hacker news with inline top comments    .. more ..    19 Apr 2014 Best
home   ask   best   5 years ago   
How we got read access on Googles production servers detectify.com
1101 points by detectify  7 days ago   192 comments top 25
mixmax 7 days ago 5 replies      
In large production environments it's almost impossible to avoid bugs - and some of them are going to be nasty. What sets great and security conscious companies apart from the rest is how they deal with them.

This is an examplary response from google. They respond promptly (with humor no less) and thank the guys that found the bug. Then they proceeded to pay out a bounty of $10.000.

Well done google.

numair 7 days ago 6 replies      
... And this is why you want to discontinue products and services your engineers can't be motivated to maintain. Amazing.

This should scare anyone who has ever left an old side project running; I could see a lot of companies doing a product/service portfolio review based on this as a case study.

msantos 7 days ago 0 replies      
A few webcrawlers[1] out there follow HTTP redirect headers and ignore the change in schemas (this method is different of OP's but achieves the same goal).

So anyone can create a trap link such as

    <a href="file:///etc/passwd">gold</a>

   <a href="trap.html">trap</a> 
once trap.html is requested the server issues a header "Location: file:///etc/passwd"

Then it's just a matter of seat and wait for the result to show up wherever that spider shows its indexed results.

[1] https://github.com/scrapy/scrapy/issues/457

raverbashing 7 days ago 5 replies      
This is another reason not to use XML, plain and simple

It's too much hidden power in the hands of those who don't know what they're doing (loading external entities pointed in an XML automatically? what kind of joke is that?)

chmars 7 days ago 3 replies      
The guys behind this report have an interesting pricing model: Pay what you want!


The pricing models has apparently worked so far. Are any active users of Detectify here and can share their experience?

cheald 7 days ago 1 reply      
XML legitimately scares me. The number of scary, twisted things it can do make me shudder every time I write code to parse some XML from anywhere - it just feels like a giant timebomb waiting to happen.
halflings 7 days ago 1 reply      
I hope it doesn't get unnoticed that the guys who discovered this vulnerability created a really great product, Detectify :


They also discovered vulnerabilities in many big websites (dropbox, facebook, mega, ...). Their blog also has many great write-ups : http://blog.detectify.com/

njharman 7 days ago 0 replies      
take away: XML should not be used (at least as user input). It is too powerful, too big. It is much too hard and expensive to test and validate.

Input from potentially malicious users should be in the simplest, least powerful of formats. No logic, no programability, strictly data.

I'm putting "using XML for user input" in same bucket as "rolling your own crypto/security system". That is you're gonna do it wrong, so don't do it.

raesene3 7 days ago 3 replies      
Interesting to see this hit big companies like google. The problem, I think, stems from the idea that most people treat XML parsers as a "black box" and don't enquire too closely as to all the functionality that they support.

Reading the spec. which led to the implementations, can often reveal interesting things, like support for external entities..

dantiberian 7 days ago 1 reply      
Very cool hack. Is $10,000 around the top end of what Google will pay out? This seems like quite a serious bug as far as they go.
plq 7 days ago 0 replies      
For those who'd like to know more about xml-related attack vectors, here's a nice summary: https://pypi.python.org/pypi/defusedxml
enscr 7 days ago 4 replies      
Is there a startup that can help automate custom attacks on websites? Like guide the webmaster to look for holes in their setup. I'm guessing some security expert can do a good job educating new businesses on how to prepare for the big bad world.
mwcampbell 6 days ago 0 replies      
I'm surprised nobody has mentioned containers, e.g. Docker, as a way of limiting the damage from this kind of bug. In a container whose only purpose is to run the application, /etc/passwd should be as uninteresting as:

    root:x:0:0:root:/:/bin/sh    bin:x:1:1:bin:/dev/null:/sbin/nologin    nobody:x:99:99:nobody:/dev/null:/sbin/nologin    app:x:100:100:app:/app:/bin/sh

peterkelly 7 days ago 1 reply      
I never understood why internal or external entities were included in XML. Can anyone explain what useful purpose they serve?
kirab 7 days ago 1 reply      
I think they couldnt read /etc/shadow, so its not that bad at first. But then they could surely access some configuration file of the application itself, probably containing DB creds and of course more information which helps to find more vulns.
antocv 7 days ago 4 replies      
So, when you have read access to googles prod servers, what else would be fun to do besides reading /etc/passwd ?

Getting the source?

ajsharp 7 days ago 0 replies      
Cheers to google for properly compensating these guys for their findings.
yummybear 7 days ago 0 replies      
You should be aware that pixilating or blurring screenshots are likely not sufficient to ensure that the contents are unrecoverable.
h1ccup 7 days ago 0 replies      
Well done. I had to deal with some similar issues with my own project, and they weren't legacy code either. This should push me to go through some of my code again.
NicoJuicy 7 days ago 0 replies      
Offtopic: the reply was generated with Google's internal meme generator, i read about it here : https://plus.google.com/+ColinMcMillen/posts/D7gfxe4bU7o

Actually digged it when i read it a few years ago and awesome knowing that it was probably used for this reply :)

NicoJuicy 7 days ago 0 replies      
A job well done. This is actually impressive and quite interesting to see after what you are searching for (afterwards it seems logical :))
pearjuice 7 days ago 0 replies      
That must have been be a nasty call from Sergey to NSA head quarters earlier this week.

"Sir, I am sorry to inform you that another backdoor has been found. We will introduce two more as agreed upon in our service level agreement."

sebban_ 7 days ago 0 replies      
Awesome work! The bounty is a bit low though.
blueskin_ 7 days ago 0 replies      
I wonder how many of the blurred entries were NSA.
4ad 7 days ago 20 replies      
Just $10k?

This sells for at least 10 times more on the black market. Why would one rationally chose to "sell" this to google instead of the black market.

Some people don't break the law because they are afraid to get caught, but I like to believe that most people don't break the law because of the moral aspect. To me at least, selling this on the black market poses no moral questions, so, leaving aside "I'm afraid to get caught", why would one not sell this on the black market? Simple economic analysis.

Very serious question.

SFs Housing Crisis Explained techcrunch.com
619 points by minimaxir  3 days ago   462 comments top 45
gojomo 3 days ago 8 replies      
This piece is very perceptive in portraying Prop 13 property-tax caps and rent-control as sibling policies, each feeding destructive "I've got mine" politics. They both bribe incumbent owners/renters/voters with an economically valuable seniority privilege, at the expense of the future and flexibility. Children and young adults suffer the most: they move the most, and none have the benefit of paying frozen base rates established 20-30 years ago.

I wonder if both rent-control and prop-tax-caps could be knocked down in an equal-protection lawsuit. Why does the person who moved in yesterday, perhaps far needier than the longer-term resident/owner (and just as deserving of basic civic services) have to pay so much more? Is duration-of-residence a legitimate basis for such strong civic discrimination rooted in law?

selmnoo 3 days ago 7 replies      
Very interesting, that Piketty's "Capital in the 21st Century" is introduced in this article:

A lot of other VCs and founders are also digesting Thomas Pikettys new book, Capital in the 21st Century. With more than 200 years of data, it chronicles an inexorable rise in inequality that was punctuated in the middle of the 20th century by the Great Depression and World War II followed by 30 years of evenly-spread prosperity. Ultimately, it advocates a globally-coordinated tax on wealth.

I know that it's taboo on HN to get overly political, but I think because of Piketty's work we should talk about it (particularly, because Piketty's new piece is so groundbreaking [1] and incredibly well-backed with data). What do you guys think of his "global wealth tax" -- tax on capital (including real property), in the context of the new SV riches?

[1]: The book is being received as "the most important economiscs text of the decade" by a lot of high-placed economists, etc.: http://en.wikipedia.org/wiki/Capital_in_the_Twenty-First_Cen...

100k 3 days ago 4 replies      
This is by far the most comprehensive overview of the Bay Area's messed up development priorities I've seen in one place. Kim-Mai Cutler does a great job stringing all the threads of the housing crisis together.

I don't think San Francisco can build its way out of outrageous rents alone. The other cities in the Bay Area need to step up and provide the type of urban housing close to transit that people want. No more surface parking lots next to train stations.

malandrew 3 days ago 3 replies      
I wonder if SF could experience some tech detroitification in about 10-20 years, or possibly sooner.

As a tech worker here, I and others engineers I know are becoming disenfranchised with the housing prices around here to the point that I'm casually exploring where I might want to move next in 4 years or so if this situation doesn't reverse itself.

With the number of engineers all feeling the same, it's possible to find enough people to willing to be a co-founder and move to a much cheaper part of the world during the formative months/years when your company is pre-profit. Take Silicon Valley investing connections, a mobile workforce, rising housing prices and you basically have a confluence of forces that will accelerate a diaspora of engineers to more places in the world without necessarily giving up on the tech community that makes SF so desirable. Once decent sizeable tech communities show up in more places, the greater the likelihood that engineers in the Bay Area look around and tell themselves "This just isn't worth it. I'm paying a premium to be around colleagues, but now my colleagues are everywhere and it's just not worth it anymore."

At the end of the day every engineer without rent control is going to face a financial decision once a year when rents are raised that could make moving elsewhere more attractive. What's the point of improving at your job and earning raises when most of your raise ends up going into your landlord's pocket. Do that 2-3 times and you are either going to look into someway of getting into rent control unit or you're going to start considering other options elsewhere.

All you really need to stay in the area for is to create a solid enough professional network that you'll gain access to the smart capital in the region. Once you have that, you can go anywhere since investors will know you, what you're capable of and that investing in you and your business is a good idea. If this happens often enough, you're going to start to see more VCs comfortable with this approach that they'll be able to tell offer job candidates coming through the VC hiring offices positions in portfolio companies located in places that might be more desirable to a tech worker than SF.

I stay in SF because some of the most interesting tech jobs are here. Once that is no longer a valid assumption and my professional network is sufficiently geographically distributed, I no longer have anything tying me solely to San Francisco.

I can't count the number of conversations I've had with other engineers about thinking about moving to Berlin or Portland or even trying to set up shop in some cheap remote paradise where we would have the financial liberty to invite friends to come out and hang out in a guest room for weeks to months at a time so long as they pay the airfare and living arrangements. Top places on my list when I entertain ideas like this are small beach towns along the Northeast of Brazil. I'm often amazed at how many of my engineer friends are onboard with this ideas, more than willing to exchange San Francisco so long as they know they will have engineering peers and interesting engineering problems to solve in some other locale.

Even the cultural attractions that made San Francisco awesome have been co-opted by the hipster culture and gone mainstream enough that SF no longer has the strong lead on novel cultural innovations that it once had.

    "It's an odd thing, but anyone who disappears is said to be     seen in San Francisco. It must be a delightful city and     possess all the attractions of the next world"    -- Oscar Wilde
All the attractions of the next world are starting to crop up everywhere more and more and here in SF less and less. Eventually the barrier to going elsewhere and still working on fun engineering problems will be easily surmountable.

forgottenpass 3 days ago 0 replies      
>Today, the tech industry is apparently on track to destroy one of the worlds most valuable cultural treasures, San Francisco, by pushing out the diverse people who have helped create it. At least thats the story youve read in hundreds of articles lately.

>It doesnt have to be this way. But everyone who lives in the Bay Area today needs to accept responsibility for making changes where they live so that everyone who wants to be here, can.

I don't know if drastically changing the housing landscape of SF will destroy the culture that made everyone want into the city in the first place, but asserting that it won't is just as tenuous as asserting it will.

All I ever see is rationalization that it won't, because the tech community takes it as axiomatic that they must pile into the city. By debating the conclusion we are tricked into accepting the form.

For example: "But everyone who lives in the Bay Area today needs to accept responsibility for making changes"

That's a lot of people. Including ones hostile to your goals. You would need to get a smaller and friendlier set of people on board to make a slightly-more geographically disperse tech scene work in the Bay Area. The self-fulfilling business "common sense" about SF is much more momentum than sense.

flomo 3 days ago 2 replies      
I think this quote really nails the mentality in the city:

> As political scientist and longtime San Francisco observer Richard DeLeon puts it:

San Francisco has emerged as a semi-sovereign city a city that imposes as many limits on capital as capital imposes on it. Mislabeled by some detractors as socialist or radical in the Marxist tradition, San Franciscos progressivism is concerned with consumption more than production, residence more than workplace, meaning more than materialism, community empowerment more than class struggle. Its first priority is not revolution but protection protection of the citys environment, architectural heritage, neighborhoods, diversity, and overall quality of life from the radical transformations of turbulent American capitalism.

tedsanders 3 days ago 1 reply      
For another great take on the housing crisis in SF and elsewhere, I recommend a book that I first heard about on Hacker News, Matt Yglesias's The Rent is Too Damn High: http://www.amazon.com/The-Rent-Too-Damn-High-ebook/dp/B0078X...

The over-regulation of home building by cities is an issue not really on the public's radar, unfortunately.

atgreen 3 days ago 0 replies      
I love the Mountain View burrowing owl reference. Here's a '96 usenet news article I posted about the endangered burrowing owls I would bike past every day in Mountain View. It just happened to be right where SGI was about to build their new HQ, and is now the heart of the Google campus. I had just moved to Silicon Valley from Canada when I posted this....


kijin 3 days ago 8 replies      
Just pack up and leave the damn place already.

Sorry to be blunt, but that's how "supply and demand" is really supposed to work. If Seattle supplies the same quality of housing for half the cost of San Francisco, buyers/renters should flock to Seattle, thereby reducing demand in SF and eventually causing SF housing prices to come down until the market finds an equilibrium. Trying to lobby for "below-market-price" housing is always going to be a losing game; the only long-term solution is to make the market price lower.

Unfortunately, competition among cities to attract residents is not like competition in other industries. A lot of people are stuck in a relatively small geographical area their whole lives due to employment, their children's education, various kinds of emotional attachment, and the sheer difficulty of uprooting themselves from a familiar neighborhood. This creates a captive market, severely limiting the effectiveness of inter-city competition. And of course, whenever there's a captive market, there's somebody who profits from it. In the case of SF's housing market, entrenched neighborhood groups and "below-market-price" renters enjoy benefits at the expense of newcomers to the city. Perhaps they actually deserve those benefits. Still, it's unfair to everyone else.

But there's one group of people who can afford not to be bound by the usual excuses that keep people stuck in a captive market. That's us, the techies. We don't need to be in any particular city in order to write code. Most of us are young and don't have kids. Few of us have any "root" in the Bay Area, so we couldn't care less about being uprooted [1]. There is no reason for us to be a part of San Fran's captive housing market. We can pack up and leave, all 8% of us if possible. That would be "supply and demand" doing its work.

Of course, there are a few problems with this proposal, including the fact that there really is such a thing as social networking of the offline kind. The Bay Area undoubtedly has one of the best tech "scenes" in the world. But I see it as a problem that needs to be fixed, not merely an advantage that we're free to exploit. HN, for example, requires everyone to move to the Bay Area, perhaps for a good reason. But in doing so, they directly contribute to, and exacerbate, the hideous distortion of the Bay Area's housing market. It's like mandating that everyone meet at a particular Starbucks. It makes sense when everyone you want to meet is already a regular of that Starbucks, but when the manager of Starbucks begins to take advantage of its captive clientele, you should seriously start considering an alternative.

Remember, the only vote that the market respects is a vote with your feet, i.e. a realistic threat to do business with a competitor.

[1] Disclaimer: I've lived in at least seven different cities in three continents, and harbor no particular emotional attachment to any of them. Apparently I'm incapable of developing an emotional attachment to geographical coordinates. But I must confess that I kinda like it that way.

205guy 2 days ago 1 reply      
I haven't finished reading all the comments, but here's my take on the article:

Great for mentioning the prop13-rentcontrol duality, a lot of people conveniently forget one side or the other.

Great for delving into the politics of it all, including the neighborhood associations.

Not-so-great: it was touched on but not really elaborated: why the peninsula (Palo Alto, Mountain View, Cupertino, the heart of SV) are not densifying to provide housing for the corporations they have. Some of the downtowns are very desireable, but still full of single-family homes. Some of the commercial space could be built up with housing over the businesses, and then these towns would develop even more character. I think the tech industry got a free-ride (heh) in building huge campuses in towns that have little residential growth (and even the towns' resistance to growth is mentioned). Google, Apple, etc, should be pushing on Mountain View to build 10,000 residential unites in the area. It's happening a tiny bit, but not nearly as fast as the companies are expanding.

Most people don't choose 1-hour 40-mile commutes if they can avoid them. But the corporate buses make that commute feasible. I actually wonder if bus transport is reported by the employees as income for taxation purposes, and if not why?

Finally, this issue really seems to stem from regional politics. SF has to compete with suburbs on tax breaks to companies, yet the suburbs can offload all the residential problems to the city. Seems like there should be state-wide rules that make this fairer.

dnr 3 days ago 0 replies      
Finally, an article on the situation that puts an accurate (i.e. large) amount of the blame on the cities of the peninsula and south bay.

Also, prop 13 is the worst thing ever. Reading that section was really depressing.

capkutay 3 days ago 0 replies      
I think that SF's proud antiquity is coming back to bite it. The older generations fought against development for decades, now the demand for property is so high they can't afford to live here anymore.
Houshalter 3 days ago 1 reply      
That was a very long but very good article.

I still don't get protests over evictions or for rent control. They are literally forcing the landlord to subsidize their cost of living. But why make only landlords pay for the subsidy? Why not tax everyone? I'm ok with income redistribution, but not when it is done so inefficiently and at the expense of a specific group.

cft 3 days ago 3 replies      
I think building more upscale condos/housing will attract even more money, and there will be a positive feedback loop, so the housing will become even more expensive. This can be observed in Manhattan.
timr 3 days ago 0 replies      
"But in places where zoning regulations create artificial limits on home production, the final prices to home buyers jump far above construction costs. In the 1980s and 1990s, they found that virtually all of San Franciscos home prices were at least 140 percent above base construction costs."

The papers she's citing here exclude apartments from the analysis. They're talking about single-family homes:


"The housing price data used in this paper to create the relationship between home prices and construction cost comes from the American Housing Survey (AHS). We focus onobservations of single unit residences that are owner occupied, and exclude condominiums and cooperative units in buildings with multiple units even if they are owned"

Probably not incredibly relevant to a discussion of rental prices.

melindajb 3 days ago 0 replies      
As a 12 year plus SF Resident, married to a native San Franciscan, who has both rented and now owns property, and who follows local politics closely; I can report this is one of the most complete, articulate, and accurate summaries of the situation I've ever read.

Please encourage others to read this.

