hacker news with inline top comments    .. more ..    1 Jan 2014 Best
home   ask   best   5 years ago   
What I Didn't Say paulgraham.com
1202 points by twampss  1 day ago   553 comments top 85
grellas 1 day ago 6 replies      
A word about credibility. It comes from the Latin word credo, meaning "I trust." Its value exceeds that of money because it marks you as a person - as someone who is respected, who is trustworthy, and whom you would want to count as a friend. It marks you not as perfect but as special. It makes others ponder not so much that they did the last deal with you but that they would want to do the next deal too. Just as we build credit through many transactions, so we build credibility by the very pattern of our lives. Credit and credibility derive from the same root and signify the same thing: when in doubt, we can trust the one who has either trait. Not blind trust, just a benefit-of-the-doubt level of trust.

Well, pg has earned our trust and deserved the benefit of the doubt when something so off kilter as this is attributed to him. He did not get it here, and that is a sad testament to how crowd-inspired frenzies can bend our perceptions in such faulty ways. Let us only hope that we can learn some good lessons from this.

pg's response is actually priceless: it is like a soft-spoken witness upending a bullying lawyer who had just viciously attacked him, leaving the attacker reeling for all to see. Indeed, the mob looks pretty much like an ass at this point and kudos to pg for his more-than-able defense. Very lawyer-like, in a way, but far more classy.

ericabiz 1 day ago 19 replies      
As a female founder, I think this is a well-thought-out, articulate response, and I appreciate pg stepping up to say something about women in tech.

In a similar vein, I'd love to see YC take on one or both of the following:

1) Do at least one application cycle completely blind. How could you accomplish this? Much like in the concert auditions where this was first tried, put people behind a curtain--and then use technology to change their voices so every voice sounds the same. I think it would be a really cool experiment to see if different types of companies or a more diverse founder set would get funded.

2) Publish more stats on the success of YC companies, and publish stats on % of female(, black, ...) founder applications submitted, % accepted, % funded after acceptance, etc. Of course, I'd fully expect that this would be "opt-in" from the founders as well--i.e. each set of founders would need to agree as part of the application to have their data anonymously shared. You could also share data on % who opted to not have their data shared. (Techstars is doing some great stuff with their stats here: http://www.techstars.com/companies/stats/ )

I've talked to many female founders and YC does have a reputation as a "frat house" (I told one of the YC partners that personally when he asked me to apply.) I decided to not apply to YC and instead was in the first Techstars Austin cohort, which was a fantastic program overall. Techstars definitely seemed more welcoming to women from my perspective as a geek-turned-tech-entrepreneur.

I'm hoping this is the start of breaking down the "frat house" reputation around YC and getting more women actively involved with it.

tptacek 1 day ago 5 replies      
I apologize. I took it on faith that when The Information said they were running a "complete interview" with you, that it was in fact both complete and an actual interview. It seems very clear how this piece misrepresented you; the entire elided question you cite is particularly damning. I retain some of my misgivings (which have much more to do with the industry than with YC), but the "interview" clearly wasn't a good lens through which to consider them. I was nevertheless ready to do that too quickly, so the fault is as much mine as the magazine's.
kyro 1 day ago 2 replies      
Something needs to change about this industry's obsession with sensationalist journalism. If this industry is truly as forward-thinking and progressive as it is, and hopes to make strides in issues like gender/minority equality, then we need to build defenses against severely twisted, unfounded, and intentionally heinous hit-pieces by nobody bloggers who are trying to break into the industry by being edgy and aggressively opinionated.

The discussion about women in startups has completely come to a halt now and has shifted to discussing whether Paul Graham is a sexist.

The most sickening part of this whole ordeal? That these shit-stirring "journalists" are praised and said to have some sort of talent by their respective circles for knowing how to "shake things up," and their higher-ups want nothing more but for them to continue.

apsec112 1 day ago 2 replies      
"I think everyone should have the media perform a hatchet job on them at least once. Its this really scary feeling when you know youre trying to be honest and do the right thing, and yet you see how easy it is for a hostile writer to cast every single thing you do as corrupt and destructive. And how quick everyone is to believe them. And how attempts to set the record straight get met with outraged how dare you give one of those typical sputtering non-apologies!. It reminds me of those computer games where ACCUSE is just a button you press, and it doesnt even matter what the accusation is or whether it makes sense."


yawn 1 day ago 7 replies      
Jakob Kaplan Moss owes PG a public apology for his behavior. The witch hunt tweets that were coming out of him without getting the facts straight are downright disheartening.
ChuckMcM 1 day ago 0 replies      
Nicely responded.

Over Thanksgiving a friend of mine who is studying for his Masters in Philosophy introduced me to the formal concept of the 'Principle of Charity' [1] which is on the hearer's part a requirement of applying the most reasonable interpretation of the argument presented. When pg wrote this:

"Also (as we've seen), if you talk about controversial topics, the audience for an interview will include people who for various reasons want to misinterpret what you say, so you have to be careful not to leave them any room to, whereas in a conversation you can assume good faith and speak as loosely as you would in everyday life."

It connected with me that both in the interwebs and here on HN too often people do not apply this principle, either in prejudice or in ignorance, to the topics being discussed. That is really too bad, because it helps the quality of the discussion tremendously.

[1] http://en.wikipedia.org/wiki/Principle_of_charity

minimaxir 1 day ago 3 replies      
For those curious, here's a chart of the proportion of female founders funded by Y Combinator in the last 4 years, which correlates with YC's intention to add more female founders: http://i.imgur.com/MCLqUm3.jpg

Data source: https://docs.google.com/spreadsheet/ccc?key=0AjPFdCURhZvddHJ...

freyrs3 1 day ago 6 replies      
I'm not sure I want to work in an industry where some offhanded quip can lead to the kind witchhunt and character assassination like we saw over the last few days. Paul Graham may have some views that seem controversial to some people, but don't we all? I really blame the tabloidization of the tech press and the "twitter controversy of the day" bandwagon effect for these kind of incidents.
rubiquity 1 day ago 1 reply      
The passion for women/girls (referred to as females from this point on) representation in programming is so strong that they try and make villains out of the wrong people as if it will help their cause. From all of the reading I've done of PG's writings I think he has always taken a rather binary approach at whether you're the startup kind of person. I don't think he cares about sex at all. He wants people that are hackers/founders by personal interest rather than being pushed to it by others.

I really like when the move for more female participation in programming is more of removing barriers that would otherwise discourage females from participating (sexism, snickering, etc.) and less pushing females into programming.

As we all know, PG runs a company where his bottom dollar comes from the success rate of startups. It's not hard to draw the conclusion that people who naturally enjoy doing something are more successful at it on the whole than people who are pushed into doing something.

PG just happens to operate in a space dominated by males, because of this I imagine some people feel he has a responsibility to push the female programmer movement forward. I certainly don't imagine him holding female programmers back, with the female founders conf he's announced it sounds like he's trying to help. That said, I think PG is a "pull no punches" kind of guy, so while he is aware of the lack of female founders I don't think he's going to lose sleep over it as long YC continues to succeed.

oskarth 1 day ago 1 reply      
This piece should have to be written. I think the same goes for the essay Foreign Accents. I'm not a woman, but I am a "foreigner", and it's completely obvious in both cases what pg actually said. That is, unless you have a thing for being Offended or you are looking for excuses.

It's sad that pg feels he has to waste time doing these type of clarifications. Especially since he's not even holding any controversial opinions in either case, but is merely observing what he has seen at YC. I wish more people would be harder on the trolls with nothing but superficial criticism. Ignore them, and if they gain traction, despise them, the same way you despise spammers.

There's an asymmetry here. The trolls lose nothing on their vitrolic rants. For them it's a win either way, since at worst case they get some page views, whereas pg has to spend time dealing with bullshit. It would be more just if these trolls were punished, and pg weren't made to feel like he has to respond like this.

gkoberger 1 day ago 4 replies      
I wonder why pg did an interview for a site that was going to go behind an (expensive) paywall and was going to be edited. I know that "fixing journalism" is something pg would like to see[1], and (pg, sorry to put words in your mouth here) maybe he felt a for-pay site aiming for quality journalism was the answer? But it still seems weird he did this interview.

EDIT: I did read the article and know he was allegedly tricked, but my questions still stand. It was a long interview to just be a background about Jessica, and it was for a profile using the YC name to get $400 subscriptions. If they lied about the reasoning and then edited his words to say something completely different, I would have thought he'd be more outraged.

[1] http://ycombinator.com/ideas.html see #3)

ajju 1 day ago 0 replies      
When a similar brouhaha happened over PG's comments about accent taken out of context, not one publication cared to actually interview the scores of foreign founders with accents that have gone through YC (I am one).

The same thing happened again with this controversy. Here's at least one rebuttal from a leading female founder: https://t.co/1NbszBqlB1

Is it too much to ask of the press to at least look into a person's actions before piling on with criticism of a purported quote rehashed by a known instigator such as valleywag?

throwaway135 1 day ago 5 replies      
Why is adding more women to the tech industry automatically assumed a laudable goal to throw resources behind?

I'm Middle-Eastern (probably a smaller minority in the North-American tech scene compared to women), and while I (like most people) would certainly like to be surrounded by more of my brethren, it's not something I'd be comfortable spending resources on because the return on investment is so nebulous; diversity of views isn't automatically beneficial as is commonly assumed (an extreme example: you wouldn't expect a conservative big-corporation suit-wearing type to benefit a two-founder startup team).

It also seems a bit arrogant to tell people 'you should stop pursuing X and learn coding instead'. I wonder what would have happened had someone convinced Marie Curie, Jane Austen, or Hillary Clinton to go into programming instead of their respective fields (yes, I realise computers weren't invented in the case of the former two, but I hope you understand my point).

Finally, why is all this restricted to women only? Should I start advocating for Arabs? Africans? Inuit? It very quickly turns into a lot of duplicated effort. What's wrong with treating everyone equally? Not to mention that special-casing also reinforces the idea of 'us' and 'them', which I don't feel is productive either.

(throwaway because I don't want to be burned at the stake for publicly asking such questions)

kremlin 1 day ago 4 replies      
I didn't find any of the quotes that I read, even if they were out of context, remotely offensive. But I can see how someone who makes it a point to be offended by things might deliberately interpret it in a bad way, and convince other people that that is in fact what was meant by it.

For example, you say that you don't know how you'd convince 13 year old girls to be interested in programming. The normal interpretation is, 'Clearly 13 year old girls are very rarely interested in programming, and Paul Graham doesn't know how to change that.' The nasty interpretation is 'Paul Graham thinks that girls are intrinsically incapable of being interested in programming'.

It's easy to be offended by things. It's also obnoxious and often irresponsible.

bedhead 1 day ago 1 reply      
I've said it before and I will say it again: Gawker is simply professional trolls. They exist only to shit on everything, the farther away from their rigid liberal ideals the better. I wish people would ignore them completely.
abalone 1 day ago 2 replies      
pg is being disingenuous.

He did only refer to programmers. That's true.

But what he left out is that, he defined programmers as the "pool of potential startup founders". (You have to read the full transcript to notice that.)

So he is not actually referring to a subset of women. He very clearly says women as a whole are underrepresented as founders because they haven't been hacking since age 13 like the attendees of PyCon and open source committers, because it's really hard to get 13 year old girls interested in hacking.

It's completely clear when you read the transcript.

davidw 1 day ago 0 replies      
> [3] The controversy itself is an example of something interesting I'd been meaning to write about, incidentally. I was one of the first users of Reddit, and I couldn't believe the number of times I indignantly upvoted a story about some apparent misdeed or injustice, only to discover later it wasn't as it seemed. As one of the first to be exposed to this phenomenon, I was one of the first to develop an immunity to it. Now when I see something that seems too indignation-inducing to be true, my initial reaction is usually skepticism. But even now I'm still fooled occasionally.

I think we could do with fewer of those stories on HN, truth be told. They seem to generate a lot of heat and little light, and are generally about "off-topic" subjects without being intellectually gratifying.

yo-mf 1 day ago 2 replies      
Truly unfortunate all around. PG getting slammed from every direction. Jessica Lessin's new venture gets a black eye for shoddy journalistic standards. Lots of invective going around for what appears to be liberties of interpretation. And of all of this, I am not sure this really does anything to address the very serious topic on the imbalance of men to women in technology jobs.
dschiptsov 1 day ago 1 reply      
Oh, this American sexism nonsense again. Why, btw, no one is complaining that women have no predispositions for "autistic traits" ("being a male is to have some slight form of autism", like they said) and that girls with Asperger's, like, supposedly, Ayn Rand, is one for a billion. Why no one is protesting against the facts that men are much worse in caring for babies, because they have not enough "non-verbal communication abilities" to stay in a "continuous non-verbal rapport" with a toddler 24 hours a day? Why just not accept the fact that women are evolved to be better at some tasks at the expense of the other (and so are men)? So-called gender equality is a nonsensical "mental" concept (like any other "equality" nonsense which goes against the nature - genes is the very vehicle of inequality), given that the whole "evolutionary reasoning" behind a gender is necessary diversification of functions and abilities.
tomasien 1 day ago 1 reply      
Are you still going to write about women founders? I 100% take you on your word about all of this, but that I still think a lot of the things you said were off the mark in understandable but important ways[1]. You're obviously well meaning and thoughtful and I think it would be great to read more about your thoughts, although I know you'd prefer to avoid the shitstorm that would follow (no matter how well reasoned your arguments would be)

1 - Most notably, as a gatekeeper in startup culture (<- this seems to be causing confusion: not a gatekeeper to doing a startup, but a gatekeeper to YC which can often be important in succeeding as a startup in my and many other people's opinions), it seems pretty willfully ignorant to assume that you'd know if you were biased against female founders because if you missed some you'd know. If women are a group that starts on the outside to, as a gatekeeper you'd need more than that to know if you're keeping the gates properly, since we it'd be pretty hard to argue the system as a whole isn't a boys club.

YuriNiyazov 1 day ago 0 replies      
In John Gruber's words: "Im sure this will get just as much attention as Valleywags misguided hatchet job that started the whole thing, and that everyone on Twitter who excoriated Graham will apologize."
znowi 2 hours ago 0 replies      
How come this high volume post isn't penalized off the front page yet? :
robg 1 day ago 1 reply      
How horrifying must it be to have every word dissected by a linkbait culture? Then when the mob hears something in their pre-determined wheelhouse, the pitchforks come out with a vengeance.

Moreover, anyone who has read pg knows this kerfuffle was likely spam. I'm just sad our culture has degenerated to convict first, ask questions later.

Shameless has supplanted shameful.

jcromartie 21 hours ago 0 replies      
Why is anybody even offended at what he didn't say? What is wrong with the statement that women aren't making Facebook because they haven't been hacking for ten years? In a statistical sense this is true. The proportion of girls spending their formative years hacking away at technology is miniscule compared to the proportion of boys. The odds of a female Mark Zuckerberg are skewed for this simple reason.

And despite PG and YC giving every indication of wanting to change the situation, a simple statement of the situation (if it's out-of-context or not) makes people pick up their pitchforks?

crassus 1 day ago 1 reply      
At the heart of the matter is that witch-burnings are popular (turn into clicks) and that Gawker has a witch quota to keep up.

I'm glad to see such a thorough, intelligent reply from PG. He is extremely careful and precise in his language, without coming across as robotic or inhuman. It's impressive.

But this kind of thing is going to continue to happen. There is no market for taking an honest man at his word without reading subtext into it. The opinion ecosystem is a cesspool of the worst pieces of humanity. "Reporting" on Silicon Valley from the east coast would be hubristic and a folly if the organs involved had any intention of doing so honestly.

PG is fortunate that he is self-employed which provides some barrier against the power of the easily-offended. Somehow the talkers have gained power over the doers, and it is wrong. We live in a time when a person lower in an organization could easily find himself out of a job for an off-handed remark.

Teddy Roosevelt most eloquently described what is wrong with Gawker:

"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat."

kategleason 1 day ago 0 replies      
from a female founder:

PG picks the best.

it's time we step up to plate ladies. if we want to compete toe to toe with the gents then we have to be better than the ones we are up against. period. if you're better, trust me, he will pick you regardless of your gender.

it might even be in your favor if you just happen to be a woman on top of being better :)

Nimi 1 day ago 0 replies      
"""Mark Zuckerberg starts programming, starts messing about with computers when he's like 10 or whatever. By the time he's starting Facebook he's a hacker, and so he looks at the world through hacker eyes. That's what causes him to start Facebook. We can't make these women look at the world through hacker eyes and start Facebook because they haven't been hacking for the past 10 years. """

I wonder why pg thinks being a programmer is a prerequisite for looking at the world through hacker eyes. The notion that Zuckerberg could have started Facebook as a non-technical co-founder doesn't seem unreasonable to me (and you could even argue Steve Jobs, while having some technical chops, wasn't the typical uber-hacker-has-been-doing-this-since-age-12 programmer). Or not?

cookiecaper 1 day ago 1 reply      
Any interaction with the press is terrifying in almost any circumstance because you never know and really have no control over whether the outlet is going to pull something like this. I always have the impulse to refuse media interaction unless I can get final approval on the published piece, which, of course, no one will ever give you.

It's important for all of us to remember that the incentives of the media and their subjects are not necessarily aligned, and that bombastic distortions such as this are common.

oskarth 1 day ago 0 replies      
This piece should have to be written. I think the same goes for the essay Foreign Accents. I'm not a women, but I am a "foreigner", and it's completely obvious in both cases what pg actually said. That is, unless you have a thing for being Offended or you are looking for excuses.

It's sad that pg feels he has to waste time doing these type of clarifications. Especially since he's not even holding any controversial opinions in either case, but is merely observing what he has seen at YC.

I wish more people would be harder on the trolls with nothing but superficial criticism. Ignore them, and if they gain traction, despise them, the same way you despise spammers.

There's an asymmetry here. The trolls lose nothing on their vitrolic rants. For them it's a win either way, since at worst case they get some page views, whereas pg has to spend time dealing with bullshit. It would be more just if these trolls were punished, and pg weren't made to feel like he has to respond like this.

akkartik 1 day ago 1 reply      
My favorite quote: "I err on the side of late binding for everything.."
snake_plissken 1 day ago 0 replies      
Whoa whoa whoa, it's considered ok to mess with a quote like this and completely ax things out? And editors are ok with it? In the journalism industry and with with reputable print/electronic news outlets, when something is on the record (as I assumed this is since there is a transcript), are quotes actively edited to the point where key words are removed?

I know things are taken out of context, and quotes/sound bites can be selected and presented out of sequence, but actively editing the quote seems absurd and beyond anyone who honestly thinks they are reporting something accurately.

rexreed 1 day ago 0 replies      
Does the shrill, hyper-Silicon Valley startup focused, gossipy, and banal tech 'press' really matter? I wish they would focus on news, get outside of the Valley for their inspiration, and focus on a wider range of technologies and markets. But then again, who would read that? What we've got here is not "press" but rather entertainment. Basically, it's the TMZ-ification of tech "journalism". Yup, those are scare quotes.
dkural 1 day ago 2 replies      
Dear Paul,

In your arc article: http://www.paulgraham.com/arc0.html

you have the following few sentences:I realize that supporting only Ascii is uninternational to a point that's almost offensive, like calling Beijing Peking, or Roma Rome (hmm, wait a minute). But the kind of people who would be offended by that wouldn't like Arc anyway.

Here's the issue: "the kind of people who would be offended by that" - I realize that "that" refers to ASCII only support, and I agree with your statement. But it took me two minutes to figure that out. Indeed "that" might as well refer to Chinese people being offended by the colonial label of Peking instead of using Beijing. I thought you might want to fix this infelicity of expression.

lauradhamilton 1 day ago 5 replies      
Thanks for the clarification. It is unfortunate that your statements were taken out of context and spun. I typically look for the original source, and am relatively skeptical of poorly edited viral stories such as this one.

With that said, I do think that the moderation / upvoting / flagging of Hacker News is overwhelmingly male. I sometimes see sexist comments here, and there doesn't seem to be a good system for women to flag and remove those. This is a problem in my opinion.

gmays 1 day ago 0 replies      
I wonder how much time and energy is wasted defending or clarifying comments, particularly by people who would otherwise be creating value.
natural219 1 day ago 0 replies      
Can anyone link to an objective "what PG actually said" so we can, you know, actually evaluate these claims in context?

I see a link to https://www.theinformation.com/YC-s-Paul-Graham-The-Complete..., but there's no way I'm subscribing to this junk website.

izendejas 1 day ago 0 replies      
FWIW, The Information's piece definitely crossed the "too indignation-inducing to be true" threshold for me. And I for one, would enjoy an essay about such topic as it would be very relevant to the HN community that is often just as eager as journalists to see certain individuals or startups fail for whatever reason.
ElissaShevinsky 1 day ago 0 replies      
I wrote this in response: https://medium.com/glimpse-labs/5c6d2ff4ef0d

PG has done a lot for the community and I think he deserves a conversation rather than a lynching. I'm calling for a more civil discourse on sexism. We could say that I'm baised bc my cofounder was similarly attacked by Valleywag, but it's very reasonable to say that these conversations could be handled more thoughtfully.

drcode 1 day ago 0 replies      
This is a good essay, but I was disappointed it wasn't a followup to his classic essay "What You Can't Say" http://paulgraham.com/say.html
McKittrick 1 day ago 1 reply      
Getting misquoted in an interview happens to almost everyone who has given an interview ever. It is a product of the interviewer trying to put an editorial spin on a story (i.e make it interesting) and human error (based on reporter time constraints). Being misquoted is the tax for using the interviewer's platform for marketing. For most people, the benefit of the publicity outweighs the tax. So you give the interview, knowing full well that the end product is going to come out somewhere on the spectrum of slight misquote --> just made up stuff. And this isn't going to change. But it is something to keep in mind when you're pitching PR for your startup. You will get misquoted, its a matter of degree. Share your words as wisely as possible. Unfortunately, unlike PG, the rest of us don't have a platform for setting the record straight on a misquote.
informatimago 1 day ago 0 replies      
I think it is time to eliminate journalism entirely. Already with the web we've reduced greatly the number of intermediaries in transmitting information. But it is clear that they should be removed from the loop entirely Don't feed the trolls^w journalists ie. don't give them interviews or "conversations", don't pass on urls to their "articles". Instead give the url to the original data!
skylan_q 1 day ago 0 replies      
I stopped reading this partway through because PG doesn't really need to explain himself here. Don't attribute to malice what you can attribute to your own misunderstanding.
devin 1 day ago 0 replies      
reads post

realizes there isn't a lot of substance to most of the comments

goes back to programming

jayferd 1 day ago 0 replies      
Here's a collection of other writings by pg about women: http://sambiddle.kinja.com/paul-graham-writing-about-women-o...

This would be different if there were no context, but there is a lot of context.

emiliobumachar 1 day ago 0 replies      
This post is not listed in pg's essays list on his website, for understandable reasons. Makes me wonder what I've been missing. Is there an exaustive list of pg's public writings?
forgottenpaswrd 1 day ago 0 replies      
It is very interesting see someone like PG take the bait with anti ethical journalism.

I have some friends in top positions and the first thing they learn is about this techniques. There are predators out there wanting to eat your hardly earned reputation for their own benefit or agendas.

squirejons 1 day ago 0 replies      
CorpGovMedia hath given unto thee Laws to Live By. And so it is written that thou shalt not denigrate females, but that thou shalt elevate them above all others, for the females are The Most Sacred Consumer and Surplus Labor Supply, thus lowering wages and increasing The Most Sacred Corporate Profits.

And All Those Who Violate This Law Shall Be Marked "B" for Bigot. And Know Ye Well That Those Who Wear This Mark of B Shall Be Cast Out of Society and They Shall Be Demonized Forever....

Know Ye These Laws!

fit2rule 1 day ago 0 replies      
Welcome to the ways of media. My only question is: Why is it such a surprise to you that this occurred, when in fact .. This editing/re-positioning is normal and accepted behaviour in media organizations, and has been for decades. You should have known that the reporter already had their story goal filed - embarrass the PG/VC crowd somehow - and then they went to you for your interview, farming whatever they could to build controversy.

Controversy is the product, not informed readers.

jpeg_hero 1 day ago 0 replies      
don't try to talk honestly about the issue of women in tech. why do it? just will bite you in the ass.

just say whatever "they" want you to say (whatever is pc these days) and keep your head down and keep hacking.

atmosx 1 day ago 1 reply      
It is true though, women are not hackers where I live. That doesn't mean that womens are out of skills, and PG explains really nice it's just how it is and it might change in the future.

Given the way my mother cooks, I can state that when it comes to food she totally can be a called a hacker :-)

jenandre 23 hours ago 0 replies      
I would be interested in the stats of 'successful' startup investments (for YC and otherwise), how many of those technical founders actually started programming at age ~13 (vs 17 or 18).

Would also be interested in seeing what the relative success/failures of investments with startup founders at 23 w/ 10 years experience (started programming in teams), vs 28 (who started programming at 18).

dataminded 1 day ago 0 replies      
I find that doubting anything that Gawker says about anyone or anything is generally a good idea.
foobarian 1 day ago 0 replies      
Reading the full quotes of what pg said to the reporter, they come off both as quite subtle and arrogant. I can imagine the reporter not quite understanding the point but instead hearing "blah blah blah we're better than you and you can never be a hacker." I'm kind of surprised pg was that open in the "interview," I think I would probably be really careful what I say in a similar situation (been bit more than once).
yarou 23 hours ago 0 replies      
It's a shame how easily people get offended these days. Calling PG sexist is totally unwarranted, especially when what he said was taken out of context. I suppose these days certain kinds of people get off on controversy, especially when there's none to begin with.
Osiris 1 day ago 1 reply      
To avoid these kinds of problems, why don't journalists just post the entire interview transcript instead of, or in addition to, editing it for brevity and thus injecting their own biases?
edouard1234567 1 day ago 0 replies      
One can only appreciate the irony of note [3] :)

" The controversy itself is an example of something interesting I'd been meaning to write about, incidentally. I was one of the first users of Reddit, and I couldn't believe the number of times I indignantly upvoted a story about some apparent misdeed or injustice, only to discover later it wasn't as it seemed. As one of the first to be exposed to this phenomenon, I was one of the first to develop an immunity to it. Now when I see something that seems too indignation-inducing to be true, my initial reaction is usually skepticism. But even now I'm still fooled occasionally."

vorg 1 day ago 0 replies      
> in a conversation you can assume good faith and speak as loosely as you would in everyday life

In some countries it's legal to record any conversation you're a part of without informing the other participants so many people are on their guard. Even in everyday life with people you know well, they or you might be carrying a mobile phone manufactured by certain company or running a certain OS that listens, even when turned off with the battery still in, on behalf of some party who'll never be prosecuted and often never even exposed, and there's a lot of those sorts of people out there. Perhaps even a higher than average percentage of Hacker News visitors are these sorts.

ChristianMarks 1 day ago 0 replies      
Now anything you say about a controversial topic has to be unambiguous at the level of individual sentences.

This has been true in academia for years.

venantius 1 day ago 0 replies      
I'm really happy PG responded to this, because when it came out it already seemed like a completely overblown and taken-out-of-context quote and I had to literally refuse to discuss it with people because the firestorm seemed too absurd to validate with conversation.
bambax 1 day ago 1 reply      
> whether we could, in effect, accept women we would have accepted if they had been hackers


jug6ernaut 1 day ago 7 replies      
"I was explaining the distinction between a CS major and a hacker..."

"What I was talking about here is the idea that to do something well you have to be interested in it for its own sake, not just because you had to pick something as a major.So this is the message to take away:

    If you want to be really good at programming, you have to love it for itself. "
Labeling "CS major"'s as non hackers, good to know as someone with a CS degree.

While I 100% agree with your final above statement, I find it concerning that you would label everyone with a "CS major" as having motivations outside of a "hacker". I fail to see how they are mutually exclusive. I hope this was just a unfortunate choice of words.

leoc 1 day ago 0 replies      
"Milo carefully said nothing when Major de Coverley stepped into the mess hall with his fierce and austere dignity the day he returned and found his way blocked by a wall of officers waiting in line to sign loyalty oaths. At the far end of the food counter, a group of men who had arrived earlier were pledging allegiance to the flag, with trays of food balanced in one hand, in order to be allowed to take seats at the table. Already at the tables, a group that had arrived still earlier was singing The Star-Spangled Banner in order that they might use the salt and pepper and ketchup there. The hubub began to subside slowly as Major de Coverley paused in the doorway with a frown of puzzled disapproval, as though viewing something bizarre."
dchichkov 1 day ago 0 replies      
> If you want to be really good at programming, you have to love it for itself.

It is difficult not to love things that you've discovered for yourself and learned to do as a kid. So the following:

> If someone was going to be really good at programming they would have found it on their own.

while not required, could be just an 'often encountered' case.

edw519 1 day ago 0 replies      
This incident immediately reminded me of Hall of Fame baseball player Steve Carlton, one of the greatest professional athletes of all time. He had a simple method of dealing with media "issues": he didn't talk to them.

From http://en.wikipedia.org/wiki/Steve_Carlton ...

Carlton slumped in 1973, losing 20 games. The media's open questioning of his unusual training techniques led to an acrimonious relationship between them and Carlton, and he severed all ties with the media, refusing to answer press questions for the rest of his career with the Phillies.[13] This reached a point where, in 1981, while the Mexican rookie Fernando Valenzuela was achieving stardom with the Los Angeles Dodgers, a reporter remarked, "The two best pitchers in the National League don't speak English: Fernando Valenzuela and Steve Carlton."[14]

Sometimes I wonder if more people responded this way, "professional journalism" might actually have a chance.

ericd 1 day ago 0 replies      
I'm not surprised that things were taken completely out of context. The first time you have something written about something you've said is really eye opening - unless the whole thing is printed verbatim, it's almost invariably edited to say something different than what you meant, and to be more in line with the rest of the story.
jebblue 23 hours ago 0 replies      
It seemed like a thoughtful and appropriate response to what almost looks like an intentional misrepresentation of his comments; or at least of the purpose of the discussion.
nox_ 1 day ago 0 replies      
I expected an article about monads.
ondiekijunior 1 day ago 0 replies      
No offense intended but what am seeing are ad hominem attacks at worst and pointless agreements at best over suitability of a fellow hacker, pg in this case, to put things clear on a generally clear topic. We are introducing abstract reasons why he is correct or otherwise. Why don't we take him at face value, cause in general it's isn't good practice to discuss someones intellectual ccompetence unless they are a potential hire in our university start-up
beachstartup 1 day ago 0 replies      
every time i've ever dealt with "journalists" i've always come away with the unmistakable conclusion that most of them are complete and utter scumbags.

but that's just my opinion on the matter.

anuraj 1 day ago 0 replies      
PG has put what he said in perspective - and everything boils down to quoting out of context. You want to be an A class founder - try hard - there is no shortcut even if you are a woman.
zw123456 1 day ago 0 replies      
There is obviously a huge amount of energy around this. I think it would be great if YC sponsored a conference around this topic (perhaps Women & Minorities in tech startups).
thatusertwo 23 hours ago 0 replies      
Older people start thinking what they see is true, my dad always says stuff that is true to him, but not so true for me as I have less life experience.
fuckpig 1 day ago 0 replies      
I used to respect pg. Then I saw moderation here and how bigoted it is, and now, I respect none of you.
arcticfox 1 day ago 0 replies      
Is there an editor's rebuttal to this? If unintentional, at the very least a limited apology seems fitting.
spajus 1 day ago 0 replies      
1. Why is this so heavily upvoted? 2. How do you, startup people, find the time to write a novel in the comments of this "I didn't mean it" post?3. Would you lick dirt off Paul's shoes if he allowed you?

Go write some code instead.

dinkumthinkum 1 day ago 0 replies      
I hate that pg even has to make this explanation. It is easy to understand what he meant even in the hit job "interview." I didn't realize how it was constructed. Now it makes a lot of sense. I mean what goal would it serve for pg to misogynistic claims? It defies common sense. I think the "interviewer" represents the worst of journalism, simply trying to peddle controversy where there is none. It is sort of infuriating to me because there actually is misogyny in our hacker culture but this is NOT it.
thenerdfiles 1 day ago 2 replies      
Don't women pick up concepts faster than men?

I mean, it's pretty clear that women excel at language acquisition over men, and these are just computer languages.

Let's say, ceteris paribus, 10,000 hours for adolescent boys, 8,000 hours for adolescent girls. Supposing this is the case, given the history of computer science, I doubt really any one of us is in a position to define credibility on solely that metric of time spent.

Clearly environment plays a very significant role here, and it goes without saying, given the larger cultural context of the West, that women have been excluded. I mean, Women's Suffrage was, like, a century ago.

I'm just going to assert that I'm quite postive more than half of you are talking jive, and that's not good.

ooohooo 1 day ago 0 replies      
In the end, there will be no winners in the feminist or forced approach to trying to increase the number of women programmers. It's a lose-lose situation.
11thEarlOfMar 1 day ago 0 replies      
Well, that's a relief.
robomartin 1 day ago 0 replies      
The media has amazing power to manipulate stories and fabricate what will be taken as facts by the masses. This power is almost impossible to counter. They have molded public opinion, destroyed people and manipulated elections at nearly every level.

When I was a kid I was told a story as a means to communicate the gravity of telling lies. A lie, as the story goes, is like ripping open a feather pillow atop a mountain. Feathers fly everywhere. To undo a lie you have to collect every single feather, a task monumentally more difficult than telling the lie.

The Internet multiplies the power of the lie at every level. From a simple comments to blog posts to more established media outlets. Since the feathers can't be collected the damage can be extensive, permanent and even outlive the victim. Given this it would almost seem that the law needs to develop beyond liebel and slander (which I think might not be up to the task).

nashashmi 1 day ago 1 reply      
Can I use the skewed article and PG's response to now make a case that women can't be newspaper writers?
__pThrow 1 day ago 2 replies      
What Paul didn't say.

Anything about DongleGate

Anything about PronounGate

Anything about CPlusEqualityGate

But when They Came for Paul, then he wanted us to know what he said.

Sadly, I was already gone.

In fact what he did apparently was to take these sorts of threads down and encourage moderators to kill them.

Now of course, he abuses his power as publisher to host this thread where we can deify him, thank him, and and apologize to him.

frozenport 1 day ago 0 replies      
Thats what happens when you get your news from a p0rn outlet!
grinich 1 day ago 1 reply      
I don't really care about what was said and what wasn't. PG was probably misquoted. Whatever.

What bothers me more is that damaging PG's public image is seemingly what it takes for him to prioritize writing an article about female founders.

I don't think YC needs to have affirmative action for gender; it would neither be fair or that effective. However, I think they're in the perfect position to inspire younger generations to start hacking. And this must specifically include girls.

My cofounder is a woman, who was contributing to Debian at age 15. Our first employee is a woman, with a MS from the operating systems group at MIT CSAIL.

There are lots of women hackers out there, but none of them are partners at YC. This press is disappointing, but not unexpected.

About Python 3 alexgaynor.net
531 points by jnoller  1 day ago   325 comments top 69
thatthatis 1 day ago 4 replies      
I'm going to go against the grain here and say that moving slowly is one of my absolute favorite features about python and its libraries.

Rails and django were released about the same time, rails is on version 4, django is on 1.6.

Moving slowly means I can spend more of my time writing code and less of my time upgrading old code. More importantly, every release requires a perusal: did the API change, what's new, are there breaking changes I need to be aware of?

I didn't appreciate how nice a slow but consistent and deliberate release cycle was until I started using Ember which seems to release a new version monthly.

Its generally acceptable to be one or two x.x versions back, but much more than that and the cost of maintaining libraries skyrockets, so you start losing bug fixes and library compatibility.

With python there's not really a question of if I can run my code for a year between non-security upgrades, even with a few dozen third party libraries. That stability is immensely valuable.

agentultra 1 day ago 4 replies      
I like Python 3. I prefer it. It is better to program in than 2.x. Iterators everywhere, no more unicode/encoding vagueness, sub-generators and more. It is a much better language and it's hard to see how it could have evolved without a clean break from its roots.

However it has been interesting to follow over the last five years. It has been a sort of, "what if p5 broke the CPAN," scenario played out in real-life. Breaking compatibility with your greatest resource has a painful trade-off: users.

Everything I work on is not even considering a migration to Python 3. OpenStack? A tonne of Django applications that depend on Python 2-only libraries? A slew of automation, monitoring and system administration code that hasn't been touched since it was written? Enterprise customers who run on CentOS in highly restrictive environments? A migration to Python 3 is unfathomable.

However my workstation's primary Python is 3. All of my personal stuff is written in 3. I try to make everything I contribute to Python 3 compatible. I've been doing that for a long time. Still no hope that I will be working on Python 3 at my day job.

Sad state of affairs and a cautionary tale: "Never break the CPAN."

evmar 1 day ago 2 replies      
I like to think of engineering as "solving problems within a system of constraints". In the physical world, engineering constraints are things like the amount of load a beam will bear. One of the primary easily-overlooked constraints in the software world is backwards compatibility or migration paths.

There are many examples of systems where many look at them today and say: "This is terrible, I could design a better/less-complicated system with the same functionality in a day". Some examples of this dear to my heart are HTML, OpenID, and SPDY. It's important to recognize the reason these systems succeeded is they sacrificed features, good ideas, and sometimes even making sense to provide the most critical piece: compatibility with the existing world or a migration plan that works piecemeal. Because without such a story, even the most perfect jewel is difficult to adopt.

The OP, about Python 3, is right on except for when it claims making Python 3 parallel installable with 2 was a mistake; doing that would make it even more impossible to migrate to 3 (unless the single binary was able to execute Python 2 code). (Also related: how Arch screwed up Python 3 even more: https://groups.google.com/d/topic/arch-linux/qWr1HHkv83U/dis... )

themgt 1 day ago 3 replies      
It's fascinating to compare this with ruby 1.9, released around the same time, but seemingly with a slightly better cost/benefit ratio, having nice new features and also significantly improved performance, and with ruby 1.8 being deprecated with a lot more speed and force. It got everyone to actually make the switch, and then ruby 2.0 came along, largely compatible and with a more improvements, and now ruby 2.1 seems to be an even smoother upgrade from 2.0.

The ability of the ruby core team to manage not just the technical aspect of making the language better, but smooth the transition in a way that actually succeeded in bringing the community (and even alternate ruby implementations) along with them, hasn't been given nearly enough credit. You could analogize it to Apple with OS 9 -> OS 10.9, versus Microsoft with people still running XP

GuiA 1 day ago 4 replies      
Python 3 came from a good place, and it definitely fixes many problems that sorely needed fixing, but it was doomed to failure from the start (and many developers said that in 2008 already).

For all intents and purposes, Python 3 is pretty much a new, separate programming language. Sure, it's very close to Python 2.x, but you don't have out of the box retro-compatibility so that pretty much kills it right there.

Python 2.x is so huge in terms of its use around the world and available libraries and resources for it that you just can't say "hey, the new version of Python will in practice break everything" and expect it to fly.

I love Python and the community around it (and have several packages on pypi myself), but Python 3 is a joke.

If we didn't want to kid ourselves, we'd kill Python 3 and back port the interesting features, like Alex suggests. At this point though, too much effort and egos are involved to make this realistic.

cturner 1 day ago 2 replies      
Static platforms are great for developers. The best years of WebObjects' life were after Apple had mothballed it. Returning to a project years later - all the old code, scripts, and patterns worked just the same. Nothing else in the java world was like that. Similar story with BSD. The python 2/3 migration has been well managed. There is no rush. Celebrate it.
thezilch 1 day ago 1 reply      
It wasn't until 3.3 that py3 was really palatable. Easier to support unicode running the same codebase in py2 and py3. yield from -- look, a py3 feature worth porting for! 3.3 was released in late 2012, and so, we can probably shift this "5 year" expectation to start from there.

In fact, it's 3.4 that really starts to wet the beak with asyncio and enum. I'm not sure 2.8 needs to happen, if 3.x simply, and finally, has good reasons to get on board.

saurik 1 day ago 1 reply      
Reading the comments on Hacker News whenever someone brings up the issues with the Python 3 transition are horribly painful due to a systemic bias in that the people who care to read and talk about Python 3: they are mostly people who are in the 2% of people who apparently care enough to have upgraded already; everyone [edit: "here who is saying" was incorrect; "here who normally says" <- today the discussion has been much more balanced, which is really nice] "engh, its fine, I upgraded, I know tons of people who upgrade" are ignoring the actual statistics cited by this developer [maybe having these actual numbers changed the discussion, pushing out the people who just insist nothing is going wrong?] that show "no, you are wrong, you have a bunch of anecdotes because you know people like you and people like you actually wanted to upgrade for some extrinsic reason that your friends are more likely than the normal population to share with you". :(

If you cast a wider net, and talk to people at conferences that have nothing to do with fancy programming languages (and certainly not about Python itself), people aren't using Python 3, and the feelings about Python 3 are mostly "sarcastic bitterness" (where like, you bring up Python 3 and they kind of laugh a little like "yeah, no, obviously") surrounding the problem mentioned by this author that "for the last few years, for the average developer Python, the language, has not gotten better" while being told that upgrading is easy or somehow intrinsically valuable to them, which as this author points out comes across as the Python community just saying "fuck you" to their needs.

falcolas 1 day ago 7 replies      
As a development lead, we recently abandoned our plans to migrate to Python 3. Here's a short summary of why:

To begin the migration, we needed to move from Python 2.6 (which is the default on our CentOS6 production boxes) to Python 2.7. This transition is actually rather hard. We can't use the packages provided in CentOS base or EPEL, because they are all complied against Python 2.6. To re-produce all of our package requirements would require us to either build new packages of the compiled libraries (such as MySQL-python, python-crypto, PyYAML, etc), or load down our production environment with a compiler and all of the development libraries.

Migrating from Python 2.7 to Python 3 would have required a nearly identical effort (there's not a lot of Python 3 packages for CentOS, in particular the packages that we need for our application).

Frankly, it's just not worth that effort at this time. Python 2.6 is the default environment, there's solid package support for it, and it just plain works. We'll make that dive when Python 3 becomes the default for CentOS (scheduled for 8 or 9, IIRC), and probably not before.

captainmuon 1 day ago 1 reply      
Python fell into the Winamp trap. If anyone remembers, version 3 was pretty much crap, and many users stayed with 2.95 for ages. Now, I'm not saying Python 3 was bad, not at all, but the benefits don't outweigh the cost of switching for many people.

Here's my idea. Make a new "Python 5" (2+3=5, or call it whatever you want), based on Python 3. Put back everything that was deprecated or removed along the way, including the `print` statement. Provide `from python2 import xx` or `from python3 import xx` if there are incompatible module changes. To deal with the string changes, introduce an idiom like:

    bytes, str, unicode = python2_strings    bytes, str, unicode = python3_strings

    from python2 import bytes, str, unicode    from python3 import bytes, str, unicode
which always maps "bytes" to the byte array (py2 "str", py3 "bytes"), unicode to the unicode char array (py2 "unicode", py3 "str"), and "str" to whatever the legacy code needs.

The goal would be to have 95% of legacy code run without modifications, or with a minimal addition of 2 lines to the top, or a command line switch.

a3n 1 day ago 2 replies      
Consider the new programmer, or the programmer new to python, or the corporation/workgroup new to python whose focus is not at all python as python but just GSD.

They read this, or you show it to them: Should I use Python 2 or Python 3 for my development activity? https://wiki.python.org/moin/Python2orPython3

It starts off very encouraging: "Short version: Python 2.x is legacy, Python 3.x is the present and future of the language"

Then we skim down to the meat of the page: Which version should I use?

Two short version stating that 3 is great, and you should use it. If you can.

And about 20 paragraphs of caveats.

To the person who's been around the block once or twice, or doesn't want to be seen as that pie in the sky programmer to his boss whose focus is not programming and doesn't give a shit about new, what stands out is "you can use virtually every resource available in 2, and almost mostly totally in 3 also."

And if you're new in any sense, do you really want to spend the time researching if 3 is going to work for you or your group/boss/career? No, you pick 2 and GSD.

When that page is gone, or its caveats are substantially reversed, 3 will be the choice.

tristanperry 1 day ago 0 replies      
I'm looking to learn Python, so it's a pitty that there's a schism of sorts within Python.

