings widget - input widget connected to a map widget will center the map on a place name (although HN will likely exceed the limits on our usage of the OSM server; need to setup another one =() - flickr widget can do both topic and location searches

Let us know if you have ideas for components we should build (or submit a PR!).

The publish button will create "hosted apps" which can be installed on FirefoxOS, Firefox for Android, and incidentally recent builds of Firefox desktop, although the focus for Appmaker is very much mobile apps).

bmelton 2 days ago 1 reply      
Since nobody can seem to figure it out -- As near as I can tell, this is a not-quite-fully working app-maker demo, that 'publishes' to static HTML and Javascript files hosted on Amazon S3.

The gamified GUI is a little bit confusing, and you end up with a resulting 'app' (that sometimes takes a few reloads to work, oddly) with an Install button that doesn't seem to do anything yet -- but which I suspect will be a link to save 'as an app' icon to your mobile phone's homescreens.

It's not fully baked, at the moment, and it appears that some of the widgets aren't loading, but it's definitely a neat proof of concept, that was either leaked early, or is for some reason swamped under load, or something.

bmoskowitz 2 days ago 0 replies      
From someone peripherally involved in the project:

This is an open source project, community-built from the beginning. It's pre-alpha. Pre-pre alpha, even. There has been no public launch or fanfare. That's why you'll see no blog posts or explanatory text yet, why many of the components don't work, and why the tutorials aren't built.

But it's cool to see that it's already found its way to HN.

It's meant to be like Hypercard for mobile apps.

If you want to learn more, check out the repo:


or the vision stub / wiki:


geuis 2 days ago 2 replies      
Sadly, as it seems to be the comment I leave most these days, it doesn't work on mobile browsers. At least mobile Safari.

I understand that there are some interfaces that aren't meant for mobile. There are some that aren't meant for desktop. But at a minimum, you have to make some small effort to give a message to those visiting from unsupported platforms. It shows that you care.

If it doesn't seem like you care about the experience I'm having with your product then I have no motivation to go back and try it again.

abrichr 2 days ago 1 reply      
It hangs on the "Loading" animation to the left of the screen. Chrome 30.0.1599.69 m, Win8x64.

Console output:

    Unexpected identifier in definition of component "app-image-gallery". ceci.js:502    SyntaxError: Unexpected identifier        at Window.Function (<anonymous>)        at Ceci.processComponent (http://appmaker.mozillalabs.com/vendor/ceci/ceci.js:497:19)        at Array.forEach (native)        at processComponents (http://appmaker.mozillalabs.com/vendor/ceci/ceci.js:541:16)        at XMLHttpRequest.xhr.onload (http://appmaker.mozillalabs.com/vendor/ceci/ceci.js:573:15) ceci.js:503    Uncaught SyntaxError: Unexpected identifier in definition of component "app-image-gallery". ceci.js:497

leokun 2 days ago 2 replies      
I couldn't figure out the Cat.random thing. I'm pretty sure I could code a Firefox mobile app from scratch, but that UI is confusing, though pretty.
glesica 2 days ago 1 reply      
Doesn't seem to work in Chromium... I just get a "loading" message in the bar on the left side.
yesimahuman 2 days ago 1 reply      
As someone that makes tools like this for a living (Codiqa and Jetstrap), and I have to say it's quite well done. Nice work, and I'm sure the bugs will get ironed out.
MarcScott 2 days ago 0 replies      
The tutorial crashed for me, but after a refresh I made an app that took a photo and stored it in a gallery. There seems to be a lack of useful widgets, and few ways to customise them. It certainly has potential though, and I'll be showing some of my students on Monday
hayksaakian 2 days ago 0 replies      
Interesting. What I'd like is a chrome packaged app to Firefox app porting guide.

That'd seal the deal for me.

Schwolop 1 day ago 0 replies      
Did I miss something? Is there no way to get any of these components' broadcast channels to GET/POST to an API? Or their input channels to accept an HTTP input? I couldn't see this on the roadmap and it seems like such a no brainer that I then figured it was already baked in and I just couldn't find the GUI element to trigger it. Now I'm confused.

If such a thing were added I would use this every single time I end up making a crappy little html webpage to drive something. I've lost count of the number of these I've made.

sejje 2 days ago 2 replies      
This entire experience was quite opague. I can't figure out if it's a game or some GUI for basic apps or what.

I lost interest fairly quickly, and half of the components seemed broken.

hardwaresofton 2 days ago 1 reply      
Maybe change the icon (think it's still using the default express icon), and the drag/drop doesn't work for me:

Google Chrome30.0.1599.66 (Official Build 225456) OSLinux Blink537.36 (@158213)JavaScriptV8

ricksta 2 days ago 4 replies      
Looks neat, However, the widgets are not loading for me.
shn 2 days ago 0 replies      
I liked the idea of channels with colors and connecting components with it. Although it is primitive as it is, if it evolves it can be used as a great mock-up tool at the least. It is mistake to consider it for people who program for a living. Let's not shoot down ideas/concepts/proof of concepts.
netghost 2 days ago 0 replies      
I assume it's not quite done. I liked the channels for publishing things, lots of little rough edges, but it seems like a neat idea in general.
michaelpinto 2 days ago 0 replies      
I look at something half baked like this and my first thought is "I wish Steve Jobs didn't kill HyperCard"
Gravityloss 2 days ago 0 replies      
It's clearly being built right now. I get different pages at different times.
arnley 2 days ago 2 replies      
I could publish a very simple app, but I'm not sure where I can "install" it? Mobile Firefox maybe?Anyway, pretty neat visuals but a bit of lack of documentation right now. But I assume it's not yet ready to use as they did not communicate on this right now.
pearjuice 2 days ago 0 replies      
So how long does it take before the widgets are loaded?
devd 2 days ago 0 replies      
Cool - Created a simple app and pushed the app to Firefox on Android
jackmaney 2 days ago 0 replies      
As the kids say nowadays: what is this, I don't even...
hiyou102 2 days ago 1 reply      
This reminds me a lot of Android App Inventor. The main difference is that app inventor is a bit more advanced programming wise.
nathanathan 1 day ago 0 replies      
I really like the concept of building apps out of widgets connected by broadcast events. It reminds me of meemoo (http://meemoo.org/).
fununclebob 2 days ago 0 replies      
This is what I see as soon as the page opens: http://i.imgur.com/XQlQfXl.jpg?1

Note that it's hard to read the white text in the foreground.

ilaksh 2 days ago 0 replies      
I think this should be the normal way that devs build apps. There just needs to be a good and easy way to author components.
devd 2 days ago 1 reply      
nice Signals/Slot mechanism, similar to Qt. The color of the line needs to be matched to connect a signal to a slot. Customization of signals/slots seems to be not supported atm.
uxwtf 2 days ago 0 replies      
Tried it out, one star rating does not work for me.
xdd 2 days ago 0 replies      
I accidentally invented iphone mark 55
FastMails servers are in the US what this means for you fastmail.fm
284 points by masnick  1 day ago   165 comments top 27
nullc 1 day ago 5 replies      
> There are of course other avenues available to obtain your data. Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.

> These are not things we can protect against directly but again, we can make it extremely difficult for these things to occur by using strong encryption and careful systems monitoring. Were anything like this ever to happen we would be talking about it very publically. Such an action would not remain secret for long.

> Ultimately though, our opinion is that these kinds of attacks are no different to any other hacking attempt. We can and will do everything in our power to make getting unauthorised access to your data as difficult and expensive as possible, but no online service provider can guarantee that it will never happen.

This kind of frank disclosure should be highly rewarded. I provided similar frank disclosure text (elsewhere) only to have it whitewashed.

When everyone is underplaying the real limitations it's impossible for people to choose alternative tradeoffs "Why should I use this slightly harder to use crypto thing when foo is already secure?" because the risks have been misrepresented. Underplaying the limitations also removes the incentives to invent better protection "Doesn't foo already have perfect security?".

westicle 1 day ago 2 replies      
> Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it.

This is not true. The Australian Crime Commission has some of the most extensive secret coercive powers in the Western world.


I would suggest that either:

a) Fastmail is aware of this and is covertly spreading the word that it might be compromised; or

b) Fastmail needs better lawyers.

andrewfong 1 day ago 3 replies      
Note the obvious caveat though:

"There are of course other avenues available to obtain your data. Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers."

As the colocation providers are based in the U.S., they would be subject to the National Security Letters. FastMail claims this is no different from any other hacking attempt. But in a normal hacking attempt, colocation providers would be free to explain to FastMail the extent of any hacking on their end. Moreover, hackers typically do not have physical access to any data. Even with encryption, physical access opens up a lot of attack vectors that most sysadmins don't anticipate.

robn_fastmail 1 day ago 4 replies      
Hi, FastMail employee and author of (most of) that blog post here.

Just so we're clear, the point of this post was not that we don't think the rules don't apply to us. Instead we're trying to make it clear where position on these things are. The topic of this thread is a sensationalist sound-bite, nothing more.

I'm not going to go over the points again here because I'm pretty sure we said it all in the post (but ask questions if you like, I'll be here all week!).

The most important point to take away from this post is that your privacy is your responsibility. We're trying to provide you with as much information as we can to help you determine your own exposure, and to let you know what we will work to protect and where we can't help. Its up to you to determine if our service is right for you. No tricks, and no hard feelings if you'd rather take your business somewhere else!

rdl 1 day ago 0 replies      
The personal location of the operators is probably the #1 most important security risk; location of customers, location of servers, and country of incorporation are also important.

It's much easier to compel operators to do something (through legal threats or potentially physical threats) than it is to do any active modifications to a complex system, undetectably. Passive ubiquitous monitoring is a concern because it's passive and thus hard to detect -- it's highly unlikely TAO can go after a large number of well-defended systems without getting caught. Obviously they'd be likely to hide their actions behind HACKED BY CHINESEEEE or something, but even then, it's relatively rare to have a complete penetration of a large site in a way which isn't end-user affecting, and rarer still for the site not to publicize it.

That said, if I wanted to compromise Fastmail, I'd either compromise a staffer or some of their administrative systems to impersonate staff.

sschueller 1 day ago 4 replies      
The US government will just take their server. They don't care if you go out of business.

Look at what they did to megaupload.com.

brongondwana 1 day ago 0 replies      
Hello inflammatory headline.

That's a very small part of a lot of what we have to say, most of which is:

* we can't be compelled (under current laws) to install blanket monitoring on our users

* we can't be compelled to keep quiet about penetration that we notice

* there are always risks, including the risk that any random group knows unpublished security flaws in the systems that we use

We have written some things about techniques we use to reduce those risks (physically separate internal network rather than VLANS on a single router for example) - these help protect against both government AND non-government threats. But we can't make those risks go away entirely.

What we're saying is - the physical presence in the USA only changes one low-probability/high-visibility threat, which is direct tampering with our servers.

Regardless of the physical location of servers, we would still comply with legally valid requests made through the Australian Government.

It is our belief and hope that this process is difficult enough to mean that US agencies only ask for data when they have good cause rather than "fishing" - but still easier than taking our servers and shutting us down, with all the fallout that would cause.

bad_user 1 day ago 2 replies      
I found this article brutally honest. What they are saying is that (1) NSA snooping is more expensive for the NSA as they can't engage in blanket surveillance on all of their users, while keeping them silent, but on the other hand (2) you can't expect and shouldn't assume privacy, because if the NSA wants to listen on your traffic, they will.

This in combination with FastMail being acquired by its former employees, coupled with their investment in CardDAV and CalDAV, makes me really excited about them. I was actually looking for a good replacement to Google Apps and FastMail might be it. It's still a little expensive though, compared to Google Apps, I hope they'll bring those prices down just a little.

workhere-io 1 day ago 1 reply      
There's one question they haven't answered: Why do they even need to have their servers in the US? Their blog post admits that there's a big chance that the US is spying on their customers. Given the fact that FastMail is a Norwegian/Australian company, why don't they just move their servers to e.g. Norway?

I realize that even if the servers were in Norway, an email from a FastMail user to a gmail.com account would still be read by the NSA (because it would pass through American servers), but email sent from FastMail to other email hosts in relatively safe countries would not be read by the NSA.

CurtMonash 1 day ago 0 replies      
The persuasive part of this is disclosure. It's a promise to be open about any breaches, plus an observation that the US lacks the legal clout to stop the promise from being kept.
MichaelGG 1 day ago 1 reply      
The only real benefit I see here is that your IP won't be easily revealed. That is, given a fastmail account, the e.g. FBI cannot quickly get your login IP, like they can with e.g. Outlook or Gmail. So, for just low-level anti-surveillance, SSL to fastmail might suffice instead of using Tor with Gmail.

Unless you're using PGP or S/MIME, SMTP is still most often unencrypted.

iSnow 1 day ago 3 replies      
Since the Silk Road bust we know the US LE is able to convince or force colocation providers to provide them with an image of a server. After that, pretty much any communication can be considered open to the NSA. I am not surprised that he does not clearly mentions this.

So FM should move their servers out of the US even if that's inconvenient.

traeblain 1 day ago 2 replies      
So they are saying that they can never get a NSL to turn over information, but where are these servers? Who has the keys to the door of the server room?

So maybe they don't get the NSL, but the people/group/company that is handling the servers might. This seems disingenuous. I could be wrong, but it feels like they are making claims that will dupe people into their service because they feel safe.

jessaustin 17 hours ago 0 replies      
While some describe this as "frank", I think to have that quality TFA would need to specify where the decryption keys are stored. Are they in the USA colo's too? (I realize I could probably figure this out myself if I could be arsed to do so, but why not just tell us?)
rdl 1 day ago 0 replies      
As far as I know, Australian law is common law and would allow a judge to seal a warrant. So, fastmail's asertion that there is nothing like an NSL where they couldn't disclose a search is incorrect. I'm sure it is just lack of awareness, rather than intentional deception.

(Ianal, ianaa, but I am pretty sure I am correct on this point.)

topbanana 1 day ago 1 reply      
They don't need to seize the server. SMTP is plaintext and on a well known port number. I'm sure the NSA have a record of every email sent through the US in the last few years.
Quai 1 day ago 1 reply      
I know that my word doesn't mean much, but I have had the chance to talk to several of the guys working at Fastmail during their years at Opera Software. They are -serious- about mail and they are -serious- about privacy.

Next time I'm out shopping for email services, I will give my moeny to them! (And, to give something back for all the Tim Tams brongondwana brought with him to Norway ever time he was on a visit ;) )

a3n 22 hours ago 0 replies      
FastMail's servers on on the internet, and so you're fucked.

Just sayin'.

duncan_bayne 13 hours ago 0 replies      
This makes me very happy to continue being a Fastmail customer.
Maximal 1 day ago 1 reply      
As Australia is a member of the five eyes group, I do not see any added protection from FM being incorporated there rather than in the USA.

This is why I use a email service in Norway (runbox.com), which, as far as I know, is not sharing information by default.

frank_boyd 1 day ago 1 reply      
> our primary servers are located in the US

Why would you do that, especially when you're not even a US company?

dutchbrit 1 day ago 0 replies      
Or the US could just go to the Datacenter and force them to give access.
bckrasnow 1 day ago 0 replies      
Transparency takes precedence over everything else in this post, aka the thing you haven't seen US companies doing at all.