CmonDev 3 days ago 0 replies      
"... one of the worlds most valuable cultural treasures, San Francisco..." - oh, Americans :).
overgryphon 3 days ago 0 replies      
A lot of the tech employees that are being protested are young, single, and much more willing to move for economic reasons than families. The ability to buy a house in the future, not deal with protesters, and probably make more money overall in a city with lower rents is pretty enticing. Silicon Valley has a lot of tech companies, but now Seattle and Austin do too- not as many, but growing. At some point the hatred misdirected at tech employees could result in San Francisco suffering from less tech investment than other more stable cities.
tizzdogg 3 days ago 1 reply      
One thing the article doesnt really touch on is how rent control, as well as San Francisco's many other pro-tenant laws, actually incentivizes landlords to keep rental units off the market. It's basically impossible to evict bad tenants in San Francisco for reasons other than non-payment of rent. I'm not a real estate lawyer, but my impression is it can take years and tons of legal fees to get a bad tenant out, even for reasons that in most other cities would be easy cause for eviction.

I personally know a lot of mom-and-pop landlords with vacant rental units who cant be bothered to rent them, because dealing with bad tenants in SF is such a pain. These are middle-class people who bought multiple-unit buildings 20 or 30 years ago when it was affordable and dont need the rental income, and dont want the hassle. I would guess that there are thousands of units like this across the city.

lsiebert 3 days ago 2 replies      
One of the things the article addresses is the fact that other communities need to build affordable housing, not just SF.

I for one am going to speak to some local political figures. If you live in any city in the SF bay area, you may as well do the same. Write a letter. Express your interest in the creation of apartments in the city. Because if you build housing in the area, people will live there.

lstamour 2 days ago 1 reply      
Am I the only one who thought 6,000 new homes was an extremely low number?

Maybe. Here in Toronto, we've had a rough average of 35,000 new homes each year. I'm used to seeing new buildings and cranes all over town. It's not a boom town, but I've yet to hear of a shortage either...

And Toronto's population is roughly 3.1x that of San Francisco, but it's held steady for roughly the last decade at least. 35/6 is 5.8x less, and given the population growth in SF, the number of new builds should be at least double; 12k perhaps.

Equally funny, Toronto also had a freeway revolt and succeeded. So we have a relatively livable downtown, plus growth. Go figure. Some corridors in Toronto are nothing but skyscrapers. Height restrictions do exist, but are raised on a case-by-case basis (e.g. public art, parks can help negotiate). Even areas that fought expressways, while mostly single-dwelling, have allowed high rises along nearby major streets.

That said, we're still trying to make plans to destroy the Gardiner Expressway, our Embarcadero it seems.

Pro_bity 3 days ago 0 replies      
This is the best TechCrunch article ever written. I wish they let their journalist spend more time doing well researched pieces like this.
danols 3 days ago 0 replies      
"one of the worlds most valuable cultural treasures"Travel much outside of the US?
rwmj 3 days ago 5 replies      
The whole thing is ludicrous. Why can't tech workers work from home, from anywhere in the world?
blaurenceclark 3 days ago 0 replies      
I feel privileged to be mentioned as the homeless guy who was living on a couch at the end of the article :)
QuantumChaos 2 days ago 0 replies      
SF Housing Crisis Explained: Money allows one to buy things that other people (sometimes even people poorer than oneself) might have wanted to buy themselves. From this, two things follow: (1) we should redistribute money so that the very poor can at least buy something, and (2) nerds shouldn't be allowed to have much money, since no one likes them, and so why should they be allowed to buy things that other people want to buy.
sirdogealot 2 days ago 0 replies      

>The true culprit behind our housing problems: let us deflect blame to Mountain Views burrowing owl!


>City of Mountain View evicted a pair of burrowing owls so that it could sell a parcel of land to Google to build a hotel at Shoreline Boulevard and Charleston Road.


hippich 3 days ago 0 replies      
it kinda make sense, why existing population of SF tries to oppose any new building, but I still can't understand why bigger companies need to be there physically except may be top managerial stuff? It still make sense to start startup there, since this city filled with like minded people, but for bigger companies - why pursue it? Me and quite a few of my (married and with children) friends refuse even considering moving to SF exactly for this reason - too inadequate housing situation.
wil421 3 days ago 1 reply      
$8,000 and month dollars for a two bedroom apartment, that is ridiculous. You could own several large house where I live. I am tired of hearing about these silly SV-SF problems. Build more and the problem will stop.
alxndr 3 days ago 0 replies      
And now, the KQED version of the article: http://blogs.kqed.org/newsfix/2014/04/14/San-Franciscos-Curr...
beachstartup 3 days ago 2 replies      
i find it interesting that there's always such willful disregard for analytical inclusion of los angeles, the 2nd largest city/metro in the US, with a housing market that dwarves all other metro areas but new york.


los angeles leads the nation in out-of-whack median rent/median income ratios. what does that suggest to me? that it's one of the last of the major US cities with poor and lower-middle class people living in it.

kzahel 3 days ago 2 replies      
This has a ton of great information and background but could definitely use some splitting up and organizing IMO. I don't know anybody but the most dedicated who could spend the hours it would take to digest this. It reads almost like a wikipedia page.
mathattack 3 days ago 0 replies      
Very long story. Only halfway through the original referenced article, and I can tell the writer has some solid economics chops.
stcredzero 3 days ago 0 replies      
Santa Clara Valley was some of the most valuable agricultural land in the entire world, but it was paved over to create todays Silicon Valley.

Exact same move the Maya pulled. At their tech level, that plus climate change ended their civilization.

patrickg_zill 3 days ago 0 replies      
TLDR "Stupidity combined with an unwarranted trust in government to over-ride reality".
dredmorbius 3 days ago 0 replies      
A great companion to Cutler's piece (which is excellent in its depth and analysis) is Andreas Schou's G+ post "So, why is Silicon Valley studded with an implausibly large number of abandoned barns, shacks, and other things that don't look like they belong here?":


This details a great many seemingly illogical (but actually financially sensible) consequences of California's 1978 property "tax reform" measure, Proposition 13.

Schou (recently hired by Google) is among the brightest lights on G+ in my experience. Much as I try to avoid the site, he draws me back at least to look.

qthrul 3 days ago 0 replies      
Item 7: Move to Raleigh, NC
firstOrder 3 days ago 0 replies      
> parts of the progressive community do not believe in supply and demand

Wow, those left wing progressives must really be crazy. It's not like tech CEO's would ever say there is a shortage of good technicians. They obviously believe in supply and demand, and that if demand, salary, working conditions and long-term career viability were good enough, the supply would arise.

pearjuice 3 days ago 0 replies      
Quite ironic how a blog constantly zooming in on the successes and ecosphere of the Valley attempt to explain the problem. The reason people are flocking to Silicon Valley is partially found in the overly-positive media reporting by Techcrunch and the like.
peterwwillis 3 days ago 1 reply      
tl;dr poor people don't want to be forced out of their homes or have their affordable local businesses shut down, and rich people want to make/keep a lot of money (partly by pushing poor people out of their homes and closing their affordable local businesses)

From my perspective SF does not have a housing crisis. They quite obviously have a culture crisis. Two opposed socioeconomic groups are at war, each trying to push the other out of the city. Housing remains plentiful, though obviously not affordable. You want to make housing really affordable? Introduce a large drug trade and a couple dozen gangs to bring up the mortality and crime rates, and you'll see those housing prices rocket downwards.

If you would rather live in a city with plentiful, affordable housing - 16% of which is abandoned or unliveable - come on over to my side of the country. You might want to bring a car and some pepper spray, though.

worklogin 3 days ago 0 replies      
I wonder what would have happened to the "Yuppie Eradication" project had the owners of said vehicles possessed defensive means such as firearms.
krashidov 3 days ago 5 replies      
Can somebody give me a perspective on how much they pay for housing ? I did a quick craigslist search expecting studios to be 2500 a month but it only took me a minute to find a very reasonable 950 A month studio apt.


madamepsychosis 3 days ago 1 reply      
HN, tell me why this wouldn't work: tax anyone renting an old property (i.e. built more than 15 years ago) for 50% of the difference between the rent now & before the tech boom. Put this to subsidise development of affordable housing in under-developed areas like SOMA.

Really, the lowest hanging fruit is just building reasonable transport through the whole city. At the moment it seems like only 30-40% of SF is actually being used. Demolishing freeways & replacing them with housing would not be a bad area either. Smaller houses, like the ones in European cities, would help a lot as well.

timr 3 days ago 6 replies      
"But this paper conflates correlation with causation. He argues that when there is a decline in new housing units, there is also a decline in price."

I knew this was going to happen: people have heard a trite sound-bite about "counter-intuitive" statistical logic so many times that they ignore that correlation is usually a pretty damned good signal for a causal relationship.

To wit: of course there's a correlation between price and new housing units -- because it is causally related. When prices go up, developers have greater incentives to build. More importantly, in a city with as high a density as San Francisco (and yes, folks, it is dense -- the second-densest city in the US, in fact), with as many architectural challenges (seismic, geographic, etc.) the limiting factor for new construction is land and materials, not red tape.

Nobody wants to hear this, but it's true. The fixed costs of building here are so high that developers won't do it unless rents go up. That's why new construction costs upwards of $4k for a 1-bedroom unit, and why new construction in SF doesn't place any real downward pressure on rents -- except (perhaps) in the very long term. At best, you're treading water. Developers don't build into a falling market.

But really, the best response for the people who keep asserting that "building up" is the magical solution is to point to Manhattan: it's the densest city in America, yet it's just as expensive as San Francisco, if not more so.

There are no magic bullets. San Francisco is expensive because there's a lot of money chasing a tiny little bit of land. You don't need a dissertation to explain it.

d23 3 days ago 0 replies      
> Sorry, this isnt a shorter post or that I didnt break it into 20 pieces.

Sorry, I didn't read it because you're a lazy writer who can't be bothered to consolidate the piece into a cohesive, easy-to-digest narrative. Oddly enough, I should be fish in a barrel, -- a mid 20s moving to SF for career; yet you couldn't take the time to work on maintaining my attention for more than a couple bullet points. The hilarious part is that you self-righteously reject that which you ultimately give in to, ("sorry [...] that I didnt break it into 20 pieces") presumably under the continuing theme of "look at me for being better at not being better than people."

So yeah, sorry I didn't read. Let me know how your blog post does.

Lens Blur in the new Google Camera app googleresearch.blogspot.com
596 points by cleverjake  2 days ago   235 comments top 55
jawns 2 days ago 5 replies      
Regarding the technology (achieving shallow depth of field through an algorithm), not Google's specific implementation ...

Up until now, a decently shallow depth of field was pretty much only achievable in DSLR cameras (and compacts with sufficiently large sensor sizes, which typically cost as much as a DSLR). You can simulate it in Photoshop, but generally it takes a lot of work and the results aren't great. The "shallow depth of field" effect was one of the primary reasons why I bought a DSLR. (Yeah, yeah, yeah, quality of the lens and sensor are important too.) Being able to achieve a passable blur effect, even if it's imperfect, on a cellphone camera is really pretty awesome, considering the convenience factor. And if you wanted to be able to change the focus after you take the picture, you had to get a Lytro light field camera -- again, as expensive as a DSLR, but with a more limited feature set.

Regarding Google's specific implementation ...

I've got a Samsung Galaxy S4 Zoom, which hasn't yet gotten the Android 4.4 update, so I can't use the app itself to evaluate the Lens Blur feature, but based on the examples in the blog post, it's pretty good. It's clearly not indistinguishable from optical shallow depth of field, but it's not so bad that it's glaring. That you can adjust the focus after you shoot is icing on the cake, but tremendously delicious icing. The S4 Zoom is a really terrific point-and-shoot that happens to have a phone, so I'm excited to try it out. Even if I can use it in just 50% of the cases where I now lean on my DLSR, it'll save me from having to lug a bulky camera around AND be easier to share over wifi/data.

grecy 2 days ago 9 replies      
We had an interesting discussion about this a few nights ago at a Photojournalism talk.

In that field, digital edits are seriously banned, to the point multiple very well known photo journalists have been fired for one little use of the clone tool [1] and other minor edits.

It's interesting to think I can throw an f/1.8 lens on my DSLR and take a very shallow depth of field photo, which is OK, even though it's not very representative of what my eyes saw. If I take the photo at f/18 then use an app like the one linked, producing extremely similar results, that's banned. Fascinating what's allowed and what's not.

I find even more interesting is the allowance of changing color photos to B/W, or that almost anything that "came straight off the camera" no matter how far it strays from what your eyes saw.

[1] http://www.toledoblade.com/frontpage/2007/04/15/A-basic-rule...

DangerousPie 2 days ago 4 replies      
Isn't this just a copy of Nokia's Refocus?


edit - better link: http://www.engadget.com/2014/03/14/nokia-refocus-camera-app-...

salimmadjd 2 days ago 3 replies      
Is the app taking more than one photo? It wasn't clear in the blog post. AFAIU to have any depth perception you need to take more than one photo. Calculate the pupil distance (the distance the phone moved) then match image features between the two or more images. Calculate the amount of movement between the matching features to then calculate the depth.

As described you then map the depth into an alpha transparency and then apply the blurred image with various blur strength over the original image.

Since you're able to apply the blur after the image, it would mean the google camera always takes more than one photo.

Also a Cool feature would be to animate the transition from no blur to DOF blur as a short clip or use the depth perception to apply different effect than just blur, like selective coloring, or other filters.

dperfect 2 days ago 5 replies      
I believe the algorithm could be improved by applying the blur to certain areas/depths of the image without including pixels from very distant depths, and instead blurring/feathering edges with an alpha channel over those distant (large depth separation) pixels.

For example, if you look at the left example photo by Rachel Been[1], the hair is blurred together with the distant tree details. If instead the algorithm detected the large depth separation there and applied the foreground blur edge against an alpha mask, I believe the results would look a lot more natural.

[1] http://4.bp.blogspot.com/-bZJNDZGLS_U/U03bQE2VzKI/AAAAAAAAAR...

nostromo 2 days ago 6 replies      
I sure wish you could buy a DSLR that just plugs into your iPhone. I don't want any of that terrible DSLR software -- just the hardware.

I think many devices should become BYOD (bring your own device) soon, including big things like cars.

edit: I don't just want my pictures to be saved on my phone. I'd like the phone to have full control of the camera's features -- so I can use apps (like timelapse, hdr, etc.) directly within the camera.

themgt 2 days ago 5 replies      
Is looking at the examples giving anyone else a headache? It's like the software blur falls into some kind of uncanny valley for reality.
kbrower 2 days ago 1 reply      
I did a quick comparison of a full frame slr vs moto x with this lens blur effect. I tried to match the blur amount, but made no other adjustments. Work really well compared to everything else I have seen!http://onionpants.s3.amazonaws.com/IMG_0455.jpg
fidotron 2 days ago 0 replies      
Doesn't look totally convincing, but it's good for a first version.

The real problem with things like this is the effect became cool by virtue of the fact it needed dedicated equipment. Take that away and the desire people will have to apply the effect will be greatly diminished.

Spittie 2 days ago 2 replies      
I find it funny that this was one of the "exclusive features" of the HTC One M8 thanks to the double camera, and days after it's release Google is giving the same ability to every Android phones.

I'm sure the HTC implementation works better, but this is still impressive.

sytelus 1 day ago 2 replies      
Wow.. this is missing the entire point on why lens blur occurs. Lens blur in normal photographs is the price you pay because you want to focus sharply on a subject. The reason photos with blur looks "cool" is not because the blur itself but its because the subject is so sharply focused that its details are order of magnitude better. If you take a random photo, calculate depth map somehow, blur our everything but the subject then you are taking away information from the photo without adding information to the subject. The photos would look "odd" to the trained eyes at best. For casual photograph, it may look slightly cool on small screens like phone because of relatively increased perceived focus on subject but it's fooling eyes of casual person. If they want to really do it (i.e. add more details to subject) then they should use multiple frames to increase resolution of the photograph. There is a lot of research being done on that. Subtracting details from background without adding details to subject is like doing an Instagram. It may be cool to teens but professional photographers know it's a bad taste.
nileshtrivedi 2 days ago 3 replies      
With these algorithms, will it become feasible to make a driverless car that doesn't need a LIDAR and can run with just a few cameras?

Currently, the cost of LIDARs are prohibitive to make (or even experiment with) a DIY self-driving car.

scep12 2 days ago 2 replies      
Impressive feat. Took a few snaps on my Nexus 4 and it seems to work really well given a decent scene.
anigbrowl 2 days ago 0 replies      
It's interesting that the DoF is calculated in the app. I am wondering if this uses some known coefficients about smartphone cameras to save computation, but in any case I hope this depth mapping becomes available in plugin forms for Photoshop and other users.

As an indie filmmaker, it would save a lot of hassle to be able to shoot at infinity focus all the time and apply bokeh afterwards; of course an algorithmic version would likely never get close to what you can achieve with quality optics, but many situations where image quality is 'good enough' for artistic purposes (eg shooting with a video-capable DSLR) then faster is better.

jnevelson 2 days ago 1 reply      
So Google basically took what Lytro has been using hardware to achieve, and did it entirely in software. Pretty impressive.
angusb 1 day ago 0 replies      
A couple of other really cool depth-map implementations:

1) The Seene app (iOS app store, free), which creates a depth map and a pseudo-3d model of an environment from a "sweep" of images similar to the image acquisition in the article

2) Google Maps Photo Tours feature (available in areas where lots of touristy photos are taken). This does basically the same as the above but using crowdsourced images from the public.

IMO the latter is the most impressive depth-mapping feat I've seen: the source images are amateur photography from the general public, so they are randomly oriented (and without any gyroscope orientation data!), and uncalibrated for things like exposure, white balance, etc. Seems pretty amazing that Google have managed to make depth maps from that image set.

frenchman_in_ny 2 days ago 2 replies      
Does this pretty much blow Lytro out of the water, and mean that you no longer need dedicated hardware to do this?
Splendor 2 days ago 0 replies      
Isn't the real story here that Google is continuing to break off core pieces of AOSP and offer them directly via the Play Store?
tdicola 1 day ago 0 replies      
Neat effect--I'm definitely interested in trying this app. Would be cool to see them go further and try to turn highlights in the out of focus areas into nice octagons or other shapes caused by the the aperature blades in a real camera.
gamesurgeon 2 days ago 2 replies      
One of the greatest features is the ability to change your focus point AFTER you shoot. This is huge.
mauricesvay 2 days ago 0 replies      
The interesting part is not that it can blur a part of the image. The interesting part is that it can generate a depth map automatically from a series of images taken from different points of view, using techniques used in photogrammetry.
thenomad 1 day ago 0 replies      
So, is there a way to get the depth map out of the image separately for more post-processing?

Fake DOF is nice, but there are a lot more fun things you can use a depth map for. For example, it seems like ghetto photogrammetry (turning photographs into 3D objects) wouldn't be too far away.

kingnight 2 days ago 1 reply      
I'd like to see an example of a evening/night shot using this. I can't imagine the results are anything like the examples here, but would love to be surprised.

Are there more samples somewhere?

goatslacker 2 days ago 0 replies      
On iOS you can customize your DoF with an app called Big Lens.

