Well, pg has earned our trust and deserved the benefit of the doubt when something so off kilter as this is attributed to him. He did not get it here, and that is a sad testament to how crowd-inspired frenzies can bend our perceptions in such faulty ways. Let us only hope that we can learn some good lessons from this.
pg's response is actually priceless: it is like a soft-spoken witness upending a bullying lawyer who had just viciously attacked him, leaving the attacker reeling for all to see. Indeed, the mob looks pretty much like an ass at this point and kudos to pg for his more-than-able defense. Very lawyer-like, in a way, but far more classy.
In a similar vein, I'd love to see YC take on one or both of the following:
1) Do at least one application cycle completely blind. How could you accomplish this? Much like in the concert auditions where this was first tried, put people behind a curtain--and then use technology to change their voices so every voice sounds the same. I think it would be a really cool experiment to see if different types of companies or a more diverse founder set would get funded.
2) Publish more stats on the success of YC companies, and publish stats on % of female(, black, ...) founder applications submitted, % accepted, % funded after acceptance, etc. Of course, I'd fully expect that this would be "opt-in" from the founders as well--i.e. each set of founders would need to agree as part of the application to have their data anonymously shared. You could also share data on % who opted to not have their data shared. (Techstars is doing some great stuff with their stats here: http://www.techstars.com/companies/stats/ )
I've talked to many female founders and YC does have a reputation as a "frat house" (I told one of the YC partners that personally when he asked me to apply.) I decided to not apply to YC and instead was in the first Techstars Austin cohort, which was a fantastic program overall. Techstars definitely seemed more welcoming to women from my perspective as a geek-turned-tech-entrepreneur.
I'm hoping this is the start of breaking down the "frat house" reputation around YC and getting more women actively involved with it.
The discussion about women in startups has completely come to a halt now and has shifted to discussing whether Paul Graham is a sexist.
The most sickening part of this whole ordeal? That these shit-stirring "journalists" are praised and said to have some sort of talent by their respective circles for knowing how to "shake things up," and their higher-ups want nothing more but for them to continue.
Over Thanksgiving a friend of mine who is studying for his Masters in Philosophy introduced me to the formal concept of the 'Principle of Charity'  which is on the hearer's part a requirement of applying the most reasonable interpretation of the argument presented. When pg wrote this:
"Also (as we've seen), if you talk about controversial topics, the audience for an interview will include people who for various reasons want to misinterpret what you say, so you have to be careful not to leave them any room to, whereas in a conversation you can assume good faith and speak as loosely as you would in everyday life."
It connected with me that both in the interwebs and here on HN too often people do not apply this principle, either in prejudice or in ignorance, to the topics being discussed. That is really too bad, because it helps the quality of the discussion tremendously.
Data source: https://docs.google.com/spreadsheet/ccc?key=0AjPFdCURhZvddHJ...
I really like when the move for more female participation in programming is more of removing barriers that would otherwise discourage females from participating (sexism, snickering, etc.) and less pushing females into programming.
As we all know, PG runs a company where his bottom dollar comes from the success rate of startups. It's not hard to draw the conclusion that people who naturally enjoy doing something are more successful at it on the whole than people who are pushed into doing something.
PG just happens to operate in a space dominated by males, because of this I imagine some people feel he has a responsibility to push the female programmer movement forward. I certainly don't imagine him holding female programmers back, with the female founders conf he's announced it sounds like he's trying to help. That said, I think PG is a "pull no punches" kind of guy, so while he is aware of the lack of female founders I don't think he's going to lose sleep over it as long YC continues to succeed.
It's sad that pg feels he has to waste time doing these type of clarifications. Especially since he's not even holding any controversial opinions in either case, but is merely observing what he has seen at YC. I wish more people would be harder on the trolls with nothing but superficial criticism. Ignore them, and if they gain traction, despise them, the same way you despise spammers.
There's an asymmetry here. The trolls lose nothing on their vitrolic rants. For them it's a win either way, since at worst case they get some page views, whereas pg has to spend time dealing with bullshit. It would be more just if these trolls were punished, and pg weren't made to feel like he has to respond like this.
EDIT: I did read the article and know he was allegedly tricked, but my questions still stand. It was a long interview to just be a background about Jessica, and it was for a profile using the YC name to get $400 subscriptions. If they lied about the reasoning and then edited his words to say something completely different, I would have thought he'd be more outraged.
 http://ycombinator.com/ideas.html see #3)
The same thing happened again with this controversy. Here's at least one rebuttal from a leading female founder: https://t.co/1NbszBqlB1
Is it too much to ask of the press to at least look into a person's actions before piling on with criticism of a purported quote rehashed by a known instigator such as valleywag?
I'm Middle-Eastern (probably a smaller minority in the North-American tech scene compared to women), and while I (like most people) would certainly like to be surrounded by more of my brethren, it's not something I'd be comfortable spending resources on because the return on investment is so nebulous; diversity of views isn't automatically beneficial as is commonly assumed (an extreme example: you wouldn't expect a conservative big-corporation suit-wearing type to benefit a two-founder startup team).
It also seems a bit arrogant to tell people 'you should stop pursuing X and learn coding instead'. I wonder what would have happened had someone convinced Marie Curie, Jane Austen, or Hillary Clinton to go into programming instead of their respective fields (yes, I realise computers weren't invented in the case of the former two, but I hope you understand my point).
Finally, why is all this restricted to women only? Should I start advocating for Arabs? Africans? Inuit? It very quickly turns into a lot of duplicated effort. What's wrong with treating everyone equally? Not to mention that special-casing also reinforces the idea of 'us' and 'them', which I don't feel is productive either.
(throwaway because I don't want to be burned at the stake for publicly asking such questions)
For example, you say that you don't know how you'd convince 13 year old girls to be interested in programming. The normal interpretation is, 'Clearly 13 year old girls are very rarely interested in programming, and Paul Graham doesn't know how to change that.' The nasty interpretation is 'Paul Graham thinks that girls are intrinsically incapable of being interested in programming'.
It's easy to be offended by things. It's also obnoxious and often irresponsible.
He did only refer to programmers. That's true.
But what he left out is that, he defined programmers as the "pool of potential startup founders". (You have to read the full transcript to notice that.)
So he is not actually referring to a subset of women. He very clearly says women as a whole are underrepresented as founders because they haven't been hacking since age 13 like the attendees of PyCon and open source committers, because it's really hard to get 13 year old girls interested in hacking.
It's completely clear when you read the transcript.
I think we could do with fewer of those stories on HN, truth be told. They seem to generate a lot of heat and little light, and are generally about "off-topic" subjects without being intellectually gratifying.
1 - Most notably, as a gatekeeper in startup culture (<- this seems to be causing confusion: not a gatekeeper to doing a startup, but a gatekeeper to YC which can often be important in succeeding as a startup in my and many other people's opinions), it seems pretty willfully ignorant to assume that you'd know if you were biased against female founders because if you missed some you'd know. If women are a group that starts on the outside to, as a gatekeeper you'd need more than that to know if you're keeping the gates properly, since we it'd be pretty hard to argue the system as a whole isn't a boys club.
Moreover, anyone who has read pg knows this kerfuffle was likely spam. I'm just sad our culture has degenerated to convict first, ask questions later.
Shameless has supplanted shameful.
And despite PG and YC giving every indication of wanting to change the situation, a simple statement of the situation (if it's out-of-context or not) makes people pick up their pitchforks?
I'm glad to see such a thorough, intelligent reply from PG. He is extremely careful and precise in his language, without coming across as robotic or inhuman. It's impressive.
But this kind of thing is going to continue to happen. There is no market for taking an honest man at his word without reading subtext into it. The opinion ecosystem is a cesspool of the worst pieces of humanity. "Reporting" on Silicon Valley from the east coast would be hubristic and a folly if the organs involved had any intention of doing so honestly.
PG is fortunate that he is self-employed which provides some barrier against the power of the easily-offended. Somehow the talkers have gained power over the doers, and it is wrong. We live in a time when a person lower in an organization could easily find himself out of a job for an off-handed remark.
Teddy Roosevelt most eloquently described what is wrong with Gawker:
"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat."
PG picks the best.
it's time we step up to plate ladies. if we want to compete toe to toe with the gents then we have to be better than the ones we are up against. period. if you're better, trust me, he will pick you regardless of your gender.
it might even be in your favor if you just happen to be a woman on top of being better :)
I wonder why pg thinks being a programmer is a prerequisite for looking at the world through hacker eyes. The notion that Zuckerberg could have started Facebook as a non-technical co-founder doesn't seem unreasonable to me (and you could even argue Steve Jobs, while having some technical chops, wasn't the typical uber-hacker-has-been-doing-this-since-age-12 programmer). Or not?
It's important for all of us to remember that the incentives of the media and their subjects are not necessarily aligned, and that bombastic distortions such as this are common.
It's sad that pg feels he has to waste time doing these type of clarifications. Especially since he's not even holding any controversial opinions in either case, but is merely observing what he has seen at YC.
I wish more people would be harder on the trolls with nothing but superficial criticism. Ignore them, and if they gain traction, despise them, the same way you despise spammers.
I know things are taken out of context, and quotes/sound bites can be selected and presented out of sequence, but actively editing the quote seems absurd and beyond anyone who honestly thinks they are reporting something accurately.
In your arc article: http://www.paulgraham.com/arc0.html
you have the following few sentences:I realize that supporting only Ascii is uninternational to a point that's almost offensive, like calling Beijing Peking, or Roma Rome (hmm, wait a minute). But the kind of people who would be offended by that wouldn't like Arc anyway.
Here's the issue: "the kind of people who would be offended by that" - I realize that "that" refers to ASCII only support, and I agree with your statement. But it took me two minutes to figure that out. Indeed "that" might as well refer to Chinese people being offended by the colonial label of Peking instead of using Beijing. I thought you might want to fix this infelicity of expression.
With that said, I do think that the moderation / upvoting / flagging of Hacker News is overwhelmingly male. I sometimes see sexist comments here, and there doesn't seem to be a good system for women to flag and remove those. This is a problem in my opinion.
I see a link to https://www.theinformation.com/YC-s-Paul-Graham-The-Complete..., but there's no way I'm subscribing to this junk website.
PG has done a lot for the community and I think he deserves a conversation rather than a lynching. I'm calling for a more civil discourse on sexism. We could say that I'm baised bc my cofounder was similarly attacked by Valleywag, but it's very reasonable to say that these conversations could be handled more thoughtfully.
realizes there isn't a lot of substance to most of the comments
goes back to programming
This would be different if there were no context, but there is a lot of context.
I have some friends in top positions and the first thing they learn is about this techniques. There are predators out there wanting to eat your hardly earned reputation for their own benefit or agendas.
And All Those Who Violate This Law Shall Be Marked "B" for Bigot. And Know Ye Well That Those Who Wear This Mark of B Shall Be Cast Out of Society and They Shall Be Demonized Forever....
Know Ye These Laws!
Controversy is the product, not informed readers.
just say whatever "they" want you to say (whatever is pc these days) and keep your head down and keep hacking.
Given the way my mother cooks, I can state that when it comes to food she totally can be a called a hacker :-)
Would also be interested in seeing what the relative success/failures of investments with startup founders at 23 w/ 10 years experience (started programming in teams), vs 28 (who started programming at 18).
" The controversy itself is an example of something interesting I'd been meaning to write about, incidentally. I was one of the first users of Reddit, and I couldn't believe the number of times I indignantly upvoted a story about some apparent misdeed or injustice, only to discover later it wasn't as it seemed. As one of the first to be exposed to this phenomenon, I was one of the first to develop an immunity to it. Now when I see something that seems too indignation-inducing to be true, my initial reaction is usually skepticism. But even now I'm still fooled occasionally."
In some countries it's legal to record any conversation you're a part of without informing the other participants so many people are on their guard. Even in everyday life with people you know well, they or you might be carrying a mobile phone manufactured by certain company or running a certain OS that listens, even when turned off with the battery still in, on behalf of some party who'll never be prosecuted and often never even exposed, and there's a lot of those sorts of people out there. Perhaps even a higher than average percentage of Hacker News visitors are these sorts.
This has been true in academia for years.
"What I was talking about here is the idea that to do something well you have to be interested in it for its own sake, not just because you had to pick something as a major.So this is the message to take away:
If you want to be really good at programming, you have to love it for itself. "
While I 100% agree with your final above statement, I find it concerning that you would label everyone with a "CS major" as having motivations outside of a "hacker". I fail to see how they are mutually exclusive. I hope this was just a unfortunate choice of words.
It is difficult not to love things that you've discovered for yourself and learned to do as a kid. So the following:
> If someone was going to be really good at programming they would have found it on their own.
while not required, could be just an 'often encountered' case.
From http://en.wikipedia.org/wiki/Steve_Carlton ...
Carlton slumped in 1973, losing 20 games. The media's open questioning of his unusual training techniques led to an acrimonious relationship between them and Carlton, and he severed all ties with the media, refusing to answer press questions for the rest of his career with the Phillies. This reached a point where, in 1981, while the Mexican rookie Fernando Valenzuela was achieving stardom with the Los Angeles Dodgers, a reporter remarked, "The two best pitchers in the National League don't speak English: Fernando Valenzuela and Steve Carlton."
Sometimes I wonder if more people responded this way, "professional journalism" might actually have a chance.
but that's just my opinion on the matter.
Go write some code instead.
I mean, it's pretty clear that women excel at language acquisition over men, and these are just computer languages.
Let's say, ceteris paribus, 10,000 hours for adolescent boys, 8,000 hours for adolescent girls. Supposing this is the case, given the history of computer science, I doubt really any one of us is in a position to define credibility on solely that metric of time spent.
Clearly environment plays a very significant role here, and it goes without saying, given the larger cultural context of the West, that women have been excluded. I mean, Women's Suffrage was, like, a century ago.
I'm just going to assert that I'm quite postive more than half of you are talking jive, and that's not good.
When I was a kid I was told a story as a means to communicate the gravity of telling lies. A lie, as the story goes, is like ripping open a feather pillow atop a mountain. Feathers fly everywhere. To undo a lie you have to collect every single feather, a task monumentally more difficult than telling the lie.
The Internet multiplies the power of the lie at every level. From a simple comments to blog posts to more established media outlets. Since the feathers can't be collected the damage can be extensive, permanent and even outlive the victim. Given this it would almost seem that the law needs to develop beyond liebel and slander (which I think might not be up to the task).
Anything about DongleGate
Anything about PronounGate
Anything about CPlusEqualityGate
But when They Came for Paul, then he wanted us to know what he said.
Sadly, I was already gone.
In fact what he did apparently was to take these sorts of threads down and encourage moderators to kill them.
Now of course, he abuses his power as publisher to host this thread where we can deify him, thank him, and and apologize to him.
What bothers me more is that damaging PG's public image is seemingly what it takes for him to prioritize writing an article about female founders.
I don't think YC needs to have affirmative action for gender; it would neither be fair or that effective. However, I think they're in the perfect position to inspire younger generations to start hacking. And this must specifically include girls.
My cofounder is a woman, who was contributing to Debian at age 15. Our first employee is a woman, with a MS from the operating systems group at MIT CSAIL.
There are lots of women hackers out there, but none of them are partners at YC. This press is disappointing, but not unexpected.
Rails and django were released about the same time, rails is on version 4, django is on 1.6.
Moving slowly means I can spend more of my time writing code and less of my time upgrading old code. More importantly, every release requires a perusal: did the API change, what's new, are there breaking changes I need to be aware of?
I didn't appreciate how nice a slow but consistent and deliberate release cycle was until I started using Ember which seems to release a new version monthly.
Its generally acceptable to be one or two x.x versions back, but much more than that and the cost of maintaining libraries skyrockets, so you start losing bug fixes and library compatibility.
With python there's not really a question of if I can run my code for a year between non-security upgrades, even with a few dozen third party libraries. That stability is immensely valuable.
However it has been interesting to follow over the last five years. It has been a sort of, "what if p5 broke the CPAN," scenario played out in real-life. Breaking compatibility with your greatest resource has a painful trade-off: users.
Everything I work on is not even considering a migration to Python 3. OpenStack? A tonne of Django applications that depend on Python 2-only libraries? A slew of automation, monitoring and system administration code that hasn't been touched since it was written? Enterprise customers who run on CentOS in highly restrictive environments? A migration to Python 3 is unfathomable.
However my workstation's primary Python is 3. All of my personal stuff is written in 3. I try to make everything I contribute to Python 3 compatible. I've been doing that for a long time. Still no hope that I will be working on Python 3 at my day job.
Sad state of affairs and a cautionary tale: "Never break the CPAN."
There are many examples of systems where many look at them today and say: "This is terrible, I could design a better/less-complicated system with the same functionality in a day". Some examples of this dear to my heart are HTML, OpenID, and SPDY. It's important to recognize the reason these systems succeeded is they sacrificed features, good ideas, and sometimes even making sense to provide the most critical piece: compatibility with the existing world or a migration plan that works piecemeal. Because without such a story, even the most perfect jewel is difficult to adopt.
The OP, about Python 3, is right on except for when it claims making Python 3 parallel installable with 2 was a mistake; doing that would make it even more impossible to migrate to 3 (unless the single binary was able to execute Python 2 code). (Also related: how Arch screwed up Python 3 even more: https://groups.google.com/d/topic/arch-linux/qWr1HHkv83U/dis... )
The ability of the ruby core team to manage not just the technical aspect of making the language better, but smooth the transition in a way that actually succeeded in bringing the community (and even alternate ruby implementations) along with them, hasn't been given nearly enough credit. You could analogize it to Apple with OS 9 -> OS 10.9, versus Microsoft with people still running XP
For all intents and purposes, Python 3 is pretty much a new, separate programming language. Sure, it's very close to Python 2.x, but you don't have out of the box retro-compatibility so that pretty much kills it right there.
Python 2.x is so huge in terms of its use around the world and available libraries and resources for it that you just can't say "hey, the new version of Python will in practice break everything" and expect it to fly.
I love Python and the community around it (and have several packages on pypi myself), but Python 3 is a joke.
If we didn't want to kid ourselves, we'd kill Python 3 and back port the interesting features, like Alex suggests. At this point though, too much effort and egos are involved to make this realistic.
In fact, it's 3.4 that really starts to wet the beak with asyncio and enum. I'm not sure 2.8 needs to happen, if 3.x simply, and finally, has good reasons to get on board.
If you cast a wider net, and talk to people at conferences that have nothing to do with fancy programming languages (and certainly not about Python itself), people aren't using Python 3, and the feelings about Python 3 are mostly "sarcastic bitterness" (where like, you bring up Python 3 and they kind of laugh a little like "yeah, no, obviously") surrounding the problem mentioned by this author that "for the last few years, for the average developer Python, the language, has not gotten better" while being told that upgrading is easy or somehow intrinsically valuable to them, which as this author points out comes across as the Python community just saying "fuck you" to their needs.
To begin the migration, we needed to move from Python 2.6 (which is the default on our CentOS6 production boxes) to Python 2.7. This transition is actually rather hard. We can't use the packages provided in CentOS base or EPEL, because they are all complied against Python 2.6. To re-produce all of our package requirements would require us to either build new packages of the compiled libraries (such as MySQL-python, python-crypto, PyYAML, etc), or load down our production environment with a compiler and all of the development libraries.
Migrating from Python 2.7 to Python 3 would have required a nearly identical effort (there's not a lot of Python 3 packages for CentOS, in particular the packages that we need for our application).
Frankly, it's just not worth that effort at this time. Python 2.6 is the default environment, there's solid package support for it, and it just plain works. We'll make that dive when Python 3 becomes the default for CentOS (scheduled for 8 or 9, IIRC), and probably not before.
Here's my idea. Make a new "Python 5" (2+3=5, or call it whatever you want), based on Python 3. Put back everything that was deprecated or removed along the way, including the `print` statement. Provide `from python2 import xx` or `from python3 import xx` if there are incompatible module changes. To deal with the string changes, introduce an idiom like:
bytes, str, unicode = python2_strings bytes, str, unicode = python3_strings
from python2 import bytes, str, unicode from python3 import bytes, str, unicode
The goal would be to have 95% of legacy code run without modifications, or with a minimal addition of 2 lines to the top, or a command line switch.
They read this, or you show it to them: Should I use Python 2 or Python 3 for my development activity? https://wiki.python.org/moin/Python2orPython3
It starts off very encouraging: "Short version: Python 2.x is legacy, Python 3.x is the present and future of the language"
Then we skim down to the meat of the page: Which version should I use?
Two short version stating that 3 is great, and you should use it. If you can.
And about 20 paragraphs of caveats.
To the person who's been around the block once or twice, or doesn't want to be seen as that pie in the sky programmer to his boss whose focus is not programming and doesn't give a shit about new, what stands out is "you can use virtually every resource available in 2, and almost mostly totally in 3 also."
And if you're new in any sense, do you really want to spend the time researching if 3 is going to work for you or your group/boss/career? No, you pick 2 and GSD.
When that page is gone, or its caveats are substantially reversed, 3 will be the choice.
This sort of reminds me about PHP 6: a project with initially high momentum and various ideas to clean up the language. But over time it became clear that upgrading from the land of magic quote and register globals (PHP 4) to PHP 6 would have been too much of a jump.
So instead they slowly started deprecating and making improvements within the PHP 5 stream, and bit-by-bit PHP has moved on.
The change from Python 2 to 3 doesn't look dramatic, but I can understand why there's an air of lethargy regarding the upgrade.
Would it be at all feasible to enable Python 3 to import Python 2 code? I imagine this could be done without making Python 3 fully backwards compatible, but I might be wrong.
PyPi makes it so easy to just add small libraries as dependencies to your project. This is part of what I like about it, but it comes with a cost - this exact problem.
I actually find the unicode thing a good enough reason to move to Py3, and porting my company's own code is hardly and issue. But I just had a quick look at how much of our dependencies support Py3. No surprise - we can't move. Not without porting a huge amount of code we don't know by ourselves and hoping the pull requests get merged, or by dropping big dependencies from our code.
How big? Thrift, boto, MySQL-python, hiredis (the native C redis connection layer), fabric, mrjob - just to name a few. Some of these have big non compatible dependency trees themselves.
Neither of those are going to happen. So not having a big enough incentive is not my problem here. The price of migrating is simply too big compared to the incentives.
I think the only big enough incentive that would cause me to consider replacing or porting all this huge chunk of dependencies, is something indeed along the lines of GIL-less massive concurrency a-la Go.
But that doesn't seem to be happening any time in the foreseeable future. Python 2.8 is a good idea for me as a user, but it will only persist the problem, not solve it. I don't have any better idea other than Python should grow one huge carrot to create a tipping point, and enough pressure on library maintainers to hop on.
I did it because I was trying to parse Unicode in XML (Apple iTunes music files) and Python 2 is completely broken when it comes to unicode.
I consider Python 3 a big "fuck you" from Guido to the community. I don't think he intended it to be so, but the effect of the long transition, and the lack of backported features in Python 2 (which could be easily accomodated), coupled with only limited adoption of Python3, demonstrate the leadership needs to pay closer attention to user pain.
Finally, I don't think Python will ever address the simple and most important core issue: lacking good multithreading support will make the language continue to be more and more marginal. CPUs aren't getting much faster, the CPython serial runtime isn't getting any faster. Multiple cores on a single chip, and multiple threads in a core, are getting more numerous- and not being able to take advantage of them using the obvious, straightforward memory-sharing, multi-threaded techniques the chips are design to run well- is just a clear ignorance of the future of computing designs.