616c 1 day ago 1 reply      
Thank you, Fastmail. This is why I pay for you.
smegel 1 day ago 0 replies      
Now swear in blood you weren't under any kind of nondisclosure order when you wrote that.
tweeeyjg 1 day ago 1 reply      
This is a joke right? How much were they paid by the NSA to write this post?
phy6 1 day ago 1 reply      
If I was going to set up a honeypot for evil-doers/dissidents, this is the message I would spread.
'Tor Stinks' presentation read the full document theguardian.com
278 points by RMacy  3 days ago   107 comments top 32
fein 3 days ago 12 replies      
Page 5: "Terrorist with Tor client installed"

And its a picture of a guy with a bandit mask and an AK-47. I don't know about you guys, but all my Tor activities are performed in my Halloween costume!

I honestly can't believe something this tacky would end up in a presentation. Is this supposed to be propaganda?

debacle 3 days ago 1 reply      
This should provide clear warning to anyone who might consider themselves a cypherpunk: Even if you don't think that you are at war with the US government, the US government (and likely most other governments) believes it is at war with you.

It sounds dramatic because it is.

balabaster 3 days ago 0 replies      
When will everyone get off the bandwagon of referring to anyone that's willing to actually stand for their beliefs counter to U.S. interests a terrorist? It's gotten to the point where the word terrorist just makes me roll my eyes and say "whatever", I'm becoming desensitized to it, just like most of the UK did growing up in England during the height of IRA campaigns. After a while, it just became a tedious pain in the ass and everyone switched off.
rdl 3 days ago 1 reply      
General conclusion from all of the published leaks is that GCHQ punches (in technical capability and general quality of work) way above its weight class (funding and presumed staffing levels); they also seem much more willing than NSA to be completely unbound by any idea of domestic user privacy. Which is fitting for a country with the number of CCTV cameras they have.
tlarkworthy 3 days ago 0 replies      
Thats a ringing endorsement for Tor. Its really works! They struggle to get info out of it.
Ogre 3 days ago 3 replies      
Of course, if they actually have a really easy time de-anonymizing users, they might "leak" a document like this to encourage people to keep using it.

Conspiracy theories are fun!

sybhn 3 days ago 0 replies      
Doesn't look like a very ethical/professional presentation. But then again, who said everyone's professional in all agencies. Its a conjecture to think our laws are systematically enforced by ethical folks.
GeorgeOrr 3 days ago 2 replies      
They actually saw it as their job to make the experience of anyone using Tor difficult.

Isn't that kind of like the police deciding to make the roads full of potholes because that would make it more difficult for bank robbers to get away in a car.

Then again, considering the quality of the roads these days, maybe they are way ahead of me on that.

ianstallings 3 days ago 2 replies      
Does anyone know what the QUANTUM attack they refer to is? It doesn't seem like quantum computing on the face of it; It looks like it may be a system used to disrupt traffic on the internet, possibly man in the middle attacks.

Edit: I found a reference to something called a "Quantum Insert" in an article related to GCHQ. They state the following:

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them


This might be what they are referring to, or a system that was built for targeting specific individuals.

henryaj 3 days ago 5 replies      
Depressingly, the document talks about plans to make Tor less reliable to dissuade people from using it:

> Could we set up a lot of really slow Tor nodes ... to degrade the quality of the network?> Given CNE access to a web server make it painful for Tor users?

At least the document seems to confirm that GCHQ has a really, really hard time de-anonymising Tor users.

gwu78 3 days ago 0 replies      
From the Schneier article:

"The good news is they [NSA] went for a browser exploit..."- Roger Dingledine, President of Tor project

It seems there are assumptions among parties that employ "browser exploits" against unsuspecting users that the persons targeted will be using "modern", complex, Javascript-enabled, graphical browsers, and that they'll use these browsers to retrieve content from the network and to view that content on machines with writeable permanent storage that can connect to the network. Am I misreading all these tales of browser exploitation?

Can these parties accomodate reboots from read-only media, text-only browsers, write-protected storage and offline viewing of content?

Maybe the problem isn't so much with Tor as with with the popular browsers and their gratuitous complexity.

jawr 3 days ago 0 replies      
The slides were from over a year ago, I'm sure a lot has changed since then. Also the timing of this is very suspect, obviously it's been in the news and the Guardian either want to run with this new line brought on by the Silk Road "bust", or they just want to "soothe" (take as you will) our worries with the network.

Would also love to know more about NEWTONS CRADLE, anyone heard of anything more specific?

umanwizard 3 days ago 1 reply      
How do we know this wasn't just a trick to make people think tor is safe and keep using it?
devx 3 days ago 1 reply      
Why are these latest NSA stories getting flagged so much?

I don't like that PG has relaxed the flagging so much. You can probably flag even tens of stories a day now without having your flagging removed.

MichaelGG 3 days ago 1 reply      
It's important to note this is from 2007 and thus things have probably changed immensely since then.

Edit: Nevermind, it says it's sourced from a 2007 file but dated 2012.

untog 3 days ago 0 replies      
Most fascinating part - using DoubleClick ad cookies to trace Tor users.
conductor 3 days ago 0 replies      
So, according to these documents, NSA and GCHQ do have few "owned" exit nodes, but not so many, hence, they want to own more. Interestingly enough, GCHQ set up Tor exit nodes on the AWS cloud.
balabaster 3 days ago 1 reply      
I also quite like the point "Analytics: Cookie Leakage", like anyone that uses Tor doesn't use it in incognito mode with cookies disabled... or flushes their cookies before they use anything else...

... that either says they're stupid, or they're only after stupid terrorists... as if they're the ones they should really be concerned about.

aspensmonster 3 days ago 1 reply      
This is a glorious release. I'm suspecting we have Schneier to thank for the full release of the slideshow that is mostly unredacted.
tinfoilman 3 days ago 0 replies      
Some nice recommendations tho for usage.

ORBOT / Tor Router Project / Hide-my-ip-address / Tor Project and the bootable OS Tails.

Some of the more advanced Obfuscation for the tor project

Skype Morph - Hides Tor traffic in Skype packets mmm fun and worth a look

Someone better be working on tor Obfuscation with flash packets, no one is going to block those things.


yk 3 days ago 0 replies      
Somehow I find this presentation reassuring. It mainly suggests to me, that the NSA/GHCQ has to do 'honest' traffic analysis, implying that they did not break any of the crypto primitives used in Tor.
lelf 3 days ago 0 replies      
Dated: 20070108

Declassify on: 20370101

galapago 3 days ago 0 replies      
After watching the presentation, I can think in two things to make TOR better, from the point of view of the anonymity of its users:

* Better education on how users can browser carefuly (no javascript, no plugins, updated browsers)* More nodes.

backwardm 3 days ago 2 replies      
After reading many of these articles about the NSA I keep wondering if they have an office specifically tasked with thinking up code names for these projects. I personally would find it difficult to keep them all straightthis article, for example, contained a new one to me: ONIONBREATH.

Just an odd image in my mind of a group of top-security clearance, extremely well trained, able-minded people who think up silly code names like these.

pwnna 3 days ago 1 reply      
Given that it says that the NSA and the GCHQ is trying to setup tor nodes.. is it possible for us to identify these nodes? Some sort of trust network perhaps?
quantumpotato_ 3 days ago 0 replies      
Of course it stinks. It's "only" weakness is a "global, passive adversary" + It was built by the US Government.
Sami_Lehtinen 3 days ago 0 replies      
Don't we all know, that Tor is low latency solution and therefore directly voulnerable to statistical correllation attacks?
ffrryuu 3 days ago 0 replies      
That is a lot of our tax payer money at work...
ffrryuu 3 days ago 0 replies      
Freedom lover with Tor client installed.
Show HN: govuptime.com govuptime.com
257 points by thatrailsguy  3 days ago   161 comments top 36
bithive123 3 days ago 5 replies      
Metrics are cool and all, but this glosses over the really important story here, which unfortunately seems to elude much of the general public: that a small minority of republicans are subverting the budget process because they don't like a law. They cannot be allowed to do this. I can only assume the rest of the RNC is going along with it because they are stupid or cowards.
mwsherman 3 days ago 3 replies      
This is a misleading dataviz, Im afraid. There are around 4 million federal personnel, of which 800k are furloughed, which means the government is running at 80%.

So, at the very least, Is the federal government operational? should be 0.8 instead of zero (aka, no). I would also expect the service level calculator to reflect this.

Update, citation from US Office of Personnel Mgmt: http://www.opm.gov/policy-data-oversight/data-analysis-docum...

arscan 3 days ago 5 replies      
Ah, that chart on the bottom is on a log scale. I wasn't expecting that... and if I didn't look closer I would have completely misinterpreted it (for example, it appears that the DoD is mostly shut down).
jstalin 3 days ago 0 replies      
Excellent. I look forward to that downtime number getting worse (or better, depending on how one looks at it).
dandelany 3 days ago 1 reply      
Nice dashboard :) Out of curiosity, where did you get the data re: who is furloughed from which departments? I have been working on a similar data graphic but had to collect that data in a Google Doc by hand with a couple colleagues from the OMB's list of contingency plans. I'd be curious to compare my data with yours.

FWIW I'm working on visualizing it with a treemap instead of bar charts - my progress is here but still has lots of design work left to do:



Fuzzwah 3 days ago 2 replies      
I chuckled at the "A SysAdmin would be pissed." line and then checked the source to see if there was any javascript which was going to change this line as the uptime % dropped lower and lower.

I was disappointed there wasn't, but perhaps it is some dynamic magic that happens on page load or something....

dreamdu5t 3 days ago 1 reply      
It'd be nice to see a percentage of the Federal government shut down. I heard it's only around 18%.
nextstep 3 days ago 2 replies      
It would be cool if on the bar chart the two bars for each agency could be combined; make the furloughed employees in blue and show the rest of the agency in grey-blue or something like that, so it more visually shows how the agencies are diminished.
asperous 3 days ago 2 replies      
It's too bad the http://www.usdebtclock.org/ isn't updated for Furlough, it would show some pretty happy numbers right now.
hartator 3 days ago 3 replies      
Do you think they have some kind of SLA, you get your money back a la amazon EC2 ? :)
smoyer 3 days ago 1 reply      
Since a major part of the federal budget is its several million employees, I'd also like to see a ticker that shows how the deficit is behaving during the massive furlough ... is it going down?

And what about unemployment? Is it funded even with the shutdown? And are furloughed federal employees eligible for unemployment compensation?

I'm not going to pick sides in the current battle, but I do think the federal government is far too big, and that we really don't get enough for the money we put into it. One interesting side effect of the current standoff is that we can see what it's like without most of the government ... perhaps we should trim off the parts we (collectively) don't seem to miss.

coldcode 3 days ago 0 replies      
NSA still working. Damn.
CoachRufus87 3 days ago 0 replies      
Nice! Just a suggestion: add mouseover tooltips to the department acronyms w/ their full name.
Glyptodon 3 days ago 0 replies      
I'm not sure if it's just me but the scale on the graph seems a little odd.
Fuzzwah 3 days ago 1 reply      
Feature request: hover pop ups explaining what each of the acronyms mean.
ANH 3 days ago 2 replies      
There are a lot of contractors sitting on the sidelines, too, made to take leave or, if they don't have leave, they go without pay. In other words, the "man hours lost" is probably much higher.
dnprock 3 days ago 2 replies      
I made another chart to visualize percentage of furloughed. NASA, HUD, ED are among the hardest hitters:


thatrailsguy, thanks for the data.

javert 3 days ago 6 replies      
The federal government is operational, so the text at the top of the page is politically dishonest.

We still have a federal government that is taking care of national defense, among a number of other things.

"Non-essential" services have been suspended, while "essential" are still operational.

Frankly, I'd like it if it stayed this way. The government shouldn't tax-and-force in "non-essential" areas.

j_baker 3 days ago 1 reply      
It would be nice if this also showed how much money the shutdown has cost, being that it costs $12.5 million/hour.


rayiner 3 days ago 0 replies      
Non-linear bar graph scales should be a last resort.
agotterer 3 days ago 1 reply      
Looks great! Id advise adding some Facebook sharing tags and maybe an image. Right now its just a link with no content or image on my fb feed.
ok_craig 3 days ago 1 reply      
Is the IRS still operating?
bayesianhorse 3 days ago 1 reply      
My condolences to people living in countries with dysfunctional politics.
alexmr 3 days ago 0 replies      
Most enterprise apps have an SLA of at least 99.9%. If the government was an email server for example, for the month of October they'd like have to give a partial refund to their customers for the downtime.
mcculley 3 days ago 0 replies      
That could benefit from the <abbreviation> tag.
savrajsingh 3 days ago 1 reply      
Feature request: It would be nice if this page had the total # of employees / furloughed employees.
PhearTheCeal 3 days ago 1 reply      
What does ``Service level for last year:'' mean?
RailsResearch 3 days ago 0 replies      
Hi everyone, @GSMcNamara here reporting from a car on the side of an interstate over 4G. Deployed an update just now. Once at my destination I'll respond to all the comments. Thanks for the support! 13,695 unique visitors so far, keep it up!
ep103 2 days ago 0 replies      
Should include cost to the economy!
nraynaud 3 days ago 0 replies      
It reminds me of the counter for Belgium.
thatrailsguy 3 days ago 1 reply      
The other guys that did most of the work will weigh in in a couple of hours. I just wrote the hour calculation.
daned 3 days ago 0 replies      
How many 9s does the US government have for its existence?
kimagure 3 days ago 0 replies      
Could you add comma formatting for the mouseover bubble numbers?
dinkumthinkum 3 days ago 0 replies      
Very nice, good job!
frank_boyd 3 days ago 0 replies      
blahblah12345 3 days ago 4 replies      
The IRS is also shut down.
Frequency-shaped background noise generators mynoise.net
254 points by ivank  11 hours ago   85 comments top 34
JonnieCache 5 hours ago 1 reply      
Also fun: loads of real field recordings on http://freesound.org

Use the geotag browser and listen to the wilderness of your choice! http://freesound.org/browse/geotags/

shmerl 9 minutes ago 0 replies      
Interesting, on Linux, PulseAudio shows many channels in the mixer (for ALSA plugin in Firefox), when the noise page is opened.
ewoodrich 6 hours ago 0 replies      
Fantastic. I tend to not like rain sound simulators, but the sliders let me pick one that seemed believable and familiar. I loved how the darker end of the spectrum let me simulate a visit to the Oregon coast.

(After which, I wished there was actually a storm right now, until I walked out onto my balcony and realized it was raining.)