Normally apps like Instagram and Fotor let you pick one point in the picture or a vertical/horizontal segment and apply focus there while blurring the background. Big Lens is more advanced since it lets you draw with your finger what you'd like to be in focus.

They also include various apertures you can set (as low as f/1.8) as well as some filters -- although I personally find the filters to be overdone but others might find them tasteful.

bckrasnow 2 days ago 1 reply      
Well, the Lytro guys are screwed now. They're selling a $400 camera with this feature as the main selling point.
spot 1 day ago 0 replies      
i just noticed i have the update and i tried it out.wow, first try. amazing:https://plus.google.com/+ScottDraves/posts/W4ozBLTBmKy
jestinjoy1 1 day ago 1 reply      
This is what i got with Moto G Google Camera Apphttp://i.imgur.com/a6AxO4e.jpg
defdac 2 days ago 0 replies      
Is this related to the point cloud generation feature modern compositing programs use, like Nuke? Example/tutorial video: http://vimeo.com/61463556 skip to 10:27 for magic
Lutin 2 days ago 0 replies      
This app is now on the Play Store and works with most phones and tablets running Android 4.4 KitKat. Unfortunately it seems to crash on my S3 running CM 11, but your experience may vary.


insickness 2 days ago 1 reply      
> First, we pick out visual features in the scene and track them over time, across the series of images.

Does this mean it needs to take multiple shots for this to work?

mcescalante 2 days ago 3 replies      
I may be wrong because I don't know much about image based algorithms, but this seems to be a pretty successful new approach to achieving this effect. Are there any other existing "lens blur" or depth of field tricks that phone makers or apps are using?

I'd love to see their code open sourced.

zmmmmm 2 days ago 0 replies      
If nothing else, these improvements make HTC's gimmick of adding the extra lens while giving up OIS seem all the more silly.
techaddict009 2 days ago 0 replies      
Just installed it. Frankly speaking I loved the new app!
jheriko 1 day ago 0 replies      
This sounds clever but also massively complex for what it does. I don't have anything finished but I can think of a few approaches to this without needing to reconstruct 3d things with clever algorithms... still very neat visually if technically underwhelming
anoncow 2 days ago 1 reply      
How is Nokia Refocus similar or different to this? It allows refocusing a part of the image which blurs out the rest.(Not a pro) https://refocus.nokia.com/
marko1985 1 day ago 0 replies      
Happy for this "invention" but I would wait for this kind of stuff when smartphones will have all their laser sensors for depth measurment, so this calculations doesn't require a sequnce of taken picture, as the main character could move quickly and deform the final picture or the blur effect. But for static photography or selfies looks amazing.
the_cat_kittles 2 days ago 1 reply      
Isn't it interesting how, by diminishing the overall information content of the image by blurring it, it actually communicates more (in some ways, particularly depth) to the viewer?
guardian5x 2 days ago 1 reply      
I guess that is exactly the same as Nokias Refocus that is on the Lumia Phones for quite some time: https://refocus.nokia.com/
CSDude 2 days ago 0 replies      
I wonder what is the exact reason that my country is not included. It is just a fricking camera app.
coin 2 days ago 0 replies      
Shallow depth of field is so overused these days. I much prefer having the entire frame in focus, and let me decides what to focus on. I understand the photographer is trying to emphasize certain parts of the photo, but in the end it feels too limiting. It's analogues to mobile "optimized" websites - just give me all the content and I'll choose what I want to look at.
benmorris 2 days ago 0 replies      
The app is fast on my nexus 5. The lense blur feature is really neat. I've taken some pictures this evening and they have turned out great. Overall a nice improvement.
ohwp 1 day ago 0 replies      
Nice! Since they got a depth map, 3D-scanning can be a next step.
bitJericho 2 days ago 0 replies      
If you couple this with instagram does it break the cosmological fabric?
dharma1 2 days ago 0 replies      
the accurate depth map creation from 2 photos on a mobile device is impressive. The rest has been done many times before

This is cool, but I am waiting more for RAW images exposed in Android camera API. Will be awesome to do some cutting edge tonemapping on 12bits of dynamic range that the sensor gives, which is currently lost.

sivanmz 1 day ago 0 replies      
It's a cool gimmick that would be useful for Instagram photos of food. But selfies will still be distorted when taken up close with a wide angle lens.

It would be interesting to pair this with Nokia's high megapixel crop-zoom.

thomasfl 1 day ago 0 replies      
I wish google camera gets ported to iOS. The best alternative for iOS seems to bee the "Big Lens" app, where you have to manually create a mask to specify the focused area.
spyder 2 days ago 0 replies      
But it can be used only on static subjects because it needs series of frames for depth.
servowire 2 days ago 3 replies      
I'm no photographer, but I was tought this was called bokeh not blur. Blur is more because of motion during open shutter.
avaku 2 days ago 0 replies      
So glad I did the Coursera course on Probabilistic Graphical Models, so I totally have an understanding of how this is done when they mention Markov Random Field...
matthiasb 2 days ago 0 replies      
I don't see this mode. I have a Note 3 from Verizon. Do you?
DanielBMarkham 2 days ago 0 replies      
Lately I've been watching various TV shows that are using green screen/composite effects. At times, I felt there was some kind of weird DOF thing going on that just didn't look right.

Now I know what that is. Computational DOF. Interesting.

Along these lines, wasn't there a camera technology that came out last year that allowed total focus/DOF changes post-image-capture? It looked awesome, but IIRC, the tech was going to be several years until released.

ADD: Here it is. Would love to see this in stereo 4K: http://en.wikipedia.org/wiki/Lytro The nice thing about this tech is that in stereo, you should be able to eliminate the eyeball-focus strain that drives users crazy.

apunic 1 day ago 0 replies      
Game changer
alexnewman 2 days ago 0 replies      
Got me beat
seba_dos1 2 days ago 0 replies      
Looks exactly like "shallow" mode of BlessN900 app for Nokia N900 from few years ago.

It's funny to see how most of the "innovations" in mobile world presented today either by Apple or Google was already implemented on open or semi-open platforms like Openmoko or Maemo few years before. Most of them only as experiments, granted, but still shows what the community is capable of on its own when not putting unnecessary restrictions on it.

sib 2 days ago 2 replies      
If only they had not confused shallow depth of field with Bokeh (which is not the shallowness of the depth of field, but, rather, how out-of-focus areas are rendered), this writeup would have been much better.


Cool technology, though.

Xkcd: Heartbleed Explanation xkcd.com
528 points by MattBearman  7 days ago   75 comments top 12
billpg 7 days ago 2 replies      
I showed this to my wife to see if the cartoon worked with an educated but not-technical person. She subconsciously glossed over the (n LETTERS) part of Meg's requests as just an annotation on the cartoonist's part, not realizing that it was actually part of the request.

Once I rephrased the final request as "Server, reply with the 500 letters of HAT", we finally had that light-bulb moment.

nyellin 7 days ago 3 replies      
This is why xkcd is unique - not because of the puns or nerdy references, but because of Randall's ability to make complicated issues simple.
StavrosK 7 days ago 2 replies      
Nice easter egg in the user who wants to change the password to CoHoBaSt (correct-horse-battery-staple).
mixedbit 7 days ago 1 reply      
Security issue explained without Alice, Bob and Malory, this is way too confusing. Who is this Meg character?
AndrewDucker 7 days ago 6 replies      
Can someone explain why Heartbeat needed to return the text it was sent, rather than always returning an "OK" message?

What advantage does returning the text give you?

weavie 7 days ago 5 replies      
Wow. Was it really that simple? The heart beat request sends the text as well as the length it wants back?
damon_c 7 days ago 0 replies      
It's hard to believe that even with all of our slavish mantra repetition about not trusting user submitted data... the freaking web server trusts user submitted data.

We're all going to have to start reading more source code...

parax 7 days ago 0 replies      
"And this is, kids, why you always have to validate your input and do not trust on the user".
yiedyie 7 days ago 0 replies      
danyork 7 days ago 0 replies      
Brilliantly done! Great to have this out there to help explain the issue to non-developers.
spbhat1989 7 days ago 0 replies      
Xkcd is best at simplifying the most complex things and complicating the most simple things! :)
nashashmi 7 days ago 1 reply      
I just began appreciating all the hoops I jump through just to concentrate on things hardly anyone else cares about. It takes me nearly ten times as long to complete a program, and taxes my mind ten times more, and makes me frustrated twice as much about pursuing programming, but after a very sharp practicing curve, makes me hundred times better than the rest of the programmers out there. But, still, I wonder if it's worth it. Especially, considering my boring as hell job.
CloudFlare's Heartbleed challenge cracked twitter.com
523 points by jmduke  7 days ago   142 comments top 23
nikcub 6 days ago 4 replies      
Reading Cloudflare's blog post[0], they keep referring to the exploit having a length of 65,536 bytes, and how an allocation of that size is unlikely to find itself lower in the heap.

That is true - but this exploit doesn't depend on setting a length of 65,536. The server takes whatever length the client gives it (which is, afterall, the bug). Most of the early exploits just happen to set the maximum packet size to get as much data out (not realizing the nuances of heap allocation). You can set a length of 8bytes or 16bytes and get allocated in a very different part of the heap.

The metasploit module for this exploit[1] supports varied lengths. Beating this challenge could have been as simple as running it with short lengths repeatably and re-assembling the different parts of the key as you find it.

edit something that I want to sneak in here since I missed the other threads. Cloudflare keep talking about how they had the bug 12 days early. Security companies and vendors have worked together to fix bugs in private for years, but this is the first time i've ever seen a company brag about it or put a marketing spin on it. It isn't good - one simple reason why: other security companies will now have to compete with that, which forces companies not to co-operate on bugs (we had the bug 16 days early, no we had the bug 18 days early!, etc.).

As users you want vendors and security companies co-operating, not competing at that phase.

[0] Cloudflare - Can You Get Private SSL Keys Using Heartbleed? http://blog.cloudflare.com/answering-the-critical-question-c...

[1] see https://github.com/rapid7/metasploit-framework/blob/master/m...

tptacek 7 days ago 4 replies      
d0ne 7 days ago 1 reply      
We have reached out via twitter to this invidiual as to coordinate the delivery of the $10,000 bounty we offered. If anyone is already in contact with them please direct them to https://news.ycombinator.com/item?id=7572530
danielpal 7 days ago 2 replies      
The important thing to know here is that you not only have to change your current certs you ALSO HAVE TO REVOKE THE OLD ONE.

If you only change your current cert to get a new key but you don't go through the revocation process of the old certificate if someone managed to get the old one they can still use it for a MiTM attack - as both certs would be valid to any client.

ig1 6 days ago 1 reply      
So I didn't manage to crack the challenge (I used around 10k heartbeats), but I suspect it may have just been a case of brute-force (i.e asking for enough heartbleeds). Other people may have got the key without realizing that had done so because they were looking for the wrong thing (i.e. normal cert text representation).

I took the approach of using two fingerprints to search the data:

1) The hex sequence "30 82 .. .. 02 01 00" which would indicate the ASN.1 private key encoding which OpenSSL uses.

2) The modulus which I extracted from the public key (which would also be in the private key structure)

I didn't find any instance of the first, the second I found lots of instances of (because the modulus is also in the public key). I then filtered out all the instances of the public key by searching for the public key header ("30 82 .. .. 30 82").

This actually left me with two unique instances of the modulus in memory which weren't in a public key structure. I then tried to overlay the private key structure over the data and extracted what should have been the prime numbers and ran a primality test on them (to verify; another way would have been to just feed the structure into openssl). Both failed, so it wasn't the private key structure.

But there's a reasonable chance that those two instances represented a cryptographic calculation in progress; so while recovering the key wouldn't be as trivial as if you grabbed the full private key structure from memory (which I suspect is what the successful attackers did) I think it definitely represents another attack angle.

tomkwok 7 days ago 3 replies      
* From https://www.cloudflarechallenge.com/heartbleed *

So far, two people have independently solved the Heartbleed Challenge.

The first was submitted at 4:22:01PST by Fedor Indutny (@indutny). He sent at least 2.5 million requests over the span of the challenge, this was approximately 30% of all the requests we saw. The second was submitted at 5:12:19PST by Illkka Mattila using around 100 thousand requests.

We confirmed that both of these individuals have the private key and that it was obtained through Heartbleed exploits. We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we cant be certain.

benmmurphy 6 days ago 3 replies      
i think cloudfare's version of nginx is a lucky version or my code is bugged or time after restart is important or you need to do some heap-fu by sending different payload sizes.

so i booted up a micro vm on amazon aws and was able to dump the private key in one request.

Ubuntu Server 13.10 (PV) - ami-35dbde5c

  sudo add-apt-repository ppa:nginx/development  sudo apt-get update  sudo apt-get install nginx  sudo apt-get install ssl-cert
modify /etc/nginx/sites-enabled/default uncomment ssl server and change certs:

  ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;  sudo /etc/init.d/nginx restart  curl -O https://gist.githubusercontent.com/benmmurphy/12999c91a4d328b749e3/raw/9bcd402e3d9beec740a61a1585e24c36dea80859/heartbeat.py  chmod u+x heartbeat.py  ubuntu@ip-10-185-20-243:~$ ./heartbeat.py localhost /etc/ssl/certs/ssl-cert-snakeoil.pem  Using modulus: C30FB990C6C1EE4EE4524A724BDF10DCDC735C9BCCED84B38796584DCE9F7CB1027CCF63A0E604882AE9B8639CD0955C207BE641943AE38AC4DAE63ECCE7E79ACE7EB9EB5D92F55761924C35A00EB5AE4759CB6DC938DBD48ED34685BC32B3193FEF55F081BB2BFC33494F26E556803FD2506F94301DFD688A63F9F3572C540F3F5E7679D5454E532503636ABFCB95AC5674D47C2B23C4418E04BE1D36AECF6BFEA81FC38FCA3E72A3EACD0BFD4E07FDC3BFA8E70E002ECA68FE8E0621F56081D90A3724A1BED6B5E3BDCDCC02B4EDEAFD0EC4D60C7DEC95BF7756CD82442915EE1AB6738F38B3BA932C8D27B34E94205C84AB64ACC34487ED2FF3804332AB63  Using key size: 128  Scanning localhost on port 443  Connecting...  Sending Client Hello...  Waiting for Server Hello...  Got length: 66   ... received message: type = 22, ver = 0302, length = 66  Message Type is 0x02  Got length: 750   ... received message: type = 22, ver = 0302, length = 750  Message Type is 0x0B  Got length: 331   ... received message: type = 22, ver = 0302, length = 331  Message Type is 0x0C  Got length: 4   ... received message: type = 22, ver = 0302, length = 4  Message Type is 0x0E  Server sent server hello done  Server TLS version was 1.2  Sending heartbeat request...  Got length: 16384   ... received message: type = 24, ver = 0302, length = 65551  Received heartbeat response:  Got result: 154948185083822336433702373602285084550034029190596792283600073258494868382158852796844241764405565518400264295279959791461705192749666707538790201985451035410116800023040704455951541838840288378897688943017357577574672157589664822948047455855119173651635078033464041188274590174256703712210173285385390714209  found prime: 0xdca74e63a186d60a9de3c8211e21a5b165c6d86d285c1d6eece2ad7a2505890ebae513e3013c3602f148e2112eaa99edd8ff5922494c4db47156727f93ab0f35a298553a82dfbd91e5e8aff2e969f31db31263bce9a89d95b64ff38ff5b86d47fa2e70aac5198d2ea967eb952f48b7264e824bd03b1c955294fb9caeed02ed61L
you can check the prime by doing:

  ubuntu@ip-10-185-20-243:~$ sudo openssl rsa -in /etc/ssl/private/ssl-cert-snakeoil.key -text  ..  prime1:      00:e2:4e:eb:f7:88:3a:d4:ad:61:2c:ef:6f:b2:a6:      3b:dd:c4:99:89:f1:b4:6e:6b:ce:76:51:c3:23:f7:      7a:37:69:f9:6c:eb:65:3d:cd:6a:f7:c9:97:96:b0:      f6:39:72:8a:ca:f7:45:3c:ff:25:b0:dd:a9:c1:08:      c3:aa:53:41:22:20:df:74:cb:1d:ad:ce:67:1d:11:      00:15:33:65:1f:d4:b9:a8:2b:27:50:da:7c:a7:e1:      88:d1:2c:d8:d9:32:07:ba:23:e1:40:fa:fa:94:46:      7f:9b:35:a1:d2:e4:91:86:f6:f3:79:2f:53:fd:95:      4d:99:56:b3:c0:be:97:6b:43  prime2:      00:dc:a7:4e:63:a1:86:d6:0a:9d:e3:c8:21:1e:21:      a5:b1:65:c6:d8:6d:28:5c:1d:6e:ec:e2:ad:7a:25:      05:89:0e:ba:e5:13:e3:01:3c:36:02:f1:48:e2:11:      2e:aa:99:ed:d8:ff:59:22:49:4c:4d:b4:71:56:72:      7f:93:ab:0f:35:a2:98:55:3a:82:df:bd:91:e5:e8:      af:f2:e9:69:f3:1d:b3:12:63:bc:e9:a8:9d:95:b6:      4f:f3:8f:f5:b8:6d:47:fa:2e:70:aa:c5:19:8d:2e:      a9:67:eb:95:2f:48:b7:26:4e:82:4b:d0:3b:1c:95:      52:94:fb:9c:ae:ed:02:ed:61  ..
so the exploit is the most stupid one possible. i took the POC code and changed it to read all 64k. The version i had was reading only 14kb from the server. Then just check all the 128 byte strings to see if they divide the modulus evenly.

guelo 6 days ago 2 replies      
"We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we cant be certain.". https://www.cloudflarechallenge.com/heartbleed

That doesn't make sense to me, seems like the key needs to be in memory all the time, or at least during every session.

alexkus 6 days ago 0 replies      
Didn't have any spare time to have a go at this, here's how I was going to do it:-

1) Create a VM with the same version of Linux, nginx, openssl.

2) Create a self-signed SSL certificate for the server

3) Verify that the HTTPS server is vulnerable to heartbleed

4) Run a few HTTPS requests against the server

5) Use gcore (or just send SIGABRT) to get a core file of the nginx process

6) Write a tool to check the memory image for remnants of the private key (since I know what it looks like). This may be encoded in several forms: as is from the ssl key file, hex encoded modulus, binary encoded modulus, however the BigNum stuff in OpenSSL stores the modulus, intermediate values used in calculations, etc. I can also check for partial matches since I know what the full key looks like.

7) Run the heartbleed client against the site to extract some chunks of memory, there are various strategies for this:-

a) Repeatedly grab the largest (65535) bytes of memory each time

b) Repeatedly grab different sizes (8KB, 16KB, etc) depending on the bucket sizes for OpenSSL's freelist wrapper around malloc.

c) Vary the request size (lots more headers, etc) to try and get different chunks of memory returned.

d) Occasionally restart nginx

8) Once I can reliably (for whatever value of reliably that is) get the key from my own server, I then modify the test for success from a comparison against the known private key, to a test which involves decrypting a string that was the result of encrypting some known plaintext with the known public key. That'll be slower, but still possible.