I switched back from Python to C++ when shared_ptr and unique_ptr, along with std::map and std::vector became standard enough that programming in C++ became easy: convenient memory management, and maps/vectors are the two things that C++ adds to C that are valuable. Then I switched to Go because C++ compilation times are so bad, and writing high quality concurrent code is hard.
OS X ships with 2.7.5. For a casual python user, sticking with what is there and working is safe, especially when the benefits of 3.x are unclear.
Also, the core devs got at least some things right with Python 3.3 by making it a lot easier to write code that targets 2.7 and 3.3 at the same time. In retrospect, that should have been the focus much sooner.
I'm annoyed that it's looking like ruby 1.9.3 will be end-of-lifed sometime this spring, and I'm going to have to go and deal with updating a bunch of apps to ruby 2.0 or 2.1; it seems like it was just yesterday I had to spend way too much annoying time updating them all to 1.9.3 in the first place when 1.8.7 was EOL'd.
And don't get me wrong, 1.9.3 is _so_ much better than 1.8; and the update to 2.x will hopefully be not so bad, but it's still time I'm spending on the treadmill instead of new features.
Is there any path between the continual forced march of updates of ruby, and the lack of urgency so nobody ever upgrades of python?
The phrase that I have stored at the moment is "Python 3 is the future of Python." Fine. Great. But that's not good enough.
This page needs to be updated: https://wiki.python.org/moin/Python2orPython3
It should be shortened to read, in its entirety, "Python 3."
If not, that tool seems worth writing, and then we can do a poll of some major production codebases and see whether Python 3 support is actually missing.
As for "Python 2.8": meh. I think we should just support the development of tulip / asyncio in Python 3.4 (see docs, this is looking awesome already: http://docs.python.org/3.4/library/asyncio.html), then use our blog platforms as Pythonistas to promote all the new async programming you can do using asyncio + Futures + yield from, port over important async frameworks like Tornado/Twisted, etc.
In that case, Python 3.4 becomes the Python release that gives you all the power / convenience of Python 2.x with a complete cleanup of callback spaghetti code as demonstrated in the "hello, world" co-routine example: http://docs.python.org/3.4/library/asyncio-task.html#example... -- I think async programming is mainstream enough, especially in web/mobile/API applications, that this will be a compelling draw for people.
I think the only thing GvR and crew got wrong is the timing -- it probably won't take 5 years from release for everyone to migrate to Python 3, but it will take more like 8-10. But it'll happen.
It's nice to see that pythonistas are starting to accept what an outsider saw give years ago.
Frankly the problem is a culture of overpromising and underdelivering that is endemic to Python. The situation with threading in PHP and Python is really the same: "it almost works" but the PHP community is responsible and says you shouldn't really use threads and the Python community is irresponsible and says "come in the water is fine".
The developers of languages such as PHP, C# and Java value backwards compatibility. Certainly things break from release to release, but some effort is made to minimize the effect, whereas in Python 3 they rewrote important APIs and broke a lot of stuff that they didn't have to break.
I'm at the decision point of which one to learn for a long languishing project I want to use it for. If I could write in 3.x and use the 2.x library ecosystem there would be no glitch whatsoever in my decision process. 3.x seems sufficiently advantageous _as a language_ to make the choice easy. As is, however, since I do not yet know what within the 2.x ecosystem will prove to be important or essential, my only intelligent choice is to maximize my options and go with 2.x. The advantages of the 3.x language don't even begin to outweigh the potential disadvantages of coming up short.
I consider this irrevocable break with backward ecosystem compatibility (given the magnitude of the ecosystem) to be the worst, most egotistical decision I've ever seen in the computer field. Almost a death wish.
My proposal: Call it a development version, and ask the community to upgrade when Python 4 fixes GIL, adds support for GPGPU, multicore, adds semantics useful for going fast, true lambdas, tail recursion, and adds all sorts of similar pretty things.
Forcing an upgrade down a community's throat worked for Microsoft when they had a monopoly and could stop releasing security patches for older versions. And even then not well, and giving huge numbers of botnots.
Anything short of that is likely to fail and just hurt the size of the Python community. If I'm switching, there's also Ruby and a few other places to go that aren't Python 3.
I don't like, want, or care about Python 3. It's a regression for me. It's not a popular view, so I'm not vocal about it, but I don't think I'm in the minority here.
How difficult would something like this be?
This might be really naive on my part. I haven't really taken the time to study the differences between 2 and 3. I have avoided 3.x out of entirely selfish reasons: I simply don't have the clock cycles to run into roadblocks.
These days languages are only as valuable as the breath and quality of the libraries around them. The issue with 3.x is that it created fear of not having access to small and large libraries developers leverage every day to be able to focus on their problem and not the problem addressed by the library. In that regard it is easy to be inclined to criticize Python leadership for approaching the transition with what might be perceived as a lack of consideration and understanding of the factors that might hinder it.
Just learned about 2to3:
Not sure how good it is. A quick look at the page gave me the sense that it might be somewhat involved. A true converter would be something that is as easy to use as the the import statement. Something like:
import2to3 <some_module>, <some_destination_directory>
My current projects are currently compatible with Python 3 and it's my main target whenever possible (depending on the dependancies).
But all in all this is one of these little things that make developping in Python less fun than before. This is not my preferred language anymore.
It won't change anything for the shop that has a million LOC, but it might start to budge that 2% number.
Consider me an average programmer, I have been using python for a year+ now. Most of the everyday stuff can be done in 2.7, some functionality I need / can't do I google and get a solution which works in 2.7. Why Py3 is not adopted is because there is not much benefit you get for doing the extra work (think chemistry - activation energy)
On another note, why can't we port it the little goodness back to 2.7 ?
I'd personally like to see pypy bundled and a complete package manager solution, as well as usability features like bpython. I don't think it is necessary to dump it. It just needs a little excitement.
Still, after many years I am finally planning to move my stuff to Py 3.4 when it comes out next year. No particular reason, it just feels like it is time. Shame that it doesn't look like it will get into 14.04.
I've heard the counterargument about backwards compatibility. That hasn't ever been just a 2 vs. 3 thing though. pyOpenSSL works with 32-bit 3.2, but dies with errors out of the box on Win-64 py 3.3. Last I checked, the PaiMei debugger works on 2.4, breaks on 2.7.
There are several projects that work with a specific deprecated subversion... it'd be weird if that were a common argument to keep everyone on 3.2, or 2.4 or something.
If we can pick off a few of those top py3-incompatible libraries, I'd be willing to bet that a shift to py3 would follow. Many of the libraries have long-standing py3 port branches if you'd like to help the effort. For example: https://github.com/boto/boto/tree/py3kport/py3kport.
As far as I'm concerned, there's really very little in the way of me using Python 3. But what is in the way matters. Starting a project without being able to use boto, fabric and gvent would be tough. I like the idea of being able to import Python 2 libraries until they're finally ported over to Python 3 a lot.
$ python Python 3.3.3 (default, Nov 26 2013, 13:33:18) [GCC 4.8.2] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import timeit >>> timeit.repeat('for i in range(100): i**2', repeat=3, number=100000) [4.451958370991633, 4.446133581004688, 4.4439384159923065] >>> timeit.repeat('for i in range(100): pow(i,2)', repeat=3, number=100000) [5.343420933000743, 5.341413081012433, 5.3455389970040414] >>> timeit.repeat('for i in range(100): i*i', repeat=3, number=100000) [0.8348780410015024, 0.8323301089985762, 0.8313860019989079] $ python2 Python 2.7.6 (default, Nov 26 2013, 12:52:49) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import timeit >>> timeit.repeat('for i in range(100): i**2', repeat=3, number=100000) [0.9710979461669922, 0.9630119800567627, 0.9619340896606445] >>> timeit.repeat('for i in range(100): pow(i,2)', repeat=3, number=100000) [1.7429649829864502, 1.7306430339813232, 1.729590892791748] >>> timeit.repeat('for i in range(100): i*i', repeat=3, number=100000) [0.6579899787902832, 0.6526930332183838, 0.6540830135345459] $ python -m timeit '"-".join(str(n) for n in range(100))'; python -m timeit '"-".join([str(n) for n in range(100)])'; python -m timeit '"-".join(map(str, range(100)))' 10000 loops, best of 3: 49.4 usec per loop 10000 loops, best of 3: 40.6 usec per loop 10000 loops, best of 3: 32.8 usec per loop $ python2 -m timeit '"-".join(str(n) for n in range(100))'; python2 -m timeit '"-".join([str(n) for n in range(100)])'; python2 -m timeit '"-".join(map(str, range(100)))' 10000 loops, best of 3: 30.2 usec per loop 10000 loops, best of 3: 25 usec per loop 10000 loops, best of 3: 19.4 usec per loop $ uname -rom 3.12.6-1-ARCH x86_64 GNU/Linux
But how hard is it to write code that works under both python 2 and python 3? Is this easy, or are the number and nature of changes so hard that this is a pain? How often do people write code that will work under both?
During the ruby 1.8 to 1.9 switch, it was common for people to write code that worked under both. How hard this was depended on the code base, but usually ranged from 'very easy' to 'medium but not that bad.'
You had to avoid the new features in 1.9.3 of course; you had to avoid a few features in 1.8.7 that had changed in backwards-incompat ways; and, mostly only around char encoding issues, you had to sometimes put in conditional code that would only run in 1.9.3. That last one was the most painful one, and overall it was sometimes a pain, but usually quite do-able, and many people did it.
Now, the ruby 1.8 to 1.9 migration was quite painful in many ways, but the fact that so many dependencies worked for a period in both 1.8 and 1.9, without requiring the developers to maintain two entirely separate codebases... is part of what made it do-able.
And, later, dependencies eventually dropping 1.8 support, of course, is part of what forced those downstream to go to 1.9.3. But by the time this happened, all of your major dependencies were probably available for 1.9.3, you rarely ran into the problem of "one dependency is only 1.8.7 but another is only 1.9.3", because of that period of many developers releasing gems that worked under both.
That's a gross over simplification, but it is closer to the truth than the Python 3 community likes to think.
I wonder: have there ever been a successful language rewrite, post critical pass, in the history of computer languages? If so, what lessons can be brought to the current Python 2/3 situation?
For myself, as a professional Python programmer, I like Python 3 a lot. But until a critical mass of PyPi moves over, it isn't worth the effort for most projects.
Edit: fixed a wrong word.
Python 3.0 was derailed by arrogance that developers should commit to a one-way transition that would touch every function rather than accept that, in Python 3.0, 'x = u"Hello"' should have been a valid statement. It didn't help that it ran slower, added nothing, and broke tools.
Python 3.3 was the first release that had a prayer, but there are mistakes everywhere. For example, virtualenv was included but broke because pip was not. Libraries like ftfy are required because the encodings break. Explaining the oddities of scoping inside generator expressions creates tricky interview questions. And then, Python 3 didn't fix all the broken.
By broken, I mean actually broken. We know where its broken: lots of standard libraries like collections.namedtuple which has an argument to print a generated class. Strange cruft like calendar.weekheader() that only helps one developer's program. This code is in the standard library. Handy things like cleaning up Unicode, DSL support, local encodings, security restrictions. Those you add from other libraries.
Also, where's the love? The courage? I would love to see Python seriously consider dropping case and underscore sensitivity in order to speed up developers, an_item = anItem +1 would be a warning. I would like to see language translation support in the language, great packaging that just works, incorporation unit tests into the package system, reforming the dunder mess, anything! Instead I see the mediocrity by arrogance.
Just for fun, they moved the US Pycon conference to Canada. Only little people have troubles with international travel. Arrogance.
* Many libraries where limited to Python 2, because the effort converting them seamed to high
* Because of minor problems (like the infamous u"-stuff), the overhead converting simple Python 2 programs was to high.
Some of the problems where fixed later (e.g. infamous u"- is now legal in Python 3 and ignored -- why not before??), but I think that than it also was a little late ... Python 3 has evolved further and many people just got into the habit to ignore Python 3.
Not caring about compatibility can be necessary, but also can be a burden (that hurts a long time)!
(I'm not a python user, had to write few items for Maya/MotionBuilder and few other scripts).
Python 3 isn't getting used because it breaks backwards compatibility without offering many meaningful benefits. Sure, the syntax clean ups and the new sugar are nice and all. But you don't rewrite a working code base because of "nice".
So, fix the GIL; Replace the spaces indentations with tabs; Take out the stupid 79 line limit off PEP8; Even clean up the standard library... After all, if you don't need to worry about backwards compatibility, then you might as well re-do it all properly.
[Python 3 releases live in parallel to Python 2] In retrospect this was a mistake, it resulted in a complete lack of urgency for the community to move
Annnnyway... I am JUST not writing my first Python 3 application, and I have just installed (on OS X) Python 3 for the first time since 2009 (only as an experiment at that point).
Create a virtualenv and tell it to use Python 3 via `-p /path/to/python3`, update your .gitignore to include __pycache__ directories, don't write any code that uses features or syntax that was removed in Python 3 (since they added u'' support to Python 3, most devs I know are already doing this part), and you're literally off to the races. My app's requirements.txt has django==1.6.1, pytz==2013.8, South==0.8.4, django-debug-toolbar==1.0 (just released, btw), and ipython (obviously just for shell support). It works perfectly, and of course mock is included in Python 3, so you don't need that anymore. There was one caveat though :( Fabric doesn't work, because Parimiko is too deep a web to quickly update to run on Python 3.
I think Alex wrote this article too late. I think with Django finally having a release that fully supports (not experimentally like version 1.5) Python 3, a lot of libs supporting Python 3, and a lot of updates to Python 3 in the past year or so, we'll probably see quite a few new apps being built for Python 3 in the next year.
I have been very impressed with 2to3, the amount of work it does is pretty impressive. But as somebody who tends and prefers to work in python 3 but often needs my scripts to run in python 2, I have no choice but write those in python 2. I can see the same dilemma for somebody who writes an open source library and hope for as much usage as possible.
Now the question, why do I need Python at all nowadays?I spent two years trying Python and ended up with PHP/C/C++/JS/Java for nearly all my needs.
At least mod_python already aware of existence of python 3.3.x ,)
What about make python 3 fully retro-compatible with python 2.7 with the help of magic imports
from __past__ import byte_strings from __past__ import except_tuple
Other than that, as Alex said there isn't much difference between the two.
Thanks for shining some light on the issue.
Python3 is just now becoming the default for many Linux distributions. Once that adoption took place the adoption of Python3 will increase very much. It's as simple as this.Once this milestone is hit, the remaning incompatbible libraries will see fixes for python3.
>>> answer = 1 + 1>>> print answer
Even if you adore the principle of Net neutrality, it's reasonable to demand that federal regulatory agencies stick to what Congress authorized them to do. Otherwise you have illegal regulations and bureaucratic turf-grabbing that will not treat the Internet well. Remember Hollywood's successful efforts to lobby the FCC to impose "broadcast flags" on computers by bureaucratic fiat? A federal appeals court correctly struck it down as exceeding the agency's legal authority, as I wrote here in 2005: http://news.cnet.com/2100-1030_3-5697719.html
That same appeals court is currently considering the FCC's Net neutrality regulations. BTW, it's also the same court that slapped down the FCC's first attempt to impose Net neutrality regulations without legal authority in 2010: http://news.cnet.com/8301-13578_3-20001825-38.html
If Net neutrality violations become an actual problem, there's no shortage of publicity-hungry politicians in Congress (hi, Ed Markey!) who will hold hearings and push legislation forward. Obama will happily sign it. Until then, other government debacles including NSA domestic surveillance and Obamacare should make us wary of federal agencies exceeding their legal authority -- especially after Congress considered and rejected a law that would have given it to them in the first place.
BUT, because this does force deals to be crafted behind closed doors, they will turn out looking a lot like the deals that HBO/Shotime have with Comcast and TWC. Plus, look at what's going on with Facebook already... phones in some countries have "facebook data" only plans. Sure, this is great for emerging markets to have access to family and friends for free, but at the loss of any other social network upstart that wants in on it.
I don't see indie content ever being cut off, but I do see them becoming "premium" subscription level services that require people to pay more to access them. Want to play COD or GOW online? You will need this level access to play with any reasonable speeds. It will happen slowly too, as people become accustom to the idea that opening a Wikipedia page will take 1000 ms then to 5000 ms to fully finish rendering. Someone at Comcast will nudge slowly testing whether people notice or care.
If we don't fight the good fight and force internet providers to remain dumb pipes, we are asking to have the most expensive internet on the planet. As cable TV dies in favor of watching what you want, when you want, they will naturally move to charge you for things you want to do on the internet instead.
edit: autocorrect fail :-P
In 2013 there is absolutely _zero_ rationale for contracts to play a part in either the wireless or the pipeline infrastructure. Telecoms know this and are doing everything they can to drag out the death sentence, making it as painful and expensive as possible for everybody involved.
If we let the telecoms do with fiber what's been done with mobile networks not only is the web going to be less neutral, the bias will naturally lead to the dissemination of news and information as being more easily controlled and piped to the masses in sinister ways.
You have to be willing to show them that reason in order to save your business. You all have to innovate a solution. How are you going to join together with the other businesses in your sector to PIVOT TOGETHER in order to jolt ordinary people out of their careless stupor and educate them about how to force the hand of those corporations who could easily solve the problem ?
Do you really think a black page background and a banner is anything more than a sloppy haphazard attempt to save your industry ?
Aren't you risking shareholder value if your company is not engaging a significant percentage of it's resources towards engineering a plan to resist the takeover of the key infrastructure that your business needs in order to survive ?
How can you justify that kind of risk taking to your board ?
VC's what percentage of your fund's budget is set aside for the task of preserving the Internet that your portfolio will rely on ?
Ordinary people won't care if a page is black or not or if some banner is present or not, but if twitter, instagram, and pintrest for example all go offline at the same time that would send a message. Or what about if all the major social startups started paying attention to HTTP referer headers and they started redirecting inbound visitors to educational splash screens based on their referred header? The splash screens would educate these people about how they should really change their default search engine or delete their Facebook account in order to help save the Internet.
I'm not saying we should pick on Google or Facebook specifically per say, but I do think that if enough "social pressure" was applied Google alone could fix the problem by helping the Internet route around the entities who are engaged in a Denial Of Service attack on key Internet infrastructure. All Google has to do is punish a few corporate websites like they did to rapgenius the other day. That's a good start at least. Does your startup "scene" have a plan to help force google's hand ? If not then why not ?
If all of the major web startups started doing this kind of thinking Google would have to take this stuff more seriously REAL FAST. Think about it! That's how you send a real "social signal".
Why is this industry not trying to defend itself ? Ask yourself this question.. Who controls your company ? Who gets to decide how important preserving a free Internet is to the long term viability of your business? Has your company already sold out ?
Founders, where do you stand ? How willing are you to be public about where you stand and how long are you going to wait ? How long can you afford to wait before you take action with others in order to save your business ? Why aren't you already more organized on this issue ? Why aren't you ready ? Why are you not taking this threat to your business more seriously ? Why do you apparently assume you are powerless ?
That and I'm kind of biased, because I founded a company which is trying to level the playing field and make net neutrality de facto for internet services instead of de jure. Information is like water. Put a barrier in front of it and it will always try to find a way to flow through it.
In addition to protesting, we should also consider building a free open source network thats protected and run by the community. (It could be run by the government, but until the government is 'for and by the people', we'll crowdsource the maintainance and seek to rapidly automate the work that nobody would volunteer for) We can give ourselves the best, but lets start with free gigabit internet wired and wireless for all of America! What would this 'cost' in terms of money? millions or billions? But the resources are here; just being hoarded until money is traded. Would AT&T build a free network for us? Not if it meant losing money to Verizon. But what if it wasnt about money? The value in having a fully connected country is priceless.
Thankfully we have the government to protect us against trusts and monopoly's. But what if the trust or monopoly was a community one? If AT&T, Verizon, Sprint, and T-Mobile colluded to give free gigabit internet to America, they could combine their separately walled gardens and use those resources to further the human race. But this would have to be a guaranttee so that once everyone put all their time and resources into this, some CEO cant just flip a switch and start charging. Once free, always free. So if they did this it would probably mean giving up their pride and names. I mean, would this free network be called Verizon? Why do they get their name on it? So we could crowdsource a new name for our free network so no one can boast. US Telecom, US Net, Free Net, the name can be anything, something we would all be proud to get behind. the most important part is the 'us' and 'US'. All of us in the US have the resources to take care of all of US(just focusing on America now, but eventually we could help the world). These telecom companies will either become part of the solution or they will precipitate out.
Again though, this would be a huge project and there's currently no website we can go to in order to find and take part in these country and perhaps global initiatives. Imagine a mix of Kickstarter and Change.org. First a project or idea is petitioned to the community and if enough people like it and think it would be the best solution, then its opened up to a crowdsourcing page to collect funds and not just money but people can also donate the final resources that are ultimately needed, which is what the money would eventually be traded for anyways....more to come, working on this website...
Bad news for old money - the Internet has an appetite for rentier blood. This will not be tolerated long term.
This creates a competitive market between service provides (competing on price, service quality, and customer service) while removing the high costs to enter that market.
Infrastructure, as opposed to service, becomes the regulated market.
As long as we have an oligopoly of telcos, they will lobby their way to destroy Net Neutrality.
The internet model worked when subsidized by a military and academic community supported by a massive industry.
Now that it's trying to pay for itself, it's looking a lot more like television or those free newspapers that are more ads than articles.
The best case scenario is if the US was disconnected from the rest of the worlds connectivity. Almost all evils that has generated hate from the public has been american corporations.
Any new developments on this matter?
But based on our conversion rate, I don't think there is a market for it. Feel free to email us if you have any constructive criticism. email@example.com
As a consumer, i would obviously be a proponent of my current ISP giving non-discriminatory access to all sites. However, aside from voicing my opinion in the form of purchasing the services of a specific ISP, i do not believe we should have the power to do much else in dictating how these companies should run their business through the passing of laws. The author points out that the loss of net neutrality would hurt small-scale ventures - yet ignores the fact that these ISPs he wishes to regulate were once the same small start-ups that he wants to protect. Was the success of these businesses the single factor that moves them from protected status to regulatory target?
The size of these dominant ISPs means that a great deal of the population relies on their services - but our "need" for these services does not give us the right to dictate how they should run their business. If enough of us feel that none of the dominant ISPs are adequate, then our need goes unserved, and sooner or later another ISP will arrive to serve these customers.
Again - i am strongly in favor of net neutrality. But if we resort to regulatory means to get what we want, it will lead to vastly negative consequences down the road. Why start a business if this is the reward for success?
He's a hacker's hacker.
- "I don't care, this is just my job. And I was told to do it by management." [what can I say? This sums up a lot of grunt coders I know]
- "What are the chances that anyone will find this?" [lack of appreciation for how smart and dedicated attackers can be]
- "So what if they do? It's not like it's useful" [lack of proper analysis]
- "How else are we going to run tests?" [poor design / fear]
- "Huh?" [absolutely oblivious about security]
I've worked on projects where we made the very conscious choice to leave doors like this open, but I doubt that most firmware shops are that intentional about it.
I assume it would be possible to, for instance, make every "delete" operation a secure delete operation...wherein data gets overwritten a specified number of times. Shortening the useful life of the device, sure, but if security matters, that's a small price to pay.
Going further, what about a handler that serves out one set of data about what's on the device to any random person that plugs it in (like empty or with a few harmless photos or something), and another set of info to someone that has a key? Sure, for a high capability attacker, they might even know about this kind of firmware magic and know how to circumvent it, but it would make it very unlikely that some random person picking up your device would find anything that you want to keep secret.
Obviously, if your data is encrypted on the host system before writing to the card, that's reasonably safe...but for people in really dangerous situations, where torturing someone to obtain their key is not out of the question, making it seem like there's no data to obtain a key for is the best of all possible solutions.