This sort of reminds me about PHP 6: a project with initially high momentum and various ideas to clean up the language. But over time it became clear that upgrading from the land of magic quote and register globals (PHP 4) to PHP 6 would have been too much of a jump.

So instead they slowly started deprecating and making improvements within the PHP 5 stream, and bit-by-bit PHP has moved on.

The change from Python 2 to 3 doesn't look dramatic, but I can understand why there's an air of lethargy regarding the upgrade.

hansjorg 1 day ago 1 reply      
My last few Python projects have started out as Python 3, but ended up as 2 due to missing library support.

Would it be at all feasible to enable Python 3 to import Python 2 code? I imagine this could be done without making Python 3 fully backwards compatible, but I might be wrong.

dvirsky 1 day ago 0 replies      
The irony is that what's keeping Python from moving forward is its own ecosystem.

PyPi makes it so easy to just add small libraries as dependencies to your project. This is part of what I like about it, but it comes with a cost - this exact problem.

I actually find the unicode thing a good enough reason to move to Py3, and porting my company's own code is hardly and issue. But I just had a quick look at how much of our dependencies support Py3. No surprise - we can't move. Not without porting a huge amount of code we don't know by ourselves and hoping the pull requests get merged, or by dropping big dependencies from our code.

How big? Thrift, boto, MySQL-python, hiredis (the native C redis connection layer), fabric, mrjob - just to name a few. Some of these have big non compatible dependency trees themselves.

Neither of those are going to happen. So not having a big enough incentive is not my problem here. The price of migrating is simply too big compared to the incentives.

I think the only big enough incentive that would cause me to consider replacing or porting all this huge chunk of dependencies, is something indeed along the lines of GIL-less massive concurrency a-la Go.

But that doesn't seem to be happening any time in the foreseeable future. Python 2.8 is a good idea for me as a user, but it will only persist the problem, not solve it. I don't have any better idea other than Python should grow one huge carrot to create a tipping point, and enough pressure on library maintainers to hop on.

dekhn 1 day ago 4 replies      
I used Python 3 for the first time a few days ago (I've been programming in Python for 18 years). When I used python heavily (I've switched back to C++ and now Go) I depended a lot on a small number of really good libraries- ElementTree, NumPy, SciPy, etc. Unless/until all of those get ported to Python 3 (along with hundreds of other programs), and those ports are considered Correct (in the QA validation sense), it's hard for me to consider wholesale conversion.

I did it because I was trying to parse Unicode in XML (Apple iTunes music files) and Python 2 is completely broken when it comes to unicode.

I consider Python 3 a big "fuck you" from Guido to the community. I don't think he intended it to be so, but the effect of the long transition, and the lack of backported features in Python 2 (which could be easily accomodated), coupled with only limited adoption of Python3, demonstrate the leadership needs to pay closer attention to user pain.

Finally, I don't think Python will ever address the simple and most important core issue: lacking good multithreading support will make the language continue to be more and more marginal. CPUs aren't getting much faster, the CPython serial runtime isn't getting any faster. Multiple cores on a single chip, and multiple threads in a core, are getting more numerous- and not being able to take advantage of them using the obvious, straightforward memory-sharing, multi-threaded techniques the chips are design to run well- is just a clear ignorance of the future of computing designs.

I switched back from Python to C++ when shared_ptr and unique_ptr, along with std::map and std::vector became standard enough that programming in C++ became easy: convenient memory management, and maps/vectors are the two things that C++ adds to C that are valuable. Then I switched to Go because C++ compilation times are so bad, and writing high quality concurrent code is hard.

justinph 1 day ago 4 replies      
Something that might help is OS vendors shipping with 3.x installed, rather than 2.x most seem to.

OS X ships with 2.7.5. For a casual python user, sticking with what is there and working is safe, especially when the benefits of 3.x are unclear.

ak217 1 day ago 1 reply      
I feel frustrated too, but I think Ubuntu 14.04 will tip the scales (it ships with Python 3 by default).

Also, the core devs got at least some things right with Python 3.3 by making it a lot easier to write code that targets 2.7 and 3.3 at the same time. In retrospect, that should have been the focus much sooner.

cool-RR 1 day ago 2 replies      
I don't share Alex's concern. The migration to Python 3.X is a slow, but in my opinion sure process. Already many of my small internal programs run on Python 3.4, and I believe that in 1-2 years from now I'll be writing most new Django client projects in Python 3.4 (hopefully running on Pypy3).
jrochkind1 1 day ago 0 replies      
Meanwhile, in Railslandia, the annoyance is how much time you have to spend updating your old apps that rely on ruby versions or other dependencies that are no longer supported.

I'm annoyed that it's looking like ruby 1.9.3 will be end-of-lifed sometime this spring, and I'm going to have to go and deal with updating a bunch of apps to ruby 2.0 or 2.1; it seems like it was just yesterday I had to spend way too much annoying time updating them all to 1.9.3 in the first place when 1.8.7 was EOL'd.

And don't get me wrong, 1.9.3 is _so_ much better than 1.8; and the update to 2.x will hopefully be not so bad, but it's still time I'm spending on the treadmill instead of new features.

Is there any path between the continual forced march of updates of ruby, and the lack of urgency so nobody ever upgrades of python?

iandanforth 21 hours ago 0 replies      
I'll be honest. I'm waiting until Guido says it's time.

The phrase that I have stored at the moment is "Python 3 is the future of Python." Fine. Great. But that's not good enough.

This page needs to be updated: https://wiki.python.org/moin/Python2orPython3

It should be shortened to read, in its entirety, "Python 3."

pixelmonkey 1 day ago 0 replies      
Is there a tool that will take a requirements.txt file and let you know whether all the packages in that file are already Python 3 compatible (by looking up corresponding packages on PyPI)?

If not, that tool seems worth writing, and then we can do a poll of some major production codebases and see whether Python 3 support is actually missing.

As for "Python 2.8": meh. I think we should just support the development of tulip / asyncio in Python 3.4 (see docs, this is looking awesome already: http://docs.python.org/3.4/library/asyncio.html), then use our blog platforms as Pythonistas to promote all the new async programming you can do using asyncio + Futures + yield from, port over important async frameworks like Tornado/Twisted, etc.

In that case, Python 3.4 becomes the Python release that gives you all the power / convenience of Python 2.x with a complete cleanup of callback spaghetti code as demonstrated in the "hello, world" co-routine example: http://docs.python.org/3.4/library/asyncio-task.html#example... -- I think async programming is mainstream enough, especially in web/mobile/API applications, that this will be a compelling draw for people.

I think the only thing GvR and crew got wrong is the timing -- it probably won't take 5 years from release for everyone to migrate to Python 3, but it will take more like 8-10. But it'll happen.

PaulHoule 1 day ago 1 reply      
The funny thing is I was getting downvoted by the peanut gallery on proggit and other sites when I was pointing out, years ago, that there is no such thing as "Python", but really "Python 2" and "Python 3".

It's nice to see that pythonistas are starting to accept what an outsider saw give years ago.

Frankly the problem is a culture of overpromising and underdelivering that is endemic to Python. The situation with threading in PHP and Python is really the same: "it almost works" but the PHP community is responsible and says you shouldn't really use threads and the Python community is irresponsible and says "come in the water is fine".

The developers of languages such as PHP, C# and Java value backwards compatibility. Certainly things break from release to release, but some effort is made to minimize the effect, whereas in Python 3 they rewrote important APIs and broke a lot of stuff that they didn't have to break.

Rauchg 1 day ago 0 replies      
I think a really good explanation of why people are not switching was provided by Ted Dziuba: http://teddziuba.com/post/26426290981/python-3s-marketing-pr...
JesseAldridge 1 day ago 0 replies      
Funnily enough, these days I'm spending most of my time writing Javascript. So that's like two steps back. But that's ok, because the language is not the bottleneck in software development. The big time sinks are learning new concepts and managing inherent logical complexity.
DonGateley 1 day ago 0 replies      
Backwards ecosystem compatibility is a law of nature, not an option. Guido blithely broke a law of nature and the consequences, which should have been completely obvious to him, are just as anyone with history in the industry could have predicted (and most did.)

I'm at the decision point of which one to learn for a long languishing project I want to use it for. If I could write in 3.x and use the 2.x library ecosystem there would be no glitch whatsoever in my decision process. 3.x seems sufficiently advantageous _as a language_ to make the choice easy. As is, however, since I do not yet know what within the 2.x ecosystem will prove to be important or essential, my only intelligent choice is to maximize my options and go with 2.x. The advantages of the 3.x language don't even begin to outweigh the potential disadvantages of coming up short.

I consider this irrevocable break with backward ecosystem compatibility (given the magnitude of the ecosystem) to be the worst, most egotistical decision I've ever seen in the computer field. Almost a death wish.

cpks 10 hours ago 0 replies      
The Python community may take this as a wake-up call to realize Python 3 was Python's Vista/ME/Windows 8, rolled up into one.

My proposal: Call it a development version, and ask the community to upgrade when Python 4 fixes GIL, adds support for GPGPU, multicore, adds semantics useful for going fast, true lambdas, tail recursion, and adds all sorts of similar pretty things.

Forcing an upgrade down a community's throat worked for Microsoft when they had a monopoly and could stop releasing security patches for older versions. And even then not well, and giving huge numbers of botnots.

Anything short of that is likely to fail and just hurt the size of the Python community. If I'm switching, there's also Ruby and a few other places to go that aren't Python 3.

I don't like, want, or care about Python 3. It's a regression for me. It's not a popular view, so I'm not vocal about it, but I don't think I'm in the minority here.

martincho 1 day ago 2 replies      
What is needed is a very high quality Python 2.x to 3.x migration or conversion tool to make library conversions trivial. If developers knew they could convert any 2.x code to 3.x code with no effort at all and with absolute certainty of proper operation they would probably migrate to the latest 3.x release en-masse.

How difficult would something like this be?

This might be really naive on my part. I haven't really taken the time to study the differences between 2 and 3. I have avoided 3.x out of entirely selfish reasons: I simply don't have the clock cycles to run into roadblocks.

These days languages are only as valuable as the breath and quality of the libraries around them. The issue with 3.x is that it created fear of not having access to small and large libraries developers leverage every day to be able to focus on their problem and not the problem addressed by the library. In that regard it is easy to be inclined to criticize Python leadership for approaching the transition with what might be perceived as a lack of consideration and understanding of the factors that might hinder it.


Just learned about 2to3:


Not sure how good it is. A quick look at the page gave me the sense that it might be somewhat involved. A true converter would be something that is as easy to use as the the import statement. Something like:

    import2to3 <some_module>, <some_destination_directory>
It should not require any more thought than that and it should be 100% reliable.

sergiotapia 1 day ago 0 replies      
Wow, can't believe it's been this long and this is _still_ an issue.
doe88 1 day ago 0 replies      
For all its goodness I think it was a mistake to make syntax changes and other non-backward compatible changes in Python 3.

My current projects are currently compatible with Python 3 and it's my main target whenever possible (depending on the dependancies).

But all in all this is one of these little things that make developping in Python less fun than before. This is not my preferred language anymore.

hyperpape 1 day ago 2 replies      
This seems like a reasonable perspective, but I wonder how much will change when Python 3 starts shipping with Linux distributions (and probably OS X eventually).

It won't change anything for the shop that has a million LOC, but it might start to budge that 2% number.

anilshanbhag 1 day ago 2 replies      
Python3 is not exciting because well there is nothing to be excited about.

Consider me an average programmer, I have been using python for a year+ now. Most of the everyday stuff can be done in 2.7, some functionality I need / can't do I google and get a solution which works in 2.7. Why Py3 is not adopted is because there is not much benefit you get for doing the extra work (think chemistry - activation energy)

On another note, why can't we port it the little goodness back to 2.7 ?

mixmastamyk 1 day ago 0 replies      
I was downvoted before for remarking that Py 3 needed a killer feature or two to drive adoption, similar to this post. Perhaps I was not charitable enough.

I'd personally like to see pypy bundled and a complete package manager solution, as well as usability features like bpython. I don't think it is necessary to dump it. It just needs a little excitement.

Still, after many years I am finally planning to move my stuff to Py 3.4 when it comes out next year. No particular reason, it just feels like it is time. Shame that it doesn't look like it will get into 14.04.

brownbat 1 day ago 0 replies      
As a beginner, not a professional developer, python 3 always made more sense to me. Print is a function, 1/2 is not 0.

I've heard the counterargument about backwards compatibility.[1] That hasn't ever been just a 2 vs. 3 thing though. pyOpenSSL works with 32-bit 3.2, but dies with errors out of the box on Win-64 py 3.3. Last I checked, the PaiMei debugger works on 2.4, breaks on 2.7.

There are several projects that work with a specific deprecated subversion... it'd be weird if that were a common argument to keep everyone on 3.2, or 2.4 or something.

[1] http://help.codecademy.com/customer/portal/articles/887853-w...

mkolodny 1 day ago 0 replies      
I'd love to use Python 3, but missing library support is definitely the killer for me. There's a list of py3-compatible/incompatible libraries here: http://python3wos.appspot.com/.

If we can pick off a few of those top py3-incompatible libraries, I'd be willing to bet that a shift to py3 would follow. Many of the libraries have long-standing py3 port branches if you'd like to help the effort. For example: https://github.com/boto/boto/tree/py3kport/py3kport.

As far as I'm concerned, there's really very little in the way of me using Python 3. But what is in the way matters. Starting a project without being able to use boto, fabric and gvent would be tough. I like the idea of being able to import Python 2 libraries until they're finally ported over to Python 3 a lot.

daemonk 1 day ago 2 replies      
Rename it as something else. Call it Cobra or something. Also remove all backward compatibility features. Maybe by taking away it's association with python, it will have a better chance.
dec0dedab0de 1 day ago 1 reply      
This is kind of silly, but the main thing keeping me on Python 2 is the print statement.
koshak 1 day ago 1 reply      
about python 3:

  $ python  Python 3.3.3 (default, Nov 26 2013, 13:33:18)   [GCC 4.8.2] on linux  Type "help", "copyright", "credits" or "license" for more information.  >>> import timeit  >>> timeit.repeat('for i in range(100): i**2', repeat=3, number=100000)  [4.451958370991633, 4.446133581004688, 4.4439384159923065]  >>> timeit.repeat('for i in range(100): pow(i,2)', repeat=3, number=100000)  [5.343420933000743, 5.341413081012433, 5.3455389970040414]  >>> timeit.repeat('for i in range(100): i*i', repeat=3, number=100000)  [0.8348780410015024, 0.8323301089985762, 0.8313860019989079]  $ python2  Python 2.7.6 (default, Nov 26 2013, 12:52:49)   [GCC 4.8.2] on linux2  Type "help", "copyright", "credits" or "license" for more information.  >>> import timeit  >>> timeit.repeat('for i in range(100): i**2', repeat=3, number=100000)  [0.9710979461669922, 0.9630119800567627, 0.9619340896606445]  >>> timeit.repeat('for i in range(100): pow(i,2)', repeat=3, number=100000)  [1.7429649829864502, 1.7306430339813232, 1.729590892791748]  >>> timeit.repeat('for i in range(100): i*i', repeat=3, number=100000)  [0.6579899787902832, 0.6526930332183838, 0.6540830135345459]   $ python -m timeit '"-".join(str(n) for n in range(100))'; python -m timeit '"-".join([str(n) for n in range(100)])'; python -m timeit '"-".join(map(str, range(100)))'  10000 loops, best of 3: 49.4 usec per loop  10000 loops, best of 3: 40.6 usec per loop  10000 loops, best of 3: 32.8 usec per loop  $ python2 -m timeit '"-".join(str(n) for n in range(100))'; python2 -m timeit '"-".join([str(n) for n in range(100)])'; python2 -m timeit '"-".join(map(str, range(100)))'   10000 loops, best of 3: 30.2 usec per loop  10000 loops, best of 3: 25 usec per loop  10000 loops, best of 3: 19.4 usec per loop  $ uname -rom  3.12.6-1-ARCH x86_64 GNU/Linux

jrochkind1 1 day ago 1 reply      
I understand there are backwards incompatible changes in python 3.

But how hard is it to write code that works under both python 2 and python 3? Is this easy, or are the number and nature of changes so hard that this is a pain? How often do people write code that will work under both?

During the ruby 1.8 to 1.9 switch, it was common for people to write code that worked under both. How hard this was depended on the code base, but usually ranged from 'very easy' to 'medium but not that bad.'

You had to avoid the new features in 1.9.3 of course; you had to avoid a few features in 1.8.7 that had changed in backwards-incompat ways; and, mostly only around char encoding issues, you had to sometimes put in conditional code that would only run in 1.9.3. That last one was the most painful one, and overall it was sometimes a pain, but usually quite do-able, and many people did it.

Now, the ruby 1.8 to 1.9 migration was quite painful in many ways, but the fact that so many dependencies worked for a period in both 1.8 and 1.9, without requiring the developers to maintain two entirely separate codebases... is part of what made it do-able.

And, later, dependencies eventually dropping 1.8 support, of course, is part of what forced those downstream to go to 1.9.3. But by the time this happened, all of your major dependencies were probably available for 1.9.3, you rarely ran into the problem of "one dependency is only 1.8.7 but another is only 1.9.3", because of that period of many developers releasing gems that worked under both.

3pt14159 1 day ago 1 reply      
If Guido had just left division the way it worked in 2.7 we'd all have moved by now. Everything else the community is fine with, but it is enough of a sticking point for some people that they can't be bothered to make the switch.
wiremine 1 day ago 1 reply      
Python 3 is a different language from Python 2. Yes, they are _almost_ the same language, but they are far enough apart to keep people from making the switch. It feels closer to Perl 5 => 6 vs. Ruby 1.x => Ruby 2.x.

That's a gross over simplification, but it is closer to the truth than the Python 3 community likes to think.

I wonder: have there ever been a successful language rewrite, post critical pass, in the history of computer languages? If so, what lessons can be brought to the current Python 2/3 situation?

For myself, as a professional Python programmer, I like Python 3 a lot. But until a critical mass of PyPi moves over, it isn't worth the effort for most projects.

Edit: fixed a wrong word.

erikb 1 day ago 0 replies      
I think it's just starting to roll. Only a month ago I argued in my company's mailing list, that now is the time to finally start moving to Py3. Py3 is more stable now, most of the big libraries have finally moved. In a commercial set up it is just stupid to move forward, when the ecosystem hasn't. But now it has, so now we start. I think people should just continue to improve in that direction. Maybe it will take 10 years, not 5. But it's definitely going in the direction of Py3.
JulianWasTaken 1 day ago 0 replies      
Not that this has ever been a showstopper whenever this comes up, but just to put some chips on the table, I personally have no interest generally in CPython development on 3.X, but I would pledge some help wherever I could in a potential 2.8 release.
gizbot 1 day ago 1 reply      
The arrogance burns. It burns.

Python 3.0 was derailed by arrogance that developers should commit to a one-way transition that would touch every function rather than accept that, in Python 3.0, 'x = u"Hello"' should have been a valid statement. It didn't help that it ran slower, added nothing, and broke tools.

Python 3.3 was the first release that had a prayer, but there are mistakes everywhere. For example, virtualenv was included but broke because pip was not. Libraries like ftfy are required because the encodings break. Explaining the oddities of scoping inside generator expressions creates tricky interview questions. And then, Python 3 didn't fix all the broken.

By broken, I mean actually broken. We know where its broken: lots of standard libraries like collections.namedtuple which has an argument to print a generated class. Strange cruft like calendar.weekheader() that only helps one developer's program. This code is in the standard library. Handy things like cleaning up Unicode, DSL support, local encodings, security restrictions. Those you add from other libraries.

Also, where's the love? The courage? I would love to see Python seriously consider dropping case and underscore sensitivity in order to speed up developers, an_item = anItem +1 would be a warning. I would like to see language translation support in the language, great packaging that just works, incorporation unit tests into the package system, reforming the dunder mess, anything! Instead I see the mediocrity by arrogance.

Just for fun, they moved the US Pycon conference to Canada. Only little people have troubles with international travel. Arrogance.

PythonicAlpha 1 day ago 0 replies      
I think, one mistake that was made with Python 3 is, that compatibility had initially very limited attention. They solved many problems of Python 2, but left the legacy behind ... and there was the trouble:

* Many libraries where limited to Python 2, because the effort converting them seamed to high

* Because of minor problems (like the infamous u"-stuff), the overhead converting simple Python 2 programs was to high.

Some of the problems where fixed later (e.g. infamous u"- is now legal in Python 3 and ignored -- why not before??), but I think that than it also was a little late ... Python 3 has evolved further and many people just got into the habit to ignore Python 3.

Not caring about compatibility can be necessary, but also can be a burden (that hurts a long time)!

jurassic 1 day ago 0 replies      
From where I sit, it seems like the 2/3 schism is the result of "one and only one way to do something". While is sounds like a good slogan and I was on board with this party line for a long time, breaking perfectly good features in pursuit of a more perfect adherence to "only one way" does nothing except alienate the community.
hnriot 1 day ago 0 replies      
Python 3 is a huge distraction. It's hard to get people to move away from languages like java while there's a fragmented python world. If only we could just forget py3 the python community would be a better, more newbie friendly place. Every time I hire someone I have to explain why python 2 and why not "the latest"
malkia 1 day ago 1 reply      
Almost all Autodesk products come bundled with 2.x version of python. Could it be that Python 2.x is the Windows 7 of the Python world :) - just good enough for everyone.

(I'm not a python user, had to write few items for Maya/MotionBuilder and few other scripts).

paganel 1 day ago 0 replies      
This feels a lot like the migration from Zope2 to Zope3, which everybody was saying was going to be painless and wonderful and then Django happened. As a long-time Python user (and a reluctant former Zope user) I hope things will not turn out the same this time round.
RamiK 1 day ago 1 reply      
Fix the GIL.

Python 3 isn't getting used because it breaks backwards compatibility without offering many meaningful benefits. Sure, the syntax clean ups and the new sugar are nice and all. But you don't rewrite a working code base because of "nice".

So, fix the GIL; Replace the spaces indentations with tabs; Take out the stupid 79 line limit off PEP8; Even clean up the standard library... After all, if you don't need to worry about backwards compatibility, then you might as well re-do it all properly.

hyp0 1 day ago 0 replies      

  [Python 3 releases live in parallel to Python 2] In retrospect this was a mistake,  it resulted in a complete lack of urgency for the community to move
Adoption comes from solving urgent problems - not from creating them.

antrod 1 day ago 2 replies      
There is no meaningful performance increase to go to a backwards incompatible version? Three letters: DOA. if not performance then at least we'd need some crazy new feature like good multi threading or perhaps running on a new relevant platform (say ios or android). Otherwise we will be 2.X forever.
mangeletti 1 day ago 1 reply      
Ironically, I just started my first ever (Django) web app that is built for Python 3 only. I learned Python right after the release of Python 3, and so i learned everything with Python 3 in mind. For instance, I don't think I've ever used print as a statement. I even used string.format for heaven's sake, until I learned that there was little chance of the interpolation syntax going away.

Annnnyway... I am JUST not writing my first Python 3 application, and I have just installed (on OS X) Python 3 for the first time since 2009 (only as an experiment at that point).

Create a virtualenv and tell it to use Python 3 via `-p /path/to/python3`, update your .gitignore to include __pycache__ directories, don't write any code that uses features or syntax that was removed in Python 3 (since they added u'' support to Python 3, most devs I know are already doing this part), and you're literally off to the races. My app's requirements.txt has django==1.6.1, pytz==2013.8, South==0.8.4, django-debug-toolbar==1.0 (just released, btw), and ipython (obviously just for shell support). It works perfectly, and of course mock is included in Python 3, so you don't need that anymore. There was one caveat though :( Fabric doesn't work, because Parimiko is too deep a web to quickly update to run on Python 3.


I think Alex wrote this article too late. I think with Django finally having a release that fully supports (not experimentally like version 1.5) Python 3, a lot of libs supporting Python 3, and a lot of updates to Python 3 in the past year or so, we'll probably see quite a few new apps being built for Python 3 in the next year.

cjdrake 1 day ago 0 replies      
I develop Python code that helps automate the design of Intel CPUs (& graphics), and we recently (last week) upgraded to Python 3.3.3. Thankfully, I am less pessimistic than Alex on the subject.
dorfsmay 1 day ago 3 replies      
What is really needed is a 3to2.

I have been very impressed with 2to3, the amount of work it does is pretty impressive. But as somebody who tends and prefers to work in python 3 but often needs my scripts to run in python 2, I have no choice but write those in python 2. I can see the same dilemma for somebody who writes an open source library and hope for as much usage as possible.

ausjke 1 day ago 0 replies      
For web backend I feel the new PHP and its frameworks are good enough.JS/HTML5/CSS are doing well for web frontend at least, and they evolve fast.Java did well on Android and enterprise software stack.There are also Object-C, .NET for their market segments...Nothing can replace C/C++ for system programming at this point.Additionally, many 'minor' languages are here for different goals(Go, Erlang, etc).

Now the question, why do I need Python at all nowadays?I spent two years trying Python and ended up with PHP/C/C++/JS/Java for nearly all my needs.

laureny 1 day ago 0 replies      
To make matters worse, I'm seeing an increasing number of Python programmers switch to Go and I predict that Go will slowly replace Python 2 over the next few years.
hyp0 1 day ago 0 replies      
Reminds me of Perl 6, which was designed not to meet a user need, but to keep the Perl developers engaged. It has succeeded in this.
JSno 1 day ago 0 replies      
From the cases I saw(might be biased), a lot of new projects start to use Python3. These projects don't need to consider backward compatibilities. Majority of people will use python 3 in python world.Regarding Ruby, it is more elegant and consistent.And also seems Mats has clearer idea where Ruby will go. so in a long run. Ruby will catch up python in my own opinion.
dschiptsov 1 day ago 0 replies      
The problem is that Linux distros are still use 2.7.x as default interpreter. As soon as they complete migration to 3.3.x everything will improve, and maintainers of the packages would be pressed to cope with reality.

At least mod_python already aware of existence of python 3.3.x ,)

kngl 1 day ago 0 replies      
Making python 2 a little bit more compatible with python 3 is not the way to go.

What about make python 3 fully retro-compatible with python 2.7 with the help of magic imports

    from __past__ import byte_strings    from __past__ import except_tuple
first this will output warnings, then it will raise RuntimeError.

mburst 1 day ago 2 replies      
As sad as it may sound, the most annoying thing about Python 3 for me is this:

print "Hi"



Other than that, as Alex said there isn't much difference between the two.

JacobIrwin 1 day ago 0 replies      
I think you are speaking to a large audience with this post. All python devs are continuously aware of the ongoing avoidance of using newer version. It's a problem that should be addressed even more directly with us all... what are the key transitional obstacles to overcome when upgrading from, say, 2.7 to 3.x? etc.

Thanks for shining some light on the issue.

jemeshsu 1 day ago 0 replies      
All major libraries/frameworks please drop support for Python 2 by end 2014.
buster 1 day ago 0 replies      
Ok, so one thing:

Python3 is just now becoming the default for many Linux distributions. Once that adoption took place the adoption of Python3 will increase very much. It's as simple as this.Once this milestone is hit, the remaning incompatbible libraries will see fixes for python3.

wyuenho 1 day ago 2 replies      
PHP 4 and PHP 5 weren't compatible either. How come migration was so much more successful over there than Python 2 to Python 3?
SimHacker 1 day ago 0 replies      
This depressing problem requires a crazy solution. Rewrite Python 3 in JavaScript so it runs on V8, and can interoperate with JS code. ;)
paskakapu 1 day ago 1 reply      
python3 destroyed it's ability work as simple calculator. Try this on python3:

>>> answer = 1 + 1>>> print answer

twsted 1 day ago 0 replies      
A pypy-backed Python 4 (with all the features of 3.4) and everyone will jump.
revskill 1 day ago 4 replies      
I wonder why Django doesn't have the same strength (both technically and community) as Rails ? I think the philosophy "Everything is an object" makes sense actually, and in combination with functional programming built-in really makes Ruby is perfect choice for non-professional programmer (even woman) to love coding.
Were About to Lose Net Neutrality wired.com
525 points by joseflavio  2 days ago   260 comments top 35
pvnick 2 days ago 25 replies      
I consider everybody here very smart. In many cases smarter than myself. Therefore, could somebody please explain why we would give the government, which has shown itself to be terribly incompetent with technology issues, the ability to enforce net neutrality? Seriously, I can't get over the dissonance here. If it's such a shitty idea, let consumers decide. Google Fiber et al will just eat the major telecoms' lunch sooner or later anyway. It may just take a little longer, but we'll avoid the possibility of letting the government crush Internet innovation forever.
declan 2 days ago 4 replies      
Marvin, the author of the Wired.com opinion piece, is a smart fellow. But what he ignores is that Congress never handed the FCC the authority to impose Net neutrality regulations on the Internet. Such legislation actually came up for a vote in Congress, and it came close to passage: it was reported favorably out of a Senate committee but was defeated in a House floor vote in 2006: http://news.cnet.com/2100-1028_3-6081882.html

Even if you adore the principle of Net neutrality, it's reasonable to demand that federal regulatory agencies stick to what Congress authorized them to do. Otherwise you have illegal regulations and bureaucratic turf-grabbing that will not treat the Internet well. Remember Hollywood's successful efforts to lobby the FCC to impose "broadcast flags" on computers by bureaucratic fiat? A federal appeals court correctly struck it down as exceeding the agency's legal authority, as I wrote here in 2005: http://news.cnet.com/2100-1030_3-5697719.html

That same appeals court is currently considering the FCC's Net neutrality regulations. BTW, it's also the same court that slapped down the FCC's first attempt to impose Net neutrality regulations without legal authority in 2010: http://news.cnet.com/8301-13578_3-20001825-38.html

If Net neutrality violations become an actual problem, there's no shortage of publicity-hungry politicians in Congress (hi, Ed Markey!) who will hold hearings and push legislation forward. Obama will happily sign it. Until then, other government debacles including NSA domestic surveillance and Obamacare should make us wary of federal agencies exceeding their legal authority -- especially after Congress considered and rejected a law that would have given it to them in the first place.

jarjoura 2 days ago 3 replies      
IMHO, this isn't about Netflix, YouTube, or even Amazon having to pay for higher tiered access to customers. They have the deep pockets and smart lawyers to construct contracts that work out for them in the end. So I see that as the same grumpy story as California and New York forcing Amazon to collect sales tax.

BUT, because this does force deals to be crafted behind closed doors, they will turn out looking a lot like the deals that HBO/Shotime have with Comcast and TWC. Plus, look at what's going on with Facebook already... phones in some countries have "facebook data" only plans. Sure, this is great for emerging markets to have access to family and friends for free, but at the loss of any other social network upstart that wants in on it.

I don't see indie content ever being cut off, but I do see them becoming "premium" subscription level services that require people to pay more to access them. Want to play COD or GOW online? You will need this level access to play with any reasonable speeds. It will happen slowly too, as people become accustom to the idea that opening a Wikipedia page will take 1000 ms then to 5000 ms to fully finish rendering. Someone at Comcast will nudge slowly testing whether people notice or care.

If we don't fight the good fight and force internet providers to remain dumb pipes, we are asking to have the most expensive internet on the planet. As cable TV dies in favor of watching what you want, when you want, they will naturally move to charge you for things you want to do on the internet instead.

edit: autocorrect fail :-P

shawnee_ 2 days ago 0 replies      
If net neutrality was truly working, nobody would need to renew their contracts with Verizon or TMobile or anybody else. Contracts would be deprecated and all the telecoms would be forced to compete on something other than lock-in and "whatever the latest trendy device is" promotions. But that's hard to do when you're selling what essentially amounts to a homogeneous product like bandwidth. They don't wanna do that. They like guaranteed income and they especially like it when people go over their contract data allocations.

In 2013 there is absolutely _zero_ rationale for contracts to play a part in either the wireless or the pipeline infrastructure. Telecoms know this and are doing everything they can to drag out the death sentence, making it as painful and expensive as possible for everybody involved.

If we let the telecoms do with fiber what's been done with mobile networks not only is the web going to be less neutral, the bias will naturally lead to the dissemination of news and information as being more easily controlled and piped to the masses in sinister ways.

h1karu 2 days ago 0 replies      
Long ago the corporate oligarchy decided to let the Internet tech sector grow to the extent that it has in order to externalize the cost of deploying certain infrastructure and the cost of training the populous to become dependent on that infrastructure. Now that these tasks are complete what reason do they have to delay taking control of this particular DARPA project ?

You have to be willing to show them that reason in order to save your business. You all have to innovate a solution. How are you going to join together with the other businesses in your sector to PIVOT TOGETHER in order to jolt ordinary people out of their careless stupor and educate them about how to force the hand of those corporations who could easily solve the problem ?

Do you really think a black page background and a banner is anything more than a sloppy haphazard attempt to save your industry ?

Aren't you risking shareholder value if your company is not engaging a significant percentage of it's resources towards engineering a plan to resist the takeover of the key infrastructure that your business needs in order to survive ?

How can you justify that kind of risk taking to your board ?

VC's what percentage of your fund's budget is set aside for the task of preserving the Internet that your portfolio will rely on ?

Ordinary people won't care if a page is black or not or if some banner is present or not, but if twitter, instagram, and pintrest for example all go offline at the same time that would send a message. Or what about if all the major social startups started paying attention to HTTP referer headers and they started redirecting inbound visitors to educational splash screens based on their referred header? The splash screens would educate these people about how they should really change their default search engine or delete their Facebook account in order to help save the Internet.

I'm not saying we should pick on Google or Facebook specifically per say, but I do think that if enough "social pressure" was applied Google alone could fix the problem by helping the Internet route around the entities who are engaged in a Denial Of Service attack on key Internet infrastructure. All Google has to do is punish a few corporate websites like they did to rapgenius the other day. That's a good start at least. Does your startup "scene" have a plan to help force google's hand ? If not then why not ?

If all of the major web startups started doing this kind of thinking Google would have to take this stuff more seriously REAL FAST. Think about it! That's how you send a real "social signal".

Why is this industry not trying to defend itself ? Ask yourself this question.. Who controls your company ? Who gets to decide how important preserving a free Internet is to the long term viability of your business? Has your company already sold out ?

Founders, where do you stand ? How willing are you to be public about where you stand and how long are you going to wait ? How long can you afford to wait before you take action with others in order to save your business ? Why aren't you already more organized on this issue ? Why aren't you ready ? Why are you not taking this threat to your business more seriously ? Why do you apparently assume you are powerless ?

Patrick_Devine 2 days ago 1 reply      
This might not be very popular, but I'm going to say I'm in favour of the law being struck down. I'm totally on board with ISPs not throttling / extorting money out of web 2.0 companies, however, I'm not sure that trying to enforce a swiss-cheese law is the right way to do it.

That and I'm kind of biased, because I founded a company which is trying to level the playing field and make net neutrality de facto for internet services instead of de jure. Information is like water. Put a barrier in front of it and it will always try to find a way to flow through it.

allochthon 2 days ago 1 reply      
I hate to say it, because I don't consider myself a radical, but the US congress is in the pockets of big business, US law relating to technology is broken, and US intelligence agencies have taken liberties beyond their mandate. The consequences seem fairly straightforward. The Internet will route around the damage to the system. The outcome is predictable and the dysfunction that is leading up to it is regrettable. I don't know what this bodes for US customers. Hopefully a coalition of forward-thinking companies will provide a genuine alternative to the US telcos.
ryguytilidie 2 days ago 0 replies      
It really seems a lot like CISPA and the Patriot Act. A popular outcry from the citizens of this country can stop it once, twice, three times, but how long can they hold out? Can we spread outrage about CISPA when its being voted on for the 500th time in lieu of any bill that might actually help this country? The fact that the citizens of this country are constantly having to fight their congressmen to actually do what they desire is the most clear example that our country is completely broken.
excellence24 2 days ago 0 replies      
The best way we can get the attention of the companies is by causing them to lose profits. This is best done by an organized boycott of their goods and services. It will get their attention very quickly. But currently we don't have a central website to browse and search boycotts and other forms of protest.

In addition to protesting, we should also consider building a free open source network thats protected and run by the community. (It could be run by the government, but until the government is 'for and by the people', we'll crowdsource the maintainance and seek to rapidly automate the work that nobody would volunteer for) We can give ourselves the best, but lets start with free gigabit internet wired and wireless for all of America! What would this 'cost' in terms of money? millions or billions? But the resources are here; just being hoarded until money is traded. Would AT&T build a free network for us? Not if it meant losing money to Verizon. But what if it wasnt about money? The value in having a fully connected country is priceless.

Thankfully we have the government to protect us against trusts and monopoly's. But what if the trust or monopoly was a community one? If AT&T, Verizon, Sprint, and T-Mobile colluded to give free gigabit internet to America, they could combine their separately walled gardens and use those resources to further the human race. But this would have to be a guaranttee so that once everyone put all their time and resources into this, some CEO cant just flip a switch and start charging. Once free, always free. So if they did this it would probably mean giving up their pride and names. I mean, would this free network be called Verizon? Why do they get their name on it? So we could crowdsource a new name for our free network so no one can boast. US Telecom, US Net, Free Net, the name can be anything, something we would all be proud to get behind. the most important part is the 'us' and 'US'. All of us in the US have the resources to take care of all of US(just focusing on America now, but eventually we could help the world). These telecom companies will either become part of the solution or they will precipitate out.

Again though, this would be a huge project and there's currently no website we can go to in order to find and take part in these country and perhaps global initiatives. Imagine a mix of Kickstarter and Change.org. First a project or idea is petitioned to the community and if enough people like it and think it would be the best solution, then its opened up to a crowdsourcing page to collect funds and not just money but people can also donate the final resources that are ultimately needed, which is what the money would eventually be traded for anyways....more to come, working on this website...

alexeisadeski3 2 days ago 9 replies      
I find it amusing that those in favor of net neutrality consider themselves on the side of freedom.
pnut 2 days ago 3 replies      
The toothpaste is out of the tube already, people know what freedom online tastes like.

Bad news for old money - the Internet has an appetite for rentier blood. This will not be tolerated long term.

Osiris 2 days ago 0 replies      
Some countries, like Japan, have addressed this issue by separating infrastructure from service. One company owns the network, several other companies provided the internet access.

This creates a competitive market between service provides (competing on price, service quality, and customer service) while removing the high costs to enter that market.

Infrastructure, as opposed to service, becomes the regulated market.

gasull 1 day ago 0 replies      
Forget about Net Neutrality. What we need is Open Spectrum so everybody can share the waves and we stop needing the telcos altogether.


As long as we have an oligopoly of telcos, they will lobby their way to destroy Net Neutrality.

zmanian 2 days ago 0 replies      
Any thought on the effect increased programmability in telecom networks is going to be on Network Neutrality? It seems likely to me that regular IP routing is likely to become the "slow lane" on the Internet?
scoofy 2 days ago 0 replies      
I highly suggest "The Master Switch" by Tim Wu to this entire thread. There seems to be a bunch of people here who don't understand common carrier services and why they are important.
Lost_BiomedE 2 days ago 0 replies      
Still, this is all from the implications of messing with the 1996 telecommunications act, allowing duopoly, preventing cities from offering broadband, and crushing the small guys. Too bad so few spoke up then; the balance of power has been against us ever since.
kenster07 1 day ago 0 replies      
It would almost be comical if it weren't so sick: rent-seeking through a government-granted monopoly, under the premise that the providers would serve the public good.
fuckpig 2 days ago 0 replies      
After basically 20 years of commerce dictating the needs of the net, I'd think we've already lost it.

The internet model worked when subsidized by a military and academic community supported by a massive industry.

Now that it's trying to pay for itself, it's looking a lot more like television or those free newspapers that are more ads than articles.

onedev 2 days ago 0 replies      
We are getting hustled[1].

[1] https://www.youtube.com/watch?v=lRNGCja9mRo

ceph_ 2 days ago 0 replies      
The freedom of the telcos to act as highwaymen? Consumer protections are necessary for basic utilities. Especially either the numerous de facto monopolies that exist in the consumer telco market.
staticelf 2 days ago 1 reply      
The author seems to think the internet is all about America. We in Europe doesn't give a shit whatever your court decides.

The best case scenario is if the US was disconnected from the rest of the worlds connectivity. Almost all evils that has generated hate from the public has been american corporations.

alixaxel 2 days ago 0 replies      
I have a feeling that I've read this before, why is it making it's way back to the front page of HN?

Any new developments on this matter?

bennyg 2 days ago 2 replies      
What prevents a proxy-net from starting up and flubbing the recipients/senders of the data such that the ISP can't see what site/domain the traffic is coming from and can't enforce their 1s page-load "tax" on them?
shmerl 2 days ago 0 replies      
Net neutrality should be extended to the mobile networks, not dropped for the landline ones. ISPs should be regulated like essential dumb data pipes.
vardhanw 2 days ago 1 reply      
What about all the new technologies like DPI and data analytics coupled with things like SDN and NFV which will easily technically enable any operator to have a very high level of granularity (e.g. application, user, site, device etc.) in controlling access to the network in the name of providing better QOE/S to the customer? These technologies will easily enable operators to enable complex policies which will be difficult to track and can be modified in very flexible manner to adjust to the current workarounds around any NN laws.
grizzles 2 days ago 1 reply      
We are doing a net neutrality IndieGogo campaign http://uplink.aero/project.html http://igg.me/at/aero

But based on our conversion rate, I don't think there is a market for it. Feel free to email us if you have any constructive criticism. contact@uplink.aero

wmf 2 days ago 0 replies      
gtallen1187 2 days ago 0 replies      
While a well-intentioned article, i believe this author overlooks a few points that should be pointed out.

As a consumer, i would obviously be a proponent of my current ISP giving non-discriminatory access to all sites. However, aside from voicing my opinion in the form of purchasing the services of a specific ISP, i do not believe we should have the power to do much else in dictating how these companies should run their business through the passing of laws. The author points out that the loss of net neutrality would hurt small-scale ventures - yet ignores the fact that these ISPs he wishes to regulate were once the same small start-ups that he wants to protect. Was the success of these businesses the single factor that moves them from protected status to regulatory target?

The size of these dominant ISPs means that a great deal of the population relies on their services - but our "need" for these services does not give us the right to dictate how they should run their business. If enough of us feel that none of the dominant ISPs are adequate, then our need goes unserved, and sooner or later another ISP will arrive to serve these customers.

Again - i am strongly in favor of net neutrality. But if we resort to regulatory means to get what we want, it will lead to vastly negative consequences down the road. Why start a business if this is the reward for success?

dzhiurgis 2 days ago 1 reply      
How is this different from Google charging bit guys for blackhat SEO, while those who don't pay - are penalised?
itistoday2 2 days ago 2 replies      
This article is over a month old. I'm interested in the current status of NN. Could someone informed fill us in on the latest?
Aloha 2 days ago 0 replies      
The solution in the end is to turn internet access into common carrier services.
mars 2 days ago 1 reply      
this article is from april?!
joncp 2 days ago 1 reply      
What's to stop everyone from setting up VPNs en masse? The difficulty alone?
lowglow 2 days ago 0 replies      
It's time for a new net then.
elefantindaroom 2 days ago 0 replies      
Is anybody noticing a pattern here. Every god damn 4 months.. They wont give up.
On Hacking MicroSD Cards bunniestudios.com
377 points by fernly  2 days ago   68 comments top 20
josh2600 2 days ago 3 replies      
I'm not much into hero worship, but if you guys don't know Bunnie you should really take 5 minutes to understand who wrote this article. Bunnie is a hardware monster of the best kind and an EFF 2012 Pioneer award winner.

He's a hacker's hacker.

kabdib 2 days ago 2 replies      
It's amazing how much firmware has these back doors, where the engineers responsible have one or more of the following justifications:

- "I don't care, this is just my job. And I was told to do it by management." [what can I say? This sums up a lot of grunt coders I know]

- "What are the chances that anyone will find this?" [lack of appreciation for how smart and dedicated attackers can be]

- "So what if they do? It's not like it's useful" [lack of proper analysis]

- "How else are we going to run tests?" [poor design / fear]

- "Huh?" [absolutely oblivious about security]

I've worked on projects where we made the very conscious choice to leave doors like this open, but I doubt that most firmware shops are that intentional about it.

radicalbyte 2 days ago 4 replies      
So now my microSD card has as CPU 100x faster than my first computer (C64), and access to storage at least 10^5 times larger. Amazing.
SwellJoe 2 days ago 1 reply      
So, this has potentially interesting value for implementing secure storage (assuming one can replace the whole firmware with something trusted).