9) Run that analysis against real data retreived from the challenge server. The data (using the various strategies in #7) can be obtained in the background whilst I'm developing #1-#8. You can't rely on having sole access to the server so whatever strategy you use may be perturbed by other people performing requests.

10) Repeat #1-#8 for Apache and any other web server that is vulnerable to heartbleed.

This does work on the assumption that the key (in whatever form it is in) will be returned as a contiguous block of memory. Trying to patch together chunks of memory to look for the key will be much much harder unless there's significant overlap and it's easy to detect what/where a key is somehow.

ademarre 7 days ago 4 replies      

Pic of the CloudFlare team reviewing the attack. Ten guys crowded around one monitor.

aboodman 6 days ago 0 replies      
It probably took longer to compose that blog post than it took @indutny to disprove it.
nodesocket 7 days ago 1 reply      
Love to see a post on how it was done and the tools he used.
wrs 7 days ago 0 replies      
Well, so much for wishful thinking.
tszming 6 days ago 1 reply      
So @indutny sent at least 2.5 million requests, should we start to think more on the practical prevention techniques?
badusername 7 days ago 1 reply      
So this does mean that I need to change my passwords on every damn site on the list? Oh bollocks, those passwords were a work of art.
capcah 6 days ago 1 reply      
I am not sure how those guys did it, but I was talking to a friend of mine today, and I guess that it had something to do with forcing the server to use its private key to check for information sent to it. Then you use the heartbleed bug to intercept the intermediate forms on the information you sent to be decrypted/authenticated. Since you know the plaintext, the ciphertext and the intermediate forms, it should be possible to recover the key.

As I said, I am not sure that is right or if that was the method used to exploit cloudflare, as I didn't had the time nor the knowledge of openssl implementation to test it out, I am just throwing my guess out there before the official exploit comes about.

edit: formatting

specto 6 days ago 1 reply      
Considering he just pulled a shadow file as well, it's not pretty.
tectonic 7 days ago 2 replies      
Ah crap.
athoik 6 days ago 0 replies      
An error occurred during a connection to www.cloudflarechallenge.com. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)

Game over...

dogsky 6 days ago 0 replies      
I was unable to replicate. Can someone give more details, maybe the heartbleed script updated and some instructions to replicate it? Thanks.
diakritikal 6 days ago 0 replies      
Hubris is ugly.
yp_maplist 6 days ago 0 replies      
IMO, CloudFlare is lame. Kudos to this guy for reminding me just how much so.
bitsteak 6 days ago 1 reply      
Why did anyone need this challenge in the first place? Couldn't someone have justed ASKED a good exploit developer what they would do and what the impact is? No, I guess we're all up for wasting people's time and creating potential false negatives.
The New Linode Cloud: SSDs, Double RAM and much more linode.com
517 points by qmr  1 day ago   265 comments top 54
madsushi 1 day ago 7 replies      
Why do I pay Linode $20/month instead of paying DO $5/month(1)?

Because Linode treats their servers like kittens (upgrades, addons/options, support), and DO treats their servers like cattle. There's nothing wrong with the cattle model of managing servers. But I'm not using Chef or Puppet, I just have one server that I use to put stuff up on the internet and host a few services. And Linode treats that one solitary server better than any other VPS host in the world.

(1) I do have one DO box as a simple secondary DNS server, for provider redundancy

kyrra 1 day ago 6 replies      
I forgot to benchmark the disk before I upgraded but here are some simple disk benchmarks on an upgraded linode (the $20 plan, now with SSD)

  $ dd bs=1M count=1024 if=/dev/zero of=test conv=fdatasync  1024+0 records in  1024+0 records out  1073741824 bytes (1.1 GB) copied, 1.31593 s, 816 MB/s  $ hdparm -tT /dev/xvda  /dev/xvda:   Timing cached reads:   19872 MB in  1.98 seconds = 10020.63 MB/sec   Timing buffered disk reads: 2558 MB in  3.00 seconds = 852.57 MB/sec
Upgraded cpuinfo model: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz

Old cpuinfo model: Intel(R) Xeon(R) CPU L5520 @ 2.27GHz

CPUs compared: http://ark.intel.com/compare/75277,40201

nivla 1 day ago 3 replies      
Awesome News. Competition really pushes companies to please their customers. Ever since Digital Ocean became the new hip, Linode has been pushing harder. My experience with them has been mixed. Forgiving their previous mishaps and the feeling that the level of Customer Service has gone down, they have been decent year long. I wouldn't mind recommending them.

[Edit: Removed the bit about DigitalOcean Plans. If you have Ghostery running, it apparently takes out the html block listing different plans]

rjknight 1 day ago 10 replies      
It looks like Linode are still leaving the "incredibly cheap tiny box" market to DO. Linode's cheapest option is $20/month, which makes it slightly less useful for the kind of "so cheap you don't even think about it" boxes that DO provide.
pavanky 1 day ago 2 replies      
I wish Linode (or anyone else other than Amazon) provides a reasonable Plan[1] with GPUs on them.

[1]: Amazon charges $2 an hour thats about $1500 a month.

conorh 1 day ago 2 replies      
Benchmarking using wrk the smallest linode (1024 now 2048) serving a page from an untuned Rails application using nginx/passenger getting almost no other traffic. Hard to compare of course given the various other factors, but produced slightly lower performance after the upgrade. Serving a page from nginx directly (no Rails) had no appreciable difference in performance, I guess the Rails web serving is more vCPU bound?

Before Upgrade:

  Running 30s test @ http://...    5 threads and 20 connections    Thread Stats   Avg      Stdev     Max   +/- Stdev      Latency   308.91ms  135.01ms 985.82ms   80.00%      Req/Sec    14.15      4.61    24.00     66.36%    2206 requests in 30.00s, 28.51MB read  Requests/sec:     73.53  Transfer/sec:      0.95MB
After Upgrade:

  Running 30s test @ http://..    5 threads and 20 connections    Thread Stats   Avg      Stdev     Max   +/- Stdev      Latency   321.74ms  102.45ms 957.74ms   87.32%      Req/Sec    12.02      2.18    17.00     80.75%    1858 requests in 30.01s, 24.03MB read  Requests/sec:     61.92  Transfer/sec:    819.98KB

endijs 1 day ago 3 replies      
Most interesting part in this great upgrade is that they went from 8CPU setup to 2CPU setup.But yeah - 2x more RAM, SSDs will guarantee that I'm not going to switch anytime soon. Sadly I need to wait a week until this will be available in London.
__xtrimsky 1 day ago 3 replies      
I still prefer OVH.comhttp://www.ovh.com/us/vps/vps-classic.xml

for $7 you get:2 cores2GB RAM

for 10$ you get:3 cores4GB RAM

They don't have SSD, but SSD doesn't do everything, I prefer more ram.

EDIT: If some of you don't know OVH, it's because its new in America, but its not some cheap company, it's a European company that is very successful there. And just recently created a datacenter in North America. (I used to live in France, and have known them for some years).

munger 1 day ago 2 replies      
Rackspace cloud customer here These Linode upgrades are very tempting to entice me to switch.

I get I might not be their target market (small business with about $1000/month on IaaS spending) but there are a couple things preventing me from doing so:1) $10/month size suitable for a dev instance.2) Some kind of scalable file storage solution with CDN integration like RS CloudFiles/Akamai or AWS S3/Cloudfront or block storage to attach to an individual server.

I guess you get what you pay for infrastructure components and flexibility AWS > RS > Linode > DO which roughly matches the price point.

relaxatorium 1 day ago 2 replies      
This seems pretty fantastic, I am excited to upgrade and think the SSD storage is going to be really helpful for improving the performance of my applications hosted there.

That said, I am not an expert on CPU virtualization but I did notice that the new plans are differently phrased than the old ones here. The old plans all talked about 8 CPU cores with various 1x, 2x priority levels (https://blog.linode.com/2013/04/09/linode-nextgen-ram-upgrad... for examples), while the new plans all talk about 1, 2, etc. core counts.

Could anyone with more expertise here tell me whether this is a sneaky reduction in CPU power for the lower tiered plans, or just a simpler way of saying the same thing as the old plans?

raverbashing 1 day ago 0 replies      
Congratulation on Linode

I stopped being a customer since migrating to DO but my needs were really small

But I think their strategy of keeping the price and increasing capabilities are good. Between $5 and $20 is a "big" difference for one person (still, it's a day's lunch), for a company it's nothing.

However, I would definitely go to Linode for CPU/IO intensive tasks. Amazon sucks at these (more benchmarks between the providers are of course welcome)

giulianob 1 day ago 0 replies      
Holy crap this is awesome. Good job guys at Linode. I said I would switch if the prices dropped about 25% because RAM was pricey.... So now I have to switch.
SCdF 1 day ago 1 reply      
> Linodes are now SSD. This is not a hybrid solution its fully native SSD servers using battery-backed hardware RAID. No spinning rust! And, no consumer SSDs either were using only reliable, insanely fast, datacenter-grade SSDs that wont slow down over time. These suckers are not cheap.


Not to slam what Linode is doing here, and I'm sure there are probably lots of great reasons to buy datacentre-grade SSDs, but just thought I'd point out that slowing down over time (or data integrity issues) are not really consumer-grade problems any more :-)

orthecreedence 1 day ago 3 replies      
Bummer, they're taking away 8 cores for the cheap plans and replacing it with 2. Does anyone know if the new processors will offset this difference? I don't know the specs of the processors.

Linode's announcements usually come in triples...I'm excited for number three. Let's hope its some kind of cheap storage service.

ihowlatthemoon 1 day ago 1 reply      
VPSBench result:



  CPU model:  Intel(R) Xeon(R) CPU           L5520  @ 2.27GHz  Number of cores: 8  CPU frequency:  2266.788 MHz  Total amount of RAM: 988 MB  Total amount of swap: 255 MB  System uptime:   8 days, 12:03,  I/O speed:  69.9 MB/s  Bzip 25MB: 8.96s  Download 100MB file: 47.2MB/s


  CPU model:  Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz  Number of cores: 2  CPU frequency:  2800.086 MHz  Total amount of RAM: 1993 MB  Total amount of swap: 255 MB  System uptime:   2 min,  I/O speed:  638 MB/s  Bzip 25MB: 5.10s  Download 100MB file: 146MB/s
Test: https://github.com/mgutz/vpsbench

ksec 18 hours ago 0 replies      
Sometimes i just wish the pricing system would get better as you go larger.

What is the difference between the 16GB - 96GB Plan and a dedicated server? And why would i pay 3x the price? The advantage of those who offer Cloud / VPS and Dedicated Servers Hosting company is they can mix and match depending usage. If you are actually building an any sort of infrastructure with Linode those large box are extremely expensive.

harrystone 1 day ago 0 replies      
I would love to see them still keep all those old disks and sell me some huge, cheap, and slow storage on them.
vidyesh 1 day ago 1 reply      
So this makes Lindode practically on par with DO's $20 plan. Up till now $20 plan at DO was better now its just the choice of the brand.

But here is one thing that DO provides and I think Linode too should, you get the choice to spin up a $5 instance anytime in your account for any small project or a test instance which you cannot on Linode.

jrockway 1 day ago 1 reply      
A nice reward for those of us who have been using Linode from before they even had x86_64 images.
davexunit 1 day ago 4 replies      
Cool news, but their website now has the same lame design as DigitalOcean. I liked the old site layout better.
mwexler 1 day ago 1 reply      
There's similar and then there's alike. I guess it makes comparison easy, but imitation certainly must be the sincerest form of flattery:

Compare the look and feel of https://www.linode.com/pricing/ and https://www.digitalocean.com/pricing/

__xtrimsky 1 day ago 0 replies      
Could someone please explain what improvements can we get from SSD for web applications ?

I know it would read files faster, but in most cases reading a couple of PHP files is not such a big improvement.

My guess would be maybe databases ? Read time improvement for MySQL ?

vbtechguy 14 hours ago 0 replies      
Updated benchmark results with 2GB vs 4GB vs 8GB vs 16gb plans from Linode vs DigitalOcean https://blog.centminmod.com/346. Definitely Linode has the faster cpus and disk i/o as you move up in plans >2GB. 16GB plans are pretty close though if you look at subtests in UnixBench and ignore the subtests affected by different base Linux Kernel versions used.
rdl 1 day ago 0 replies      
Semi-related: does anyone know of any good (but still fairly cheap) providers doing Atom C2750/C2758 servers yet?
extesy 1 day ago 2 replies      
So now they match DigitalOcean prices but offer slightly more SSD space for each plan. I wonder what DO answer to this would be. They haven't changed their pricing for quite a while.
nilved 1 day ago 2 replies      
Linode's recent upgrades are awesome, but people are very quick to forget the period where they were being hacked left and right and didn't communicate with their customers until a defensive blog post weeks after the fact. No matter how good the servers may be, Linode should be a non-starter for anybody who cares about the security of their droplet; and, if you don't, why would you pay Linode's premium fee?
jevinskie 1 day ago 0 replies      
I resized a 1024 instance to 2048 last night and it looks like it is already running on the new processors (from /proc/cpuinfo): model name: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz

Should I upgrade? Do I want 2 x RAM for 1/2 vCPUs? =)

filmgirlcw 1 day ago 1 reply      
Shall we call this the DigialOcean effect?
corford 1 day ago 1 reply      
Big shame the new $20 plan now only offers 2 cores versus 8 with the current plan. For my workloads, I don't need 2GB RAM or SSD disks, I just need the cores :(
ausjke 1 day ago 0 replies      
This is great indeed. I'm happy Linode did this.I ran below command 10 times and used the average below:

dd bs=1M count=1024 if=/dev/zero of=test conv=fdatasync

Linode:1073741824 bytes (1.1 GB) copied, 1.09063 s, 985 MB/sD.O:1073741824 bytes (1.1 GB) copied, 3.23998 s, 331 MB/s

dd if=/dev/zero of=test bs=512 count=1500 oflag=dsync

Linode:768000 bytes (768 kB) copied, 0.478633 s, 1.6 MB/sD.O:768000 bytes (768 kB) copied, 1.01716 s, 755 kB/s

ForFreedom 7 hours ago 0 replies      
The specs for $20 is same for DO and Linode excepting for the 8GB extra HDD on Linde.
bfrog 1 day ago 3 replies      
I'm actually a little unhappy, it looks like they reduced the CPU count for my $20/mo instance. At this point there's basically no reason to stay with them now.
h4pless 1 day ago 2 replies      
I notice that Linode talked a good bit about their bandwidth and included outbound bandwidth in their pricing model which DO does not. I wonder if DO has a similar model or if transfer capacity the only thing you have control over.
level09 1 day ago 0 replies      
I would probably move back from Digital Ocean if they allow a 10$/mo plan.

I know that's not a big price difference, but some website really don't need a lot of resources. they work well on D.O's 5$ server, and I have really a lot of them.

jebblue 22 hours ago 0 replies      
I was looking into alternatives but now I'll stick with them, I can't find another cloud provider whose stuff works so well.

edit: I just finished the migration, my disk speed test is through the roof, free ram is phenomenal!

jaequery 1 day ago 0 replies      
im really impressed by their new CPU specs. from experience those aren't cheap and it's possibly the fastest CPU out in the market. combined with the SSDs, it may be that Linode currently is the fastest of any cloud hosting right now.
funkyy 1 day ago 0 replies      
I would love to see Linode going to large HDD drives option for storage as well. I am dying to find really inexpensive cloud provider with cheap data space (SATA is fine), reasonable bandwidth but low cpu and ram and Linode style support/caring. Give server with ~500 GB hard drive, 2 TB outgoing transfer, 1 core and 1 GB ram for ~$20-30 and I am all yours.
shiloa 1 day ago 1 reply      
I have mixed feelings about this. We're in the process of moving from Linode to Rackspace but haven't flicked the switch just yet - was planning to this weekend.

Our Linode server (16 GB plan) has been performing terrible lately wrt I/O (compared to, say, a Macbook Pro running the same computations), and we decided we've had enough. I guess we'll have to compare the two after the upgrade and decide.

jaequery 1 day ago 1 reply      
DO's biggest problem is their lack of "zero-downtime snapshot backup and upgrading". i've not used Linode but anyone know if theirs is any different?
Kudos 1 day ago 0 replies      
Ubuntu 14.04 LTS is now available on Linode too.
Justen 1 day ago 1 reply      
Higher specs sound really nice, but on HN I see people commenting on the ease of DO's admin tools. How does Linode's compare?
kijin 1 day ago 0 replies      
About a week ago, I wrote a comment in another Linode-related thread asking how the new usage patterns that hourly billing encourages might affect CPU contention. At the time, I received 11 upvotes but no replies. Apparently, quite a few people were interested in my question but had no useful conjectures to share.


Now it's obvious what Linode's answer to that question is: Lower "burstable" CPU for lower plans.

The $20 plan used to be able to burst to 8 cores for short periods, but now it only has access to 2 vcores. The "guaranteed" processing power is probably higher with the newer CPUs, but at the expense of short-term burst performance.

Another minor detail that I find interesting is that the transfer cap for the $20 plan has been increased to 3TB, whereas the $40 plan still gets 4TB. Apart from the transfer cap plateau-ing at the extreme high end, this is the first time that Linode has broken its 11-year-old policy of "pay X times as much money, get X times as much RAM/disk/transfer".

beedogs 1 day ago 0 replies      
This is nice to see. SSD has gotten ridiculously cheap lately.
jdprgm 1 day ago 0 replies      
This is really a fantastic upgrade. I've been hosting with Linode for a few months now and been very happy with them. I run a relatively transfer intense SaaS app and a 50% transfer increase makes quite an improvement.
mark_lee 14 hours ago 0 replies      
awesome, linode or DO, if you're small or media companies, no other options should be considered at all, even AWS or Google Cloud.
ff_ 1 day ago 0 replies      
Wow, that's beautiful. Currently I'm a DO customer (10$ plan), and if they had a 10$ plan I'd make the switch instantly.
dharma1 1 day ago 0 replies      
ohhh yesss. DO is good for some locations like Southeast Asia but loving this upgrade for my London and Tokyo Linodes
icantthinkofone 14 hours ago 0 replies      
Without FreeBSD support, it means nothing to me.
hyptos 1 day ago 1 reply      
wow EC2 instance free plan :

$ dd bs=1M count=1024 if=/dev/zero of=test conv=fdatasync

1024+0 records in

1024+0 records out

1073741824 bytes (1.1 GB) copied, 35.8268 s, 30.0 MB/s

EGreg 20 hours ago 0 replies      
I love linode. I switched from slicehost for its 32bitness back in the day, stayed for the awesome culture and independence. Slice host got sold to rack space.