I was reading just today a similar article, but involving HDDs instead of Microsd cards (and even with a PoC): http://spritesmods.com/?art=hddhack
Its as of yet unclear how many other manufacturers leave their firmware updating sequences unsecured. Appotech is a relatively minor player in the SD controller world; theres a handful of companies that youve probably never heard of that produce SD controllers, including Alcor Micro, Skymedi, Phison, SMI, and of course Sandisk and Samsung.
I hope he chooses the latter option.
But that's just me. Maybe I am the only one. If so, pay no mind.
If someone hands you an SSD in an external enclosure do you automatically suspect it too? A similar hack is known to work there, witness the number of SSDs that needed a firmware upgrade after their field release.
I do applaud the finding of how to do it and the proof that it really does work. It is a nice work in that regard and I have a few SD cards I'd be happy to hack their firmware for fun if nothing else (damn fake SDs, if they at least just advertised their real capacity they could at least be useful).
(This is a streamdump, so don't expect seeking to work, and it might cause issues for your player)
Not having finished the article, one of my initial thoughts: I guess my thoughts and intuition were right. It's not time to throw away those optical disks (and drives), yet.
First, it's not uncommon for virtual disk formats to be logically zeroed even when they are physically not. For example, when you create a sparse virtual disk and it appears to be XGB all zeroed and ready to use. Of course, it's not. And this doesn't just apply to virtual disks, such techniques are also used by operating systems when freeing pages of memory - when a page of memory is no longer being used, why zero it right away? Delaying activities until necessary is common and typically built in. Linux does this, Windows does it [http://stackoverflow.com/questions/18385556/does-windows-cle...], and even SSDs do it under the hood. For virtual hard disk technology, Hyper-V VHDs do it, VMWare VMDKs do it, sparse KVM disk image files do it. Zeroed data is the default, the expectation for most platforms. Protected, virtual memory based operating systems will never serve your process data from other processes even if they wait until the last possible moment. AWS will never serve you other customer's data, Azure won't, and none of the major hypervisors will default to it. The exception to this is when a whole disk or logical device is assigned to a VM, in which case it's usually used verbatim.
This brings me to the second issue. Because using a logical device may be what DigitalOcean is doing, it's been asked if it's hard for them to fix it. To answer that in a word: No. In a slightly longer word: BLKDISCARD. Or for Windows and Mac OS X users, TRIM. It takes seconds to execute TRIM commands on hundreds of gigabytes of data because, at a low level, the operating system is telling the SSD "everything between LBA X and LBA X+Y is garbage." Trimming even an SSD with a heavily fragmented filesystem takes only a matter of seconds because the commands to send to the firmware of the SSD are very simple, very low bandwidth. The SSD firmware then marks those pages as "free" and will typically defer zeroing them until use. Not only should DigitalOcean be doing this to protect customer data, but they should be doing it to ensure the longevity of their SSDs. Zeroing an SSD is a costly behavior that, if not detected by the firmware, will harm the longevity of the SSD by dirtying its internal pages and its page cache. Not to mention the performance impact for any other VMs that could be resident on the same hardware as the host has to send 10s of gigabytes of zeroes to the physical device.
Not only is DigitalOcean sacrificing the safety of user's data, but they're harming the longevity of their SSDs by failing to properly run TRIM commands to clean up after their users. It hurts their reputation to have blog posts like this go up, and it hurts their bottom line when they misuse their hardware.
Edit: As RWG points out, not all SSDs will read zeroes after a TRIM command, so other techniques may be necessary to ensure the safety of customer data.
The author thinks that this is a security issue because this option should be enabled by default. However, (I assume) it's not in Digital Oceans interest to do full disk scrub because it reduces the lifespan of their SSD.
If a user forgets to log out of Facebook on a public computer, is it Facebook's responsibility? Similarly, if a user does not correctly delete data on a budget host, is it the hosts fault?
Turns out it "add[s] a very large time to delete events" when you actually delete things when a user makes an api call to DESTROY. Who knew?
At the time, the blog post claimed that the issue was resolved and that data was now being wiped by default. I wonder why that would have changed.
1 clear 2 ls 3 clear 4 wget https://kmlnsr.me/cleanimage.sh 5 rm cleanimage.sh 6 cd /tmp/ 7 wget https://kmlnsr.me/cleanimage.sh 8 chmod +x cleanimage.sh 9 ./cleanimage.sh
Not only it looks bad and alarming to customers, but also poses a security threat, where an attacker could target his website and/or server and replace the script with something nasty inside. How long before they'd notice such fact? No idea, but I've opened a ticket about it right on, giving them some advice on why its bad (availability, scaling, performance, security and PR reasons) but also how to better handle it, and it seems nothing has been done about it so far.
That rings a bell in my head not to use Digital Ocean service as things they do are looking pretty amateur.
This has been an identified and solved problem for YEARS. No excuse for a modern VPS/IaaS provider to be leaking customer data in this way, except incompetence.
If your using an overlay or API on top of a cloud or service, its the overlay's responsibility to ensure a consistency with your expectations. The API is consistent with the UI.
While other cloud providers accept the time that this takes as non-billable, DO don't. By getting higher utilization is how they are able to offer their prices and still have some modicum of service.
It's pretty easy nowadays to scrub a drive. Writing zeroes would suffice.
Personally, I'd worry more about what data is being leaked when your VM is paged to disk on your provider's servers. Parts of each of your VMs will probably reside in the pagefile at some point, so therefore writing zeroes won't save you if the provider has bad disposal practices (like not scrubbing before disposal). So it seems impossible not to have to trust a cloud computing provider whatsoever; some basic trust seems to be a requirement.
But that minimum level of trust should be the extent to which you trust them. Not scrubbing your drive before handing it over is placing faith where faith doesn't belong.
"The cloud. Somebody else's computer".
I think cloud computing is great for the right applications, as long as people understand the risks.
But there will always be problems like this. Always. This is part of the hidden cost of "simple cloud hosting".
This was mentioned to me on twitter hours ago, prior to this post. The first thing I said is that most people these days understand the importance of a responsible disclosure, and that we take all security issues very seriously. Not following responsible disclosure with a company such as DigitalOcean is extremely irresponsible and I would be amiss to point that if anyone did ever find a software vulnerability filing it and waiting 24 hours for the appropriate response is preferred. - https://www.digitalocean.com/security
As far as I can tell here, there is no unexpected behavior that isn't documented or stressed. In both our API documentation, and our control panel, we note that you must either pass a flag or check the box to security delete the data. As far as I can tell, the flag is currently functionally correctly. so..
Is the complaint that customer data is being leaked from VMs? That the flag being passed via our API/Dash isn't actually working? Or, that our policy on not doing a secure delete by default isn't something you agree with?
I was trying to find any cases of a public cloud provider's customer data being leaked or easily visible on the internal customer network, but didn't come up with anything. Somebody's got to do a study on the major cloud providers and see if the good old methods to subvert network routes still works, or if you can easily mitm vm neighbors. (My guess is you can...)
That said, this would probably go down better for the company and the community if you tried a private disclosure rather than posting about it on Github.
Anyway disingenuous title to say the least.
What if DO actually encrypted the SSD space with a key that they only have, and a new key is created for each droplet?
Then any droplets that are created later in a deleted space will just see effectively random data, no?
Sounds like a major risk if SSH, SSL, passwords etc can leak this easily.
I like DO as a service, but this is kind of strange. Humans act always the same. When catastrophe hits they want to sit it out, underestimating the impact
In case you are running a VM on top of their platform you may want to check to make sure this is enabled.
Some Creative Commons cartoonshttp://www.seosmarty.com/15-cartoonists-that-allow-using-the...
Creative Commons Music at Jamendo (see the FAQ http://www.jamendo.com/en/faq)
edit: 'per-say' to 'per se' (thx ansimionescu)
System is broken. Please reboot.
The government taxes every other kind of property, so why not IP? Additionally, keeping created works out of the public domain is essentially a tax on the public; this intellectual levy placed on everyone should be balanced by a reinvestment in favor of public interests.
If Disney wants to keep Mickey Mouse out of the public domain, they should pay a yearly fee to prevent it from becoming public property. They'd more than make up for it with the revenue they garner.
I think that this would also encourage less wasteful use of copyrighted properties.
One of the effects of this act is restoring copyright in the U.S. to foreign works of authors that weren't dead for 70 years on january 1st 1996 in their home country. Instead, works only enter the PD 95 years after publication.
So for example, the last paintings by Theo van Doesburg, a Dutch artist who entered the public domain in the Netherlands in 2002, will only be out of copyright in the U.S. in 2026. And that's why you won't see those works on a site such as Wikipedia, that is under U.S. law.
More interesting is that Tesla is part of the class of 2014 for 70 year countries :)50 year countries get some nice additions (some real heavyweights): Robert Frost, Sylvia Plath, William Carlos Williams, Louis MacNeice, Jean Cocteau, C. S. Lewis, Aldous Huxley
One of the assumptions is that everything being equal the same works would exist if it were not for copyright protections. However, I would argue without the extended copyright protections, most of these [future] classic works would not exist, simply because publishers/studios would not invest in the creation/distribution of the works initially. In other words, copyright protections encourages the creation of works.
The OP takes an opposing stance, suggesting if copyright protections existed historically it would have stifled the creation of many classic works. This may be the case in certain instances, but to make that argument one must have an in depth understand of what constitutes copyright infringement in a legal sense - including all defenses to infringement (i.e. derivative work, fair use, educational/news worthy use, ect...)- and make the argument on a case by case basis. Very few people have any idea of what constitutes copyright infringement - and even among legal scholars, practitioners and judges there is disagreement.
All I know is if you have ever created anything and had it stolen you understand the need for legal protection. Plus it would suck to live in a world where I am financially rewarding thieves because I can not distinguish if a work was original or a knockoff. Finally, legal protection is just that protection, there is nothing stopping copyright owners from giving away their works for free, in other words voluntarily releasing their work(s) to the public domain.
It is a really great to read the beautiful color version of the *First Six Books of the Elements of Euclid" online for free. https://archive.org/details/firstsixbooksofe00byrn
Meanwhile it is selling on Amazon for up to $100 http://www.amazon.com/Oliver-Byrne-Six-Books-Euclid/dp/38365...
1) General advice to non-technical founders, not specific to this post: If sales is one of your primary skill sets, and you cannot sell one developer on working for you, you may want to have a brief heart-to-heart with yourself on whether you are sufficiently skilled at selling to build a company which will live or die based on your sales ability.
2) His advice about starting with 1 anchor client for a SaaS, expanding to 10 via expenditure of shoe leather, and then starting to worry about scalable approaches to customer acquisition is very, very good. (I don't know if I definitely would endorse the "An Indian company expressed desire to buy something from me other than the thing I was building, so I should have built that instead." That would turn on a lot of things, including how serious that company was about actually buying the thing. There is a world of difference between "I would buy a Widget from you" and "I commit to accepting delivery of a Widget from you, where a Widget broadly does X, my timeframe is Y, and your payment will be $Z." I'd be looking for a letter of intent or a check as a filter for seriousness following that Skype call before making a bet-the-business decision on it, personally, but I obviously don't know the specifics of what was said.)
Lean Startup, great book, decent ideas, not the religion that it's become. I'm sick of hearing, hey do this the lean way and it'll "significantly improve" how well you do, after all it's the blueprint for success. Personally, I don't buy into that. Here's my view of success in reality: do whatever works (that's legal & up to your moral standards), be opportunistic and get lucky (yes, hard work and measuring metrics alone don't do crap).
MVP and idea validation are great concepts & helpful common language. In hindsight all "successful" startups seem to have a "pattern", but in all seriousness, there isn't a friggin algorithm for success in startups, otherwise algorithms would've replaced entrepreneurs a long time ago. (Although selling success patterns & software based on such to wantreprenuers is a great idea)
I'm sorry the Sergio's experience happened. It's easy force cause and effect onto a narrative. It very well could have been that the developer Sregio met was at a point in his life where he really just wanted to build something great and did end up building the awesomest thing. Instead of trying to dissect the reasons his startup failed, had luck been a little more favorable, we might be trying to analyze how it became a huge success.
Bottom line, my heartfelt congratulations to Sergio on being successful at stepping up, despite the risks and having a crack at it. If you had never stepped up and we all gave in to our negative biases and overanalyzed the crap out of everything before we started we'd still be polishing stone wheels.
I know how shitty it feels. But remember, hindsight is 20-20 and cause and effect should really be cause+luck and effect. Hope you're a better entrepreneur and will be back in the game soon.
Heard this story so many times. Amazing how many people join a startup and don't want to do the actual work. Remember that scene in The Social Network where Mark Zuckerberg calls his outsource team about progress on that latest feature? No? Me either.
I've been apart of a lot of startups and this is far and away the best advice. It was a common theme with two startups I worked for during the boom years. One CEO's hubris was stunning. 10 million privately funded and he blew most of it on season tickets and suits at stadiums to "entertain" big prospects (nevermind we didn't have any "big" prospects at the time!), remodeled the office to the tune of a few hundred thousand dollars, it goes on, but you get the idea.
When you're in a startup, it really is about getting your product shipped, and making sure that's where the focus is.
Great writeup and glad you saw the errors of your ways. Lots of people never gain the wisdom you have until after two or three failed attempts.
>> ""An Indian company expressed desire to buy something from me other than the thing I was building, so I should have built that instead.""
I may be the minority but I agree with him but on one condition. If this Indian company wanted to pay a small monthly subscription fee for your product I would never have agreed developing "their" ideas. I would have taken their feedback and put in the big pile with all the other feedback I gathered up. But I would have pitched this Indian company a different story, I would have pitched them a professional services contract instead of a product. I did something similar in the past and it worked out very well because in a business money is king. With no money you can't do the things you need to do, like attend conferences to sell your idea, buying adwords, hiring solid developers, paying yourself a salary so you can devote your time to the idea.
In my case the customer was willing to pay ~$10k a month to get what he wanted. We built it for him while building our own product. Once we got big enough and could sustain ourselves without our original customer, I gave the customer away. The developer who maintained the project was interest in taking on the project himself. We came up with a 6 month transition plan, including lots of product/project management help, office space, etc. It was a win/win situation at the end.
Doing this is not for everyone though. There are many days I cursed this customers for taking up the majority of our resources. We had to be very good at differentiating between their requirements and the markets requirements. We weren't perfect at it but it worked out in the end.
FFS don't do this. There are far too many startups beached on the shores of "well, this one SRS BZNS client wanted us to change what we were doing so we did. Where'd all the rest of our clients go?"
I'm not saying "don't pivot", but "just making what they wanted" (where N(they) = 1) turns you into a poorly-paid contract developer who's also paying to host the result, not an entrepreneur.
The problem today is (out of the perspective of a developer): To many companies rely on just "hire any (cheap) developer" to ramp up the product. I see it all the time: Quality is not asked for, many companies (specially in the web business) just want the cheapest developers. They search for a student (at best), because he is cheap and will just make a small time estimation and an even smaller fixed price offer for the project. The student will happily work overtime that is not covered by the initial estimation.
Than the companies go mad, when either the programmer is running away or the whole project runs into a blind alley (or both at the same time), because the "totally expensive" programmer had not enough experience e.g. with database development and the database structure just lets you shiver. Then the shouting and anger is big: "Damn programmers -- all are liars and lazy!"
What went wrong, stated Uncle Bob correctly in his Blog: http://blog.8thlight.com/uncle-bob/2013/11/19/HoardsOfNovice...
But the "cheap, cheap!" culture seams to be unstoppable. If you tell people in advance about "quality" and "professionalism", they don't listen or just laugh at you. It seams, all the people just have to find out the hard way -- but I guess, even than most of them will not learn at all.
I'm left wondering, though, what you actually did over the two years? You imply that you were working on it full time. Two years full time is a lot of time. You can do pretty much anything in that time (including, as others have mentioned, learn to code).
> idiot plans, budget forecasts, BUSINESS CARDS, fancy website [and writing articles]
I find it hard to believe you can work on those things for two years, day in and day out.
I know startups that charged down the other path, being hyper responsive to their big customers, and they suffered for it because their biggest customer steered the product vision straight to crazy town. Such startups essentially become the contract development shop of a few big customers, living and dying by the whims of those big customers. Yes, you can pay the bills, but you're essentially working full-time for a few customers rather than building your own enterprise.
If I had to give founders one piece of advice it would be, "Just Ask"... Ask for the sale, ask what youll get in exchange for equity, ask, ask, ask...
If you accept his argument as true, that he should switch and follow the tide, then you might as well start looking for freelancer developer job.
< J/K>Awesome quote:
> The result of this was that in the end we had to hire a full-time (and paid) developer. So we had zero revenue, 4 co-founders and a paid employee (which was effectively the only one doing real work).
I laughed really hard reading this line. My girlfriend came from next room to make sure I was okay!!! That's awesome, like 4 guys watching a movie, say the 'Social Network', and deciding to do a startup!!!</ J/K>
Jokes apart, I think the author has got it all wrong. There are ten million reasons why a small startup failed. Most of the time is hard to tell exactly why.
But seriously, only people who have proved time and again their ability to deliver a product to the market and are famous for turning ideas into money, are able to struck deals before having a product. And we probably all know them (Jobs, Musk, etc). For the rest of us that's not how things work, I'm sorry to say that he is still getting it all wrong.
In the real world, you can't sell something that doesn't exist, these things happen only on Wall Street.
This advice always seemed like a stretch to me. Does anybody pay for a product that's not ready yet?
PS: This includes Marketing, Managers as well as the Business peanut gallery.
Basically being afraid to ask for the value it was really worth.
I think there was a comma/period swap, but if I'm reading correctly it looked like the product was positioned at $30 / mo?
Assuming that's correct - it's really not a meaningful amount to any company that has enough employees and management to actually be a user of the product.
I think a $30 / mo with a free 30 day trial period (once product launches and they can actually try it ;) ) that requires a credit card for the trail could have worked.
Would still need a product to actually try, but that's not much different than saying get a free trial and just taking in email addresses.
If anyone remembers the Minimalytics / Small HQ folks - I thought they did a good job with their signups. The only thing for me was I disappointed by how minimal their product was in beta. It was so basic I didn't have any use for it, and running our own startup, didn't have time to wait. We ended up building it internally.
I probably would have converted to a paying user if it was more developed at beta. Not their fault though, they did a good job I thought(if you're reading Small HQ).
[ETA: which is sad, because I want to read it!]
As a developer and solo founder, I just can not finish a serious project in one year. For example, it took me two years to get version 1 of torapp guilloche designer (www.torapp.info). We did not get consistent/significant customers and need a new product to survive.
To evaluate more ideas and to be familiar with respective areas took me another year easily (without deep knowledge in the area, how can you beat your competitors?).
So how can you guys roll out a product in 3 months? How can you quickly pivot? (pick up ideas and evaluate them quickly)
It takes balls to do that shrinking ego experience in public.
I'm sure something good will come out of it.
Seriously, if somebody could cull 2 or 3 of these a day and deliver in a weekly or monthly format? It'd be worth a subscription.
Thanks for the article!
Also due to what I perceived as a thousand separator, not a decimal mark, I initially read the price as nineteen thousand and nine hundred dollars!
This stuff does seem like bullshit when you're working on it, but it's unfortunately crucial these days. It takes so long to build up the brand and visibility that I don't believe you have the option to just do it once you've got the product right. Unless you've got the investment, firepower or notoriety to get chins wagging then you've got a long road ahead of you. Good SEO actually sounds like one of the things you got right to me. But maybe you spent too long on it
Is that really possible? Making someone pay for a product that doesn't yet exist? How can you do that?
As always, I am always keen to connect with bright people and good ideas.
Question: what are you going to do with the product now?
The snippet ended up being some sort of alert about upcoming maintenance, but using a malicious technique for a benign purpose is the path to the dark side. Use HTTPS!
(I use 220.127.116.11, it didn't help)
If anyone wants to do this in the future, I'd recommend just sending affiliate abuse emails with no notice to the ISP. Also, the future person may want to revise the  script to scan in a more surreptitious manner (change the order, add delays, simulate legit web traffic, etc).
All is not lost though.
There are several ways you can protect yourself from these practices. The first thing I would do is get a router capable of using dnscrypt-proxy (http://www.opendns.com/technol.... Then you can be confident that your DNS traffic is not being modified by your ISP. It does require that you have trust in a 3rd party DNS provider like OpenDNS, but at the end of the day you have to trust someone to provide DNS lookups.
The second option is to setup DNSSEC so that you can verify where your DNS responses are coming from. While people will still be able to intercept what sites you're looking up, at least you know you're getting valid responses which is better than your situation is currently.
Third is to use both. =)
Anyhow, really awesome to see people standing against these practices. It takes users complaining to make change. The sad truth of the matter.
This also shows a weakness in DNS. There is currently no way to validate the DNS record youre being served is what the person hosting the website intended.
I decided not to proceed with it because it seemed like a support nightmare and tampering with non-malicious subscriber traffic crosses a line.
Their marketing affiliates (such as Cash4Trafik) are always reaching out to CEO types at small ISPs and the money they bring (particularly when you are small) can be hard to pass up.
This sounds like the same behaviour that Shawn Hogan got in trouble for with cookie stuffing http://en.wikipedia.org/wiki/Shawn_Hogan
This would make for a great watchdog site to provide visibility across different ISPs (and could also discourage other ISPs from pulling this crap).
I'm surprised we haven't seen similar behaviour from Chrome extensions. I'm sure it would be caught eventually, but this isn't exactly something that people tend to look for, so it would take a while for people to catch it.
traceroute to news.ycombinator.com (18.104.22.168), 30 hops max, 60 byte packets 1 customer-GDL-**-***.megared.net.mx << 177.230.**.*** Dynamic IP, GDL is the city of the company 2 10.0.28.62 (10.0.28.62) 8.939 ms 8.941 ms 8.935 ms 3 10.2.28.195 (10.2.28.195) 8.912 ms 8.903 ms 8.891 ms 4 pe-cob.megared.net.mx (189.199.117.***) 8.878 ms 8.866 ms 14.201 ms << COB is the user city 5 10.3.0.29 (10.3.0.29) 23.494 ms 23.483 ms 23.408 ms 6 10.3.0.13 (10.3.0.13) 22.842 ms 19.609 ms 19.596 ms 7 10.3.0.10 (10.3.0.10) 19.560 ms 19.555 ms 19.536 ms 8 201-174-24-233.transtelco.net (22.214.171.124) 19.527 ms 20.650 ms 19.468 ms 9 201-174-254-105.transtelco.net (126.96.36.199) 34.239 ms 31.793 ms 31.268 ms 10 fe3-5.br01.lax05.pccwbtn.net (188.8.131.52) 31.792 ms 31.736 ms 33.533 ms 11 any2ix.coresite.com (184.108.40.206) 32.834 ms 33.221 ms 33.429 ms 12 ae3-50g.cr1.lax1.us.nlayer.net (220.127.116.11) 41.288 ms 41.228 ms 41.231 ms 13 ae2-50g.ar1.lax1.us.nlayer.net (18.104.22.168) 42.632 ms ae1-50g.ar1.lax1.us.nlayer.net (22.214.171.124) 35.192 ms 33.860 ms 14 as13335.xe-11-0-6.ar1.lax1.us.nlayer.net (126.96.36.199) 35.143 ms 44.714 ms 44.666 ms 15 188.8.131.52 (184.108.40.206) 37.638 ms 37.239 ms 36.997 ms
> "The initial release of DROPOUTJEEP will focus on installing the implant via closed access methods." 