I assume it would be possible to, for instance, make every "delete" operation a secure delete operation...wherein data gets overwritten a specified number of times. Shortening the useful life of the device, sure, but if security matters, that's a small price to pay.

Going further, what about a handler that serves out one set of data about what's on the device to any random person that plugs it in (like empty or with a few harmless photos or something), and another set of info to someone that has a key? Sure, for a high capability attacker, they might even know about this kind of firmware magic and know how to circumvent it, but it would make it very unlikely that some random person picking up your device would find anything that you want to keep secret.

Obviously, if your data is encrypted on the host system before writing to the card, that's reasonably safe...but for people in really dangerous situations, where torturing someone to obtain their key is not out of the question, making it seem like there's no data to obtain a key for is the best of all possible solutions.

Udo 2 days ago 0 replies      
For me, the big take-away here is not that SD cards have firmware that can be reprogrammed, but that there's apparently an opening for a comparatively high performance, cheap Arduino competitor. Being decidedly on the software side of things, I have to admit I was surprised to see that a 100MHz core with loads of memory could be produced for just a few cents now. There are probably dozens of low-cost places where fabrication of such a SoC would be only a minimal departure from churning out flash cards. I'd say let's do exactly that!
Spittie 2 days ago 1 reply      
It's kinda scary how many microprocessor and different firmwares are needed/used in nowadays computer/hardware, and how each one of them add a new point of failure.

I was reading just today a similar article, but involving HDDs instead of Microsd cards (and even with a PoC): http://spritesmods.com/?art=hddhack

briandon 2 days ago 1 reply      

  Its as of yet unclear how many other manufacturers leave  their firmware updating sequences unsecured. Appotech is   a relatively minor player in the SD controller world;  theres a handful of companies that youve probably never  heard of that produce SD controllers, including Alcor   Micro, Skymedi, Phison, SMI, and of course Sandisk and   Samsung.
Which begs the question: so why target Appotech rather than Sandisk or Samsung?

ChuckMcM 2 days ago 0 replies      
Excellent article. I wrote a simple SDIO driver for the STM32F4 and have three different MicroSD cards to test it with (they all behave slightly differently) and its clear that such systems "working" is a small miracle in itself :-) All the vagaries of implementation.
nona 2 days ago 2 replies      
This and the article on Der Spiegel [1] mentioning how the NSA has a whole catalog of custom firmware for all major HDD makers tells me never to yield to the temptation of relying on built-in hardware-based full disk encryption.

[1]: http://www.spiegel.de/international/world/catalog-reveals-ns...

gwu78 2 days ago 1 reply      
From Bunnie's page on his "open laptop" project:

"I'm shy on the idea of just selling it to anyone who comes along wanting a laptop. I'm worried about buyers who don't understand that "open" also means a bit of DIY hacking to get things working, and that things are continuously under development. This could either lead to a lot of returns, or spending the next four years mired in basic customer support instead of doing development; neither option appeals to me. So, I'm thinking that the order inquiry form will be a python or javascript program that has to be correctly modified and submitted via github; or maybe I'll just sell the kit of components..."

I hope he chooses the latter option.

If Bunnie is a "hacker's hacker" as someone else suggested in this thread, then I am confused why he believes the proper hoop to make a fellow "hacker" jump through is making sure they know some JavaScript or Python and how to upload to Github.

I thought "hacker's hackers", especially hardware hackers, were not the type to follow the path of least resistance, namely, JavaScript, Python and Github. Whereas, assembly and C (and FORTH, APL, Lisp, etc.) are the languages of the "hacker's hacker".

But that's just me. Maybe I am the only one. If so, pay no mind.

baruch 2 days ago 1 reply      
I'm not quite sure what is so special here. It is a device, it has firmware, the firmware can be upgraded. The same is true for your HDD or SSD. Why is an SD Card any different?

If someone hands you an SSD in an external enclosure do you automatically suspect it too? A similar hack is known to work there, witness the number of SSDs that needed a firmware upgrade after their field release.

I do applaud the finding of how to do it and the proof that it really does work. It is a nice work in that regard and I have a few SD cards I'd be happy to hack their firmware for fun if nothing else (damn fake SDs, if they at least just advertised their real capacity they could at least be useful).

K2h 2 days ago 2 replies      
It is a little dated, but this doc shows 200mA required for the card on highspeed writes. I was curious how much power needed to run that little uC.


revelation 2 days ago 1 reply      
You can download the talk from here:


(This is a streamdump, so don't expect seeking to work, and it might cause issues for your player)

pedrocr 2 days ago 0 replies      
Just another reason why we need to start getting direct access to the underlying flash instead of relying on vendors to provide a bunch of unupdatable translation software. This is particularly the case with SSDs where the end result of all this is "just buy Intel SSDs if you value your data" with the corresponding price premium.
voltagex_ 2 days ago 0 replies      
http://www.youtube.com/watch?v=r3GDPwIuRKI is one of the recordings of the talk. CCC will have others in free formats, if you prefer
analog31 2 days ago 1 reply      
Et Tu, USB flash drives?
pasbesoin 2 days ago 2 replies      
I've only read part way through, but good grief, you owe it to yourself to read this. Also, in retrospect, it seems obvious. Nonetheless...

Not having finished the article, one of my initial thoughts: I guess my thoughts and intuition were right. It's not time to throw away those optical disks (and drives), yet.

tommis 2 days ago 1 reply      
So, could this mean that one could theoretically wire a MicroSD card directly into ethernet plug and with some voodoo harness PoE to create an ethernet plug with busybox on it?
chippy 2 days ago 0 replies      
This is an extremely well written blog post. It should set the standard. Bravo!
blinkingled 2 days ago 0 replies      
> You are not storing data, you are storing probabilistic approximation of your data


DigitalOcean leaks customer data between VMs github.com
370 points by sneak  2 days ago   200 comments top 32
AaronFriel 2 days ago 4 replies      
This is a huge problem and there seems to be a good deal of misinformation about this issue that has confused things. I'm going to debunk two things: first, that DigitalOcean is not violating user expectations (they are), and second, that doing this correctly is difficult (it isn't). The tl;dr is that if DigitalOcean is doing this, they are not using their hardware correctly.

First, it's not uncommon for virtual disk formats to be logically zeroed even when they are physically not. For example, when you create a sparse virtual disk and it appears to be XGB all zeroed and ready to use. Of course, it's not. And this doesn't just apply to virtual disks, such techniques are also used by operating systems when freeing pages of memory - when a page of memory is no longer being used, why zero it right away? Delaying activities until necessary is common and typically built in. Linux does this, Windows does it [http://stackoverflow.com/questions/18385556/does-windows-cle...], and even SSDs do it under the hood. For virtual hard disk technology, Hyper-V VHDs do it, VMWare VMDKs do it, sparse KVM disk image files do it. Zeroed data is the default, the expectation for most platforms. Protected, virtual memory based operating systems will never serve your process data from other processes even if they wait until the last possible moment. AWS will never serve you other customer's data, Azure won't, and none of the major hypervisors will default to it. The exception to this is when a whole disk or logical device is assigned to a VM, in which case it's usually used verbatim.

This brings me to the second issue. Because using a logical device may be what DigitalOcean is doing, it's been asked if it's hard for them to fix it. To answer that in a word: No. In a slightly longer word: BLKDISCARD. Or for Windows and Mac OS X users, TRIM. It takes seconds to execute TRIM commands on hundreds of gigabytes of data because, at a low level, the operating system is telling the SSD "everything between LBA X and LBA X+Y is garbage." Trimming even an SSD with a heavily fragmented filesystem takes only a matter of seconds because the commands to send to the firmware of the SSD are very simple, very low bandwidth. The SSD firmware then marks those pages as "free" and will typically defer zeroing them until use. Not only should DigitalOcean be doing this to protect customer data, but they should be doing it to ensure the longevity of their SSDs. Zeroing an SSD is a costly behavior that, if not detected by the firmware, will harm the longevity of the SSD by dirtying its internal pages and its page cache. Not to mention the performance impact for any other VMs that could be resident on the same hardware as the host has to send 10s of gigabytes of zeroes to the physical device.

Not only is DigitalOcean sacrificing the safety of user's data, but they're harming the longevity of their SSDs by failing to properly run TRIM commands to clean up after their users. It hurts their reputation to have blog posts like this go up, and it hurts their bottom line when they misuse their hardware.

Edit: As RWG points out, not all SSDs will read zeroes after a TRIM command, so other techniques may be necessary to ensure the safety of customer data.

xSwag 2 days ago 8 replies      
TL;DR: In the DigitalOcean web panel you can check the "scrub data" checkbox when destroying a VM. When using the API this option is not ticked. This can lead to other customers being able to retrieve your data.

The author thinks that this is a security issue because this option should be enabled by default. However, (I assume) it's not in Digital Oceans interest to do full disk scrub because it reduces the lifespan of their SSD.

If a user forgets to log out of Facebook on a public computer, is it Facebook's responsibility? Similarly, if a user does not correctly delete data on a budget host, is it the hosts fault?

sneak 2 days ago 2 replies      
Oh, hey guys, they've responded. It's no big deal, they just disabled the security because because _users were complaining_.

Turns out it "add[s] a very large time to delete events" when you actually delete things when a user makes an api call to DESTROY. Who knew?


nbpoole 2 days ago 1 reply      
Interesting: this sounds like a recurrence of the same issue which was described a number of months back:


At the time, the blog post claimed that the issue was resolved and that data was now being wiped by default. I wonder why that would have changed.

tachion 2 days ago 4 replies      
This reminds me my own story: few weeks ago I was trying out their service and on newly created droplet I've noticed a... shell history of downloading and executing a shell script:

    1  clear    2  ls    3  clear    4  wget https://kmlnsr.me/cleanimage.sh    5  rm cleanimage.sh    6  cd /tmp/    7  wget https://kmlnsr.me/cleanimage.sh    8  chmod +x cleanimage.sh    9  ./cleanimage.sh
This looked very disturbing, so I went and check what that script is, and it is available to read for everyone, and seems to be a part of their provisioning procedure for the vm's, written by some guy who works for DigitalOcean as 'Community Organizer' (however, at that point I thought the website might be created by an attacker and misleading).

Not only it looks bad and alarming to customers, but also poses a security threat, where an attacker could target his website and/or server and replace the script with something nasty inside. How long before they'd notice such fact? No idea, but I've opened a ticket about it right on, giving them some advice on why its bad (availability, scaling, performance, security and PR reasons) but also how to better handle it, and it seems nothing has been done about it so far.

That rings a bell in my head not to use Digital Ocean service as things they do are looking pretty amateur.

comice 2 days ago 1 reply      
Since day one, Amazon EC2 used a copy on write system with their LVM volumes to protect against this problem (without them having to do expensive zeroing operations).

This has been an identified and solved problem for YEARS. No excuse for a modern VPS/IaaS provider to be leaking customer data in this way, except incompetence.

jlawer 2 days ago 5 replies      
Talk about a link bait title. Its a bit hard to call it a leak,Its a configuration option that is well presented in the web UI. It is optional as it adds ~ 10 minutes of billing to the small 512mb VMs and as such it is optional if you do it.

If your using an overlay or API on top of a cloud or service, its the overlay's responsibility to ensure a consistency with your expectations. The API is consistent with the UI.

While other cloud providers accept the time that this takes as non-billable, DO don't. By getting higher utilization is how they are able to offer their prices and still have some modicum of service.

sillysaurus2 2 days ago 1 reply      
There is a simple solution to this: don't trust providers to do what they say they'll do with your data. You should scrub any drive that's ever contained sensitive info before you throw it away, and terminating a VM instance is precisely equivalent to handing the VM's harddrive to your provider.

It's pretty easy nowadays to scrub a drive. Writing zeroes would suffice.

Personally, I'd worry more about what data is being leaked when your VM is paged to disk on your provider's servers. Parts of each of your VMs will probably reside in the pagefile at some point, so therefore writing zeroes won't save you if the provider has bad disposal practices (like not scrubbing before disposal). So it seems impossible not to have to trust a cloud computing provider whatsoever; some basic trust seems to be a requirement.

But that minimum level of trust should be the extent to which you trust them. Not scrubbing your drive before handing it over is placing faith where faith doesn't belong.

PhantomGremlin 2 days ago 1 reply      
Anyone who's tempted to use "the cloud" for anything sensitive should first be forced to write out, at least 5000 times, in longhand:

"The cloud. Somebody else's computer".

I think cloud computing is great for the right applications, as long as people understand the risks.

But there will always be problems like this. Always. This is part of the hidden cost of "simple cloud hosting".

neom 2 days ago 12 replies      
There are a couple of things I wanted to say, and I can speak with some authority on the subject as I speak on behalf of DigitalOcean.

This was mentioned to me on twitter hours ago, prior to this post. The first thing I said is that most people these days understand the importance of a responsible disclosure, and that we take all security issues very seriously. Not following responsible disclosure with a company such as DigitalOcean is extremely irresponsible and I would be amiss to point that if anyone did ever find a software vulnerability filing it and waiting 24 hours for the appropriate response is preferred. - https://www.digitalocean.com/security

As far as I can tell here, there is no unexpected behavior that isn't documented or stressed. In both our API documentation, and our control panel, we note that you must either pass a flag or check the box to security delete the data. As far as I can tell, the flag is currently functionally correctly. so..

Is the complaint that customer data is being leaked from VMs? That the flag being passed via our API/Dash isn't actually working? Or, that our policy on not doing a secure delete by default isn't something you agree with?


peterwwillis 2 days ago 0 replies      
FWIW, this kind of problem is minor in comparison to the potential exploits that have and will continue to crop up in shared computing environments.






I was trying to find any cases of a public cloud provider's customer data being leaked or easily visible on the internal customer network, but didn't come up with anything. Somebody's got to do a study on the major cloud providers and see if the good old methods to subvert network routes still works, or if you can easily mitm vm neighbors. (My guess is you can...)

nwh 2 days ago 1 reply      
It's almost public knowledge as there's an option in the GUI called "scrub data", the absence of a tick there implies that it's not going to be erased before the VMs partition is reassigned. I had a chat to the support months back about "erase data" not being in the API at the time, and the solution I came to was just to ditch their API and go back to scraping their forms for the option.

That said, this would probably go down better for the company and the community if you tried a private disclosure rather than posting about it on Github.


threeseed 2 days ago 1 reply      
If the "securely scrub" parameter has ANY kind of performance impact which I suspect it does then isn't it a good thing that DO gave their users the choice ? There are plenty of use cases where I would trade privacy/security for performance.

Anyway disingenuous title to say the least.

cordite 2 days ago 2 replies      
Just a random idea from an ignorant individual..

What if DO actually encrypted the SSD space with a key that they only have, and a new key is created for each droplet?

Then any droplets that are created later in a deleted space will just see effectively random data, no?

kolev 2 days ago 1 reply      
This is bad for Digital Ocean as the checkbox is nothing but a legal excuse to let beginners shot themselves in the foot and for a new company, this isn't a situation you want to be into. Look at Amazon - how do they solve the same problem? Is it harder for them? Is there a checkbox? When you compete with Amazon you have to be that and better, not worse, and treat beginners better than experts!
0x0 2 days ago 1 reply      
It would be interesting to see a survey of the various cloud VM services; if any of them will return non-zero (data) blocks for uninitialized storage.

Sounds like a major risk if SSH, SSL, passwords etc can leak this easily.

bachback 1 day ago 0 replies      
New responsehttps://digitalocean.com/blog_posts/transparency-regarding-d...

I like DO as a service, but this is kind of strange. Humans act always the same. When catastrophe hits they want to sit it out, underestimating the impact

patrickg_zill 2 days ago 0 replies      
Is it the same issue, or a different one, from this one back in April of 2013?


bsaul 2 days ago 0 replies      
Please DO, do something brave and make the default behavior sane ( there is absolutely no way i would except another customer to get my data with a one line shell script, ever). I LOVE your service, so dont screw it PLEASE !!
nphase 1 day ago 0 replies      
I have created a uservoice issue to scrub by default, please vote: http://digitalocean.uservoice.com/forums/136585-digitalocean...
k3oni 1 day ago 0 replies      
Onapp has the same issue by default, it's not set by default to zero fill the old disks are being destroyed.This need to specifically be enabled in the config file by the administrators.

In case you are running a VM on top of their platform you may want to check to make sure this is enabled.

mendelk 1 day ago 0 replies      
DO released a blog post on the issue[0]

[0] https://www.digitalocean.com/blog_posts/transparency-regardi...

bachback 2 days ago 0 replies      
for those wondering, how that compares to AWS. AWS sec policieshttp://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper...
mark_lee 2 days ago 0 replies      
I just moved one of my apps from linode to DO several days ago, some explanations here just blowed my head off.
yeukhon 2 days ago 4 replies      
Hmm have you done this with private disclosure? If not, please do that next time. It is unethical to disclose security-related issue of some PaaS publicly without first going through the responsible party first. Even if a security issue you want to report is actually something only the owner can see... I don't know what this do because I don't really use DO, but just judging the way it is reported, it looks like you haven't...
kylek 2 days ago 1 reply      
have you gone to DO directly with this first?
norlowski 2 days ago 1 reply      
Linkbait. Title should be "Digital Ocean API is not told to scrub (securely delete) VM on destroy"
jnankin 1 day ago 0 replies      
what i dont understand is, why would any one want to START with a VM that has some one elses data on it? Forget people wanting their data scrubbed on delete.
dpacmittal 2 days ago 1 reply      
This makes me wonder if AWS secure on this front?
harkness0310 2 days ago 0 replies      
lol of course.
bliss_kiss 2 days ago 0 replies      
these problems cannot be avoided
godyo 2 days ago 0 replies      
leaks leaks leaks. no good!
What Could Have Entered the Public Domain on January 1, 2014 duke.edu
332 points by Tsiolkovsky  1 day ago   152 comments top 18
donpdonp 22 hours ago 2 replies      
While not a solution per se, an alternative exists. If the license for current works are unacceptable, start celebrating other works! Notably, works with a Creative Commons license.

Some Creative Commons cartoonshttp://www.seosmarty.com/15-cartoonists-that-allow-using-the...

Creative Commons Music at Jamendo (see the FAQ http://www.jamendo.com/en/faq)

edit: 'per-say' to 'per se' (thx ansimionescu)

kevando 1 day ago 6 replies      
For those curious, this is mostly a result of Disney.


sentenza 23 hours ago 1 reply      
In the EU, we have lifetime plus 70 years. So the first released movie of the Marx Brothers, "Coacoanuts" (1929) will enter the public domain in 2048, since Groucho lived to be 87.

System is broken. Please reboot.

possibilistic 17 hours ago 1 reply      
The fairest idea I've come across concerning protecting copyrighted works from falling into the public domain is actually pretty simple: tax exclusivity after the initial 30 years has elapsed. If this tax is non-negligible, companies will be obliged to keep only their best IPs protected and will let everything else fall into the public domain.

The government taxes every other kind of property, so why not IP? Additionally, keeping created works out of the public domain is essentially a tax on the public; this intellectual levy placed on everyone should be balanced by a reinvestment in favor of public interests.

If Disney wants to keep Mickey Mouse out of the public domain, they should pay a yearly fee to prevent it from becoming public property. They'd more than make up for it with the revenue they garner.

I think that this would also encourage less wasteful use of copyrighted properties.

sheff 1 day ago 0 replies      
On a happier note, here is a list of authors whose works will be entering the public domain tomorrow in various parts of the world.


huskyr 20 hours ago 0 replies      
Another interesting tidbit about US copyright is the Uruguay Round Agreements Act:


One of the effects of this act is restoring copyright in the U.S. to foreign works of authors that weren't dead for 70 years on january 1st 1996 in their home country. Instead, works only enter the PD 95 years after publication.

So for example, the last paintings by Theo van Doesburg, a Dutch artist who entered the public domain in the Netherlands in 2002, will only be out of copyright in the U.S. in 2026. And that's why you won't see those works on a site such as Wikipedia, that is under U.S. law.

pessimizer 1 day ago 3 replies      
If this stuff did start to enter the public domain after 28+28 years, the modern entertainment industry would be screwed because they would have to compete with it. Rationally, they'd rather it burned than free.
kriro 21 hours ago 2 replies      
The irony that Atlas Shrugged is on the list and massively protected by government IP law is deliciously sad.

More interesting is that Tesla is part of the class of 2014 for 70 year countries :)50 year countries get some nice additions (some real heavyweights): Robert Frost, Sylvia Plath, William Carlos Williams, Louis MacNeice, Jean Cocteau, C. S. Lewis, Aldous Huxley

will_brown 23 hours ago 5 replies      
I do not see a problem with indefinite copyright protections.

One of the assumptions is that everything being equal the same works would exist if it were not for copyright protections. However, I would argue without the extended copyright protections, most of these [future] classic works would not exist, simply because publishers/studios would not invest in the creation/distribution of the works initially. In other words, copyright protections encourages the creation of works.

The OP takes an opposing stance, suggesting if copyright protections existed historically it would have stifled the creation of many classic works. This may be the case in certain instances, but to make that argument one must have an in depth understand of what constitutes copyright infringement in a legal sense - including all defenses to infringement (i.e. derivative work, fair use, educational/news worthy use, ect...)- and make the argument on a case by case basis. Very few people have any idea of what constitutes copyright infringement - and even among legal scholars, practitioners and judges there is disagreement.

All I know is if you have ever created anything and had it stolen you understand the need for legal protection. Plus it would suck to live in a world where I am financially rewarding thieves because I can not distinguish if a work was original or a knockoff. Finally, legal protection is just that protection, there is nothing stopping copyright owners from giving away their works for free, in other words voluntarily releasing their work(s) to the public domain.

seandougall 22 hours ago 0 replies      
My wife's response: "Although, really, Ayn Rand fan fiction does not sound like that much fun."
mrcactu5 22 hours ago 0 replies      
Works from 1916 and before are public domain? Not a bad start.

It is a really great to read the beautiful color version of the *First Six Books of the Elements of Euclid" online for free. https://archive.org/details/firstsixbooksofe00byrn

Meanwhile it is selling on Amazon for up to $100 http://www.amazon.com/Oliver-Byrne-Six-Books-Euclid/dp/38365...

BlackDeath3 23 hours ago 1 reply      
There's something really ironic about Atlas Shrugged being on that list.
VikingCoder 21 hours ago 0 replies      
Oh crap, Atlas Shrugged. That would have been awesome. I could have taken Ayn Rand's words, modified them how I wanted to, published it, and donated all of the proceeds to the Socialist Party USA.
aestra 22 hours ago 1 reply      
Don't forget to check out Project Gutenberg for a collection of works already in public domain.


stanmancan 23 hours ago 4 replies      
I know nothing on the subject, but would it be possibly for Disney (or any other creator for that matter) to start a Mickey Mouse company, with Mickey as the logo and mascot, that sells Mickey Mouse paraphernalia and protect the characters as a trademark?
simbolit 1 day ago 3 replies      
i would love to hear from our libertarian friends on what they think about copyright and the public domain.
kbenson 22 hours ago 0 replies      
What saddens me most is that the Bugs Bunny cartoon is held back. The Barber of Seville cartoon is wonderful as well.
javajosh 21 hours ago 1 reply      
Am I the only one that thinks that we should almost certainly treat scientific research entirely differently than entertainment? Frankly, when I think about it objectively, I could care less if a novel is under copyright for a very long time - it's not like there's a lack of entertainment options for people, and that they will suffer because they have to pay something to read a book or see a movie. But scientific research seems like an entirely different animal: if we as a society are so into technological progress, why wouldn't we act to make all scientific research as widely available as possible? It would seem that in the Internet age the best and easiest way to achieve that as a matter of policy is simply modifying copyright rules - and if Aaron Swartz is any indication, there will be many people more than happy to store and disseminate the information as a public service. (Although I personally believe that it would be entirely reasonable for the USG to spend a modest sum hosting the data, sort of like a federal online library. Perhaps this could even be started by generous endowment from an Internet titan, just as The Smithsonian was started by such an endowment.)
Lessons learned from my failed startup after 2 years, 300 users and 0 revenue sergioschuler.com
334 points by sergioschuler  1 day ago   148 comments top 39
patio11 1 day ago 5 replies      
This is a fantastic writeup (and like nearly all worthwhile writing on the subject, I don't necessarily agree with all of it).

Two elaborations:

1) General advice to non-technical founders, not specific to this post: If sales is one of your primary skill sets, and you cannot sell one developer on working for you, you may want to have a brief heart-to-heart with yourself on whether you are sufficiently skilled at selling to build a company which will live or die based on your sales ability.

2) His advice about starting with 1 anchor client for a SaaS, expanding to 10 via expenditure of shoe leather, and then starting to worry about scalable approaches to customer acquisition is very, very good. (I don't know if I definitely would endorse the "An Indian company expressed desire to buy something from me other than the thing I was building, so I should have built that instead." That would turn on a lot of things, including how serious that company was about actually buying the thing. There is a world of difference between "I would buy a Widget from you" and "I commit to accepting delivery of a Widget from you, where a Widget broadly does X, my timeframe is Y, and your payment will be $Z." I'd be looking for a letter of intent or a check as a filter for seriousness following that Skype call before making a bet-the-business decision on it, personally, but I obviously don't know the specifics of what was said.)

Killah911 1 day ago 0 replies      
I don't understand people's (not necessarily the OPs)utter obsession with philosophies. Especially in the startup world when being adaptive and surviving is key.

Lean Startup, great book, decent ideas, not the religion that it's become. I'm sick of hearing, hey do this the lean way and it'll "significantly improve" how well you do, after all it's the blueprint for success. Personally, I don't buy into that. Here's my view of success in reality: do whatever works (that's legal & up to your moral standards), be opportunistic and get lucky (yes, hard work and measuring metrics alone don't do crap).

MVP and idea validation are great concepts & helpful common language. In hindsight all "successful" startups seem to have a "pattern", but in all seriousness, there isn't a friggin algorithm for success in startups, otherwise algorithms would've replaced entrepreneurs a long time ago. (Although selling success patterns & software based on such to wantreprenuers is a great idea)

I'm sorry the Sergio's experience happened. It's easy force cause and effect onto a narrative. It very well could have been that the developer Sregio met was at a point in his life where he really just wanted to build something great and did end up building the awesomest thing. Instead of trying to dissect the reasons his startup failed, had luck been a little more favorable, we might be trying to analyze how it became a huge success.

Bottom line, my heartfelt congratulations to Sergio on being successful at stepping up, despite the risks and having a crack at it. If you had never stepped up and we all gave in to our negative biases and overanalyzed the crap out of everything before we started we'd still be polishing stone wheels.

I know how shitty it feels. But remember, hindsight is 20-20 and cause and effect should really be cause+luck and effect. Hope you're a better entrepreneur and will be back in the game soon.

ry0ohki 1 day ago 1 reply      
"The developer had no intention of being the projects developer (?) he was not really a developer, he was a computer science graduate who owned a webdev shop and was used to managing, not coding."

Heard this story so many times. Amazing how many people join a startup and don't want to do the actual work. Remember that scene in The Social Network where Mark Zuckerberg calls his outsource team about progress on that latest feature? No? Me either.

at-fates-hands 1 day ago 1 reply      
"Since we were 3 business people, we spent all this time into idiot plans, budget forecasts, BUSINESS CARDS, fancy website all useless things which in the end did not contribute to anything."

I've been apart of a lot of startups and this is far and away the best advice. It was a common theme with two startups I worked for during the boom years. One CEO's hubris was stunning. 10 million privately funded and he blew most of it on season tickets and suits at stadiums to "entertain" big prospects (nevermind we didn't have any "big" prospects at the time!), remodeled the office to the tune of a few hundred thousand dollars, it goes on, but you get the idea.

When you're in a startup, it really is about getting your product shipped, and making sure that's where the focus is.

Great writeup and glad you saw the errors of your ways. Lots of people never gain the wisdom you have until after two or three failed attempts.

wrath 1 day ago 0 replies      
Good article but I would look at this "failure" from a glass half full perspective. You "won" because you've learned valuable lessons you can take to your next idea. I've had many products that have not gained many users in their respective marketplaces but I learned from each and everyone of them. All these experiences has brought me where I am today (CTO of a 45+ employee company). No failures in my past as far as i'm concerned; just lots of self teaching (that you can't get in school).

>> ""An Indian company expressed desire to buy something from me other than the thing I was building, so I should have built that instead.""

I may be the minority but I agree with him but on one condition. If this Indian company wanted to pay a small monthly subscription fee for your product I would never have agreed developing "their" ideas. I would have taken their feedback and put in the big pile with all the other feedback I gathered up. But I would have pitched this Indian company a different story, I would have pitched them a professional services contract instead of a product. I did something similar in the past and it worked out very well because in a business money is king. With no money you can't do the things you need to do, like attend conferences to sell your idea, buying adwords, hiring solid developers, paying yourself a salary so you can devote your time to the idea.

In my case the customer was willing to pay ~$10k a month to get what he wanted. We built it for him while building our own product. Once we got big enough and could sustain ourselves without our original customer, I gave the customer away. The developer who maintained the project was interest in taking on the project himself. We came up with a 6 month transition plan, including lots of product/project management help, office space, etc. It was a win/win situation at the end.

Doing this is not for everyone though. There are many days I cursed this customers for taking up the majority of our resources. We had to be very good at differentiating between their requirements and the markets requirements. We weren't perfect at it but it worked out in the end.

al2o3cr 1 day ago 2 replies      
"Instead of surfing the wave and adapting my idea to what a real prospect client was telling me they wanted"

FFS don't do this. There are far too many startups beached on the shores of "well, this one SRS BZNS client wanted us to change what we were doing so we did. Where'd all the rest of our clients go?"

I'm not saying "don't pivot", but "just making what they wanted" (where N(they) = 1) turns you into a poorly-paid contract developer who's also paying to host the result, not an entrepreneur.

PythonicAlpha 1 day ago 1 reply      
I want to shine some light on one side problem, scratched here:

The problem today is (out of the perspective of a developer): To many companies rely on just "hire any (cheap) developer" to ramp up the product. I see it all the time: Quality is not asked for, many companies (specially in the web business) just want the cheapest developers. They search for a student (at best), because he is cheap and will just make a small time estimation and an even smaller fixed price offer for the project. The student will happily work overtime that is not covered by the initial estimation.

Than the companies go mad, when either the programmer is running away or the whole project runs into a blind alley (or both at the same time), because the "totally expensive" programmer had not enough experience e.g. with database development and the database structure just lets you shiver. Then the shouting and anger is big: "Damn programmers -- all are liars and lazy!"

What went wrong, stated Uncle Bob correctly in his Blog: http://blog.8thlight.com/uncle-bob/2013/11/19/HoardsOfNovice...

But the "cheap, cheap!" culture seams to be unstoppable. If you tell people in advance about "quality" and "professionalism", they don't listen or just laugh at you. It seams, all the people just have to find out the hard way -- but I guess, even than most of them will not learn at all.

guynamedloren 1 day ago 1 reply      
Really great writeup, thanks for sharing.

I'm left wondering, though, what you actually did over the two years? You imply that you were working on it full time. Two years full time is a lot of time. You can do pretty much anything in that time (including, as others have mentioned, learn to code).

> idiot plans, budget forecasts, BUSINESS CARDS, fancy website [and writing articles]

I find it hard to believe you can work on those things for two years, day in and day out.

thu 1 day ago 1 reply      
Do people find it really ok to have video and a website spelling "try it free" and then have only an email input form ? I know that testing if demand exists is important, but doesn't it have adverse effect on your reputation to somehow lie to your prospects ?
tim333 6 hours ago 1 reply      
Thanks for the write up - It's always better to learn from other people mistakes. I think however you and the most of the other posters miss the most basic problem because they mostly seem not to have tried the site and that is that, to me at any rate, it seems the product is not very good. It seems to be basically a 40 question form with questions like "People in the team know the weaknesses and strengths of other team members." that you mark from 1-10 and is not customizable. Personally I hate that stuff - you spend ages filling the thing out and then when you find the average response is say 7 what do you do then? There's not obvious action. If you had a form with a question saying say "what do you thinks the biggest problem with your team?" and people were able to say anonymously that say "there were four founders without the right experience and only one dev really working" then that would at least be useful. I think before worrying about the market etc you should have tested your system on real teams to see if it actually helped them much. This could have been done with zero or little tech - say either a paper questionnaire or just write your questions in an email and have people email their answers back to you. The fact that 200 people tried the product and none bought does imply a product problem but it if you define your product as trying something to fix team management problems then I think the issue is not that there is no demand for that but that your product does not work in that regard. If it was me and I could code a bit, rather than scrap the thing I think I might try changing it to see if it could be made to work at the team improving level. You could say cut it to say five 0-10 type questions and five "what's the biggest problem?" type questions and then try that with a couple of real teams and see if they found it helpful.
snorkel 1 day ago 0 replies      
... one of the prospects was an HR person from a huge Indian manufacturer. They wanted the system NOW and wanted to speak to me. [...] I just needed to build what they wanted.

I know startups that charged down the other path, being hyper responsive to their big customers, and they suffered for it because their biggest customer steered the product vision straight to crazy town. Such startups essentially become the contract development shop of a few big customers, living and dying by the whims of those big customers. Yes, you can pay the bills, but you're essentially working full-time for a few customers rather than building your own enterprise.

davemel37 9 hours ago 0 replies      
I think a more important lesson to learn here is to have the uncomfortable conversations ASAP. The sooner you communicate clearly, the fewer opportunities there are for misunderstandings.

If I had to give founders one piece of advice it would be, "Just Ask"... Ask for the sale, ask what youll get in exchange for equity, ask, ask, ask...

karterk 1 day ago 0 replies      
I think for first time bootstrappers, investing some time in a quality blog on a particular field you would like to build products for is really really useful. Apart from having a good audience to launch your first product, it helps you interact with people before you have something to sell to them. You learn more about their problems, the existing market, competition and so on.
atmosx 21 hours ago 0 replies      
Firstly, the Indian corporation which contacted him, apparently was asking for something totally different. If they were asking about 3 or 4 features that could be added, I don't think that it would be a problem. But the author didn't do anything wrong there. They were looking for a developer probably not a product or not his product whatsoever.

If you accept his argument as true, that he should switch and follow the tide, then you might as well start looking for freelancer developer job.

< J/K>Awesome quote:

> The result of this was that in the end we had to hire a full-time (and paid) developer. So we had zero revenue, 4 co-founders and a paid employee (which was effectively the only one doing real work).

I laughed really hard reading this line. My girlfriend came from next room to make sure I was okay!!! That's awesome, like 4 guys watching a movie, say the 'Social Network', and deciding to do a startup!!!</ J/K>

Jokes apart, I think the author has got it all wrong. There are ten million reasons why a small startup failed. Most of the time is hard to tell exactly why.

But seriously, only people who have proved time and again their ability to deliver a product to the market and are famous for turning ideas into money, are able to struck deals before having a product. And we probably all know them (Jobs, Musk, etc). For the rest of us that's not how things work, I'm sorry to say that he is still getting it all wrong.

In the real world, you can't sell something that doesn't exist, these things happen only on Wall Street.

subbu 22 hours ago 2 replies      
__If there is just one thing you should learn, it is: Just speak to prospects and extract their pain, then sell the painkiller (before building the product). If they are willing to buy, do take their money and invest that money into building the product.__

This advice always seemed like a stretch to me. Does anybody pay for a product that's not ready yet?

Elizer0x0309 1 day ago 5 replies      
A business person trying to start a tech startup.... It's like a business person looking for musicians to start a band. This is beyond ridiculous. Either bring some skill to the table or go create a "business startup" and stop polluting the industry with yet another failed idea and even worse a "post mortem" of why it failed.

PS: This includes Marketing, Managers as well as the Business peanut gallery.

narrator 22 hours ago 0 replies      
I would like to thank everyone who posts these failure stories. We get too many effortless success stories here and often forget that failure is the norm and not the exception. It's a bit like how those books on software anti-patterns are so helpful. Sometimes it's more helpful to focus on what not to do.
advertising 17 hours ago 0 replies      
A mistake I made early on was trying to provide a product as cheap as possible. Constantly worried that no one would pay what we asked for.

Basically being afraid to ask for the value it was really worth.

I think there was a comma/period swap, but if I'm reading correctly it looked like the product was positioned at $30 / mo?

Assuming that's correct - it's really not a meaningful amount to any company that has enough employees and management to actually be a user of the product.

I think a $30 / mo with a free 30 day trial period (once product launches and they can actually try it ;) ) that requires a credit card for the trail could have worked.

Would still need a product to actually try, but that's not much different than saying get a free trial and just taking in email addresses.

If anyone remembers the Minimalytics / Small HQ folks - I thought they did a good job with their signups. The only thing for me was I disappointed by how minimal their product was in beta. It was so basic I didn't have any use for it, and running our own startup, didn't have time to wait. We ended up building it internally.

I probably would have converted to a paying user if it was more developed at beta. Not their fault though, they did a good job I thought(if you're reading Small HQ).

etfb 1 day ago 2 replies      
Lesson N+1: Hacker News can break your blog's webserver. That's one you only learn through experience.

[ETA: which is sad, because I want to read it!]

guilloche 22 hours ago 1 reply      
Questions for peer founders:

As a developer and solo founder, I just can not finish a serious project in one year. For example, it took me two years to get version 1 of torapp guilloche designer (www.torapp.info). We did not get consistent/significant customers and need a new product to survive.

To evaluate more ideas and to be familiar with respective areas took me another year easily (without deep knowledge in the area, how can you beat your competitors?).

So how can you guys roll out a product in 3 months? How can you quickly pivot? (pick up ideas and evaluate them quickly)

antidaily 1 day ago 2 replies      
You want to know how to validate your idea faster? Don't have a free plan. Will people give you their credit card... that's what you want to know. And those are the people you want feedback from.
sebastianconcpt 5 hours ago 0 replies      
Thanks for sharing your experience and insights Sergio.

It takes balls to do that shrinking ego experience in public.

I'm sure something good will come out of it.

DanielBMarkham 1 day ago 1 reply      
There are a lot of things I'm interested in but would not pay for online, but good failed startup stories like this is not one of them.

Seriously, if somebody could cull 2 or 3 of these a day and deliver in a weekly or monthly format? It'd be worth a subscription.

Thanks for the article!

thehme 1 day ago 0 replies      
This is a great article full of truth. My respects to the author because it takes courage to accept one's mistakes, but it's critical for getting up and moving forward in a better direction. How many ideas are sitting in my brain, but all I can think of is how to exactly am I supposed to validate that any of them are worth my life?! I mean, really, a startup will mean I will have no life. With my loved one in a startup already, I don't know if I could really start something without the support. Looking back, were any of the big companies that started as a small STARTUP founded by poor people? I think not. I haven't heard a single story of an actually poor person, who founded a startup and is now rich.
aaronbasssett 1 day ago 1 reply      
I wonder how much their conversion was impacted by internationalisation problems. It looks like they were attempting to target the US, but their pricing page wasn't localised for that market. Unless they really were charging one thousand nine hundred and ninety dollars per team. Price is shown as 19,90 instead of $19.90

Also due to what I perceived as a thousand separator, not a decimal mark, I initially read the price as nineteen thousand and nine hundred dollars!

kyberias 1 day ago 0 replies      
I just love the brutal honesty expressed compactly. Full of useful information for all startup-founders. I'm sure many are currently making the exact same mistakes.
red_anorak 1 day ago 1 reply      
>> "SEO and social media bullshit"

This stuff does seem like bullshit when you're working on it, but it's unfortunately crucial these days. It takes so long to build up the brand and visibility that I don't believe you have the option to just do it once you've got the product right. Unless you've got the investment, firepower or notoriety to get chins wagging then you've got a long road ahead of you. Good SEO actually sounds like one of the things you got right to me. But maybe you spent too long on it

usablebytes 22 hours ago 2 replies      
The last para - If there is just one thing you should learn, it is: Just speak to prospects and extract their pain, then sell the painkiller (before building the product). If they are willing to buy, do take their money and invest that money into building the product.

Is that really possible? Making someone pay for a product that doesn't yet exist? How can you do that?

devb0x 22 hours ago 0 replies      
Damn that's well written. Of course I can also show some business cards and some bull. But when push came to shove, my target market were not prepared to pay.

As always, I am always keen to connect with bright people and good ideas.

mzarate06 1 day ago 1 reply      
Such a great write up, thank you for sharing.

Question: what are you going to do with the product now?

pmcpinto 23 hours ago 1 reply      
Great write up, I think this point is crucial: Founder roles and expectations.

Even if the goal/role is to be the non tech founder, it's important to learn the basis of html, CSS and Javascript. It will give you another perspective when you think about how to implement an idea.

owenversteeg 19 hours ago 0 replies      
The website was down for me at first but after 27 refreshes I managed to get it. Here's a mirror: http://pastebin.com/avMpRwrU
readme 1 day ago 1 reply      
OP, your biggest mistake is not taking the time out to learn how to code yourself. You said it went on for 2 years, that was plenty of time.
Kiro 1 day ago 0 replies      
Four business guys? That's four too many. Just learn how to code and build your own stuff.
malditojavi 1 day ago 0 replies      
Great insights, thanks for sharing, Sergio.
nmbdesign 1 day ago 0 replies      
This is such a great article, thanks
luisivan 1 day ago 0 replies      
I made all of those mistakes, and also learnt the hard way. Great post.
testrun 1 day ago 0 replies      
Very nice article Sergio.
christopop 23 hours ago 0 replies      
Thanks for sharing this man!
I fought my ISP's bad behavior and won erichelgeson.github.io
323 points by helfire  18 hours ago   84 comments top 21
JoshTriplett 18 hours ago 2 replies      
Very nicely done: reporting this as abuse to the companies offering these affiliate programs seems quite appropriate, and it sounds like they reacted appropriately. One person complaining to an ISP is noise; one person making an abuse report is all it takes to get that ISP banned from the affiliate program.
afhof 14 hours ago 3 replies      
Cox does something similar but bypasses the the DNS records and just slipstreams in a response. I noticed Cox would redirect javascript requests to their own HTTP server and put in their own snippets, effectively doing mass javascript injection.

The snippet ended up being some sort of alert about upcoming maintenance, but using a malicious technique for a benign purpose is the path to the dark side. Use HTTPS!

(I use, it didn't help)

gpcz 16 hours ago 0 replies      
The cynical side of me says that the ISP is just going to redirect the author's traffic to the "pure" DNS server in the future (even when he or she directs traffic to the main one) unless they get in serious enough trouble with one of the companies this first time.

If anyone wants to do this in the future, I'd recommend just sending affiliate abuse emails with no notice to the ISP. Also, the future person may want to revise the [2] script to scan in a more surreptitious manner (change the order, add delays, simulate legit web traffic, etc).

zquestz 13 hours ago 1 reply      
Eric, I am very sorry to see this happen to you. Unfortunately more and more companies are using our data for marketing purposes.

All is not lost though.

There are several ways you can protect yourself from these practices. The first thing I would do is get a router capable of using dnscrypt-proxy (http://www.opendns.com/technol.... Then you can be confident that your DNS traffic is not being modified by your ISP. It does require that you have trust in a 3rd party DNS provider like OpenDNS, but at the end of the day you have to trust someone to provide DNS lookups.

The second option is to setup DNSSEC so that you can verify where your DNS responses are coming from. While people will still be able to intercept what sites you're looking up, at least you know you're getting valid responses which is better than your situation is currently.

Third is to use both. =)

Anyhow, really awesome to see people standing against these practices. It takes users complaining to make change. The sad truth of the matter.

lambda 17 hours ago 2 replies      

  This also shows a weakness in DNS. There is currently no   way to validate the DNS record youre being served is what   the person hosting the website intended.
That's what DNSSEC is for, but it hasn't become pervasive enough yet to be able to depend on it.

jauer 16 hours ago 3 replies      
As a ISP when we were considering using Aspira they claimed that no referral tokens would be replaced and that the only behavior was injecting a popup coupon window.

I decided not to proceed with it because it seemed like a support nightmare and tampering with non-malicious subscriber traffic crosses a line.