However, I am seriously considering a move to Amazon Web services for one main reason: I need to decouple the hard drive space from the ram. The hard drive space is so expensive on linodes!!

notastartup 1 day ago 1 reply      
These upgrades are impressive but they are a bit too late to the game. DO still has these advantages besides the cheap monthly price:

- DO has excellent and easy to understand API- Step by step guides on setting up and running anything- Minimal and simple

To entice me, it's no longer just a matter of price, DO has extra value added, largely due to their simplicity.

kolev 1 day ago 1 reply      
Goodbye, Digital Ocean!
zak_mc_kracken 1 day ago 1 reply      
Does any of LINode or DigitalOcean offer plans without any SSD? I couldn't find any.

I just want to install some personal projects there for which even SSD's are overkill...

izietto 1 day ago 0 replies      
Do you know cheaper alternatives? Like DigitalOcean, as @catinsocks suggests
The Birth and Death of JavaScript [video] destroyallsoftware.com
513 points by gary_bernhardt  1 day ago   195 comments top 32
jliechti1 1 day ago 7 replies      
For those unfamiliar, Gary Bernhardt is the same guy who did the famous "Wat" talk on JavaScript:


lelandbatey 1 day ago 1 reply      
First, I very much love the material of the talk, and the idea of Metal. It's fascinating, really makes me think about the future.

However, I also want to rave a bit about his presentation in general! That was very nicely delivered, for many reasons. His commitment to the story, of programming from the perspective in 2035, was excellent and in many cases subtle. His deadpan delivery really added to the humor; the fact that he didn't even smile during any of the moments when the audience was laughing just made it all the more engaging.

Fantastic talk, I totally loved it!

tinco 1 day ago 2 replies      
The reason why metal doesn't exist now is because you can't turn the memory protection stuff off in modern CPU's.

For some weird reason (I'm not an OS/CPU developer) switching to long mode on an x86 cpu also turns on the mmu stuff. You just can't have one without the other.

There's a whole bunch of research done on VM software managed operating systems, back when the VM's started becoming really good. Microsoft's Singularity OS was the hippest I think.[0]

Perhaps that ARM cpu's don't have this restriction, and we will benefit from ARM's upmarch sometime?

[0] http://research.microsoft.com/en-us/projects/singularity/

jerf 1 day ago 0 replies      
It's not far off my predictions: https://news.ycombinator.com/item?id=6923758

Though I'm far less funny about it.

vanderZwan 1 day ago 2 replies      
I guess this is in a way a response to Bret Victor's "The Future of Programming"?


jongalloway2 20 hours ago 0 replies      
Coincidentally, I just released a podcast interview with Gary right after he gave this talk at NDC London in December 2013: http://herdingcode.com/herding-code-189-gary-bernhardt-on-th...

It's an 18 minute interview, and the show notes are detailed and timestamped. I especially liked the references to the Singularity project.

spyder 1 day ago 0 replies      
Looks like Erlang is already getting one step closer to the metal:


Also there is another project that can be related to that goal:

"Our aim is to remove the bloated layer that sits between hardware and the running application, such as CouchDB or Node.js"


cjbprime 1 day ago 2 replies      
For context, this was one of the most enjoyed talks at PyCon this year.
granttimmerman 1 day ago 8 replies      
> xs = ['10', '10', '10']

> xs.map(parseInt)

[10, NaN, 2]

Javascript is beautiful.

nkozyra 1 day ago 0 replies      
Extraordinarily entertaining and well presented.
igravious 1 day ago 0 replies      
Stellar stuff. Hugely enjoyable. Very interesting thought experiment. I won't spoil it for any of you, just go and watch! Mr. Bernhardt, you have outdone yourself sir :)
joelangeway 1 day ago 4 replies      
He says several times that JavaScript succeeded in spite of being a bad language because it was the only choice. How come we're not all writing Java applets or Flash apps?
mgr86 1 day ago 8 replies      
I'm missing some obvious joke...but why is he pronouncing it yava-script.
vorg 1 day ago 0 replies      
I suspect Nashorn, the just released edition of JavaScript for the JVM, will be heavily promoted by Oracle and become heavily used for quick and dirties manipulating and testing Java classes, putting a dent into use of Groovy and Xtend in Java shops. After all, people who learn and work in Java will want to learn JavaScript for the same sort of reasons.
jr06 1 hour ago 0 replies      
Video tl;dw:

Gary Bernhardt (rightly) says that JavaScript is shit (with some other insights).

HN comments tl;dr:

50%: "Waahhh, JavaScript is awesome and Node.js is wonderful, shut up Gary Bernhardt."

25%: Smug twats talking about how they're too busy changing the world with JavaScript to even bother to comment.

25%: Pedants and know-it-alls having sub-debates within sub-debates.

Pretty standard turnout. See you tomorrow.

alexandercrohde 7 hours ago 0 replies      
I guess I don't really get the point here. This video walks a line between comedy and fact where I'm not really satisfied in either.

I can't always tell what's a joke, does he actually believe people would write software to compile to ASM instead of javascript because there are a few WTFs on js's "hashmaps." Much likely a newer version will come out before 2035? Or was that a joke?

I also feel like poking fun at "yavascript" at a python conference is cheap and plays to an audience's basest desires.

Really I see a mixture of the following: - Predictions about the future, some of which are just cleary jokes (e.g. 5 year war) - Insulting javascript preferring clojure - Talking about weird shit you could, but never would do with ASM js - Talking about a library that allegedly runs native code 4% faster in some benchmarks, with a simplistic explanation about overhead from ring0 to ring3 overhead.

dsparry 1 day ago 1 reply      
Very impressive to have been recorded "April 2014" and released "April 2013." Seriously, though, great presentation.
Sivart13 19 hours ago 1 reply      
Where did you get the footage of Epic Citadel used in the talk?

http://unrealengine.com/html5 seems to have been purged from the internet (possibly due to this year's UE4 announcements?) and I can't find any mirrors anywhere.

Which is a shame, because that demo was how I used to prove to people that asm.js and the like were a Real Thing.

steveklabnik 1 day ago 1 reply      
Consider the relationship between Chromebooks and METAL.

(I'm typing this from my Pixel...)

base698 1 day ago 1 reply      
I wish some of those talks were available for purchase on their own and not in the season packets. Definitely a few I'd buy since I liked this talk and the demo on the site.

Guy has good vim skills for sure.

angersock 19 hours ago 0 replies      
It's been kind of fun watching JS developers reinventing good chunks of computer science and operating systems research while developing node.

This talk has convinced me that their next step will be attempting to reinvent computer engineering itself.

It's a pretty cool time to be alive.

Kiro 17 hours ago 0 replies      
A bit OT but what is the problem with omitting function arguments?
camus2 1 day ago 2 replies      
nice nice,ultimatly languages dont die,unless they are closed source and used for a single purpose ( AS3 ). In 2035,people will still be writing Javascript. I wonder what the language will look like though. Will it get type hinting like PHP? or type coercion? will it enforce strict encapsulation and message passing like Ruby ? will I be able to create adhoc functions just by implementing call/apply on an object? or subclass Array? Anyway , i guess we'll still be writing a lot of ES5 in the 5 years to come.
pookiepookie 22 hours ago 0 replies      
I'm not sure I understand the claims toward the end of the talk about there no longer being binaries and debuggers and linkers, etc. with METAL.

I mean, instead of machine code "binaries", don't we now have asm blobs instead? What happens when I need to debug some opaque asm blob that I don't have the source to? Wouldn't I use something not so unlike gdb?

Or what happens when one asm blob wants to reuse code from another asm blob -- won't there have to be something fairly analogous to a linker to match them up and put names from both into the VM's namespace?

yoamro 1 day ago 0 replies      
I absolutely loved this.
ika 21 hours ago 0 replies      
I always enjoy Gary's tasks
jokoon 18 hours ago 1 reply      
I want a C interpreter
slashnull 20 hours ago 0 replies      
ha-zum yavascript
adamman 1 day ago 1 reply      
"It's not pro- or anti-JavaScript;"


Fasebook 1 day ago 0 replies      
"I get back to the DOM"
h1karu 16 hours ago 0 replies      
somebody tell this to the node.js crowd
inglor 1 day ago 0 replies      
This is actually not a bad lecture. Very interesting, a nice idea and surprising.
Huginn: Like Yahoo Pipes plus IFTTT on your server github.com
484 points by ColinWright  4 days ago   94 comments top 23
malanj 4 days ago 2 replies      
This looks really awesome for managing an office. We're currently automating things using Google scripts and other custom glue to do things like order food, get feedback on lunch and mail people weekly digests activities. Sounds like this could be a great solution for this.
albertsun 4 days ago 2 replies      
The best part of Huginn is being able to self-host and write any arbitrary agents you want.
hyp0 4 days ago 1 reply      
I always liked the Yahoo Pipes concept... but it didn' seem take off... and I personally found it too limited for everything I tried to do with it. Perhaps it's just another case of the old "visual programming language" is harder than it looks.

I hope Huginn does better. I like their copywriting "You always know who has your data. You do."

danso 4 days ago 0 replies      
Also relevant: How the New York Times interactive team uses Huginn


> Most prominently, we used it during our Olympics coverage to monitor the results of the API we built and let us know if the data ingestion pipeline ever grew stale. To do that, we set up a pipeline

yukichan 4 days ago 0 replies      
Zapier is also good with lots of integrations, but it's a little pricey. Yet if you calculate what your time is worth and include the amount spent on making this work plus customizations, it's probably less. Depends on if Zapier can do what you want.
c0nsumer 4 days ago 1 reply      
This is a really frustrating name. Hugin is already used for panoramic photo stitching software: http://hugin.sourceforge.net/

This just has another N bolted on to the end and does something completely different.

fasteddie31003 4 days ago 3 replies      
I am working on a similar project called Taskflow.io that is aimed at more backend business oriented tasks. It can do similar things through an interface flowchart editors where you make the actual flowchart that gets executed. I would still consider it a public beta. I would love your feedback.
FroshKiller 4 days ago 1 reply      
One of the developers posted about this recently: https://news.ycombinator.com/item?id=7582316
thomasfl 4 days ago 1 reply      
Will this run on a standard heroku stack? The wiki says it will run on OpenShift and CloudFoundry. https://github.com/cantino/huginn/wiki
alxndr 3 days ago 1 reply      
Anyone know why this project encourages using a private fork to do contributing development?

> "Make a public fork of Huginn. [...] Make a private, empty GitHub repository called huginn-private. Duplicate your public fork into your new private repository[. ...] Checkout your new private repository. Add your Huginn public fork as a remote to your new private repository[. ...] When you want to contribute patches, do a remote push from your private repository to your public fork of the relevant commits, then make a pull request to this repository."

kzahel 4 days ago 4 replies      
Does this have a companion android/iOS app to upload location data?I really like the idea of self hosting something like this.
jayxie 4 days ago 0 replies      
Exciting stuff, it would be amazing to build an AI layer on top of this that mines your browsing habits (depending on your paranoia settings) and automatically generates agents based on your interests.
platz 4 days ago 3 replies      
Excluding the UI, I wonder if storm is a more robust, if more complex, option to do the same types of things: http://storm.incubator.apache.org/
weavie 4 days ago 0 replies      
This sounds like an excellent project to make use of my raspberry pi.
rcyeager 4 days ago 1 reply      
Another Pipes+IFTTT tool: https://wewiredweb.com
okhan 3 days ago 0 replies      
I was just building exactly this, only worse. Looks really great.
zwentz 4 days ago 0 replies      
This would be very cool for automating parts of AWS. Inclement weather coming? Or an earthquake? Start spooling up servers in another region.
SloughFeg 4 days ago 1 reply      
Is there an online sandbox anywhere to check it out? A project like this simply calls out for their to be a live demo.
kirk21 4 days ago 1 reply      
Where can you get an invite code? http://snag.gy/xh6uk.jpg
fujipadam 2 days ago 0 replies      
This is awesome but is there a tool like this in php? I am looking for a easy visual scraper
notastartup 4 days ago 1 reply      
what would be great is if each agent was somehow able to obtain it's own ip address.
psaintla 4 days ago 2 replies      
Am I missing something or is this just another rules engine?
dfc 4 days ago 1 reply      
You are doing it wrong. Colin's style is more like this:

  Previous discussion of the project:  https://news.ycombinator.com/item?id=7582316 # Yesterday  https://news.ycombinator.com/item?id=5377651

Gabriel Garca Mrquez, Literary Pioneer, Dies at 87 nytimes.com
474 points by antr  1 day ago   147 comments top 31
simonsarris 1 day ago 8 replies      
Oh my. A paragon of magical realism and my second favorite author. Rest in peace.

Liking storytelling alone is sometimes not enough to like Marquez, you have to love language too. He uses (some might say abuses) language to impact his storytelling, often using incredibly long, convoluted sentences to weave his narrative. It can be hard to follow, sometimes intentionally, but I find it enormously satisfying to read and follow along with his brain. Like slowly drinking a maple syrup of words.

One of the best examples is the first 15 or so[1] pages of Autumn of the Patriarch[2], where the narrator winds this thread of what has happened slowly, using sentences that span pages, until you realize a shift from what has happened to a sort of what is about to happen. Then a fist slams on the table and the realization strikes you that the first part of the description was a kind of set up, this beautiful ruse. I wish I could be more descriptive but it would give away the delight. It's a great book about terror and despotism.

Marquez is not the kind of thing you can read in a noisy environment. At least I can't. I adore him so much. I could write a eulogy for days.

If you've never read him, please take a moment to read one of my favorite short stories, A Very Old Man With Enormous Wings


(I've hosted a copy of it (and many more short stories) for ages because most of the copies on the web are plagued with ads and miserable formatting)

If One Hundred Years of Solitude seems too long for you, I urge you to look into some of his very excellent shorter books, such as Autumn but also Of Love and Other Demons[3] and Love in the Time of Cholera.[4]

(Chronicle of a Death Foretold is even shorter, but I do not recommend it as the first Marquez book you read!)

[1] It could be the first 10 or 30 pages, it's been several years, but I am certain it's one of the better (and shorter) examples of his style.

[2] http://www.amazon.com/dp/0060882867

[3] http://www.amazon.com/dp/1400034922

[4] http://www.amazon.com/dp/0307389731

rjtavares 1 day ago 10 replies      
Many years later, in front of the firing squad, colonel Aureliano Buenda would remember that distant afternoon his father took him to see ice."

Best opening line of a book ever. RIP.

chimeracoder 1 day ago 0 replies      
I read six of Garcia Mrquez's stories in school - my favorite was "The Handsomest Drowned Man in the World"[0] ("El Ahogado ms Hermoso del Mundo"). If you're looking to get a taste of his writing but don't have time to read an entire book, this short story captures his style very well.

In a similar vein is "An Old Man with Very Enormous Wings" [1] ("Un seor muy viejo con unas alas enormes"), which was referenced in R.E.M's music video for "Losing My Religion[2]

[0] https://hutchinson-page.wikispaces.com/file/view/The_Most_Ha...

[1] http://www.ndsu.edu/pubweb/~cinichol/CreativeWriting/323/Mar...

[2] https://www.youtube.com/watch?v=if-UzXIQ5vw

tdees40 1 day ago 1 reply      
My favorite Marquez story is that he never used adverbs ending in -mente, so he called his English language translator (Edith Grossman) and requested that she not use any adverbs ending in -ly.
russell 1 day ago 0 replies      
"One Hundred Years of Solitude" was the only book that everyone in my family ever read, me, my wife and my three kids.

"Mr. Garca Mrquez, who received the Nobel Prize for Literature in 1982, wrote fiction rooted in a mythical Latin American landscape of his own creation, but his appeal was universal. His books were translated into dozens of languages. He was among a select roster of canonical writers Dickens, Tolstoy and Hemingway among them who were embraced both by critics and by a mass audience." from the article.

But the article doesnt begin to do the book justice. The mythology is Colombian but it all is real to the reader. It is very worthwnile to read One Hundred Years along with a literary biography of Marquez. It was a wonderful experience for me. BTW my taste is purely science fiction.

r4pha 1 day ago 0 replies      
I absolutely adore this man. I was lucky to be given a portuguese-translated copy of "one hundred years of solitude" at the age of 16. I read it back then and loved the story itself and specially the beautiful writing style. About four or five years later I read it again in the original (even though I don't speak spanish very well) and was even more amazed about the beauty of it and about how _my_ interpretation of it changed. I loved everything I have ever read from him, but I loved "one hundred years" so much I even feel ashamed of trying to use my own words to describe it.
maceo 1 day ago 1 reply      
Let's not forget that GGM was a life-long socialist and a supporter of the Cuban revolution.

He spent many years living and Cuba and he considered Castro to be one of his best friends. He was a firm supporter of Chavez, and looked forward to the day that Simon Bolivar's idea of a united Pan-America would be realized. Because of this, he was prohibited from entering the US during the Reagan administration.

As much as I love his works of fiction, my favorite book of his is the first volume of his autobiography, Living to Tell The Tale. I've been patiently waiting for news about volume 2 and 3 ever since the first one came out in 2002. I have never heard anything about these -- whether they were ever written remains a mystery. RIP to a magnificent man who brought so much pride to the people of our scarred continent.

nfc 16 hours ago 0 replies      
RIP. I felt a shock when I discovered this when I woke up. He is probably the author that has influenced me more strongly in my literary tastes. Gabo wasn't just a great writer but loved by many in spanish speaking countries. His mastery of the prose and outstanding ability on his craft are laudable but Gabo was as well a great person. A friend had the chance to meet him in the context of his PhD, I guess I'll forever envy her for that.

Being this my first HN comment (thanks Gabo for the strength) I'll go all out with a second unrelated part of the comment, less emotionally charged but perhaps more HN-like:

There are many comments in the thread about the translation of the first sentence of "One Hundred Years of Solitude". Translating is such a hard task, there is no way part of the meaning/subtleties will not be lost in it since languages are not one to one. And even if we get to pass most of the meaning keeping the flow will be so hard except for very similar languages (spanish/portuguese). What is an impossible problem for computers is one as well for translators, we can only hope they give as a tasty human take on the task. I wonder if one day automatic translations of literary works will have a "style" options to simulate different translator sensibilities or we will settle for a winner-algorithm takes all the translations.

Something more I'd like to share, I'm very curious if other people feel the same because part of my homemade theory of the language depends on this :). I'm lucky enough to read high level literature in different languages, however even if I can appreciate it, the pleasure I experience while reading Spanish is in a different level. Somehow a similar experience happens while talking, I feel more strongly bound to spanish in a very subtle way, it's not something I usually notice, just on some occasions. I only started learning languages after 8. A possible reason is how the brain gets bound to words and language when very young, another is that I have lived more emotional experiences in that language. The second hypothesis would have to explain why I do not feel that way in french even if I've lived in Paris 10 years. Obviously one case study, apply a grain of salt ;)

paul_f 1 day ago 5 replies      
Can someone provide a quick summary of what was it that made Marquez so prominent? I had not know much about him at all.

FYI, if like me, you have trouble accessing the article, and using Chrome, right-click and open in an incognito window.