"Too much internet for me" as they say.

audiosampling 5 hours ago 3 replies      
Hi Guys! I am the developer of the myNoise website and just want to say that all your comments are a great source of inspiration today: many suggestions for further improvements will be taken into account! Although I did entirely code the website by my own using a simple text editor, I am not a programmer, in the sense that I never learned how to program efficiently and beautifully. Multiplatform issues, and mobile browsers in particular, are driving me crazy ;-) And yes... I feel a bit "naked" now as some of you are digging into my website code with much expertise. Please be indulgent! ;-) Cheers, Stephane
p1mrx 9 hours ago 0 replies      
I wrote an Android app based on a similar concept, although it uses a PRNG and Fourier transform, with no recorded samples:


crazygringo 9 hours ago 4 replies      
First of all -- awesome concept and execution, and great sound samples. Well-done.

> Mobile Safari iOS 6 on iPad 2+, iPhone 4GS+

But... not working on my 4S/iOS6. :(

Anyone got it working to play in the background, even when your phone's screen is off? I also wonder about battery life as HTML5 audio, vs if it were an app.

The creators clearly want to support HTML-only, according to the FAQ, but this calls for an app if anything ever did -- you want it to run, providing sound in the background, while you do other stuff (whether on or off your phone).

backprojection 8 hours ago 2 replies      
Someone posted ambient warp-core sound from Star Trek on Reddit earlier today, maybe you could add this.


kintamanimatt 4 hours ago 1 reply      
One strange thing I noticed about this is with the cabin sound, listening to it for a prolonged period tends to cause ringing in my ears like I've been listening to loud music, except I'm listening to this at low volumes. This isn't something I've experienced for low-volume stuff before.
j2kun 1 hour ago 1 reply      
How does this work mathematically? Do you take, e.g., a waterfall track and manipulate its frequency spectrum? Or is it completely synthetically generated? If it's the latter, then I'm quite impressed that I can't tell the difference.
grn 5 hours ago 0 replies      
I use http://simplynoise.com to put my daughter to sleep. It's much easier when the noise is playing. I also use http://rainymood.com to isolate myself from the environment when I'm working.
hobs 11 hours ago 1 reply      
Interesting idea and cool presentation, I like the sliders and that I can play around with it.

I will probably use this at work.

edit: This is really good, I just accidentally left it on and had completely forgotten I was listening to the same thing. Very much works as advertised.

NatW 6 hours ago 2 replies      
Nice!! A request: Can you add Pink Noise?:http://en.wikipedia.org/wiki/Pink_noiseOne (of various youtube examples) here:http://www.youtube.com/watch?v=ZXtimhT-ff4
conflagration 1 hour ago 0 replies      
The sounds are great by themselves, but I had the most fun layering different generators by opening several tabs. I played around with the EQ and made something sounding very close to Biosphere with 4 parallel tabs. It really felt like the tracks were synchronized to fit into each other. Great work!
kaoD 1 hour ago 1 reply      
Nice job! Being able to share custom presets would be cool.
filereaper 11 hours ago 2 replies      
I really like this.

I use simplynoise's noise generators to drown out noise at work (oscillating brown noise usually)

But I like having an equalizer.

I've opened up multiple tabs and superimposed the noises, it downs everything out. Hope you can spare the traffic.

galapago 1 hour ago 0 replies      
A (humble) request: Vacuum cleaner sound.
gadders 6 hours ago 1 reply      
Needs Birdsong: http://www.bbc.co.uk/news/magazine-22298779

Everything feels better when listening to the Dawn Chorus.

hcarvalhoalves 10 hours ago 0 replies      
Oh this is beautiful. Those textures are better than music at times. Loved playing around with the ocean waves [1], I was able to get close to the sound that used to make me fall asleep as a kid.

[1] http://mynoise.net/NoiseMachines/oceanNoiseGenerator.php

hawkharris 10 hours ago 0 replies      
This is a very useful, well designed app. I think I'll use it to help myself go to sleep and stop procrastinating with HN. :)
groundCode 6 hours ago 1 reply      
Great resource thanks! I love the Tibetan chanting. Would love something that subtley changes the sliders over time.
LeChuck 3 hours ago 0 replies      
This is great. I especially like the cabin noise. I work on ships and for the first week or so after I get home I need some background noise to help me sleep. This one sounds quite close to what one might hear on a ship.
FYI 8 hours ago 0 replies      
Yeah, very cool.Saves people money as well (up to $200):http://www.sharperimage.com/si/view/product/Sound-Soother-Wh...

You could stream example outputs 24/7 as net radio channels so they are also available on other devices / STBs (Roku) / Consoles / Smart TVs etc..

tama 1 hour ago 0 replies      
This is really nice. Using it at work now. Thanks!
rsync 10 hours ago 0 replies      
Any chance you can make this a sonos-accessible station ?
newsmaster 5 hours ago 2 replies      
Don't know why but I find the babble noise really creepy. http://mynoise.net/NoiseMachines/babbleNoiseGenerator.php
defen 9 hours ago 0 replies      
Wow, really cool app. It really reminded me of how much I miss the sound of rain and wind.
shmerl 9 hours ago 0 replies      
Great idea and implementation.
sparkman55 9 hours ago 0 replies      
These types of sounds are absolutely wonderful for soothing angry babies!
technojunkie 10 hours ago 0 replies      
Oh, this is wonderful! I love Simplynoise but this is even more fun. I hope they can decrease load times and make this a webapp rather than taking 2 steps to load the various noises.
Shtirlic 4 hours ago 0 replies      
Tonal Drones are great, iPad application needed.
glassdoor 8 hours ago 1 reply      
It is working for a highly Hackernews Distracted person, except I have to write this comment!
matude 8 hours ago 0 replies      
Heh, thought it was CSS-based website background noise texture generator
rpwverheij 5 hours ago 0 replies      
wow, thank you! I think I'll be visiting this site often when in need for precise brain tuning support
tinyzor 4 hours ago 0 replies      
Thank you (I have tinnitus).
How to get your first 10 customers danshipper.com
246 points by joeyespo  1 day ago   43 comments top 12
namuol 1 day ago 0 replies      
> They conclude that the product must suck and that nobody wants it, because Mark Zuckerberg did exactly the same thing to launch Facebook at Harvard and look at how that worked out for him

Maybe I'm just sleepy, but I'm starting to get tired of condescending advice from newly-born entrepreneurs.

anandkulkarni 1 day ago 3 replies      
Couldn't agree more. Unfortunately, there's a gap between what many lean approaches advocate (Adwords), what startups think they need (features/press) and what actually works.

The most effective way to learn is to go out and find the people who should be using the product, and talk to them.

josh2600 1 day ago 3 replies      
Great post. I wanted to pass along the tool rapportive, which is a built-in email address validator for Gmail with social feeds. It's a killer free tool that no sales team should omit.

Chrome web store link: https://chrome.google.com/webstore/detail/rapportive/hihakjf...

danbmil99 1 day ago 0 replies      
Good post. I think many of us focus on the product and modifying it first (before questioning sales / marketing tactics) because we are developers, we know how to code, and in fact we actually enjoy tinkering with our product; it gives us a sense that we're doing something consequential that could change the dynamics of the situation.

The unfortunate truth is that early in a product's lifecycle, I suspect the quality (as programmers measure it) of the product, the beauty (or lack thereof) of the codebase, and even outright bugs, misfeatures, and poor performance, are not the reasons the product does or does not get traction. As OP says, what gets traction is product/customer fit -- the NEED a potential customer feels for the product. And if the wrong customer is pitched, and the right customer does not know about your product, all the tinkering and new features and bugfixes and refactoring in the world will not change that situation.

TL; DR: Programmers have code hammers, so they just bang the product nail again and again.

quaffapint 1 day ago 2 replies      
Certainly agree, but depending upon your market it can be very difficult to..."Find companies that fit the bill"...especially when you're more going for B2C or B2SmallerWebsites. Really for me that's the challenge that brings out the need for advertising and such - to even find these customers.
chrismorgan 1 day ago 0 replies      
I am and have been getting 403 Forbidden for the entire domain. Any idea what could be going on? I'm using Firefox Beta for Android and have tried to access it from a couple of different IP addresses in Melbourne, Australia.
alecsmart1 1 day ago 1 reply      
Am wondering if it is okay to cold email potential clients? Isnt that considered as spam?
xarien 1 day ago 0 replies      
I'd also recommend looking at local resources such as chambers of commerce. Join them (or just attend some of the events), meet their members (businesses), establish yourself as an expert (and trust) by giving free talks at events, and then proceed up the sales chain.
exo_duz 1 day ago 0 replies      
Very interesting concepts and ideas. I was looking for something like this for my startup.

Especially the bit about "Shut up and listen to them". I had the same experience the other day at Start Up Weekend, where the best advice was when you listened to the mentors.

Thanks Dan.

unono 1 day ago 4 replies      
There's always something 'wrong' about tech people wanting to meet face to face. What is the point of the telecommunication tech YOU created? Did you not do a good job?

There's a better approach than what the blog outlines - imagine that you have infinite wealth and begin to build what you personally want.

In most cases you will not be able to create the whole thing, but you can tackle a piece of the problem.

Example - you want a flying car. Imagine that you have 1 trillion dollars at your disposal. What would you do? Hire engineers. How would you hire them? What software is required. Look around, if it does not exist already, that's your first product. If it the hiring problem is already adequately solved, look for the next thing. How do those engineers communicate? etc.

These series of questions will lead to finding niches of opportunity, and it is always a software problem (organizing workflows).

ssreeniv 1 day ago 0 replies      
Good post with useful tips & tools. It describes exactly what the title states. Nothing more. Nothing less.
tzury 1 day ago 0 replies      
regarding email address guessing, rapportive turned out to be quite useful at this (xobni's smartr perhaps as well).
The Georgia Tech Online Master of Science in CS is now accepting applications gatech.edu
241 points by crisnoble  23 hours ago   156 comments top 33
amelim 21 hours ago 1 reply      
As someone who is on the other side of the fence for this program (I'm currently a CS PhD student at Georgia Tech), I can tell you that many of the faculty are excited about online programs. Hopefully the learning process for the faculty goes smoothly and the online students have a worthwhile experience. I know I'm excited to help TA some of the courses!
robfitz 22 hours ago 3 replies      
Quick testimonial:

I went to Georgia Tech and did a CS degree there from 02-06. I taught some of the courses as a teaching assistant and did a year of grad school there before dropping out to go through YC in summer 07.

The CS education was good and rigorous. It's much more formal than you need for web apps (as are all CS degrees I would imagine), but it was a solid program and has served me well.

prezjordan 22 hours ago 6 replies      
Definitely a step in the right direction, but I wish the degree didn't have the word "online" in it. I'd like to see them advertise the same integrity of their "offline" masters program.

I imagine the work is equal, and the word "online" shouldn't carry a negative connotation, but it sort of does.

Best of luck to anyone taking this on - again, I'm sure the program is great.

cmeiklejohn 20 hours ago 2 replies      
I've just submitted my application.

I've got an undergraduate degree from Northeastern University in "Information Technology" and an associate's degree from the Community College of Rhode Island in "Computer Programming." I did both of these degrees almost completely online, part-time, working a full-time job to pay my tuition. Getting enrolled into a master's program for me has been a huge challenge. Many universities do not want to talk to you unless: a.) you've demonstrated independent research, and, b.) you have an undergraduate degree in computer science.

I'm currently a non-degree seeking student at Brown University. This has only been possible because I work a job where I can shift my hours around to attend courses during the day. When initially trying to obtain "non-degree" status, my previous education wasn't even part of the discussion, my experience as an Erlang engineer working in the distributed systems field was.

I find the online master's degree idea extremely compelling. I want to keep learning, but I don't want to drop everything to go back and do a master's degree. I imagine this is the case for many people who simply can't quit their job because they have other financial obligations, or a more restrictive work schedule.

artmageddon 20 hours ago 1 reply      
As a person who had a 2.92 GPA getting out of university(I transferred from one univ to another so while my credits were accepted from the first, the 3.3 GPA didn't carry), how critical are graduate schools of this sort of thing? I have a BS in CS, and about 9 years of real-world development experience under my belt and can probably get good recommendations from supervisors / professors. Can anyone comment on this?

Edit: I'm in the process of updating my resume and applying. While I'm still curious for anyone's thoughts for this, I figure it doesn't hurt to try anyway :)

mmorey 21 hours ago 2 replies      
The University of Florida EDGE program offers masters degrees in both Electrical & Computer Engineering and Computer & Information Science & Engineering[1]. The EDGE program has been around for a long time. Before high speed internet was prevalent they actually mailed DVDs to students.

At UF they actually record the same lectures that on campus students are attending. Same quality, just a different medium.

Although UF's engineering program is not as highly regarded as Georgia Tech's it is still a very strong program and worth considering if you are considering Georgia Tech.

Disclosure: I'm an alumni of the UF EDGE program.

[1] http://www.ufedge.ufl.edu/degrees-and-certificates/offerings...

makmanalp 19 hours ago 1 reply      
Does anyone know how "accredited" this is an whether you could do this on an F-1 visa? Just curious. Would be kinda nice to do Georgia Tech without having to move.
dhawalhs 21 hours ago 0 replies      
daeken 22 hours ago 2 replies      
I'm applying, but don't have terribly high hopes. I'm hopeful that they'll look past my lack of a high-school diploma, in favor of my industry and teaching experience, but we'll see. It would be awesome to be a part of this.
polskibus 5 hours ago 1 reply      
I'm doing Computational Investing from gatech on coursera now, https://www.coursera.org/course/compinvesting1.

I do enjoy the course because I wanted to learn more about finance, although they could improve a lot on their presentation skills and material preparation. I hope they will take a lesson or two from their coursera feedback for the benefit of their online students.

darklajid 18 hours ago 1 reply      
As someone that only has a roughly BS equivalent degree: I checked the application form and closed it again.

I'd love to enroll, I just recently discussed with my wife that I'd love to get a better theoretical background, enroll again.

But .. the list of requirements to apply corrects this German's idea of what bureaucracy means and I cannot provide most of the documents, nor does it seem that this is seriously targeted at non US citizens. Not for me unfortunately, but I do appreciate that this is offered in general, and even (in theory?) includes global applicants.

blahedo 10 hours ago 0 replies      
From the linked page:

  > Information Required for Application  > [...]  >   Ethnicity
Really? I could have sworn they're not allowed to require you to provide that. (They can ask, but only if they make it clear that the response is optional.)

otoburb 11 hours ago 1 reply      
If you are a non-US student then you must still submit a TOEFL score. From the FAQ:

If my countrys primary language is English, do I still have to provide a TOEFL score?

Yes. TOEFL scores are required of all international applicants, except those who have spent at least one year in residence and enrolled at a U.S. college or university.

karmicthreat 8 hours ago 1 reply      
So my problem is I never finished my undergrad. But I have no desire to put 3-4 more years work (its been 12+ years) into paying a whole lot in time and money for an undergrad degree. I've worked in the industry and learned the bits I was missing. (Advanced algo, statistic/probability, linear algebra)

I'd like to participate in the GA Tech program, its worth my time and the machine learning/vision curriculum is exactly up my alley. Mind you I've been picking this up anyway recently because I'm interested in the subject and have some product ideas to hash out with it. The grad degree would be nice to have, but not the end of the world.