Their marketing affiliates (such as Cash4Trafik) are always reaching out to CEO types at small ISPs and the money they bring (particularly when you are small) can be hard to pass up.

dmourati 17 hours ago 2 replies      
Super shady stuff. I never rely on any ISP provided DNS servers. I'm glad you talked to the the etailers to let them know what was going on. These business practices do introduce latency, regardless of what he told you. Not to mention, they are highly unethical and dishonest.
sloop 17 hours ago 3 replies      
If your ISP and/or Aspira were making any significant amount of affiliate commissions, I would be surprised if the merchants do not take action against them for fraud.

This sounds like the same behaviour that Shawn Hogan got in trouble for with cookie stuffing http://en.wikipedia.org/wiki/Shawn_Hogan

gnu8 16 hours ago 1 reply      
Is there a way we can choke companies like Apira by making a concerted distributed effort to disrupt the referral programs they exploit (either by reporting them or by feeding them false referrals somehow)?
tdumitrescu 18 hours ago 1 reply      
"I will continue to monitor periodically their DNS entries and compare them with other public DNS servers."

This would make for a great watchdog site to provide visibility across different ISPs (and could also discourage other ISPs from pulling this crap).

rcfox 17 hours ago 1 reply      
One a slightly related note, in Chrome extensions, it's possible to redirect DNS requests on a per-URL basis. This is how Media Hint works to allow non-US Netflix users access the US version of the site.

I'm surprised we haven't seen similar behaviour from Chrome extensions. I'm sure it would be caught eventually, but this isn't exactly something that people tend to look for, so it would take a while for people to catch it.

samweinberg 4 hours ago 0 replies      
Anyone know if Time Warner Cable does this?
natch 14 hours ago 2 replies      
I'd like to try out this curl command. I'm not using macports, though. Like many people, I've switched to brew since some time. Is there a quick way to see if my curl install is compiled with 'ares' whatever that is?
GigabyteCoin 10 hours ago 0 replies      
Congratulations. What they were doing was absolutely evil in my opinion.
neil_s 16 hours ago 1 reply      
Interestingly, you might have benefitted more from keeping quiet about this. While the original retailers are losing money through this, you aren't really affected negatively by them doing it. In fact, with this additional revenue source, they might be able to support thinner margins on their broadband charges, saving you some money. You did the morally correct thing, but perhaps at a potential personal cost.
AlonsoGL 8 hours ago 1 reply      
Here it goes:Behind a ISP-wide cache.Any 'traceroute' passes by transtelco.net (ISP used to have their own infraestructure for voip services Megafon) now i have 5/6? DNS jumps! and all my traffic going to Transtelco.

  traceroute to news.ycombinator.com (, 30 hops max, 60 byte packets  1  customer-GDL-**-***.megared.net.mx                 << 177.230.**.*** Dynamic IP, GDL is the city of the company  2 (  8.939 ms  8.941 ms  8.935 ms  3 (  8.912 ms  8.903 ms  8.891 ms  4  pe-cob.megared.net.mx (189.199.117.***)  8.878 ms  8.866 ms  14.201 ms << COB is the user city  5 (  23.494 ms  23.483 ms  23.408 ms  6 (  22.842 ms  19.609 ms  19.596 ms  7 (  19.560 ms  19.555 ms  19.536 ms  8  201-174-24-233.transtelco.net (  19.527 ms  20.650 ms  19.468 ms  9  201-174-254-105.transtelco.net (  34.239 ms  31.793 ms  31.268 ms  10  fe3-5.br01.lax05.pccwbtn.net (  31.792 ms  31.736 ms  33.533 ms  11  any2ix.coresite.com (  32.834 ms  33.221 ms  33.429 ms  12  ae3-50g.cr1.lax1.us.nlayer.net (  41.288 ms  41.228 ms  41.231 ms  13  ae2-50g.ar1.lax1.us.nlayer.net (  42.632 ms ae1-50g.ar1.lax1.us.nlayer.net (  35.192 ms 33.860 ms  14  as13335.xe-11-0-6.ar1.lax1.us.nlayer.net (  35.143 ms  44.714 ms  44.666 ms  15 (  37.638 ms  37.239 ms  36.997 ms
I don't know how normal or ethic is this type of cache. No download limits, I have the 10mb and get 20mb(2000-2300kbps) downloads, for uploads is limited to 1mb.

ozh 17 hours ago 0 replies      
+1 to OP, and +2 to companies who responded positively (and -3 to ISP, obviously)
_RPM 18 hours ago 1 reply      
Gaming the system seems to be the secret to winning.
philip1209 17 hours ago 2 replies      
This is why you should encrypt your DNS.
squintychino 14 hours ago 0 replies      
VPN + HTTPS just for good measure
squintychino 14 hours ago 0 replies      
VPN + HTTPS for good measure
The NSA Reportedly Has Total Access To The Apple iPhone forbes.com
318 points by larubbio  1 day ago   199 comments top 27
JunkDNA 1 day ago 5 replies      
I know this headline generates traffic by being about the iPhone, but this is a minor point. The big message from Jacob's talk and the original articles in Der Spiegel is that the NSA can intercept anything. Period. Full stop. People have suspected such far reaching capabilities for some time. This talk and the articles demonstrate that it exists. I'm personally a little uncomfortable with this kind of disclosure. On one hand, the NSA exists for the express purpose of spying. That is their job. You can not like that the NSA is a spy organization and we can debate whether we should conduct spy operations as a society, but I'm not sure what exposing their methods in this level of detail does for advancing that debate. Did people expect them to be a spy organization that was incompetent? A group that makes crappy and obvious listening devices stamped with "Designed by the NSA in Maryland"? On the other hand, the cases of potential abuses and dragnet surveillance capturing everything indiscriminately are extremely worrying. I don't know how a free society can do all this spying in support of legitimate foreign policy goals and at the same time not grow into an out of control, unaccountable organization ripe for abuse.
RyanZAG 1 day ago 4 replies      
Aren't we missing a critical point here??

> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." [2007]

OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.

> "A remote installation capability will be pursued for a future release"

Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.

Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?

I'm sure NSA/Google does the same with Google Play Services.

forgottenpaswrd 1 day ago 3 replies      
"one question has been paramount for privacy advocates: How do we, as a society, balance the need for security against the rights to privacy and freedom? "

I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.

Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.

andr 1 day ago 0 replies      
I really see this working remotely, as long as you have control over a cell phone tower or you use a phony portable base station, both of which are within the NSA's reach.

The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.

An interesting presentation on the topic: http://www.youtube.com/watch?v=fQqv0v14KKY

rlx0x 1 day ago 1 reply      
Now the talk he gave was interesting, laying out some known and some new facts about the surveillance and automated attack capabilities of the NSA, particularity interesting is the targeting of infrastructure and their traffic injection systems. And he is right to make the point, that its particularly despicable that they actively sabotage infrastructure security, something everyone on this planet has to suffer from.

But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).

The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their targets but also against any infrastructure they are interested in.

They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.

So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?

wyager 1 day ago 6 replies      
This is from a very old version of iOS (2007). We don't know if this is still true.

Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.

Even if the NSA doesn't have these on hand, they can certainly purchase them.

roin 1 day ago 6 replies      
Not only is the slide from 2008, but it also says it requires "close access methods" and "remote installation will be pursued for a future release." In other words, they need physical access to your device. If we think that the NSA can't compromise a device after gaining physical access, well then I think we should be scared about the competence of the NSA.

I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.

allochthon 1 day ago 14 replies      
Honestly, I don't really care. The NSA can read whatever they want of mine. I've heard the arguments about how you should care, even if you don't have anything to hide. And I find them persuasive on one level and simultaneously unengaging on another. By contrast, the parallels to fascist Italy and Nazi Germany and living in a turnkey fascist state are most unpersuasive.

The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.

Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.

ChrisAntaki 1 day ago 0 replies      
"Is the iPhone taking secret pictures of FaceTime users?" (2011)


> One person said that her boyfriend saw a picture of himself at work displayed in FaceTime, even though he has never used the service in the office.

caycep 1 day ago 1 reply      
The slide is dated in 2007 - i.e. either iOS 1.0 or some pre-release beta. Who knows what it does now with iOS 7? Also, its unclear what's needed - does one of those other ridiculous govt alphabet soup programs act as a trojan, or does Tom Cruise has to dangle from my ceiling with laser beams to plug in some wingding to do this?
cdooh 1 day ago 1 reply      
At least we know why Obama still uses a blackberry
rdtsc 1 day ago 1 reply      
Ha, I wonder what this will do to acceptance of Apple products inside DoD's (well govt in general). Many agencies and military branches love them some new cool toys and have been pushing for their inclusion. Now revealing that Apple security can so seemingly easily be compromised, will they still allow or advise use of Apple products on government's own networks?
jokoon 1 day ago 2 replies      
One thing is true: whatever your phone is, the more complex, the more features, the more risks there are.

I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.

Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.

Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.

For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.

You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?

You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.

You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.

Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.

Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.

Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.

Create 23 hours ago 0 replies      
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.

This should not actually be a complicated inquiry.



snowwrestler 19 hours ago 0 replies      
Is there more to the evidence for this than the slide? Because the slide says that the product is "In development." Just because capabilities are described in present tense on a slide does not mean that they are in fact available.
neilkelty 1 day ago 1 reply      
Couldn't this be accomplished simply by creating apps that deal with contacts, photos, camera, etc. and then having users download and accept the permissions themselves.

For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.

wslh 1 day ago 1 reply      
I am waiting for a real GNU phone. The original free software spirit is not there yet.
skc 1 day ago 0 replies      
They cynic in me assumes that even tech savvy people would much rather rationalize away NSA access to their Apple products than give them up.

The easiest rebuttal is simply that every smartphone is equally at risk.

A last resort will be to simply say "meh, don't care"

That's how good/sticky Apple products are

samstave 1 day ago 4 replies      
So here is a complete anecdotal suspicion:

I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.

I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....

However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)

Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.

So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"

Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.

Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.

notastartup 1 day ago 0 replies      
I wonder if they are doing this with Android devices too.

Anyways, it's not of concern to me as I ditched my smartphone for an old school motorolla flip phone.

xacaxulu 1 day ago 1 reply      
My TracFone is safe :-)
aruggirello 1 day ago 0 replies      
All Your iPhones Are Belong To Us.Surrender to your iNSA overlords, while you're still alive.
marveller 1 day ago 5 replies      
Humm... I was going to buy the new iPhone, this changed my mind. Maybe I should just get a feature phone instead.
f_salmon 1 day ago 0 replies      
I have an iPhone.

And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.

Turns out, landline phones combined with email is more than one needs.

If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.

jaseemabid 1 day ago 0 replies      
Ok! Isn't this obvious?
Snapchat Phone Number Database Leaked snapchatdb.info
307 points by lightcontact  13 hours ago   148 comments top 52
antimatter15 11 hours ago 6 replies      
The top comment on Reddit r/netsec's corresponding coverage has mirrors on Mega.co.nz for the files [1]

I couldn't find my own data in the set, and actually it seems like lots of entire area codes are missing.

Assuming `cat schat.csv | uniq | cut -c1-4 | wc -l` is the proper command, there are only 76 of 322 [2] US area codes represented.

It appears there are two Canadian area codes represented in the database: 867 and 204. There are also 248 US area codes which are not represented in the database. Assuming a relatively uniform distribution of phone numbers in the US (which is not at all a safe assumption), the average US snapchat user has better odds of not being in the list than being in it. Sampling from the set of my snapchat friends who are not in my area code, 3 of 13 can be found in the database.

If your phone number is in any of these states, you're not in the database: AlaskaDelawareHawaiiKansasMarylandMississippiMissouriMontanaNebraskaNevadaNew HampshireNew MexicoNorth CarolinaNorth DakotaOklahomaOregonRhode IslandUtahVermontWest VirginiaWyoming

[1] http://www.reddit.com/r/netsec/comments/1u4xss/snapchat_phon...

[2] I'm matching a regex against this list http://en.wikipedia.org/wiki/List_of_North_American_Numberin...

cenhyperion 9 hours ago 0 replies      
Just like to remind everyone that snapchat was aware of this exploit and dismissive in regards to it.


rdl 11 hours ago 0 replies      
Possibly they shouldn't have pissed on the people who notified them of the vulnerability, and on the journalists who broke the story?

(aside from not being vulnerable to this in the first place, but that actually is a lot to ask. I still can't believe anyone relied on the Snapchat model of security more so than any other app, although from an ease of use, non-security perspective, sure, it's reasonable.)

aheilbut 5 hours ago 2 replies      
I guess I'm dating myself, but didn't we used to call that the phone book?
untog 12 hours ago 1 reply      
Not at all surprised. Anyone that used the app would be suspicious of the backend behind it. Should have taken that $3bn while you had the chance.
scaramanga 9 hours ago 0 replies      
CSV: magnet:?xt=urn:btih:bab9548c3770188c70d27ded9b22348f5b979713&dn=Snapch at+database+CSV&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80 &tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftrack er.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp% 3A%2F%2Fopen.demonii.com%3A1337

SQL: magnet:? xt=urn:btih:f7b1cec6280edb8169d63550ba2dfb224df7810d&dn=Snapch at+database+SQL&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80 &tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftrack er.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp% 3A%2F%2Fopen.demonii.com%3A1337

Both: magnet:? xt=urn:btih:fae9c0a8b2eee2f9cc31c713f21a4cda4083612b&dn=Snapch at+Database+CSV+%26amp%3B+SQL&tr=udp%3A%2F%2Ftracker.openbitto rrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp %3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.d e%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337

aabalkan 12 hours ago 1 reply      
It's taking too much time to download each file even they're 40 MB. I wish they put it on as torrent in the first place.

Regarding the leak, yeah, that actually happens when you focus on the product but security and reliability of your system. Snapchat, Whatsapp and many others are hacked numerous times and yet it still happens.

sschueller 5 hours ago 1 reply      
I still don't understand why you would turn down $3 billion. How will you ever make money with snapchat and how is it not a fad that will eventually die?
gibsonsecurity 11 hours ago 0 replies      
For the record we don't know about SnapchatDB.

But it was a matter of time until this happened, the exploit still works with minor modifications, you just have to be smart about it.

pedalpete 12 hours ago 2 replies      
What does snapchatdb hope to accomplish by allowing people to download the db. Just showing and proving that you've hacked the database should be enough to get the company to respond. They're probably not hurting snapchat as much as the potential damage to the people who's phone numbers and usernames are being dowloaded.
stefan_kendall 11 hours ago 1 reply      
This is only useful in wide-net fishing attacks, most of which I'm guessing no one here would fall for.

Anyone interested in you particularly will quickly get your phone number, email address, facebook profile, social security number, or whatever they want if they're determined enough.

Even then, I'm not sure what information this database really provides that could be used to gain some fraudulent or exploitive benefit.

schappim 7 hours ago 0 replies      
I wonder if this is real: "65039076XX","larrypage","Mountain View"
nadaviv 12 hours ago 2 replies      
For those who haven't noticed that, they are censoring the last two digits of the phone numbers:

> For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.

jlgaddis 7 hours ago 1 reply      
Download links were broken for me so I've mirrored them here (converted from zip to bzip2):

CSV: http://evilrouters.net/schat.csv.bz2

SQL: http://evilrouters.net/schat.sql.bz2

jlgaddis 7 hours ago 0 replies      
NB: "For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it."
cooper12 12 hours ago 0 replies      
>For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.

At least they had the tact to omit the complete phone numbers, but agreeing to release them under certain conditions just seems malicious.

frasierman 10 hours ago 2 replies      
Threw together a quick script to check if you're affected... http://robbiet.us/snapchat/
notastartup 7 hours ago 0 replies      
How long until somebody releases an updated snapchat database linking pinterest profile pictures? I mean if you chose a very unique username, and went to http://pinterest.com/username, you'd be able to discover what they possibly look like. It doesn't end there, their email address is probably username@gmail.com too. simply googling the username results in connecting their twitter? facebook? myspace? linkedin? full name, more pictures, your friends, your interests, your likes. All in all, I would have to say, this can be potentially a far bigger loss of privacy than just your Snapchat account.

Damn that 3 billion dollar looks good about now.

jrockway 12 hours ago 5 replies      
I have list of all US phone numbers:

    000-000-0000    000-000-0001    ...

couchdive 12 hours ago 0 replies      
The exploit was brought to snapchats attention. Snapchat said impossible! DB is posted as proof.
pikachu_is_cool 12 hours ago 3 replies      
Is there a torrent for this? I want to see if my phone number has been compromised to I can take measures to change it.
vikp 9 hours ago 1 reply      
I made a site to check if you are affected by this leak: http://www.snapcheck.org . Happy new year, everyone (although on a bad note...)
GigabyteCoin 11 hours ago 0 replies      
Is anyone out there thinking that perhaps a larger social network might have had some hand in this?

The first thing that came to mind was "oh boy, I'll bet this made Zuck's new years eve!"

jschmitz28 12 hours ago 0 replies      
> For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.

Why not just release the usernames and leave out the phone numbers?

elnate 9 hours ago 2 replies      
As a casual user, can someone explain the implications for me? They seem to have my username and phone number combo; can they use these for nefarious purposes?
billsix 10 hours ago 0 replies      
I wonder if this will adversely affect their revenue
cdcarter 10 hours ago 0 replies      
So the primary use for this database would be phishing, right? Or some attempt at building a reverse cell phone number lookup database, assuming people have reused usernames? My normal username was taken when I signed up for snapchat, but I suppose you could use this to get quite a few cell number -> instagram or twitter pairings?
ateevchopra 7 hours ago 1 reply      
They censored the last two digits of the phone numbers. And if you goto google's password recovery option, it shows you the last three numbers of a someone's phone number. Just saying.
JoshGlazebrook 12 hours ago 2 replies      
It might be that the file didn't actually download fully. Chrome said mine completed but only about 9MB of the 40MB actually had downloaded.
OedipusRex 9 hours ago 0 replies      
This is what a sample looks like


The XXs hide the last two digits of every number. The list is also massively incomplete.

meerita 2 hours ago 0 replies      
I feel good i didn't get into the Snapchat train before.
disclosure 8 hours ago 0 replies      
Check if your Snapchat account is leaked in the SnapchatDB release: https://dazzlepod.com/snapchat/
Ryel 8 hours ago 0 replies      
Is it not odd that Snapchat has 5+ open job listings on their website, none of which include security?
bierko 6 hours ago 0 replies      
For some reason, all of the 617 area codes are labeled as "Southern Michigan", but 617 is for Boston/Cambridge.
ebahnx 11 hours ago 0 replies      
Is this a hoax? Has anyone attempted to verify the data with at least some spot checks?
_RPM 10 hours ago 0 replies      
What is the point of the areacodes table they provide. It has no relation to the recors table. Also, I found my username in their.
bookface 12 hours ago 2 replies      
These comments are disgusting. Why are you all trying to download the data? Why are many of you trying to distribute it?
pccampbell 12 hours ago 0 replies      
This seems super reckless.
eli 11 hours ago 0 replies      
I assume it was created by iterating through every valid US number.
raingrove 9 hours ago 0 replies      
If you have a SF Bay Area phone number, it's probably in there.
hkiely 9 hours ago 0 replies      
It looks like they only bothered with most populated area codes.
smtddr 12 hours ago 2 replies      
>>The company was too reluctant at patching the exploit until they knew it was too late

Did they give Snapchat enough time to fix this before releasing this data?

NOTE: I've heavily edited this comment because when I first read the website I thought snapchat ignored the people who found an exploit but re-reading, it's no longer clear to me that releasing this data is not pure malice.

NOTE2: The link from couchdive's comment makes this more interesting - http://www.zdnet.com/researchers-publish-snapchat-code-allow... - but still, the webpage hosting the data said the exploit was fixed, so it wasn't ignored, so... I don't know what the purpose of releasing this data was.

taternuts 11 hours ago 0 replies      
is this a result of an actual hack, or just someone who used the snapchat username->phone number to get 4.6?
quantumpotato_ 7 hours ago 0 replies      
503 on download links
_RPM 10 hours ago 0 replies      
Did he just turn of his HTTP server? I get no response.
_RPM 10 hours ago 0 replies      
Did he just stop his HTTP server? I get no response.
mofity 11 hours ago 0 replies      
could someone please post a torrent of this spreading the information as much as possible it will become less important and more known
neom 10 hours ago 0 replies      
My number is present.
mofity 11 hours ago 0 replies      
has anyone fully download the list yet
belluchan 12 hours ago 1 reply      
Do not? Why would you help distribute the private information of others? Why?
akosner 8 hours ago 2 replies      
I have a theory. Last week there was a big story about how Facebook was dead and buried because teens didnt want to be on a service that their parents had moved into. Now, when it comes to security, the parents care a lot more than the kids. Could Snapchat be playing fast and loose with the security of their user data as a way of scaring away the grownups?

This would be a clever ploy but for one damning fact. A large share of Snapchats users are minor children. Could anyone, from the CEO of Snapchat to the perpetrators of SnapchatDB really think that risking the broadcasting of the phone numbers of 12-year-old girls and boys is a risk worth taking?

For more, see: http://www.forbes.com/sites/anthonykosner/2014/01/01/4-6-mil...

belluchan 12 hours ago 4 replies      
Looks like they are using WhoIsGuard to protect the domain whois information. The terms of WhoIsGuard[1] include not violating the privacy of others:

> defame, abuse, harass, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;

I've sent WhoIsGuard an email. Hopefully they'll revoke service. Shame on the people that published this private information. They aren't hurting just Snapchat. Revealing personal information like this can cause real problems for people.

[1] http://www.whoisguard.com/legal-tos.asp

Why does Google prepend while(1); to their JSON responses? stackoverflow.com
301 points by gs7  2 days ago   52 comments top 16
Stealth- 2 days ago 5 replies      
I think it's important to note that this is a bug that effects older browsers only. Modern IE, Chrome, and Firefox have security measures that do not allow scripts to capture values passed to constructors of a literal. That way, this hack is only needed for older browsers and will hopefully not be needed at all in the future. For more info: http://stackoverflow.com/a/16880162/372767

Also note that this attack, JSON Hijacking, is different than a CSRF (Cross Site Request Forgery) and has little to do with CSRF tokens.

tzury 2 days ago 0 replies      
There is a long discussion about this at


(from about a year ago)

frik 2 days ago 0 replies      
Chrome DevTools recognice while(1) and for(;;) in the network tab (JSON preview). Sadly, Firebug still doesn't know how to handle this and shows no JSON preview :(
andreyf 2 days ago 3 replies      
Does anyone know what browsers allow you to override the Array constructor? I was under the impression that modern browsers don't.
CCs 1 day ago 0 replies      
A good description: http://stackoverflow.com/questions/6339790/what-does-a-ajax-...

The idea: you need such workaround only if you return JSON Array.

Most of the API returns JSON Object in which case the attack does not work, it will result in syntax error.

matchu 2 days ago 0 replies      
It looks like modern Chrome doesn't trigger setters when constructing from literals, so that's encouraging. http://jsfiddle.net/KY4Sa/
robocat 2 days ago 1 reply      
Would introducing a syntax error into my JSON help prevent CSRF attacks? We don't use JSONP.
ciniglio 2 days ago 1 reply      
So does this solve the problem with using remote JS templates (advocated by DHH and 37s), what was outlined here [1]?

[1]: https://github.com/jcoglan/unsafe_sjr/blob/master/README.md

jbrackett 1 day ago 0 replies      
After seeing this I went to see if AngularJS had anything built in to mitigate JSON hijacking and they do. It will strip ")]}',\n" off of json responses if included from the server.


silon3 2 days ago 0 replies      
Is it correct to use the Content-Type application/json on this? IMO: not.

(I've just tested Firefox network view and it breaks the response display with syntax error -- there should be an option to select the format).

frozenport 2 days ago 2 replies      
What happens when you visit a malicious website and your computer gets stuck on `while(1)`? Syntax error would be better?
frik 2 days ago 0 replies      
Facebook uses "for(;;);" as it's one char shorter.
homakov 2 days ago 2 replies      
Google is wrong IMO: there is no need to have such workaround. In rails we had similar problem https://community.rapid7.com/community/metasploit/blog/2013/... and fixed it by adding request.xhr? check on server side.

while(1) is ugly solution to currently non-existing problem.

Kiro 2 days ago 2 replies      
Why doesn't this prevent CSRF?
dontdownload 2 days ago 0 replies      
It's the bot.
alixaxel 2 days ago 1 reply      
30C3 Recordings ccc.de
255 points by znq  2 days ago   38 comments top 6
hansjorg 2 days ago 0 replies      
Transcripts can be found here: http://subtitles.media.ccc.de/
madethemcry 1 day ago 1 reply      
I found a similiar posting on HN last year. I saved exactly 97 videos from 29C3. All of them with an interesting title. My brilliant plan: watch them over the year while traveling by train or plane. Maybe I read HN or slept but I watched not a single video. Now I have another ~100 great videos to watch. I really want to watch them all but I doubt it. I need a direct brain uplink.
3rd3 2 days ago 14 replies      
Which recordings do you recommend? (One per comment.)
weavie 2 days ago 5 replies      
Anyone care to summarize what this is about?

From what I gather these are 30C3 recordings from a CCC-TV website. The recordings have titles like FPGA 101 and Programming FPGAs with PSHDL.. There is no about page and the home page has further topics like, SIGINT13 video release, SIGINT12 video release and 28C3 webm release.

I'm confused..

Cyclenerd 2 days ago 2 replies      
10Gbit/s mirror (also offers ftp and rsync): http://ftp.halifax.rwth-aachen.de/ccc/30C3/
hydrogen18 1 day ago 2 replies      
Python script to download them all


A Short Story for Engineers txstate.edu
254 points by shawndumas  2 days ago   84 comments top 25
dkarl 1 day ago 7 replies      
I like the values that jokes like this reinforce (simplicity, creativity, and proactivity versus complexity, expense, and bureaucracy) but I wonder if they serve a positive purpose in engineering culture. Do we tell these jokes to keep ourselves on our toes, to make ourselves better? Are we really in danger of forgetting which is better, simplicity or complexity? When we create complex and over-engineered systems, is it because we forget that simplicity is better?

I don't think we do. I think we tell ourselves these jokes to contrast good engineering with bad engineering and to congratulate ourselves for being on the right side. A good joke would lead you down the garden path, encourage a bit of smugness and then rip the rug out from under you. This joke telegraphs the punch line from the start: it encourages smugness and then vindicates it. A healthy joke would make us uncomfortable about whether we would have been on the right side, whether we are doing a good job of living up to our values. This joke reassures us that the problem is other people's values, and by doing so, it promotes exactly the kind of complacency that it makes fun of.

HCIdivision17 1 day ago 4 replies      
My opinion has shifted over the last few years working in plants, and I've now settled on the idea that the fan solution probably needed the eight million dollar project. Without the project, the operator would not have been inconvenienced, nor would they have achieved their goals as soon.

Also remember that the project was worth it - it was returning on the investment. Ideally the simple solution would have been found first for a massive windfall of savings, but industry runs on constant, small, incremental changes over many years. And it takes a very special mindset to invent awesome hacks like the fan trick!

The operator should instead be applauded for making it so no other plant needs to buy such an expensive system!

Edit: also, never underestimate the utility of inconveniencing operators. They will find the most brilliant, clever, and cheap hacks to solve problems. Watching operators is the best diagnostic tool available. When you see a c-clamp or duct tape on the machine, you know exactly what needs workin' on next!

wikwocket 1 day ago 1 reply      
This is a cute story about over-engineering and thinking outside the box to find the simplest solution, but anyone with manufacturing experience can tell you that many factories have compressed air lines at each machine, and frequently use it to blow bad parts off off of a conveyor/feed rail.

American manufacturing factories are actually homes to tremendous ingenuity and practicality. To an outsider they may seem loud, dirty, and disorganized, but the engineers inside routinely deal with issues like "how can we catch bad parts before they roll off the line, using spare parts, scrap metal, and a $20 budget?" I have seen some amazing Rube Goldberg feeding systems that can outperform expensive laser/optical/diverter gate packages.

WalterBright 1 day ago 0 replies      
The engineers should be working alongside the factory line. That this often doesn't happen isn't always the fault of the engineers or management.

Back when I worked on the stab trim gearbox at Boeing, it came time to put it on the test rig and load it up. The test engineers gleefully told me they were going to bust my design. So joy for me, I got to go to the shop and get my hands dirty testing it!

By the time I got there, they had my baby all mounted in the custom test rig, with a giant hydraulic ram all set to torture it. There was some adjustment needed, and I lept forward to make it. The union shop steward physically blocked me, and said I was not allowed to touch anything. I was only allowed to give directions to the union machinist there, and he would turn a wrench at my direction.

Jeez, what a killjoy moment for me.

Anyhow, to make a long story short, when they loaded up the gearbox with the ram, the test rig bent and broke, and that lovely gearbox just sat there. Nyah, nyah, nyah to the test engineers and back to the office building for me.

mathattack 1 day ago 1 reply      
Great story, and widely applicable.

I worked on a very large process and technology improvement program for a Fortune 50 company. One critical piece of the project was a scheduling system for field technicians. After 100+ effort years (don't ask!) we got it developed and tested, and it achieved the 15 minutes per technician productivity improvement, justifying the massive expense. We then found that we could double the benefit by having them reboot their laptops weekly instead of nightly. (Though the technology architects screamed bloody murder)

SilasX 1 day ago 0 replies      
A cheesy, apocryphal story written like a forward from Grandma on a site that looks like it was stolen from 1996? How did it make the front page?
pmorici 1 day ago 0 replies      
This is like an engineering urban legend. I've seen it on here before but the circumstances were different. Last time this was posted it was a Japanese soap factory instead of a toothpaste factory.
juddlyon 1 day ago 2 replies      
Similar to the "Knowing where to put the X" story:http://www.engineering.com/DesignSoftware/DesignSoftwareArti...

Also, the NASA vs Russian space pen vs pencil.

spullara 1 day ago 0 replies      
This is one of the reasons the engineers at Tesla work on the factory floor. Take the tour if you can, it is great.
JackFr 1 day ago 0 replies      
In 1985 I worked in a factory on a line producing tubes of vitamin A&D ointment (similar packaging to toothpaste tubes.) The filling of the boxes with the tubes was actually done manually, I suppose because ointment is higher margin, lower volume.

We also produced foil packs (like fast food ketchup packets). That machine was the coolest mechanical device I've ever worked with.

southpawgirl 1 day ago 1 reply      
> and six months (and $8 million) later a fantastic solution was delivered

In real life the solution applied wouldn't be this one, nor the cheap fan, but some dude being paid peanuts to shake each box by hand.

codegeek 1 day ago 0 replies      
I have read this story before and it reminds of the phrase "Necessity is the mother of all inventions". What if that $8M project was never implemented ? The factory worker would then not need to manually go and remove the empty boxes. So one way to look at it is that the $8M project actually created a necessity to be more efficient and gave the guy an idea to not manually move the boxes by installing a fan which in turn solved the overall problem of empty boxes being shipped. May be he would have thought of all this without the $8M project but what are the odds ?
analog31 1 day ago 0 replies      
Everybody standing on the sidelines with no skin in the game is always proud to point out the engineer's mistakes after they have been made.

I comfort myself with Teddy Roosevelt's "man in the arena" speech.

seivan 1 day ago 0 replies      
I think most engineers are familiar with easy quick hack solutions that are cheap and fast. You want this to have an effect? Tell it to the product monkey overlords or the design "gurus"
ausjke 1 day ago 1 reply      
old story, it used to be a USA solution(high-tech, expensive) vs a Chinese factory solution(the fan added by a worker)
11thEarlOfMar 1 day ago 0 replies      
There are a couple of points that come to mind. First, management needs to be judicious about how problems get solved. Does it require committee? Or a lone actor? Which department should own it or should the CEO take it on personally? Second, there is no doubt that an organizational approach to problem solving is going to change as a company scales. The path the information took in this parable likely was from customer service to upper management to engineering. A CEO that will accept an $8M solution to such a problem is probably running a multi-billion dollar company. If this had been a $50 million company, no way he would have felt satisfied that it was money well spent.
johngalt 1 day ago 0 replies      
I think there's a similar story about Fedex being the highest throughput network provider.
coloncapitald 1 day ago 0 replies      
The story doesn't suggest that that the CEO or management staff should have thought of a fan before. It suggests that they should have probably looked into the problem better which may have involved visiting the production line and asking the workers how they would fix the issue inexpensively. Then probably one of them would have come up with this solution, or may be an even better one.

I see people bringing up points like "What if the fan dies?" or "what if the weight of the boxes increases due to extra packaging?". IMHO, these arguments are invalid because of the same reason. Fan is not the solution.

Aloha 1 day ago 1 reply      
You'd expect the fancy scales to reject the empty boxes, but instead it appears they just sounded a bell. The workers added the rejection feature once they had an incentive to do so (the ringing bell).
loomio 1 day ago 0 replies      
For me the lesson here isn't as much about engineering as incentives and inclusion. If you engage people who are actually on the front lines in solving the problems, great ideas will emerge. These are the people who understand the problems best, and can be most motivated to fix them.

But in order to do that you have to effectively align incentives for them to solve the problems. If companies treat employees as disposable automatons, and do not allow them to share in the success of the business or benefit from improving workflows, they have no motivation for doing so.

So many companies shoot themselves in the foot by bringing in "experts" when the real experts are right there on their payrolls, but no one is asking them their opinions or creating a situation where they would be inclined to give them anyway.

dsugarman 1 day ago 0 replies      
how it is usually done in the fulfillment industry is a scale that changes the track if it is off weight by more than a certain percent (think of how train tracks work). The problem here is tougher than just a toothpaste factory because you can have multiple items in one purchase order and you have to make sure all items are in the box. Stopping the entire line every time something is off with 1 package is never a good solution. With pushing the packages into a 'problem' pile, someone can figure out what is wrong with each one and get things moving again on their own schedule.
bowlfeeder 1 day ago 0 replies      
It's a nice story, but anyone familiar with mechanical feeding systems[1] could tell you air jets have been commonly used to reject parts for decades.

[1] http://en.wikipedia.org/wiki/Bowl_feeder

ttdan 1 day ago 0 replies      
Alternate take away: Visibility of key metrics/information (bell on expensive machine) is a strong motivator. Worthwhile when considering spending resources on things like creating informative dashboards and proper instrumentation to focus the a team on key metrics.
kimonos 1 day ago 0 replies      
Haha! Nice one! Thanks for sharing! Happy New Year to all!
lani 1 day ago 0 replies      
oooh !! 8 Mill !! I'd like that ..
I Transcribed Glenn Greenwald's 30C3 Keynote github.com
239 points by poppingtonic  2 days ago   52 comments top 16
coldcode 2 days ago 2 replies      
Reading this (and others) makes me conclude that we the people (or any country, but especially here in the US) are truly and royally fucked. For every brave person who stands up there are a hundred thousand who refuse to the see the sun rises in the east and continues to believe what they are being told, that it rises in the west.
aryastark 1 day ago 1 reply      
How the hell is James Clapper still in office?? Isn't what he did so obviously perjury?

The America of 2013 is absolute bullshit. I can't even fathom how corrupt this country is.

3ds 2 days ago 1 reply      
nice work, maybe you would like to contribute it to the subtitle team effort?


specifically here: http://subtitles.pads.ccc.de/5622

jnbiche 2 days ago 1 reply      
Thank you, tipped (he has a Bitcoin address in the README).

It's a sad era indeed when we have a whole network of American journalists living outside of U.S. borders for fear of imprisonment and other reprisals from their own government.

znowi 2 days ago 0 replies      
dewey 2 days ago 0 replies      
varelse 1 day ago 2 replies      
Playing an unfortunate devil's advocate, all this ludicrous surveillance state gadgetry seems to be less of an attempt to be the United Stasi of America and more of a ridiculous over the top reaction in fear of being accused of going soft on terror.

I don't like it, and I don't agree with it, but I acknowledge that if a 2nd 9/11 level event were to occur after the government relented and imposed reasonable limitations on data collection that the party out of power at the time could easily scream bloody murder and take all 3 branches of government in a single election cycle. I'd previously only expected this from the party of Kang, but Obama's stance on drones and NSA surveillance has revealed the party of Kodos is no better.

Which is to say I think the surveillance state is a symptom more than the disease. America has lost all sense of perspective.

~30,000 automotive deaths (of which ~10,000 resulted from drunk driving) annually.

~11,000 gun deaths.

~6,000 deaths from falling off ladders.

~3,000 people died on 9/11.

Ergo we should ban ladders, guns, alcohol, and cars: it's the only way to be sure, no?

lispm 1 day ago 0 replies      
'Applause' at the end is an understatement. He got a long standing ovation for his contributions to expose the NSA's war on people.
beernutz 1 day ago 0 replies      
I wanted to thank the poster for their work in transcribing this! I personally really appreciate it.

I REALLY dig doing this via github as well. I submitted a pull request with some spelling changes.

salient 2 days ago 1 reply      
Greenwald's speech was great, but so far the most interesting one to me has been Jacob Appelbaum's speech where he gives a lot more technical details (including new information) about how the NSA is hacking systems and how far they are willing to go, like wanting to create a "Great Firewall of Earth" or even radiating people with up to 1KW in order to get what's in their computer, which just proves how out of control and power hungry the NSA is and how indefensible their actions are, despite what some of the NSA HN users around here or their supporters might say.

Highly recommend it:


mjallday 2 days ago 1 reply      
Did you do this by hand or use a tool and then touch it up afterwards?
detcader 2 days ago 0 replies      
A good summary of events so far, in a general sense. More important stuff to check out from/on Greenwald, one of the most important journalists in US history, at least by the nature of what he's helped publish (but of course more than that):

Conversations with History: Glenn Greenwald - https://www.youtube.com/watch?feature=player_embedded&v=-qlF... ~2011

Glenn's "Frequently Told Lies" page - http://web.archive.org/web/20131007002618/http://ggsidedocs.... it's currently down, both on archive.org and the original page)

The American columnist who can't live in America - http://amanpour.blogs.cnn.com/2013/06/10/the-american-column... (this is before the striking down of the gay marriage law in question, I think)

How Glenn Greenwald Became Glenn Greenwald - http://www.buzzfeed.com/jtes/how-glenn-greenwald-became-glen...

Believing oppression only happens elsewhere - https://theoldspeakjournal.wordpress.com/2013/01/16/believin... (the original blog is down)

Endless War, Radical Presidential Power, and a Rotted Political Culture: A Talk by Glenn Greenwald - http://translationexercises.wordpress.com/2013/03/28/endless... [28 Mar 2013]

jonnybgood 1 day ago 2 replies      
I'm very skeptical of Glenn Greenwald. I'm surprised by how many will readily accept whatever he says. That's kinda scary. There's a question of credibility when you don't fact check[1]. Makes you wonder what else is Greenwald exaggerating or not fact checking.

[1] http://www.washingtonpost.com/blogs/erik-wemple/wp/2013/06/1...

davedx 2 days ago 0 replies      
Thank you.
plg 2 days ago 0 replies      
Thank you
jokoon 1 day ago 1 reply      
watching the video, at some points there seems to be audio lag...

I even wonder if the NSA actually tried to DDOS the skype call conference.

The most Kafkaesque paragraph from todays NSA ruling washingtonpost.com
224 points by runn1ng  2 days ago   61 comments top 16
jfaucett 2 days ago 4 replies      
If I understand this correctly, it is the simultaneously the most absurd and scary thing I have read in a very long time. So now crimes committed by the government cannot be challenged because the government never intended anyone to find out about it - thats a horrid peace of law.
chasing 2 days ago 1 reply      
"Pauley is essentially saying that the targets of the order have no recourse to challenge the collection of their personal data because Congress never intended for targets to ever know that they were subject to this sort of spying."


Pauley is saying that the targets of the order have no recourse to challenge it. That Congress never intended for them to know about it may be true, but it's otherwise neither here nor there.

jbaiter 2 days ago 0 replies      
Yesterday in a talk at 30C3, a historian discussed article 10 of the German 'Grundgesetz' (our constitution) whose logic is similar and which reads as follows:

> (1) The privacy of correspondence, posts and telecommunications shall be inviolable.

> (2) Restrictions may be ordered only pursuant to a law. If the restriction serves to protect the free democratic basic order or the existence or security of the Federation or of a Land, the law may provide that the person affected shall not be informed of the restriction and that recourse to the courts shall be replaced by a review of the case by agencies and auxiliary agencies appointed by the legislature.[1]

The logic sounds alike to me: Victims cannot know that they are being surveilled, and should they, under some circumstances obtain knowledge of the fact, take any real legal recourse against it.Fun fact: That article was imposed by the US.[2]

[1] http://www.gesetze-im-internet.de/englisch_gg/englisch_gg.ht...

[2] http://de.wikipedia.org/wiki/Deutsche_Notstandsgesetze (sorry, the English article doesn't cite any sources)

CurtMonash 2 days ago 3 replies      
That's not crazy. When faced with a law, terrible or otherwise, judges have two main choices:

1. Rule that the law should be followed.2. Rule that the law is unconstitutional.

The article provides strong reasons for believing the law is terrible, but that doesn't mean the judge is wrong on any grounds except constitutional ones.

smokeyj 2 days ago 3 replies      
I wonder what kind of dirt the executive branch has on the judicial branch..
rayiner 2 days ago 2 replies      
This is taken wildly out of context. The sentence right after the quoted text is just wrong. The quote is in response to a statutory argument. Statutory arguments are evaluated by reference to the text of the statute and Congress's intent in drafting the statute. The court is not saying that the ACLU has no claim because Congress did not intend the targets to find out, but rather that Section 215 doesn't create that claim because it would be inconsistent for Congress to intend to create such a claim when Congress did not intend for targets to find out. The court is rejecting one possible basis for the ACLU's claim, which is that Congress intended to create an avenue recourse in the statute. Its not a general point applicable to other possible bases for the ACLU's claim. In particular, the court is not saying that the ACLU cannot mount a Constitutional challenge for that reason, which is what the article implies. That would be Kafkaesque, but that's not at all what the opinion says. The Constitutional basis is separate from the statutory one, and does not depend on Congress's intent.

It helps to think about this analogously to other kinds of suits. Say you feel like a school district is discriminating against African Americans. There's a constitutional dimension to that case, but also a statutory dimension. Congress has created legislation that people can rely on to address such discrimination. To defend a suit under such a statute, a state might argue that a particular suit does not fall within the scope of the statute: that Congress did not intend for the statute to serve as recourse in this situation. But that sill leaves the broader Constitutional issue on the table. Whether Congress intended for a statute to serve as recourse is irrelevant to the Constitutional argument. There are two separate bases.

zacinbusiness 2 days ago 2 replies      
I don't think any of this really matters. If the Supreme Court decided tomorrow that anything the NSA does is unconstitutional then the laws would either be rewritten immediately or the government would challenge the ruling and force the justices to change their minds. The Us government answers to no one, and that includes the Supreme Court.
Cakez0r 2 days ago 0 replies      
It's not a crime unless you get caught! .... Or apparently if you didn't intend to get caught.
ItendToDisagree 2 days ago 1 reply      
A hypothetical:

"The principal called. He said that you cheated on your exams."

"Yeah, but I never meant for anyone to find out, so why am I in trouble?"

Seems legit to me!

coldcode 2 days ago 0 replies      
We should be reminded that neither Kafka nor Orwell should be regarded as designs for law. The more time goes by the more we seem to live in their world.
Aloha 2 days ago 0 replies      
I should point out that the person who argued for the petitioner - Doe - in Gonzaga v Doe, was John Roberts - this may not go the obvious way if it reaches the supreme court.
memracom 2 days ago 1 reply      
Imagine that the KGB informs Putin that Edward Snowden is holed up in Moscow airport. What would Putin ask.

Probably, "What information does he have that we could use?".

What would you as a KGB leader say to Putin. Probably "Well he stole a huge amount of sensitive information from the NSA but he apparently hid it all on the Internet and gave copies to several other people. But he doesn't have it with him."

And then what would Putin say? Perhaps "If he has already passed on this information, then could he do anything else other than what he has already done?"

I suppose the KGB leader would say "No, other than to hide away so that they can't hold a big show trial hoping to cover up the real story."

"Good says Putin. We will give him refugee status if he promises not to do anything else to further harm the USA. After all, it will take time for all the information to filter out to the media. We will hide him so that the media has to focus on the facts.

And then Putin adds, "Do you think he discovered anything that we don't know already?"