OK, we knew this much already. I remember seeing a number of stories on how law enforcement can pull data off an iPhone, etc. Not really much new here.
> "A remote installation capability will be pursued for a future release"
Here is the interesting bit. You don't put this in a document unless you have a good plan on how to do it. Obviously with iOS devices having ports closed and being behind NAT, the NSA can't exploit them remotely. However, the NSA is pretty clear that it will have the capability in the future. Note the date on this - 2007.
Since 2007, what has changed? iCloud allows Apple to install and run code directly on your device remotely. Is there any doubt that the NSA would request Apple give them full access to iCloud? So the real issue here is what that last little line hints at: the NSA was looking to get remote access rights to all iPhones back in 2007 and with the knowledge now that they will happily backdoor AT&T/Google/Microsoft to retrieve data, is there any doubt they are now using iCloud to gain remote access to all iPhones?
I'm sure NSA/Google does the same with Google Play Services.
I hear this fallacy question again an again. It implies that giving total power to gobertment is "security". It is not.
Giving total control to Stalin meant hundred of millions of Russians got murdered in terror, giving total power to Hitler or Mussolini from democracies meant the total destruction of Germany and Italy with millions dead.
The thing is phone baseband software (which is reused on different phone models and controls the phone's I/O including GSM, USB, etc.) has hardly ever been under attack. When the iPhone arrived with its new security model, baseband bugs became one of the major ways to jailbreak a phone. Those bugs have been fixed one by one, but they were mostly on the USB side - the GSM side has been impractical to attack. A carefully crafted GSM packet could in 2008 and probably could now cause a buffer overflow in the baseband and gain access.
An interesting presentation on the topic: http://www.youtube.com/watch?v=fQqv0v14KKY
But.. I don't even know where to begin, its not only that we need to convince a large portion of the US population that living in a dystopian total surveillance state is actually not something to thrive for, we can't even begin to discuss those issues in any meaningful way when people have not the slightest clue whats really going on, even if leaks like this occur that outline frightening and utterly insane surveillance and attack capabilities nobody is going to explain it to them (not that anyone cares anyways).
The NSA developed and deployed a global system that enables them to do DPI on the whole internet traffic, analyze that traffic, inject traffic, attack every system through countless vulnerabilities and backdoors and all of that automated, not only against their targets but also against any infrastructure they are interested in.
They have secret laws, can force companies to work with them, force backdoors and not only are the US companies not allowed to talk about those things, they are legally bound to publicly lie about it.
So yeah they can hack every iPhone on this planet, and turn it into a silent listening device, among many many many other things, is that really what we should be talking about?
Regardless, I can say for a fact that there are exploits for all cell phone platforms. iOS exploits are by far the hardest to find. An iOS remote execution 0day will easily fetch $250k. I've seen one go for $600k. For an Android remote exec 0day, you're looking at closer to $50k.
Even if the NSA doesn't have these on hand, they can certainly purchase them.
I don't have the patience to watch Appelbaum's hour long talk, but unless he has something far more impressive than these documents then he's just another activist who will willfully mislead in order to advance his cause.
The one argument against what I've written that has been made that I think is worthy of highlighting is that there are people around the world who are risking their lives under totalitarian regimes. People's smug responses and ad hominem detract from this important point, which could be helpful to others outside of HN in better understanding the issue.
Your downvotes will not persuade me or anyone else with my views. They do demonstrate that some are committed partisans on this issue. I appreciate some of the clear, unemotional arguments that have been made, however.
> One person said that her boyfriend saw a picture of himself at work displayed in FaceTime, even though he has never used the service in the office.
I really don't see the advantages of having a handsized computer, really. The performance/battery/usability/cost compromises are not really making it worth it.
Most people do a lot of text messaging, usual smartphones are not designed for it. Old school, classic cellphone do it pretty well.
Why would you need the internet while you're outside, in the cold, in the train, while not sitting ? You only need an iPhone for very unnecessary, unplanned, rich things.
For example, you need to locate something, like the nearest restaurant, or coffee place, in a town you know nothing about. The data transfer and costs to make a web search on such a low-powered device, will be ridiculous if you compare it to just asking somebody.
You're in a coffee place, you're arguing about something, and you want to know who's right, so you want to search it on the web. Why not just enable the wifi, and why not carry your 13 inch notebook ?
You want to read your emails. Even if you receive email, what's the real difference with text messaging ? Emails are for long message on which you can attach big files. Email is a very old protocol, and it wasn't really thought to work hand in hand with text messaging.
You want to read a digital document. If you're in for a long, comfortable read, use an ebook device, use the small screen of a classic cellphone, or just plan ahead and print it.
Smartphones are all-in one, expensive, software and hardware quirky solutions which are just not that much awesome. Computers are not entirely secure. A smartphone will create new technical challenges, but also many other risks, especially if you have a homogenous device like the iPhone.
Engineers should start to create protocols and software which are already designed for smaller devices, not create smaller powerful computers: laptops and desktops are already at the limit of tiny.
Apple created a market of an attractive, dreamy device, which sold, and the market followed, but the truth is, there is much more to do on the embedded software design.
This should not actually be a complicated inquiry.
For example, imagine that any one of the contact or calendar management apps where you "Allow xxxxx to access your contacts" was produced by the NSA under the guise of an innovative startup.
The easiest rebuttal is simply that every smartphone is equally at risk.
A last resort will be to simply say "meh, don't care"
That's how good/sticky Apple products are
I have had the iPhone since the first day of release. I have gone through 16 physical devices over that period (due to me breaking them a lot and going through several employers where I had never purchased my own phone since (well before) it was released). I am currently, for the first time in a long time, on my own personal device; an iPhone 4.
I upgraded it to iOS7 when it was available. The device is a slow POS and I want to stab my eyes out when I use it....
However; there is a behavior that I have only personally noticed recently: (Please tell me if you see the same thing)
Whenever I transition between literally ANY screen, I see a quick BLINK of the screen - in the same anim that you would see when you take a screenshot.
So I am wondering "Is my phone taking a screen cap of EVERY switch/transition I make? WHY"
Now, I know that iOS does do screen caps of things so that when you are switching in various ways that it already has a cache of the last state of that screen in order to thumbnail the previous view... BUT I understood this to be limited to certain circumstances. Currently I am noticing it on pretty much ANY transition.
Even if this is the actual, "Normal", my suspicion is that this fact can be used to entirely rebuild an entire session of activity for a user through their entire interactions. Even if you just grab these screens which are used at a system level - a great deal could be inferred from just these workflow screen caps.
Anyways, it's not of concern to me as I ditched my smartphone for an old school motorolla flip phone.
And when I read that the US government tracks mobile phone movements all over the world (generating a ton of other information about people), I turned it off permanently (flight mode) and use it only as a PDA.
Turns out, landline phones combined with email is more than one needs.
If I wouldn't have stopped using the "mobile call feature", my iPhone would have gone straight to ebay, right now.
I couldn't find my own data in the set, and actually it seems like lots of entire area codes are missing.
Assuming `cat schat.csv | uniq | cut -c1-4 | wc -l` is the proper command, there are only 76 of 322  US area codes represented.
It appears there are two Canadian area codes represented in the database: 867 and 204. There are also 248 US area codes which are not represented in the database. Assuming a relatively uniform distribution of phone numbers in the US (which is not at all a safe assumption), the average US snapchat user has better odds of not being in the list than being in it. Sampling from the set of my snapchat friends who are not in my area code, 3 of 13 can be found in the database.
If your phone number is in any of these states, you're not in the database: AlaskaDelawareHawaiiKansasMarylandMississippiMissouriMontanaNebraskaNevadaNew HampshireNew MexicoNorth CarolinaNorth DakotaOklahomaOregonRhode IslandUtahVermontWest VirginiaWyoming
 I'm matching a regex against this list http://en.wikipedia.org/wiki/List_of_North_American_Numberin...
(aside from not being vulnerable to this in the first place, but that actually is a lot to ask. I still can't believe anyone relied on the Snapchat model of security more so than any other app, although from an ease of use, non-security perspective, sure, it's reasonable.)
SQL: magnet:? xt=urn:btih:f7b1cec6280edb8169d63550ba2dfb224df7810d&dn=Snapch at+database+SQL&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80 &tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftrack er.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp% 3A%2F%2Fopen.demonii.com%3A1337
Both: magnet:? xt=urn:btih:fae9c0a8b2eee2f9cc31c713f21a4cda4083612b&dn=Snapch at+Database+CSV+%26amp%3B+SQL&tr=udp%3A%2F%2Ftracker.openbitto rrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp %3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.d e%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337
Regarding the leak, yeah, that actually happens when you focus on the product but security and reliability of your system. Snapchat, Whatsapp and many others are hacked numerous times and yet it still happens.
But it was a matter of time until this happened, the exploit still works with minor modifications, you just have to be smart about it.
Anyone interested in you particularly will quickly get your phone number, email address, facebook profile, social security number, or whatever they want if they're determined enough.
Even then, I'm not sure what information this database really provides that could be used to gain some fraudulent or exploitive benefit.
> For now, we have censored the last two digits of the phone numbers in order to minimize spam and abuse. Feel free to contact us to ask for the uncensored database. Under certain circumstances, we may agree to release it.
At least they had the tact to omit the complete phone numbers, but agreeing to release them under certain conditions just seems malicious.
Damn that 3 billion dollar looks good about now.
000-000-0000 000-000-0001 ...
The first thing that came to mind was "oh boy, I'll bet this made Zuck's new years eve!"
Why not just release the usernames and leave out the phone numbers?
The XXs hide the last two digits of every number. The list is also massively incomplete.
Did they give Snapchat enough time to fix this before releasing this data?
NOTE: I've heavily edited this comment because when I first read the website I thought snapchat ignored the people who found an exploit but re-reading, it's no longer clear to me that releasing this data is not pure malice.
NOTE2: The link from couchdive's comment makes this more interesting - http://www.zdnet.com/researchers-publish-snapchat-code-allow... - but still, the webpage hosting the data said the exploit was fixed, so it wasn't ignored, so... I don't know what the purpose of releasing this data was.
This would be a clever ploy but for one damning fact. A large share of Snapchats users are minor children. Could anyone, from the CEO of Snapchat to the perpetrators of SnapchatDB really think that risking the broadcasting of the phone numbers of 12-year-old girls and boys is a risk worth taking?
For more, see: http://www.forbes.com/sites/anthonykosner/2014/01/01/4-6-mil...
> defame, abuse, harass, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;
I've sent WhoIsGuard an email. Hopefully they'll revoke service. Shame on the people that published this private information. They aren't hurting just Snapchat. Revealing personal information like this can cause real problems for people.
Also note that this attack, JSON Hijacking, is different than a CSRF (Cross Site Request Forgery) and has little to do with CSRF tokens.
(from about a year ago)
The idea: you need such workaround only if you return JSON Array.
Most of the API returns JSON Object in which case the attack does not work, it will result in syntax error.
(I've just tested Firefox network view and it breaks the response display with syntax error -- there should be an option to select the format).
while(1) is ugly solution to currently non-existing problem.
From what I gather these are 30C3 recordings from a CCC-TV website. The recordings have titles like FPGA 101 and Programming FPGAs with PSHDL.. There is no about page and the home page has further topics like, SIGINT13 video release, SIGINT12 video release and 28C3 webm release.
I don't think we do. I think we tell ourselves these jokes to contrast good engineering with bad engineering and to congratulate ourselves for being on the right side. A good joke would lead you down the garden path, encourage a bit of smugness and then rip the rug out from under you. This joke telegraphs the punch line from the start: it encourages smugness and then vindicates it. A healthy joke would make us uncomfortable about whether we would have been on the right side, whether we are doing a good job of living up to our values. This joke reassures us that the problem is other people's values, and by doing so, it promotes exactly the kind of complacency that it makes fun of.
Also remember that the project was worth it - it was returning on the investment. Ideally the simple solution would have been found first for a massive windfall of savings, but industry runs on constant, small, incremental changes over many years. And it takes a very special mindset to invent awesome hacks like the fan trick!
The operator should instead be applauded for making it so no other plant needs to buy such an expensive system!
Edit: also, never underestimate the utility of inconveniencing operators. They will find the most brilliant, clever, and cheap hacks to solve problems. Watching operators is the best diagnostic tool available. When you see a c-clamp or duct tape on the machine, you know exactly what needs workin' on next!
American manufacturing factories are actually homes to tremendous ingenuity and practicality. To an outsider they may seem loud, dirty, and disorganized, but the engineers inside routinely deal with issues like "how can we catch bad parts before they roll off the line, using spare parts, scrap metal, and a $20 budget?" I have seen some amazing Rube Goldberg feeding systems that can outperform expensive laser/optical/diverter gate packages.
Back when I worked on the stab trim gearbox at Boeing, it came time to put it on the test rig and load it up. The test engineers gleefully told me they were going to bust my design. So joy for me, I got to go to the shop and get my hands dirty testing it!
By the time I got there, they had my baby all mounted in the custom test rig, with a giant hydraulic ram all set to torture it. There was some adjustment needed, and I lept forward to make it. The union shop steward physically blocked me, and said I was not allowed to touch anything. I was only allowed to give directions to the union machinist there, and he would turn a wrench at my direction.
Jeez, what a killjoy moment for me.
Anyhow, to make a long story short, when they loaded up the gearbox with the ram, the test rig bent and broke, and that lovely gearbox just sat there. Nyah, nyah, nyah to the test engineers and back to the office building for me.
I worked on a very large process and technology improvement program for a Fortune 50 company. One critical piece of the project was a scheduling system for field technicians. After 100+ effort years (don't ask!) we got it developed and tested, and it achieved the 15 minutes per technician productivity improvement, justifying the massive expense. We then found that we could double the benefit by having them reboot their laptops weekly instead of nightly. (Though the technology architects screamed bloody murder)
Also, the NASA vs Russian space pen vs pencil.
We also produced foil packs (like fast food ketchup packets). That machine was the coolest mechanical device I've ever worked with.
In real life the solution applied wouldn't be this one, nor the cheap fan, but some dude being paid peanuts to shake each box by hand.
I comfort myself with Teddy Roosevelt's "man in the arena" speech.
I see people bringing up points like "What if the fan dies?" or "what if the weight of the boxes increases due to extra packaging?". IMHO, these arguments are invalid because of the same reason. Fan is not the solution.
But in order to do that you have to effectively align incentives for them to solve the problems. If companies treat employees as disposable automatons, and do not allow them to share in the success of the business or benefit from improving workflows, they have no motivation for doing so.
So many companies shoot themselves in the foot by bringing in "experts" when the real experts are right there on their payrolls, but no one is asking them their opinions or creating a situation where they would be inclined to give them anyway.
The America of 2013 is absolute bullshit. I can't even fathom how corrupt this country is.
specifically here: http://subtitles.pads.ccc.de/5622
It's a sad era indeed when we have a whole network of American journalists living outside of U.S. borders for fear of imprisonment and other reprisals from their own government.
I don't like it, and I don't agree with it, but I acknowledge that if a 2nd 9/11 level event were to occur after the government relented and imposed reasonable limitations on data collection that the party out of power at the time could easily scream bloody murder and take all 3 branches of government in a single election cycle. I'd previously only expected this from the party of Kang, but Obama's stance on drones and NSA surveillance has revealed the party of Kodos is no better.
Which is to say I think the surveillance state is a symptom more than the disease. America has lost all sense of perspective.
~30,000 automotive deaths (of which ~10,000 resulted from drunk driving) annually.
~11,000 gun deaths.
~6,000 deaths from falling off ladders.
~3,000 people died on 9/11.
Ergo we should ban ladders, guns, alcohol, and cars: it's the only way to be sure, no?
I REALLY dig doing this via github as well. I submitted a pull request with some spelling changes.
Highly recommend it:
Conversations with History: Glenn Greenwald - https://www.youtube.com/watch?feature=player_embedded&v=-qlF... ~2011
Glenn's "Frequently Told Lies" page - http://web.archive.org/web/20131007002618/http://ggsidedocs.... it's currently down, both on archive.org and the original page)
The American columnist who can't live in America - http://amanpour.blogs.cnn.com/2013/06/10/the-american-column... (this is before the striking down of the gay marriage law in question, I think)
How Glenn Greenwald Became Glenn Greenwald - http://www.buzzfeed.com/jtes/how-glenn-greenwald-became-glen...
Believing oppression only happens elsewhere - https://theoldspeakjournal.wordpress.com/2013/01/16/believin... (the original blog is down)
Endless War, Radical Presidential Power, and a Rotted Political Culture: A Talk by Glenn Greenwald - http://translationexercises.wordpress.com/2013/03/28/endless... [28 Mar 2013]
I even wonder if the NSA actually tried to DDOS the skype call conference.
Pauley is saying that the targets of the order have no recourse to challenge it. That Congress never intended for them to know about it may be true, but it's otherwise neither here nor there.
> (1) The privacy of correspondence, posts and telecommunications shall be inviolable.
> (2) Restrictions may be ordered only pursuant to a law. If the restriction serves to protect the free democratic basic order or the existence or security of the Federation or of a Land, the law may provide that the person affected shall not be informed of the restriction and that recourse to the courts shall be replaced by a review of the case by agencies and auxiliary agencies appointed by the legislature.
The logic sounds alike to me: Victims cannot know that they are being surveilled, and should they, under some circumstances obtain knowledge of the fact, take any real legal recourse against it.Fun fact: That article was imposed by the US.
 http://de.wikipedia.org/wiki/Deutsche_Notstandsgesetze (sorry, the English article doesn't cite any sources)
1. Rule that the law should be followed.2. Rule that the law is unconstitutional.
The article provides strong reasons for believing the law is terrible, but that doesn't mean the judge is wrong on any grounds except constitutional ones.
It helps to think about this analogously to other kinds of suits. Say you feel like a school district is discriminating against African Americans. There's a constitutional dimension to that case, but also a statutory dimension. Congress has created legislation that people can rely on to address such discrimination. To defend a suit under such a statute, a state might argue that a particular suit does not fall within the scope of the statute: that Congress did not intend for the statute to serve as recourse in this situation. But that sill leaves the broader Constitutional issue on the table. Whether Congress intended for a statute to serve as recourse is irrelevant to the Constitutional argument. There are two separate bases.
"The principal called. He said that you cheated on your exams."
"Yeah, but I never meant for anyone to find out, so why am I in trouble?"
Seems legit to me!
Probably, "What information does he have that we could use?".
What would you as a KGB leader say to Putin. Probably "Well he stole a huge amount of sensitive information from the NSA but he apparently hid it all on the Internet and gave copies to several other people. But he doesn't have it with him."
And then what would Putin say? Perhaps "If he has already passed on this information, then could he do anything else other than what he has already done?"
I suppose the KGB leader would say "No, other than to hide away so that they can't hold a big show trial hoping to cover up the real story."
"Good says Putin. We will give him refugee status if he promises not to do anything else to further harm the USA. After all, it will take time for all the information to filter out to the media. We will hide him so that the media has to focus on the facts.
And then Putin adds, "Do you think he discovered anything that we don't know already?"
And the KGB leader replies "We have known of this lax security for years. Our team of sleeper agents set up many channels of information for us years ago, so we think this only means that the world will learn what we already know."
Much as I also dislike the ruling, the argument here seems quite reasonable to me.
Can we get a warrant to search every portion of the government for illegal activity? We just have to find some sort of suspicion that they might be doing this...
First, the TSA itself has admitted that there is no evidence of terrorist plots against aviation in the US.
Second, the circumstances under which 9/11 happened would be impossible to repeat. Plane cockpits are all but impenetrable - the only reason that some of the 9/11 hijackers were successful was that the standard protocol for dealing with hijackers assumed that hijackers wanted to take the plane hostage for ransom, not use the plane as a weapon. This protocol was fixed almost immediately. (Note that United Airlines Flight 93 did not face the same fate as the other three planes, because the passengers knew what the hijackers were planning.)
Since it's impossible to take control of the cockpit as a hijacker these days, even if someone managed to bring a gun on board a flight, the most damage they could do is kill all the passengers (leaving the pilots unharmed). That is truly a horrible scenario, but that makes flying no more risky than going to the movies or going to school (eg. Newtown, Arapahoe, Boulder).
Of course, one "logical" conclusion is therefore to establish TSA-style security at every school, cinema, mall, etc... in which case we have turned the country into a police state, and we should expect the same crime rates as within federal prisons: http://www.bjs.gov/index.cfm?ty=tp&tid=194
 I believe I read another comment on Hacker News a while back in which the pilot had a heart attack after the cockpit had been locked from the inside, but before leaving the gate, and it still took the fire department almost an hour to cut through the door.
> Would this increase hijacking? Probably. But there's no reason to believe it would increase casualties from terrorist attacks overall. That's because increasing airport security just leads terrorists to direct their assaults elsewhere.
There are two huge problems with this statement.
First, you cannot draw such a causal conclusion from statistical data alone.
Second, it's pulling a subtle slight of hand--the goal of airport security is NOT to reduce terrorist casualties overall. It is to reduce violent attacks of any kind on airplanes, specifically.
At the base of this argument is an implication that terrorist attacks are zero-sum: reduce them in one place, get an equivalent more in another. But that's not how security works.
Look at it in digital terms--it would be like saying that we don't need to bother with strong passwords, because all those did was drive up the number of phishing attacks. Maybe we could just get of passwords, since the total number of intrusions would not go up. And besides, just think of all that wasted effort to create, hash, store, remember, and manage passwords.
Does that sound stupid? I hope so, because it is. But that's exactly the type of argument that this article is making.
It's as if after implementing all this theater, imposing myriads of restrictions, that they realized it was all ineffective, and now they're reframing the entire situation by acting as if they're catering to customers by offering a program that reverts things to how they were a little over a decade ago, but now for a fee.
Frog in a slowly heating pot indeed.
Now that we've accepted the horrors of the TSA, they are working on getting us to accept the horrors of the NSA, slowly but surely, until we reach the point that the average person defends every smartphone being hacked and tracked.
Even if a bomb is brought on board we would never give control of a plan to hijackers since we now know it may be used as a giant missile, not just an escape vehicle.
I go through the TSA screening several times a month, and while I don't appreciate the invasion of privacy, it isn't really that big of a pain in the ass to stand in line for a few minutes and put all your bags through the scanner.
Why? Because of a statement I've seen attributed to Karl Denninger: "One man's waste, fraud, abuse, scam, and theft is another man's paycheck."
If there were no need for TSA-compliant messenger bags, Timbuk2 would likely see a drop in revenues. If there were no TSA, a whole bunch of people employed as TSA agents would be out of work. I'd expect everyone making money off the current system of security theater to fight tooth and nail to preserve the money they're making.
 See e.g. http://www.market-ticker.org/akcs-www?singlepost=3149840
we just had the 25 year anniversary of Lockerbie. that bomb not only killed all on board the plane, but a lot of people on the ground. no need to hijack.
and we now have a lot of suicide bombers, see just the last two days on Volgograd.
have the Israelis scaled down their anti-bomb detection measures? no? then neither should the west.
i fly a lot, internationally. i do not mind the checkpoints. i mind dying pre-maturely in a fireball.
And yet this combination was effective in limiting the number of casualties in the recent Volgograd train station bombing. I suspect the amount of Russian editorializing over these security procedures will soon decrease.
Fortunately, while civilian memory is short, government institutional memory is long.
After 9/11, they were able to convince us that we NEED to be felt up by strangers at the airport and that we NEED to invade a country and that ITS OKAY to just kill thousands and thousands of civilians "by accident" all in the name of National Security and when some civilians try and kick out these strangers that invaded their country and killed their family, they're the nut jobs, they're the bad people, they're the real terrorists.