I tried to email the contact for the program and they wouldn't really say one way or another if they would even consider people who didn't finish undergrad.

I would suggest that GA Tech should open a couple weeder classes. Let people who can hit a certain threshold take them and prove competency.

A degree is a nice benchmark, but in CS we have a pretty wide variety of ways to learn. It would be nice to be able to segue in and out of the academic system smoother to get needed credentials.

fintler 23 hours ago 3 replies      
Yay! I got my application in before someone posted it to Hacker News. I might actually have a chance now.
vamega 11 hours ago 1 reply      
The page they link to [1] mentions that you need to submit your GRE scores. However the page itself doesn't have any mention of the GRE being a requirement? Any idea what the actual stance on this is?

[1] - http://www.gradadmiss.gatech.edu/apply/index.php

whoeverest 21 hours ago 3 replies      
I'm surprised at the 100 student limit they impose. I'm currently following MIT's 8.01x Physics course on edX along with 33k other students. So far I haven't had an issue that's a direct result of the number (like felling I don't get enough attention from the staff.)

So on one hand we have options like edX, which reach a lot more people and are mostly free ($50 for a verified diploma) that reach orders of magnitude more students, and on the other a paid-and-accredited degree.

I personally hope they'll be more of the first ones, because of a) not being able to spend $6k and b) the warm feeling I get in my stomach when I think about free and high-quality education that reaches tens of thousands of people.

mattferderer 20 hours ago 1 reply      
Just a reminder these classes will be available for free on Udacity as well. To me that seems like a better option for the first round of classes.
kozikow 19 hours ago 0 replies      
Does anyone know if doing this masters will count in front of USA immigration department? In other words will this degree move me from EB3 to EB2 category in Green Card application: http://www.murthy.com/2011/07/15/eb2-or-eb3-understanding-th... . Masters from the school where I did bachelor's degree only counts as bachelor degree in USA, so it would be very important factor for some people.
dnautics 20 hours ago 1 reply      
Hm. I have a PhD in chemistry, am considering this as a career shift option. I can write software, I've just never done it formally.
r3m6 21 hours ago 0 replies      
Only a 100 open slots and potentially 10,000 of applications as it seems they accept applications from all over the world. And there will be no visa issues. That means they might be able to be even more selective than with their regular offline classes. => Very good to give the online degree an initial boost in prestige.
optymizer 21 hours ago 0 replies      
I have an ALM in IT from Harvard Extension School. I've always felt like a degree without any 'extensions' would be nice to have. On the other hand, I don't want to pay 7k a year for another program that's similar to the one I paid for already.

Am I even eligible? Is this program better or more challenging? Is it worth it? Other thoughts?

klaussilveira 21 hours ago 1 reply      
Does anyone know a good undergraduate online program?
jasondemeuse 19 hours ago 2 replies      
This might be a naive question, but why is this so inexpensive? Don't get me wrong, education is definitely way more expensive than it "should" be, but I recently started a Master's in CS at DePaul and $7,000 for the whole degree is a fraction of what I'm paying.

I understand DePaul is private and expensive anyway, but $134 per credit hour is still far and away cheaper than anywhere else I've seen while I was looking for schools to apply to, even in-state public schools.

FridayWithJohn 22 hours ago 1 reply      
How much does it cost in total?
elwell 18 hours ago 0 replies      
Are they going to offer the course materials for free as well?
tshile 21 hours ago 0 replies      
I'm working on my application now. I barely meet the requirements, so it'll be interesting to see if I can get in for the trial period or for the Fall 2014 semester.
joshlegs 20 hours ago 1 reply      
i would love to apply to grad school to get a CS degree (or even get a second bachelor's). The problems are that my bachelor's is in journalism, and my cumulative GPA was only 2.9. And I've only had a year of professional programming experience :(
frodopwns 18 hours ago 0 replies      
I applied this morning. I kinda rushed my statement of purpose but hopefully it was sufficient. Wish me luck!
codehero 21 hours ago 0 replies      
Would online students have access to paywalled research papers?
gbertram 21 hours ago 3 replies      
Will students who don't have their application accepted be able to get a refund?
akg369 15 hours ago 1 reply      
The application is asking for a Academic and Career plan upto 4000 words? How important is to meet this word limit?
phazmatis 22 hours ago 8 replies      
Now we just need an online BSCS from a real college.
MongoDB Raises $150 Million at $1.2 Billion Valuation bloomberg.com
233 points by sethbannon  4 days ago   223 comments top 31
venus 3 days ago 5 replies      
Well let me be the first to say that I think that is an absolutely fucking crazy valuation and that MongoDB are either nuts or disingenuous for signing up for it.

I would be astounded - astounded - if MongoDB generate even a tenth of that, just in revenue, ever.

One point two billion dollars. You have got to be kidding me. You have got to be fucking kidding me.

sethbannon 4 days ago 1 reply      
This is more great news for the NYC startup ecosystem.
untog 4 days ago 4 replies      
$1.2bn seems utterly mad to me, but kudos to them for getting it.
alexholehouse 4 days ago 6 replies      
Slightly off topic, but at what point does "big data" just become data?

According to wikipedia (which is in line with how I think about big data) "Big data is the term for a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. "

However, as "big data" becomes more mainstream and more tools/services exist to accommodate data at the peta/exobyte scale does that whole definition stop being relevant for kinds of data we're talking about?

rpedela 4 days ago 8 replies      
Is MongoDB going to fix their scalability, performance, JOIN, and data type support problems with the money? Seems like a bad investment to me since a lot of developers are starting to move away from it because of those problems and others.
junto 4 days ago 2 replies      
Cool, time to make MongoDb web scale! :-)


bane 3 days ago 2 replies      
I bet In-Q-Tel is very happy with this. Between MongoDB and Palantir their recent investments have been doing really well.
jameshart 4 days ago 2 replies      
I wonder to what extent the AGPL license actually facilitates the creation of a commercial business based on the software; large online service customers who would be willing to use even GPL software without paying anybody for it might be more likely to opt to negotiate a commercial license for AGPL code.

If that is the case, though, and their revenue model is based on providing non-AGPL access to MongoDB, doesn't that rather put MongoDB in the position of commercially exploiting the work of developers who contribute their code under the expectation that it will be freely shared under AGPL?

tcgv 4 days ago 1 reply      
I have been using MongoDB every once in a while and I think it is great. The C# driver has linq support which increases productivity to the roof. However, the feature I miss the most while using MongoDB is multi document transaction support. Their site provides a workaround[1] that from my point of view is not worth implementing. Instead I prefer to switch back to traditional SQL databases in those situations.

[1] http://docs.mongodb.org/manual/tutorial/perform-two-phase-co...

tolitius 3 days ago 1 reply      
Ok. Time to change how the hype and good marketing drive mediocre products, with average people behind it, to silly valuations.

So here it comes. It is only a VALUE if WE say it is. So here is what I say.

I value

    * Redis      @ $4.5B    * Datomic    @ $4.5B    * Riak       @ $3.2B    * Hazelcast  @ $3.0B    * HBase      @ $2.5B    * Spanner    @ $2.1B    * Neo4j      @ $2.0B    * MongoDB    @ N/A
Congratulations to MongoDB sales and marketing team (really!). It is a tough job to sell a trojan horse to masses.

geertj 4 days ago 2 replies      
Congrats to MongoDB. But for me they became pretty much irrelevant after PostgreSQL 9.1 added a JSON datatype.
bborud 4 days ago 1 reply      
Good, now they only need to deliver a database :)
mratzloff 4 days ago 4 replies      
> MongoDB ... now has about 600 customers, including Goldman Sachs Group Inc. and MetLife Inc.

I wonder what services they sell to scale it to those customers. It sure doesn't come that way out of the box. Any Mongo customers here?

teh_klev 4 days ago 4 replies      
It's a shame they didn't think about the name a bit longer. In the UK "Mongo" is a fairly disparaging term and I find it hard to pitch MongoDB to customers because of this.
gregwebs 4 days ago 0 replies      
Please use this money to buy the TokuTek fork. I always expected the storage layer to have made much greater progress by now.
mbesto 4 days ago 4 replies      
Curious - what systems has MongoDB replaced in enterprise companies (like Goldman Sachs, etc)?
mkhalil 3 days ago 0 replies      
Whenever I see something like this, I can't help but think this is just a business deal. Nothing to do with technology. Rich business men are going to get richer because they can get away with over-valuing technology and tricking their non-tech savy investors into thinking this will make them a buttload. Some sort of quasi-pyramid scheme.
zshprompt 4 days ago 1 reply      
Yesterday I was just talking to some folks about how they lock on the DATABASE for a transaction. Yey.
dkhenry 4 days ago 0 replies      
Congratulations Mongo. Hopefully they can keep up the pace of improvements they have done over the past few years.
dpweb 3 days ago 0 replies      
Not a fan of Mongo personally, but understand the context of what is happening in corporate IT. Slashing and commoditization. They look at the $10M line item for Oracle and say wait a minute.. The last section of the article was the most telling.. We replace the millions $ and staff with a $5000 server. Just like trading in your US employee for an offshore replacement at 1/5th the cost. They love that message.

Remember too, the quality of the tech is one factor (way down on the list) in decision making of what these companies buy.

As far as the tech, Relational DB is certainly not the problem and even if it was, Mongo wouldn't be the solution. Mongo's riding the wave of slash and burn, and Oracle has pissed on more than a few customers over the years, basically with the attitude.. "where you gonna go!" Any company gets a toe-hold in big companies like Mongo has gonna be looked on very favorably by Wall St right now..

Mongo will get bought for sure, the valuation is not that nuts.

leokun 3 days ago 0 replies      
Exciting to think what this might mean for RethinkDB some day. :)
frostnovazzz 4 days ago 0 replies      
A month ago I was contacted by a recruiter about some engineering opportunity. I was surprised to know that MongoDB gives me the feeling of Tech company like G or FB. I always thought of MongoDB as kind of an open source product. I started to learn how it operate as a business. I think this is a sign that enterprise-targeted business are rising, and there will be more and more of this kind of start ups in the future.
jbverschoor 4 days ago 1 reply      
I was already moving away from mongo
ffrryuu 3 days ago 0 replies      
These valuations makes joining MongoDB right now a very bad idea.
dschiptsov 3 days ago 0 replies      
Now we could see how deceptive sales technologies and media manipulations are leading to ridiculous valuations instead of any new technologies or even appropriate (for a persistent storage engine) design decisions.

Still enjoying table-level locking on writes and lack of atomic writes in so-called transactions at $1,2B valuation?)

The same story as it was of MySQL prior to stabilized InnoDB (5.1.x) an extremely popular crap with table-level locks, silent data conversions and millions of ignorant 'satisfied customers'.

By the same logic PHP must be valued at one trillion - millions of satisfied cheap coders, and, you know, Facebook was written in it.)

alphadevx 4 days ago 0 replies      
I know they're hiring like crazy in their new office in Dublin. Big growth spurt, massive cash injection, interesting to see if they become the first big "enterprisey" NoSQL provider.
ateevchopra 4 days ago 0 replies      
Congratulations to the team ! Finally hardwork they have done is paying off. Hope you will continue to make awesome fast databases like ever !
mathattack 4 days ago 1 reply      
Impressive. And they're actually a real big data company, not one just tagging big data onto what they do.
davidu 4 days ago 0 replies      
Anyone have estimates what their revenue or run-rate is?
neovive 4 days ago 3 replies      
Any recommendations for a good MongoDB book or course?
hacknat 3 days ago 0 replies      
This is crazy. If I had known that I could gin up money for a crappy database I would have written one. This seems unfair, but we'll be joking about this in 10-15 years.
Bedrock Linux bedrocklinux.org
230 points by duggieawesome  1 day ago   61 comments top 14
ineedtosleep 1 day ago 1 reply      
Honestly, at first I wasn't too surprised by this, but as I thought about it some more, it's actually pretty damned impressive. Boiling it down a bit, would it be fair to call this a "more universal AUR/yaourt"?
chamakits 1 day ago 0 replies      
This is very exciting.

I cannot count the times that I've wanted this "one specific program" which isn't available in my distro's repo, which also depends on a version of a library that is also not available in my distro's repo. Will definitely take a look at this.


codex 1 day ago 1 reply      
In this distribution, are shared libraries really shared, or duplicated?
zidar 1 day ago 2 replies      
"a rock-solid stable base yet still have easy access to cutting-edge packages ..." This sounds really nice in theory and I hope they can pull it of, but I can't see how that can work.
eeadc 1 day ago 2 replies      
The approach of Bedrock Linux is very interesting. It makes use of Linux-specific features like bind mounts and tries to unify several linux distributions into one meta-distribution, which gives the framework for the multi-distribution operations. They could also use namespaces for a more strict separation of clients, but that's a detail.

The idea to move completely to musl is a little bit utopistic, because musl libc is in a very early phase if you want to compile any piece of software of the base system with it. It's mostly C99/C11 and POSIX compilant, but there are several GNU-specific libraries missing, and in a world which uses GNU userland on Linux it's not simple to overcome that limitation.

The mentioned /etc problem seems to be the same problem as solved by ip-netns(8). Take a look at the source if you need further information, it's based on other bind mounts.

But I don't think Bedrock Linux is the next-generation approach for Linux distributions, or rather software distributions in general, though they don't claim that. I'm working on my own Linux distribution since about a year and it's based completely on a ports tree, as known from FreeBSD, but with a simpler code base and simpler Makefiles. At the moment, I'm trying to create a stable commit, which will build without issues in several configurations, but that's hard work, especially because Linux or rather the Linux userland is mostly a ghetto (you won't get information about much low-level software).

But I think, as you should noticed, that Bedrock Linux has a right to exist, but it won't be the next-generation approach.

sdfjkl 1 day ago 2 replies      
This strikes me as a terrible hack. Yes, I've run into all of the problems this is trying to solve, but if this is what is necessary to fix them, I rather build my packages from source (or use *BSD and ports/pkgsrc).
sdfjkl 1 day ago 1 reply      
I just remembered what else this reminded me of: http://en.wikipedia.org/wiki/Universe_%28Unix%29
swinglock 1 day ago 2 replies      
Interesting. Which kernel does it end up using? Could it handle packages which wants a special kernel or different modules for different kernels?
wesleyac 1 day ago 2 replies      
Very cool, but I'm happy with Arch.
gsarrica 1 day ago 1 reply      
Tell me this though. Someone who will install Bedrock Linux is most likely a more advanced linux user. Would they not just compile from source instead of installing this disto? Should I install a whole different distro just to get pre-packaged software? I think not.
bachback 1 day ago 0 replies      
very nice. what are some of the wider/long-term implications of this?
JSno 1 day ago 1 reply      
how could it be possible since not any relative new version of kernel can be claimed rock solid stable?
Zardoz84 1 day ago 1 reply      
Interesting... I will need to try it.
dilipray 1 day ago 1 reply      
it made my day. I'm ready to dive. :)
Stanford researchers to open source model they say has nailed sentiment analysis gigaom.com
230 points by suprgeek  4 days ago   66 comments top 22
hooande 4 days ago 4 replies      
Socher thinks his model could reach upward of 95 percent accuracy, but it will never be completely perfect.