And the KGB leader replies "We have known of this lax security for years. Our team of sleeper agents set up many channels of information for us years ago, so we think this only means that the world will learn what we already know."

rodrodrod 2 days ago 0 replies      
Wait, what? There's no way that's a valid legal argument. That's insane.
jkarni 2 days ago 0 replies      
If I understand this correctly, is it really that worrying an argument? One can't use covert telephone recording (i.e., without two-party consent) as evidence in most states, and it's important that the person being recorded didn't intend for the conversation to be recorded and available in the future as evidence. Similarly, one would expect leaks to not hold up as evidence.

Much as I also dislike the ruling, the argument here seems quite reasonable to me.

gamerDude 2 days ago 0 replies      
Well, in a way this is a similar kind of right as the people have to not be prosecuted after an un-warranted search.

Can we get a warrant to search every portion of the government for illegal activity? We just have to find some sort of suspicion that they might be doing this...

squozzer 2 days ago 0 replies      
The ruling seems to have put the kibosh on legal redress. Now the question becomes of what to do next. So how does one neutralize something like an NSA? Where are their pressure points?
I flew on a plane without going through security. It was amazing and no one died washingtonpost.com
221 points by MattRogish  1 day ago   225 comments top 38
chimeracoder 1 day ago 7 replies      
It's sad that this headline (presumably) is not tautological.

First, the TSA itself has admitted that there is no evidence of terrorist plots against aviation in the US[0].

Second, the circumstances under which 9/11 happened would be impossible to repeat. Plane cockpits are all but impenetrable[1] - the only reason that some of the 9/11 hijackers were successful was that the standard protocol for dealing with hijackers assumed that hijackers wanted to take the plane hostage for ransom, not use the plane as a weapon. This protocol was fixed almost immediately. (Note that United Airlines Flight 93 did not face the same fate as the other three planes, because the passengers knew what the hijackers were planning.)

Since it's impossible to take control of the cockpit as a hijacker these days, even if someone managed to bring a gun on board a flight, the most damage they could do is kill all the passengers (leaving the pilots unharmed). That is truly a horrible scenario, but that makes flying no more risky than going to the movies or going to school (eg. Newtown, Arapahoe, Boulder).

Of course, one "logical" conclusion is therefore to establish TSA-style security at every school, cinema, mall, etc... in which case we have turned the country into a police state, and we should expect the same crime rates as within federal prisons: http://www.bjs.gov/index.cfm?ty=tp&tid=194

[0] http://tsaoutofourpants.wordpress.com/2013/10/17/tsa-admits-...

[1] I believe I read another comment on Hacker News a while back in which the pilot had a heart attack after the cockpit had been locked from the inside, but before leaving the gate, and it still took the fire department almost an hour to cut through the door.

snowwrestler 1 day ago 9 replies      
Yet another in a long line of "data wonky" articles that misuse statistical data to support a position that is emotionally attractive.

> Would this increase hijacking? Probably. But there's no reason to believe it would increase casualties from terrorist attacks overall. That's because increasing airport security just leads terrorists to direct their assaults elsewhere.

There are two huge problems with this statement.

First, you cannot draw such a causal conclusion from statistical data alone.

Second, it's pulling a subtle slight of hand--the goal of airport security is NOT to reduce terrorist casualties overall. It is to reduce violent attacks of any kind on airplanes, specifically.

At the base of this argument is an implication that terrorist attacks are zero-sum: reduce them in one place, get an equivalent more in another. But that's not how security works.

Look at it in digital terms--it would be like saying that we don't need to bother with strong passwords, because all those did was drive up the number of phishing attacks. Maybe we could just get of passwords, since the total number of intrusions would not go up. And besides, just think of all that wasted effort to create, hash, store, remember, and manage passwords.

Does that sound stupid? I hope so, because it is. But that's exactly the type of argument that this article is making.

kyro 1 day ago 3 replies      
What I find particularly evil about the TSA is their Pre program that lets you bypass security lines for $85. Mind you, you'll only be granted that sort of privilege after an approval process that requires you submit the non-refundable fee along with an application. So paying $85 doesn't even guarantee you a spot.

It's as if after implementing all this theater, imposing myriads of restrictions, that they realized it was all ineffective, and now they're reframing the entire situation by acting as if they're catering to customers by offering a program that reverts things to how they were a little over a decade ago, but now for a fee.

ck2 1 day ago 2 replies      
Isn't it pathetically sad what we've grown to accept?

Frog in a slowly heating pot indeed.

Now that we've accepted the horrors of the TSA, they are working on getting us to accept the horrors of the NSA, slowly but surely, until we reach the point that the average person defends every smartphone being hacked and tracked.

tehwebguy 1 day ago 4 replies      
The article misses the most important point! By reinforcing the cockpit doors and locking them from the inside we made it so that a plane can no longer be hijacked.

Even if a bomb is brought on board we would never give control of a plan to hijackers since we now know it may be used as a giant missile, not just an escape vehicle.

minimax 1 day ago 1 reply      
He is chalking up a lot of things that existed before 9/11 to the TSA. 15 years ago we all still had to stand in line to go through metal detectors to get into the terminal. Also how can you compare loading time on a 9 passenger Cessna 402 to something like a 737-300 that can hold 120 people? That's silly. It takes more time to board larger planes than smaller ones and that has nothing to do with security.

I go through the TSA screening several times a month, and while I don't appreciate the invasion of privacy, it isn't really that big of a pain in the ass to stand in line for a few minutes and put all your bags through the scanner.

erbo 1 day ago 0 replies      
The author laments "all the waste that one stupid government policy can generate." But there seems to be little hope that any of it will go away any time soon.

Why? Because of a statement I've seen attributed to Karl Denninger[0]: "One man's waste, fraud, abuse, scam, and theft is another man's paycheck."

If there were no need for TSA-compliant messenger bags, Timbuk2 would likely see a drop in revenues. If there were no TSA, a whole bunch of people employed as TSA agents would be out of work. I'd expect everyone making money off the current system of security theater to fight tooth and nail to preserve the money they're making.

[0] See e.g. http://www.market-ticker.org/akcs-www?singlepost=3149840

coldcode 1 day ago 1 reply      
All the TSA has done is ensure that someday a suicide bomber will blow up the security line, and destroy the travel industry at the same time. There is no backup plan once that happens other than picking people up at home in armored vans.
pinaceae 1 day ago 1 reply      
the core issue is that a lot of very young people are now starting to debate this shit that only remember 9/11.

we just had the 25 year anniversary of Lockerbie. that bomb not only killed all on board the plane, but a lot of people on the ground. no need to hijack.

and we now have a lot of suicide bombers, see just the last two days on Volgograd.

have the Israelis scaled down their anti-bomb detection measures? no? then neither should the west.

i fly a lot, internationally. i do not mind the checkpoints. i mind dying pre-maturely in a fireball.

codex 1 day ago 2 replies      
Russian train stations employ metal detectors and barricades. Just as the TSA has been ridiculed in the United States, these were similarly derided in Russia.

And yet this combination was effective in limiting the number of casualties in the recent Volgograd train station bombing. I suspect the amount of Russian editorializing over these security procedures will soon decrease.

Fortunately, while civilian memory is short, government institutional memory is long.

C1D 1 day ago 0 replies      
I don't want to sound like a nutcase conspiracy theorist but to be quite honestly if the government had always wanted an excuse to violate basic human rights, 9/11 was probably the best thing that happened for them.

After 9/11, they were able to convince us that we NEED to be felt up by strangers at the airport and that we NEED to invade a country and that ITS OKAY to just kill thousands and thousands of civilians "by accident" all in the name of National Security and when some civilians try and kick out these strangers that invaded their country and killed their family, they're the nut jobs, they're the bad people, they're the real terrorists.

I honestly think the US is a bigger terrorist that Osama ever was. Now, after 9/11 people we're living our normal lives normally; while in Afganistan, families everyday are terrorized, scared, afraid that this might be their last day. Today might be the day their father doesn't come back. Today might be the last day they see each other.

hnriot 1 day ago 1 reply      
I don't get all the fuss. I fly often and it takes no more than 20 minutes in SFO to get through, even when there are long lines because they add more agents (thread pool!) - same in Boston, even when there's a major storm and the whole state are trying to leave at the same time, it's still really efficient. I don't really care about taking off my shoes and belt, I certainly don't find it humiliating. It's like when I hear people talk of the humiliation getting a physical. American's are the biggest consumers of porn and at the same time, the biggest prudes about ridiculous stuff. If I had to drop my shorts at the airport I might remember not to wear Spongebob ones to the airport, but short of that, it's hardly a big deal or worth blogging about.

I'd rather take my shoes off and have 2+ jet engines than get in an 8-seater commuter plane.

mkent 1 day ago 0 replies      
Living on an island in Canada I've taken these small commuter flights a number of times. Being able to hop on near the actual flight time is fantastic. Few points about these smaller flights:

- Typically they still want you there 30 mins early to check-in and load the baggage.

- The pilot to passenger ratio makes them very expensive. A 20 minute flight for me is costlier than a 5 hour one to a major hub. I rarely pay for these out of my own pocket.

- Being a smaller operation your pilot can be very young and inexperienced.

- These planes are very small and at times get uncomfortably hot in the summer.

- The majority of crashes around here are from similarly sized aircraft. Always an uncomfortable reminder of what can go wrong.

- Flying in any kind of adverse weather can honestly be pretty terrifying in a smaller plane. If your lucky they'll delay or cancel it altogether.

- Sometimes your pilot will leave the window open and a wasp will fly in prior to take off. Sitting in the co-pilot seat in a cramped plane, it may be up to you to kill it :)

Overall I prefer the smaller flights in the summer, but I'll take the slow security for the safety of the bigger plane in winter.

beat 1 day ago 3 replies      
In large organizations, the appearance of risk is much more important than the reality of risk. Big organizations (like governments) will do things that actually increase risk, so long as the things look on the surface like they will reduce risk.

Saying that TSA security doesn't reduce terrorism risk is a reasonable argument (although I think it's wrong; consider the possibility of gun-toting yahoos wanting to be "safe" with "self-defense" and blowing a hole in the fuselage because they saw a suspicious brown person). But politically, saying to give up TSA security because it doesn't work is basically impossible. Voters will demand that politicians do something about the threat of terrorism.

ryguytilidie 1 day ago 0 replies      
I actually had a pretty weird situation happen last time I traveled. I was in the regular lane and the guy who checked my ticket and id read my ticket wrong and sent me through the TSA precheck line. Once in that line, there seemed to be a further mixup and I literally went through security without my bag or myself being scanned. It was pretty weird, but again, no one died, and it actually gave less of a chance for my stuff to get stolen and took less time. It's almost as though this is a superior system...
caycep 1 day ago 0 replies      
I remember reading a number of articles from Israeli security that make a mockery of everything the TSA does (which is basically what they, who have to secure airports and other public spaces in Israel against almost daily threats, never do).

The TSA basically exists to make Michael Chertoff and Dick Cheney very, very rich. It would be interesting to see how much they raked in from this, compared with, say, Bo Xilai or Wen Jiabiao.

linuxhansl 1 day ago 0 replies      
Personally I would prefer flying without any security checks.I am going to die one day; statistical chances are high that will not be due to a terrorist attack.

In fact I flew from South Africa to Europe 4 or 5 years back (in a large Airbus). No metal detector, no scanners, no taking-shoes-or-belt-of, just the quick scan of the carry on. Took 2 minutes, and I did not feel unsafe in any way.

911 cannot be repeated (as pointed out many times before). The TSA checks are a theater and everybody knows it.

loomio 1 day ago 0 replies      
As an American living abroad, I still show up hours too early for flights. Old habits are hard to break! But seriously, it's just not like that in many other places round the world. Sure, we have security, but showing up more than an hour before your flight? I've been laughed at many times. Security theatre is a huge, huge waste of time and resources all around.
joshfraser 1 day ago 0 replies      
I have also flown on a commercial flight w/o going through security. It was an incredible experience and I didn't worry for a moment about the intentions of the other passengers. I hope we come to our senses and say goodbye to the TSA.
vxNsr 1 day ago 0 replies      
We could also implement Israeli style security, namely profiling (not racial but terrorist), when you go through Ben Gurion, you go from car to gate in about 30 min, and at no point do yo have to remove your shoes, or even remove your laptop from it's bag, no matter what type of bag it is.

Now I'll grant you if you're coming from Ramallah and you're flying to Pakistan through Turkey and Dubai you should probably give yourself and extra hour or two, but as long as have no nefarious motives and tell the truth you will be on your way. But this is true regardless of the color of your skin or religious beliefs. I have a friend who was doing something like that and he's white, very clearly Jewish and religious. (Often those stories you hear of the 3 hour long interrogations are because the dude was/is an active participant on the rock throwing attacks and they have pictures of him that he is unaware of...)

nicomoto1 1 day ago 1 reply      
I think what most people are forgetting is the reason for such measures on flights. An hijacked flight is very different from other hijaking/terrorist situations. It leaves you with almost no options except maybe to shoot it down. There is absolutely no other tactical moves that can be made. The same cannot be said for similar attacks on theaters/schools etc. A flight is also a moving threat that requires swift response, and it can strike (when used as a weapon) over quite a large area (In terms of targets it may choose).

Now, if we as this article suggests remove all security to get on flights. As someone planning such an incident, i.e. pull out a gun or other random acts of terror; It would follow that getting on a flight to do such a thing would be the best move. You literally have access to 200+ people with no where to run in a confined area, with no security. The reason flights are given security vs other places such as theaters etc is not some random act. It is cause of the specific threats that are posed by hijacked flights/weapons on flights that are fundamentally different from other locations.

(How fast would the cops get to someone who starts firing at people in any city with such high population density?, now compare that with what happens in a flight, you have no options, and once it starts you practically write off the people who are on the flight because you have no chance of saving them)

hisham_hm 1 day ago 0 replies      
The first time I felt a real chill with regard to the United States when when I saw padlocks for sale (here in Brazil, no less!) with some inscription to the effect of "TSA-friendly". You buy a lock to keep people away from peeking at your stuff, but you can no longer keep the government away. This felt like having the keys to your front door being forcefully changed into "FBI-friendly" keys.
jimsilverman 1 day ago 1 reply      
"increasing airport security just leads terrorists to direct their assaults elsewhere"

so in other words, heightened airport security has worked.

Aqueous 1 day ago 0 replies      
When people complain about the TSA, I'm reminded of this Louis CK bit:


lutorm 1 day ago 1 reply      
You, too, can experience flying without security: Get a sport pilot license and a used airplane for $20k or so.

Of course, you'll be much more limited by weather than a transport-class aircraft.

mh- 1 day ago 0 replies      
6.3 fewer airplane hijackings in the years examined (a hijinking-heavy period chronicled [..])

hehe. hijinking-heavy.

ronnier 1 day ago 2 replies      
I always feel like the oddball, but I don't mind the current state of our airport security. Given the option of two flights, one with security and the other without, I'm taking the flight with security precautions... Irrational or not.
Havoc 1 day ago 0 replies      
Airport security is a sieve anyway. Shortly after 9/11 I carried 10 inch knife through security. Forgot I had it on me. Oops..

In their defense: I tend to do well with these kinds of situations. Exuding a combination of "not criminal" and "don't mess with me" does wonders.

EGreg 1 day ago 0 replies      
Is this much more libertarian: http://www.youtube.com/watch?v=PZ2QFmJ7h0A
DanielBMarkham 1 day ago 0 replies      
I grew up in the 70s. Back then, there was an entire generation that was smoking pot, although it was very recently deemed illegal.

It was a weird time. Most young people either smoked pot or knew somebody who did. There wasn't much odd about them, although we were told that smoking pot was terrible. On the street, however, it was fairly obvious that this was an overreaction. To hear some folks talk, there was little difference between heroin and pot. That was obviously not true.

It took 50 years for common sense to get back into the system, and even now, when the change is starting, it might be another 10 or 20 years to fully reverse pot laws. I'm not a pot user, but I find this slowness-to-adapt to common sense amazing.

Unfortunately, the system isn't just glacial in fixing bad laws -- it's fairly quick to add new bad laws as we go along. TSA is the case in point. Just like the pot laws, we're constantly told that there is a terrible danger out there that we need protection from, even though it's blatantly obvious that this is an overreaction and power grab. Nobody seems to be driving the bus.

So I guess we'll go through 50 years of increasing TSA "supervision" of travel until we see some kind of sanity? And how many TSAs will we have by then? It's depressing to think about.

macspoofing 1 day ago 0 replies      
Woooo. You flew in a six-engine plane without TSA security checkpoints?! No way. Did you also know that for a few hundred bucks you can get a pilots license and fly it yourself!?!
cmarschner 1 day ago 0 replies      
This reminds me of the story of a former collegue of mine who worked as a consultant out of Oslo, Norway.15/20 years ago the Oslo airport was still quite close to the city center, and for a while he had a client in Bergen, 400 km west. He was living a 5 minute bike ride from the airport. He would go there, enter the plane, and get to the office in less than an hour. He would be home for dinner every day.Environmental aspects aside I think this was what was deemed the future in the 60s... Then the airport was moved 50 km north of Oslo, then came the terrorists and all the security regulations.
Segmentation 1 day ago 4 replies      
Are flights between European countries, say Denmark and Finland, as easy as the OP's experience? Or has post-911 NSA influenced the majority of modern civilization into encumbrance?
rayiner 1 day ago 2 replies      
Interesting point about hijackings.

Airplane hijackings are actually much more common than most people think. From 1988-1997, there were about 18 airplane hijackings per year, down from the peak of 82 in 1969: http://en.wikipedia.org/wiki/Aircraft_hijacking. Interesting to read the history: http://en.wikipedia.org/wiki/List_of_aircraft_hijackings#196....

EGreg 1 day ago 0 replies      
"Could that literature review be wrong? Sure."

"Is eliminating airport security politically untenable? Maybe"

"Would this increase hijacking? Probably."


gesman 1 day ago 0 replies      
Fear is easy sell.

And TSA is a big business.

'nuff said.

pantalaimon 1 day ago 0 replies      
I can hop on a bus, ship or train without any security checks. Why are planes so radically different?
squozzer 1 day ago 1 reply      
I haven't flown since before 9/11, and I didn't like the airport experience too much then. I'm sure I'd like it less now. But I keep in mind that the airplane + TSA still saves a lot of time compared to trains, boats, buses, and cars for travel over a certain distance.

The question I have for people is why they bother traveling so much nowadays. Maybe the experience of le rive gauche cannot be replicated over the internet -- but a lot of travel (especially business) seems to be a bit of showmanship itself. You know, show up and impress the client with a little face-to-face. Or let the striking factory workers know who's boss. Whatever.

What makes me laugh even harder than the deaths of old habits such as flying hither and yon are people who distinguish between security and the illusion of security. Isn't security itself a feeling? And what makes jittery fliers feel safer than a bunch of goons rifling through one's possessions? Isn't that the essence of "stepping up security"?

Why I no longer contribute to Stack Overflow richter.name
219 points by spatulon  1 day ago   222 comments top 73
crntaylor 23 hours ago 8 replies      
The author's main problem stems from his desire to use Stack Overflow as a mechanism for gaining internet points - as is illustrated by his confession that

  "I saw a simple Java question, hit Google, read briefly, then   synthesized an original answer."
Why bother? Instead, I use Stack Overflow predominantly for three reasons --

1. To ask interesting questions that I think will get a better answer there than anywhere else (eg [0,1,2]).

2. To help educate other programmers about languages that I like very much, and would like to see in wider use. I endeavour not to just give a "how to do X" answer, but instead explain what the different approaches are, and why some approaches are better than others (eg [3,4,5])

3. To stay in touch and build a reputation among the wider community of Haskell programmers - not by amassing internet points, but by asking interesting questions and giving interesting, thoughtful answers.

If you just game Stack Overflow for imaginary internet points, it's no wonder you don't find it very fulfilling.

[0] http://stackoverflow.com/questions/9190352/abusing-the-algeb...

[1] http://stackoverflow.com/questions/10753073/whats-the-theore...

[2] http://stackoverflow.com/questions/19177125/sets-functors-an...

[3] http://stackoverflow.com/questions/11684321/how-to-play-with...

[4] http://stackoverflow.com/questions/12968351/monad-transforme...

[5] http://stackoverflow.com/questions/20857165/move-or-copy-in-...

lemmsjid 21 hours ago 3 replies      
I appreciate the author's opinions overall, so this is a nitpick of just one of his core arguments. I think he is inverting the value of certain kinds of questions. To me, Stack Overflow is valuable primarily for the simple answers to simple questions, and secondarily for the complex answers to hard questions.

As a software developer well into my second decade of professional experience, I maintain a small number of technologies at what you might call an expert level. These technologies shift in and out of focus depending on what my current projects are.

When I complete a project and don't use the technology for more than a year or so, I've found that I forget all of the nitty gritty stuff and remember all the big conceptual stuff.

For example, I recently returned to Java after several years of disuse. All the bit conceptual stuff that was really hard for me to pick up initially, like polymorphic behavior, multithreading, etc., was still there. The easy but nit-picky stuff was all gone. I'd forgotten when boxing happens and doesn't happen, the behavior of equals in reference vs value types, even where I'm supposed to put certain syntactic elements. Simple questions on StackOverflow to the rescue!

As another example, I did a large project involving SVG in the early 2000's and got to the point where I knew as much as there was to know about it. I recently did a quick one-off project that utilized SVG, and I found that I'd retained the big conceptual ideas, such as the behavior of the coordinate system, the hierarchy of shapes, viewports, groups, etc., but I'd totally forgotten a huge laundry list of practical nitty-gritty things about actually making an SVG experience work.

In the Java example I was embarking on a large project, so I hit the books and re-taught myself to fish again, because it was quite worth my time investment to start from the fundamentals and work my way back up. In the SVG example, I literally just wanted to do something in an afternoon, and I knew SVG could do it, and I wasn't going to do any SVG work after that. Hitting the books and teaching myself to fish in that scenario would have been a waste of time. So I plowed through and was helped immensely by the simple-question simple-answer Stack Overflow scenario.

Then there's a whole list of technologies that I really don't have the brain-space to keep abreast of, but I still need to use. For example I am not an expert at shell scripting, but on occasion I need to write one. Back to Stack Overflow and the simple answers to simple questions.

Before Stack Overflow I wouldn't have been in the dark--as a long-time Internet community member, I would have gone through the usual: find the right community with the most helpful people, hope the community has a search engine or is well indexed by Google, read through long lists of replies without a voting system or assessment of quality, rinse-repeat. Stack Overflow speeds that process up immensely.

nathan_long 1 day ago 8 replies      
StackOverflow is a machine designed to do one thing: make it so that, for any given programming question, you will get a search engine hit on their site and find a good answer quickly. And see some ads.

That's really it. Everything it does is geared toward that, and it does it quite well.

I have lots of SO points. A lot of them have come from answering common, basic questions. If you think points exist to prove merit, that's bad. But if you think points exist to show "this person makes the kind of content that brings programmers to our site and makes them happy", it's good. The latter is their intent.

Does having easy answers available on SO make us dumber? I doubt it. People have made the same argument about search engines, and you probably could have said the same about encyclopedias.

leephillips 23 hours ago 2 replies      
He doesn't have a problem with Stack Overflow, really. He has some loathing for his own practice of treating the site as a game and finding useless ways to rack up meaningless points. He never explained why he bothered to collect these points, but clearly one day he realized that this was pointless and decided to blame the site rather than himself.

I go there now and then to answer questions. My latest answer[0], about a way to get gnuplot to do a certain trick, took me a couple of hours to get right and got me 25 whole points for being the accepted answer. I worked on this because it seemed to be an interesting challenge, I was interested in figuring out how to do it, and nobody else was answering. I sharpened my gnuplot skills in figuring it out and helped someone. To do this for "points" is asinine (unless a big score gets you something else, like a consulting contract - in which case what's the complaint?).


pygy_ 1 day ago 5 replies      
The LuaJIT author, Mike Pall recently stopped contributing to SO [0] after having an edit on one of his own posts about LuaJIT reverted by clueless mods [1].

The reply was highly precise and technical, and the reasons given by the mods to reject the edit are spurious, since they just couldn't understand it and its implications.

I reached out to two of them (I couldn't find how to contact the third one), but they didn't even reply to my mails.

[0] http://www.freelists.org/post/luajit/How-does-LuaJITs-trace-...

[1] http://stackoverflow.com/review/suggested-edits/3395606

adamb_ 22 hours ago 1 reply      
Did SO get everything right? No.

Is SO the best code Q/A resource available? Absolutely yes.

Remember what was used before SO? Pure shit. Open-ended help forums scattered throughout the web that had little/no moderation and no indication of where the solution could be found in the discussion, or if a solution was ever found at all. SO's aligned everyone's incentives to post the solution & the site's formatting makes it trivial and find the best solution provided.

I've personally experienced times where my questions/answers have been affected by wikipedia-esque moderation, but at the end of the day I still click on SO results first in Google & and I still visit from time-to-time to see if I can help anyone out.

nathan_long 1 day ago 0 replies      
Why I still contribute to SO:

- I've gotten a lot of help there

- It's nice to help other people in return

- Any answer I put there will be available via Google in 5 minutes, so I can definitely reference it myself in the future. (I'll even ask and answer questions I just figured out so that I can find them later.)

sergiotapia 19 hours ago 1 reply      
Personally, I post each and every question I have to StackOverflow. When I figure it out, I take some time to write out a detailed answer to my own question.



a) I love contributing with the online developer community and sharing back all that I've taken since I started freshman year of college.

b) Writing it out step by step solidifies the knowledge within me.

It's a win-win!

jaydles 22 hours ago 6 replies      
DON'T TRUST ME BLINDLY: I work for Stack Exchange, so I'm totally biased. On the other hand, I left a lucrative career in finance for a lot less money here because I believe in what we're doing, so there's that.

MOST IMPORTANTLY:I appreciate Michael's feedback, and he worries about a lot of the same things I do. Moreover, we are incredibly grateful for all he's done over the years - my honest belief is that his contributions (even when they were just fish) helped a ton of people finish a project that may have been what made them LOVE programming. And those people did take the time to learn the fishing techniques underlying those fish, so they could do it better next time.

ON REWARDS:Points aren't the point. Let's be honest. We reward people for helping others with points that essentially convey nothing other than the ability to help in new ways (as you unlock new privileges). No one in their right mind is spending time on the site with the empirical goal of getting points.

The real reason people answer questions is that they like helping people. The points are important, but only insofar as they give you actual feedback on how many people appreciate your effort. The points aren't the reward; they're just a way to measure the real reward people care about: knowing how much of a difference you've made.

So when Michael worries about his points going up even after he's stopped posting, that's the system working. It's not about ensuring the right person is "winning" it's about showing how many people got help.

And he's still helping others today. I respect his decision to leave, but truly think he should be proud of what he's done for the programming community to date. In any case, we're grateful.

bryanlarsen 1 day ago 1 reply      
Unlike the OP who was playing the Stack Overflow game, I use SO like a typical programmer: I type my question into Google which often returns results from Stack Overflow. Sometimes I'll come across an unanswered question or one with a better answer, so I'll submit an answer. If I can't figure something out after a few hours of trying, I'll ask the question on SO.

Such questions and answers represent hours of effort on my part. That's fine -- I needed to spend most of those hours for my work anyways, but crafting a good answer does add a significant amount of time. They usually don't result in many points: they're pretty obscure. But often it's the only place on the interwebs where the question is answered.

But the answer that has earned me the most points is a stupid throwaway CSS answer that's technically wrong: http://stackoverflow.com/questions/1817792/css-previous-sibl...

What does really annoy me are the badges. I've got a bunch of necromancer badges, which I'm proud of. But the value of those badges is really degraded by cheap silver and gold badges, such as yearling.

andrewcooke 1 day ago 1 reply      
i left so a month ago, and while i agree with one point here (creeping authoriarianism) i am completely opposed to "teach a man to fish".

for me, as a professional programmer, that site is useful because it has direct, simple answers.

but it seems to have been taken over by students who are resentful that there should be simple answers without some evidence of suffering (it really seems to be that).

why should i have to explain "what i have already done" to a bunch of schoolkids when all i want is for someone who has solved this issue before to post the right answer so i can get on with life?

i'm an adult. i can make my own decisions about when i learn and when i want an answer. i don't need someone else's priorities - from a completely different context, apparently motivated by jealousy over grades - shoved down my throat.

but anyway, while that bugged me, it was the dismissive mods that finally drove me away (at 19k points).

(am i the only one that thinks that good questions - interesting ones - are no longer getting quality answers because people that could have answered them have left? and that they're no longer being asked as a consequence? the time when i wrote answers like http://stackoverflow.com/questions/7076349/is-there-a-good-w... has long, long passed)

bryanlarsen 1 day ago 3 replies      
Please everybody, please post your "obscure" questions to Stack Overflow. Yes, it's unlikely that you'll get a good answer in any sort of useful timeframe for many of the reasons the OP lists.

Sometimes you do get a good answer quickly, saving you hours of frustrating searching.

But most times you will have to spend hours figuring it out yourself or you'll end up giving up. Answering your own question won't get you a lot of points but it will probably get you a few over time. More importantly, because of SO's high google rank, you've made your answer easy to find for the next few people who have the same quesiton.

jordan0day 1 day ago 2 replies      
> There's an old clich in English: give a man a fish, he eats for a day; teach a man to fish, he eats for a lifetime. StackOverflow is filled to the brim with people giving fishes.

This hits the nail on the head, imo. While the SO system is (presumably) meant to reward "karma" based on the quality of answers, more often than not it seems that quantity is just as important. And it's not hard to see why this is the case -- there's an inherent risk in typing a well thought-out (read: time consuming and potentially long) answer, when a simple one-liner is probably all the questioner is really seeking.

On the other hand, maybe that's what StackOverflow is really for -- getting things done, NOW. Even if that "getting things done" answer is just a band-aid, and the questioner hasn't really learned anything.

In my experience, people who find themselves applying band-aid after band-aid to their code (myself included) rarely connect the dots all the way back and realize that all their subsequent problems were largely due to their initial "fix".

V-2 22 hours ago 2 replies      
"In well over two years I have contributed nothing to StackOverflow: no questions, no answers, nothing. (Well, that's not true. When my score went over 10,000 I tried out the moderator powers for a couple of edits, just to test them out.) Over one third of my reputation was "earned" from me doing absolutely nothing for over two years."

So what? Apparently his answers were valuable enough and saved the time (and nerves) of many programmers who faced similar obstacles as original posters...

It seems only right to me that a great answer, a canonical answer, like - say - this one: http://stackoverflow.com/a/101561/168719 - can be fuelling its author's reputation long after it was written. Because it holds some universal value, unlike (say) a solution to a short-lived problem with NetBeans 6.1.

"Indeed I went from the top 4% of contributors at my time of departure to the top 3%"

OMG, I didn't realize this issue was so serious.

Now that's just horrible, somebody better stop this madness quick!

(I can't help but read his rant in Sheldon Cooper's voice ;) )

ars 1 day ago 2 replies      
His bullet #2 under "Creeping authoritarianism" is so incredibly correct! It's exactly what happened to wikipedia, and why editors are leaving in droves.

With Stack Overflow it's simply not worth it to answer a difficult question, the time to point ratio is just not there, and to make it worse it's all about speed - how fast you can answer, because once the question goes off the home page you will get basically no points. So a hard question is doubly bad - it takes a long time, and by the time you are done you'll get no points.

TacticalCoder 22 hours ago 1 reply      
I think the biggest problem is not "creeping authoritarianism" or the low quality of quite some questions / answers.

The biggest problem in my opinion are voting rings getting more sophisticated and getting undetected for longer and longer period of time, with users from the rings getting more and more rep before action is taken and basically filling the site with spammy questions/answers (and even probably links to malware). This has the potential to become really nasty soon: at one point you can imagine several users from a voting ring upvoting themselves to 10K rep and starting to slowly vandalize many questions while going undetected for long period of time.

Which means SO is polluted with fake questions / answers. Google results are polluted with fake questions / answers. And high-rep users (the one with enough point to directly edit questions / answers) are wasting time fixing what looks like poor questions or commenting on these, not realizing they're fake questions/answers made by people participating in a voting ring.

Here's a recent example:


User has 364 rep as I write this and it's obviously a voting ring made of a few users. If you have a few minutes just open that account and all the questions he answered: they're all from the same two or three same users, sometimes answering twice the same question and obviously getting upvotes and accepted answers from people in his voting ring.

But that's not the issue... The issue is that this is not stopped fast enough: because the mods are too busy wasting time on less important issues concerning users who are perfectly legit.

Despite my 3.8K rep and flagging to moderator attention, nothing is done to stop these fastly.

So on one end you have creeping authoritarianism focusing on not so important issues (like say, the "closing question" police which is super-fast to act when it comes to closing or mark as duplicate legit questions), while on the other end there are real abusers, totally gaming the system, reaching enough rep to create havoc and basically doing vandalism by filling the site with fake questions (and fake answers).

The "proof" that there's a real issues is that several high-rep users spent time fixing (intentional?) typos and grammar errors in these questions, thinking they were real but, mostly, that several people are going to open the profile I just mentioned and not realize it is part of a voting ring.

Now that I post this on HN maybe that HN mods are going to act... Sadly while at the same time explaining that HN is not the place to point out SO issues, that this should be taken to meta (where I'd be downvoted or closed as duplicate etc.).

As a side note I don't understand how a new user can ask six questions, have five of them answered by a single user and all upvoted and accepted without that kind of behavior directly triggering an alarm requiring moderator attention.

So: add the ability to directly flag a user (or a question if it's simpler) as part of a voting ring, add an algo that finds probable voting ring behavior and call immediate moderator attention when such rings are discovered. Also prevent questions which are made by user which have too low of a rep from appearing in Google immediately.

And, no, I'm not taking this to meta: I don't like the "tone" there ; )

frobozz 23 hours ago 0 replies      
IMHO, The banning of "what have you tried", and the removal of "too localized" will lead to even more poor pedagogy.

The question to which the author links (2387218) is a perfect example of a wholly unresearched question, where the only possible valid answers are "RTFM/STFW" or "here's a fish".

This was the kind of thing that would have been deleted under "too localized" as it offers no benefit for future seekers of enlightenment.

I suppose it may be flagged for deletion according to this criterion:

> Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results.

but that doesn't quite seem to fit. The question is not "give me teh codez", but it does show that the asker has not attempted any solutions.

jere 1 day ago 1 reply      
>It's possible because I did what many of the people whose questions I answered (and got points for) should have done for themselves: I saw a simple Java question, hit Google, read briefly, then synthesized an original answer.

I had a very similar experience. I got the most points (3 times as many as any other question I ever answered) from showing how to perform the most basic task in ckEditor, I library I had not used before or since answering.

On the other hand, I would often spend hours getting a demo to work to demonstrate a concept that answered the person's unanswered question and writing a detailed explanation... then nothing. No response. Out of spite, I started deleting all my answers that were not accepted and had no upvotes.

barrkel 22 hours ago 0 replies      
I stopped contributing to SO because of this:


Specifically, to keep SO interesting to me, I wanted to have a custom search that eliminated low-rep users from my view - questions from people who are able to answer questions (e.g. able to Google) are much more interesting.

bryanlarsen 23 hours ago 0 replies      
The OP complains that he got 5000 points for doing "nothing". On the contrary, I think those are the most valuable points. If your answer is still useful to somebody 2 years later, that's a great indicator on how useful your answers were.
dredmorbius 15 hours ago 0 replies      
If you're going for points (and that's the entire raison d'tre for gamification!)

That's the faulty premise. Or rather: it strikes at the weakness of gamification.

Yes, there is a very strong tendency for reward and effort to be grossly mismatched in user-ranked and filtered sites. Guess what: there's a copious amount of similar mismatch in real life. Jobs which are painfully difficult offer little reward, other times a casually tossed off effort may gain endless plaudits.

On HN, I think my top-voted comment remains a sarcastically flip jibe at PHP (a couple of submissions have out-scored it). On reddit, something of a throwaway about terminals vs. glass TTYs (at least it's technical). On the other hand, I scored my first reddit gold, which is to say, someone was sufficiently moved by what I'd written to actually pay something, for a longer and more detailed post, but one which my research of the topic made pretty easy to write.

But that's not why I participate.

My principle objective is to learn, explore, examine, have my own ideas challenged, and generally expand my capabilities and understanding. And used correctly, HN, reddit, and StackExchange all accomplish this pretty well.

The rating systems are there less for the person being rated and more for the benefit of others -- they're a first-level indication of how well trusted and respected someone is ... or how long and obsessively they've been using the service.

A recent HN post (also appearing on reddit) was "We Have to Talk About TED". I wrote my own riff on that: "We Have to Talk About 'We Have to Talk About TED'" (http://redd.it/1te3hz) (and yes, as the woman in the back says, its TEDtles all the way down ...).

The key problem:

There's a fundamental problem with democratic voting processes and voting systems (such as reddit's own post and moderation processes[2] -- which are, in their defense, better than most) in assessing who's qualified to make a judgement -- and then, of course, in determining who's qualified to assess who's qualified.

There's been a strong focus in the online world for the past decade or more over user-moderated discussion. Slashdot was arguably one of the first such sites, many others have come along, most have gone. I think a fundamental misunderstanding is that the most democratic moderation systems are the best. I don't believe this is the case. Rather, any distributed moderation system shares the load of content filtering. Which is a good thing. But distributing that load to those unable to draw meaningful distinctions between "good" and "entertaining" is not useful.

This is most crucial where you're not measuring, say, marketplace potential (where popularity is in fact by and large the metric you're looking for) as opposed to, say, technical correctness. In which tests of suitability are more significant.

And that's the point of StackExchange: it's not a platform with the goal of scoring people the most points, it's a platform on which if you go there with a question, you'll find a good, and hopefully the best, applicable answer. And to that end, I've actually found the site extremely useful.

So: HN, StackExchange, reddit, Facebook, Google+, and other similar sites tend to fall down a bit of a rathole. Clay Shirky's noted that the problem isn't information overload, it's filter failure, but there are also two modes of filter failure: one is filters which are overwhelmed in the classification task and can't keep up. But another is filters which select the wrong stuff.

Which isn't a particularly easy problem to solve. StackExchange actually takes a decent cut at it (as do other services such as Yahoo Answers, though with varying degrees of success) by having the submitter select the best answer. Within the ranking system, this might carry some benefits, and in particular, submitting a lot of wrong, or simply unselected answers, might carry a penalty. Another way to switch up the voting system would be to assign more points for answers to harder, less-answered, or unanswered questions. Or to provide a means of judging between solutions: what's faster, simpler, more comprehensive, more robust, etc.

Which gets down to determining what quality and fitness are. In which case I'd recommend taking another look at Pirsig's Zen and the Art of Motorcycle Maintenance. Though you need not agree entirely with what he has to say.

specialp 1 day ago 0 replies      
While it is true that simple answers get a lot of credit, it is also true that most common questions have simple answers. Sure a bit of Googling may get you the answer but sometimes it takes an experienced user to find a Google answer. Just knowing the right thing to search for requires some skill. Dead obvious questions that can be easily Googled or are repeats are flagged and often removed.

Sure in an ideal world someone answering that very specific question that is difficult to answer would get more credit but it is not perfect. That is also why the bounty system exists because someone can have a specific hard to answer question that would be very beneficial to them while not many others would be helped and thus upvote. So that person can offer a bounty.

JimDabell 23 hours ago 1 reply      
The site seems designed to enable lazy developers to scrape by without learning how to do things properly. There are developers out there who, when faced with a problem, don't bother debugging, don't bother looking at the documentation, don't bother searching Google for the error message, but just post a question on Stack Overflow and wait for somebody to solve their problem for them.

I've seen questions where you can literally copy and paste the question into Google, look at the first result to find an authoritative source, and copy sample code to solve the problem. Yet that was apparently too difficult for the person asking on Stack Overflow, and if anybody points out they should be doing this, they get their comment removed.

I've answered a lot of questions where somebody is genuinely stuck on a difficult problem and it's taken serious effort to figure out what's going on. I've also answered questions where the answer is only a quick Google search away. The former get a couple of votes up. The latter get hundreds of votes up.

This is not a healthy addition to the software development community. This is enabling developers with a vitally important gap in their skills to avoid becoming competent.

samspot 23 hours ago 0 replies      
The main value I get from stack overflow is easy to find answers to easy questions. I find it easier to find documentation of how to do X on stack overflow than I do in the manuals for most of the tools I use.

Here is the workflow:

1. Google 'question string'

2. Click first stack overflow link

3. Skip to the first answer without reading the question.

This, incredibly, works for about 80% of the things I need to look up day to day. I often find that I either need a simple example, or just need my memory jogged. In my opinion the entire internet is better because of the existence of this one site.

I agree with all of the author's points, but I think stack overflow is worthwhile despite these problems. And trust me, I've gotten my own snarky, low effort, infuriating, heavily upvoted, answers from Jon Skeet.

cjf4 23 hours ago 1 reply      
This reminds me of an old talk radio adage: don't mistake callers for listeners. The people who call into a radio show represent a fraction of the audience, and are often the most extreme, polemic, loose hinged segment of that audience. And most people don't call.

In the SO world, I'm definitely a "listener." I almost always wind up on the site from Google, and it usually does a pretty good job. I don't think I've ever navigated around the site itself, so the "game-ification" or whatever was completely foreign.

I will say that there have been numerous times where there are pretty good subjective or opinion based discussions (which language is better for x?) that get "closed as non constructive." I can understand why they would want to avoid flame wars, but almost always the discussions were, ironically, very constructive, nor could I find the same type of discussion anywhere else.

JoeAltmaier 1 day ago 2 replies      
I also find the quality of answers, and of questions(!) poor. A little googling usually finds better information. And then there's the line-going-dead issue that plagues most question/answer forums (fora?): after some back-and-forth somebody suggests to try something, and the supplicant never responds. Did that work, and they went on with their life? Did they give up? Are they still trying to find an answer? Nobody will ever know.
georgemcbay 17 hours ago 0 replies      
Somewhat tangential to the OP but as someone who is much more of a consumer than a contributor, I've become increasingly less enamored with Stack Overflow over the years just because of the vast increase in times I'll search for some exact issue, find a link where the question exactly matched the problem I'm having, see that it has an answer with like 10 upvotes, find the answer to be wrong either because it is just straight up incorrect or because it is "correct" but not answering the actual question as asked, and often I'll see a comment to the answer from the original asker mentioning that the answer is wrong, but then no follow-up discussion.

I think this may be in large part a negative side effect of the "gamification" because this rarely happened back when usenet posts (searched via deja or google groups) or dedicated forums for topics would be my source for finding programming answers in subjects I was unfamiliar with (new API, new language, etc). In those places if I found a question that matched mine well, and it was answered, there was a very high percentage chance the answer was correct and not just someone guessing or answering half-assedly and too quickly to get in on the karma train.

These wrongly-answered answers seem to dissuade others from answering (question too old, already sort of answered, nobody will see my correct answer and upvote it), so this wrongly answered question just lingers seemingly forever. If the moderators spent half the time pruning out these wrong answers that they do closing topics that are borderline off-topic, the site would be a far better resource for me.

mathattack 3 hours ago 0 replies      
The OP decries the lack of deep learning. I don't think that was ever the intent. Neither was community. The intent was crowdsourcing a body of knowledge. For this they succeeded. I've also switched to being a provider to user but that's because I don't expect community there.
kyberias 22 hours ago 0 replies      
Why would anyone care whether one Mr. Richter bothers to collect more points in Stack Overflow anymore?

Despite ALL the criticism in the article, it is still possible that StackOverflow is a very useful site.

erikpukinskis 19 hours ago 0 replies      
My problem with Stack Overflow is that it basically feels like a ghost town when I try to use it. The Ember people encourage users to use SO for help, and shut down posts to the Ember discussion board that are too "helpy". But whenever I've asked a question on SO, I've gotten literally zero responses. I have no idea why. Does having a better reputation actually lead to you getting more answers? I don't even know, so I don't bother trying. Many of the things I try to do on SO I can't, because I don't have the right reputation. It mostly feels like an impenetrable, confusing castle full of useful stuff that I can only watch from outside.

Instead, I just blog solutions to various thorny problems I run into, so that other people can find them on Google. And I try to use whatever domain-specific message boards I can find. I just don't understand how to use SO to get help so I don't bother.