I honestly think the US is a bigger terrorist that Osama ever was. Now, after 9/11 people we're living our normal lives normally; while in Afganistan, families everyday are terrorized, scared, afraid that this might be their last day. Today might be the day their father doesn't come back. Today might be the last day they see each other.
I'd rather take my shoes off and have 2+ jet engines than get in an 8-seater commuter plane.
- Typically they still want you there 30 mins early to check-in and load the baggage.
- The pilot to passenger ratio makes them very expensive. A 20 minute flight for me is costlier than a 5 hour one to a major hub. I rarely pay for these out of my own pocket.
- Being a smaller operation your pilot can be very young and inexperienced.
- These planes are very small and at times get uncomfortably hot in the summer.
- The majority of crashes around here are from similarly sized aircraft. Always an uncomfortable reminder of what can go wrong.
- Flying in any kind of adverse weather can honestly be pretty terrifying in a smaller plane. If your lucky they'll delay or cancel it altogether.
- Sometimes your pilot will leave the window open and a wasp will fly in prior to take off. Sitting in the co-pilot seat in a cramped plane, it may be up to you to kill it :)
Overall I prefer the smaller flights in the summer, but I'll take the slow security for the safety of the bigger plane in winter.
Saying that TSA security doesn't reduce terrorism risk is a reasonable argument (although I think it's wrong; consider the possibility of gun-toting yahoos wanting to be "safe" with "self-defense" and blowing a hole in the fuselage because they saw a suspicious brown person). But politically, saying to give up TSA security because it doesn't work is basically impossible. Voters will demand that politicians do something about the threat of terrorism.
The TSA basically exists to make Michael Chertoff and Dick Cheney very, very rich. It would be interesting to see how much they raked in from this, compared with, say, Bo Xilai or Wen Jiabiao.
In fact I flew from South Africa to Europe 4 or 5 years back (in a large Airbus). No metal detector, no scanners, no taking-shoes-or-belt-of, just the quick scan of the carry on. Took 2 minutes, and I did not feel unsafe in any way.
911 cannot be repeated (as pointed out many times before). The TSA checks are a theater and everybody knows it.
Now I'll grant you if you're coming from Ramallah and you're flying to Pakistan through Turkey and Dubai you should probably give yourself and extra hour or two, but as long as have no nefarious motives and tell the truth you will be on your way. But this is true regardless of the color of your skin or religious beliefs. I have a friend who was doing something like that and he's white, very clearly Jewish and religious. (Often those stories you hear of the 3 hour long interrogations are because the dude was/is an active participant on the rock throwing attacks and they have pictures of him that he is unaware of...)
Now, if we as this article suggests remove all security to get on flights. As someone planning such an incident, i.e. pull out a gun or other random acts of terror; It would follow that getting on a flight to do such a thing would be the best move. You literally have access to 200+ people with no where to run in a confined area, with no security. The reason flights are given security vs other places such as theaters etc is not some random act. It is cause of the specific threats that are posed by hijacked flights/weapons on flights that are fundamentally different from other locations.
(How fast would the cops get to someone who starts firing at people in any city with such high population density?, now compare that with what happens in a flight, you have no options, and once it starts you practically write off the people who are on the flight because you have no chance of saving them)
so in other words, heightened airport security has worked.
Of course, you'll be much more limited by weather than a transport-class aircraft.
In their defense: I tend to do well with these kinds of situations. Exuding a combination of "not criminal" and "don't mess with me" does wonders.
It was a weird time. Most young people either smoked pot or knew somebody who did. There wasn't much odd about them, although we were told that smoking pot was terrible. On the street, however, it was fairly obvious that this was an overreaction. To hear some folks talk, there was little difference between heroin and pot. That was obviously not true.
It took 50 years for common sense to get back into the system, and even now, when the change is starting, it might be another 10 or 20 years to fully reverse pot laws. I'm not a pot user, but I find this slowness-to-adapt to common sense amazing.
Unfortunately, the system isn't just glacial in fixing bad laws -- it's fairly quick to add new bad laws as we go along. TSA is the case in point. Just like the pot laws, we're constantly told that there is a terrible danger out there that we need protection from, even though it's blatantly obvious that this is an overreaction and power grab. Nobody seems to be driving the bus.
So I guess we'll go through 50 years of increasing TSA "supervision" of travel until we see some kind of sanity? And how many TSAs will we have by then? It's depressing to think about.
Airplane hijackings are actually much more common than most people think. From 1988-1997, there were about 18 airplane hijackings per year, down from the peak of 82 in 1969: http://en.wikipedia.org/wiki/Aircraft_hijacking. Interesting to read the history: http://en.wikipedia.org/wiki/List_of_aircraft_hijackings#196....
"Is eliminating airport security politically untenable? Maybe"
"Would this increase hijacking? Probably."
And TSA is a big business.
The question I have for people is why they bother traveling so much nowadays. Maybe the experience of le rive gauche cannot be replicated over the internet -- but a lot of travel (especially business) seems to be a bit of showmanship itself. You know, show up and impress the client with a little face-to-face. Or let the striking factory workers know who's boss. Whatever.
What makes me laugh even harder than the deaths of old habits such as flying hither and yon are people who distinguish between security and the illusion of security. Isn't security itself a feeling? And what makes jittery fliers feel safer than a bunch of goons rifling through one's possessions? Isn't that the essence of "stepping up security"?
"I saw a simple Java question, hit Google, read briefly, then synthesized an original answer."
1. To ask interesting questions that I think will get a better answer there than anywhere else (eg [0,1,2]).
2. To help educate other programmers about languages that I like very much, and would like to see in wider use. I endeavour not to just give a "how to do X" answer, but instead explain what the different approaches are, and why some approaches are better than others (eg [3,4,5])
3. To stay in touch and build a reputation among the wider community of Haskell programmers - not by amassing internet points, but by asking interesting questions and giving interesting, thoughtful answers.
If you just game Stack Overflow for imaginary internet points, it's no wonder you don't find it very fulfilling.
As a software developer well into my second decade of professional experience, I maintain a small number of technologies at what you might call an expert level. These technologies shift in and out of focus depending on what my current projects are.
When I complete a project and don't use the technology for more than a year or so, I've found that I forget all of the nitty gritty stuff and remember all the big conceptual stuff.
For example, I recently returned to Java after several years of disuse. All the bit conceptual stuff that was really hard for me to pick up initially, like polymorphic behavior, multithreading, etc., was still there. The easy but nit-picky stuff was all gone. I'd forgotten when boxing happens and doesn't happen, the behavior of equals in reference vs value types, even where I'm supposed to put certain syntactic elements. Simple questions on StackOverflow to the rescue!
As another example, I did a large project involving SVG in the early 2000's and got to the point where I knew as much as there was to know about it. I recently did a quick one-off project that utilized SVG, and I found that I'd retained the big conceptual ideas, such as the behavior of the coordinate system, the hierarchy of shapes, viewports, groups, etc., but I'd totally forgotten a huge laundry list of practical nitty-gritty things about actually making an SVG experience work.
In the Java example I was embarking on a large project, so I hit the books and re-taught myself to fish again, because it was quite worth my time investment to start from the fundamentals and work my way back up. In the SVG example, I literally just wanted to do something in an afternoon, and I knew SVG could do it, and I wasn't going to do any SVG work after that. Hitting the books and teaching myself to fish in that scenario would have been a waste of time. So I plowed through and was helped immensely by the simple-question simple-answer Stack Overflow scenario.
Then there's a whole list of technologies that I really don't have the brain-space to keep abreast of, but I still need to use. For example I am not an expert at shell scripting, but on occasion I need to write one. Back to Stack Overflow and the simple answers to simple questions.
Before Stack Overflow I wouldn't have been in the dark--as a long-time Internet community member, I would have gone through the usual: find the right community with the most helpful people, hope the community has a search engine or is well indexed by Google, read through long lists of replies without a voting system or assessment of quality, rinse-repeat. Stack Overflow speeds that process up immensely.
That's really it. Everything it does is geared toward that, and it does it quite well.
I have lots of SO points. A lot of them have come from answering common, basic questions. If you think points exist to prove merit, that's bad. But if you think points exist to show "this person makes the kind of content that brings programmers to our site and makes them happy", it's good. The latter is their intent.
Does having easy answers available on SO make us dumber? I doubt it. People have made the same argument about search engines, and you probably could have said the same about encyclopedias.
I go there now and then to answer questions. My latest answer, about a way to get gnuplot to do a certain trick, took me a couple of hours to get right and got me 25 whole points for being the accepted answer. I worked on this because it seemed to be an interesting challenge, I was interested in figuring out how to do it, and nobody else was answering. I sharpened my gnuplot skills in figuring it out and helped someone. To do this for "points" is asinine (unless a big score gets you something else, like a consulting contract - in which case what's the complaint?).
The reply was highly precise and technical, and the reasons given by the mods to reject the edit are spurious, since they just couldn't understand it and its implications.
I reached out to two of them (I couldn't find how to contact the third one), but they didn't even reply to my mails.
Is SO the best code Q/A resource available? Absolutely yes.
Remember what was used before SO? Pure shit. Open-ended help forums scattered throughout the web that had little/no moderation and no indication of where the solution could be found in the discussion, or if a solution was ever found at all. SO's aligned everyone's incentives to post the solution & the site's formatting makes it trivial and find the best solution provided.
I've personally experienced times where my questions/answers have been affected by wikipedia-esque moderation, but at the end of the day I still click on SO results first in Google & and I still visit from time-to-time to see if I can help anyone out.
- I've gotten a lot of help there
- It's nice to help other people in return
- Any answer I put there will be available via Google in 5 minutes, so I can definitely reference it myself in the future. (I'll even ask and answer questions I just figured out so that I can find them later.)
a) I love contributing with the online developer community and sharing back all that I've taken since I started freshman year of college.
b) Writing it out step by step solidifies the knowledge within me.
It's a win-win!
MOST IMPORTANTLY:I appreciate Michael's feedback, and he worries about a lot of the same things I do. Moreover, we are incredibly grateful for all he's done over the years - my honest belief is that his contributions (even when they were just fish) helped a ton of people finish a project that may have been what made them LOVE programming. And those people did take the time to learn the fishing techniques underlying those fish, so they could do it better next time.
ON REWARDS:Points aren't the point. Let's be honest. We reward people for helping others with points that essentially convey nothing other than the ability to help in new ways (as you unlock new privileges). No one in their right mind is spending time on the site with the empirical goal of getting points.
The real reason people answer questions is that they like helping people. The points are important, but only insofar as they give you actual feedback on how many people appreciate your effort. The points aren't the reward; they're just a way to measure the real reward people care about: knowing how much of a difference you've made.
So when Michael worries about his points going up even after he's stopped posting, that's the system working. It's not about ensuring the right person is "winning" it's about showing how many people got help.
And he's still helping others today. I respect his decision to leave, but truly think he should be proud of what he's done for the programming community to date. In any case, we're grateful.
Such questions and answers represent hours of effort on my part. That's fine -- I needed to spend most of those hours for my work anyways, but crafting a good answer does add a significant amount of time. They usually don't result in many points: they're pretty obscure. But often it's the only place on the interwebs where the question is answered.
But the answer that has earned me the most points is a stupid throwaway CSS answer that's technically wrong: http://stackoverflow.com/questions/1817792/css-previous-sibl...
What does really annoy me are the badges. I've got a bunch of necromancer badges, which I'm proud of. But the value of those badges is really degraded by cheap silver and gold badges, such as yearling.
for me, as a professional programmer, that site is useful because it has direct, simple answers.
but it seems to have been taken over by students who are resentful that there should be simple answers without some evidence of suffering (it really seems to be that).
why should i have to explain "what i have already done" to a bunch of schoolkids when all i want is for someone who has solved this issue before to post the right answer so i can get on with life?
i'm an adult. i can make my own decisions about when i learn and when i want an answer. i don't need someone else's priorities - from a completely different context, apparently motivated by jealousy over grades - shoved down my throat.
but anyway, while that bugged me, it was the dismissive mods that finally drove me away (at 19k points).
(am i the only one that thinks that good questions - interesting ones - are no longer getting quality answers because people that could have answered them have left? and that they're no longer being asked as a consequence? the time when i wrote answers like http://stackoverflow.com/questions/7076349/is-there-a-good-w... has long, long passed)
Sometimes you do get a good answer quickly, saving you hours of frustrating searching.
But most times you will have to spend hours figuring it out yourself or you'll end up giving up. Answering your own question won't get you a lot of points but it will probably get you a few over time. More importantly, because of SO's high google rank, you've made your answer easy to find for the next few people who have the same quesiton.
This hits the nail on the head, imo. While the SO system is (presumably) meant to reward "karma" based on the quality of answers, more often than not it seems that quantity is just as important. And it's not hard to see why this is the case -- there's an inherent risk in typing a well thought-out (read: time consuming and potentially long) answer, when a simple one-liner is probably all the questioner is really seeking.
On the other hand, maybe that's what StackOverflow is really for -- getting things done, NOW. Even if that "getting things done" answer is just a band-aid, and the questioner hasn't really learned anything.
In my experience, people who find themselves applying band-aid after band-aid to their code (myself included) rarely connect the dots all the way back and realize that all their subsequent problems were largely due to their initial "fix".
So what? Apparently his answers were valuable enough and saved the time (and nerves) of many programmers who faced similar obstacles as original posters...
It seems only right to me that a great answer, a canonical answer, like - say - this one: http://stackoverflow.com/a/101561/168719 - can be fuelling its author's reputation long after it was written. Because it holds some universal value, unlike (say) a solution to a short-lived problem with NetBeans 6.1.
"Indeed I went from the top 4% of contributors at my time of departure to the top 3%"
OMG, I didn't realize this issue was so serious.
Now that's just horrible, somebody better stop this madness quick!
(I can't help but read his rant in Sheldon Cooper's voice ;) )
With Stack Overflow it's simply not worth it to answer a difficult question, the time to point ratio is just not there, and to make it worse it's all about speed - how fast you can answer, because once the question goes off the home page you will get basically no points. So a hard question is doubly bad - it takes a long time, and by the time you are done you'll get no points.
The biggest problem in my opinion are voting rings getting more sophisticated and getting undetected for longer and longer period of time, with users from the rings getting more and more rep before action is taken and basically filling the site with spammy questions/answers (and even probably links to malware). This has the potential to become really nasty soon: at one point you can imagine several users from a voting ring upvoting themselves to 10K rep and starting to slowly vandalize many questions while going undetected for long period of time.
Which means SO is polluted with fake questions / answers. Google results are polluted with fake questions / answers. And high-rep users (the one with enough point to directly edit questions / answers) are wasting time fixing what looks like poor questions or commenting on these, not realizing they're fake questions/answers made by people participating in a voting ring.
Here's a recent example:
User has 364 rep as I write this and it's obviously a voting ring made of a few users. If you have a few minutes just open that account and all the questions he answered: they're all from the same two or three same users, sometimes answering twice the same question and obviously getting upvotes and accepted answers from people in his voting ring.
But that's not the issue... The issue is that this is not stopped fast enough: because the mods are too busy wasting time on less important issues concerning users who are perfectly legit.
Despite my 3.8K rep and flagging to moderator attention, nothing is done to stop these fastly.
So on one end you have creeping authoritarianism focusing on not so important issues (like say, the "closing question" police which is super-fast to act when it comes to closing or mark as duplicate legit questions), while on the other end there are real abusers, totally gaming the system, reaching enough rep to create havoc and basically doing vandalism by filling the site with fake questions (and fake answers).
The "proof" that there's a real issues is that several high-rep users spent time fixing (intentional?) typos and grammar errors in these questions, thinking they were real but, mostly, that several people are going to open the profile I just mentioned and not realize it is part of a voting ring.
Now that I post this on HN maybe that HN mods are going to act... Sadly while at the same time explaining that HN is not the place to point out SO issues, that this should be taken to meta (where I'd be downvoted or closed as duplicate etc.).
As a side note I don't understand how a new user can ask six questions, have five of them answered by a single user and all upvoted and accepted without that kind of behavior directly triggering an alarm requiring moderator attention.
So: add the ability to directly flag a user (or a question if it's simpler) as part of a voting ring, add an algo that finds probable voting ring behavior and call immediate moderator attention when such rings are discovered. Also prevent questions which are made by user which have too low of a rep from appearing in Google immediately.
And, no, I'm not taking this to meta: I don't like the "tone" there ; )
The question to which the author links (2387218) is a perfect example of a wholly unresearched question, where the only possible valid answers are "RTFM/STFW" or "here's a fish".
This was the kind of thing that would have been deleted under "too localized" as it offers no benefit for future seekers of enlightenment.
I suppose it may be flagged for deletion according to this criterion:
> Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results.
but that doesn't quite seem to fit. The question is not "give me teh codez", but it does show that the asker has not attempted any solutions.
I had a very similar experience. I got the most points (3 times as many as any other question I ever answered) from showing how to perform the most basic task in ckEditor, I library I had not used before or since answering.
On the other hand, I would often spend hours getting a demo to work to demonstrate a concept that answered the person's unanswered question and writing a detailed explanation... then nothing. No response. Out of spite, I started deleting all my answers that were not accepted and had no upvotes.
Specifically, to keep SO interesting to me, I wanted to have a custom search that eliminated low-rep users from my view - questions from people who are able to answer questions (e.g. able to Google) are much more interesting.
That's the faulty premise. Or rather: it strikes at the weakness of gamification.
Yes, there is a very strong tendency for reward and effort to be grossly mismatched in user-ranked and filtered sites. Guess what: there's a copious amount of similar mismatch in real life. Jobs which are painfully difficult offer little reward, other times a casually tossed off effort may gain endless plaudits.
On HN, I think my top-voted comment remains a sarcastically flip jibe at PHP (a couple of submissions have out-scored it). On reddit, something of a throwaway about terminals vs. glass TTYs (at least it's technical). On the other hand, I scored my first reddit gold, which is to say, someone was sufficiently moved by what I'd written to actually pay something, for a longer and more detailed post, but one which my research of the topic made pretty easy to write.
But that's not why I participate.
My principle objective is to learn, explore, examine, have my own ideas challenged, and generally expand my capabilities and understanding. And used correctly, HN, reddit, and StackExchange all accomplish this pretty well.
The rating systems are there less for the person being rated and more for the benefit of others -- they're a first-level indication of how well trusted and respected someone is ... or how long and obsessively they've been using the service.
A recent HN post (also appearing on reddit) was "We Have to Talk About TED". I wrote my own riff on that: "We Have to Talk About 'We Have to Talk About TED'" (http://redd.it/1te3hz) (and yes, as the woman in the back says, its TEDtles all the way down ...).
The key problem:
There's a fundamental problem with democratic voting processes and voting systems (such as reddit's own post and moderation processes -- which are, in their defense, better than most) in assessing who's qualified to make a judgement -- and then, of course, in determining who's qualified to assess who's qualified.
There's been a strong focus in the online world for the past decade or more over user-moderated discussion. Slashdot was arguably one of the first such sites, many others have come along, most have gone. I think a fundamental misunderstanding is that the most democratic moderation systems are the best. I don't believe this is the case. Rather, any distributed moderation system shares the load of content filtering. Which is a good thing. But distributing that load to those unable to draw meaningful distinctions between "good" and "entertaining" is not useful.
This is most crucial where you're not measuring, say, marketplace potential (where popularity is in fact by and large the metric you're looking for) as opposed to, say, technical correctness. In which tests of suitability are more significant.
And that's the point of StackExchange: it's not a platform with the goal of scoring people the most points, it's a platform on which if you go there with a question, you'll find a good, and hopefully the best, applicable answer. And to that end, I've actually found the site extremely useful.
So: HN, StackExchange, reddit, Facebook, Google+, and other similar sites tend to fall down a bit of a rathole. Clay Shirky's noted that the problem isn't information overload, it's filter failure, but there are also two modes of filter failure: one is filters which are overwhelmed in the classification task and can't keep up. But another is filters which select the wrong stuff.
Which isn't a particularly easy problem to solve. StackExchange actually takes a decent cut at it (as do other services such as Yahoo Answers, though with varying degrees of success) by having the submitter select the best answer. Within the ranking system, this might carry some benefits, and in particular, submitting a lot of wrong, or simply unselected answers, might carry a penalty. Another way to switch up the voting system would be to assign more points for answers to harder, less-answered, or unanswered questions. Or to provide a means of judging between solutions: what's faster, simpler, more comprehensive, more robust, etc.
Which gets down to determining what quality and fitness are. In which case I'd recommend taking another look at Pirsig's Zen and the Art of Motorcycle Maintenance. Though you need not agree entirely with what he has to say.
Sure in an ideal world someone answering that very specific question that is difficult to answer would get more credit but it is not perfect. That is also why the bounty system exists because someone can have a specific hard to answer question that would be very beneficial to them while not many others would be helped and thus upvote. So that person can offer a bounty.
I've seen questions where you can literally copy and paste the question into Google, look at the first result to find an authoritative source, and copy sample code to solve the problem. Yet that was apparently too difficult for the person asking on Stack Overflow, and if anybody points out they should be doing this, they get their comment removed.
I've answered a lot of questions where somebody is genuinely stuck on a difficult problem and it's taken serious effort to figure out what's going on. I've also answered questions where the answer is only a quick Google search away. The former get a couple of votes up. The latter get hundreds of votes up.
This is not a healthy addition to the software development community. This is enabling developers with a vitally important gap in their skills to avoid becoming competent.
Here is the workflow:
1. Google 'question string'
2. Click first stack overflow link
3. Skip to the first answer without reading the question.
This, incredibly, works for about 80% of the things I need to look up day to day. I often find that I either need a simple example, or just need my memory jogged. In my opinion the entire internet is better because of the existence of this one site.
I agree with all of the author's points, but I think stack overflow is worthwhile despite these problems. And trust me, I've gotten my own snarky, low effort, infuriating, heavily upvoted, answers from Jon Skeet.
In the SO world, I'm definitely a "listener." I almost always wind up on the site from Google, and it usually does a pretty good job. I don't think I've ever navigated around the site itself, so the "game-ification" or whatever was completely foreign.
I will say that there have been numerous times where there are pretty good subjective or opinion based discussions (which language is better for x?) that get "closed as non constructive." I can understand why they would want to avoid flame wars, but almost always the discussions were, ironically, very constructive, nor could I find the same type of discussion anywhere else.
I think this may be in large part a negative side effect of the "gamification" because this rarely happened back when usenet posts (searched via deja or google groups) or dedicated forums for topics would be my source for finding programming answers in subjects I was unfamiliar with (new API, new language, etc). In those places if I found a question that matched mine well, and it was answered, there was a very high percentage chance the answer was correct and not just someone guessing or answering half-assedly and too quickly to get in on the karma train.
These wrongly-answered answers seem to dissuade others from answering (question too old, already sort of answered, nobody will see my correct answer and upvote it), so this wrongly answered question just lingers seemingly forever. If the moderators spent half the time pruning out these wrong answers that they do closing topics that are borderline off-topic, the site would be a far better resource for me.
Despite ALL the criticism in the article, it is still possible that StackOverflow is a very useful site.
Instead, I just blog solutions to various thorny problems I run into, so that other people can find them on Google. And I try to use whatever domain-specific message boards I can find. I just don't understand how to use SO to get help so I don't bother.
And it's not that I don't want to contribute. I've answered some questions on SO and I'd be happy to answer many more than the questions I ask. But my (uninformed) sense is that I could answer questions til I'm blue in the face and no one would ever answer mine. The ratio of unanswered questions to answered ones is insane. It just doesn't feel like there's a community there that I'm joining.