3am 1 day ago 2 replies      
Oh no... GGM was an underappreciated author in non-spanish speaking world (in spite of wonderful, gift translators... he was just an intrinsically difficult author to translate because of the poetic quality of his writing IMHO). Cien Anos de Soledad was one of the first non-trivial, non-english books I read. RIP.

edit: okay, removed 'really'.. I think he was underappreciated on a popular level, even though he was very well appreciated on a critical level.

jmadsen 14 hours ago 0 replies      
Much of what I read of his was in Spanish, a second language for me, but even so I could see his command of language was incredible.

Things like, in "Relato de un nufrago", the story teller has emotional ups and downs each chapter - and Garca Mrquez carefully chose words that sounded emotionally up or down, giving a sense of rising and falling on waves through the whole story.

That, detected by someone whose Spanish was "solid" at best - what a joy it must be for a native to read.

noname123 1 day ago 2 replies      
Can someone tell me what is the theme of "One Hundred Years of Solitude" as applied to modern society? I read the book awhile ago and appreciated greatly the various character sketches.

Unfortunately, the literary criticism that I sought out back then at liberal arts college, focused mostly on the metaphor of the European colonialism on Latin America (industrialization of the town with the rubber-plant, and the subsequent massacre of the residents after some kind of rubber-plant revolution, consequences of military rule and violent overthrows as embodied by Colonel Buendia and circular nature of the history, Spanish colonialism past long felt after Latin America became independent).

Tbh, I'm not really interested in the whole multiculturalism and ethnic studies rehashing the white guilt trope. However, I find the obsession of the various characters fascinating, the scientific obsession of the original patriach that eventually descended into madness, Colonel Buendia making little gold fishes, the incestuous natures of the whole family, some ethereal nympho character that doesn't speak a word and then one day transcend to haven much to the horror of the venerable matriarch. What is your interpretation of the book?

mcguire 8 hours ago 0 replies      
"In his novels and stories, storms rage for years, flowers drift from the skies, tyrants survive for centuries, priests levitate and corpses fail to decompose. And, more plausibly, lovers rekindle their passion after a half-century apart."

"Less plausibly"! "Less plausibly"!

Geeze. Someone needs to teach these goobs to write.

kartikkumar 20 hours ago 0 replies      
A deeply thoughtful literary great, to rank among the likes of Dickens, Cervantes and Dostoyevsky in my mind. Love in the Time of Cholera changed me, just like Crime and Punishment did. It affected me more than any other book has. At the time of my life when I read it, I felt that it spoke to my personal sensibilities. I followed that up with Memories of My Melancholy Whores, which I honestly think is his absolute masterpiece.

Gracias Seor Garca Mrquez.

jpdlla 22 hours ago 0 replies      
My first favorite novel in spanish was of GGM, "Relato de un nufrago"(The Story of a Shipwrecked Sailor). Many don't know but the full title is actually "Relato de un nufrago que estuvo diez das a la deriva en una balsa sin comer ni beber, que fue proclamado hroe de la patria, besado por las reinas de la belleza y hecho rico por la publicidad, y luego aborrecido por el gobierno y olvidado para siempre."(The Story of a Shipwrecked Sailor: Who Drifted on a Liferaft for Ten Days Without Food or Water, Was Proclaimed a National Hero, Kissed by Beauty Queens, Made Rich Through Publicity, and Then Spurned by the Government and Forgotten for All Time.)
KhalilK 1 day ago 1 reply      
His books were part of my adolescence, but "One Hundred Years of Solitude" was the essence of my formal education, I am sad he died but I am utterly glad he's lived.
anuraj 16 hours ago 1 reply      
I read Marquez's master piece '100 Years of Solitude' in my native language Malayalam 25 years ago and it got etched into my mind forever. In the next 2-3 years I read almost all the works of Marquez available in English. Later a lot more Latin American Authors including Borges, Huan Rulfo, Carpentier, Manuel Puig, Fuentes,Cortazar, Paz etc. became popular among the reading public in my region, but GGM was the one who started it all and remains one of my favourite writers of 20th century. Have a feeling that Marquez' did his best in the short story genre - despite his reputation as a novelist.

It is a coincidence that one of the first magical realist novels of my mother tongue - 'Khazakinte Ithihasam (Legends of Khazak)' also got published almost at the same time as '100 years of Solitude' was being published in Spanish and both works present highly resplendent and almost spiritual language and journeys (almost untranslatable).

Opening line of 'Legends of Khazak'- 'When the bus finally reached Kooman Kavu, the place did not seem unfamiliar to Ravi'.

noname123 1 day ago 7 replies      
OT but tangential any magical realism authors to read? So far, I got Marquez, Jorge Louis Borges and Murakami. And preferably recommendation should be good to provide philosophical consolation to a code monkey worker-bee in the capitalist society.
ch4s3 1 day ago 1 reply      
And now we may never know why Mario Vargas Llosa punched him in the face.
dvidsilva 1 day ago 1 reply      
I'm so 'proud' to see this here, hard to think of something to say so I'll put one of my fav quotes from him:

"She discovered with great delight that one does not love one's children just because they are one's children but because of the friendship formed while raising them."

interpares 20 hours ago 0 replies      
Here is a great interview with him in The Paris Review [1]. I love when he says,

"It always amuses me that the biggest praise for my work comes for the imagination, while the truth is that theres not a single line in all my work that does not have a basis in reality. The problem is that Caribbean reality resembles the wildest imagination."

I know the Caribbean very well and could not agree more.

[1] http://www.theparisreview.org/interviews/3196/the-art-of-fic...

jortiz81 13 hours ago 0 replies      
Many people in the US, when asked about Colombia, think of negative things; drugs, etc. Also, down in Colombia, the Caribbean coast was often looked down upon by those from the capital -- seen mainly as uneducated people with strange customs and a different way of talking. Gabriel Garcia Marquez uplifted not only the image of Colombia world-wide, but also the image and culture of the Caribbean coast. I am proud that my family is from that region and he made me proud to tell the world that I am Colombian. May he rest in Peace.

Also, I think this quote (from an article in NPR) sums up why he's so admired in Latin America:

"Garcia Marquez is speaking about all the people who are marginal to history, who have not had a voice. He gives a voice to all those who died. He gives a voice to all those who are not born yet. He gives a voice to Latin America."

Myrmornis 18 hours ago 0 replies      
The spanish department at Princeton was kind enough to let me take a Spanish class while a visiting post-doc. It was great for learning Spanish. But it was so, so painful to see the sorts of pretentious bullshit that the undergraduates were inspired to produce by reading pieces by Marquez, and other South American authors writing in the "magical realist" style. I remember enjoying "Love in the Time of Cholera", and I am sure Marquez himself was great, but in general that sort of crap is exactly what you don't want your children wasting their time studying at university, and potentially misdirecting their professional lives thereafter through an underapprecation of the fact that there is aesthetic beauty in actual real stuff and facts about how the world really works.
Narretz 17 hours ago 0 replies      
Coincidentially, a few weeks ago I put Marquez on my to-read list. Bein a native German, my first choice was naturally the German translation. English wouldn't be a problem though, so I wonder which one I should choose. Granted, in the end the books shouldn't suffer a lot from translating.
deckardt 1 day ago 1 reply      
This is one of the reasons I keep reading Hacker News. It's a great source for cutting-edge tech news; more importantly, it's also a great source for important news.
maceo 1 day ago 1 reply      
In his autobiography he tells a story I love.

While writing 100 Years of Solitude he listened to The Beatles' A Hard Day Night album on repeat. After the book was published he received a letter from a group of Mexican college students who asked him if he was listening to A Hard Day's Night when writing the book, because they felt the album in his words.

camus2 1 day ago 0 replies      
As a programmer and a poetry/book lover, it is sad news, plrease have a 5min break from whatever code you are writing(on your free time of course) to check this author out!
rafaelvega 1 day ago 0 replies      
I once met this american guy who told me in fluent spanish that he went and studied the spanish language after reading one of GGM's books because he wanted to read it in it's original language.
iraikov 1 day ago 0 replies      
His writing was like poetry and song, all in one.Second best opening after "A Hundred Years of Solitude":

"It was inevitable: the scent of bitter almonds always reminded him of the fate of unrequited love. Dr. Juvenal Urbino noticed it as soon as he entered the still darkened house where he had hurried on an urgent call to attend a case that for him had lost all urgency many years before. The Antillean refugee Jeremiah de Saint-Amour, disabled war veteran, photographer of children, and his most sympathetic opponent in chess, had escaped the torments of memory with the aromatic fumes of gold cyanide."

jseip 21 hours ago 0 replies      
100 years of solitude will stand as one of the world's greatest literary works for the next ~1000 years. RIP GGM
psantacr 7 hours ago 0 replies      
Gracias por todo Gabo!
TurboTax Maker Intuit Funnels Millions to Lobby Against Easier Tax Returns techcrunch.com
443 points by acjohnson55  3 days ago   180 comments top 42
bpeebles 3 days ago 4 replies      
Virginia's Department of Taxation used to have a pretty decent online tax website. It was shutdown because of lobbying such as this. There was a year when no free online filing so I took the extra effort to do a paper return that year. Even FreeFilableForms are run by the Free File Alliance which is part of the group that lobbies against the IRS and state taxation departments from doing their own filing websites for personal profit. So they make sure that their own free filing options are just good enough to be barely acceptable while making their paid (for filers with income over ~$58k) options seem much more attractive.

Between this and intentional complexity of the tax system that hinders making the IRS more efficient and hides true tax rates that corporations and higher income people... I dunno, it's one of the blacker marks against America in this aspect of policy.

But I've without doubt decide I'll try as hard as possible to never, ever pay a company like that to file tax returns.

eli 2 days ago 1 reply      
This TechCrunch post is a rehash of last year's ProPublica investigation: http://www.propublica.org/article/how-the-maker-of-turbotax-...

Might as well at least mention this year's revelation, which is that they fund fake Grassroots campaigns against tax reform: http://www.propublica.org/article/turbotax-maker-linked-to-g...

nixy 2 days ago 5 replies      
I lived in the US last year and just finished my taxes. It was unbelievably complicated and confusingeven using Turbo Tax. Never seen the likes of it.

This is how I do my tax return in Sweden:

1. Receive equivalent of W2, but all returns are already pre-calculated since the Swedish IRS knows all it needs to know to be able to prepare my returns.

2. If I'm happy with my W2 and pre-calculated returns, I simply send a text message with a PIN code to submit my returns.

3. If I'm not happy with my pre-calculated returns, I make the necessary changes in a simple form and mail it back to the IRS. Most people never do this.

bbanyc 2 days ago 2 replies      
Many foreigners are puzzled about why we Americans complain so much about our taxes, when they aren't particularly high by global standards. A major reason is that our taxes are particularly intrusive and annoying by global standards.

This also goes for consumption taxes - a 9% sales tax added at the register feels more intrusive than a 20% VAT included in the price tag, even though the VAT is much higher.

ryanobjc 3 days ago 4 replies      
It's really too bad, their basic product - turbo tax free file uses the 1040 EZ form and can be confusing.

My gf who is a student was told by turbotax she owed over $300, after doing it on paper, the old fashioned way, the tax liability was 0. Why? The tuition deduction didn't apply on the EZ version of the form.

Ultimately turbo tax takes a conservative, strict and rigid approach to taxes, but as anyone knows this isn't the reality of doing taxes. For anyone with a moderately complex return, I think it's better to hire a tax professional, then at least you'll LEARN something for your money (which can be about the same amount!).

SeanKilleen 2 days ago 5 replies      
This is probably better left for "Idea Sunday", but I keep coming back to the fact that:

* We have languages for defining business processes & workflows (e.g. BPMN/BPML);

* We have open-source workflow engines (such as Activiti in Java and others all over the language spectrum) that utilize BPMN and terms;

* We have open-source ways of maintaining changes to these things over time.

I know it would be a monumental task, but why not start an open-source org to tackle Tax visibility at Federal and State levels?

With enough civic-minded hackers and accountants (both of which I believe exist), we could begin the process of transcribing the tax code into an interchange format. Then as we begin to see the updates each year, we can track the changes via source control.

Does anybody know if efforts like this have been undertaken anywhere else? Otherwise, I may have found my passion project.

Furthermore, does anyone know anything about the process by which Intuit makes this happen? They clearly have workflows and inputs into them; they had to get there somehow. I'd be interested in any/all knowledge that could be opened up on this.

brianstorms 2 days ago 2 replies      
This should not come as any surprise, really. This is what mature companies do once they achieve any level of monopoly that could be threatened with new legislation that benefits the public (and other businesses) but could hurt the monopoly. This is what the auto dealers are doing: after enjoying decades of control and a cozy relationship with legislators, they're threatened by upstarts like Tesla. But then at some point, if and when Tesla wins, it'll have to deploy its own army of lobbyists to keep the new status quo going.

It is what every web and mobile startup, it seems to me, deep down aims for: a monopoly, an unfair advantage. It is what, between the lines, you are taught at YC and what every VC expects of the "unicorn" portfolio companies that strike it rich. Fight to get to #1, wipe out the competition, reap the winnings, and, oh yeah, strike down any threats from, you know, up-and-coming competitors. So it goes.

It's business. It's ugly. If you don't like it, why are you doing a startup? If your startup is wildly successful and IPO's and turns into a giant, you don't think you will have to pay a lot of lobbyists to control the legislators?

japhyr 2 days ago 1 reply      
I don't mind paying taxes. But I was definitely cursing this last week as I spent hours filling out forms to calculate numbers that the IRS has already calculated on its own.

I want a letter in the mail saying, "If you don't fill out any paperwork, this is the amount we will return to you/ bill you for. If you get a different number, send in your paperwork by 4/15."

Doing taxes is a ridiculous waste of most people's time.

Oculus 2 days ago 1 reply      
This makes me wonder how much of the government's incompetence is from companies lobbying for the government to keep its old ways.
CoachRufus87 2 days ago 0 replies      
Bigger story: our government can be bought for the low price of $11.5 million.
cpwright 2 days ago 0 replies      
The current software is also just bad. I used to use TurboTax, but now I'm using TaxCut. TaxCut has the following issues, which are really just stupid at this point:- Even though it could import last years return, it needs me to tell it how much of my 2012 tax refund from the state should be counted as 2013 income. I have to recalculate my last year's tax liability based on a lower deduction (because AMT may or may not erase the deduction anyway).- It tells you that you have a slightly increased audit risk for one of about 5 different reasons, that are mutually exclusive and only one of them applies to my return.

This is the stuff that a computer can do very well, but is tedious and error-prone for me.

Moreover, the last time I used TurboTax and I'm sure this is true with TaxCut still, it wants me to decide if I want to file jointly or separately. Why in the world should I have to make that decision or do the returns twice. The software should be intelligent enough to do the calculations both ways, and present the better answer, with the option to overrule it.

If the government was making this software you could see it being this bad, but these companies are supposedly competing to do it; but it is still awful. Arguably, this is because the tax system is awful, but most of this is just coasting.

I also would expect that the state software wouldn't be very good (at least for unpopulous states), but most of my issues are with the federal return.

clogston 2 days ago 6 replies      
Disclaimer: I used to work for Intuit/TurboTax and am now building a product in the same space. On topic: They rightly get beat up for this, and get beat up for their lack of pricing transparency, but somehow manage to always receive a pass on the software itself. IMHO it's pretty atrocious... Sure, the math is almost always right but the math is a commodity. The experience itself is overly-verbose and littered with repeat questions, confusing questions, open-ended questions.

I don't know anyone who genuinely enjoys using TurboTax. I'm surprised there isn't more legitimate competition in this space.

onislandtime 2 days ago 1 reply      
So pathetic to have to even have to debate the benefit of IRS providing a website to file taxes. The free filing for income lower than $58K is a scam. If you have a 1099 for $1000 or capital gains of $500 you are out of luck, it is impossible to know what they will charge until after you enter the data. That's what this assholes call innovation. The only explanation is that Intuit is influencing members of congress with money, that's a crime. There is no possible argument to justify forcing 100 million people to waste time on something that should be trivial for most people.
sirdogealot 2 days ago 0 replies      
Recently sitting down and manually preparing my taxes for the 9th year in a row now... I am not surprised.

This type of tax-code-manipulation must certainly have been happening since the dawn of time. That, or it was written to confuse the public on purpose.

Finding, reading, learning and understanding the tax code is no mean feat for a layman that was told nothing of it in school (none of us Canadians were taught taxes in public school). And this is coming from a relatively smart person who willingly reads cryptography papers and learns new programming languages for fun.

How much more difficult does TurboTax propose that the IRS make filing? Should we get individually filed returns notarized by our deceased relatives as well?

It usually takes me about 12-24 straight hours of work, and this is for a simple sole-proprietorship that just tallies up income and deducts expenses.

I manage to get it done properly and on time every year, but realizing so many schortcuts along the way that "they" could be making for us yet fail to year after year... it's really quite infuriating.

That, and the fact that I have to do the work to figure out how much I owe them. :/

I am proud to have completed my taxes myself and will strongly urge everybody I know not to vote for TurboTax with their wallets and why.

todd8 2 days ago 1 reply      
The crazy complexity of the US tax system is worse than it appears. There is a non-linear increase in complexity as one goes up the income scale. Have a few investments? More complexity. Real estate investments? More complexity. Starting a company? Even more complexity. Reasonably diversified individuals that have perhaps sold a company or two can expect a rough time.

One reason the complex system is tolerated is that the people it really hurts are very few. A friend of mine has never been audited and does nothing shady but spends roughly $30,000 on tax accountants every year preparing his returns because they are so complex. Fortunately for the rest of us, we just have to waste an inordinate amount of time with Turbo Tax.

yxhuvud 2 days ago 0 replies      
Swedish procedure (unless you have slightly more complicated stuff like stock ownership):

Go to tax agency home page and login there.

Go to the form for normal taxes.

All values are prefilled. Check two boxes (if you want to register two very common deductions).

Save and back up one step.

Submit tax declaration by looking through all numbers again and clicking submit.

tn13 3 days ago 0 replies      
I filed my returns once with turbo tax since then I have been using that form as a reference to file my other returns myself!.
willtheperson 2 days ago 1 reply      
While doing my taxes I was wondering why there isn't a startup in this space.

Turbotax:- Has a terrible UX/UI- It has to update itself with a 100mb payload every time you open it from Jan 1 - Apr 15- Doesn't actually advise you how to plan for your taxes. It's reactive to what you did.- Uses shady pricing and lots of versions to get you to spend more instead of just being straightforward.- Works hard to make you dependent on them

When you hear about the rich only paying 10%, 15% or whatever low bracket; they did it by putting their money in the right places and sometimes investing or spending it at the right time.