And it's not that I don't want to contribute. I've answered some questions on SO and I'd be happy to answer many more than the questions I ask. But my (uninformed) sense is that I could answer questions til I'm blue in the face and no one would ever answer mine. The ratio of unanswered questions to answered ones is insane. It just doesn't feel like there's a community there that I'm joining.

That said, I find it incredibly useful when there's already an SO solution that comes up in Google that solves my problem.

PaulHoule 21 hours ago 0 replies      
To me Stack Overflow is the new "Experts Exchange"

I love Java and I love the Java ecosystem. Stack Exchange serves the Java ecosystem very poorly however.

A lot of the frustration people have with Java is that they try to learn it from a task-oriented perspective, and that really gets you in trouble if you work with Spring or Maven, particularly on a big team. If your first experience is with a 40-module Maven project that is all SNAPSHOT releases, it takes two hours to do a complete build, and there are just two people who understand maven vs 23 developers who get their answers a problem at a time from StackOverflow and who copy each others' bad solutions while adding more problems, of course you hate Maven.

In the case of Maven the documentation sux and you need to read the source code and not be afraid to write plug-ins, but Spring is not so mysterious if you take your tablet to the gym and read the manual cover to cover a few times.

There is no language that favors holistic thinking and punishes "task-oriented" thinking more than Java. For instance, when most developers have to deal with logging it's because things have gotten horribly tangled up with slf4j and commons-logging. Once more, the situation is pretty simple if you understand the big picture, but from a task oriented perspective you're just stumbling in the dark.

robbrown451 14 hours ago 0 replies      
"Over one third of my reputation was "earned" from me doing absolutely nothing for over two years. Indeed I went from the top 4% of contributors at my time of departure to the top 3%, despite, you know, me not doing anything."

I don't see the problem here. He's not getting points for doing nothing. He's getting points for something he did in the past. Sort of like royalties.

tcgv 17 hours ago 0 replies      
Remember how I have over 14,000 points as of this writing? (...) In well over two years I have contributed nothing to StackOverflow: no questions, no answers, nothing. (...) Any scoring system that allows this to happen is simply broken in my opinion.

That's pretty much how our "real world" scoring system works if you think about it. To make it simple, just replace the "internet points" by "money" and your "stackoverflow account" by a "savings account" that pays interest and the analogy is set ;)

insteadof 1 day ago 1 reply      
In four years you should have learnt that it's "Stack Overflow" with a space and that you can only get moderator status when you have a diamond next to your name.

Then again, there are plenty of 3-year+ users with 100k+ who still think moderators are any other users who disagree with them and/or can only vote to close a question.

When you don't want to see the effects of leaving joke questions around as more and more users use that as a reason to increase the noise, then you don't want to see why moderation and locking/deleting needs to take place.

yomritoyj 3 hours ago 0 replies      
I agree with the OP's point that it is mostly the easy questions which get many answers on Stack Exchange. But I don't see that as a negative. Those working in dense communities can get a lot more done because they have the option to quickly ask a knowledgeable neighbour's opinion. Assured of this support everyone gains by specializing more. The Stack Exchange sites bring the same benefits to more isolated workers.
Someone 19 hours ago 0 replies      
"Indeed I went from the top 4% of contributors at my time of departure to the top 3%"

That seems to indicate that stack overflow had considerable growth in the number of contributors, relatively few of which acquired large scores (for example, if there were no 'effortless scoring', they would need 33% growth of users who all have lower scores in order to make the former top 4% become the new top 3%)

That might be an indication that there are fewer users who play the "I want points" game. It would require access to quite a bit more data (who joined when, what do the distributions of scores look like, etc) to prove that, though.

If it turns out that there still are lots of users chasing high scores, I think it might be worthwhile for Stack Overflow to play with different scoring functions. For example, h-index is popular in scientific papers. One could do a SO h-index (has X answers that got at least X upvotes). Maybe, to encourage diversity, one could add "... With X different tags" to the requirement.

pointernil 17 hours ago 0 replies      
While I find Stackoverflow and most other Stackexchange sites VERY often helpful and interesting, I thinks as well that it is the child of the "SEO triumphs it all" times.

Additionally it is geared towards STATIC knowledge. Chosen "best" answers (CURRENTLY!) and the fact that most of the time no one is actually updating their votes according to the CURRENT state of the art or current established best practices actually can even drive info seeking users towards out dated answers...

Still, most of the time I think it works just fine for the folks just in need for quick "how do I convert x into y in language z" answers.

To tackle the non-static, more dynamic and actually fleeting aspects of "voting for the best" aspects I am working on and experimenting with Sustinion


acconrad 1 day ago 1 reply      
Overall I agree, but I think his analogy of feeding fish vs teaching is a bit of a chicken and egg problem: oftentimes today if I'm googling a trivial problem, Stack Overflow is the first result, and I'm actually glad that is the case the majority of the time.
V-2 22 hours ago 0 replies      
Any idea where they went wrong? Any suggested alternative?

Some trivial Java question gets one more points than a brilliant solution for some obscure problem - okay. Isn't that the nature of all things? Is this StackOverflow's fault?

He recommends:

"Engage with other users of the tools you use in the form of user groups, mailing lists, web forums, etc."

Don't "mailing lists, web forums" suffer from the same bias? Even if there is no formalized reward system (points) there?

colemorrison 23 hours ago 0 replies      
Okay, so I literally can't imagine programming nowadays without Stack Overflow. Sure, google synthesized answers may be a cheap way to score points (actually I'd never thought to do that), but people that do that are still saving me time. And even though some answers do skip the art of "teaching a man to fish" there are still TONS that do "teach a man to fish."
Bahamut 1 day ago 0 replies      
I don't really post on StackOverflow - people have tended on the rude side a little more than should be the norm there from my experience. I use IRC heavily though for my programming help needs. SO is nice for its searchability though, and how many solutions to problems are posted there. It has its utility.
FrankenPC 18 hours ago 0 replies      
"The people asking are learning nothing useful beyond the shortest of the short terms"

Not for me. It's my go to place to find syntax equivalent examples for languages I don't typically use. If Google has a universal translator for code, I'd probably use that instead.

cruise02 1 day ago 1 reply      
Under "poor pedagogy" the author explains the "give a man a fish" problem on Stack Overflow, then goes on to explain that giving fish is how he gained most of his reputation. How about being part of the solution instead of part of the problem? No one is stopping you from teaching people how to fish.
archwisp 23 hours ago 2 replies      
I think most of you are missing the point of the article. He targets SO specifically in this article but really, it can be applied to almost any community on the Internet. He mentions Wikipedia specifically but I've seen the same thing repeated over and over on forums, games, and even the IETF for over a decade.

The question is: Is there a way to fix this?

jhawk28 1 day ago 0 replies      
Most of this is just a symptom of Stack Overflow being too successful. It was good when it was just a few thousand good/nice people. Now that it has critical mass, you have to deal with the rest of the people. I doubt that the problems are going to be solved by having good people leave.
yalogin 22 hours ago 0 replies      
Over the last year or so I saw that the community has become too pedantic. I have tried to start some (what I thought were) valid system related discussions by asking open ended questions. They were closed as too open. Having seen some very open ended questions on stackoverflow show up on HN and other places I was really disappointed with it. The users close questions without giving any reason why or how to ask the question properly. I don't ask questions on there frequently and but the quality of my questions has remained the same but the way the community approached it was really different.
nwp90 9 hours ago 1 reply      
Ha. I have never started contributing to Stack Overflow, because it won't let me. It appears that you can't provide answers without first asking questions. When I have questions, I use Google or IRC. Every now and then Google throws up SO questions I can answer (or improve answers to, or point out FAIL in the answers to) on the way to my finding an answer to the original question, and I log in to SO and try to contribute...

So my attitude to SO is pretty much "meh". I'll take useful answers (and sometimes there are really good ones), but if they don't want me to contribute, stuff 'em.

goggles99 17 hours ago 0 replies      
Nothing is perfect, Stack Overflow is a great resource online. Of course it has a few quirks and problems, but why try to bring it down by publicly quitting it and seemingly trying to bring others with you. Quietly leave. Making a noise like this leads me to believe the problem is more with you than SO.

Arguments could be made against contributing to...Helping the homeless,Open source,Hacker News discussions,?ETC

triplesec 13 hours ago 0 replies      
You guys collectively here seem to have nailed it on the points v useful information issue. However, I do like his analysis of the community problems in collaborative sites like SO and Wikipedia as becoming run by an anal-twerp cabal. This is a real social information problem and deserves more thought .thank you to OP for that analysis.
ams6110 1 day ago 1 reply      
I've occasionally found, via google search, a good answer on SO for a question I had. But it's rare. I don't ever think to go there to search directly, and I don't participate in answering questions there.

I find it's much more effective to simply read the documentation of the language/function/feature I'm having trouble with, than it is to try to formulate the precise phrasing of the question that will lead me to the answer I need in my circumstance.

Shog9 20 hours ago 0 replies      
Growing up, a good portion of my summer (and spring, and fall...) was spent helping out in my family's rather large garden.

Most of this involved rather tedious, repetitive labor. So to stave off boredom, we made up games to go along with it. "Fastest to finish hoeing a row of corn", "Most peas shelled in a minute", etc.

It helped. We got a lot more done, faster, and with less complaining because of it.

But... The games weren't really the goal, and no one ever thought otherwise: the point was the creation and preparation of food for the next year. If you "won" by chopping down all the corn or throwing out the unshelled peas, no one would think highly of you for doing so.

Too many people look at games - or especially "gamification" - as a silver bullet that will turn the efforts of lazy and unproductive players into gold... This is exceedingly naive. Any game played in bad faith will have disappointing results, whether the mechanics of that game involves throwing a ball around or answering programming questions.

Is that a good reason not to play? Hell no! Games are fun, and with the right players and attitude can be exceedingly rewarding. But you do need to keep some perspective, to remember at all times why you're playing.

nickthemagicman 23 hours ago 0 replies      
Stack overflow is awesome. I asked a question about message pack and the author of the software responded.

Ignoring the gamification of S.O. the community that surrounds it and the sheer amount of knowledge it holds makes it an incredible resource never seen before in the history of programming.

Sometimes it seems like human beings could live in a golden palace and be upset that the gold is the wrong color.

adrianonantua 21 hours ago 1 reply      
While OP makes some valid points (i.e. community receptivity), this is something that caught my attention:

    > StackOverflow is filled to the brim with people giving fishes.
Perhaps. But those get only a few points. Joel Spolsky wrote about not only answering a specific domain question, but rather writing a comprehensive answer about some topic in a away that it becomes the default answer everyone reverts to when the question comes up again (http://blog.stackoverflow.com/2011/08/reputation-not-rep/)

I tried that. Guess what happened:


Not saying my answer is awesome, but I just tried to be comprehensive on a very recurring SQL topic and the community responded very positively to it.

I get it, SO feels like a game. But I use it to hone my skills and learn new things. When I want to learn, I don't ask on SO: I stick to a tag and keep trying to answer something on it. Learned a lot that way.

Just my 2c.

xwowsersx 20 hours ago 0 replies      
His whole analogy of teaching man a fish vs giving a him a fish ignores the cases where you are not a domain expert in something, aren't looking to be, and don't need to be and you just need some quick help from people who do this stuff day in and day out. But I agree wrt to e/t else.
thehme 23 hours ago 0 replies      
I find it interesting that there aren't more comments on this post; wondering is some Hacker News SO contributes disagree with Richter. I usually find myself kindda needing to comb through lots of SO answers to find something that actually explains a solution to a problem. I think that SO is a site you go to to when you don't have much time to actually learn what need to know. However, I should add that I have gotten good link by contributors that have helped me learn more about the topic of my question. Perhaps this is that we should be doing - sharing validated material that explains the topic one is trying to understand.
datphp 19 hours ago 0 replies      
It's funny to see a guy who spent time on Google to research and answer trivial questions for points call people with more points than him "no-lifers".

Then there's the part about giving fishes instead of teaching how to fish. Duh. That's what the site is about. It's a resource for fishermen. It's a nice place to get samples of fishes you haven't heard of. You're free to just eat them, or study them further.

SO is amazing as a super cheat-sheet. It's not a tutorial, a school or a a forum. It's not Reddit or Farmville. Please stop.

hippich 22 hours ago 0 replies      
From my experience, every answer I came up already fall in two categories:1) Already answered on SO2) Will not get answered on SO

So.... Most of current contributors just fight for points really.

nettletea 22 hours ago 1 reply      
I have a few moans about SO, but I also find it very useful. I bear no flair.

The one thing that niggles me most on the web in general, is continuous reinvention. If you must paraphrase someone else's work then do. However most of the time a simple link would suffice. The same for repeat/similar questions. And it's always good to reference your sources.

unlimit 10 hours ago 0 replies      
I learned a lot from answering questions, I became an expert IMO on regex just by trying to answer some of the questions. My work does not expose me to a lot of interesting stuff, but reading SO does. And yes, I like my internet points. :-)

Also, I hate the new black bar at the top. It is the reason I don't visit the site that often now. It hurts my eyes. :-(

j_s 19 hours ago 0 replies      
I use Stack Overflow because I won't have to re-implement my solutions from scratch at the next job.
robomartin 18 hours ago 0 replies      
I haven't been to SO in months. I haven't contributed with a reply to a question in probably two years. I haven't posted a question in about as long. Same with ServerFault and other SE communities.

I've seen what's happening on SE before. It was called USENET back then. The best way I can describe it is that marauding hordes of extremists aggressively took over some groups mercilessly attacked anyone deviating from their vision of the world. I remember comp.lang.c becoming particularly problematic.

OK, a little over the top. Well, yes and no. One of the most frustrating things on SE and SF are the questions that are closed as off-topic when they very much are on topic. I haven't been on either of those for a while. Back a some time ago there seemed to be a war of sorts going on between the two communities's moderators as they would close topics in each and send them off to each other. For example, if I remember correctly, questions related to XAMPP was a hot-button item that almost guaranteed your question would end-up in digital limbo. In this sense, it very much started to feel like USENET when the inmates took over the asylum.

When I got started with SE I felt a responsibility to give back as much as I took. I remember devoting significant amounts of time to answering questions with well-tested clear explanations. As you clash into the reality of what these communities have become (both in terms of quality of content and quality of the people who pull the strings) the motivation to contribute at that level --or any level for that matter-- tends to go down.

Not sure what's in store for SE. It just isn't an important part of my daily routine in any way these days. I suspect this might be the case for a lot of professionals who have far better things to do with their time and skills than to play such games for points and badges.

lampe3 18 hours ago 0 replies      
if the Author like he says is so good at c++ why didn't he pick the harder questions and does theme ?

If the Author is an expert then answer/discuss questions on your level and most of the issues will be gone...

mattsfrey 22 hours ago 0 replies      
As the years roll by I appreciate more and more the fact I learned how to program back when there was just IRC and if you asked a trivial question all you got was 'RTFM'
wehadfun 22 hours ago 0 replies      
Richter and everyone else go back on stack overflow and answer questions. It is helpful for us all.

You may not get the recognition you deserve but believe me you don't give others the recognition they deserve either.

lien 11 hours ago 0 replies      
I have recently deleted my SO account. Hallellujah! I've gone as far as putting in -site:stackoverflow.com when I need to google something because most of the answers are just white noise.
danso 1 day ago 1 reply      
I want to tell the OP to stop being such a buzz-kill, but the high-scoring example he posts is quite comical (http://stackoverflow.com/questions/2387218/what-does-this-li...).

It seems that most of the OP's angst are over the relatively simplistic points system. In his Java ternary example, perhaps it could be counterbalanced with the upvotes you receive and the worthiness of the question (as marked by stars and upvotes). But then the scoring system would become much less obvious and then you'd have complaints about that.

Either way, even with the deluge of non-useful content...I'm amazed at Google's ability to almost always get me to the most relevant discussion, even with a bare amount of generalizing my search query...and in the cherry-picking testing I've done, the Google search engine usually does a better job than SO's own engine (though SO's related-questions sidebar is also quite good). I wonder if some Googler's 20%-time idea was to closely study the SO API and build an algorithm and quality flags specific to the SO domain, as a way to keep devs loyal to the Google search platform?

flueedo 1 day ago 1 reply      
I got curious about something: What are then the OP's favorite languages since he hates Java and C++?
InclinedPlane 17 hours ago 1 reply      
I have basically the exact same experience with SO as the author. I was in the beta group, I currently have moderator permission levels, and I hardly ever use the site.

It's great finding specific answers to highly specific questions that a large number of devs can help with. It's terrible at keeping many of the most experienced devs interested in answering questions. And it's not great as a general learning resource either. The site just stalls out at a low to moderate level of sophistication in terms of the level of knowledge that can be found there, for all of the reasons the author described.

Edit: after some reflection, here is a stronger critique of SO:

SO leverages a huge amount of effort from developers for very little real benefit. Some of the site has value but a lot of it boils down to moderately experienced devs spoon feeding answers to beginning devs, which I think could be more detrimental than helpful. By doing so such beginning devs avoid the hurdle of having to RTFM, which stunts their growth. They avoid having to level up their skillset and they know that they can just return to SO when they have their next problem, so they are discouraged from acquiring the skills to solve their own problems, they will stall out at a beginning skill level forever. Meanwhile, as many people have pointed out the true point of crisis in skill/project development lies not at the beginning but after the initial hump, after years of work. And here devs are not well served by SO because they need more than just an answer to a specific question, they need guidance, they need mentoring, they need encouragement. SO's nearly pathalogical lack of community makes it a very poor place to seek out assistance during that phase of personal development.

In short: SO may be helping the wrong people and discouraging folks who are more in need of assistance and for whom being helped would have a vastly greater positive benefit on the industry as a whole.

dinkumthinkum 10 hours ago 0 replies      
I feel the same way and in a similar position as the OP.

I don't think #1 and #2 are really a big deal. #3 is the real issue. The problem is SO still follows slavishly an ideology proposed by one of its founders, I think it was not really Joel's views so much if you followed the podcast discussions. This ideology has persisted in the mega meta bureaucracy that is SO now.

Of course, it is always funny that their presumable goal was to be the destination for technical for answers but yet any question you might google and find answers on StackOverflow, the answers will, with a probability of nearly 1.0 that it will be locked, closed, and marked some kind of horrible thing that should haver appeared on the site. Good job, I guess. If SO was meant to fix the wretchedness of forums .., what fixes SO? I don't know. But with the fury that it attacked the other forms of communication I just expect more than endless "philosophizing" about "what makes a good question" and all this meta ideological nonsense. Maybe it's just me.

daphneokeefe 22 hours ago 0 replies      
The site appears to be overwhelmed. Server error 500
SteveDeFacto 22 hours ago 0 replies      
Did he ever think that stackoverflow is about building a library of questions and answers so it is easier for people to find answers on Google?!
vfclists 23 hours ago 1 reply      
SO must change their rules to make those who downvote or vote to close to give their reasons, and they should give the OP enough time to amend the question or explain themselves if the question is not clear enough.
dobbsbob 22 hours ago 1 reply      
Everytime I google a question and get a stack overflow result, it is always an unanswered and locked question for silly neckbeard pedantic reasons.
Don't want your laptop tampered with? Just add glitter nail polish wired.com
212 points by rdl  1 day ago   79 comments top 24
haberman 1 day ago 1 reply      
This reminds me of 1984, where Winston placed a speck of dust on the corner of his diary. He knew he couldn't prevent the authorities from reading it, he just wanted to know if they had or not. However (spoiler alert) he learns at the end of the book that they were careful to put the speck of dust back just where he left it.

This is like that, except it (hopefully) would actually work.

sillysaurus2 1 day ago 4 replies      
EDIT: Holy smokes. I wasn't trying to be inflammatory. Sorry. I was only saying not to trust that this is an absolute guarantee that your laptop hasn't been tampered with.

Even the top comment is misleading -- "this doesn't prevent tampering, it just makes it obvious to you, as the laptop owner, that your machine has been tampered with. Still useful, but then what are you supposed to do about it?"

This method provides no guarantee of detecting tampering. It provides a guarantee that if an adversary is dumb and unaware of this method, then they may break the seal and get themselves caught. But it's a bad idea to be confident that the seal itself is evidence you haven't been tampered with.

Would anyone please explain which ideas are mistaken and why?

nicolethenerd 1 day ago 4 replies      
Misleading title - this doesn't prevent tampering, it just makes it obvious to you, as the laptop owner, that your machine has been tampered with. Still useful, but then what are you supposed to do about it?
source99 1 day ago 2 replies      
I thought this was gonna be an article about making your laptop look like it belonged to a 14yr old girl and therefore uninteresting to the NSA.
rdl 1 day ago 0 replies      
Hi -- this was a fun talk to give.

The big point which wasn't so clear is that seals are not locks. Seals exist to identify tampering; locks exist to prevent it. We use a software tool (and remote network service) to turn seals into (electronic) locks, which is kind of cool -- the integrity is measured locally using a trusted device (iPhone for now, eventually something better), verified remotely, and then a 2FA token is returned.

Glitter nail polish is maybe 70% good for this, but has the huge advantage of being widely available. Part of the goal here is to travel completely "naked" to a country, then buy a random local laptop, other local stuff, and tools, and then be able to re-create your capabilities. There are some custom conformal coatings which are brittle, much harder to pry off, single-layer, etc. which we've played around with which work much better. Plus actual paper/tape/plastic seals, and indicators already in devices (manufacturing defects like the grain of a casting).

Hooking this stuff into conventional security measures (MDM, VPN, FDE, various access control, etc.) is the ultimate goal; it's useless to detect tampering if your data is all they're after and unencrypted, after all.

My coauthor Eric Michaud is a former safeguard seals guy from Department of Energy's VAT, probably one of USG's top 3 seals programs (and probably one of the top 10 seals groups in the world), and has a physical security company (and is a lock expert), so I've been learning a lot from him about that technology.

praptak 1 day ago 0 replies      
This Slasdot article: http://m.slashdot.org/story/28566

describes a similar technique - glass spheres in transparent epoxy resin creating an uncopyable optical fingerprint. One of the comments states that tinfoil pieces in clear epoxy photographed from several angles were used as tamper proof seals during the cold war era.

DanAndersen 1 day ago 0 replies      
"He put the diary away in the drawer. It was quite useless to think of hiding it, but he could at least make sure whether or not its existence had been discovered. A hair laid across the page-ends was too obvious. With the tip of his finger he picked up an identifiable grain of whitish dust and deposited it on the corner of the cover, where it was bound to be shaken off if the book was moved."
wyck 1 day ago 0 replies      
Wax stamps, for the internet dark age.
Theodores 1 day ago 1 reply      
Just buy a HP/Compaq CQ series notebook and make sure that you aren't going to be parted with it for more than the ten hours needed to get to the hard drive. Simple.

Jesting apart, who has not had screws fall out or work loose from a Dell or HP laptop? The likelihood that the screws are in differently due to some secret spy type of person opening the machine is quite unlikely compared to the high likelihood that they have just worked loose of their own accord.

ThatGeoGuy 1 day ago 4 replies      
There is an interesting comment in the original article, that I wasn't sure about, and figured I'd bring up here:

"There was always a question that bogged me. Imagine you are called aside to do a routine border check in airport security area. Imagine they want to inspect your laptop. Can you refuse to surrender your password which encrypts the whole disk? Is there such right to say "Nay, what is mine stays mine"?"

As somebody who is not from the USA, are you allowed to ask that they perform any security checks in front of you? Are you allowed to ask for the TSA agent's supervisor and have them walk you through each of the steps?

I guess one obvious solution is to carry the laptop/device with you on the flight, and leave the battery/adapter in check luggage, but this becomes more difficult when you consider tablets, phones, and the like. Thoughts? As somebody who may travel to the USA one day, I'd like to hear what kinds of situations you might end up in playing games like this.

auctiontheory 1 day ago 0 replies      
Assuming you were carrying secret information on a business or government trip, wouldn't you carry the data on your person in an encrypted USB drive, with a blank/vanilla OS install on your laptop? That seems more efficient (and effective) than all this glitter spraying and photography.
vacri 1 day ago 1 reply      
By taking the picture with a cellphone that is kept with you at all times

... wait a minute, I remember seeing this earlier...

Border areas can be especially dangerous, as authorities can confiscate a laptop or cell phone

gesman 1 day ago 0 replies      
It's more about "knowing" that your laptop was tampered with.

Nothing about "preventing" it from happening. Or knowing "who" was tampered with it.

Big difference.

rexreed 1 day ago 1 reply      
How are you supposed to glitter over a laptop's ports?
hapless 1 day ago 0 replies      
This won't stop firmware attacks.
dzhiurgis 1 day ago 1 reply      
I can already imagine US border officer asking "Why do you keep a bottle of nail polish? Are you a terrorist?"
ramy_d 1 day ago 0 replies      
Is there a substantial risk of mailing your hard drive to your destination and simply travelling with a hollow computer?
PavlovsCat 1 day ago 0 replies      
Relevant section of the talk (about all sorts of seals, not just nail polish):


sfrechtling 1 day ago 0 replies      
Based on the comments here, I can see that this tamper evidence method is not foolproof. Is there anything that is better (harder to detect, harder to replace even if known about)?
itsybitsycoder 1 day ago 0 replies      
If this got popular, I'm not sure how easy it would be to detect if someone broke your seal, replaced the screws/stickers as they were and resealed it with a clear topcoat of a similar gloss level.
altero 1 day ago 1 reply      
Perhaps encrypt HDD and store boot loader, kernel and keys on USB?
atmosx 1 day ago 0 replies      
Uhm, well that's another level of paranoia all together. The more solutions the better, even to problems that we (me at least) most probably will never have (or at least, I hope so!).
judk 1 day ago 1 reply      
This article is useless without pics
randall 1 day ago 0 replies      
The Disinformation uncrunched.com
208 points by aaronbrethorst  1 day ago   79 comments top 19
tptacek 1 day ago 8 replies      
I can't imagine how this situation could resolve itself in a way that will make The Information look good. If you weren't aware, it's a publication that asks for more than $30/mo, in exchange (literally, this is the point) for not running clickbait and keeping the signal/noise positive.

I was happy to pay a buck a day for that service, but to pay for it and then see them run misleading clickbait makes me feel dumb for paying.

Cancelled subscription.

jmduke 1 day ago 4 replies      
Its extremely frustrating to have your words rearranged, edited and taken out of context to make it seem like youre saying something you arent.

This is absolutely absurd, coming from Arrington, who twisted Jamie Zawinski's words from an anti-crazy-work-hours rant into rallying cry for gullible programmers to "work hard, cry less, and make history":


austenallred 1 day ago 1 reply      
As Hamish McKenzie wrote in his piece about Elon Musk battling the media: (http://pandodaily.com/2013/11/13/why-elon-musk-is-right-to-f...)

<quote>"There is no established rubric for peer review in the media; adherence to truth is largely a matter of self-regulation. Instead of peer review, in which experts check the work of other experts, media has editors and fact-checkers. Often, those people are not experts in the matters their institutions are covering. Worse, sometimes they are novices on subjects ranging from climate science to jet propulsion to even basic statistics.

But they still get to control the headlines on those stories. They still serve as the major conduit through which the public is informed about what are often intrinsically complex but extremely important matters. And even with strong editing standards in place, it is inevitable that some of the reporting for which they are responsible will lack crucial nuance or just be plain wrong."</quote>

I don't get the sense that the reporter was trying to mislead, but she was doing what reporters always do; twist what was happening into a narrative that they had concluded existed before they began researching and writing the piece. Something contradicts what you have to say? Discard it, and search for something that fits your story. Just like when you would write an essay in college; you're making a claim, and backing it up.

The same is true of events. Creating a story by asking some people questions and trying to bind their responses into a single narrative with one story that makes sense is often-times impossible. Not because the reporter is doing a bad job, but because their task is impossible. The war in Syria is often shown as two warring factions, when in reality there are dozens of groups who play off each other and fight against each other at different times. Even the armies themselves are trying to piece together who is fighting for and against whom today; to expect a reporter to do so is absurd. But thats exactly what we do.

How, then, can we have any hope of gaining a definitive understanding in the world, if even people paid to do so full-time have difficulty grasping it? Maybe there isnt any. Life isnt simple, people arent just good or evil, and situations are never binary. Maybe were not ever supposed to look at whats happening in the world and say, I understand now; its simple. Because its not. If we think that were probably missing a lot of pieces of the story.

syllogism 1 day ago 0 replies      
> And really, three sins were committed. The first was changing a quote. You just cant do that, ever

What utter nonsense!

Unscripted speech, especially under cognitive load about complicated topics, is disfluent. About 5% of the words you speak will be edited on the fly, and not part of the final utterance to be understood. Many professional speakers train themselves not to do this, but even many politicians at the peak of their profession will remain disfluent in unscripted remarks.

Interviews are _always_ edited for fluency. You make someone sound like a bumbling idiot if you supply a verbatim transcript.

gasull 1 day ago 0 replies      
I think there's a smear campaign against Silicon Valley right now. ValleyMag is the main agitator, but not the only one.
tomphoolery 1 day ago 0 replies      
I'm just laughing at the pissing match. Kinda funny that one would PAY for the lowest-quality journalism on the planet. This is like if Pitchfork started charging $200/year just to read it.
caprad 1 day ago 2 replies      
Good to see people coming out in support of this horrible editing, and I hope the trouble makers see that it is taking the discussion away from what is important.

Why attack someone like pg over this? Is the attempt to shame him into being more women hacker friendly? Isn't he already going out of his way to support women?

shitgoose 1 day ago 0 replies      
We should pitch in and pay her for retracting the story and apologizing. 10k for retraction seems to be her standard fee and another 5k for an apology should do it.

(Donation address: 1CDdg67uEt6xpzapzGZc1m6JiUF1KAhFqH)


minimax 1 day ago 0 replies      
A ton of upvotes for a Michael Arrington lecture about what is and is not legitimate journalism shows just how fickle the HN crowd is. You guys are silly.
bagosm 1 day ago 1 reply      
I am really surprised that none has actually read the transcript. Here is a quote from the next question in the transcript:

Eric: What youre saying is that theyre not out there to be found?

Paul: I dont think so. I dont think so. It is changing a bit because its no longer so critical to be a hacker

So PG's views are actually exactly that - in general no suitable female startup founders exist in the world. That isn't bad per se as an opinion, or makes him misogynist, I'm just surprised how people that have a positive outlook of someone can defend them even in a clearly wrong situation.

Btw I'm not affiliated with that news website in any way, just couldn't bare to see a community - that is normally so ornithological - go crazy over defending someone who doesn't deserve it.

michaelochurch 1 day ago 2 replies      
This is a case where "disruption" is bad, because "disruption" usually involves overhaul of older ethical principles that emerged after decades of missteps.

Journalism is being disrupted (and has been for over 30 years) and the result is that reliable, just-the-facts is getting overrun by this nonsense.

People are comparing this to Valleywag. Actually, I like Valleywag. I think it's great. It is exactly what it says it is, and it's helping to break down VC-istan's image and prestige, which is exactly what it will take to save Real Technology. Valleywag is, perhaps unintentionally, tech's best friend right now.

This, on the other hand, is a five-alarm fuckup. You do not alter peoples' quotes like that, or lie to them in the way that PG was lied to, and keep your reputation. The old newspapers and journalists (with very rare, if high-profile, exceptions) knew that; but a lot of these post-disruption actors seem not to.

keypusher 1 day ago 0 replies      
The right thing to do here was for them to apologize for taking a quote out of context and fire the reporter. Now that ship has sailed, I think her magazine is probably toast.
ballard 1 day ago 0 replies      
News, apart from investigative journalism, is mostly gossip with a patina of occasional respectability.

But by news being essentially gossip, it's something there's plenty of, like artistic talent, so there's not much money in it. That's because there's a positive gradient of information from people that will tell you for free.

increment_i 1 day ago 0 replies      
What's truly amazing is the lack of foresight in all of this. If you're a tech company doing tech reporting, why in holy hell would you misquote or spin - or by ignorance allow to be spun - a quote from Paul Graham? How did they think this was going to end for them?
chatmasta 1 day ago 0 replies      
Does anyone else appreciate the humor in the juxtaposition of parodical wordplay between "disinformation" and "uncrunched?" :
gesman 1 day ago 1 reply      
"Power relationships" is about an influence to not publish a story to begin with.

Need to "kill a story" (including an ability to kill it by paying) is a sign of lost power.

From both sides.

norswap 1 day ago 0 replies      
Meanwhile, people who have better thing to do than to listen to drama queens carry on with their lives.
etanazir 16 hours ago 0 replies      
Taught to be a hacker? lol.
jayferd 1 day ago 1 reply      
why are we still listening to arrington again?
Girls Who Code avc.com
207 points by yurisagalov  2 days ago   368 comments top 28
lkrubner 2 days ago 13 replies      
One fascinating aspect of this is how bad the post 1990 startup culture has been for women. There was something about those big, boring corporations of the 1970s and 1980s that actually gave female hackers more acceptance than what startups have offered.

You can see female interest in programming change in the charts on these pages:


Note that those graphs show raw numbers, not a percentage of the population -- if you adjust for the growing population, female graduation rates in computer science peak in the 1980s. As it says in the text:

"As a share of all CS bachelor's degrees granted that year, females had slipped almost 10 points, from 37% in 1984/1985 to 27% in 2003."

A family anecdote: my mom was working on her Phd in urban planning back in the 1970s and her advisor said to her "You know, in the future, many of these issues of traffic and resource allocation will be resolved through computer simulations, so you should learn to program." My mom thought that was a good idea so she took some classes and learned basic programming. She does not recall feeling like an outsider in those classes: the computer field was still new and felt wide open.

Nowadays a lot of startups talk about the need for "culture fit". This tends to limit the diversity of the gender and race and class of who is hired. For contrast, consider people like Evelyn Boyd Granville, and her acceptance at IBM.


Here on Hacker News we also discussed the story that Raganwald posted, about another black woman at IBM, though that article is now offline:


If IBM applied a filter of "culture fit" then these women would not have been hired. But IBM, and many of the big corporations in the USA, followed very liberal policies that promoted diversity in the work place.

There were some startups from the 1950s and 1960s that broke new ground in terms of diversity. Ray Kroc built up a small startup called McDonalds and in a quiet way he made feminist history in his treatment of June Martino. She was initially hired as the bookkeeper, but she was later entrusted with vast responsibilities and finally, in 1965, when McDonalds went public, she was given shares in the company, exactly like any other cofounder of a startup. This was apparently the first time in history that a woman was treated as a real cofounder and given stock.


If you look at the numbers, it seems clear that the emergence of the tech-based startup scene, in the 1990s, changed things for women. The startups have not emphasized hiring diversity. The startups tend to emphasize culture fit, and they were doing so even before that phrase came into existence. Why this should be, I am not sure. There have been startups in the past that have emphasized diversity in hiring, so I am not clear why the current generation of startups cannot do so. But what is clear is that it is not a priority for them. The big and boring corporations of the past did a better job of creating spaces for women in tech.

Edit to add: to avoid being overly innocent, we should note how much the talk of "culture" is sometimes a smokescreen to hide power dynamics. Shanley Kane said "In Silicon Valley, and the tech industry in general, a lot of people were giving these talks about what their culture was and it was really superficial and focused on the privileged aspects of the company like free food and massages." Here on Hacker News we have already discussed the post "Google's 'free food' is not free" but it is worth remembering how much the talk about "culture" is just a negotiating tactic.


overgard 2 days ago 6 replies      
When I hear about this being a cultural thing, an important aspect people leave out is that men aren't exactly encouraged to be coders either. Writing code has pretty much no social cred until you're out of school, and pretty much automatically gets you tagged as a nerd. No coder I know started coding because it was cool, they just sort of enjoyed it and accepted the social consequences.

I'm just going to throw this out here: only about 10% of nurses are male. Yet I rarely hear about the cultural problem of not having enough males in nursing, or how we can encourage more male nurses. Same goes for elementary school teachers. Why is that?

Just because there's a gender imbalance doesn't necessarily mean anyone is keeping anyone out. And if a few insensitive comments can keep you from doing what you want to do in life, maybe that's something you have to deal with -- there's always going to be haters no matter what you want to do.

gfodor 2 days ago 4 replies      
I have to thank Valleywag for doing me the favor of helping me prune people who lack reading comprehension from twitter. I'm still kind of amazed how so many people un-ironically cited valleywag in their tweets.

It's pretty obvious what pg was saying in this particular "smoking gun" quote: that figuring out a way to get more girls interested in programming at 13 is an incredibly important and hard problem. The willingness for people to quickly swallow and parrot a 1-dimensional narrative of "Paul Graham, sexist pig" based upon a few quotes taken out of context in a highly edited, 3rd hand rage-blog by fucking Vallywag is the type of behavior I expect from political spinmeister hacks trotted out on the 24 hour news channels, not from smart people who I respect.

Alex3917 2 days ago 2 replies      
Apparently the definition of sexism is now just not telling women what they want to hear. The vast majority of the criticism of pg's answer that I saw wasn't even claiming that he was wrong, but just calling him sexist because his answer wasn't masturbatory enough. C.f. https://news.ycombinator.com/item?id=1840377
pnathan 2 days ago 1 reply      
In tech, saying anything about gender is an opportunity to be lambasted vigorously. But I think I can contribute something.

Having read what I could over the years on the academic side of "women in tech" (i.e., academic research studying the matter, rather than opinion pieces), the consensus seems to be that the early teens are the time where the decision is taken to move away (or not) from STEM fields. That is part of why the Girls Who Code initiative & others like it is such a big deal.

There are a lot of different factors and stereotypes playing into the decision to exit STEM tracks, but among them are - "unpleasant male geeks", "programmers work alone", "girls don't need to know math", "boys figure things out" and so forth. (Clearly these are a subset of examples, and also clearly not all of these are 100% influential for any particular person, place, time). So the stereotypical 13 y/o girl and her interest in STEM is actually the target of a lot of research and policy efforts.

There's also a self-reinforcing aspect to this: heavily gender-coded places aren't typically presenting a welcome to people of the other gender. I read a academic paper on this in the last several years, but can't recall the experiment in detail or the citation. The implication is that a workspace festooned with seriously masculine widgets often tells many women that, "hey, man cave here. not so welcome".

For the interested person, the academic experiments are usually well done and their results, while not always surprising, clearly quantify certain sexist aspects in the tech world.

fiatmoney 2 days ago 1 reply      
No one seems to talk about where these girls are being pulled from, as if labor shifts don't have two sides. What often seems to happen in initiatives like this is that all the sectors which decide they need higher female participation end up fighting over the same pool of "high-achieving" (high IQ, upper class, family connections) individuals. "We need to shift women from MBA programs into comp sci master's programs" doesn't quite have the same ring to it.
codex 2 days ago 1 reply      
In a far off land, bounceyball was the national sport. A funny cross between basketball and volleyball, it was hugely popular, and to be a professional player was considered the most prestigious occupation.

A minor scandal erupted when was noted that there were few women in the co-ed national league, and a huge about of effort was made to recruit female players. Every family wanted the prestige, fame, and fortune that came with having a daughter in the league. Male players wanted more females playing so it didn't feel like a damn sausagefest all the time, and to help with dating (for some odd reason, most male bounceyball players were surprisingly unattractive).

Eventually it was suggested that the problem lay upstream, so major efforts were made to recruit teenage girls for the middle and high school leagues, which were also coed.

However, for some reason this attempt also failed.Finally, an anonymous poster on the Internet noted that, as a broad generalization, taller bounceyball players were more suited to the game, scoring more points. Perhaps a gender difference in height was to blame, discouraging female players and hurting them in the draft. The poster tracked down these differences in height to a disparity in average male and female birth weights, and suggested that perhaps a cocktail of experimental prenatal hormones (primarily testosterone), continued until age 15, would do the trick.

The anonymous poster was promptly downvoted and the discussion turned to topics of sexism, discrimination, and cultural bias in the bounceyball leagues. Various horror stories were recounted by female bounceyball players and a new round of self-flagellation began among those in the industry.

jayhuang 2 days ago 0 replies      
A place I worked at previously had a manager who managed 2 small teams. One that did analytics, and another that did media/communications, for a total of about 10 people. On my first week of work, we had a meeting and in the middle of some discussion, he literally said "girls are better than guys. If I could, I would hire only girls". No specific reason, just girls are better than guys (he had 3 daughters though, so I don't know if that was the reason). It still blows my mind to this day that he said that out loud.

At one point we had a female intern who was on a 8 month work term. 3 months into her workterm, the manager offered her a full-time position, not contingent on her graduation (she was in 3rd year and planned to return to complete school). Now I'm not anyone to judge, but I will say her performance wasn't particularly impressive, especially compared to other interns on the team, one of who (male) had already graduated, interned for a total of 20 months, and took on plenty of duties. 5 months into the workterm, she ended up wiping a ton of live data of a fairly important legacy application, effectively costing the company a few hundred k. A year later she's working there full-time as expected, but from what I understand, she didn't end up graduating anyways. The male intern worked on that team for 13ish months, then finally got full-time through a different team.All I will say is that this company is one of the tech giants.

I agree we need more females in the field, but like many other people have mentioned, lowering the hiring bar in an intentional effort to hire a female hacker isn't very helpful. The problem is we're not producing enough qualified women, and overcompensating to fix that is not a good long term solution. There are plenty of very talented female hackers, and we do need them, but we also need to fix the root of the problem, and not intentionally skewing hiring to meet level of acceptable gender diversity.

Women in the field also face other challenges, such as not being as vocal as males when it comes to promotions/raises, so it's common for them to have lower salaries than their male counterparts. There are lots of issues females face in this field, but let's look at fixing the root cause.

davidf18 2 days ago 1 reply      
I am a male who started programming in my early teens on large computers at a major tech university along with other boys who were passionate about programming computers (and working on bicycles, in garages, etc.). We tried to get girls interested but they were not interested in programming computers, they had other interests which is alright.You do not need computer science course to start programming. What you need is a passion and what is very helpful is the assistance of someone who can help you with your questions.

75% of the graduates with PhDs in psychology are women and the fields of fashion and ballet/dance are dominated by women by you never hear calls for more males to enter these fields.

IMHO, computer programming, like medicine are fields that one should not enter unless they have a passion for the field.

Autism research Simon Baron-Cohen speaks of the differences between male and female brains. Boys are 8 times more likely to be autistic than girls. Autism (and the related Aspergers) and very good at systemitizing but bad at empathisizing. Females are more likely to be empathizers than males. Of course there is overlap and some women are better at sytemitizing than some men and some men are better at empathizing than some women, but that 8:1 difference in Autism in boys over girls probably is an indication of the imbalance of boys over girls who are passionate about programming computers.

See: http://en.wikipedia.org/wiki/Empathizing%E2%80%93systemizing...

These are three on-line tests from Baron-Cohen that help determine your EQ and SQ (empathizing quotient and systemitizing quotient).




sbt 2 days ago 1 reply      
I hope PG doesn't get too frightened by the press from this and stops being his usual honest plainspoken self. We need more people like him trying to portray an accurate map of the territory, rather than being afraid of how quotes may be spun by cheap journalists.
kn0thing 2 days ago 2 replies      
What great timing. BTW, thanks to all of you who backed my crowdtilt to bring BlackGirlsCode to Brooklyn!https://www.crowdtilt.com/campaigns/no-sleep-till-brooklyn-f...
HaloZero 2 days ago 3 replies      
It sounds like Harvey Mudd's program improves female enrollment but it's just seems like a good idea in general

The quick program for Harvey Mudd seems to be1) Make the problems more practical in application (ie controlling a robot, modelling a disease) 2) Giving students choices in what problems they are interested in3) Segmenting students according to skill set, thus putting people who have been programming in another course that will match their pace better and allowing students who are more new to have their own pace.

athesyn 2 days ago 2 replies      
> There is a lot of systemic bias in the system against young women taking this kind of direction with their studies and their career.

I understand there is cultural bias, but systemic? There are more women attending and graduating college than men, they're more economically prosperous in their early twenties as well.[1]


rokhayakebe 2 days ago 5 replies      
I am a man.

These initiatives will simply not work. Imagine "Men Nurse."

Many women SIMPLY do not code for the same reason many men do not code. Most of us were not exposed to the science as kids, hence step 1 is to make Programming mandatory. Note I say programming and not C.S.. I am an amateur programmer and I can say wit confidence that this is as fundamental as basic arithmetic. Full stop.