That said, I find it incredibly useful when there's already an SO solution that comes up in Google that solves my problem.
I love Java and I love the Java ecosystem. Stack Exchange serves the Java ecosystem very poorly however.
A lot of the frustration people have with Java is that they try to learn it from a task-oriented perspective, and that really gets you in trouble if you work with Spring or Maven, particularly on a big team. If your first experience is with a 40-module Maven project that is all SNAPSHOT releases, it takes two hours to do a complete build, and there are just two people who understand maven vs 23 developers who get their answers a problem at a time from StackOverflow and who copy each others' bad solutions while adding more problems, of course you hate Maven.
In the case of Maven the documentation sux and you need to read the source code and not be afraid to write plug-ins, but Spring is not so mysterious if you take your tablet to the gym and read the manual cover to cover a few times.
There is no language that favors holistic thinking and punishes "task-oriented" thinking more than Java. For instance, when most developers have to deal with logging it's because things have gotten horribly tangled up with slf4j and commons-logging. Once more, the situation is pretty simple if you understand the big picture, but from a task oriented perspective you're just stumbling in the dark.
I don't see the problem here. He's not getting points for doing nothing. He's getting points for something he did in the past. Sort of like royalties.
That's pretty much how our "real world" scoring system works if you think about it. To make it simple, just replace the "internet points" by "money" and your "stackoverflow account" by a "savings account" that pays interest and the analogy is set ;)
Then again, there are plenty of 3-year+ users with 100k+ who still think moderators are any other users who disagree with them and/or can only vote to close a question.
When you don't want to see the effects of leaving joke questions around as more and more users use that as a reason to increase the noise, then you don't want to see why moderation and locking/deleting needs to take place.
That seems to indicate that stack overflow had considerable growth in the number of contributors, relatively few of which acquired large scores (for example, if there were no 'effortless scoring', they would need 33% growth of users who all have lower scores in order to make the former top 4% become the new top 3%)
That might be an indication that there are fewer users who play the "I want points" game. It would require access to quite a bit more data (who joined when, what do the distributions of scores look like, etc) to prove that, though.
If it turns out that there still are lots of users chasing high scores, I think it might be worthwhile for Stack Overflow to play with different scoring functions. For example, h-index is popular in scientific papers. One could do a SO h-index (has X answers that got at least X upvotes). Maybe, to encourage diversity, one could add "... With X different tags" to the requirement.
Additionally it is geared towards STATIC knowledge. Chosen "best" answers (CURRENTLY!) and the fact that most of the time no one is actually updating their votes according to the CURRENT state of the art or current established best practices actually can even drive info seeking users towards out dated answers...
Still, most of the time I think it works just fine for the folks just in need for quick "how do I convert x into y in language z" answers.
To tackle the non-static, more dynamic and actually fleeting aspects of "voting for the best" aspects I am working on and experimenting with Sustinion
Some trivial Java question gets one more points than a brilliant solution for some obscure problem - okay. Isn't that the nature of all things? Is this StackOverflow's fault?
"Engage with other users of the tools you use in the form of user groups, mailing lists, web forums, etc."
Don't "mailing lists, web forums" suffer from the same bias? Even if there is no formalized reward system (points) there?
Not for me. It's my go to place to find syntax equivalent examples for languages I don't typically use. If Google has a universal translator for code, I'd probably use that instead.
The question is: Is there a way to fix this?
So my attitude to SO is pretty much "meh". I'll take useful answers (and sometimes there are really good ones), but if they don't want me to contribute, stuff 'em.
Arguments could be made against contributing to...Helping the homeless,Open source,Hacker News discussions,?ETC
I find it's much more effective to simply read the documentation of the language/function/feature I'm having trouble with, than it is to try to formulate the precise phrasing of the question that will lead me to the answer I need in my circumstance.
Most of this involved rather tedious, repetitive labor. So to stave off boredom, we made up games to go along with it. "Fastest to finish hoeing a row of corn", "Most peas shelled in a minute", etc.
It helped. We got a lot more done, faster, and with less complaining because of it.
But... The games weren't really the goal, and no one ever thought otherwise: the point was the creation and preparation of food for the next year. If you "won" by chopping down all the corn or throwing out the unshelled peas, no one would think highly of you for doing so.
Too many people look at games - or especially "gamification" - as a silver bullet that will turn the efforts of lazy and unproductive players into gold... This is exceedingly naive. Any game played in bad faith will have disappointing results, whether the mechanics of that game involves throwing a ball around or answering programming questions.
Is that a good reason not to play? Hell no! Games are fun, and with the right players and attitude can be exceedingly rewarding. But you do need to keep some perspective, to remember at all times why you're playing.
Ignoring the gamification of S.O. the community that surrounds it and the sheer amount of knowledge it holds makes it an incredible resource never seen before in the history of programming.
Sometimes it seems like human beings could live in a golden palace and be upset that the gold is the wrong color.
> StackOverflow is filled to the brim with people giving fishes.
I tried that. Guess what happened:
Not saying my answer is awesome, but I just tried to be comprehensive on a very recurring SQL topic and the community responded very positively to it.
I get it, SO feels like a game. But I use it to hone my skills and learn new things. When I want to learn, I don't ask on SO: I stick to a tag and keep trying to answer something on it. Learned a lot that way.
Just my 2c.
Then there's the part about giving fishes instead of teaching how to fish. Duh. That's what the site is about. It's a resource for fishermen. It's a nice place to get samples of fishes you haven't heard of. You're free to just eat them, or study them further.
SO is amazing as a super cheat-sheet. It's not a tutorial, a school or a a forum. It's not Reddit or Farmville. Please stop.
So.... Most of current contributors just fight for points really.
The one thing that niggles me most on the web in general, is continuous reinvention. If you must paraphrase someone else's work then do. However most of the time a simple link would suffice. The same for repeat/similar questions. And it's always good to reference your sources.
Also, I hate the new black bar at the top. It is the reason I don't visit the site that often now. It hurts my eyes. :-(
I've seen what's happening on SE before. It was called USENET back then. The best way I can describe it is that marauding hordes of extremists aggressively took over some groups mercilessly attacked anyone deviating from their vision of the world. I remember comp.lang.c becoming particularly problematic.
OK, a little over the top. Well, yes and no. One of the most frustrating things on SE and SF are the questions that are closed as off-topic when they very much are on topic. I haven't been on either of those for a while. Back a some time ago there seemed to be a war of sorts going on between the two communities's moderators as they would close topics in each and send them off to each other. For example, if I remember correctly, questions related to XAMPP was a hot-button item that almost guaranteed your question would end-up in digital limbo. In this sense, it very much started to feel like USENET when the inmates took over the asylum.
When I got started with SE I felt a responsibility to give back as much as I took. I remember devoting significant amounts of time to answering questions with well-tested clear explanations. As you clash into the reality of what these communities have become (both in terms of quality of content and quality of the people who pull the strings) the motivation to contribute at that level --or any level for that matter-- tends to go down.
Not sure what's in store for SE. It just isn't an important part of my daily routine in any way these days. I suspect this might be the case for a lot of professionals who have far better things to do with their time and skills than to play such games for points and badges.
If the Author is an expert then answer/discuss questions on your level and most of the issues will be gone...
You may not get the recognition you deserve but believe me you don't give others the recognition they deserve either.
It seems that most of the OP's angst are over the relatively simplistic points system. In his Java ternary example, perhaps it could be counterbalanced with the upvotes you receive and the worthiness of the question (as marked by stars and upvotes). But then the scoring system would become much less obvious and then you'd have complaints about that.
Either way, even with the deluge of non-useful content...I'm amazed at Google's ability to almost always get me to the most relevant discussion, even with a bare amount of generalizing my search query...and in the cherry-picking testing I've done, the Google search engine usually does a better job than SO's own engine (though SO's related-questions sidebar is also quite good). I wonder if some Googler's 20%-time idea was to closely study the SO API and build an algorithm and quality flags specific to the SO domain, as a way to keep devs loyal to the Google search platform?
It's great finding specific answers to highly specific questions that a large number of devs can help with. It's terrible at keeping many of the most experienced devs interested in answering questions. And it's not great as a general learning resource either. The site just stalls out at a low to moderate level of sophistication in terms of the level of knowledge that can be found there, for all of the reasons the author described.
Edit: after some reflection, here is a stronger critique of SO:
SO leverages a huge amount of effort from developers for very little real benefit. Some of the site has value but a lot of it boils down to moderately experienced devs spoon feeding answers to beginning devs, which I think could be more detrimental than helpful. By doing so such beginning devs avoid the hurdle of having to RTFM, which stunts their growth. They avoid having to level up their skillset and they know that they can just return to SO when they have their next problem, so they are discouraged from acquiring the skills to solve their own problems, they will stall out at a beginning skill level forever. Meanwhile, as many people have pointed out the true point of crisis in skill/project development lies not at the beginning but after the initial hump, after years of work. And here devs are not well served by SO because they need more than just an answer to a specific question, they need guidance, they need mentoring, they need encouragement. SO's nearly pathalogical lack of community makes it a very poor place to seek out assistance during that phase of personal development.
In short: SO may be helping the wrong people and discouraging folks who are more in need of assistance and for whom being helped would have a vastly greater positive benefit on the industry as a whole.
I don't think #1 and #2 are really a big deal. #3 is the real issue. The problem is SO still follows slavishly an ideology proposed by one of its founders, I think it was not really Joel's views so much if you followed the podcast discussions. This ideology has persisted in the mega meta bureaucracy that is SO now.
Of course, it is always funny that their presumable goal was to be the destination for technical for answers but yet any question you might google and find answers on StackOverflow, the answers will, with a probability of nearly 1.0 that it will be locked, closed, and marked some kind of horrible thing that should haver appeared on the site. Good job, I guess. If SO was meant to fix the wretchedness of forums .., what fixes SO? I don't know. But with the fury that it attacked the other forms of communication I just expect more than endless "philosophizing" about "what makes a good question" and all this meta ideological nonsense. Maybe it's just me.
This is like that, except it (hopefully) would actually work.
Even the top comment is misleading -- "this doesn't prevent tampering, it just makes it obvious to you, as the laptop owner, that your machine has been tampered with. Still useful, but then what are you supposed to do about it?"
This method provides no guarantee of detecting tampering. It provides a guarantee that if an adversary is dumb and unaware of this method, then they may break the seal and get themselves caught. But it's a bad idea to be confident that the seal itself is evidence you haven't been tampered with.
Would anyone please explain which ideas are mistaken and why?
The big point which wasn't so clear is that seals are not locks. Seals exist to identify tampering; locks exist to prevent it. We use a software tool (and remote network service) to turn seals into (electronic) locks, which is kind of cool -- the integrity is measured locally using a trusted device (iPhone for now, eventually something better), verified remotely, and then a 2FA token is returned.
Glitter nail polish is maybe 70% good for this, but has the huge advantage of being widely available. Part of the goal here is to travel completely "naked" to a country, then buy a random local laptop, other local stuff, and tools, and then be able to re-create your capabilities. There are some custom conformal coatings which are brittle, much harder to pry off, single-layer, etc. which we've played around with which work much better. Plus actual paper/tape/plastic seals, and indicators already in devices (manufacturing defects like the grain of a casting).
Hooking this stuff into conventional security measures (MDM, VPN, FDE, various access control, etc.) is the ultimate goal; it's useless to detect tampering if your data is all they're after and unencrypted, after all.
My coauthor Eric Michaud is a former safeguard seals guy from Department of Energy's VAT, probably one of USG's top 3 seals programs (and probably one of the top 10 seals groups in the world), and has a physical security company (and is a lock expert), so I've been learning a lot from him about that technology.
describes a similar technique - glass spheres in transparent epoxy resin creating an uncopyable optical fingerprint. One of the comments states that tinfoil pieces in clear epoxy photographed from several angles were used as tamper proof seals during the cold war era.
Jesting apart, who has not had screws fall out or work loose from a Dell or HP laptop? The likelihood that the screws are in differently due to some secret spy type of person opening the machine is quite unlikely compared to the high likelihood that they have just worked loose of their own accord.
"There was always a question that bogged me. Imagine you are called aside to do a routine border check in airport security area. Imagine they want to inspect your laptop. Can you refuse to surrender your password which encrypts the whole disk? Is there such right to say "Nay, what is mine stays mine"?"
As somebody who is not from the USA, are you allowed to ask that they perform any security checks in front of you? Are you allowed to ask for the TSA agent's supervisor and have them walk you through each of the steps?
I guess one obvious solution is to carry the laptop/device with you on the flight, and leave the battery/adapter in check luggage, but this becomes more difficult when you consider tablets, phones, and the like. Thoughts? As somebody who may travel to the USA one day, I'd like to hear what kinds of situations you might end up in playing games like this.
... wait a minute, I remember seeing this earlier...
Border areas can be especially dangerous, as authorities can confiscate a laptop or cell phone
Nothing about "preventing" it from happening. Or knowing "who" was tampered with it.
I was happy to pay a buck a day for that service, but to pay for it and then see them run misleading clickbait makes me feel dumb for paying.
This is absolutely absurd, coming from Arrington, who twisted Jamie Zawinski's words from an anti-crazy-work-hours rant into rallying cry for gullible programmers to "work hard, cry less, and make history":
<quote>"There is no established rubric for peer review in the media; adherence to truth is largely a matter of self-regulation. Instead of peer review, in which experts check the work of other experts, media has editors and fact-checkers. Often, those people are not experts in the matters their institutions are covering. Worse, sometimes they are novices on subjects ranging from climate science to jet propulsion to even basic statistics.
But they still get to control the headlines on those stories. They still serve as the major conduit through which the public is informed about what are often intrinsically complex but extremely important matters. And even with strong editing standards in place, it is inevitable that some of the reporting for which they are responsible will lack crucial nuance or just be plain wrong."</quote>
I don't get the sense that the reporter was trying to mislead, but she was doing what reporters always do; twist what was happening into a narrative that they had concluded existed before they began researching and writing the piece. Something contradicts what you have to say? Discard it, and search for something that fits your story. Just like when you would write an essay in college; you're making a claim, and backing it up.
The same is true of events. Creating a story by asking some people questions and trying to bind their responses into a single narrative with one story that makes sense is often-times impossible. Not because the reporter is doing a bad job, but because their task is impossible. The war in Syria is often shown as two warring factions, when in reality there are dozens of groups who play off each other and fight against each other at different times. Even the armies themselves are trying to piece together who is fighting for and against whom today; to expect a reporter to do so is absurd. But thats exactly what we do.
How, then, can we have any hope of gaining a definitive understanding in the world, if even people paid to do so full-time have difficulty grasping it? Maybe there isnt any. Life isnt simple, people arent just good or evil, and situations are never binary. Maybe were not ever supposed to look at whats happening in the world and say, I understand now; its simple. Because its not. If we think that were probably missing a lot of pieces of the story.
What utter nonsense!
Unscripted speech, especially under cognitive load about complicated topics, is disfluent. About 5% of the words you speak will be edited on the fly, and not part of the final utterance to be understood. Many professional speakers train themselves not to do this, but even many politicians at the peak of their profession will remain disfluent in unscripted remarks.
Interviews are _always_ edited for fluency. You make someone sound like a bumbling idiot if you supply a verbatim transcript.
Why attack someone like pg over this? Is the attempt to shame him into being more women hacker friendly? Isn't he already going out of his way to support women?
(Donation address: 1CDdg67uEt6xpzapzGZc1m6JiUF1KAhFqH)
Eric: What youre saying is that theyre not out there to be found?
Paul: I dont think so. I dont think so. It is changing a bit because its no longer so critical to be a hacker
So PG's views are actually exactly that - in general no suitable female startup founders exist in the world. That isn't bad per se as an opinion, or makes him misogynist, I'm just surprised how people that have a positive outlook of someone can defend them even in a clearly wrong situation.
Btw I'm not affiliated with that news website in any way, just couldn't bare to see a community - that is normally so ornithological - go crazy over defending someone who doesn't deserve it.
Journalism is being disrupted (and has been for over 30 years) and the result is that reliable, just-the-facts is getting overrun by this nonsense.
People are comparing this to Valleywag. Actually, I like Valleywag. I think it's great. It is exactly what it says it is, and it's helping to break down VC-istan's image and prestige, which is exactly what it will take to save Real Technology. Valleywag is, perhaps unintentionally, tech's best friend right now.
This, on the other hand, is a five-alarm fuckup. You do not alter peoples' quotes like that, or lie to them in the way that PG was lied to, and keep your reputation. The old newspapers and journalists (with very rare, if high-profile, exceptions) knew that; but a lot of these post-disruption actors seem not to.
But by news being essentially gossip, it's something there's plenty of, like artistic talent, so there's not much money in it. That's because there's a positive gradient of information from people that will tell you for free.
Need to "kill a story" (including an ability to kill it by paying) is a sign of lost power.
From both sides.
You can see female interest in programming change in the charts on these pages:
Note that those graphs show raw numbers, not a percentage of the population -- if you adjust for the growing population, female graduation rates in computer science peak in the 1980s. As it says in the text:
"As a share of all CS bachelor's degrees granted that year, females had slipped almost 10 points, from 37% in 1984/1985 to 27% in 2003."
A family anecdote: my mom was working on her Phd in urban planning back in the 1970s and her advisor said to her "You know, in the future, many of these issues of traffic and resource allocation will be resolved through computer simulations, so you should learn to program." My mom thought that was a good idea so she took some classes and learned basic programming. She does not recall feeling like an outsider in those classes: the computer field was still new and felt wide open.
Nowadays a lot of startups talk about the need for "culture fit". This tends to limit the diversity of the gender and race and class of who is hired. For contrast, consider people like Evelyn Boyd Granville, and her acceptance at IBM.
Here on Hacker News we also discussed the story that Raganwald posted, about another black woman at IBM, though that article is now offline:
If IBM applied a filter of "culture fit" then these women would not have been hired. But IBM, and many of the big corporations in the USA, followed very liberal policies that promoted diversity in the work place.
There were some startups from the 1950s and 1960s that broke new ground in terms of diversity. Ray Kroc built up a small startup called McDonalds and in a quiet way he made feminist history in his treatment of June Martino. She was initially hired as the bookkeeper, but she was later entrusted with vast responsibilities and finally, in 1965, when McDonalds went public, she was given shares in the company, exactly like any other cofounder of a startup. This was apparently the first time in history that a woman was treated as a real cofounder and given stock.
If you look at the numbers, it seems clear that the emergence of the tech-based startup scene, in the 1990s, changed things for women. The startups have not emphasized hiring diversity. The startups tend to emphasize culture fit, and they were doing so even before that phrase came into existence. Why this should be, I am not sure. There have been startups in the past that have emphasized diversity in hiring, so I am not clear why the current generation of startups cannot do so. But what is clear is that it is not a priority for them. The big and boring corporations of the past did a better job of creating spaces for women in tech.
Edit to add: to avoid being overly innocent, we should note how much the talk of "culture" is sometimes a smokescreen to hide power dynamics. Shanley Kane said "In Silicon Valley, and the tech industry in general, a lot of people were giving these talks about what their culture was and it was really superficial and focused on the privileged aspects of the company like free food and massages." Here on Hacker News we have already discussed the post "Google's 'free food' is not free" but it is worth remembering how much the talk about "culture" is just a negotiating tactic.
I'm just going to throw this out here: only about 10% of nurses are male. Yet I rarely hear about the cultural problem of not having enough males in nursing, or how we can encourage more male nurses. Same goes for elementary school teachers. Why is that?
Just because there's a gender imbalance doesn't necessarily mean anyone is keeping anyone out. And if a few insensitive comments can keep you from doing what you want to do in life, maybe that's something you have to deal with -- there's always going to be haters no matter what you want to do.
It's pretty obvious what pg was saying in this particular "smoking gun" quote: that figuring out a way to get more girls interested in programming at 13 is an incredibly important and hard problem. The willingness for people to quickly swallow and parrot a 1-dimensional narrative of "Paul Graham, sexist pig" based upon a few quotes taken out of context in a highly edited, 3rd hand rage-blog by fucking Vallywag is the type of behavior I expect from political spinmeister hacks trotted out on the 24 hour news channels, not from smart people who I respect.
Having read what I could over the years on the academic side of "women in tech" (i.e., academic research studying the matter, rather than opinion pieces), the consensus seems to be that the early teens are the time where the decision is taken to move away (or not) from STEM fields. That is part of why the Girls Who Code initiative & others like it is such a big deal.
There are a lot of different factors and stereotypes playing into the decision to exit STEM tracks, but among them are - "unpleasant male geeks", "programmers work alone", "girls don't need to know math", "boys figure things out" and so forth. (Clearly these are a subset of examples, and also clearly not all of these are 100% influential for any particular person, place, time). So the stereotypical 13 y/o girl and her interest in STEM is actually the target of a lot of research and policy efforts.
There's also a self-reinforcing aspect to this: heavily gender-coded places aren't typically presenting a welcome to people of the other gender. I read a academic paper on this in the last several years, but can't recall the experiment in detail or the citation. The implication is that a workspace festooned with seriously masculine widgets often tells many women that, "hey, man cave here. not so welcome".
For the interested person, the academic experiments are usually well done and their results, while not always surprising, clearly quantify certain sexist aspects in the tech world.
A minor scandal erupted when was noted that there were few women in the co-ed national league, and a huge about of effort was made to recruit female players. Every family wanted the prestige, fame, and fortune that came with having a daughter in the league. Male players wanted more females playing so it didn't feel like a damn sausagefest all the time, and to help with dating (for some odd reason, most male bounceyball players were surprisingly unattractive).
Eventually it was suggested that the problem lay upstream, so major efforts were made to recruit teenage girls for the middle and high school leagues, which were also coed.
However, for some reason this attempt also failed.Finally, an anonymous poster on the Internet noted that, as a broad generalization, taller bounceyball players were more suited to the game, scoring more points. Perhaps a gender difference in height was to blame, discouraging female players and hurting them in the draft. The poster tracked down these differences in height to a disparity in average male and female birth weights, and suggested that perhaps a cocktail of experimental prenatal hormones (primarily testosterone), continued until age 15, would do the trick.
The anonymous poster was promptly downvoted and the discussion turned to topics of sexism, discrimination, and cultural bias in the bounceyball leagues. Various horror stories were recounted by female bounceyball players and a new round of self-flagellation began among those in the industry.
At one point we had a female intern who was on a 8 month work term. 3 months into her workterm, the manager offered her a full-time position, not contingent on her graduation (she was in 3rd year and planned to return to complete school). Now I'm not anyone to judge, but I will say her performance wasn't particularly impressive, especially compared to other interns on the team, one of who (male) had already graduated, interned for a total of 20 months, and took on plenty of duties. 5 months into the workterm, she ended up wiping a ton of live data of a fairly important legacy application, effectively costing the company a few hundred k. A year later she's working there full-time as expected, but from what I understand, she didn't end up graduating anyways. The male intern worked on that team for 13ish months, then finally got full-time through a different team.All I will say is that this company is one of the tech giants.
I agree we need more females in the field, but like many other people have mentioned, lowering the hiring bar in an intentional effort to hire a female hacker isn't very helpful. The problem is we're not producing enough qualified women, and overcompensating to fix that is not a good long term solution. There are plenty of very talented female hackers, and we do need them, but we also need to fix the root of the problem, and not intentionally skewing hiring to meet level of acceptable gender diversity.
Women in the field also face other challenges, such as not being as vocal as males when it comes to promotions/raises, so it's common for them to have lower salaries than their male counterparts. There are lots of issues females face in this field, but let's look at fixing the root cause.