Ridiculous accuracy for something as complex as sentiment analysis. You don't hear established researchers say something like this often. Moving any number from 85% to 95% is the work of the gods.

I wonder if the code they release will include some version of the data from the mechnical turk project. Code for this is great and many people (myself included) will be able to learn a lot from it. But it won't have the same level of reproducibility without the data.

If they do release it they will effectively be giving away the money they spent on mechanical turk. 11,000 HITS ain't cheap and they probably had redundant sampling. If they decide to make this data public as well it would be a big win for research because labelled data is so important to machine learning work.

Open sourcing the code associated with a research paper is already a huge deal. It's great to see big name researchers like Andrew Ng pushing the trend for publishing code. If nothing else this is a great example for computer science papers going forward.

mrmaddog 4 days ago 8 replies      
Here is a link to the live demo: http://nlp.stanford.edu:8080/sentiment/rntnDemo.html

This is really fun to play with, and I'm surprised how well it can parse the sentiment of sample sentences I threw at it. I've tried a couple random examples (like "I don't know what the artist was smoking, but the song made no sense (though I liked the beat!)") and have not yet gotten a wrong analysis. Even the phrase parsing is pretty spot-on.

As a side note, this is much more interesting than the "sediment" analysis I excepted after skimming the title. (Unfortunately though, the analyzer got this final sentence wrong: http://cl.ly/image/301u1q46263m)

Edit: seems like this system could get significantly more robust with more data. If you look in the comments section, you can see some comments from the professor himself, i.e. "Possibly because the word "buying", only appears once in the entire dataset and it's in a pretty negative context:http://nlp.stanford.edu/sentiment/treebank.html?w=buying"

If you gave it 100,000 phrases, I wouldn't be surprised if it could hit the 95% mark that Socher mentions.

jfriedly 4 days ago 1 reply      
I read the paper when this first showed up on HN[1]. The most important thing they did was to create a training set with higher granularity in the data than much of anything previously seen. Based on their training set, their algorithm was able to achieve 85% positive/negative accuracy on sentences, but previously state-of-the-art algorithms moved from 80% accuracy up to 83% accuracy when adapted to their training set. While their algorithm appears to be better than anything they tested against, this is fundamentally an incremental improvement, not groundbreaking research. The real win here came from using a better dataset.

[1] http://nlp.stanford.edu/~socherr/EMNLP2013_RNTN.pdf

Edit: formatting

PaulHoule 4 days ago 0 replies      
I wouldn't quite say they "nailed" it.

One issue is that a system like this needs to be trained for the specific kinds of documents you are processing. For instance, if you are looking about people's opinions on stocks, there is specific terminology to look for such as "buy", "sell", "short" or "long", "missed earnings", price targets, etc.

This isn't so much a problem with their method, but it is a problem w/ the specific model they are publishing.

I like that they are using "beyond bag of words" methods and I find it very believable they could get much better results if they had a bigger training set and more effort in tuning.

One advantage us commercial folks have is that we don't need to bet on every hand. Reviews like that one of the "Room" are ambiguous at best and should be filed as so.

eli_gottlieb 4 days ago 3 replies      
What makes the Sentiment Treebank so novel is that the team split those nearly 11,000 sentences into more than 215,000 individual phrases and then used human workers via Amazon Mechanical Turk to classify each phrase on a scale from very negative to very positive.

Can someone here please explain whether the use of Mechanical Turk here is a cop-out from building a better computational model, or just an ordinary use of supervised learning in place of unsupervised?

bambax 3 days ago 0 replies      
Just tried with this great phrase from the late Roger Ebert (slightly modified to fit in one sentence; the original is four different sentences):

> The movie has been signed by Michael Bay: this is the same man who directed "The Rock" in 1996; now he has made "Transformers: Revenge of the Fallen", and, well, Faust made a better deal.

It correctly identifies the sentence as negative, while all words taken individually are either neutral or positive... I'm impressed.

biot 4 days ago 2 replies      
The simple phrase "Not bad." results in a negative sentiment. This should be at least neutral, if not slightly positive. Interestingly, omitting the period gives a neutral result.
lightsidelabs 4 days ago 0 replies      
First, let me say that this is really creative work and I'm glad it's being presented at EMNLP.

"Sentiment analysis" is too broad of a category to really cover in a single article like this. What they've done is taken a very difficult problem, sentence-level binary sentiment, and made solid progress on it. The baseline for this dataset using totally naive techniques is around 75%, and their results are the state of the art.

The move from 85% to 95% isn't really an interesting one. What really matters is exploring the numerous other open questions in the field of affect recognition, notably two thing:

* Sentiment at different granularities. Document level analysis has been far above 90% for years; this work is pushing forward sentence level. Other work is making great progress on targeted opinions even finer-grained than that, like looking at specific attributes of products. What if you like a movie's acting but not its plot? This structured nuance is not addressed here.

* Domain adaptation. You talk about movies in a different way from almost anything else. A movie review is positive if it's unpredictable; your opinion of the unpredictability of dishwashers or political candidates is probably different. For anything beyond movie reviews this method may work, but this particular dataset certainly won't.

Looking forward to seeing more from this group, as ever; Chris Manning's research team has an excellent reputation in the field.

joeblau 4 days ago 1 reply      
This is HUGE. So many companies are trying to use sentiment analysis as their marketing tool for how they parse social media. With an open source tool, it would make it easier for regular developers who man not know much about NLP to tap into that part of the industry.

As I'm reading though the article I see that it says the algorithm can understand "Human Language." By this I'm guessing they mean English. One thing I learned about sentiment analysis is that analyzing other languages may prove to be a bit more difficult.

Another question I have is to run it up against this very basic sentiment analysis engine that my old manager built which basically had 13 positive words and 13 negative words and was about 80% accurate as well: no neural networks, AI or machine learning needed.

vivekn 4 days ago 0 replies      
While 95% accuracy would be a really phenomenal achievement, an accuracy in the range of 85-90% is achievable using methods simpler than deep neural nets. I have done some work on sentiment analysis in the past. I used a Naive Bayes model with some enhancements like n-grams, negation handling and information filtering and was able to get more than 88% accuracy on a similar dataset based on movie reviews.

You can find more details here -http://arxiv.org/ftp/arxiv/papers/1305/1305.6143.pdf and the code over here - https://github.com/vivekn/sentiment/blob/master/info.py

fauigerzigerk 4 days ago 0 replies      
Over time and with more sample sentences, Socher thinks his model could reach upward of 95 percent accuracy

It would be interesting to read the paper to find out what accuracy really means here. I doubt that human readers agree on the sentiment of movie reviews 95% of the time.

aroman 2 days ago 0 replies      
I wonder what the accuracy for native English speakers is in doing ternary sentiment analysis.

I also wonder about sentences which could be understood and defended as being positive to one human reader and negative to another.

"That is the craziest thing I've ever heard." or simply "That is sick."

nl 4 days ago 0 replies      
As someone who has done some work in the sentiment analysis field, I present this comment as the perfect example of why sentiment analysis is easy and the linked research is clearly bunk.
TallGuyShort 4 days ago 0 replies      
Very impressive! Not to detract from how impressed I am, but I did manage to trick it once: "It could be better" was postive / very positive.
utopkara 4 days ago 1 reply      
Just having the state of the art as open source is in itself fantastic. The fact that their approach is a considerable improvement over the previous approaches is icing on the cake.
aantix 4 days ago 4 replies      
I feel like Borat for doing this, but I entered :

"I loved this movie.. NOT!"

and it classified it as positive. :)

GFischer 4 days ago 0 replies      
Wow, it will open more possibilities a lot of companies I know of (and some projects of mine too :) ).

Off the top of my head, I know of a company that's trying to tackle online complaints (VozDirecta.com), another that feeds "what they're saying about your company"...

eadlam 4 days ago 0 replies      
Stanford Ph.D. student Richard Socher appreciates the work Google and others are doing to build neural networks that can understand human language. He just thinks his work is more useful ...

"Were actually able to put whole sentences and longer phrases into vector spaces without ignoring the order of the words."

Wait, didn't Mikolov et al. (Google) [just figure out][1] how to put entire languages into vector spaces?

[1]: http://arxiv.org/abs/1309.4168

Abundnce10 4 days ago 1 reply      
Are there any links to the code?
bkmartin 4 days ago 1 reply      
It got mine wrong...

"That makes about as much sense as a whale and a dolphin getting it on."

Keep working on it guys... I wish I understood sentiment trees well enough to be able to train it properly for this statement... Is a sentiment tree able to properly represent sarcasm and innuendo? <--- Honest question

anaphor 4 days ago 0 replies      
I'll be interested to read Language Log's (namely Mark Liberman's) opinion of this once it gets released.
ciferkey 4 days ago 0 replies      
I'm talking an NLP class this semester and its nice to finally be able to dig into material like this rather than giving it a light read through. Can't wait until the code drops!
Nvidia Removed Linux Driver Feature Due to Windows tomshardware.com
215 points by simula67  3 days ago   88 comments top 15
betterunix 3 days ago 7 replies      
Can someone please explain why "feature parity" even matters here? If Nvidia can do something with GNU/Linux that is technically hard to do with Windows, why shouldn't they do it? In what way does it make sense to force technical limitations of Windows on GNU/Linux users?
kleiba 3 days ago 0 replies      
NVidia has a history of not playing nice with Linux. Allow me to point to a small comment Linus Torvalds made on Nvidia a while ago (NSFW):


davexunit 3 days ago 4 replies      
I just use the nouveau drivers. They perform well enough, cause me far less xorg.conf headaches, and are free.
static_typed 2 days ago 0 replies      
It's something a little like this:

"We are altering the deal, pray we do not alter it any further".

Closed source, closed negotiating position.

When you buy one of these cards, you are already assuming the position to get kicked, you are just hoping not to get kicked too hard or too many times in a row. Doesn't seem like a sensible thing to do really.

fmax30 3 days ago 0 replies      
I think it is time to reverse the nvidia driver v295 to make way for an open source nvidia driver which supports upto n screens.
mdmarra 3 days ago 0 replies      
Is it fair to say that this is "due to windows" though? I don't see anything in this article saying that this directive came at the urging of Microsoft or anyone on the Windows team there. It's entirely possible that this can be some internal nVidia political nonsense happening.
mkr-hn 3 days ago 2 replies      
Who is "sandipt" and what is their connection to Nvidia? I don't see any flair or profile information (on the forum) to indicate that this is an actual staff member, or one with authority to comment on the motivations behind this change. I see no basis for all this speculation.
Nux 3 days ago 1 reply      
Maybe a late response to Linus :)


qwerta 3 days ago 0 replies      
Something similar with AMD. My flex graphic supports 4 screens. At some point proprietary drivers dropped this and now it only supports 3 screen. Open-source driver works just fine with 4.
static_typed 3 days ago 4 replies      
Oh, you bought Nvidia? Well, that was your first problem, and fault.

The Intel graphics are not so fast, but at least a big chunk are open source.

antimora 3 days ago 0 replies      
This might seem unrelated but I have a question to the crowd related to 3 monitor setup with Ubuntu.

Does anyone know how to use Intel + Nvidia on Ubuntu 12.04 (or later)? I was able to do this in the past with Windows but I can't get it working with Ubuntu.

legulere 3 days ago 0 replies      
An important rule for software is to not take features away. People will complain even if it's an obscure feature they don't even use.
_JamesA_ 3 days ago 0 replies      
What does this mean exactly?

I'm currently running an MSI 660 PE Ti with 3 screens in TwinView mode with driver version 319.49. This gives a total desktop of 4960x1920 in landscape-portrait-landscape layout.

I would like to get another 660 Ti and add another 3 screens in TwinView. Is that even possible?

dallagi 3 days ago 0 replies      
Does this issue affect FreeBSD drivers as well?
frank_boyd 3 days ago 0 replies      
It's probably time to vote with our wallets again.
Show HN: Introducing Harp A static web server with built in preprocessing sintaxi.com
215 points by sintaxi  4 days ago   75 comments top 27
Erwin 3 days ago 1 reply      
One interesting LESS feature I found when we were evaluating it for letting some users use it for customization: it can evaluate arbitrary Javascript and open and embed files. Just in case you thought it was some pure transformative shorthand CSS syntax.

Of course, letting users upload arbitrary CSS served from your domain is an XSS-level risk, but let's say you let each user have his own domain and let them upload .less files.

Or you have a say, node.js APP that lets a user enter LESS and spit out the -- escaped -- CSS.

Now they can do:

    div.hack {      background-image: data-uri("/etc/passwd");    }
When compiled with lessc 1.4.2, this embeds the contents of that file as base64.

Also, with 1.3.x."@import" lets you open any filename and insert it, but it's required to be valid .less. I suppose you could try to @import /dev/random or urandom although I don't know if there's any practical attack surface for decreasing entropy. I don't think I could offhand find a valid file.

However in the theorethical web page evaluating .less, the error output will contain the contents of the file @imported.

Oh, and the evaluation of Javascript... I couldn't make it do much useful, as it seems there's some kind of limited JS environment that code executes in. The worst I could do was:

    div {       background: `process.kill(-1, "SIGKIL")`;    }
The "fs" object does not seem to exist there, but I don't know enough about node.js/V8 environment to see whether there's equivalent of jailbreaks.

So, uh, don't compile arbitrary LESS files and send users their output, and LESS files someone sends you or checks into a project can kill your processes (at least).

chrismonsanto 3 days ago 3 replies      
"Build on request" is a good idea. We do something similar in our stack: tup[0] as the (insanely fast) build system, and developer VMs run mitmproxy[1] on port 8080 which runs tup before every request.

I prefer this style of a setup to coupling them together a-la Harp. If the webserver doesn't work out, I can swap it out. Same with the build system. Tying them together makes me antsy. And for good reason I think: since 2004, we have switched from Apache -> Lighttpd -> Nginx, and have switched from custom shell scripts -> Make -> Tup (with some fabricate.py, and with calls out to other build systems like Leiningen)

[0] http://gittup.org/tup/

[1] http://mitmproxy.org/

crabasa 3 days ago 1 reply      
Nginx is 11 years old and faced similar skepticism from many people in 2002 who made statements about how feature-packed, stable and popular Apache was.