I frankly wish they shut down "Girls Who Code" entirely and all the likes. Instead we can put our efforts into teaching everyone to code: "We Code." Because once someone does something as simple as print (2+2)-(3-2) or print $first_name + $last_name or (my favorite) <html><h1>The Website of Me</h1><p>My name is Joanna. This is my first web page.<img src='..'></p></html>, once they do this, there is simply no going back for them.

11thEarlOfMar 2 days ago 1 reply      
This is interesting: Of the 100 top academic authors in computer science today, per Microsoft, 96 are male: http://academic.research.microsoft.com/RankList?entitytype=2...

The owner of this site appears to be a woman. Again, 20 males: http://www.bestcomputersciencedegrees.com/author/2admin/

And there is a preponderance of white males in the annals of computer history: http://inventors.about.com/library/blcoindex.htm

Even among software professionals, there is divergence in the types of roles women take vs. men. Search LinkedIn (3rd & everyone else) for SQA, and you get about 25% women. Search "Full Stack" and you get about 10% women.

Is this really YC's problem to solve?

jlees 2 days ago 0 replies      
I'd like to call attention to this part of Fred's post which many of the sub-threads appear to have overlooked:

Instead of turning Paul's comments into a blogosphere shitstorm, maybe we would all be better off staring the issue in the face and thinking about how each of us could help make a difference on this issue

How would you help a 13-year-old -- of either gender? -- get interested in programming?

Raspberry Pi? PyGame? Lego FIRST robotics? How can some of these initiatives be spread more widely to those who maybe don't have supportive family or communities to encourage their nerdy, high-school-pariah interest in tech?

newnewnew 2 days ago 0 replies      
I don't think we've come anywhere close to rejecting the hypothesis of some kind of innate personality and ability differences between male and female. Men are higher represented in diseases like autism, which involve lower social functioning/higher affinity for the abstract. Men score higher on Math SAT[1], despite the school system being tilted more and more in favor of female.

More women than men graduate from college and women have flooded into traditionally male majors in the sciences. There are plenty of female biologists and doctors. But they have not penetrated the most mathy majors, like engineering or Math itself.

Maybe men and women aren't interchangeable cogs, and some combination of difference in interest and average ability will always mean that the way to get females into your tech company is by having a big non-software department.

[1] http://www.aei-ideas.org/2012/09/2012-sat-test-results-a-hug...

danso 2 days ago 4 replies      
One of that impresses me, and kind of amuses me, is how PG will talk these issues out, even though the danger of being misquoted or misinterpreted is much higher than the chances of being appreciated, especially for someone in his position. The phrase "God knows what you would do to get 13 year old girls interested in computers?", as a standalone statement, is ripe for ripping apart. But I think in its context, it only expresses his frustration at the problem, which is much, much better than the apathy expressed by others. It's a problem with much more societal and institutional inertia behind it than just VC men looking down on female entrepreneurs, or even tech companies being discriminatory. He's absolutely right to say that the focus should be on early education, and if anyone knows the best way (on a timetable that would satisfy current observers) to implement that, then they should speak up.

In terms of current harmful perceptions that can be stamped out in the short-term...I think the belief that females aren't genetically cut out to be programmers is one. The "world's first computer programmer" was a woman and COBOL, of course, was invented by Grace Hopper. These women were pioneers in early computing at a time when women were still struggling to be recognized as equal citizens. To argue that women can't make it as hackers is like arguing, post-Jackie Robinson, that blacks can't develop professional baseball skills. The lack of women computer scientists and programmers today more likely point to institutional/cultural problems rather than genetic ones.

coldtea 2 days ago 0 replies      
>There was something about those big, boring corporations of the 1970s and 1980s that actually gave female hackers more acceptance than what startups have offered.

Yes: a 9-5 job mentality and a lack of emphasis on nerdy type hackers doing their thing.

lauradhamilton 1 day ago 0 replies      
I don't understand all this excitement about the magical age of 13. Personally, I've never stopped learning--whether it's analytics, business, software development, or machine learning.

I don't think it's any harder for me to learn stuff now at 28 than it was when I was 13. If anything, it's easier, because I have a much wider baseline of knowledge that I can use to reference things. For example, I learned set theory in high school => I can apply that to relational databases today.

I do know some people, both men and women, that sort of stopped learning new stuff in their twenties, and now they're pretty much stuck. They can't keep up with technology changes (e.g., how does the router work) and they don't have a good baseline for learning new stuff. Nor the will.

midas007 2 days ago 0 replies      
Mandatory plug for:

Free Ruby on Rails workshops [sf] for women and their friends


It's run by the same folks that run the SF Ruby meetup (the huge one)... they're neat, chill folks.

yetanotherphd 2 days ago 0 replies      
One thing that came out of the discussion in the last article on this topic, was the people who support this kind of affirmative action were very interested in hearing from HN posters who opposed it (especially men), so they could understand what our reasons were, and a respectful discussion could be had. In response to this request, here is my opinion on the matter.

In fact, I think there is truth to what both sides say. On the pro AA side, it is true that women probably feel unwelcome in the tech industry. Even when men don't do anything consciously to exclude women, programming culture revolves around certain attitudes and mindsets that are associated with young men in our culture. E.g. being interested in science fiction, being obsessive about one's work and hobbies, . None of these things are strictly related to programming, and an excessive focus on them makes it harder for women (and minorities) to enter the field. The fact that male programmers are attracted to the minority of female programmers doesn't help with this feeling of unwelcomeness, in fact it adds to the awkwardness (although I think that most of this is completely innocent and could not be called harassment, and actual harassment is rarer in our industry than others).

On the anti-AA side, I think that women, due to reverse-discrimination and old fashion chivalry, are objectively advantaged in every field. Furthermore, some things that would seem to advantage men like long hours, stressful work, and being judged on results, are not bad or discriminatory in themselves. But they will tend to favor men over women because our society provides greater incentives for men to obtain money and positions of power. When people talk about work life balance, what they really mean is that the industry should stop providing people with an opportunity to advance their career by putting in extra time and effort.

Thank you for hearing my opinions on the issue, and I hope more people who oppose AA will answer the call to explain their viewpoints.

Roboprog 2 days ago 3 replies      
My daughter doesn't code, but she and another friend of hers do a lot of work to find, get and set up game emulators and related wares.

Motivated to do light "sys admin" work, but not coding, I guess.

robomartin 2 days ago 0 replies      
> Paul asks "God knows what you would do to get 13 year old girls interested in computers?"

(My comment, repeated from the other similar thread that got go superseded by this one)

The problem of getting anyone, young or adult, interested in a subject --any subject-- isn't one with a simple solution. Technical subjects have the added difficulty that they require you to use your brain in non-trivial ways.Given equal exposure to the subject matter, I fail to see how a male or female subject would react differently to the idea of learning that subject. This, of course, assuming that both the male and female subjects got to that moment in time with a similar educational and perhaps even cultural frame of reference.If a mother only ever bought a little girl frilly pink and shiny things, well, it is probably unlikely that as a teenage girl or an adult woman she would even remotely show interest in learning more technical subjects. She will probably be a dancer and go into the arts or some other less "brainy" occupation. That's not to say that there aren't exceptions to this, but they are probably few and far between.

The same is true of boys. If they are brought-up in front of a playstation, shooting at things, playing sports, and well outside of more academically focused areas he will probably grow up to be a jock and then move on to careers that do well when you use half your brain. Hell, he might even go into sales!Things are vastly different if you feed your kids a constant diet of what they should be learning in order to operate at a different level when they are older. My teenage son finished MIT's CS 6.00.1x course just a few weeks ago. That did not happen magically. That was a lot of work. For me and for him! And that also required a lot of work to get to the point where he could even be shoved into that end of the pool.

My little girl is too young to think about formal learning of these kinds of subject, but this year she got introduced to Lego robotics and is starting to like it. Yet, the situation is exactly the same: It requires a ton of time and dedication on my part --as the designated nerd at home-- to keep her exposed to such subjects and make it fun. I have to get silly while teaching something useful. I have to figure out ways to make robotics fun, silly, exciting and something she wants to do. We don't buy lots of silly frilly things for her. That said, I have to tell you, it is hard to fight both genetics and exposure to such things through her peers.

I guess my message is that parents needs to be very engaged and active in bringing up a child into the sciences and technology. It will not happen by osmosis. And, I really don't think gender makes a huge difference. It might change the approach, but I don't think it is the primary determinant of success or failure.One way I've explained this in the past to friends who marvel at what my kids are doing is that this is like a Formula 1 car drafting a car in front of them. You need to drive well and use a lot of effort to get close enough to be within the zone where drafting happens. Up until that point you are using a lot more energy to chase the car in front of you. Once you get into the drafting zone you need less power to maintain the same speed. Yet, you still need that foot solidly planted on the accelerator.

With kids you have to push, push, push. I have navigated through really frustrating moments when I've gotten angry because I couldn't understand why he (my oldest son) didn't just grab that book I bought for him and launched himself into software development nirvana. Of course, I always reflected upon these things and never externalized them --not much of a motivator to yell and scream at your kid about learning something-- and realized that (a) he is still young and (b) we are not in the "draft zone" yet. It'll take a lot more effort --and this is different from kid to kid-- to get him into the "draft zone". Once we reach that zone it will require a lot less energy on my part and, if interested, he will ultimately need virtually no support from me.

This is where I look at some of the things being said about STEM education and can't help but think we are just throwing money into a big bonfire. You can't force people into learning anything. A lot of my kid's friends are, well, jocks or exhibit no interest in anything at all. They are navigating through school with no guidance or encouragement in any direction whatsoever. You can't just throw money at that and expect things to change. For most kids it requires far more work than can be done during the time they are at school. Yes, of course, there are a few kids in every sample group that need almost zero work. These kids get hooked on a subject like programming and just go, go , go. Most kids are not like that. Just like most successful businesses did not get launched with a long coding session over a weekend while eating popcorn.

Going back to my little girl, she is not seriously exposed to Lego robotics. In fact, our living room table is an official FLL table with the official field mat and everything. Yes, we are serious about this. I'd rather have a learning environment in my living room than a fancy dinning room table.As far as why there aren't more women in tech today. I don't have the answer for that. I only know that when I was a teenager girls mostly did different stuff. Not because they were being forced away from tech, they simply showed no interest in what we were doing. My guess is that it all came from home. So, as our culture changes so will that aspect of things.


dadagaaa 2 days ago 0 replies      
What company has Fred Wilson ever started?
PureApeshit 2 days ago 1 reply      
go girls! :D
alixaxel 2 days ago 0 replies      
And..? I would be much more interested if the title was "Cats Who Code".
NAFV_P 2 days ago 1 reply      
If you want to get girls coding, get Windows OSes out of schools. They kill interest in computers before you have time to get interested in them.
The RIAA forced me to shut down a successful website/apps I built in high school appgrounds.com
187 points by lukezli  1 day ago   124 comments top 25
tptacek 22 hours ago 5 replies      
There are two major components to DMCA safe-harbor compliance. The first is that you honor takedown requests; unfortunately for software entrepreneurs, this seems to be the only DMCA component that is widely understood.

The second major component is that you not operate your service with direct knowledge of infringement. A simple way to illustrate this is that if you have a screenshot of your application being used to play Madonna tracks, you are obligated to hunt down those tracks and remove them yourself. If it can be shown that you purposefully don't do that, you can end up forfeiting safe-harbor.

You are probably happier in the long run for shutting this project down. While you clearly want to believe that you aren't infringing copyright, which is an admirable sentiment, you obviously aren't taking advantage of "fair use" by giving your users direct access to copyrighted music under your own branding.

NathanKP 21 hours ago 2 replies      
First of all I'm sorry to hear that you have to shut down your app, but I'm confident that things are going to work out just fine for you.

I actually had a very similar experience when I was 18 as well. I decided to make a book search engine that would aggregate reviews from different sources across the web and provide a high quality, clean interface to quickly see information about a book and links to buy it on Amazon. The problem my service solved is that the Amazon interface is extremely ugly, and while I'm sure it is fine tuned for maximum sales it is definitely highly lacking in aesthetics and is cluttered with a lot of garbage. My goal was to create the cleanest, most minimal but extremely useful book search engine.

In retrospect my service was breaking many TOS because of the way it worked. When someone entered a book title or author name it would utilize Amazon API's to get information about relevant books that matched the query, then it would scrape book information from Amazon, Goodreads, Barnes and Nobles, and the New York Times sunday book review among other sources, then it would cache that scraped information in my own database for future reference.

I justified this to myself by thinking it was okay because I was remixing the information to generate my own summary pages that were cleaner and more useful, but the reality is that I was pretty much parasitizing these other services to build my own database.

At its peak my service had many GB's of scraped data from other sites and was getting about 5000 searches a day which was netting me about $500-$700 a month from commission on Amazon referrals sales. But after I started getting some press coverage in The Next Web, etc all the services that I was utilizing started sending me cease and desist notices. People used my site because it was cleaner and nicer than Amazon but Amazon didn't appreciate that I was scraping their content to build my own site so they cut off my API access and closed my Amazon Associate account.

In the end it was a wild six month ride in which I made a few thousand dollars but more importantly got tons of experience in coding a scalable site, and best of all I started getting a lot of job offers. At one point I was getting three or four job offers a month from different startups from the HN community.

Eventually I decided to settle down at one of them where I could continue developing my coding skills. Things turned out very well, and the ride of personal growth and discovery isn't over for me yet. Every day I get to code interesting things for my current startup company and this time its a legitimate business that isn't going to get shut down for stealing content.

Even though you probably feel very disappointed about having to shut down your service like I did when I had to shut down mine, you can be confident that with your skills things will turn out just fine for you, and a lot of interesting startup companies will probably be eager to employ you.

raldi 23 hours ago 3 replies      
> I was under the impression that what I was doing was legal, protected under DMCAs fair use policy, which by practice is what makes sites like Youtube legal: although they host millions of illegal content uploaded by users, as long as they agree to take down said videos when requested by copyright owners, they are in the clear because it is difficult/impossible to monitor what gets uploaded to their sites.

Actually, YouTube doesn't just passively sit around waiting for copyright holders to whack each mole one at a time; it has an incredibly sophisticated and powerful content-matching engine that does monitor what's being uploaded, and automatically checks new videos against a giant corpus of known copyrighted works.

There's a cool video about it here:


driverdan 1 day ago 3 replies      
IANAL. First of all a cease and desist doesn't require you to do anything. It's merely a threat. That said it seems pretty clear that you're violating copyright laws. The DMCA only applies to user generated content (UGC). You're not letting users input their own links to 3rd party content, you're finding the links yourself. It doesn't matter where you get them from. Not only that but you're not linking to this content on other sites, you're actively playing it for users within your app.

It's very cool you built this in HS. Let the whole thing be a good lesson in building apps and dealing with the law.

lukezli 1 day ago 4 replies      
Since I'm lucky enough to be on the front page of HN (thanks a lot!) I'd just like to shamelessly self promote and say1) I'm looking for an internship this summer at a startup- please let me know if any of you have open positions! Please email me at lukezli[at]yahoo.com.2) Check out my new project, catchyurl.co, a url shortener that creates memorable shortened urls like catchyurl.co/EskimoHill

Let me know if you have any questions for me- hope the blog doesn't crash!

gedrap 19 hours ago 0 replies      
I had a bit similar experience. When I was 16 (so around 2008), I had a poker blog, just translating stuff from wikipedia and posting some random 'news'. It was in Lithuania (EU). A small blog, with about 300 daily visitors. A few months later, I got a letter from the government telling me that I was infringing some ambiguously worded gambling law. And they were requesting an official explanation what was I doing (I guess they just reworded testimony).

The idea was that you can blog about poker only if you are a licensed gambling company, and I was facing a fine of $2500-7000 (the blog had $0.00 income, and for the contrast, my parents were earning $1000/mo combined). It felt extremely unfair.

It scared the shit out of me. I had to go to the police station, didn't contact any lawyer, and wrote my 'explanation' telling that I was not making any money and did publish publicly available information and I am sorry.

After a month of sleepless nights, I got a letter saying that they decided not to take any further action and that's a warning. Well, it fucking warned me big time.

mathrawka 1 day ago 1 reply      
And 17 years ago an indie emo record label in NY (that should be enough to identify them/him) forced me to shut down a website I built.

That was when I left emo and went to mathrock.

vonskippy 21 hours ago 0 replies      
Never take legal threats via email.

If they can't have a lawyer, send via certified mail (yes, snail mail) specifying the actual complaint, and the legal justification behind said complain, then just ignore them.

daemonk 1 day ago 0 replies      
I am not a fan of aggressive, litigious companies. And the morality of physical vs intellectual property is a whole another issue that warrants more discussion.

However, all that baggage aside, you kinda did create this website so people can share copyright infringing files. Did you really expect people to only share personal, non-copyrighted music? Come on.

Anyways. You should be proud of the work you've done though. It's not easy to follow through with an idea.

yason 5 hours ago 0 replies      
So, how many levels of indirection are allowed until a "link" becomes legal and not infringing?

This is just crazy.

tootie 18 hours ago 1 reply      
Did you not consider hiring a lawyer? I know they cost money, but this sounds like it was a major investment of time for you. If you want it to ever be a successful business, you'd eventually have to put money into it. How did you pay for hosting?
CassieTFC 6 hours ago 0 replies      
The music industry as we know it is dead. As someone with a history in the industry, it is time to discover and embrace the new music model...whatever that may be. And there are many things it might be. Streaming, yes. The end of downloads? I don't think so but maybe. The ability for deserving artists without the backing of the major-label machine to have a measurable amount of success. Stay tuned ;)
shiftpgdn 1 day ago 0 replies      
It's a shame you shut it down. You could have easily gotten a sizeable sum of money for something like that on Flippa.
Kiro 1 day ago 0 replies      
Their reply looks like a template so I'm not sure they even read your email.
frankydp 1 day ago 1 reply      
If HypedMusic had offered to provide a mechanism to remove the "infringing" links wouldn't HypedMusic have been in compliance with Safe Harbor?
belluchan 15 hours ago 0 replies      
I really liked using your app and am sorry to see it go. :(
justhw 22 hours ago 2 replies      
Great read Luke!Any chance you could opensource the project?I've got music that I've the right to and would love to test it.
snake_plissken 1 day ago 0 replies      
Mehh the grey areas of the DCMA grind my gears. Aggregation services do not host and (for the most part) they do not upload the content.

Your situation is unfortunate kiddo. If you had a couple million or a high powered law firm on retainer, I doubt you'd have ever received this letter. But keep up the good work!

rayiner 22 hours ago 1 reply      
> The website/apps Im talking about was called HypedMusic, which provided an interface to listen to free, unlimited music, create playlists, and share said playlists with your friends on the website or Android and iPhone apps.

Rephrased to be more accurate:

"I built a website where 99.9% of the value provided came from someone else's investment and work which I used without compensating them."

vaadu 15 hours ago 0 replies      
Move or sell the apps into a country not bound by the DMCA.
eyeareque 19 hours ago 0 replies      
Sure, he had to kill his project but I can only imagine the experience will help him land new opportunities.
relaxitup 23 hours ago 0 replies      
@lukezli any thoughts on opening or providing the source for catchyurl? Looks great!
poopsintub 1 day ago 1 reply      
I wonder how tumbler got away with its shady activity when it first started out.
nitin1213 1 day ago 1 reply      
Why's that your username in a different colour?:)
dragontamer 21 hours ago 1 reply      
An important note here, is that if you don't have a lawyer, people can threaten to sue you for anything. In this case, he had no lawyer, he had no legal counsel at all.

Granted, part of his legal counsel would be to determine whether or not what he was doing was legal or not. Obviously, he didn't want to test that out in front of a judge (who could blame him?), or against the RIAA's well paid lawyers.

But if you are going to build a business, even on what you believe is on firm legal grounds... you should have a legal team ready to back you up. Anyone can threaten you with anything in the US due to how tort law works. Only if you are willing to have your cases tested in actual courts will you have any protection at all.

Show HN: I made 30 apps this year and I'm 15 aeipsapps.tumblr.com
186 points by stasy  1 day ago   141 comments top 53
sillysaurus2 1 day ago 7 replies      
One tip: Ignore everybody and keep creating. If I'd done that at 15, then I wouldn't have started to doubt myself and stop working on ideas that later turned out to be very prescient.

The most important thing you should do is the thing that's most important to you. Be sure it's not defined by other people's opinions.

There will always be people in life like the guy who replied "While it is impressive to see another 15 year old programmer (I've never met one in real life even though I've been to three schools in two different countries (I'm a expat kid) ), the actual programming skill required to make games like these are little to none and truthfully i'm not overly impressed."

Ignore 'em and keep working.

EDIT: Oh, I should also mention: don't let the praise go to your head. Another mistake I made. In general, it's it's a bad idea to compare yourself to anyone else -- whether feeling smug and superior that you've accomplished all this at 15 (surprise, I know your secret!) or feeling weak and inferior that you're not as talented as some other person. They're not you, and you're not them. Relative comparisons like that don't matter one bit. Instead, it's far more advantageous to always be comparing your current self to your past self. That's how Carmack became so incredibly good, for example. He didn't wait for anyone to surpass him; he did it himself. That's only possible if you believe you're not as skilled as you could be, i.e. having no ego. Nor did he let people convince him he was wasting his time back when he was working on his early projects.

It's complicated. Just keep working.

jebus989 1 day ago 1 reply      
It's worth noting that this isn't a cool github account someone's turned up of a surprisingly young programmer, it's a serial publicist [0-2] using primarily a game creation engine (which he doesn't acknowledge upfront) to build low-quality games and display them on an unsightly tumblr page. I think to heap praise on this because of their age alone is patronising. Encouragement absolutely, it's great to see young people interested in programming, but at what age would this has been flagged and removed quickly after posting, 17? 19?

[0] https://news.ycombinator.com/item?id=6864667

[1] https://news.ycombinator.com/item?id=6800925

[2] https://news.ycombinator.com/item?id=6799065

jmduke 1 day ago 1 reply      
Jesus, this is impressive.

When I was fifteen, I'm pretty sure my main accomplishment was hitting level 40 in Halo 2 matchmaking.

You will probably get lots of valid and actionable advice about branching out to new platforms, focusing on one or two apps, or trying something new -- but more than anything else, keep building things! You've clearly got a ridiculously high level of aptitude and passion.

C1D 1 day ago 9 replies      
EDIT: I apologize for coming off as arrogant. Criticism isn't really doing any good and I regret that post. To the creator, I'm glad to see a 15 year actually doing something in computing.

I understand that this was a good experience for you and hopefully has further developed you skills. Sorry for the unnecessary criticism and blatant self promotion. My post was pointless, possibly narcissistic and I was doing what I hate people doing to me. Please keep it up and I hope you get even better; Also a little tip, check out Unity3D, it is costly but if you're into game deving it will let you develop games in 3D easily (though you're going to need to know basic Javascript or C) and it is multi-platform so it can publish to mobile.

OLD POST: Quality not quantity. While it is impressive to see another 15 year old programmer (I've never met one in real life even though I've been to three schools in two different countries (I'm a expat kid) ), the actual programming skill required to make games like these are little to none and truthfully i'm not overly impressed.

I too am 15 mind you and although I haven't developed any games I have created a RSA secure chatting social network website and app for it too which could communicate between each other using websockets and a node.JS server (this hasn't been published, while making it my partner quit :(, and I eventually lost hope that it would even be used since I was only 15).

I hope this doesn't come off as criticism. Its actually great to see another young programmer such as my self but all I am trying to say is that this is not overly impressing.

tmikaeld 1 day ago 6 replies      
C'mon! No one here read the sourcecode?

It's made without any programming using this app:https://www.scirra.com/

... still more games than i have done though :-P

BSousa 1 day ago 0 replies      
Ok, first of all, congratulations! I remember being 15 and hacking away (It was Turbo Pascal for me). Ignore any naysayers that complain there is no code or it was done with a simple tool. Do what you like and enjoy.

But now on a more serious note, I'm about twice your age, so not too old to be screaming 'get of my lawn', but old enough to hopefully give you some advice that will resonate.

This projects mean an average of a game every two weeks, even if they are simple, I'm sure this is taking a lot of your time. I'm extrapolating here, so if I'm wrong just ignore me, but I'm assuming you are spending a lot of time doing these and not a lot of social activities. Please please please, do some socialisation with folks within the dev community and in your school and neighbourhood. I'm not going to say these are the best times of your life or whatnot, but believe it or not, when you are older and start looking for jobs, you will start understanding that social knowledge is as much, or more important that tech knowledge, and you will regret not developing those skills at younger age when it is easier to do so.

Again, good work, keep producing, but find some balance.

SyneRyder 1 day ago 1 reply      
This is awesome. And while there's some valid criticism in this thread (regarding quality over quantity & originality), that criticism shouldn't detract from a few points:

* You're averaging a product a fortnight. Whoa.

* You've learned to leverage 3rd party tools to increase productivity / output.

* You've learned to actually -ship- product.

* You made the front page of Hacker News.

All of that is incredibly valuable. Who cares if it isn't written in Java or Objective-C or Haskell or Erlang, so long as your customers love what you're making? (And if they don't love it, at least you now know what to improve on next!)

If you do follow the advice of taking longer to make a higher quality product, don't fall into the trap of becoming a perfectionist and never shipping. It's better to ship something and keep improving it based on customer feedback, than to make something that never sees the light of day.

Did you join onegameamonth.com? If not, you definitely should.

MJR 1 day ago 3 replies      
This doesn't detract what the fact that you had the initiative and drive to complete 30 different games. But if I can offer some advice now, rather than when something real happens: Create your own characters rather than borrowing someone else's creations and building them into your games. Pac-Man, Mario, Minecraft, My Little Pony are all great characters, just unfortunately not yours to make a game with. Find a friend who can draw and have them create some unique characters for you, write a little story and you've got an indie game that's all your own.
ankurdhama 5 hours ago 0 replies      
To all comments which are either criticizing or motivating, the most important thing to remember is this : "We are standing on the shoulder of giants".

The people have criticizing opinions needs to remember that similar criticism will be given to you by your preceding generation (it may be on any achievement).

The people have motivating/amazement opinions needs to remember that "this seemingly amazing feet" is possible because of the exponential growth in technology and most importantly the exposure to it. If you had similar exposure to technology at your time, you could have achieved same thing.

So, lets appreciate the fact that this 15 year old is "utilizing" his exposure to technology and at the same time don't make him too proud of himself by using words like genius etc which inevitably leads more show-off than learning.

chromejs10 1 day ago 0 replies      
Kudos for learning to program at such a young age. It'll give you a leg up when you decide to get a job or start a company and need funding. However, I'd suggest taking some time and working on the quality and originality of the apps over the sheer number of apps that you can churn out in a year. A number of the apps seem almost identical. You want to get known for high quality apps and not as someone who just fills the app store with small apps.
InTheSwiss 1 day ago 1 reply      
Good job! Have you look into Android apps? You will have a bigger audience. I am assuming you are using C# as they are Windows Store apps if so Java will be very similar for you to switch too.
cvburgess 1 day ago 0 replies      
While these apps are impressive for a 15 year old developer they are not really "high-quality" titles... yet MSFT allowed 30 of these games into the store by the same developer. If I were MSFT, I would've thrown a red flag up if not for QA, for potential spam.

Great work and keep it up, OP! I wouldn't worry about co-founders just yet. Keep hacking till you find something you are really passionate about and a co-founder will join you when and if the time is right (probably a t least 3 years down the road for legal reasons)

zachlatta 1 day ago 0 replies      
Hey, I'm around your age and very impressed with what you're doing.

It's neat that you've released so many apps this year. As others have noted, it looks like you're using some form of game creation engine to make these quickly. I'd encourage you to try to move away from that and learn what's actually happening behind the scenes. Doing this will allow you to make more complex and impressive games in the future. It'll also serve as a tremendous learning experience.

Also, it's really neat that you're young and doing incredible things, but I'd warn against relying on your age to impress people. Try to make things that are impressive regardless of who made them.

I'm one of the developers on a fairly popular game in the App Store (800,000+ downloads). If you're up to it, I'd like to chat with you more about what you're doing. Shoot me an email at zach@zachlatta.com. I look forward to hearing from you!

orik 1 day ago 0 replies      
Nice use of Maplestory assets - I did the same sorta thing in the summer of my 7th grade year for a "intro to game design" class.

Can't find the game anymore, but I had edited the chirppy sprite (http://i.imgur.com/ccSY4RE.png) to be holding and firing a bow.

I ended up getting a A- on my final for using assets that weren't mine. That's pretty small compared to the sort of things you could run into when you're actually putting this stuff on an app store.

I'd recommend toying around with a sprite editor and getting familiar with pixel art techniques like dithering. You might even enjoy it as much as coding!

mtrn 1 day ago 1 reply      
Wonderful. And - nostalgia advances. And how, at 15 I probably was a more productive programmer than now, where I barely manage to wrap up a few miniscule open source projects per year, if any. Back then I wrote what looks like major projects to me now - in month, alongside school, friends, holidays and everything ...

Any experiences or tips on how to get 15 again in terms of productivity? :)

j45 1 day ago 1 reply      

What you're learning from doing so many different things will serve you well in the future. Out of all of these different apps, one will either catch your attention, or others and you'll have a chance. Keep moving!

Continue to cultivate and live live in a mindset of creativity and possibility, and be wary of doubt worshippers/haters who are busy doing nothing :).

wushupork 1 day ago 1 reply      
Just the fact that you are 15, reading hackernews and making apps and NOT spending your time kicking some middle-aged man at Halo is AMAZING. Kudos to you. I wish I was more like you when I was your age.
suedadam 1 day ago 3 replies      
I'm 14 and I've been coding since 6th grade and have coded very advanced things for my company and other small projects;it's not a big deal and I'm amused to see all the other kids who have coded these small games brag so much about it and how "coding changed my life" just simply for the attention. In my opinion, I could care less about how old you are;as long as you don't brag about it then there is nothing stopping you from succeeding;age seems to be the only factor of which has limited me and my company from succeeding, I've put through the efforts and work required;however, investors and actual business men believe the level of maturity is too little as put per my age.

tl;Dr:I agree;don't brag and I don't like how people brag about how you've done so much as per your age group as if that would have limited you. I've done much more when I was in 6-7th grade yet I don't brag about it. on another note;congrats on your efforts and I urge you to continue to in your path.

andrewljohnson 1 day ago 1 reply      
Now that I have kids, I've been considering whether I want them to play as much Magic as I did (traveled a lot for it).

My conclusion is I would encourage them to be more like this kid, but not actually force my will in the end.

thinkersilver 1 day ago 0 replies      
This is encouraging and I think it's great that you are interacting with the community and getting feedback on your work at an early stage. This will help you grow. I guess you've posted this for constructive criticism. You should look at challenging yourself further by finding a problem area that you are passionate about and digging deep into the data structures and the algorithms. Consider when I was 15. I was fascinated with computer graphics and games and wrote a raytracer in C, wrote a doom-like game-engine in pascal. Writing the game logic was always the easy part, dealing with limited memory and optimising for hardware were always a problem. My mates were all building their own graphics engines, dabbling with operating systems development and one kid was playing around with Classes and tree like data structures. We looked at him like he was a god. This isn't a put down but a push. You can do so much more kid and you have a good headstart but try something harder. Post your work here and most will be glad to give a helping hand. Ironically the most talented of us ended up being a musician when he left for University.
chameco 1 day ago 0 replies      
I have two pieces of advice. First, expand your horizons. Yes, Windows jumping games using a game creator are a great start, but there is so much more. At 12, when I started off, I was writing very similar games, albeit using Python and Pygame rather than JS. Your route is equally valid, with its own unique challenges, and hey, in the end you get the same result. However, from here, the paths begin to branch. While the Windows world you've embraced will lead you to Visual Basic and eventually Visual C++ and C#, you could take another path. At 11, I installed Ubuntu Linux for the first time; at 14, I switched to Arch. This was probably a bad decision, given I knew nothing about the OS and had to essentially re-learn everything. You might be intimidated. Don't be. Learning your way around Unix now will make a world of difference later. By 16, I had written my first compiler, a basic baremetal assembly kernel, and an interpreted language with a decent optimizing compiler and VM. I am still not an amazing programmer, and I still have a lot to learn. Don't doubt yourself because of your age. My second piece of advice ties into the first: don't try to use your age to gain an advantage. Not because it's unfair: because it will bring you more personal validation when people praise you because of the quality of your work rather than how young you are. It's the diffence between making a good program, and making a good program for a teenager. Also, it makes it far easier to find jobs.

Source: My own experiences as the 16-year old (breaking my own rule here for the first time) author of the solid programming language.

P.S. I'm not trying to be arrogant. I just don't want you to repeat my mistakes. Don't be afraid to do things that seem difficult: with research and a little elbow grease, you can accomplish anything, and nothing anyone says can take that away from you.

enraged_camel 1 day ago 0 replies      
I read this description of the zombie game and thought it was hilarious.

"Zombies have taken over Earth. It is up to you to defend yourself as long as you can. The zombies have an infectious touch that kills you in one touch. Watch out and beware!Currently does not support touch support."

(Not the grammar, but the irony that a game in which a zombie's touch kills you does not support touch. :P)

duked 1 day ago 1 reply      
pretty cool portfolio for your age ! Did you use C#/XNA for your 2 games ? Which tutorial did you use, and how much supervision did you get? I'm asking because I'm trying to teach game programming to my son and he's 13 and I would like for him to do most of it as opposed to me doing it for him.
daemonk 1 day ago 0 replies      
Nice. Keep at it. Following a project through to the end is very difficult and you've done it many times.

Learning a game engine and implementing it is not a trivial task so don't get discouraged by the people saying it's not a big deal.

The important thing now is to make progress with your skill. Do not become stagnant and be content with knowing the game engine. Start doing things from scratch and see where that takes you.

philliphaydon 1 day ago 0 replies      
I'm somewhat jealous. When I was 15 I was teaching myself to program so I could build features in the Ultima Online Shard I was running with a friend. We had quite a successful Shard for 2 years until he decided he didn't wanna pay for the server anymore.

It made me want to get into programming to do games development, because I still think since UO / EQ, we haven't had a good MMORPG to date.

I ended up in application / web development instead :( got to pay the bills...

kybernetyk 1 day ago 1 reply      
That's pretty cool. Somehow I wish there would have been app stores back then when I was 15 and making games. Not to earn money but to get people to play my games - which was pretty damn hard back in 1997.

Nowadays you can get 100 users pretty easily just by releasing the game. 100 users back then was something I dreamed about reaching some day :)

beatboxrevival 1 day ago 0 replies      
When I was 15, I was also creating code. I met some "smart" older guy who worked as a product manager for britannica.com before wikipedia and the first bubble. I asked him for some advice on how to make a career out of it. He said, "you don't want to build shit, you want to manage people. Writing code is for the losers." As a young impressionable kid with no tech mentors, I listened. It took ten years to come back to writing code. Anyways, like the sillysaurus2 said, ignore the critics and keep doing what you love to do.
bliti 1 day ago 0 replies      
The minecraft-themed jump game has potential. I would skin it with more minecraft looking assets and include monsters. Maybe a creeper that explodes and takes away all surrounding blocks when you jump nearby? Or a skeleton that shoots arrows and nudges the player to the side (making it harder to control)?You may also vary the level by using the different biome textures from the original.
lcasela 1 day ago 1 reply      
I'm not tring to be rude at all, but why did you have to mention your age? It's completely irrelevant.
Antwan 1 day ago 0 replies      
And that's why Win/Google store are full of crap.

Come on, we all started a piece of website/soft/app/gamemaker/whatever trending techno atm when we were 14/15/16.

That's undoubtedly worth these 140+pts.

krrishd 1 day ago 1 reply      
This is pretty impressive :)

What I would recommend is that instead of distributing your time and energy to this many apps, you should stick to one concept and channel all your time into it. I like the games, but they could use some improvement in concept and overall quality, which shouldn't be hard for you if you spend enough time on each and every one. Focusing on one app would allow you to spend enough time, and would help you succeed further in the Windows App Market :)

pseudometa 1 day ago 1 reply      
Now it is time to learn illustrator and photoshop.
apunic 1 day ago 0 replies      
> All writing, graphics, coding and publishing was done on a nexus 7

This deserves a dedicated blog post

robert-wallis 1 day ago 0 replies      
Nice work getting things done!

I see your Minecraft and Mario games are "unavailable". I'm sure you'll keep creating your own IP in the future, like you did with the other 22 games instead of dealing with copyright and trademark infringement. Especially if you want to generate some revenue.

I am not a lawyer. But it will be much better for you to keep doing your own thing (like you did with most of your games), than to be taken down by lawyers working for people who's characters, names, or art you "re-purposed".

jorgecastillo 1 day ago 0 replies      
Damn! now I am depressed. What more can I say the first sentence says it all. Adding to my comment would be pointless.
primitivesuave 1 day ago 0 replies      
Look for a summer internship. Clearly you're passionate about this, you should look for some real-world exposure to propel you to that next level of software engineering. Best of luck to you!
kumarski 1 day ago 0 replies      
Well done. Keep going and creating stuff. Be sure to talk to your users as well.

Wish you the best.

ovechtrick 1 day ago 0 replies      
Awesome!! Great seeing young people being creative/learning and building. Keep going! :)
bratsche 1 day ago 1 reply      
Great job! So what are your plans for 2014? 60 apps? :)
Haul4ss 1 day ago 1 reply      
Wow, you've certainly been productive! How was your experience with the Microsoft Store and getting apps approved? What language did you write all the games in? How much code got reused between the games (I noticed a number of them appear to be skins on top of the same underlying concept).
goshx 1 day ago 0 replies      
Nice! At 15 I was just learning what a computer was :o (15 years ago)
DaveSapien 1 day ago 0 replies      
Totally impressive!!! You have a bright, bright future ahead of yourself!
napolux 1 day ago 0 replies      
Good job. Now focus only on one app (from design to store) and make it not just like a tutorial.
sunseb 1 day ago 0 replies      
Be proud of your work, that's nice ! Keep moving forward ! :-)
yansuck 1 day ago 0 replies      
I am sorry, I think your apps are really shitty.
osman123 1 day ago 0 replies      
good work. Keep at it and branch out. Try and ignore the negative comments here. The IT industry is full of big egos.
sodafountan 1 day ago 0 replies      
That's awesome, Keep it up! Did you make anything off of them?
farabove 1 day ago 0 replies      
You have shipped 30 times more then me, so all I can say is congrats :) have lovely new year.
arasmussen 1 day ago 1 reply      
Your paid link is broken :P
AfroDiva 1 day ago 0 replies      
Amazing, i wish that my cousins would be as productive as you at that age.
abhi3188 1 day ago 0 replies      
This is awesome! Great work dude, I wish I had such a productive sense at 15. While using javascript did you see any performance lag when playing on the actual device?
Lilme 1 day ago 0 replies      
15 is the new 25
bayesianhorse 1 day ago 0 replies      
Here's a cookie ...
Court Rules No Suspicion Needed for Laptop Searches at Border aclu.org
176 points by frostmatthew  12 hours ago   106 comments top 24
ck2 6 hours ago 3 replies      
Here's the hidden worst part about this they don't mention.

You think border means at the point you cross into another country.

That's not what it means. Government can now do this behavior a HUNDRED miles inland from a border. You could be just driving across town, to or from work, and they can use this border search law because you are a hundred miles from the border.

Oh and the border also includes the ocean, doesn't have to be another country.


100% of NY, NJ, Florida and half of Texas is subject to these searches as their state is blanketed by the hundred mile limit.

edited to correct hundred instead of hundreds, bad memory

bazzargh 3 hours ago 0 replies      
A quote from the ruling that bugs me: "[The detention of David Miranda] is enough to suggest that it would be foolish, if not irresponsible, for plaintiffs to store truly private or confidential information on electronic devices that are carried and used overseas"

(p23, https://www.nyed.uscourts.gov/sites/default/files/opinions/1...)

This is in the middle of a discussion of carrying lawyer-client privileged documents over the border; the judge says you should have no expectation of privacy because other countries may conduct invasive searches too. As advice, it's hard to disagree, that's where we are now; but surely two wrongs don't make a right?

It would be obviously wrong for police to confiscate your money because you were walking towards a rough part of town where you might be robbed. Yet that is the kind of logic the judge applies here; he relaxes the responsibilities of the US govt by invoking hypothetical actions by others. The example he cites was not even a normal border shakedown, but a specific action that was signed off by a government minister; do unusual acts like this change expectations of privacy in the normal course of events?

joshfraser 5 hours ago 0 replies      
I travel abroad a lot and am pretty sure I'm on a special NSA list at this point or will be soon. Besides all my anti-NSA tweets and emails, I've donated money to support Snowden, Lavabit, ACLU, EFF and Ron Paul. I guess it's time to pick up some cheap laptops that I'm okay losing to the border thieves.
zaroth 8 hours ago 3 replies      
Amazing, this is literally the first paragraph in the ruling:

"Since the founding of the republic, the federal government has held broad authority to conduct searches at the border to prevent the entry of dangerous people and goods. In the 21st century, the most dangerous contraband is often contained in laptop computers or other electronic devices, not on paper. This includes terrorist materials and despicable images of child pornography."

Judge Korman is quoting Michael Chertoff, Searches Are Legal, Essential, USA Today, July 16, 2008, at A10.

rl3 8 hours ago 1 reply      
Interdicting data at borders seems to me as the height of stupidity, considering said data can flow freely across borders anyways, via the internet.

These policies have no legitimate reason to exist, and can perhaps only be explained by a combination of paranoia, ignorance, and incompetence. It would stand to reason that any terrorists or criminals foiled by these methods would tend to be of the exceedingly dumb variety.

girvo 8 hours ago 0 replies      
The issues arise with the fact that every countries border is inherently leaky anyway: the internet makes sure of that. So, searching your computer and confiscating your device because you're not a fan of some not-even-a-cop going through your stuff will just push those that they want to catch to transferring files somewhere to retrieve when they're in the country.

I'm an Aussie. I have nothing to hide in terms of data on my computer, as far as I know. If I was flying to USA (as an example) tomorrow, I'd wipe my laptop and phone clean, put images on my server, and access them via SSH once I'm through the border... Why the hell do I need to do that?

Roritharr 1 hour ago 0 replies      
Well I know to which country I wont travel with my notebook anymore. As an European Startup we've given up the idea of doing business with the US, it's just too costly and the rest of our business would be affected by risking to expose our European Customers Data to American Goverment Agencies.
GigabyteCoin 11 hours ago 8 replies      
Here's an idea.

Leave everything up and running on a desktop safely inside your own home and connected to the internet 24/7.

Bring your own barebones laptop with nothing installed on it to COUNTRY_PARANOID_OF_EVERYTHING.

Using X11 forwarding, one must only remember the password to their home desktop in order to gain full access to it and all of it's graphical programs.


hrktb 3 hours ago 0 replies      
To recap, people think search of physical devices is stupid because we now have internet. And (other?) people are also thinking that connecting things to the internet is not a good idea because of NSA/backdoors/security problems. And by the way standard 'just push the button' encryption softwares might have been built in weaknesses.

It seems the only way now to keep secret data is :

- to be a top expert in security, be able to assess provenly secure software, have a whole chain of them and constantly keep track of what might have been compromised

- keep the data in a safe, never fly it, never come near a border, never connect to the internet

What would be the next step to make it worse now ?

rdl 11 hours ago 1 reply      
Best current practice for crossing "hostile" borders remains wiping all data off the devices, traveling with them in close to factory state, then bringing them back to your baseline once inside the country. It's a little tricky and a bit of a pain, especially if you have a lot of stuff you want to download (for me, I usually work with VM images, so I need to download many many gigabytes, and hotels often have bad Internet). It also makes "getting any work done on the plane" a real pain.

(There's also the "travel loaner laptop pool" concept, and the restricted access for remote people. Works a lot better for an organization than for individuals; this would be kind of an interesting appliance or service for individual professionals and for SMBs.)

Natsu 12 hours ago 1 reply      
There are a lot of courts out there, so to save others the trouble, this ruling is from the US District Court of the Eastern District of New York.
thematt 11 hours ago 4 replies      
Does anybody know what they're looking for? Border Patrol/TSA/Homeland Security agents aren't the sharpest tools in the shed and I can't imagine they're very computer literate. Are they just poking around the filesystem? Do they have automated tools that search for stuff?
chimeracoder 11 hours ago 2 replies      
This report is unclear: did they ask Abidor for the password to his laptop (if it was password-protected)?