75% of the graduates with PhDs in psychology are women and the fields of fashion and ballet/dance are dominated by women by you never hear calls for more males to enter these fields.
IMHO, computer programming, like medicine are fields that one should not enter unless they have a passion for the field.
Autism research Simon Baron-Cohen speaks of the differences between male and female brains. Boys are 8 times more likely to be autistic than girls. Autism (and the related Aspergers) and very good at systemitizing but bad at empathisizing. Females are more likely to be empathizers than males. Of course there is overlap and some women are better at sytemitizing than some men and some men are better at empathizing than some women, but that 8:1 difference in Autism in boys over girls probably is an indication of the imbalance of boys over girls who are passionate about programming computers.
These are three on-line tests from Baron-Cohen that help determine your EQ and SQ (empathizing quotient and systemitizing quotient).
The quick program for Harvey Mudd seems to be1) Make the problems more practical in application (ie controlling a robot, modelling a disease) 2) Giving students choices in what problems they are interested in3) Segmenting students according to skill set, thus putting people who have been programming in another course that will match their pace better and allowing students who are more new to have their own pace.
I understand there is cultural bias, but systemic? There are more women attending and graduating college than men, they're more economically prosperous in their early twenties as well.
These initiatives will simply not work. Imagine "Men Nurse."
Many women SIMPLY do not code for the same reason many men do not code. Most of us were not exposed to the science as kids, hence step 1 is to make Programming mandatory. Note I say programming and not C.S.. I am an amateur programmer and I can say wit confidence that this is as fundamental as basic arithmetic. Full stop.
I frankly wish they shut down "Girls Who Code" entirely and all the likes. Instead we can put our efforts into teaching everyone to code: "We Code." Because once someone does something as simple as print (2+2)-(3-2) or print $first_name + $last_name or (my favorite) <html><h1>The Website of Me</h1><p>My name is Joanna. This is my first web page.<img src='..'></p></html>, once they do this, there is simply no going back for them.
The owner of this site appears to be a woman. Again, 20 males: http://www.bestcomputersciencedegrees.com/author/2admin/
And there is a preponderance of white males in the annals of computer history: http://inventors.about.com/library/blcoindex.htm
Even among software professionals, there is divergence in the types of roles women take vs. men. Search LinkedIn (3rd & everyone else) for SQA, and you get about 25% women. Search "Full Stack" and you get about 10% women.
Is this really YC's problem to solve?
Instead of turning Paul's comments into a blogosphere shitstorm, maybe we would all be better off staring the issue in the face and thinking about how each of us could help make a difference on this issue
How would you help a 13-year-old -- of either gender? -- get interested in programming?
Raspberry Pi? PyGame? Lego FIRST robotics? How can some of these initiatives be spread more widely to those who maybe don't have supportive family or communities to encourage their nerdy, high-school-pariah interest in tech?
More women than men graduate from college and women have flooded into traditionally male majors in the sciences. There are plenty of female biologists and doctors. But they have not penetrated the most mathy majors, like engineering or Math itself.
Maybe men and women aren't interchangeable cogs, and some combination of difference in interest and average ability will always mean that the way to get females into your tech company is by having a big non-software department.
In terms of current harmful perceptions that can be stamped out in the short-term...I think the belief that females aren't genetically cut out to be programmers is one. The "world's first computer programmer" was a woman and COBOL, of course, was invented by Grace Hopper. These women were pioneers in early computing at a time when women were still struggling to be recognized as equal citizens. To argue that women can't make it as hackers is like arguing, post-Jackie Robinson, that blacks can't develop professional baseball skills. The lack of women computer scientists and programmers today more likely point to institutional/cultural problems rather than genetic ones.
Yes: a 9-5 job mentality and a lack of emphasis on nerdy type hackers doing their thing.
I don't think it's any harder for me to learn stuff now at 28 than it was when I was 13. If anything, it's easier, because I have a much wider baseline of knowledge that I can use to reference things. For example, I learned set theory in high school => I can apply that to relational databases today.
I do know some people, both men and women, that sort of stopped learning new stuff in their twenties, and now they're pretty much stuck. They can't keep up with technology changes (e.g., how does the router work) and they don't have a good baseline for learning new stuff. Nor the will.
Free Ruby on Rails workshops [sf] for women and their friends
It's run by the same folks that run the SF Ruby meetup (the huge one)... they're neat, chill folks.
In fact, I think there is truth to what both sides say. On the pro AA side, it is true that women probably feel unwelcome in the tech industry. Even when men don't do anything consciously to exclude women, programming culture revolves around certain attitudes and mindsets that are associated with young men in our culture. E.g. being interested in science fiction, being obsessive about one's work and hobbies, . None of these things are strictly related to programming, and an excessive focus on them makes it harder for women (and minorities) to enter the field. The fact that male programmers are attracted to the minority of female programmers doesn't help with this feeling of unwelcomeness, in fact it adds to the awkwardness (although I think that most of this is completely innocent and could not be called harassment, and actual harassment is rarer in our industry than others).
On the anti-AA side, I think that women, due to reverse-discrimination and old fashion chivalry, are objectively advantaged in every field. Furthermore, some things that would seem to advantage men like long hours, stressful work, and being judged on results, are not bad or discriminatory in themselves. But they will tend to favor men over women because our society provides greater incentives for men to obtain money and positions of power. When people talk about work life balance, what they really mean is that the industry should stop providing people with an opportunity to advance their career by putting in extra time and effort.
Thank you for hearing my opinions on the issue, and I hope more people who oppose AA will answer the call to explain their viewpoints.
Motivated to do light "sys admin" work, but not coding, I guess.
(My comment, repeated from the other similar thread that got go superseded by this one)
The problem of getting anyone, young or adult, interested in a subject --any subject-- isn't one with a simple solution. Technical subjects have the added difficulty that they require you to use your brain in non-trivial ways.Given equal exposure to the subject matter, I fail to see how a male or female subject would react differently to the idea of learning that subject. This, of course, assuming that both the male and female subjects got to that moment in time with a similar educational and perhaps even cultural frame of reference.If a mother only ever bought a little girl frilly pink and shiny things, well, it is probably unlikely that as a teenage girl or an adult woman she would even remotely show interest in learning more technical subjects. She will probably be a dancer and go into the arts or some other less "brainy" occupation. That's not to say that there aren't exceptions to this, but they are probably few and far between.
The same is true of boys. If they are brought-up in front of a playstation, shooting at things, playing sports, and well outside of more academically focused areas he will probably grow up to be a jock and then move on to careers that do well when you use half your brain. Hell, he might even go into sales!Things are vastly different if you feed your kids a constant diet of what they should be learning in order to operate at a different level when they are older. My teenage son finished MIT's CS 6.00.1x course just a few weeks ago. That did not happen magically. That was a lot of work. For me and for him! And that also required a lot of work to get to the point where he could even be shoved into that end of the pool.
My little girl is too young to think about formal learning of these kinds of subject, but this year she got introduced to Lego robotics and is starting to like it. Yet, the situation is exactly the same: It requires a ton of time and dedication on my part --as the designated nerd at home-- to keep her exposed to such subjects and make it fun. I have to get silly while teaching something useful. I have to figure out ways to make robotics fun, silly, exciting and something she wants to do. We don't buy lots of silly frilly things for her. That said, I have to tell you, it is hard to fight both genetics and exposure to such things through her peers.
I guess my message is that parents needs to be very engaged and active in bringing up a child into the sciences and technology. It will not happen by osmosis. And, I really don't think gender makes a huge difference. It might change the approach, but I don't think it is the primary determinant of success or failure.One way I've explained this in the past to friends who marvel at what my kids are doing is that this is like a Formula 1 car drafting a car in front of them. You need to drive well and use a lot of effort to get close enough to be within the zone where drafting happens. Up until that point you are using a lot more energy to chase the car in front of you. Once you get into the drafting zone you need less power to maintain the same speed. Yet, you still need that foot solidly planted on the accelerator.
With kids you have to push, push, push. I have navigated through really frustrating moments when I've gotten angry because I couldn't understand why he (my oldest son) didn't just grab that book I bought for him and launched himself into software development nirvana. Of course, I always reflected upon these things and never externalized them --not much of a motivator to yell and scream at your kid about learning something-- and realized that (a) he is still young and (b) we are not in the "draft zone" yet. It'll take a lot more effort --and this is different from kid to kid-- to get him into the "draft zone". Once we reach that zone it will require a lot less energy on my part and, if interested, he will ultimately need virtually no support from me.
This is where I look at some of the things being said about STEM education and can't help but think we are just throwing money into a big bonfire. You can't force people into learning anything. A lot of my kid's friends are, well, jocks or exhibit no interest in anything at all. They are navigating through school with no guidance or encouragement in any direction whatsoever. You can't just throw money at that and expect things to change. For most kids it requires far more work than can be done during the time they are at school. Yes, of course, there are a few kids in every sample group that need almost zero work. These kids get hooked on a subject like programming and just go, go , go. Most kids are not like that. Just like most successful businesses did not get launched with a long coding session over a weekend while eating popcorn.
Going back to my little girl, she is not seriously exposed to Lego robotics. In fact, our living room table is an official FLL table with the official field mat and everything. Yes, we are serious about this. I'd rather have a learning environment in my living room than a fancy dinning room table.As far as why there aren't more women in tech today. I don't have the answer for that. I only know that when I was a teenager girls mostly did different stuff. Not because they were being forced away from tech, they simply showed no interest in what we were doing. My guess is that it all came from home. So, as our culture changes so will that aspect of things.
The second major component is that you not operate your service with direct knowledge of infringement. A simple way to illustrate this is that if you have a screenshot of your application being used to play Madonna tracks, you are obligated to hunt down those tracks and remove them yourself. If it can be shown that you purposefully don't do that, you can end up forfeiting safe-harbor.
You are probably happier in the long run for shutting this project down. While you clearly want to believe that you aren't infringing copyright, which is an admirable sentiment, you obviously aren't taking advantage of "fair use" by giving your users direct access to copyrighted music under your own branding.
I actually had a very similar experience when I was 18 as well. I decided to make a book search engine that would aggregate reviews from different sources across the web and provide a high quality, clean interface to quickly see information about a book and links to buy it on Amazon. The problem my service solved is that the Amazon interface is extremely ugly, and while I'm sure it is fine tuned for maximum sales it is definitely highly lacking in aesthetics and is cluttered with a lot of garbage. My goal was to create the cleanest, most minimal but extremely useful book search engine.
In retrospect my service was breaking many TOS because of the way it worked. When someone entered a book title or author name it would utilize Amazon API's to get information about relevant books that matched the query, then it would scrape book information from Amazon, Goodreads, Barnes and Nobles, and the New York Times sunday book review among other sources, then it would cache that scraped information in my own database for future reference.
I justified this to myself by thinking it was okay because I was remixing the information to generate my own summary pages that were cleaner and more useful, but the reality is that I was pretty much parasitizing these other services to build my own database.
At its peak my service had many GB's of scraped data from other sites and was getting about 5000 searches a day which was netting me about $500-$700 a month from commission on Amazon referrals sales. But after I started getting some press coverage in The Next Web, etc all the services that I was utilizing started sending me cease and desist notices. People used my site because it was cleaner and nicer than Amazon but Amazon didn't appreciate that I was scraping their content to build my own site so they cut off my API access and closed my Amazon Associate account.
In the end it was a wild six month ride in which I made a few thousand dollars but more importantly got tons of experience in coding a scalable site, and best of all I started getting a lot of job offers. At one point I was getting three or four job offers a month from different startups from the HN community.
Eventually I decided to settle down at one of them where I could continue developing my coding skills. Things turned out very well, and the ride of personal growth and discovery isn't over for me yet. Every day I get to code interesting things for my current startup company and this time its a legitimate business that isn't going to get shut down for stealing content.
Even though you probably feel very disappointed about having to shut down your service like I did when I had to shut down mine, you can be confident that with your skills things will turn out just fine for you, and a lot of interesting startup companies will probably be eager to employ you.
Actually, YouTube doesn't just passively sit around waiting for copyright holders to whack each mole one at a time; it has an incredibly sophisticated and powerful content-matching engine that does monitor what's being uploaded, and automatically checks new videos against a giant corpus of known copyrighted works.
There's a cool video about it here:
It's very cool you built this in HS. Let the whole thing be a good lesson in building apps and dealing with the law.
Let me know if you have any questions for me- hope the blog doesn't crash!
The idea was that you can blog about poker only if you are a licensed gambling company, and I was facing a fine of $2500-7000 (the blog had $0.00 income, and for the contrast, my parents were earning $1000/mo combined). It felt extremely unfair.
It scared the shit out of me. I had to go to the police station, didn't contact any lawyer, and wrote my 'explanation' telling that I was not making any money and did publish publicly available information and I am sorry.
After a month of sleepless nights, I got a letter saying that they decided not to take any further action and that's a warning. Well, it fucking warned me big time.
That was when I left emo and went to mathrock.
If they can't have a lawyer, send via certified mail (yes, snail mail) specifying the actual complaint, and the legal justification behind said complain, then just ignore them.
However, all that baggage aside, you kinda did create this website so people can share copyright infringing files. Did you really expect people to only share personal, non-copyrighted music? Come on.
Anyways. You should be proud of the work you've done though. It's not easy to follow through with an idea.
This is just crazy.
Your situation is unfortunate kiddo. If you had a couple million or a high powered law firm on retainer, I doubt you'd have ever received this letter. But keep up the good work!
Rephrased to be more accurate:
"I built a website where 99.9% of the value provided came from someone else's investment and work which I used without compensating them."
Granted, part of his legal counsel would be to determine whether or not what he was doing was legal or not. Obviously, he didn't want to test that out in front of a judge (who could blame him?), or against the RIAA's well paid lawyers.
But if you are going to build a business, even on what you believe is on firm legal grounds... you should have a legal team ready to back you up. Anyone can threaten you with anything in the US due to how tort law works. Only if you are willing to have your cases tested in actual courts will you have any protection at all.
The most important thing you should do is the thing that's most important to you. Be sure it's not defined by other people's opinions.
There will always be people in life like the guy who replied "While it is impressive to see another 15 year old programmer (I've never met one in real life even though I've been to three schools in two different countries (I'm a expat kid) ), the actual programming skill required to make games like these are little to none and truthfully i'm not overly impressed."
Ignore 'em and keep working.
EDIT: Oh, I should also mention: don't let the praise go to your head. Another mistake I made. In general, it's it's a bad idea to compare yourself to anyone else -- whether feeling smug and superior that you've accomplished all this at 15 (surprise, I know your secret!) or feeling weak and inferior that you're not as talented as some other person. They're not you, and you're not them. Relative comparisons like that don't matter one bit. Instead, it's far more advantageous to always be comparing your current self to your past self. That's how Carmack became so incredibly good, for example. He didn't wait for anyone to surpass him; he did it himself. That's only possible if you believe you're not as skilled as you could be, i.e. having no ego. Nor did he let people convince him he was wasting his time back when he was working on his early projects.
It's complicated. Just keep working.
When I was fifteen, I'm pretty sure my main accomplishment was hitting level 40 in Halo 2 matchmaking.
You will probably get lots of valid and actionable advice about branching out to new platforms, focusing on one or two apps, or trying something new -- but more than anything else, keep building things! You've clearly got a ridiculously high level of aptitude and passion.
OLD POST: Quality not quantity. While it is impressive to see another 15 year old programmer (I've never met one in real life even though I've been to three schools in two different countries (I'm a expat kid) ), the actual programming skill required to make games like these are little to none and truthfully i'm not overly impressed.
I too am 15 mind you and although I haven't developed any games I have created a RSA secure chatting social network website and app for it too which could communicate between each other using websockets and a node.JS server (this hasn't been published, while making it my partner quit :(, and I eventually lost hope that it would even be used since I was only 15).
I hope this doesn't come off as criticism. Its actually great to see another young programmer such as my self but all I am trying to say is that this is not overly impressing.
It's made without any programming using this app:https://www.scirra.com/
... still more games than i have done though :-P
But now on a more serious note, I'm about twice your age, so not too old to be screaming 'get of my lawn', but old enough to hopefully give you some advice that will resonate.
This projects mean an average of a game every two weeks, even if they are simple, I'm sure this is taking a lot of your time. I'm extrapolating here, so if I'm wrong just ignore me, but I'm assuming you are spending a lot of time doing these and not a lot of social activities. Please please please, do some socialisation with folks within the dev community and in your school and neighbourhood. I'm not going to say these are the best times of your life or whatnot, but believe it or not, when you are older and start looking for jobs, you will start understanding that social knowledge is as much, or more important that tech knowledge, and you will regret not developing those skills at younger age when it is easier to do so.
Again, good work, keep producing, but find some balance.
* You're averaging a product a fortnight. Whoa.
* You've learned to leverage 3rd party tools to increase productivity / output.
* You've learned to actually -ship- product.
* You made the front page of Hacker News.
All of that is incredibly valuable. Who cares if it isn't written in Java or Objective-C or Haskell or Erlang, so long as your customers love what you're making? (And if they don't love it, at least you now know what to improve on next!)
If you do follow the advice of taking longer to make a higher quality product, don't fall into the trap of becoming a perfectionist and never shipping. It's better to ship something and keep improving it based on customer feedback, than to make something that never sees the light of day.
Did you join onegameamonth.com? If not, you definitely should.
The people have criticizing opinions needs to remember that similar criticism will be given to you by your preceding generation (it may be on any achievement).
The people have motivating/amazement opinions needs to remember that "this seemingly amazing feet" is possible because of the exponential growth in technology and most importantly the exposure to it. If you had similar exposure to technology at your time, you could have achieved same thing.
So, lets appreciate the fact that this 15 year old is "utilizing" his exposure to technology and at the same time don't make him too proud of himself by using words like genius etc which inevitably leads more show-off than learning.
Great work and keep it up, OP! I wouldn't worry about co-founders just yet. Keep hacking till you find something you are really passionate about and a co-founder will join you when and if the time is right (probably a t least 3 years down the road for legal reasons)
It's neat that you've released so many apps this year. As others have noted, it looks like you're using some form of game creation engine to make these quickly. I'd encourage you to try to move away from that and learn what's actually happening behind the scenes. Doing this will allow you to make more complex and impressive games in the future. It'll also serve as a tremendous learning experience.
Also, it's really neat that you're young and doing incredible things, but I'd warn against relying on your age to impress people. Try to make things that are impressive regardless of who made them.
I'm one of the developers on a fairly popular game in the App Store (800,000+ downloads). If you're up to it, I'd like to chat with you more about what you're doing. Shoot me an email at firstname.lastname@example.org. I look forward to hearing from you!
Can't find the game anymore, but I had edited the chirppy sprite (http://i.imgur.com/ccSY4RE.png) to be holding and firing a bow.
I ended up getting a A- on my final for using assets that weren't mine. That's pretty small compared to the sort of things you could run into when you're actually putting this stuff on an app store.
I'd recommend toying around with a sprite editor and getting familiar with pixel art techniques like dithering. You might even enjoy it as much as coding!
Any experiences or tips on how to get 15 again in terms of productivity? :)
What you're learning from doing so many different things will serve you well in the future. Out of all of these different apps, one will either catch your attention, or others and you'll have a chance. Keep moving!
Continue to cultivate and live live in a mindset of creativity and possibility, and be wary of doubt worshippers/haters who are busy doing nothing :).
tl;Dr:I agree;don't brag and I don't like how people brag about how you've done so much as per your age group as if that would have limited you. I've done much more when I was in 6-7th grade yet I don't brag about it. on another note;congrats on your efforts and I urge you to continue to in your path.
My conclusion is I would encourage them to be more like this kid, but not actually force my will in the end.
Source: My own experiences as the 16-year old (breaking my own rule here for the first time) author of the solid programming language.
P.S. I'm not trying to be arrogant. I just don't want you to repeat my mistakes. Don't be afraid to do things that seem difficult: with research and a little elbow grease, you can accomplish anything, and nothing anyone says can take that away from you.
"Zombies have taken over Earth. It is up to you to defend yourself as long as you can. The zombies have an infectious touch that kills you in one touch. Watch out and beware!Currently does not support touch support."
(Not the grammar, but the irony that a game in which a zombie's touch kills you does not support touch. :P)
Learning a game engine and implementing it is not a trivial task so don't get discouraged by the people saying it's not a big deal.
The important thing now is to make progress with your skill. Do not become stagnant and be content with knowing the game engine. Start doing things from scratch and see where that takes you.
It made me want to get into programming to do games development, because I still think since UO / EQ, we haven't had a good MMORPG to date.
I ended up in application / web development instead :( got to pay the bills...
Nowadays you can get 100 users pretty easily just by releasing the game. 100 users back then was something I dreamed about reaching some day :)
Come on, we all started a piece of website/soft/app/gamemaker/whatever trending techno atm when we were 14/15/16.
That's undoubtedly worth these 140+pts.
What I would recommend is that instead of distributing your time and energy to this many apps, you should stick to one concept and channel all your time into it. I like the games, but they could use some improvement in concept and overall quality, which shouldn't be hard for you if you spend enough time on each and every one. Focusing on one app would allow you to spend enough time, and would help you succeed further in the Windows App Market :)
This deserves a dedicated blog post
I see your Minecraft and Mario games are "unavailable". I'm sure you'll keep creating your own IP in the future, like you did with the other 22 games instead of dealing with copyright and trademark infringement. Especially if you want to generate some revenue.
I am not a lawyer. But it will be much better for you to keep doing your own thing (like you did with most of your games), than to be taken down by lawyers working for people who's characters, names, or art you "re-purposed".
Wish you the best.
You think border means at the point you cross into another country.
That's not what it means. Government can now do this behavior a HUNDRED miles inland from a border. You could be just driving across town, to or from work, and they can use this border search law because you are a hundred miles from the border.
Oh and the border also includes the ocean, doesn't have to be another country.
100% of NY, NJ, Florida and half of Texas is subject to these searches as their state is blanketed by the hundred mile limit.
edited to correct hundred instead of hundreds, bad memory
This is in the middle of a discussion of carrying lawyer-client privileged documents over the border; the judge says you should have no expectation of privacy because other countries may conduct invasive searches too. As advice, it's hard to disagree, that's where we are now; but surely two wrongs don't make a right?
It would be obviously wrong for police to confiscate your money because you were walking towards a rough part of town where you might be robbed. Yet that is the kind of logic the judge applies here; he relaxes the responsibilities of the US govt by invoking hypothetical actions by others. The example he cites was not even a normal border shakedown, but a specific action that was signed off by a government minister; do unusual acts like this change expectations of privacy in the normal course of events?
"Since the founding of the republic, the federal government has held broad authority to conduct searches at the border to prevent the entry of dangerous people and goods. In the 21st century, the most dangerous contraband is often contained in laptop computers or other electronic devices, not on paper. This includes terrorist materials and despicable images of child pornography."
Judge Korman is quoting Michael Chertoff, Searches Are Legal, Essential, USA Today, July 16, 2008, at A10.
These policies have no legitimate reason to exist, and can perhaps only be explained by a combination of paranoia, ignorance, and incompetence. It would stand to reason that any terrorists or criminals foiled by these methods would tend to be of the exceedingly dumb variety.
I'm an Aussie. I have nothing to hide in terms of data on my computer, as far as I know. If I was flying to USA (as an example) tomorrow, I'd wipe my laptop and phone clean, put images on my server, and access them via SSH once I'm through the border... Why the hell do I need to do that?
Leave everything up and running on a desktop safely inside your own home and connected to the internet 24/7.
Bring your own barebones laptop with nothing installed on it to COUNTRY_PARANOID_OF_EVERYTHING.