I've been using Harp for about 3 months and really like the sweet spot they have found between a bucket of static files and a full-blown web app stack. It's a very new paradigm and you probably need to try it to fully appreciate it.

balupton 1 hour ago 0 replies      
This seems like a less mature and more opinionated edition of DocPad? - http://docpad.org

I find it hard to understand why one would use this over DocPad... Can someone fill me in, I'm curious to know what the interest is about in case I'm missing something!

stdbrouw 3 days ago 2 replies      
Reminds me of Middleman (http://middlemanapp.com/) and of my own https://github.com/stdbrouw/draughtsman, which has sadly languished. I've found it indispensable for prototyping, not just because of the precompilation but also because it'll search for metadata on the filesystem that you can use to flesh out those prototypes with real data.
dkoch 3 days ago 2 replies      
Another nitpick about the source code:

Let the code breath a little -- no whitespace around control structures is a bit jarring:

  if(error){    ...  }else{    ...  }

  if (error) {    ...  } else {    ...  }
Maybe adopt this Node style guide: http://nodeguide.com/style.html

aaronem 3 days ago 2 replies      
That Rails vs. Angular graph would sure be useful in arguing for a move away from Rails, except that it's unsourced and unitless on the Y axis. I'd love to know how it was generated and from what data, so I can make one that represents the same information in a way that's suitable for my purposes.
pyotrgalois 10 hours ago 0 replies      
I am using docpad (http://docpad.org/) and I want to try mimosa (http://mimosa.io/). Does Harp compete with this frameworks? I would appreciate any comments on this because I might consider Harp as another option.
ecopoesis 3 days ago 1 reply      
So this is like Apache's mod_* but for modern things. Sounds neat. One of the things I like most about the Play Framework is that it autocompiles LESS, CoffeeScript and Scala on refresh. Extending that concept to more languages is a good thing.
tsenkov 3 days ago 2 replies      
This doesn't seem to be on the right level of abstraction - why replacing the entire web server, adding dynamic translating (compilation) as a main feature?
rcsorensen 3 days ago 1 reply      
This is really neat.

The most horrible thing about trying to build out Node.js applications these days is wishing for the Rails asset pipeline.

http://harpjs.com/docs/environment/lib looks like it should make it very possible to tie this up next to rendr and get the best of all worlds.

laktek 3 days ago 0 replies      
For all skeptics, this can actually make lot sense with the current service-oriented web.

Actually, this is where I tried to go with Punch(http://laktek.github.com/punch) too. Vast majority of the content in web can essentially be static, it's just the minor inconveniences of plugging data sources, updating and managing them is what should be addressed.

AhtiK 3 days ago 1 reply      
Harp server (direct link: http://harpjs.com) seems to be powering https://harp.io/ paid service), didn't notice it mentioned in the article.
heme 2 days ago 0 replies      
I currently have Grunt + the RequireJS Optimizer building ~5 js files from 20+ AMD modules. So, with harp I would move that build script away from my app and into Harp? Sounds very interesting, but does this separate the application from the build script?

Less/Sass seems easy, but I'd like to see more regarding JS build/min/concatenation scripts in Harp. Or is this not its goal?

elyase 4 days ago 2 replies      
"The obvous question with building front-end applications is where does the state live? Fortunately there are many services ..." Does any body know what is a great solution for simple Contact Forms?
rschmitty 3 days ago 2 replies      
Does Harp have livereload support? Kill all the refresh buttons (for dev)! That would be my only must have for using a different dev server than grunt based for JS app dev
udfalkso 4 days ago 2 replies      
How easy is it to build nginx modules to accomplish similar preprocessing?
salehenrahman 3 days ago 0 replies      
Will Harp support adding plugins?

For now, I use Wintersmith. It supports Jade and Markdown out of the box, and you can extend it by writing plugins.

I wrote one to help me "load" dependencies, without having to use <script> tags. I use Devon Govett's importer[1] for that.

[1] https://github.com/devongovett/importer

edude03 3 days ago 1 reply      
I like the idea, but I don't understand the problem they're trying to solve. For example I have an app using node as the backend behind nginx and ember as the front end.

Right now I'm using grunt to precompile my app to plan old HTML / JS /CSS but there are modules for node that can also compile and cache for me, Either way, I don't have to mess with something that works (NGINX)

acoleman616 3 days ago 2 replies      
Nitpick: on the harpjs.com site, under the "The beloved Layout/Partial paradigm" header, you have "orginized" instead of "organized".

Looks like an interesting project, though!

cheshire137 3 days ago 0 replies      
This looks like it would be useful for a simple AngularJS app of mine where we use LESS, CoffeeScript, and Haml. We had written a simple Rack server to compile assets on demand. It'd be nice to get rid of the config.ru file and just use Harp as a drop-in replacement.

Does Harp handle Haml?

jdkanani 3 days ago 0 replies      
I have been using simple Node HTTP server to fulfill my small need[http://stackoverflow.com/a/13635318]. And of course, Node's event-driven architecture will help Harp. But, I think Nginx or Apache is quite featured web server you are trying to replace.
krrishd 3 days ago 0 replies      
This is the best thing ever if you're pulling data from flat JSON files, and I would prefer it to any static server simply because I would rather not worry about asset pipelining when working on a static, simple website.
oakaz 3 days ago 1 reply      
The idea is cool but I would never serve my static sites with NodeJS. Don't ask why. Benchmark it.
goshx 3 days ago 0 replies      
Any benchmarks available?
TheHippo 3 days ago 1 reply      
I don't think letting node.js handling static files is the very best idea.
cowls 3 days ago 2 replies      
Stopped reading after this spelling mistake on the first line of text:

"We already have extreamly reliable"

Silk Road 2.0: A concept of a distributed anonymous marketplace github.com
206 points by goshakkk  19 hours ago   241 comments top 30
gkoberger 19 hours ago 8 replies      
Don't forget SR1 was shut down due to a forum post that was linked to an anonymous PHP question on Stack Overflow. [1]

There's nothing illegal in this repo, sure -- but definitely don't even think of implementing it yourself. Or even use it.

[1] http://arstechnica.com/tech-policy/2013/10/how-the-feds-took...

dmix 19 hours ago 1 reply      
Is this similar to Cryptosphere [1]?

Federated networks/decentralized hosting seems to be the future for anonymous storage and communication. I'm curious to see what will be the first real world implementation.

The black market drug industry always seems to create pioneers of new forms of subversive technology (see narco-subs).

[1] https://github.com/cryptosphere/cryptosphere

pfraze 18 hours ago 7 replies      
This strikes me as extremely inappropriate. Don't publicly advertise tools for subverting the state.

> there are the bad guys with guns ("the state") that can interrupt the operation any moment and try to seize the money

This is just childish. There are much worse guys with guns that lack legal and political processes. They generally don't bother us because the state protects citizens.

Handle grievances with regulations or criminal code by organizing popular support for policy changes, not by building systems to break the law. Otherwise, expect to be treated as a criminal.

VMG 18 hours ago 0 replies      
Tip: hide the concept behind some clever academic sounding buzzwords, do not mention SR or black markets at all.
ChuckFrank 16 hours ago 2 replies      
Silk Road be damned! A distributed anonymous marketplace has many real and tangible benefits. By having a robust community escrow mechanism, and by having people deal directly with each other with reputational support, a marketplace like this could unleash a new age of internet commerce. Add to this several arbitrage mechanism to determine valuation, and I believe we can build a marketplace solutions light years from what we have now. As I've been working on a marketplace platform plan for products and services of uncertain value, if there are other people who are interested in partnering on the build of such a platform. Please contact me as marketplace efficiency is my passion and I believe that there's an amazing solution out there waiting to solve this problem.
pdenya 19 hours ago 3 replies      
In SR1 wasn't an additional feature of having the money go through a centralized party that neither party had access to the others BC wallet id? Would doing it this way negatively impact anonymity?
tlarkworthy 17 hours ago 2 replies      
One of the features of SR was that the money was laundered on entrance and exit to silk road. So you could not tell whose money went to who (despite the bitcoin ledger being public). This proposal is missing that critical feature.
mburns 18 hours ago 1 reply      
That was a long-winded, meandering way to say

1. Transaction scripts in place of 100% human arbitrage. Reasonable feature.

2. hand-wavy name coin reputation thingy. This idea makes no sense.

3. Being federated would be 'neat', despite the example project being abandoned and largely non-functional. Or you could just use Freenet instead of Tor?

nazgulnarsil 18 hours ago 1 reply      
Horribly underspecified. Reputation based third party arbitration is not even close to a solved problem. The bitcoin block chain does provide a new potential tool in making reputation systems more reliable (a distributed repository of public/private key pairs enables you to reliably tie reputation to a persistent transaction history), but there are lots of free parameters in such a scheme that need to be done right.

Additionally, with the node idea, the issue is that most people, including drug dealers, don't want to be mirroring lots of illegal content on their boxes. The set of people who can follow simple rules related to posting on forums and mailing items is much much larger than the set of people who can roll a secure node in a network.

aianus 17 hours ago 0 replies      
Given that PGP keys were extensively used by vendors on Silk Road, wouldn't it be possible to use Silk Road profile and transaction data (I'm sure there exist some site dumps out there) to bootstrap a web of trust?

Then a distributed hash table or similar structure can be used to publish product listings, signed transaction data, and feedback to keep everyone updated on who's to be trusted or not. There would be no explicit escrow but lots of people trusted the feedback history and "Finalized Early" on Silk Road without getting scammed.

kilroy123 18 hours ago 0 replies      
There were alternatives to SR before the bust, so I imagine one will take its place, and become the biggest.

Just like with all large drug enterprises, one falls, another comes in and takes its place.

No doubt the other site owners will learn from all this and adapt.

smoyer 18 hours ago 1 reply      
Funds were also transferred through SR's wallet so they could take their cut.
ye 17 hours ago 0 replies      
Freenet is anonymous, distributed storage and application framework.

Do we need to reinvent the wheel?



hosh 18 hours ago 1 reply      
I want to see this implemented for buying/selling designs for 3D printable things, and other supplies for Makers. I'm talking really basic things like the OSE's tractor designs.

Also: is there any way to use these scripts as a form of DRM? The biggest weakness to current DRM schemes is that the validity of a license depends on a trusted party -- the seller, or something like Steam. While such a scheme won't keep people from outright pirating digital goods, I think I would rather trust a p2p DRM scheme than depending on say, Amazon or Barnes & Noble to stay in business.

tlrobinson 17 hours ago 0 replies      
The problem really boils down to reputation and trust. If you can create a "portable" reputation that can move among decentralized marketplaces the rest is relatively easy.

But that's a very hard problem.

FBT 18 hours ago 1 reply      
Distributed services are the future, it seems. I predict (rather boldly, so I may be wrong) that the next wave in computer technology will be the move from centralized servers to a distributed framework. I foresee the next Microsoft/Google/Facebook being a company that brings this idea to reality. (Not specifically the Silk Road bit, but the general paradigm of distributed services.
TomGullen 17 hours ago 1 reply      
Oh god, something like this surely you'd want to distance yourself away from Silkroad as much as possible? Call it something else. Don't mention SR.
gobengo 9 hours ago 0 replies      
This is an admittedly ignorant question.

Would telehash be a useful application protocol to implement this on? http://telehash.org/

It's built on a distributed hash table (DHT) routing mechanism that is inherently decentralized.

wf 16 hours ago 3 replies      
This is way way off topic but it has been really bothering me lately: Why do so many people misspell "losing"? In the wrap up of the OP:

>The federated distributed marketplace will be much more difficult to shut down. And even in the case of shut down, no one is loosing their money.

I have been seeing this everywhere lately and someone even tried to argue with me that I was misspelling it. Why is this such a common screw up? Lose only has one o as does lost. I see no plausible explanation.

stretchwithme 17 hours ago 0 replies      
Maybe the first step is creating a github-like platform without an attackable central authority.
debacle 18 hours ago 0 replies      
It would be easier to just create a new Silk Road website.

This site also fails to cover the laundering aspect of sending/receiving from a DPR wallet.

goshakkk 18 hours ago 0 replies      
Mediators will be getting a fee, obviously. No one would work for free. With bitcoin, it's just one more transaction output.
0xdeadbeefbabe 17 hours ago 0 replies      
A title like Silk Road 2.0 makes me think you want attention more than you want a distributed anonymous marketplace. Why not focus on having a distributed marketplace that also happens to be anonymous instead of focusing on the anonymous aspect so much?
devx 18 hours ago 1 reply      
Couldn't this work on RetroShare's "forums", too?


pogue 17 hours ago 0 replies      
I see the problem with Silk Road not essentially being with the currency or the network mode itself, those both seem effective and appear to have been functioning properly at the time of its shut down (in so far as we know). I think the main issue is the trying to get physical items from point A to point B without getting intercepted/apprehended. It's all well and good to move digital items without getting noticed, but once you start shipping things you have to used pre-existing structures (ie: USPS, Fedex, et al.) which, if not run by the government, has no issue with giving any and all information to them. How to solve this is more complicated than the other parts, IMO.

Secondly, the arbitration through a third party I could see as being corruptible, if that third party is known and has no legal ramification/justification for just acting on their own good recognizance. It's like there needs to be a black market escrow that can't be bribed and won't steal the money.

Also, I'd just like to add that there are other potentials for connectivity outside of Tor & I2P. Older networks such as Freenet allow this kind of node hosting without having to "invent the wheel" and use some kind of new way to host a forum -- it probably just needs some oil added to the wheels. https://en.wikipedia.org/wiki/Freenet

ebbv 17 hours ago 0 replies      
What's up with using github for what amounts to a text post? It makes the link misleading (implying that you actually have some code), and it's not a great use of github anyway.
okey 17 hours ago 0 replies      
Calling this SR2 might not be the best idea, given the intent of the original.
yeukhon 17 hours ago 0 replies      
Why are we encouraging black market?
leishulang 18 hours ago 0 replies      
someone will make it eventually. and when it's done, it will be more than a github repo.
frank_boyd 17 hours ago 0 replies      
RetroShare accepts plugins, so could that be an option?

It's open-source, decentralized, public key encrypted communication and very easy to install and use:


How Snowden's Email Provider Tried To Foil The FBI Using Tiny Font npr.org
206 points by bernardom  4 days ago   55 comments top 17
spikels 4 days ago 3 replies      
How can you not love this guy? Please donate to his defense fund:



Lavabit Legal Defense Fund10387 Main Street, Suite 205Fairfax, VA 22030(703) 291-1999

pluies_public 4 days ago 0 replies      
Once again, if you want to support Lavabit, please donate to the defense fund either at http://lavabit.com/ or https://rally.org/lavabit.
kabdib 4 days ago 3 replies      
Other wonderful delivery methods:

- Baked into cuneiform

- Wax tablets. "Oh, sorry, it got hot in my car and they're a little runny..."

- In the form of a crossword puzzle.

- Knitted into a scarf. "Perl one, skip two..."

Best to have hardware from which it is impossible to export a key.

byroot 4 days ago 1 reply      
Not totally related:

It remind me of the case of "Free" a French ISP, they were forced like others ISP to send to the government the customer information related to IPs caught on P2P networks [0].

But the law did not specified how the data had to be sent, so to troll the government they sent everything by fax. And the volume was around multiple thousand queries a day.

[0] http://en.wikipedia.org/wiki/HADOPI_law

DigitalSea 4 days ago 1 reply      
Wouldn't the FBI have the technical capability to use optical character recognition to digitise the keys to actual text? Or maybe it's too small to be legible to a high DPI scanner? I really admire Lavabit here, they're not dealing with your average Joe, they're dealing with the American Government and that costs money. Everyone has the chance to help potentially make history by supporting Lavabit and donate to its legal fund.