Where is the startup that is basically my accountant without the cost? Can we really not programmatically understand tax code and financial strategy?

arebop 2 days ago 0 replies      
I've been wondering if there's a PAC I could contribute to that would offset my Intuit funding.
mleonhard 2 days ago 0 replies      
According to Intuit's 2013 Annual Report page 41 [1] , they had $1.5B in Consumer Tax product revenue, which is primarily derived from TurboTax Online. That is 35% of their $4.2B total revenue in 2013.

They're creating a lot of ill-will for 35% of their business.

[1] http://investors.intuit.com/files/Intuit%20FY13%20Form%2010-...

nness 2 days ago 0 replies      
As an interesting aside, Australia's taxation department, the Australian Taxation Office, provides a completely free piece of software each year called e-tax (http://www.ato.gov.au/Individuals/Lodging-your-tax-return/E-...).

It walks you through filling out your tax lodgement step-by-step and even calculates your expected return. It's not the nicest piece of software, but after having read this article, I am greatly appreciative that it exists at all.

ecolner 2 days ago 0 replies      
* Not trying to piss off PG. I honestly don't know the rules about gathering supporters on HN, but this is in the spirit of the community I hope *

If anybody would like to use their skills to fix this issue with me (ex Intuit TurboTax engineer) please hop over to this Ask HN and send me a message (email on thread). Also check the website for a bit more context: http://taxcompactor.com

It's a pretty big project, but it's very doable by a small team from this community. Tax preparation is fundamentally a software engineering problem, which is convenient.

Need everything from testing to project management with myself floating between roles. Remote is welcome - I'm in California. We'll use Basecamp, Github, Jira, Skype? to work - productivity suggestions welcome of course. True collaboration and fair equity.


There are a few really great folks that have already reached out. Email me for details and we'll go from there. I'd love to hear from you.

wiradikusuma 2 days ago 1 reply      
While we're on this topic, if you're a US citizen and you have a company, I would like to ask:

1. If I incorporated a C-Corp on June 2013, and I told my lawyer I want my fiscal year to end by March 31, when is the deadline to file the tax? Is it still April 15? (I hope not, I haven't filed)

2. Is there any free tax filing solution for business? Considering my company has zero revenue (it doesn't even run, but that's another story).

FYI, I'm not a US citizen.

zobzu 2 days ago 1 reply      
in my experience...

in germany filling taxes took me about 5min.. that really because you need to go get a paper and give it to your company. Its otherwise more like 0 minutes since theres barely anything to do (which is.. logical, as its pointed out, they already have the data).

in the US, after hours and hours of reading and trying to do it myself, its still hell. using turbotax means its going to take 30min instead of a month; all that for "$30 a year" or close to that.

That's certainly fucked up.

grandinj 2 days ago 0 replies      
Even "third-world" countries like South Africa have e-filing for taxes....
nathan_f77 2 days ago 3 replies      
Just moved to the US last year, and used Turbo Tax to file my tax returns. It was alright, but in New Zealand, we don't generally have to jump through all these hoops.

I guess it would be nice if there were a free alternative to TurboTax, but at the same time, I kind of don't really care, so I'm happy to let them get away with whatever they're doing. I know Lobbying isn't illegal in the U.S., and I don't think it's all that immoral either.

gamed 2 days ago 0 replies      
This is a typical example of rent seeking behaviour. Companies spending money on lobbying without creating wealth. Unfortunately tax is one of the core functions of government and will always be vulnerable to this sort of manipulation of the political process.
001sky 2 days ago 2 replies      
Intuit has spent $11.5 million lobbying the federal government...

$10MM seems like a pittance. That's like what...2 minutes of superbowl ads? Can you really buy legislation for this cheap?

novalis78 2 days ago 0 replies      
Tax procedure on Mars: Go to your government's website and send them some Marscoin on the kickstarter project of the week or equivalent tipping addresses. Or have some AI distribute a percentage of your funds on your behalf based on some predefined rules.
thrillgore 2 days ago 0 replies      
Well color me shocked. A company using lobbying to protect its sources of revenue.
harywilke 2 days ago 0 replies      
i'm surprised how many people do not use accountants to prepare their taxes. i tried turbotax or one of it's ilk my first year out of college. it showed me owing 7k. after freaking out i got in contact w/ my brothers accountant. i ended up getting a refund of 700. it's not my job to know the ins and outs of the tax code or to keep up on what has changed since last years filings.hire an expert.
AznHisoka 2 days ago 1 reply      
More reason to hate Turbotax. Their commercials are ridiculous too - NO, doing my taxes is not a way to summarize y year achievements...idiots
mfisher87 2 days ago 0 replies      
I don't understand. I asked them specifically not to do this in my survey after completing my return.
sseveran 2 days ago 0 replies      
And anyone is surprised because...?
obeid 2 days ago 0 replies      
WHAT? a corporation that capitalized on the government's incompetence, is doing everything in their power to make sure things stay the same.

No come on you guys, April first was two weeks ago.

joshdance 2 days ago 0 replies      
As the witch from Princess Bride would say, "Booooooooo! BOOOOOOO!".
christemmer 2 days ago 1 reply      
How can lobbying such as this not be seen as corruption, but as a perfectly legal (but most importantly "right") thing to do?
whoismua 2 days ago 0 replies      
Before this is settled, the tax code should be made simpler with black or white options. A tax preparer saved me a few thousand dollars once by asking the right questions (school tuition). The same for my corp CPA.

The "free" tax return would serve who exactly? What if the government "forgot" to mention a few tax breaks? Maybe the government should offer free tax returns for the plain and simple ones or for those with very low incomes. Paying $50 to $100 to do your taxes when you pay, say $10K in taxes, isn't much.

US axes are very low compared to Sweden and most EU countries.

obeid 2 days ago 0 replies      
WHAT? a corporation that capitalized on the government's incompetence is doing everything in their power to make sure things stay the same.

No come on you guys, April first was two weeks ago.

snowwrestler 2 days ago 2 replies      
I question the idea that the government could build better tax prep software than Intuit or other private companies. I don't think the Feds are known these days for performant, efficient, easy-to-use large scale consumer web applications. At a minimum I think discussion along those lines should wait until federal IT procurement is reformed.

It's also worth noting that the article is not talking about the actual complexity of the tax code itself. As far as I know, Intuit is lobbying on the subject of tax preparation technologies, not lobbying against tax simplification in general. (As some comments seemed to imply.)

sunsu 2 days ago 1 reply      
If you were running Intiut, would you do anything differently? The TurboTax product is built on the fact that the Tax code is complicated. Of course they're going to lobby against tax reform.
webwielder 2 days ago 4 replies      
I used to boycott TurboTax because of this. But then I realized that Intuit is just playing the game. Why wouldn't they do everything they can to sustain their business (well, a sense of moral decency, I guess, but that's a big ask)?

The real root of the problem is of course our broken political process.

Better bash in 15 minutes robertmuth.blogspot.com
441 points by wsxiaoys  3 days ago   148 comments top 21
phaemon 2 days ago 0 replies      
If you're using:

    set -o errexit # or set -e if you prefer
Then you probably also want:

    set -o pipefail
Otherwise, it only checks that the last command succeeds, so something like:

    ls *.ssjkfle | wc -l
will actually continue as success despite the "ls" failing.

rshm 2 days ago 2 replies      
'set -o nounset' is a must have. I Just suffered this script from Samsung Printer setting Utility. sudo ./uninstall wiped the /opt

  DEST_PATH=/opt/$VENDOR/$DEST_DIRNAME  #remove destination  VERSION=`cat "$DEST_PATH/bin/.version"`  if rm -fr "$DEST_PATH"; then  echo "INFO: $APP_NAME (ver.$VERSION) has been uninstalled successfully."  ...

narsil 2 days ago 2 replies      
Another useful capability I use to do cleanup is `trap`.

    function cleanup {        ...    }    trap cleanup EXIT
See more here: http://linux.die.net/Bash-Beginners-Guide/sect_12_02.html

kirubakaran 2 days ago 3 replies      

  #!/usr/bin/env bash
Instead of:

This makes the script more portable as you don't rely on bash (or any executable) to be in /bin.


ygra 2 days ago 0 replies      
I love the very last list Signs that you should not be using a bash script. That should be a required part of every language/tool introduction/tutorial.

So very often people lose track of when to use what tools. (Although admittedly, so very often people are forced into some tools by external constraints.)

oneandoneis2 2 days ago 1 reply      
A link on HN about improving bash and it wasn't instructions on how to install zsh. I'm pleasantly surprised :)
earless1 2 days ago 4 replies      
I'm glad this included the "Signs you should not be using a bash script" section. Bash is a very good solution for many cases, but it becomes downright unruly when dealing with a lot of string manipulation and more complex objects.
rtpg 2 days ago 3 replies      
are we going to get a better bash at one point? I've always felt like the only thing bash scripts are good at describing is I/O redirection. But conditionals, dealing with variables, pretty much everything else is frustrating and error-prone

I use fish as my main shell and its slightly better, but just testing things on variables can be a huge mess.

sleepydog 2 days ago 0 replies      
I found this web page, from the author of musl libc, very insightful:


Shell scripts are great, I use and write them every day (and quite advanced ones, too). But it's very hard to make a shell script robust.

Unfortunately it's hard to find a replacement that is stable and installed everywhere. Perl is pretty close. And python too, if you are careful about making your script compatible with all the different versions.

mateuszf 2 days ago 2 replies      
Nice here document feature I have found recently is heredoc with pipe, e.g.

  cat <<REQUEST_BODY |        {    "from" : 0,    "size" : 40  }  REQUEST_BODY  curl http://localhost -d @-
It allows to pass heredoc text to standard input of next command.

dingaling 2 days ago 1 reply      

  complete -r
disables Bash 'smart tab completion', which in theory is a great idea ( use tab to complete arguments or only list files applicable to the program ) but which never seems to work properly for me.

Disabling it saves a lot of frustrated tab-banging.

zx2c4 2 days ago 0 replies      
If you'd like to see a decently written piece of bash that incorporates many of these suggestions, check out pass, the standard unix password manager.

Project page: http://www.zx2c4.com/projects/password-store/Source: http://git.zx2c4.com/password-store/tree/src/password-store....

Karunamon 2 days ago 3 replies      
Try moving all bash code into functions leaving only global variable/constant definitions and a call to main at the top-level.

One of my main complaints with bash.. the file is evaluated in order - you can't call a function on the line before it's declared.

This fails:

    #!/usr/bin/env bash    bar='bar'    foofunction    foofunction(){      echo 'foo'      echo $bar    }
Basically you have to write your entire script in reverse, and i'm unaware of a good way to get around it.

hyp0 2 days ago 2 replies      
Excellent, bash the good parts. More than 15 minutes though.

Googling bashlint, shlint turns up some discussion (bash -n, ksh -n, zsh -n, some github projects), but I doubt they cover this article's specifics - though most (all?) of it could be automatically checked. I think some could be automatically added (e.g. set -o nounset) - perhaps a bash-subset (or coffeescript-style language) possible...

njharman 2 days ago 1 reply      
>> This will take care of two very common errors:>> Referencing undefined variables (which default to "") >> Ignoring failing commands

Better is subjective... About half my scripts depend on those features. For default arguments, and fail early.

cynik_ 2 days ago 1 reply      
I'd really recommend using `set -x` or `bash -x script` to sanity check all the commands and expected output.

See http://www.tldp.org/LDP/Bash-Beginners-Guide/html/sect_02_03...

voltagex_ 2 days ago 0 replies      
I also like http://google-styleguide.googlecode.com/svn/trunk/shell.xml but of course some things that work well for Google might not work for you.
knyt 2 days ago 0 replies      
The author uses ${} a lot more than I see in most code. Is it helpful to always use the ${var} syntax instead of simply writing $var?

I can see universal application of ${} being advantageous in avoiding accidental "$foo_bar where you meant ${foo}_bar" situations, and ${} makes it clearer that you're referencing a variable. The only cost would seem to be more typing.

dllthomas 2 days ago 0 replies      
One thing I've liked is throwing ${PIPESTATUS[*]} at the front of my PS1.
celebril 2 days ago 1 reply      
Or you can just use Zsh, which is superior in any way to Bash. ;)
dsfadadsffd 2 days ago 3 replies      
There is no need for long set flags, e.g. use

  set -e
and not:

  set -o err

The Guardian and Washington Post win the 2014 Pulitzer Prize for Public Service pulitzer.org
421 points by danso  4 days ago   41 comments top 9
etiam 4 days ago 1 reply      
In terms of importance, I think this was practically a given, but I've seen statements from people doubting if the Pulitzer Prize Board would have the courage to make a decision that still wouldn't sit well with certain powerful people.

Turns out they did. I'm very pleased to see that. Congratulations to the winners!

jwr 4 days ago 1 reply      
...while Edward Snowden, the source of all the information they published, is being hunted down and prosecuted.


danso 4 days ago 0 replies      
Journalism geekery: the "Public Service" award is often considered the best of the Pulitzers, partly because it is relatively equally distributed among smaller, lesser-known organizations as well as the big organizations...so it's sort of a implicit statement on how great journalism shouldn't be dependent on market size and staff resources.

So when a big organization like the Washington Post, and the Guardian US, win it, that's a strong statement. They could've just as likely been given the National or Investigative reporting awards.

(also, unlike the other prizes, there is no cash prize for the Public Service award)

The WaPo has won it before, including for Watergate and the Walter Reed investigation: http://www.pulitzer.org/bycat/Public-Service

hpriebe 4 days ago 1 reply      
Interesting to see that the runner up - Newsday - was selected for using digital tools to expose shootings, beatings and other concealed misconduct by some Long Island police officers. This highlights the increasingly complimentary role of digital tools and traditional reporting.

Anyone know what kind of digital tools they used?

Anyone know of other digital tools journalists/the press use to investigate/uncover content?

lawnchair_larry 4 days ago 1 reply      
So I guess Glenn Greenwald is officially a journalist.
spacefight 4 days ago 0 replies      
This is great news and well deserved. I hope that the price strongly motivates those in charge at either news company to press on with their coverage.
e15ctr0n 3 days ago 0 replies      
The full list of winners[0] and runners-up[1] is available on pulitzer.org.

[0] http://www.pulitzer.org/node/8501

[1] http://www.pulitzer.org/finalists/2014

subdane 4 days ago 0 replies      
The awards are for breaking the Snowden secret surveilance revelations.
dobbsbob 4 days ago 1 reply      
No love for Der Spiegel?
Kernel 101 Lets write a Kernel arjunsreedharan.org
400 points by slashdotaccount  4 days ago   100 comments top 21
deathanatos 3 days ago 1 reply      
I kinda wish some of the FS utilities were better. Despite FUSE, mounting a block device (like, disk image) as a non-root user is tough, so writing to an image with actual partitions/FS on it is difficult, especially to script, especially if you don't want to sudo in a build script. losetup on a disk image doesn't (to my knowledge) detect partitions for reasons unknown to me.

Bootsectors are similar. You can't just install grub to a disk image. (You have to losetup it, at the very least, which implies root. Why can't I just install to a file?)

You want a script/build system that allows you, at the very least, to:

1. Code.2. Run build system/script.3. Fire up qemu or similar.

You can't be rebooting. Ideally, it'd be great to do this in userspace.

That said, if you're starting out, just do [boot sector] + [kernel] = tada image until you need to do otherwise. (Really, do whatever works and is easy.)

That said, I've found a few somewhat helpful tools.

fuseloop[1] takes a file and offset/size, and exposes a single file. If you have a partitioned disk image, then you can feed it the partition offset, and it gives you back something you can format as an FS. (e.g., you can run ext2fs on.)

Then there's fuse.ext2[2], which mounts an ext2 FS on FUSE, so non-root usable again. Note that I'm linking to my fork of it, since the original didn't build for me, but I didn't write it. (Which I fixed, and sent a pull request, but never heard back.)

Finally and sorry to peddle my own stuff again I wrote a Python library for dealing with the MBR.[3] I use it to figure out offsets and sizes in a disk image.

I've had a bit of fun writing a boot loader, and I've managed to get it to load up its stage 2 and switch to 32-bit pmode. Had a fun error where a division instruction was throwing things into a triple fault; see [4] if you want to see how a division instruction can fail without dividing by zero (which was the first thing I checked). The disk layout is currently:

  [boot sector] [stage 2] [kernel] [ partitions, FS, real data, etc. ]
stage2's size is hard coded into the first sector of stage 2 (into itself), and the kernel's location and size will be similarly hard coded into it as well. (When I get there. Disks in pmode are different, as you can't just have the BIOS do all the work for you, sadly!) And by hard-coded, a build script calculates and just re-writes a few bytes.

[1]: https://github.com/jmattsson/fuseloop

[2]: https://github.com/thanatos/fuse-ext2-fakeFS

[3]: https://github.com/thanatos/pymbr

[4]: http://stackoverflow.com/questions/21212174/why-cant-i-step-...

exDM69 3 days ago 1 reply      
This seems like a good start but it's worth noting that it isn't guaranteed to work correctly.

The problem is that the control is passed to C code with no stack space set up. It works out of pure luck because the compiler has decided to keep all variables in registers and changing your C compiler flags might make this fail in interesting ways.

Another thing that is missing is clearing the .BSS section before passing control to the C code. It's not used at the moment, though.

I am pointing these things out because in my own Ring0 programming projects I spent a lot of time debugging some failures related to stack space and an un-initialized BSS section.

akkartik 4 days ago 1 reply      
I got this running on qemu by cannibalizing a tiny bit of code from xv6 (http://pdos.csail.mit.edu/6.828/2012/xv6.html) to replace the GRUB dependency. After cloning and building mkernel according to its instructions:

  $ git clone git://pdos.csail.mit.edu/xv6/xv6.git  $ cd xv6  $ make
Now you should be able to run xv6 by itself:

  $ path-to-qemu/x86_64-softmmu/qemu-system-x86_64 -serial mon:stdio -hdb fs.img xv6.img -m 512
To run mkernel on qemu, we'll replace xv6's kernel with mkernel's:

  $ dd if=/dev/zero of=mkernel.img count=10000  $ dd if=bootblock of=mkernel.img conv=notrunc  $ dd if=../mkernel/kernel of=mkernel.img seek=1 conv=notrunc
Now you can boot up the mkernel.img rather than xv6.img:

  $ path-to-qemu/x86_64-softmmu/qemu-system-x86_64 -serial mon:stdio -hdb fs.img mkernel.img -m 512
(Based on xv6 at hash ff2783442ea2801a4bf6c76f198f36a6e985e7dd and mkernel at hash 42fd4c83fe47933b3e0d1b54f761a323f8350904. Ping me if you have questions; email in profile.)

bebop 4 days ago 0 replies      
This is a great resource for anyone who would like to take this further: http://wiki.osdev.org/Expanded_Main_Page

In particular, setting up interrupt handlers, paging, and getting a PIC setup is pretty neat.

grahamedgecombe 3 days ago 0 replies      
There's a slight problem in this tutorial in that it assumes ESP (the stack pointer) will be defined by the boot loader to point to an appropriate location for the stack. However, the Multiboot standard states that ESP is undefined [1], and that the OS should set up its own stack as soon as it needs one (here the CALL instruction uses the stack, and the compiled C code may well too).