Using X11 forwarding, one must only remember the password to their home desktop in order to gain full access to it and all of it's graphical programs.
It seems the only way now to keep secret data is :
- to be a top expert in security, be able to assess provenly secure software, have a whole chain of them and constantly keep track of what might have been compromised
- keep the data in a safe, never fly it, never come near a border, never connect to the internet
What would be the next step to make it worse now ?
(There's also the "travel loaner laptop pool" concept, and the restricted access for remote people. Works a lot better for an organization than for individuals; this would be kind of an interesting appliance or service for individual professionals and for SMBs.)
IANAL, but it makes me wonder if it is sufficient protection to have a password protected/encrypted device.
Are there actually exceptions to this?
The whole concept of "spend money so that our budget doesn't shrink next year" has go to be fixed also. I don't know a solution other than having more auditors and efficiency experts (GAO, gao.gov).
Would people flip out if there was a bill proposed to require all guns in the US to have a GPS tracker? Just an idea, I know it wouldn't fix all gun problems, but it might be prevent some gun thefts and murders. Of course, this data shouldn't be able to be accessed without a warrant.
Stings are slightly unfair and can sometimes catch dumb people who wouldn't otherwise commit the crime. On the other hand, if you purchase a gun without a license or attempt to hire a contract killer and it turns out to be a police officer you are in contact with, then that sting just save a life, which is good.
Preventing abuses of power is key. There should be adequate training at organizations on how and where to report abuses of power or potentially unethical behavior. Most of this is already in place, obviously more resources and oversight is needed constantly to ensure that the police are protecting citizens and not entrapping them or abusing their power for career advancement.
I go to my local gun store, which is actually a front for the ATF. In my mind, looks like a bunch of seedy characters, but i assume they're trustworthy because, natch, they have a license from the ATF.
I strike up a conversation with the bearded, scraggly guy behind the counter. What would I like? I don't know. How about a shotgun? As we talk, he talks more and more about "cool" guns. Perhaps sawed-off barrels, or big loads. At some point, we cross the line between talking about legal guns and illegal guns.
Now here's the thing: beats the shit out of me where we crossed that line. I'm trusting the guy behind the counter to be a reliable guide to what can be bought or sold. From the ATF standpoint, however, I am fully aware of the intricacies of firearm law and am now soliciting them to commit a crime.
A few months go by. Then the ATF comes knocking at my door with a warrant, a hi-res video, and I go to jail. Perhaps for many years.
Now we can argue whether they would actually prosecute or not, or what any sane prosecutor would ask for solicitation, but the fact of the matter is, in the ATF's view, I'm a hardened gun criminal. It'll go on my record, and this will become part of the intelligence files at ATF.
If you can't see what's wrong with this picture, you've lost your moral compass.
On another note, how can these tactics not be construed as entrapment?
It has become increasingly clear to me that the ills of the U.S. pogroms against some recreational drugs are due in no small part to the conversion of the criminal justice system to a for-profit industry. As long as the jobs and budgets are tied to the number of criminals processed rather than the peace and order produced, cop cadres will titrate the frequency and severity of their enforcement actions with the aim to ensure for themselves steady jobs and pensions.
There is a positive feedback loop in there somewhere that must be broken before it destroys the concept of justice completely.
The reality is this: Most of that money gets passed back to consumers via rewards, benefits and consumer protections.
It's not a tax so much as an incentive for consumers to keep using their cards. And so it is considerably harder to come up with an alternative that is appealing to merchants without taking anything away from consumers.
For example, the interchange on a Visa rewards card for a typical brick-and-mortar retailer is about 1.5 - 1.65%. (Processors mark that up, but that's the "wholesale" fee that goes to the card issuer.) But many rewards cards pay out at least 1% cashback, on top of other benefits. That leaves a much smaller margin to compete over.
And remember, a new competitive option faces massive rollout and adoption costs that the entrenched system does not. Even the acts of changing behavior, upgrading POS systems and training staff are adoption costs. So your new alternative has to offer significant benefits for both merchants and consumers. Significant enough to overcome adoption costs.
Oh, and there's one more thing: debit card interchange just got regulated down to almost nothing (0.05% + 21 cents) by the Durbin amendment. So there already is an alternative, low-fee option that merchants can steer consumers toward and that they already support fully. So that pretty much takes out the opportunity to offer a lower-fee, lower-consumer-benefit option. That already exists now.
That leaves what? A higher-consumer-benefit option? Why would merchants adopt that? A same-benefit option but at a lower cost? But how much lower would the cost be while still matching 1-2% cashback reward programs and whatnot?
But.. but.. LOOK AT ALL THAT MONEY. :-)
(Btw, the digital cash for micropayments and garage sales and whatnot does sound interesting to me. My criticism is limited to the project of competing with Visa/Mastercard/banks.)
Those two transactions will have associated costs. Exchanges take out trading fees and the market makers on the exchanges will want to see some profit as well (you will see this reflected in the bid/ask spread). The total cost for the transaction will be 2x the spread + exchange fees. People keep touting the 2.5% charge for using credit cards, but they don't compare it to a similar value for bitcoin. It clearly is not 0%. Exchange fees alone are can be something like 0.5%. If we double that (two conversions, remember) that's 1% just in exchange fees. Unfortunately, I don't have good numbers for bitcoin / dollar spreads because I don't watch that market very closely.
So we have 2.5% for credit cards and 1% + spread (unknown) for bitcoin. And with credit cards consumers at least get some protection in the case of fraud. Does anyone else have a better model for bitcoin transaction costs?
So let's not come at it from "credit cards and payments are a bloated gouging industry" I'm not buying that and it also is too merchant focused (vs consumers who really decide what a merchant will do in terms of payments) Now, there are some really interesting fringe cases that Chris touches upon that can open the door for Bitcoin. Micropayments are broken when it comes to credit cards. It's not the %, it that's "+ 30 cents" that is brutal. So Bitcoin could play a roll there. There are disbursements and marketplaces. I suspect TaskRabbit would probably like to have the ability to move money from buyers on their platforms to the TaskRabbiter's with a reduced payment friction than today. There might be 5% margin businesses (Chris' example sounds like the founder of Dwolla) that really are motivated to drive you to Bitcoin.
So what happens over time is Bitcoin focuses in on those areas where it has a strategic advantage over cards and ignores those where it doesn't. It uses that experience to become a legitimate, scaled set of payments rails. Solutions are implemented so that consumers are comfortable with using and paying with Bitcoin. Then at that 5 - 15 year mark it's ready to take on mainstream payments. Assuming issues like fraud and settlement and wild fluctuations are worked out.
EDIT: I am definitely thinking out loud and on the fly so am ok with some serious rebuttals.
Bitcoin includes two methods to pay miners for the infrastructure costs of running the network: mining rewards and transaction fees. The idea is to bootstrap the network off of mining rewards, and then switch to relying on transaction fees in the future, as Bitcoin reaches its limit of 21 million coins.
The problem is that mining rewards are currently very, very non-negligible, even if they're decreasing. In 2012, the Bitcoin supply increased by over thirty percent. In 2014 another 1.3 million Bitcoins will be minted and sold by miners to pay for the cost of operating the bitcoin network. At current prices, that's nearly a billion dollars.
As mining rewards continue to decrease, that billion dollars a year is going to need to be made up through transaction fees. Mastercard takes in less than 8 billion a year, so those transaction fees are probably going to be substantial.
If this continue to roll, same might be applied to many other areas I believe.
It is just my random fantasy at this moment, but why we will need enforcement, if we will have guarantied income in bitcoins and laws system built same way as bitcoin (i.e. opensource and agreed to use by most people) and law enforcement as a function of guaranteed income amount.... Just random thought.
or finally having AI which can exist on its own, buy components of its environment (i.e. machines, networks, etc)
I believe what is emerging right now as a Bitcoin is much wider phenomena than just a way to avoid pay taxes and inflation.
And as far the programmable money idea goes, I'd like to see more compelling applications than M of N transactions or escrow. The examples I've seen so far seem rather unexciting.
ed: Maybe cdixon's real point is that the technology behind bitcoin is disruptive to the financial industry? I can get behind this, and I'm waiting to see how the government-backed bitcoin clones fare.
Bitcoin has nothing backing it but an artificial supply limitation. That in itself is not a solution because its monetary base cannot possibly grow at the rate overall goods do, and thus have a stable price point.
In this paradigm, would you rather be holding US cash or bitcoins (or something else) if there was a political or economic crisis?
1) Is there a "reference value" in terms of how much transaction fee you have to pay to make a payment from one bitcoin/altcoin address to another?
2) Is there a "message" payload that would allow us to include JSON or transaction details? I've read that it costs a larger fee for more bytes in a transaction, so I'm assuming you can add whatever you want to the transaction.
3) When I last made a transaction with an altcoin , it got "split" to two addresses. One of these addresses was not my target receiving account nor an address that I owned. Does anyone know why this other address got coins? Does this happen in many/all cryptocurrencies?
4) If I made a payment gateway that created a unique address for every user to send payments to, would it be unreasonably expensive to collect all of these funds into a single address later? (N user payment accounts * 1 outbound transaction => Large Central Account/Wallet)
Credit cards are an outdated tool. They pass plain text data about a user to authorize a transaction allowing hackers to pull something off like the Target hack. One of the advantages of bitcoin is the ability to digitally authorize a transaction that cannot be reused. In an online marketplace it's far far easier to accept bitcoins than credit cards because you have no fraud risk, which is a HUGE problem in online retail.
I expect a lot of online retail stores to start accepting bitcoin payments at large discounts to cash just for this reason.
Will Bitcoin emerge as the predominant online currency of the 21st century? Who knows? But it'll solve a lot of hard problems, and as a result, something will.
By removing them and decentralizing the banking process by centralizing it into a third party (which could be many third parties), I think we'll allow anyone who wants to start a bank of any size to compete for marketshare with the big boys by providing better services.
And to me, the great thing is, that there is no real reason to hate it. There's not company of brand that you can hate, it's just people and ideas.
In other words, better wealth distribution? This is precisely what libertarians are fighting for, no?
Playing the devil's advocate here - couldn't this argument be turned around to say something like "Thats money that could be reinvested in banks which hire the best people to find the best and most efficient use of capital."? (as opposed to consumers or small business owners who can't)
If bitcoin intends to be a cash-like currency, the more apt fee comparison would be swiping ATM cards, which are much closer to 1% (rather than credit card fees of 2.5%+).
Anyway, Bitcoin may not save the world, but if it does anything like what this blog post says, it may very well save the Internet from the advertising platform it's become.
I stopped reading here.
However, according to this review, the new Mac Pro doesn't work with the new Dell 4K monitors (I don't consider 30Hz refresh as 'working'), and even with the 4K display that Apple sells, it only works at its native 3840 x 2160 at 60Hz. When choosing a 'Scaled' resolution, it renders blurry junk.
That is pretty disappointing (although I imagine it will be fixed at some point).
And that's probably generous - from the GPU analysis appears that the tested unit has D700's which bumps the price to $8299 - a configuration that isn't mentioned anywhere in the article. About the only thing left to upgrade on the test unit is the RAM to 64gb.
Since the article calls itself a review, it would be better if the review unit was accurately described. It seems to me there's a bit of bait and switch because the performance numbers presented are not for the $3000 or $4000 presented in the article's lead.
Apple, your stuff is mostly nice. Fix your product warranty and maybe I'll open my wallet.
On desktops though, I'm willing to put more effort into settling software update issues/device conflicts, since I probably have to do that anyway to write performance-optimized code (depends on the exact purpose of the desktop though, but I do a lot of scientific computing). So a Linux/Windows split boot on a generic PC usually wins out. I used to do a lot of PC gaming, but that's really less of a factor now.
Older workstations these days are a lot more affordable and can easily be upgraded. Most MACS you're stuck with what you get.
Case in point, I just purchased an HP 8400 workstation for a friend. $320 for a dual proc 2.6GHz quad core Xeon, 16GB RAM, Two 320GB SAS drives in RAID config and ATI Fire V7350 1GB video card. Sure its a pig and isn't the quietest PC in the room, but it completely shreds anything I could find in a retail setting.
three-year Mon-Fri 8-5 next business day, parts, labor and 24x7 phone support,
They come to me.
Edit: to all the naysayers: I'm in the UK. HP here is pretty good. We have over 200 machines on next day and we've had only two (!) problems and they were relating to part supply resulting in a quick purchase on Misco that arrived next day.
Note that the D700 specs match closely with the R9 280, 280X, or 290, cards which sell retail for $349 to $449 or so each (the Mac Pro has 2 of these in the 2x D700 config). See https://en.wikipedia.org/wiki/AMD_Radeon_Rx_200_Series . The 2048 shaders would match with the 2048 number for the 280X, I think (if I am reading the chart right).
The W7000 is the much more expensive "pro" version which has ECC RAM on the card and much less volume in terms of sales.
It's funny though, I remember as a kid, thinking how cool it was that you could have a backpack-able computer (the original Macintosh could be ordered with a padded backpack). Now at 11 lbs and not very large, you could almost do the same again!
But I don't want two high-end compute cards, and I suspect that many who are trying to convince themselves that they'll benefit from it will gain no value from it.
For many, many workloads, modern compute still represents an iffy proposition (at the price levels being talked about, the Xeon Phi would almost certainly represent a better proposition). With unified memory things might get more workable, but as is it remains a relatively fringe benefit, and it seems odd that the entire value proposition of the machine relies upon it.
He's basically dumbfounded by the current situation :-)
Anybody running Linux on Macbooks or Mac Pro? Does it work well?
My PC had the same price three years ago, but it has 5GHz CPU, 32GB RAM, 1TB on SSDs and 5 TB on spin HDDs.
Imagine every politician ever be forced to choose between the end of his career and opposing the NSA. How can we get out of this mess?
It brought some interesting information to my attention that I was not aware of (e.g. the porn habit blackmail scheme) - there have been so many articles about the leaks that despite them being important to me, I've made a conscious decision not to read them all.
I really like the quote (that I can't find a source on) that he "defected from the American government to the American people."
Edward Snowden is one of my heroes. This is something I find that I don't say very lightly or very often about anybody.
It is going to be very difficult to motivate people to change something... until a big part of population is starving I believe...
A bit of context. Please.
The U.S. has always overreacted to existential threats. In fact, that's the way the system is designed. If it has to fail, it fails towards a dictatorial president and overbearing laws -- which are removed by a frequently-elected and truly representative Congress as soon as the threat is gone. We've been going along like this for 240 years or so. There is nothing new about the abuse of power or removal of freedoms (unfortunately).
So what's changed? First, internet companies are tracking every freaking thing you do online. They figured out that the average Joe will give up his privacy for free email, and they're having a field day with it.
Governments trump companies, and since the data is already collected, every government on the planet is wanting a piece of that action.
Second, there is no ever-changing Congress looking to score points with the folks back home. Instead, there's a static political system that fears looking bad -- and it's grown a perpetual fear machine built up around terror that can make it look really bad.
Folks do this issue a great disservice when they focus only on the U.S., or only on the NSA. Look guys, if the U.S. and the NSA disappeared tomorrow, you'd have the same problems you have now -- you just wouldn't know so much about them. This has nothing specifically to do with them. (I'm not making excuses, only pleading for context).
The tech community brought this on themselves. We are the people to blame. The trade-off of tracking data for free stuff was too good to be true. In fact, instead of the tracking data being almost worthless to the average citizen, as it turns out this data is much too valuable to give up under any circumstances, at least in the aggregate. Until that leaky bucket is fixed somehow, nothing changes.
There are unperceivable powers that be. Possibly and even likely without what we consider morals. Bear with me. When you had enough wealth and can own or have anything, what's next? It's human nature.
It's especially interesting to note that there are few, if any, words in the entire essay that he didn't edit multiple times. A lot of times when you read something as well-written as PGs essays you get the feeling that the person writing them just sits down and hammers out brilliance. But in reality, at least in the case of PG - and I would venture a guess that most great authors are similar - greatness comes through sweat and repetition more than raw talent, until eventually that thing becomes second nature - or does it ever? I would kill to watch some of the great authors of all-time (a la Shakespeare, Hugo, Dickens etc.) write in real-time - it would be fascinating to know what their process was like.
Good to know I'm not alone. The more I read HN the more I find people, who are successful in their field and have the same behaviors as me. It's relaxing :-)
Script is a Linux utility which makes a typescript of a terminal session. Traditionally this was mostly of use for shell sessions which didn't involve full-screen (ncurses) utilities, as the cursor-movement characters would typically present a jumbled mash on your screen.
Using the '-t' (or '--timing') arguments sends timing between movements to stderr, or the specified file. With this, you can then replay a typescript file, with the timing information, to show what was actually presented on screen. An optional argument varies the replay speed.
I've made use of this to log and replay serial console activity (available on most servers through IPMI or related hands-off / lights-out management tools), which can be both instructive and helpful in documenting steps.
Further fun may be had by playing the output of scriptreplay through the phosphor(6x) X11 screensaver hack.
Or anyone else's
1) Cultural attitude of "eh, war is not so bad and higher tech means we'll be home by xmas". See franco-prussian war and the most recent "world war" being Napoleon's activities in the decade after the revolution a century ago. I'm not seeing much warmongering as a cultural phenomena. Of course that can change quickly, 90% of everything Americans see is from 5 media companies or whatever, so they can turn on a dime.
2) Germany surrounded by rapidly growing and arming enemies and no allies but Austria, paranoid lash out. But can you blame them? China surrounded by, um, Japan on one side? Is NK threatening to invade? Who exactly is supposed to invade China next decade if they don't invade today? Why would they be paranoid? Yes, maybe NK could try this scheme, but...
3) The root cause of the war being the ottoman empire decaying and almost dead and everyone wanted a lucrative piece of it. (edited to add, and no one wanted a competitor to get a piece of it, and willing to go to war to prevent it) Incredible trade opportunity. Maybe if you put the American Empire in its place and position this in the latter half of the 2000s century and starving people want our rice/corn? Anyway the sick man of Europe lead to crazy allegiance switching in the years prior to WWI.
4) The article skipped several points WRT the German/British alliance thing, Germany was a continental Army power and the UK had a spectacular navy. One nutcase admiral on the German side got them all into navy building leading to disaster WRT the natural alliance. Other than the crazy admiral (Tirpitz?) they were natural allies and their royalty were related, something crazy close like the Kaiser was Queen Victoria's grandson or something. Aside from the obvious trade issue that was brought up.
5) The dangers of multiculturalism. Austrian Empire was a multicultural nightmare basically think conditions in modern Iraq, no majority and everyone hates everyone and the only thing holding it together is a strong empire. Then the independent Serbians start going nuts so to prevent revolution spreading into their own empire the Austrian's fight the Serbians and the game is on. So, uh, who is the nervous feeling multicultural empire with the neighbor in revolution? Gonna try for USA again? Maybe with a .MX revolution next door? I think this is stretching it.
6) Speaking of revolution, Russia was falling apart internally and didn't do so well externally against the Japanese but holy cow do they have resources and manpower, so what better external distraction than a war? Again, I'm just not seeing it. Another allusion to the USA?
7) Who plays the part of Italy? Decades of "we're your ally" "nope just kidding". Another allusion to the USA maybe WRT having Japan's back?
Note if you have the USA play all the parts of WWI then its not much of a WWI anymore, is it?
In groups men are by nature irrational not rational, there is nothing inconsistent with the old quote about WWI being impossible because its obviously futile, yet they had a war anyway. I'm sure WW3 would be completely futile, we'll still have it anyway, but I don't think it'll be this decade and USA vs China or whatever.
However, countries more open to global trade have a higher probability of war because multilateral trade openness decreases bilateral dependence to any given country.
Using a theoretically-based econometric model, we test our predictions on a large dataset of military conflicts in the period 1948-2001. We find strong evidence for the contrasting effects of bilateral and multilateral trade. Our empirical results also confirm our theoretical prediction that multilateral trade openness increases more the probability of war between proximate countries. This may explain why military conflicts have become more localized and less global over time.
But I've always strongly thought the "globalisation will make war unthinkable" argument is naive. We're tribal creatures -Nationalism trumps economic interest at the end of the day. History shows this to be true.
As the author hinted at - Russia, Germany, Britain, Belgium, and France were each other's biggest trading partners - by far! Heck, a Belgium company built both the Belgium fortifications... and the German artillery that eventually breached them!
Nowadays, the entire world is trading... but Europe in 1914 was a good example of this principle applying continent-wide.
Convince society the other side is evil and a threat; dismiss and degenerate the peace-mongers as unpatriotic... and economic interest be damned.
On the other hand, as the article says, people in 1914 were making similar claims about the interdependence of their economies and their new technologies.
Still, it's quite a different situation.
I wonder about the next 10 years or so and whether the US will rebound and China will finally face challenges they can't simply overcome via spending.
An article about WWs in the Economist should talk about economic data, about banks burning and destroying the savings of decades of the work of the people. They need to talk about Oligopolies, about Roosevelt(Teddy) trying to do something about that , but at the end the biggest of all(the Fed) being created in 1913.
They need to talk about Africa and middle East, and India colonies and commerce at the time.
But this has a problem: It is not as easy as "blame the Germans!"
"The second precaution that would make the world safer is a more active American foreign policy. "
Oh yeah, again.
"Barack Obama has pulled back in the Middle Eastwitness his unwillingness to use force in Syria. "
Wow, this is the better line of all. If something Syria has shown us is the willingness of US to use force in Syria, only being stopped by China and Russia.
"But unless America behaves as a leader and the guarantor of the world order, it will be inviting regional powers to test their strength by bullying neighbouring countries."
Today the US is the biggest bully of all. If any parallelism is to be extracted from WWs to today is countries like China behaving like the US of the past, as creditors of the world, while the rest of the world overspends and get in as many wars as possible to protect their turf.
I guess the biggest potential problem would be China, but do they really have any allies for their side that would cause a "world war"? Seems to me like if they started anything, then it would be them against the entire west, and as long as we don't feel compelled to invade them, they don't have a lot of power eh can project.
The internet has destroyed the traditional news media's ability to set the political and social discourse and thus agenda. The NYT and ABC, NBC, CBS are no longer able to set the political and social agenda, like everyone else they are following the internet. Recall that the recent 60 Minutes puff job on the NSA (and secondarily a hit piece on Snowden) fell flat and was generally panned by independent voices on the internet. This gambit was telling in that the powers that be are still playing by the old playbook. 25 years ago this 60 Minutes "news" report would have ended the discussion.
To echo the point of the Economist article, this is a dangerous time and nuclear war is one very real possibility. We are living in the middle of the greatest social revolution in the history of mankind, since the invention of the printing press 500 years ago, and nobody can really say how it will play out.
Read this article by Clay Shirky from 2009 for a better explanation;
Really unfortunate pairing.
(Really the sexing up of war is pretty distasteful under any circumstances but this just takes the cake.)
It looks more like an ritualistic show fight you sometimes see in the animal kingdom than an eve of war.
For that matter I am quite glad that they are not rattling their sabers about Taiwan...
Nothing about the disputed island would be worth even a very small scale war, much less the risk of a bigger one. There's just no profit in it. On the other hand, battles about islands (like the Falklands War) tend to cost a lot less lives, especially civilian, than any land-based war.
No, this is more about China trying to harness nationalistic emotions on the one hand and their "opponents" not wanting to present China with an opportunity for actually profitable wars or threats.
If for example the US and Japan would back down, China might "negotiate" the annexation of Taiwan in the near future, which would be profitable. There have been rumors of such attempts already, and China's military buildup makes this ever more realistic.
"Once you've registered, you can read up to three articles each week."
pretty sure I've not been to economist.com in a while. :/