Many would have just given up the moment things escalated, but Ladar Levison never gave in and fought for the privacy of his users at the cost of his profitable business and life. The cards are stacked against him, but he didn't let it get in the way of trying to fight the case and have it made publicly.

How many other companies have secretly complied with similar requests we don't know about? United States of America, the land of the free, right?

eli 4 days ago 1 reply      
This was already discussed at length earlier today https://news.ycombinator.com/item?id=6487969
anigbrowl 4 days ago 0 replies      
Wired Magazine details the ordeal

From the HN guidelines:

'Please submit the original source. If a blog post reports on something they found on another site, submit the latter.'

Raphmedia 4 days ago 2 replies      
Small moves like that makes me proud to be on the internet at this day and age of crisis. I hope I can tell my children or grand children that I actually cared and that I made a small difference, even if it's only the smallest of all.

I hope it will stay the way it is. Probably not, seeing how the public is ignoring and/or is not caring about the issue at all.

praptak 4 days ago 0 replies      
See? Ridiculous key sizes do give additional protection (imagine scanning a 4MB key printout.) Eat that, Bruce Schneier!
sxp 4 days ago 2 replies      
>To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data

That would take an intern less than an hour to digitize. Maybe three interns if you needed redundancy. This seems like a completely useless action on Levison's part since it end up giving the FBI the information they wanted but will still piss them off.

mcphilip 4 days ago 0 replies      
Off topic, but brings to mind another technique famously used by Goldman when they dumped over a billion pages to the 50 staffers in the Federal Crisis Inquiry Commission:


eyeareque 4 days ago 1 reply      
If my understanding is correct, the FBI could decrypt historical traffic if they had the keys. So, assuming the FBI/NSA has a huge archive of Lavabit's customer traffic (would not surprise me), couldn't they decrypt it all now since they have the SSL keys?
MayankGoyal 4 days ago 0 replies      
>>"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data," prosecutors complained.

That's pretty misleading - they make it sound like if they press the wrong key once it'll destroy the FBI's entire system.

jgeraert 4 days ago 2 replies      
Clever. We did something similar for a friend getting married. Instead of giving his present directly we created a text file encrypted with his public pgp key. We printed out the ascii-armored cryptotext and handed it over. He had lots of fun typing it back into his computer.
joe_computer 4 days ago 0 replies      
I'm just happy the FBI doesn't know how to run OCR. Hell they could have mechanical turked segments, like captcha farms.
devx 4 days ago 1 reply      
Upvoted because of the story, but I like NPR less and less these days. So far they've been mainly pro-government than pro-Snowden.
stretchwithme 4 days ago 0 replies      
I think he should have encrypted the key using itself. That way he can give them the key. And they can decrypt it and send it back in time so they can decrypt it.
I emailed the CEO of T-Mobile and he killed my contract bizjournals.com
202 points by amerf1  2 days ago   97 comments top 27
gkoberger 2 days ago 8 replies      
The title seemed negative to me (I thought he complained and the CEO said "we're done with you!").

But really, the T-Mobile CEO was helping -- the author wanted out of his contract (well, out of the $200 fee).

(EDIT: The original title was "I emailed the CEO of T-Mobile and he killed my contract, no joke")

dsr_ 2 days ago 1 reply      
It's terrible customer service.

The CEO should not have to get involved. Status as a journalist should not be required. The first doesn't scale, and the second, if true, is hopelessly corrupt.

Every customer support supervisor ought to be able to make an exception based on reasonable circumstances.

The article should have ended with "and anyone else in my situation, or a similar one, should contact T-Mobile customer support. If the first line worker can't help you, they should be able to put you through to a supervisor who can, based on the policy changes that T-Mobile has implemented."

Anything less at best means a flood of emails in the CEO inbox, and at worst continued customer dissatisfaction.

wpietri 2 days ago 0 replies      
I've got a theory that this can all be explained by cost of communication.

For a long time, word of mouth was what determined what people thought of businesses. Plus, high cost of communication kept most businesses small.

Newer communication technologies made very large companies practical, but the tech was expensive enough that it was most effectively used by those large companies both internally and externally). This a) meant a large company could override word of mouth with enough advertising, and b) encouraged the rise of professional managers, who spent very little time in contact with customers and mainly knew what their underlings told them.

But now, with the Internet, the pendulum swings back. Things like email, Facebook, and Twitter have brought low-cost one-to-one and one-to-many communication to the masses. Advertising doesn't work as well, and one person with a good or bad experience can tell hundreds, thousands, millions. If a CEO wants to know what people are saying, a simple Twitter search will tell them, with no underlings to soften or filter.

So smarter companies are recognizing that they can get a competitive advantage by acting like a small-town business has all along: the person in charge opens themselves up for unfiltered feedback, using that to fix their organization and get great word of mouth in the process.

What I really wonder is where the new equilibrium point is. Advertising has less manipulative power, but it's not gone. And large companies will try to control new media just like they tried to control what turns up in the press.

rjzzleep 2 days ago 2 replies      
It's funny how people immediately mock someone's sense of entitlement. You know what? Sometimes you indeed are entitled to something and the only reason you don't is because everyone else just accepts the sewer everyone is in.

I once received an apology letter after helping my mom bringing her complaint to the governing board of deutsche Bank. Because god forbid she was right and that douchebag bank worker wasn't.

Indeed just wow. I wish people would complain more, when there is a need.

What do I mean with when there is a need? That's the thing. Were not supposed to be machine(even though a lot of people wish for the opposite). Were supposed to evaluate the choices given to us and act accordingly.

And for all of you running a small business and thinking of the douchebag client you don't want. I apologize, because I know exactly who you're talking about and you're right.

001sky 2 days ago 4 replies      
Reporter: For $200, I will write a nice article about you.

CEO: Deal

kordless 2 days ago 0 replies      
I've had a mobile phone since the Motorola Brick days. Over the years I've grumbled and complained about various cell phone companies policies, dealt with contract obligations, bad service, horrible experiences with switching plans, etc., etc. The worst of the worst was moving to the bay in late 2007 and having to use AT&T on an iPhone.

Last year I bought a Nexus 4 from Google and signed up for a prepaid T-Mobile plan. A few months later they switched over to offering no-contract plans and I followed suit by putting both my kids and myself on a single plan. My entire experience with the company since signing up has been nothing short of stellar. Great customer service, low wait times while calling in, friendly faces in the stores, and always a willingness to do whatever it took to make me happy with my service.

My contract, with my two kids tacked on, is about what I paid Verizon a month for an iPhone. About the only complaint I have with T-Mobile is that I can't really surf the net while I'm in the BART tube under the Bay on the way into the city. Other than that, it's been a great experience!

It just goes to show that one person at a company, with the power to make real changes, is what it takes to change an entire industry. It feels great to give my money to a company that actually cares about customer service.

jamesmcbennett 2 days ago 1 reply      
Desire Paths 101. See Tom Hulme talk. http://mcbennett.wordpress.com/2013/09/17/tom-hulme-john-mae...

Taking inspiration from Urban Design where a path runs along the outside of a park expecting everyone to take the architected route. However people cut through the middle when they don't like the given route, following their desire path. Over time, the grass wastes away from the thousands of footsteps and bicycles that take their preferred route. The park owners have a choice to put up a sign saying "Do not walk on the grass" or altenatively pave the new path.

In business, when consumers take a new path, there is an option to pave their path as a new product line. Watch Tom's talk above to see how Facebook didn't pave their users desire path giving space for snapchat to grow. An example where a business put up the "do not walk on the grass" sign is Kickstarter who blogged, "Kickstarter is not a store," moving away from the desire path.

In this case, the CEO of T-mobile has helped a user cross the middle of the park, the question remains whether he should pave it.

geophile 2 days ago 0 replies      
A similar technique worked for me. I had an IOmega Jaz drive, which accomodated 1GB cartridges. (The same company produced the better known Zip drive.)

The cartridges kept getting stuck, and any attempt to remove the drive seemed to completely destroy the hardware. After several replacements, I got fed up and asked for a refund. They weren't going for it. I finally called the CEO, and received a refund pretty quickly.

I suspect that it's cheaper to just refund a few bucks and make the irritant go away, rather than deal with it at that level.

Asterick6 2 days ago 0 replies      
It's a good thing that John Legere places customer care/service as a high priority, but it seems like you didn't take the time to figure out the problem yourself.

Instead of "getting frustrated" and taking the issue to the CEO, you could have spent some time and effort to resolve it yourself.

Also, this post doesn't provide enough information about your issue and why you had a misunderstanding. If it did, then it would be more meaningful.

derefr 2 days ago 0 replies      
> "But how is that so? I have had a full upgrade since November."

Usually, phone upgrades are offered starting two years into a three-year plan. They don't want to let the contract expire before they try to reel you back in with an upgrade; that'd be incredibly dangerous for retention. They want to offer you the phone while you're still good and legally bound to them, but when you feel like you're almost out.

ruswick 2 days ago 0 replies      
On the one hand, it's nice to see that executives are receptive to their customers. However, the OP clearly states that they did not quality for a free transfer, and the fact that they got it seems sort of arbitrary. What if the CEO hadn't responded, or if the other executive hadn't chosen to cancel the contract? What if that person were having a bad day, and chose not to make such a gesture to the OP? One data point isn't conclusive, especially under such odd circumstances.

Good service is service that is both high in quality and in consistency. I highly doubt the ability of a single CEO to handle every email in the same way (if at all), and I'm not sure if I like the idea of unwarranted perks being handed out at the discretion of executives. It seems too much like a lottery, especially because the OP did not qualify for the transfer in the first place.

skittles 2 days ago 1 reply      
I want to like T-Mobile, but I'm in the middle of the US with access to 100+ Mbps Internet but no T-Mobile signal in my house. T-Mobile is pushing itself hard in my area, but they just don't have the coverage.
jfoster 2 days ago 0 replies      
This isn't particularly scalable for T-Mobile and I'd say they haven't done themselves or their customers any favours. The customer service experience should be the same regardless of whether you go in from the top or the bottom. If a customer has a better experience by going in from the top, I think that just implies that the customer service frontlines are failing.

It's good that the CEO is so accessible, but no reasonable customer should need to reach out to the CEO in order to get the a good CS experience.

lucb1e 2 days ago 2 replies      
Well this is nice of T-Mobile and shows they do somewhat care about customer service. I can chime in and add my experience with the English (American?) division of T-Mobile: they responded to a mention at a social network while I was not even really meaning to ask them a question, I merely mentioned them. The Dutch division is not as great, but oh well.

Still, I'd say it's how it's supposed to be. In the Netherlands it'd be illegal to upgrade contracts like this. You can't start charging more without giving the user an option to quit the contract for free (or continue the old contract for the old price). Also after the contract period (one or two years), consumers have a right to cancel the contract each month, also for free.

jordanbaucke 1 day ago 0 replies      
I tweeted him a few weeks ago after I wrote a follow-up to a letter I dispatched to their legal department a few weeks ago over the $299 cancellation fee http://onemanmilitia.blogspot.com/2013/09/to-get-out-of-my-c...

I agree with the comments I've seen here - their customer service is helpless, and I explained so in my letter.

tempestn 2 days ago 1 reply      
If he didn't have one already, Legere is certainly going to need an assistant to triage his personal email now.
personlurking 2 days ago 0 replies      
There's the old but true "never take a No from someone who doesn't have the authority to say Yes." So in most situations, the CEO wouldn't be helping, thus the customer service agents should have some authority. I've worked in a call center, I know the kind of BS that's pushed. Everyone just says what needs to be said to get the sale or get the customer off the phone (if it's a problem).

As an aside, I once had a problem with my Citibank and I found a little known 'elite team' of Citibank people who called me in a foreign country, on my cell phone, within minutes of me contacting them via email and resolved my problem in about 2 minutes flat. And they reversed charges I felt I shouldn't have had in the first place.

TheMagicHorsey 2 days ago 0 replies      
Oh, what a huge surprise. A CEO of a major corporation making sure that a journalist is taken care of.

Talk to any tech journalist. They all get special treatment now and again.

Keyframe 2 days ago 0 replies      
Article/blog post (whatever it is) reads like a PR article, which it probably is.
paul9290 2 days ago 0 replies      
I'm in a similar situation with Sprint where I wanted to get an iPhone 5s as I have had the 4s since its introduction.

Well I was told I couldn't get it until Dec. or I could pay $150 to get out of my contract and get a new contract to get the 5s now.

I actually ended paying the fee and after doing so was told to text 1311 for more info. There in the text it said I could upgrade now or go with their new and better plan OneUp. No one told me about OneUp which is the more modern and better option. Sigh I spent $150 because Sprint hasn't trained their reps on this program, but they put the info in their SMS marketing....errrr :(

Well Sprint did solve that issue but then after solving it and because its still a new option/plan mis-information abounds. Getting a new iPhone with Sprint or trying has taken to much time and effort and have tried to work with them for the past two weeks. But I'm done... See ya Sprint!

ulfw 2 days ago 7 replies      
We live in a world were people feel entitled to bring their little contractual issues all the way up to the CEO of a company with over 30 MM customers. So you either believe a) you're above those other 30 MM and can just do your CEO 1:1s if need be orb) you foolishly believe that the CEO of a major corp has the time and willingness to deal with customer support for 30 Million people.

Just wow

galaktor 2 days ago 0 replies      
I wouldn't conclude that this is good customer service. More bad service as the support team couldn't (or weren't officially allowed to) kill the contract. This was just a case of ultimate escalation which was brought to resolution as quickly as possible.
Gonzih 2 days ago 0 replies      
Very very misleading title.
jennita 2 days ago 0 replies      
Once, my phone actually flushed down the toilet, and I tweeted about it. T-mobile ended up sending me an upgraded version of my phone the next day, for free! Pretty sure they did it because they were laughing so hard about my ridiculousness. But that's cool by me. :)
hknozcan 2 days ago 0 replies      
I used t-mobile from around 2000 to the end of 2007 in NYC. Never had any problems but data was not a big issue back then. They even assigned me a 212 mobile number from a batch of 10 numbers that they received.

With the right wording and timing, these things happen. Around 2002, I was searching what books to buy and e-mailed Amazon support what books Jeff Bezos has read in the past 6 months. They replied immediately to told me to ask him directly providing his e-mail address. I forwarded the e-mail and got a reply back with a list. This was even cooler than having a 212 number.

shmerl 2 days ago 0 replies      
T-Mobile is probably the best mobile provider in US.
joeblau 2 days ago 0 replies      
Dang it. I got hooked by the link bait! I'll be the CEO of T-Mobile is going to get a ton of e-mails now.
Piercing Through WhatsApps Encryption thijsalkema.de
198 points by xnyhps  14 hours ago   71 comments top 7
tptacek 13 hours ago 3 replies      
A lot of cryptographic mistakes people make, you can blame on the 1990s. For instance, the ubiquitous CBC padding oracle (most recently of TLS "Lucky 13" fame) is the product of MAC-then-encrypt constructions, where attackers are given the privilege of manipulating ciphertext without having it checked by a MAC. We didn't have a mathematical proof to tell us not to do mac-then-encrypt until after the 1990s. So if you have that bug, you might consider blaming the 1990s.