IANAL, but it makes me wonder if it is sufficient protection to have a password protected/encrypted device.

ditojim 5 minutes ago 0 replies      
i use a chromebook. problem solved.
dobbsbob 12 hours ago 2 replies      
Or phones, the first thing customs does here is demand your phone and then start going through emails while you are waiting in front of them. If you have Mobiflauge installed this is no problem. Let them snoop the decoy all they want and then load up your hidden evil android install when you pass through
ericd 5 hours ago 0 replies      
This is why I have a monthly recurring donation to the ACLU set up - they're constantly pushing back on stuff like this. If this kind of thing sickens you, consider doing the same. As a bonus, I believe it's tax deductible.
kzrdude 10 hours ago 1 reply      
How do big corporations that take their information security seriously (and have industrial secrets to protect) look upon this? Do they have routines for travel?
plg 11 hours ago 1 reply      
How does this work with Chromebooks? For example if I disable all local storage? What is the distinction between what's "on my device" and what's not, if the simple act of "logging into my device" actually involves connecting to the cloud and automatically accessing stuff?
xacaxulu 4 hours ago 0 replies      
They hate us for our freedoms.
Turing_Machine 10 hours ago 1 reply      
As far as I know, every country reserves the right to thoroughly inspect anything that crosses their border.

Are there actually exceptions to this?

belluchan 7 hours ago 1 reply      
Bring a chromebook and they can then use Google.com to search its contents.
no_one_believes 8 hours ago 0 replies      
Basically, our judges and elected leaders don't believe in the Constitution they are supposed to uphold.
zacinbusiness 10 hours ago 1 reply      
Here's a question. Do the TSA people know about Bootcamp? If my laptop boots to OSX automagically, will they even know to control boot into Windows?
ffrryuu 10 hours ago 0 replies      
Our very own banana republic
ATF uses rogue tactics in storefront stings across nation jsonline.com
170 points by JackFr  1 day ago   181 comments top 13
dm2 1 day ago 9 replies      
Moral of the story? Police and federal agents must be more transparent and accountable for their actions and expenditures.

The whole concept of "spend money so that our budget doesn't shrink next year" has go to be fixed also. I don't know a solution other than having more auditors and efficiency experts (GAO, gao.gov).

Would people flip out if there was a bill proposed to require all guns in the US to have a GPS tracker? Just an idea, I know it wouldn't fix all gun problems, but it might be prevent some gun thefts and murders. Of course, this data shouldn't be able to be accessed without a warrant.

Stings are slightly unfair and can sometimes catch dumb people who wouldn't otherwise commit the crime. On the other hand, if you purchase a gun without a license or attempt to hire a contract killer and it turns out to be a police officer you are in contact with, then that sting just save a life, which is good.

Preventing abuses of power is key. There should be adequate training at organizations on how and where to report abuses of power or potentially unethical behavior. Most of this is already in place, obviously more resources and oversight is needed constantly to ensure that the police are protecting citizens and not entrapping them or abusing their power for career advancement.

viraptor 1 day ago 2 replies      
So what they're doing in general goes in the direction completely opposite to what the broken windows theory would suggest... It seems really weird to me - it's one thing to try to be friendly with someone who's already planning a crime and something completely different when you're providing both incentive and funding for new crime (pawn shops).
DanielBMarkham 1 day ago 3 replies      
I don't own a gun, but let's assume I become a gun enthusiast and decide to go buy "something cool"

I go to my local gun store, which is actually a front for the ATF. In my mind, looks like a bunch of seedy characters, but i assume they're trustworthy because, natch, they have a license from the ATF.

I strike up a conversation with the bearded, scraggly guy behind the counter. What would I like? I don't know. How about a shotgun? As we talk, he talks more and more about "cool" guns. Perhaps sawed-off barrels, or big loads. At some point, we cross the line between talking about legal guns and illegal guns.

Now here's the thing: beats the shit out of me where we crossed that line. I'm trusting the guy behind the counter to be a reliable guide to what can be bought or sold. From the ATF standpoint, however, I am fully aware of the intricacies of firearm law and am now soliciting them to commit a crime.

A few months go by. Then the ATF comes knocking at my door with a warrant, a hi-res video, and I go to jail. Perhaps for many years.

Now we can argue whether they would actually prosecute or not, or what any sane prosecutor would ask for solicitation, but the fact of the matter is, in the ATF's view, I'm a hardened gun criminal. It'll go on my record, and this will become part of the intelligence files at ATF.

If you can't see what's wrong with this picture, you've lost your moral compass.

mortyseinfeld 1 day ago 4 replies      
This is what you get when people keep on voting in big government types all in the name of safety, security and social justice.
simbolit 1 day ago 2 replies      
This seems to be a paradigm case of entrapment. This should thus be easily sorted out in the courts. Am I wrong?


saosebastiao 1 day ago 0 replies      
I remember watching Two Guns and thinking that it was an entertaining fiction flick. When I read this story, I couldn't help but think that maybe it was a bit more realistic than I gave it credit for.

On another note, how can these tactics not be construed as entrapment?

logfromblammo 1 day ago 4 replies      
Cue the libertarian versus non-libertarian mudwrestling.

It has become increasingly clear to me that the ills of the U.S. pogroms against some recreational drugs are due in no small part to the conversion of the criminal justice system to a for-profit industry. As long as the jobs and budgets are tied to the number of criminals processed rather than the peace and order produced, cop cadres will titrate the frequency and severity of their enforcement actions with the aim to ensure for themselves steady jobs and pensions.

There is a positive feedback loop in there somewhere that must be broken before it destroys the concept of justice completely.

ChuckMcM 1 day ago 0 replies      
My Dad has had a federal firearms license for a couple of decades but this year he's not renewing. He is so sick and tired of the ATF and their shenanigans. It is definitely a bureaucracy in need of some leadership.
Crito 1 day ago 0 replies      
A mentally disabled teen at that.
Aloha 1 day ago 0 replies      
How is this not entrapment?
dinkumthinkum 1 day ago 1 reply      
So, this article is not biased at all ... It's pretty shoddy reporting/editorializing. These zany anecdotes are pretty outlandish but why is there only one or two sentences per anecdote? Surely, in this anti-Obama rant, we could hav some details?
jacobr 1 day ago 1 reply      
This article is just copy/pasted snippets from http://www.jsonline.com/watchdog/watchdogreports/atf-uses-ro...
bananacurve 1 day ago 1 reply      
This is intellectually gratifying. /s
Why I'm Interested in Bitcoin cdixon.org
170 points by ckurdziel  22 hours ago   157 comments top 23
abalone 17 hours ago 5 replies      
This is the same naive analysis everyone makes when they first look at the payments system. "Look at all that money. 2-3% on every transaction. A $500B tax. LOOK AT ALL THAT MONEY."

The reality is this: Most of that money gets passed back to consumers via rewards, benefits and consumer protections.

It's not a tax so much as an incentive for consumers to keep using their cards. And so it is considerably harder to come up with an alternative that is appealing to merchants without taking anything away from consumers.

For example, the interchange on a Visa rewards card for a typical brick-and-mortar retailer is about 1.5 - 1.65%. (Processors mark that up, but that's the "wholesale" fee that goes to the card issuer.) But many rewards cards pay out at least 1% cashback, on top of other benefits. That leaves a much smaller margin to compete over.

And remember, a new competitive option faces massive rollout and adoption costs that the entrenched system does not. Even the acts of changing behavior, upgrading POS systems and training staff are adoption costs. So your new alternative has to offer significant benefits for both merchants and consumers. Significant enough to overcome adoption costs.

Oh, and there's one more thing: debit card interchange just got regulated down to almost nothing (0.05% + 21 cents) by the Durbin amendment. So there already is an alternative, low-fee option that merchants can steer consumers toward and that they already support fully. So that pretty much takes out the opportunity to offer a lower-fee, lower-consumer-benefit option. That already exists now.

That leaves what? A higher-consumer-benefit option? Why would merchants adopt that? A same-benefit option but at a lower cost? But how much lower would the cost be while still matching 1-2% cashback reward programs and whatnot?

But.. but.. LOOK AT ALL THAT MONEY. :-)

(Btw, the digital cash for micropayments and garage sales and whatnot does sound interesting to me. My criticism is limited to the project of competing with Visa/Mastercard/banks.)

minimax 22 hours ago 10 replies      
For all the people out there who are thinking about bitcoin as a payment technology: If you assume that customers get paid in dollars and that vendors will have to use dollars to pay their taxes, pay their employees and buy the raw materials for their products (reasonable assumptions, I think), then a payment consists of one conversion from dollars to bitcoins by the purchaser, and one conversion from bitcoins to dollars by the vendor.

Those two transactions will have associated costs. Exchanges take out trading fees and the market makers on the exchanges will want to see some profit as well (you will see this reflected in the bid/ask spread). The total cost for the transaction will be 2x the spread + exchange fees. People keep touting the 2.5% charge for using credit cards, but they don't compare it to a similar value for bitcoin. It clearly is not 0%. Exchange fees alone are can be something like 0.5%. If we double that (two conversions, remember) that's 1% just in exchange fees. Unfortunately, I don't have good numbers for bitcoin / dollar spreads because I don't watch that market very closely.

So we have 2.5% for credit cards and 1% + spread (unknown) for bitcoin. And with credit cards consumers at least get some protection in the case of fraud. Does anyone else have a better model for bitcoin transaction costs?

jusben1369 21 hours ago 4 replies      
I too am fascinated by Bitcoin and still in learning mode. I think there's one important distinction to add here though. Credit cards can charge 2.5% because they're awesome Some guy in Arizona can set himself up online, sign up for Stripe, have no set fees, and accept a payment from someone in Germany (or NY or Australia) that afternoon. That's amazingly empowering and 2.5% doesn't seem to bad for the people running those rails to collect (fraud, global movement etc)

So let's not come at it from "credit cards and payments are a bloated gouging industry" I'm not buying that and it also is too merchant focused (vs consumers who really decide what a merchant will do in terms of payments) Now, there are some really interesting fringe cases that Chris touches upon that can open the door for Bitcoin. Micropayments are broken when it comes to credit cards. It's not the %, it that's "+ 30 cents" that is brutal. So Bitcoin could play a roll there. There are disbursements and marketplaces. I suspect TaskRabbit would probably like to have the ability to move money from buyers on their platforms to the TaskRabbiter's with a reduced payment friction than today. There might be 5% margin businesses (Chris' example sounds like the founder of Dwolla) that really are motivated to drive you to Bitcoin.

So what happens over time is Bitcoin focuses in on those areas where it has a strategic advantage over cards and ignores those where it doesn't. It uses that experience to become a legitimate, scaled set of payments rails. Solutions are implemented so that consumers are comfortable with using and paying with Bitcoin. Then at that 5 - 15 year mark it's ready to take on mainstream payments. Assuming issues like fraud and settlement and wild fluctuations are worked out.

EDIT: I am definitely thinking out loud and on the fly so am ok with some serious rebuttals.

saalweachter 20 hours ago 1 reply      
We don't know what the cost of transactions in Bitcoin will be yet.

Bitcoin includes two methods to pay miners for the infrastructure costs of running the network: mining rewards and transaction fees. The idea is to bootstrap the network off of mining rewards, and then switch to relying on transaction fees in the future, as Bitcoin reaches its limit of 21 million coins.

The problem is that mining rewards are currently very, very non-negligible, even if they're decreasing. In 2012, the Bitcoin supply increased by over thirty percent. In 2014 another 1.3 million Bitcoins will be minted and sold by miners to pay for the cost of operating the bitcoin network. At current prices, that's nearly a billion dollars.

As mining rewards continue to decrease, that billion dollars a year is going to need to be made up through transaction fees. Mastercard takes in less than 8 billion a year, so those transaction fees are probably going to be substantial.

hippich 22 hours ago 1 reply      
The reason why people should get excited about Bitcoin is not a bubble or money, but rather a something completely new. Large group of people put financial rules into software and agreed that they are going to use these rules without external central entity and enforcement.

If this continue to roll, same might be applied to many other areas I believe.

It is just my random fantasy at this moment, but why we will need enforcement, if we will have guarantied income in bitcoins and laws system built same way as bitcoin (i.e. opensource and agreed to use by most people) and law enforcement as a function of guaranteed income amount.... Just random thought.

or finally having AI which can exist on its own, buy components of its environment (i.e. machines, networks, etc)

I believe what is emerging right now as a Bitcoin is much wider phenomena than just a way to avoid pay taxes and inflation.

wsxcde 20 hours ago 1 reply      
How much of the 2.5% credit card fees goes towards combating fraud and enabling reversibility of transactions? I assume it's a significant fraction because you get a better rate if you use services like "verified by visa", no? Is there any reason to believe that fraud rates will be lower with bitcoin?

And as far the programmable money idea goes, I'd like to see more compelling applications than M of N transactions or escrow. The examples I've seen so far seem rather unexciting.

ed: Maybe cdixon's real point is that the technology behind bitcoin is disruptive to the financial industry? I can get behind this, and I'm waiting to see how the government-backed bitcoin clones fare.

nicholas73 21 hours ago 4 replies      
I don't think Bitcoin will ever be a viable currency, at least not on the scale of national currencies. Despite all the flaws fiat currency has, it is actually backed by something - the power of the country's government to tax. Thus, any buyer of sovereign debt has a calculable probability of return. Despite America's printing of dollars, inflation has actually been mild so far.

Bitcoin has nothing backing it but an artificial supply limitation. That in itself is not a solution because its monetary base cannot possibly grow at the rate overall goods do, and thus have a stable price point.

radicaldreamer 10 hours ago 0 replies      
Everyone here trades private currencies (often called credit) all the time. Those Visa bucks are not dollars- they are IOUs from Visa to the merchant accepting them. When the monetary system is functioning well, Visa bucks (or Chase dollars, Wells Fargo dollars etc.) trade at par with legal tenders (US gov. backed cash). Only in times of turmoil does the hierarchy of money reassert itself.

In this paradigm, would you rather be holding US cash or bitcoins (or something else) if there was a political or economic crisis?

possibilistic 17 hours ago 1 reply      
Kind of off topic, but I have some questions related to transaction fees.

1) Is there a "reference value" in terms of how much transaction fee you have to pay to make a payment from one bitcoin/altcoin address to another?

2) Is there a "message" payload that would allow us to include JSON or transaction details? I've read that it costs a larger fee for more bytes in a transaction, so I'm assuming you can add whatever you want to the transaction.

3) When I last made a transaction with an altcoin [1], it got "split" to two addresses. One of these addresses was not my target receiving account nor an address that I owned. Does anyone know why this other address got coins? Does this happen in many/all cryptocurrencies?

4) If I made a payment gateway that created a unique address for every user to send payments to, would it be unreasonably expensive to collect all of these funds into a single address later? (N user payment accounts * 1 outbound transaction => Large Central Account/Wallet)

[1] http://dogechain.info/address/DLqfuYFwVmroo4oaiVU9oSGTjsEBvQ...

quack 22 hours ago 5 replies      
I used to believe that the reversibility of transactions was a major benefit of using cards, but it turns out that is really just a reversibility of liability.

Credit cards are an outdated tool. They pass plain text data about a user to authorize a transaction allowing hackers to pull something off like the Target hack. One of the advantages of bitcoin is the ability to digitally authorize a transaction that cannot be reused. In an online marketplace it's far far easier to accept bitcoins than credit cards because you have no fraud risk, which is a HUGE problem in online retail.

I expect a lot of online retail stores to start accepting bitcoin payments at large discounts to cash just for this reason.

chaseadam17 13 hours ago 0 replies      
I think Bitcoin is an indication of a larger trend, similar to search in the early 90's and social networks in the early 2000's.

Will Bitcoin emerge as the predominant online currency of the 21st century? Who knows? But it'll solve a lot of hard problems, and as a result, something will.

tomasien 21 hours ago 0 replies      
I know it's not quite "not relying on banks and credit card companies", but removing ONE of them from the equation (credit cards skimming fees) is what I'm working on now. This is how it works https://www.youtube.com/watch?v=QR5UTLxe5zA&feature=youtu.be

By removing them and decentralizing the banking process by centralizing it into a third party (which could be many third parties), I think we'll allow anyone who wants to start a bank of any size to compete for marketshare with the big boys by providing better services.

neals 20 hours ago 0 replies      
There is so much unexplored territory when it comes to Cryptocurrency. I think people will find innovative uses and start amazing businesses with this.

And to me, the great thing is, that there is no real reason to hate it. There's not company of brand that you can hate, it's just people and ideas.

mbesto 22 hours ago 1 reply      
> Lets say you sell electronics online. Profit margins in those businesses are usually under 5%, which means the 2.5% payment fees consume half the margin. Thats money that could be reinvested in the business, passed back to consumers, or taxed by the government. Of all of those choices, handing 2.5% to banks to move bits around the Internet is the worst possible choice.

In other words, better wealth distribution? This is precisely what libertarians are fighting for, no?

Playing the devil's advocate here - couldn't this argument be turned around to say something like "Thats money that could be reinvested in banks which hire the best people to find the best and most efficient use of capital."? (as opposed to consumers or small business owners who can't)

drinkzima 18 hours ago 0 replies      
One important fact that seems to be getting ignored with payment fees is that credit cards have much higher fees than debit/ATM cards.

If bitcoin intends to be a cash-like currency, the more apt fee comparison would be swiping ATM cards, which are much closer to 1% (rather than credit card fees of 2.5%+).

infruset 22 hours ago 0 replies      
This is refreshing. I suspect even though the libertarians are the most vocal among bitcoin adopters (and that's ok), a lot of people actually agree with this.
maaku 19 hours ago 0 replies      
Given your more liberal leanings, have you looked at Freicoin[0]? It's a perishable currency that is meant to counteract the natural tendency of money to be a wealth transfer device in the hands of bankers.

[0]: http://freico.in/

diminoten 22 hours ago 1 reply      
I know this is completely off-topic, and I know this is a war I will lose, but must we call ourselves "bullish"/"bearish"?

Anyway, Bitcoin may not save the world, but if it does anything like what this blog post says, it may very well save the Internet from the advertising platform it's become.

suedadam 17 hours ago 0 replies      
Bitcoins are an amazing investment if you have the money;the only problem in investing into it is that there is absolutely nothing close to a guarantee that you will receive any sort of return of investment with profit (not that it's expected to with this type of unofficial currency);however, a problem with it is that you would have to bank wire the money into the place you purchase your BTC from such as BTC-E which would take a few days and for all you know;it could drop or rise at that time (most likely rise) in which you would then not have enough or you could just wait again for it to drop;if it ever were to.
MrBlue 20 hours ago 1 reply      
"... Im a lifelong Democrat who supported Obama in the last two elections. I think the Federal Reserve plays an important function..."

I stopped reading here.

iblaine 21 hours ago 0 replies      
This reminds me. Bitcoin is so complicated and controversial these days. I miss the days before 2013 when bitcoins were used almost exclusively on the deep web among nerds.
taylorhou 21 hours ago 1 reply      
me and my alt currency enthusiasts think of bitcoin as simply virtual gold.


pacofvf 21 hours ago 0 replies      
In discussions I've read about bitcoin in HN, I've seen how some people call "leftie" to those who think like this, mainly by right leaning Americans, the funny thing is that they use that word as an insult, when in other rich countries you only have center-left, moderate-left and far-left flavors for political parties.
The Mac Pro Review anandtech.com
166 points by wittyphrasehere  19 hours ago   138 comments top 16
veidr 13 hours ago 1 reply      
For me the disappointing takeaway is that good high-res monitor support isn't implemented. Like the reviewer, I had assumed the same types of scaling options that the high-res MacBook Pros have.

However, according to this review, the new Mac Pro doesn't work with the new Dell 4K monitors (I don't consider 30Hz refresh as 'working'), and even with the 4K display that Apple sells, it only works at its native 3840 x 2160 at 60Hz. When choosing a 'Scaled' resolution, it renders blurry junk.

That is pretty disappointing (although I imagine it will be fixed at some point).


M4v3R 19 hours ago 3 replies      
AnandTech hardware and Ars Technica's software (especially OS X) reviews are works of art by themselves. The level of details that goes into these pieces is nothing short of amazing. They are examples of tech journaling done right.
guelo 18 hours ago 8 replies      
Wow. For me, the big takeaway from this review are the benchmarks showing the iMac and MBPs beating out the Mac Pro. That shows that this machine is really for niche markets like professional video editing. Makes you wonder why Apple even bothers.
Symmetry 24 minutes ago 1 reply      
I wonder if there's a future for unified thermal cores in non-Mac systems? It seems like a pretty big win, but it looks hard coordinate around a design if you're not Apple doing everything in house.
brudgers 17 hours ago 1 reply      
What I found interesting is that the system used for all the benchmarks is significantly more expensive than the systems listed on the first page - 12 cores, 32gb Ram, and a 512gb SSD prices out at $7699, nearly double the cost of the more expensive of the two configurations listed on the first page, and it's still 10% more expensive than the "Most Expensive Configuration Upgrade Path" on page two - which means your wallet will be $700 bucks lighter.

And that's probably generous - from the GPU analysis appears that the tested unit has D700's which bumps the price to $8299 - a configuration that isn't mentioned anywhere in the article. About the only thing left to upgrade on the test unit is the RAM to 64gb.

Since the article calls itself a review, it would be better if the review unit was accurately described. It seems to me there's a bit of bait and switch because the performance numbers presented are not for the $3000 or $4000 presented in the article's lead.

bfrog 17 hours ago 2 replies      
A 1 year warranty is such a joke for this much money. I think this and the new mbp where should anything break you need a full replacement basically, need to have some serious warranty coverage changes. 3 years minimum in my mind. Just another way to nickle and dime you on something like an almost required extended warranty.

Apple, your stuff is mostly nice. Fix your product warranty and maybe I'll open my wallet.

thearn4 19 hours ago 5 replies      
Do a lot of folks here generally like Mac desktops? I've grown to like Macbooks because I do like working on a portable UNIX-y platform, and have had generally bad luck with Linux laptops in the past.

On desktops though, I'm willing to put more effort into settling software update issues/device conflicts, since I probably have to do that anyway to write performance-optimized code (depends on the exact purpose of the desktop though, but I do a lot of scientific computing). So a Linux/Windows split boot on a generic PC usually wins out. I used to do a lot of PC gaming, but that's really less of a factor now.

at-fates-hands 17 hours ago 3 replies      
Interesting they compared the new Mac to a workstation.

Older workstations these days are a lot more affordable and can easily be upgraded. Most MACS you're stuck with what you get.

Case in point, I just purchased an HP 8400 workstation for a friend. $320 for a dual proc 2.6GHz quad core Xeon, 16GB RAM, Two 320GB SAS drives in RAID config and ATI Fire V7350 1GB video card. Sure its a pig and isn't the quietest PC in the room, but it completely shreds anything I could find in a retail setting.

thirdsight 19 hours ago 4 replies      
I'm glad they mention the HP Z420. The killer for me on the Z420:

three-year Mon-Fri 8-5 next business day, parts, labor and 24x7 phone support,

They come to me.

Edit: to all the naysayers: I'm in the UK. HP here is pretty good. We have over 200 machines on next day and we've had only two (!) problems and they were relating to part supply resulting in a quick purchase on Misco that arrived next day.

patrickg_zill 14 hours ago 1 reply      
It is a well written review.

Note that the D700 specs match closely with the R9 280, 280X, or 290, cards which sell retail for $349 to $449 or so each (the Mac Pro has 2 of these in the 2x D700 config). See https://en.wikipedia.org/wiki/AMD_Radeon_Rx_200_Series . The 2048 shaders would match with the 2048 number for the 280X, I think (if I am reading the chart right).

The W7000 is the much more expensive "pro" version which has ECC RAM on the card and much less volume in terms of sales.

It's funny though, I remember as a kid, thinking how cool it was that you could have a backpack-able computer (the original Macintosh could be ordered with a padded backpack). Now at 11 lbs and not very large, you could almost do the same again!

corresation 16 hours ago 3 replies      
The one strange assumption that most Mac Pro reviews start with is a baseline of two compute cards -- that the Mac Pro is competitive when compared with other machines with two high-end compute cards.

But I don't want two high-end compute cards, and I suspect that many who are trying to convince themselves that they'll benefit from it will gain no value from it.

For many, many workloads, modern compute still represents an iffy proposition (at the price levels being talked about, the Xeon Phi would almost certainly represent a better proposition). With unified memory things might get more workable, but as is it remains a relatively fringe benefit, and it seems odd that the entire value proposition of the machine relies upon it.

themodelplumber 15 hours ago 0 replies      
I thought this post by the developer of Cheetah3D for Mac was interesting: http://www.cheetah3d.com/forum/showpost.php?p=79977&postcoun...

He's basically dumbfounded by the current situation :-)

songgao 18 hours ago 2 replies      
Does anybody know how much work is required to run Linux on this thing? I read some documents but found them complicated enough that I don't want to deal with on my daily computer. Also there seems to be driver problem related to thermal issues. So I ended up with virtual machines every time considering installing Linux on Mac.

Anybody running Linux on Macbooks or Mac Pro? Does it work well?

marincounty 17 hours ago 3 replies      
Apple needs to fix Mavericks before I ever buy anything from them. They have so much cash, and so many bugs in Mavericks?
ksec 11 hours ago 0 replies      
1. People hate Apple for whatever they do. 2. Those who said Mac Pro makes no sense have absolutely zero understanding in GFX market. 3. People who cries about Money Vs what you get to buy and build have absolutely zero understanding about engineering trade off. ( Which I expect HNers to have even from a software engineering perspective )
altero 15 hours ago 1 reply      
Configuration is kind of joke. 16GB RAM and zero free slots on high end desktop?

My PC had the same price three years ago, but it has 5GHz CPU, 32GB RAM, 1TB on SSDs and 5 TB on spin HDDs.

What Snowden really revealed aljazeera.com
164 points by kostyk  9 hours ago   26 comments top 7
Derbasti 5 hours ago 2 replies      
At this point, it may well be impossible to shut down the NSA. I imagine every opposing politician gets visited by some agent at some point, showing him records of his own wrongdoings.

Imagine every politician ever be forced to choose between the end of his career and opposing the NSA. How can we get out of this mess?

canadev 5 hours ago 2 replies      
I think this was well written and I enjoyed reading it.

It brought some interesting information to my attention that I was not aware of (e.g. the porn habit blackmail scheme) - there have been so many articles about the leaks that despite them being important to me, I've made a conscious decision not to read them all.

I really like the quote (that I can't find a source on) that he "defected from the American government to the American people."

Edward Snowden is one of my heroes. This is something I find that I don't say very lightly or very often about anybody.

joseflavio 55 minutes ago 0 replies      
"all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed" -- Preamble of the declaration of independence

It is going to be very difficult to motivate people to change something... until a big part of population is starving I believe...

Ygg2 6 hours ago 4 replies      
I wonder, at what point would NSA start manufacturing threats. It seems like clear progression of their behavior. Because you can't constantly cry wolf, you have to fight a straw-wolf from time to time.
DanielBMarkham 1 hour ago 1 reply      
Hey I'm as big of a hair-on-fire guy as the next guy, but this is getting too much.

A bit of context. Please.

The U.S. has always overreacted to existential threats. In fact, that's the way the system is designed. If it has to fail, it fails towards a dictatorial president and overbearing laws -- which are removed by a frequently-elected and truly representative Congress as soon as the threat is gone. We've been going along like this for 240 years or so. There is nothing new about the abuse of power or removal of freedoms (unfortunately).

So what's changed? First, internet companies are tracking every freaking thing you do online. They figured out that the average Joe will give up his privacy for free email, and they're having a field day with it.

Governments trump companies, and since the data is already collected, every government on the planet is wanting a piece of that action.

Second, there is no ever-changing Congress looking to score points with the folks back home. Instead, there's a static political system that fears looking bad -- and it's grown a perpetual fear machine built up around terror that can make it look really bad.

Folks do this issue a great disservice when they focus only on the U.S., or only on the NSA. Look guys, if the U.S. and the NSA disappeared tomorrow, you'd have the same problems you have now -- you just wouldn't know so much about them. This has nothing specifically to do with them. (I'm not making excuses, only pleading for context).

The tech community brought this on themselves. We are the people to blame. The trade-off of tracking data for free stuff was too good to be true. In fact, instead of the tracking data being almost worthless to the average citizen, as it turns out this data is much too valuable to give up under any circumstances, at least in the aggregate. Until that leaky bucket is fixed somehow, nothing changes.

boldklubben 6 hours ago 1 reply      
> We have sacrificed our freedoms and morals in order to make war on those abroad

There are unperceivable powers that be. Possibly and even likely without what we consider morals. Bear with me. When you had enough wealth and can own or have anything, what's next? It's human nature.

daphneokeefe 7 hours ago 0 replies      
This is one of the clearest explanations of the situation that I have read.
Watch pg write an essay in real time stypi.com
158 points by shawndumas  18 hours ago   59 comments top 21
austenallred 16 hours ago 1 reply      
This is fantastic. I've been an addict of http://reddit.com/r/artisanvideos for quite a while, because there's something fascinating and enlightening about watching artisans perform their work (for example, Alexis Ohanian designing the Hipmunk bellhop logo - http://www.youtube.com/watch?v=CYEQpwduyPU).

It's especially interesting to note that there are few, if any, words in the entire essay that he didn't edit multiple times. A lot of times when you read something as well-written as PGs essays you get the feeling that the person writing them just sits down and hammers out brilliance. But in reality, at least in the case of PG - and I would venture a guess that most great authors are similar - greatness comes through sweat and repetition more than raw talent, until eventually that thing becomes second nature - or does it ever? I would kill to watch some of the great authors of all-time (a la Shakespeare, Hugo, Dickens etc.) write in real-time - it would be fascinating to know what their process was like.

atmosx 21 minutes ago 0 replies      
This is fantastic, I thought I had some sort of dyslexia, because of my non-straight, back and forth type of writing :-P

Good to know I'm not alone. The more I read HN the more I find people, who are successful in their field and have the same behaviors as me. It's relaxing :-)

dredmorbius 13 hours ago 0 replies      
For a roll-your-own version of this, you can use the 'script(1)' shell command, the timing argument, console editor of your choice, and 'scriptreply(1)'.

Script is a Linux utility which makes a typescript of a terminal session. Traditionally this was mostly of use for shell sessions which didn't involve full-screen (ncurses) utilities, as the cursor-movement characters would typically present a jumbled mash on your screen.

Using the '-t' (or '--timing') arguments sends timing between movements to stderr, or the specified file. With this, you can then replay a typescript file, with the timing information, to show what was actually presented on screen. An optional argument varies the replay speed.

I've made use of this to log and replay serial console activity (available on most servers through IPMI or related hands-off / lights-out management tools), which can be both instructive and helpful in documenting steps.

Further fun may be had by playing the output of scriptreplay through the phosphor(6x) X11 screensaver hack.

insteadof 17 hours ago 1 reply      
Needs a moving background showing his face as he types up each word.
JumpCrisscross 8 hours ago 1 reply      
This functionality seems like it would be right at home in Google Docs.
trhaynes 16 hours ago 2 replies      
pg actually posted this himself, 1769 days ago:https://news.ycombinator.com/item?id=495336
fdej 17 hours ago 0 replies      
Just waiting for someone to quote a snapshot out of context.
sblom 17 hours ago 0 replies      
I seem to remember seeing this very same demo on Etherpad back when that was a thing.
goldenkey 17 hours ago 1 reply      
Cool. However, I feel that watching it, doesn't really give the full effect, requires tons of patience too. Couldn't the editing data be visualized in some data science illustration for a real insight into what it represents?
loteck 16 hours ago 1 reply      
The interesting part about watching this isn't watching it being written. It's watching it being edited. What to leave on the cutting room floor is always the hardest part, and Stypi's "Doomed" feature does a great job of showing you how someone comes to the decision to self-edit.
shadeless 14 hours ago 2 replies      
It would be awesome to see something like this with code - on hackathons especially.
hawkharris 15 hours ago 0 replies      
How can I speed up playback? I signed up for an account, but this doesn't seem to be an option in the actual app.
BlackDeath3 17 hours ago 2 replies      
What's the highlighting about?
itchitawa 14 hours ago 2 replies      
Is there a way to verify this is actually Paul Graham writing, not someone else who reenacted it based on the published essay?
mrcactu5 17 hours ago 2 replies      
who is pg? and is the playback function part of stypi?
rch 11 hours ago 0 replies      
So much fun, but why on new years?? I'd love to watch.
petergreen 15 hours ago 1 reply      
I'd really love to hear pg's comments of wether there is a piece of software, a tool, that could help him write the essays. Is there something that constantly comes to his mind when he writes, in form of "if only there was X so that I could Y".

Or anyone else's

simbolit 14 hours ago 1 reply      
what happened to Stypi? their last blog entry is more than a year old (which usually is a sign of death/abandonment).
szabba 11 hours ago 0 replies      
Any ideas on connecting Vim to this?
trevyn 17 hours ago 2 replies      
Real time?
kbar13 17 hours ago 0 replies      
This is really cool.
Uncomfortable parallels with the era that led to the first world war economist.com
154 points by JumpCrisscross  2 days ago   121 comments top 17
VLM 2 days ago 10 replies      
Not a very good analysis of the causes of WWI or application to today:


1) Cultural attitude of "eh, war is not so bad and higher tech means we'll be home by xmas". See franco-prussian war and the most recent "world war" being Napoleon's activities in the decade after the revolution a century ago. I'm not seeing much warmongering as a cultural phenomena. Of course that can change quickly, 90% of everything Americans see is from 5 media companies or whatever, so they can turn on a dime.

2) Germany surrounded by rapidly growing and arming enemies and no allies but Austria, paranoid lash out. But can you blame them? China surrounded by, um, Japan on one side? Is NK threatening to invade? Who exactly is supposed to invade China next decade if they don't invade today? Why would they be paranoid? Yes, maybe NK could try this scheme, but...

3) The root cause of the war being the ottoman empire decaying and almost dead and everyone wanted a lucrative piece of it. (edited to add, and no one wanted a competitor to get a piece of it, and willing to go to war to prevent it) Incredible trade opportunity. Maybe if you put the American Empire in its place and position this in the latter half of the 2000s century and starving people want our rice/corn? Anyway the sick man of Europe lead to crazy allegiance switching in the years prior to WWI.

4) The article skipped several points WRT the German/British alliance thing, Germany was a continental Army power and the UK had a spectacular navy. One nutcase admiral on the German side got them all into navy building leading to disaster WRT the natural alliance. Other than the crazy admiral (Tirpitz?) they were natural allies and their royalty were related, something crazy close like the Kaiser was Queen Victoria's grandson or something. Aside from the obvious trade issue that was brought up.

5) The dangers of multiculturalism. Austrian Empire was a multicultural nightmare basically think conditions in modern Iraq, no majority and everyone hates everyone and the only thing holding it together is a strong empire. Then the independent Serbians start going nuts so to prevent revolution spreading into their own empire the Austrian's fight the Serbians and the game is on. So, uh, who is the nervous feeling multicultural empire with the neighbor in revolution? Gonna try for USA again? Maybe with a .MX revolution next door? I think this is stretching it.

6) Speaking of revolution, Russia was falling apart internally and didn't do so well externally against the Japanese but holy cow do they have resources and manpower, so what better external distraction than a war? Again, I'm just not seeing it. Another allusion to the USA?

7) Who plays the part of Italy? Decades of "we're your ally" "nope just kidding". Another allusion to the USA maybe WRT having Japan's back?

Note if you have the USA play all the parts of WWI then its not much of a WWI anymore, is it?

In groups men are by nature irrational not rational, there is nothing inconsistent with the old quote about WWI being impossible because its obviously futile, yet they had a war anyway. I'm sure WW3 would be completely futile, we'll still have it anyway, but I don't think it'll be this decade and USA vs China or whatever.

JumpCrisscross 2 days ago 0 replies      
We show that the intuition that trade promotes peace is only partially true even in a model where trade is beneficial to all, war reduces trade and leaders take into account the costs of war. When war can occur because of the presence of asymmetric information, the probability of escalation is indeed lower for countries that trade more bilaterally because of the opportunity cost associated with the loss of trade gains.

However, countries more open to global trade have a higher probability of war because multilateral trade openness decreases bilateral dependence to any given country.

Using a theoretically-based econometric model, we test our predictions on a large dataset of military conflicts in the period 1948-2001. We find strong evidence for the contrasting effects of bilateral and multilateral trade. Our empirical results also confirm our theoretical prediction that multilateral trade openness increases more the probability of war between proximate countries. This may explain why military conflicts have become more localized and less global over time.


npt4279 2 days ago 6 replies      
Thankfully, I don't see WWIII starting anytime soon...

But I've always strongly thought the "globalisation will make war unthinkable" argument is naive. We're tribal creatures -Nationalism trumps economic interest at the end of the day. History shows this to be true.

As the author hinted at - Russia, Germany, Britain, Belgium, and France were each other's biggest trading partners - by far! Heck, a Belgium company built both the Belgium fortifications... and the German artillery that eventually breached them!

Nowadays, the entire world is trading... but Europe in 1914 was a good example of this principle applying continent-wide.

Convince society the other side is evil and a threat; dismiss and degenerate the peace-mongers as unpatriotic... and economic interest be damned.

x0x0 2 days ago 0 replies      
Only morons like the economist would look at the US not being interesting in getting involved in a war in Syria -- where we would have to choose sides between an evil regime and al-qaeda -- and conclude "This betrays both a lack of ambition and an ignorance of history." In fact, it betrays rather a good grasp of recent history -- see both Iraq and Afghanistan. Maybe America has finally learned to beware Republican assholes volunteering your (but not their!) children for war. One can dream, anyhow...
zw123456 2 days ago 1 reply      
The parallel that was drawn in the article is that the U.S. is playing the part of Britain (a waning super power), China plays the part of Germany (a country with an emerging powerful economy and national pride) and Japan plays the part of France. It is an eerie comparison. At that time, many thought that the close trade ties of those countries would prevent war. The comparisons are not perfect of course. It does seem like there is an approximate 50 year cycle of large conflagration, perhaps because that is the approximate human generation, just enough time for people to forget the futility of war. Hopefully history will not repeat itself, but it often does.
Houshalter 2 days ago 1 reply      
No nuclear armed country has ever been invaded and war between two nuclear armed countries seems ridiculous.

On the other hand, as the article says, people in 1914 were making similar claims about the interdependence of their economies and their new technologies.

Still, it's quite a different situation.

jusben1369 2 days ago 3 replies      
It's an interesting time to be writing articles like this. Afghanistan, Iraq then the 2008 financial crisis. America lost prestige and the economy shrank considerably. These factors, real and perceived, coincided with the ongoing rise of China who for the most part avoided a real let down. I suspect that when we look back in 5 years from now we will really see 2013 as the last year of this low point. The US economy is finally rebounding - Q4 GDP looks very impressive. With lowered deficits and an improving job market citizen interest in politics will lessen. This will increase the ability of the US to play a more proactive role internationally again. Secondly, there are very troubling signs coming from China in terms of their own banking system. We know there's a shadow banking system and many failed enterprises are propped up. And, they're still a 1 party authoritarian state. I'm not sure how long the Chinese people will be ok with that; especially as their population ages and their middle class expands.

I wonder about the next 10 years or so and whether the US will rebound and China will finally face challenges they can't simply overcome via spending.

forgottenpaswrd 2 days ago 0 replies      
The article is full of oversimplifications like WWI was "because of Germany". Oh , yeah. Why thinking when you can blame someone else?.

An article about WWs in the Economist should talk about economic data, about banks burning and destroying the savings of decades of the work of the people. They need to talk about Oligopolies, about Roosevelt(Teddy) trying to do something about that , but at the end the biggest of all(the Fed) being created in 1913.

They need to talk about Africa and middle East, and India colonies and commerce at the time.

But this has a problem: It is not as easy as "blame the Germans!"

"The second precaution that would make the world safer is a more active American foreign policy. "

Oh yeah, again.

"Barack Obama has pulled back in the Middle Eastwitness his unwillingness to use force in Syria. "

Wow, this is the better line of all. If something Syria has shown us is the willingness of US to use force in Syria, only being stopped by China and Russia.

"But unless America behaves as a leader and the guarantor of the world order, it will be inviting regional powers to test their strength by bullying neighbouring countries."

Today the US is the biggest bully of all. If any parallelism is to be extracted from WWs to today is countries like China behaving like the US of the past, as creditors of the world, while the rest of the world overspends and get in as many wars as possible to protect their turf.

JeffL 2 days ago 2 replies      
It's really hard to see anything big starting up in Europe, since all the countries are now officially democracies, and those that are at the corrupt end of the spectrum are not the most powerful. R. J. Rummels arguments about how democracies don't go to war against each other are pretty compelling. http://www.hawaii.edu/powerkills/MIRACLE.HTM

I guess the biggest potential problem would be China, but do they really have any allies for their side that would cause a "world war"? Seems to me like if they started anything, then it would be them against the entire west, and as long as we don't feel compelled to invade them, they don't have a lot of power eh can project.

maxtaco 2 days ago 0 replies      
I recently read a fabulous history of WWI (G.J. Meyer's _The World Undone_). What struck me is that if you modeled Europe in 1914 as a distributed system, you'd see incredible latencies between decisions being made and decisions being carried out. Kaiser Wilhelm and King George (first cousins!) were negotiating to stave off the war long after Germany's decision to mobilize, and might very well have succeeded were it possible to reverse the mobilization decision. The German generals insisted it wasn't. And even before then, Germany's decision to mobilize was based on reports of Russia's decision to mobilize, which also took weeks to carry out. If communication and military latencies were shorter, maybe the war could have been avoided. It was like the world's worst race condition.
dmfdmf 2 days ago 0 replies      
If we want to talk historical parallels a better one is the invention of the printing press and the invention of the internet. The printing press destroyed the Catholic Church's social and political power at its peak.

The internet has destroyed the traditional news media's ability to set the political and social discourse and thus agenda. The NYT and ABC, NBC, CBS are no longer able to set the political and social agenda, like everyone else they are following the internet. Recall that the recent 60 Minutes puff job on the NSA (and secondarily a hit piece on Snowden) fell flat and was generally panned by independent voices on the internet. This gambit was telling in that the powers that be are still playing by the old playbook. 25 years ago this 60 Minutes "news" report would have ended the discussion.

To echo the point of the Economist article, this is a dangerous time and nuclear war is one very real possibility. We are living in the middle of the greatest social revolution in the history of mankind, since the invention of the printing press 500 years ago, and nobody can really say how it will play out.

Read this article by Clay Shirky from 2009 for a better explanation;


abalone 2 days ago 0 replies      
Is anyone else seeing a Breitling ad featuring WWII fighter planes and "sexy" girls winking at the pilots?

Really unfortunate pairing.

(Really the sexing up of war is pretty distasteful under any circumstances but this just takes the cake.)

bayesianhorse 2 days ago 0 replies      
On some level I am quite glad that china, its neighbors and the US are arguing over some rocks and some identification zone.

It looks more like an ritualistic show fight you sometimes see in the animal kingdom than an eve of war.

For that matter I am quite glad that they are not rattling their sabers about Taiwan...

Nothing about the disputed island would be worth even a very small scale war, much less the risk of a bigger one. There's just no profit in it. On the other hand, battles about islands (like the Falklands War) tend to cost a lot less lives, especially civilian, than any land-based war.

No, this is more about China trying to harness nationalistic emotions on the one hand and their "opponents" not wanting to present China with an opportunity for actually profitable wars or threats.

If for example the US and Japan would back down, China might "negotiate" the annexation of Taiwan in the near future, which would be profitable. There have been rumors of such attempts already, and China's military buildup makes this ever more realistic.

filbertkm 2 days ago 5 replies      

"Once you've registered, you can read up to three articles each week."

pretty sure I've not been to economist.com in a while. :/

fatca 2 days ago 2 replies      
There is one major difference: Since the Snowden affair, the United States no longer have allies.
kor4life 2 days ago 0 replies      
lispm 2 days ago 1 reply      
Another weak article from the british Economist.
       cached 1 January 2014 16:11:01 GMT