But using the same RC4 key in both directions of an encrypted transport isn't just a bug known in the 1990s; it is the emblematic cryptographic attack of the 1990s, the one crypto flaw that even non-crypto pentesters could reliably deploy. For instance, bidirectionally shared RC4 keys broke the Microsoft VPN scheme, a bug discovered by Peter "Mudge" Zatko when there was still a L0pht Heavy Industries.

So my point is, this is a bit sad.

I should add, recycling the keystream of a stream cipher is worse than he makes it sound. The attack he's describing is called "crib dragging" and implies that an attacker has access to plaintext. But attackers don't need access to plaintext to attack repeated-key XOR, which is what a set of ciphertexts encrypted under the same stream cipher keystream works out to be.

PakG1 11 hours ago 9 replies      
Here's what I'm sad about. Does every single web and mobile app that gets made by anyone these days now require an extensive knowledge of how to do security right? If so, that sucks, given how big the field is. Or do we all need to go and hire tptacek for a quarterly security audit? I imagine that can get quite expensive. It really gets in the way of just making things and putting them up; I think kind of kills the spirit of creation and entrepreneurship. :( I mean, it's great for people who are truly interested in security, but what if you're not? Are you doomed to fail at the startup game if you don't know security well?
chmars 6 hours ago 1 reply      
In other news, WhatApp's website got hacked, well, defaced this morning:

Screenshot: http://i.imgur.com/wY2zDl7.jpg

Source (German): http://stadt-bremerhaven.de/server-von-whatsapp-gehackt/

nasalgoat 13 hours ago 4 replies      
I'm surprised they'd make such a rookie mistake when there are hundreds of good encryption methods online to crib from, just a Google search away.
skion 4 hours ago 0 replies      
I love how exactly this mistake is covered in detail in the first week of Dan Boneh's crypto course:

The Russians made the same mistake in WWII, but Whatsapp shows the relevance today.

frank_boyd 8 hours ago 1 reply      
https://heml.is/ currently looks like the best concept of a solution to the problem - if they keep their promise:

> Will it be Open Source?

> We have all intentions of opening up the source as much as possible for scrutiny and help!

But it's not done yet.

SnaKeZ 9 hours ago 6 replies      
Alternative...Google Hangouts?
Important Customer Security Announcement adobe.com
196 points by driverdan  4 days ago   103 comments top 32
Osmium 4 days ago 4 replies      
> We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.

Well that's reassuring(!) If these hackers were so "sophisticated" then presumably they could have obtained Adobe's decryption keys too? If not, why not?

Guess I'll have to phone my bank tomorrow... hope they don't charge me for the new card. Oh Adobe...

Edit: It just occurs to me that people with pirated Adobe software aren't having any problems right now. The same argument could be made of any service, of course, but at least with the old way of purchasing Adobe software (vs. Creative Cloud) Adobe didn't have to store your credit card number for an extended period of time. I don't think this excuses piracy, but it's not going to do anything to discourage it.

slowdown 4 days ago 3 replies      
As a customer who just made a purchase from Adobe a few hours ago, I feel good and horrible at the same time. I feel good that their source code was stolen (I will explain why). I feel bad that my credit card was compromised.

Around November 2011, Apple screwed up one of it's premier softwares (Final cut pro) and Adobe jumped right in and offered a 50% discount to all of its Creative suites (version: 5.5). Their pitch then was - "Apple screwed up, try ours and hey, if you buy the suite, it's yours forever and you get peace of mind". And so I bought the Windows edition of one of their suites. A year later, CS6 was announced and I decided to wait for sometime before upgrading. Just to be clear, I shelled out almost $1000 on the CS 5.5 version.

In the last few months, I made the switch to a Mac and I found out that my license for Windows wouldn't work on a Mac. Fortunately, Adobe seemed to provide a "crossgrade" path, wherein I can just swap my platform at no additional cost. Sounds good? No. Except that you can't swap from an older version (CS 5.5) to a newer version (CS 6). You can only switch between platforms of the two same versions. Okay, that's in a way fair enough, since it's been over a year anyway and it's time to upgrade. So, let me just upgrade to CS6, I thought.

This is where it started to get messy. I searched for links to upgrade to CS6, and I did find a few. But they all re-directed to the stupid Creative Cloud edition. WTF?

[1] http://www.adobe.com/mena_en/products/creativesuite.html

I searched and searched and finally found a link that worked. I placed an order and 24 hours later, my order was cancelled for no reason. I had to search for that link I found earlier, again. After giving up finding the link, upon contacting customer support, I was tried to be pushed into the stupid Creative Cloud platform, again.

    Support: Based on what we have discussed I highly recommend that you purchase Creative Cloud which includes Photoshop CC for images, Indesign CC for print design, Illustrator CC for graphics, Flash Pro CC for animations, After effects CC for adding effects and plus more.    Support: Plus you will get all the upgrades and updates for free of cost.    Support: You can install CC on 2 system both on mac/ Windows.    Support: I am sure CC will meet all your requirements.    you: Oh no thank you, please. It doesn't fit my budget. Once I stop paying, everything is gone, unlike in the case of a CS 6 install.    Support: I do understand your concern, however, going forward there is no upgrade path available since CC is replaced by CS6.    (WTF)?    you: Do you mean to say, that I can't upgrade from Cs 5.5 to 6?    Support: The upgrade path from CS6 to CS7 is not available, since CC is replaced by CS7.    you: Yes, I understand that.    you: I don't need CC ma'am, really.    you: It doesn't fit my needs.    Support: That's okay.    Support: Let me provide you with the link to upgrade to CS6 production premium, okay.

It's funny I had to spend so much time with support to purchase CS6, since Adobe clearly conveys that it intends to sell CS6 indefinitely.[2]http://www.adobe.com/products/cs6/faq.html

Even though the support person gave me the link to buy CS6, I thought it would be a good idea to probably re-consider CC again. So I checked on the Creative Cloud page to see if I could just pay $45 for say, about two months and later upgrade to CS6. But, again, Adobe tries to backstab its users. IF you cancel your CC subscription before 1 year, you will be billed 50% of the total amount (50% of ($45x12)) as a penalty. WTF?!! So, basically they want to beat their users to the ground as much as they can.

I decided to try alternatives, because I really wanted only a good Photoshop-like program and nothing else more (at that point). So, I searched, but I couldn't find. Now, this is highly deceptive on Adobe's part because they play a monopoly role clearly and they decided to backstab their users all of a sudden.

There is no easy way to buy CS6, there is no easy way to subscribe to CC for just a few months and the calculations they demonstrate are also deceptive at best. CC is more expensive than the boxed product.

One of my friends is a blogger, he has a huge follower count. Adobe contacted him and gave him a free 1 year subscription to CC. I was curious and I found a lot of bloggers reporting the same. One thing that was common in most of these Adobe contacted bloggers' posts, was how their stress to explain how the CC version was effectively cheaper than their boxed version.

So basically Adobe is indirectly bribing bloggers to write good stuff about their CC subscription.

Adobe's CEO is an incompetent backstabber who is totally fit for nothing. This was the same guy who argued with Steve Jobs that Flash on mobile rocks and later discontinued it.Backstab #1. I was a Flash developer previously. I was even jobless for a few days because I relied so much on this technology.

Adobe's CEO also backstabbed the much capable Flex eco-system. Do you know how many Flex developers are jobless now? Backstab #2.

And the Creative cloud (CC). Backstab #3.

That is why I feel happy that their source code was stolen. I was a genuine customer amongst a million others who just wanted to pay ONCE to use my software. I could have pirated like many others, but I didn't. I trusted them. But they took a U turn and decided to shoot us in the back.

Also, this guy is never straightforward:http://gizmodo.com/5984191/adobes-ceo-completely-refuses-to-...

This guy is incompetent and needs to be replaced. Atleast someone should file a class action suit for abusing their monopoly.

bcn 4 days ago 3 replies      
More details from Brian Krebs' blog post - http://krebsonsecurity.com/2013/10/adobe-to-announce-source-...

  "KrebsOnSecurity first became aware of the source code leak roughly one week ago...with fellow researcher Alex Holden...discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll."  "The hacking teams server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat."

ChikkaChiChi 4 days ago 0 replies      
Less than 1 year into forcing their users to 'The Cloud' for future updates, Adobe has proven incompetent at protecting our data (and even their own).

I feel particularly bad for the design houses that have entrusted Adobe with their intellectual property because it was supposed to be safe who now have to rethink how safe their assets really are.

nutjob123 4 days ago 1 reply      
Much more interesting than the customer data: "We are also investigating the illegal access to source code of numerous Adobe products". In the linked blog post they say: "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party"
chestnut-tree 4 days ago 2 replies      
Some naive questions from someone who genuinely doesn't know: how is it that a company cannot detect when someone downloads a giant database of sensitive personal information from their servers? Surely, there are ways to monitor access to this data and immediately flag suspicious behaviour? How do the intruders even find the location of this data and then download it? Isn't there some best practice security measures that can prevent of all of these things? I presume Adobe failed at all of them?
eksith 4 days ago 0 replies      
I was told repeatedly that I was a sucker for buying Adobe products (I own CS3 and never found it necessary to upgrade) instead of pirating. Well, I'm conflictingly feeling like a sucker.

Conflictingly because my CC info has since expired, but other personal data would still be in their records. I wonder how far back they keep those, but I guess I'll find out soon enough if I'm in the lot.

Edit: If anyone is worried about the source getting leaked giving rise to 0-day exploits and the like, you can at least move away from Reader into something like Sumatra PDF (open source). If all you need is a reader, it's a very handy alternative and far more nimble with resources (no I'm not part of their project. I'm just a very happy user)

plg 4 days ago 0 replies      
I wonder if this is why my university IT dept just broadcast an email saying that Adobe is "auditing" every computer on campus for the university's site license. They want to come into everyone's office and labs and run some "script" on every machine that does who knows what. Needless to say I said "no thank you".
aroch 4 days ago 0 replies      
This quote from the Krebs post is both laughable and horribly saddening. Even Adobe can't manage to keep Adobe software installs up to date

>Arkin said the company has not yet determined whether the servers that were breached were running ColdFusion, but acknowledged that the attackers appear to have gotten their foot in the door through some type of out-of-date software.

Samuel_Michon 4 days ago 0 replies      
> certain information relating to 2.9 million Adobe customers

It would be nice to know how many user accounts Adobe manages, so that I can better estimate the likelihood of my accounts being affected. If they only have 2.9 million accounts, I should be worried; if they have 100 million accounts, I should still worry but perhaps a little less so.

I have not (yet) received an email from Adobe regarding this latest attack, but I have an Adobe Creative Cloud subscription as well as several Typekit accounts. I use 1Password to generate passwords, but of course that doesnt protect my credit card information.

pdknsk 4 days ago 0 replies      
> encrypted passwords

Somewhere, oclHashcat makes room temperature rise.

keyle 4 days ago 6 replies      
We need some technology that makes our Credit Card numbers change every few days.

I am shocked that most people think it's OK these days to drop the "Oops, nasty baddies bad bad got in and there goes your details, so so sorry, come again."

If this happens to some small startup with the one PHP nerd that doesn't really know what he's doing (and is underpaid anyway) - that's fine. Or at least acceptable. You're living on the edge.

But a Fortune 100 company... COM'ON.

coldcode 4 days ago 1 reply      
How does source code leak in such an attack? Why would customer facing servers and databases share a network with a code repository?
jere 4 days ago 1 reply      
I love how I have no emails from Adobe today except for Creative Cloud advertisements. Thanks.
petercooper 4 days ago 0 replies      
Could this result in a huge fine or penalty, not least due to potential PCI DSS violation? Here in the EU, it'd be a big data protection issue as well.
ChuckMcM 4 days ago 1 reply      
I expect this sort of thing will be the ultimate death of 'cloud' computing in the sense Adobe and others would have you use that term.

There is tremendous "pain" here (both for vendors and for customers) which, if effectively addressed, could be the next Google or Apple.

bitserf 4 days ago 1 reply      
Well, pretty happy I bought Lightroom through Amazon right about now.

Reason: Adobe charges basically double the US price in Australia/NZ if you buy from them directly, and I refuse to pay a location tax since it costs them zero dollars extra to send me bytes through CDNs.

driverdan 3 days ago 0 replies      
Why was the title changed from the informative "Adobe Accounts Hacked" to the useless and generic "Important Customer Security Annoucement"?
tigerweeds 4 days ago 0 replies      
Maker of the most insecure end-user software in human history gets hacked. Karma, it is a bitch.
pirho 3 days ago 0 replies      
Here's the email...


Important Password Reset Information

To view this message in a language other than English, please click here.

We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

Adobe Customer Care

uslic001 4 days ago 0 replies      
Just another reason for me to continue to despise Adobe. Thankfully I bought my version of Acrobat Pro on Amazon so they did not have my credit card, but still Adobe handed all my other information over to the hackers due to poor security practices. Thankfully I also had used Lastpass to generate a unique password for their site.
hunvreus 4 days ago 1 reply      
I used to pay for Photoshop and Illustrator too, until I realized Adobe was more interested in adding clutter-ware (Adobe Updater, anyone?) than trimming down and speeding up their monstrosity of a code base.

After a while on Inkscape I am now running with:

- Sketch (http://www.bohemiancoding.com) as a replacement to Illustrator (vector drawing).

- Acorn (http://flyingmeat.com/acorn/) as an alternative to Photoshop for bitmap design (though it now supports vector drawing, much like Photoshop).

I am not affiliated in any way.

chmars 4 days ago 0 replies      
Have you had success with your password reset?

I always get an error message:

The provided email address could not be matched to an account on file. Please try again.

Thanks to 1Password, I am pretty sure that the provided mail address is correct

unclebucknasty 4 days ago 0 replies      
Awesome. That's two breaches in one day from two different companies with which I've done business.

This is out of control. The bad guys are winning. Time for a new paradigm.

jlgaddis 4 days ago 0 replies      

Time to dust off the ol 'rsum, Brad.

QuiteMouse 4 days ago 0 replies      
I refuse to use the cloud services anymore. I may be using a version of Photoshop that is 4 years old, but it does the job and does it well. There are some new features that I'd like to have, yes, but it's a small price to pay when compared to having all your personal information compromised.
grogenaut 4 days ago 0 replies      
Looks like not even adobe does the daily update / reboot requires when adobe software is installed.
slowdown 4 days ago 1 reply      
This sucks, especially considering the fact that I just made a purchase a few hours ago :/
Havoc 3 days ago 0 replies      
Adobe seems to be in the business of producing security flaws...
ibstudios 4 days ago 2 replies      
No word on whether or not they encrypted passwords? ...Sigh.
elwell 4 days ago 0 replies      
Well if the cc #'s were encrypted at least half as esoterically as the PDF file format, we have nothing to worry about.
zapt02 4 days ago 0 replies      
This is huge.
       cached 8 October 2013 15:11:01 GMT