An easy way to solve this is to reserve some bytes in the .bss section of the executable for the stack by adding a new section in the assembly file:

  [section .bss align=16]    resb 8192    stack_end:
Then before you make use of the stack (between `cli` and `call kmain` would be appropriate in this case), you need to set the stack pointer:

  mov esp, stack_end
[1]: https://www.gnu.org/software/grub/manual/multiboot/multiboot...

ahelwer 4 days ago 1 reply      
Neat read so far! Not done yet, but I think I've found a small error in kernel.c: the attribute byte of the characters in "my first kernel" should be set to 0x02, not 0x07.

edit: I misread. 0x07 is intentional, 0x02 was mentioned as an alternative. Good post!

mbillie1 4 days ago 2 replies      
Very cool. I personally (as a developer without a CS background) find these sorts of posts wonderfully interesting, even if this kernel, as pointed out in this thread, lacks a lot of what a normal kernel does. I'd love to see one of these for a compiler!
boulderdash 4 days ago 2 replies      
If anybody is doing this, let me share some words of advice based on experience.

Please use a virtual machine instead of doing this on your primary machine.You eliminate the risk of messing up your machine. Also, if you setup the VM properly, you get a debugger.

tbrock 3 days ago 2 replies      
This was fantastic. My only question is, how does one gain knowledge of the required x86 hardware specifics he mentions? I don't know where to begin looking to uncover these sorts of things:

  - The x86 CPU begins execution at the physical address [0xFFFFFFF0]  - The bootloader loads the kernel at the physical address [0x100000]  - The BIOS copys the contents of the first sector to physical address [0x7c00]
Is there an x86 instruction manual or is this sort of thing passed down through generations of engineers?

kyberias 4 days ago 8 replies      
I'm not exactly Linus Torvalds but I'm pretty sure a program that prints one line of text is not "a kernel". :)
AdrianoKF 4 days ago 2 replies      
Looks great, will keep an eye on this!

I also really enjoyed James Molloy's OS kernel development tutorial at http://www.jamesmolloy.co.uk/tutorial_html/, which takes you from "Hello World" to some real toy OS kernel implementation.

aaren 4 days ago 3 replies      
Can anyone give me an idea how much different this would be for 64bit? Do I just change the nasm directive to `bits 64`?
dkarapetyan 4 days ago 1 reply      
I really like the new HN. Quality of articles is way up.
jonalmeida 3 days ago 0 replies      
I just finished an Operating Systems final today and the entire class was conceptual and learning fundamentals, while I craved to get my hands dirty and actually try to make a simple OS.

I'll definitely be playing around with this. Thanks!

tpush 3 days ago 0 replies      
I have done the same, sort of, only eschewing BIOS for UEFI and thus getting straight to Long Mode :-).

It's pretty basic, currently just boots up and prints the memory map.

It's written in C++11 with the aim to be as clear as possible: https://github.com/thasenpusch/simplixHave a look :-).

zenbowman 4 days ago 0 replies      
Looks great, looking forward to dive into this.
anarion 3 days ago 0 replies      
Why kernel tutorials always say they need nasm. Gcc already comes with an assembler so simply use it instead of installing other softwares.And if you prefer intel syntax simply add ".intel_syntax;"
acomjean 4 days ago 4 replies      
Why C?

I'm just curious if another language can be used. (c++, go, rust).

tsenkov 3 days ago 0 replies      
Awesome read, thanks.
aortega 4 days ago 3 replies      
Great! except that to be called a kernel it's missing just a process manager, memory manager, filesystem, process separation and hardware abstraction. Yeah I'm that guy, down vote me as you wish, the article is still wrong.

It's a way to load a ring-0 application into grub. Pretty cool, but not a kernel.

whydo 3 days ago 1 reply      
The first question is:


We already have a whole bunch of operating systems, many of them free.

One of the frequent problems with a lot of free/open source software folks is that they lack direction. This type of thing where we do stuff just to do stuff probably won't fly in one of the leading tech companies.

Why don't you figure out a real problem people have and look for ways to solve that, instead of just doing random "interesting" stuff that wastes people's valuable time?

New axe design uses lever action to make splitting wood easier vipukirves.fi
398 points by sinned  18 hours ago   129 comments top 41
jeffbarr 12 hours ago 3 replies      
I bought a Vipukirves axe early this year. I have a wood-fired pizza oven in my backyard and use small, nicely split pieces of wood in order to retain some control over the fire.

Before buying the axe I used a four-sided wedge (basically an elongated pyramid) and a sledgehammer for splitting.

So, how does this axe perform? Overall, I am very happy with it and proudly show it off at every opportunity. After spending some time learning how to use it, I can report that, for some types and conditions of wood and with the right grip on the handle, it truly does split wood in the manner shown in the video.

As noted in the other comments, certain types of wood are easier to split than others. After my pizza oven was finished, I somewhat foolishly bought a 1/2 cord of apple wood from the apple-growing region of Washington state. This wood is incredibly dense and has proven difficult to split by any means, even after 3 years of seasoning. The splitting issue is made worse by the overall knottiness of the wood.

I also bought a 1/2 cord of mixed wood from a local supplier. The axe is at its best on straight, dry, knot-free pine, oak, cedar, and so forth. The vertical motion is translated into horizontal motion milliseconds after the blade of the axe penetrates the wood and the split-off portion flies to the side with explosive force, often landing 8 to 10 feet away.

It took me an hour or two to learn to use the axe properly, with a relaxed grip to allow the head to rotate after it strikes the wood. Wearing gloves (recommended in any case) can make this even easier.

The blade of the axe is not razor sharp and does not require sharpening or other maintenance.

linhat 14 hours ago 2 replies      
This axe looks really awesome, physics for the win.

Also, instead of using an old rubber tire, I highly recommend building a variable length, tensioning chain, much like this one: http://www.youtube.com/watch?v=wrLiSMQGHvYMakes chopping wood so much more fun.

And then, there is also the stikkan: http://www.stikkan.com/Perfect to hang it up next to your fireplace to do some more fine grained wood chopping, cutting larger pieces into smaller ones.

ghshephard 16 hours ago 5 replies      
That has to be some of most seasoned knot free wood ever split. I wonder how many logs he had to go through to find stuff that split that well - 20 logs for every one that did that?

Sledge Hammer, Splitting Maul gets the job done 95% of the time. "Eccentric Axe" the other 5%.

Well - maybe, 85% Splitting Maul 12% Eccentric Axe, and 3% splitting wedge (which typically has a torsion in it to create a turning effect to split the wood.)

I would love to hear of an independent comparison of the Eccentric Axe versus a Splitting maul.

The tire is a really great idea though.

ggchappell 6 hours ago 0 replies      
This is an interesting idea. It's amazing to think that a tool like the axe -- which has been around for millennia -- can still be improved.

[OTOH, I've split a fair amount of wood. And I'd have to say that anyone who thinks splitting wood with an axe is a good way to produce fuel for the primary heat source for a house, is pretty much insane. It's exhausting work. Get a powered splitter for goodness sake. :-) ]

binarymax 15 hours ago 1 reply      
I, as well as others, have a history of strained wrists when splitting wood with a traditional axe. Clicking through to their website they recommend a loose grip when the head is about to strike, allowing for the rotation to take place. This makes sense because before you'd need a strong grip to hold onto your axe to make sure it doesn't slip out of your hands when giving a swing strong enough to split. Since you are swinging much more gently, this may actually work! At the very least I am glad that I don't need to split wood these days otherwise I'd give this a try in a second.
fit2rule 16 hours ago 0 replies      
I thought it was already common knowledge among the axe-wielding cognescenti that the way you chop wood, without tiring yourself out completely, is that you add a little 'twist' to your down-swing, just as the blade makes contact, that has the same leverage effect - albeit with a 'normal' blade.

I dunno, I guess I just learned that little twist from my uncle and grandfather, and never really thought it was so magical. Not sure how I feel about the safety of a mighty wood-cutting sharp blade being off-balance on the downswing - sure, the guy in the video has a fairly safe setup, but if you don't have the luxury (i.e. are a consumer who just bought one of these Wonder Axes) of having a safety rig, the potential for mis-direction and glancing blows from the axe being redirected towards the user seems pretty high ..

wcfields 7 hours ago 0 replies      
And for what is probably the least safe way to split wood, http://www.thestickler.com/

It attaches to your car-axle and is a giant screw that splits wood.

barkingcat 13 hours ago 1 reply      
easy_rider 14 hours ago 2 replies      
This is really cool. I've never split more than a couple dozen logs in my life but Ray Mears teached me to wedge the blade to the side on impact. This seems to emulate these physics. I'm not a big guy, and it's a pretty hard motion to get in to when you're swinging down as hard as possible.

This seems like a very capable survival/bushcrafting tool for less accomplished wood cutters.

tl;dr I wood buy.

ISL 10 hours ago 1 reply      
This axe isn't the only one that can deliver such a video. Good wood and a proper splitting axe allows similar results.

The tire trick, or a bungee cord, can allow big gains in speed.


johngalt 4 hours ago 0 replies      
Interesting cross between an axe and a froe. Gives you the levering action of a froe in one motion.
josefresco 12 hours ago 0 replies      
A lot of folks here are claiming that the type of wood being split makes a huge difference and it's true, however...

To address this the video should show him using both a conventional axe, and his version on the same wood. Apologies if he does this later in the video as I didn't watch the entire thing.

lafar6502 15 hours ago 0 replies      
For me the greatest part of this innovation was putting the log into a car tire.
3rd3 8 hours ago 0 replies      
Thats a typical tool one might find on Cool Tools: http://kk.org/cooltools/

They recently published a book wich is a lot of fun to browse through on a lazy afternoon.

bprater 16 hours ago 4 replies      
Knotted wood is much more challenging to split.

Even with a hydraulic splitter, chunks of wood with lots of branches can stall a machine pressing with tons of force. Great demo, but unrealistic unless you only chop beautiful limbless tall oaks.

sbierwagen 4 hours ago 0 replies      

  Leveraxe is faster than a hydraulic splitter.
Faster than a small one, maybe. The larger ones are pretty damn quick, as you'd want them to, for the price: https://www.youtube.com/watch?v=knZkc_vzGUE

jotm 16 hours ago 0 replies      
This would hurt sooo many newbies... You're much better off with a normal axe that won't try to twist and jump out of your hand every single time.

For wood cutting, the size of the axe head matters a lot - too small and it doesn't have enough force, too large and it gets stuck very easily.

The length of the handle is also important - you'll fare much better with longer ones, but the longer it is, the harder it is to aim and control.

As with anything, practice is key, but I'm pretty sure you don't want to start with this axe.

Theodores 11 hours ago 1 reply      
This famous quotation kind of needs an update:

"Give me six hours to chop down a tree and I will spend the first four sharpening the axe." - Some Famous American Bloke

iamthepieman 10 hours ago 0 replies      
For splitting wood from a fallen tree or cleaning up around the property a regular axe and splitting maul are fine. When I've had to split enough wood to burn for the winter I always just rent a hitch-mounted hydraulic splitter. 60 bucks and I can do 5 cords in day.

This tool could possibly take the place a of a splitting maul but a great advantage of the maul is it can be used to split knotty wood that doesn't have straight grain. It takes a bunch of swings and force but does get the job done. With the wide head of the Vipukirv it wouldn't be able to get down to the center of a half-split log.

baq 17 hours ago 2 replies      
if you ever tried to use an axe, the video in the article will look like sorcery.
hrkristian 16 hours ago 2 replies      
I've spent nearly every winter growing up swinging axes, and I cringed a bit when I saw him strike branches.

For the most part the axe does a wonderful job against anything, and that guy has ridiculously good aim, but anyone who have at some point been bad at chopping wood probably knows those twists to the side can do a real number on your wrists and hands. It seems to happen quite a bit.

It's still an amazing innovation, and I hope to be able to pick one up as a gift. The article is sadly not very informative.

micro_cam 8 hours ago 0 replies      
Neat idea and i'd love to try it but i'd need to see it side by side with a good maul which makes use of physics in a few ways.

Especially with dry lodge pole pine I can do about as well as the guy in the video does with my six pound maul and I'm our of practice though I split a lot of wood as a kid.

On a related note, I wonder if anyone on hacker news has a favorite wood stove...I'm really intrigued by the new efficient, low emission ones but they are costly and in depth reviews are sparse.

paul_f 6 hours ago 0 replies      
You know what really annoys me? People are now so used to gas starters or starter logs, that they don't split their wood at all. Just pile up the whole pieces and try to start a fire. Then fight it for three hours and end up with smoke a bunch of half burnt wood.
VaedaStrike 6 hours ago 0 replies      
Is it just me or does it really look like an incisor?

I wonder if similar physical principles are at work in making their appearance similar.

Zigurd 10 hours ago 0 replies      
This makes me want to instrument my wood splitting. I suspect that I will find that improving the fast splitting is less important than avoiding or improving the outcomes for the toughest pieces to split.

A bit like finding that a faster cache that doesn't reduce cache misses or the cost of cache misses can disappoint when measuring overall performance.

joryhatton 8 hours ago 1 reply      
First question of the FAQ...

"Question 1: Can VIPUKIRVES be used by a woman?"

marktangotango 14 hours ago 0 replies      
I'm amazed how many of you have used an axe. Nothing to add, you all have said it all :)
3pt14159 10 hours ago 0 replies      
I needed to break up a bunch of concrete back in the day, so I bought a medium duty jackhammer. Later, I discovered the joy of easily splitting wood.
vanderZwan 7 hours ago 2 replies      
As a left-handed person: great, another lethal tool optimised for right-handed people and therefore more unwieldy and dangerous for us.
emiliobumachar 14 hours ago 0 replies      
This is one of those inventions, like the hot-air baloon, for which we had all the prerequisite technology for ages.
johnobrien1010 12 hours ago 0 replies      
From the website, it looks like it costs $266. I think you'd have to being chopping a lot of wood for it to be worth it to get that expensive of an ax, even if it is better.
dirktheman 15 hours ago 0 replies      
Accurate axeman, but with that kind of neat log I guess you can have the same results with a regular axe and a good technique.

It's very hard to improve something that has been around for the past 35,000 years, I guess. Maybe they're better of working on that car tire so that it can accomodate logs of different diameters.

KhalilK 16 hours ago 0 replies      
I am most impressed by the use of the tire to keep the wood upright and positioned.
zomg 14 hours ago 0 replies      
there's nothing new or innovative here. people have been doing this for years... it really depends on the KIND of wood you're chopping. this guy has it down to an art: https://www.youtube.com/watch?v=2vThcK-idm0
arca_vorago 11 hours ago 1 reply      
This looks dangerous to me. I grew up in the mountains, and consider them my home. (The kind of place where the nearest walmart is an hour and a half drive away, and everyone shares their elk kills and logs and chops their own wood)

One of the most dangerous things an axe can do is go sideways on you on the hit, that sideways rebound or if the log falls away follow through can mean an axe in the foot or leg for someone who has been chopping for a few hours and is tired.

Also, proper drying of logs before splitting can't always be done, and that log look very dry and doesn't look knotty.

Honestly when I chop wood I keep three tools near, the normal sliceaxe, a skinny thin and fast one for easy stuff, a larger wedge with splitter arms (http://www.thehulltruth.com/attachments/dockside-chat/282042...) and a normal handless wedge and hammer for the really hard stuff.

Just thought I'd share a little bit of info from a guy who spent many hours in his youth chopping logs. If I was getting paid, I did sometimes cheat and use a gas powered splitter... if you have two people working it the throughput can be much higher than two people splitting normally.

adambware 9 hours ago 0 replies      
Such beauty in the simplicity of this concept!
viggity 11 hours ago 0 replies      
cool axe. FWIW, an easier/more efficient way of keeping the wood together while spiting it is a bungie cord. Using a tire only works if you have a relatively big logs.
tzury 14 hours ago 1 reply      
This is the page you need to read!


UweSchmidt 14 hours ago 3 replies      
Alternative title:

"New axe design uses lever action to make splitting wood a lot easier"

"Uses physics" sounds like "Stand back: I'm going to try science" to me.

jhallenworld 6 hours ago 0 replies      
Off topic perhaps, but I switched from oil/steam to gas forced hot air last year. Between the 96% efficient furnace and new gas hot water heater (compared with the 75% oil / steam with super inefficient continuous hot water attachment) and the fracking boom, I can report that gas is much, much cheaper: for me $3500 -> $700 / year for a 1100 sq/ft apartment near Boston.


A heat pump with ground heat-sink may be a better long term option, but it's much more expensive. Also I'm pretty sure the gas is more efficient when considering the power plant and transmission line losses.

Even better would be a home gas co-generation plant. Honda has such a thing, but again not cheap:


yukichan 10 hours ago 4 replies      
This may be an unpopular reply, but splitting fire wood sounds like you're going to be making an open fire. Open fires are a danger to your health:


> "The unhappy truth about burning wood has been scientifically established to a moral certainty: That nice, cozy fire in your fireplace is bad for you. It is bad for your children. It is bad for your neighbors and their children."


> "Smoke is made up of a complex mixture of gases and particles produced when wood and other organic matter burn. A major health threat from smoke comes from fine particles (also called particle pollution, particulate matter, or PM). These microscopic particles can get into your eyes and respiratory system, where they can cause health problems such as burning eyes, runny nose, and illnesses such as bronchitis. In addition to particle pollution, wood smoke contains several toxic harmful air pollutants including: benzene, formaldhyde, acrolein and methane."

Memories of Steve donmelton.com
376 points by zekers  7 days ago   152 comments top 23
salgernon 7 days ago 9 replies      
Back in 1999 or 2000, shortly after Steve had rejiggered the cafeteria staff, I was walking back to my office in another building with an "afternoon doughnut" - that is, one that hadn't sold in the morning at the coffee place in the main lobby, and probably sold at a discount.

I passed Steve in the hall and he glared at me as I walked with my doughnut. Steve was in great health in those days while I was pasty and obese. (Still am, sad to say.).

But I was happy with my doughnut. Steve glared at me but didn't say anything. I slunk away.

The next day, there were no more doughnuts at any of the cafs on the main campus. I don't think it's a coincidence.

baldfat 7 days ago 1 reply      
I had to stop reading. I also worked for a micro managing CEO/President and I HATED EVERY MINUTE. Knowing that if you did the slightest misstep or were falsely accused you were fired and there was a morning meeting the next day to tell everyone that so and so was no longer with the company. NO THANK YOU!!!
adrianoconnor 7 days ago 1 reply      
I always love to read Don's stories, they're always pretty great, and this post is no exception. The last few paragraphs are poignant, and not because it's about Steve, but because the emotion is real and you can relate to it.

Anyway, if you enjoyed this, you should read the history of Safari posts he did a while back, also a podcast he was a guest on one time, though I forget who it was with -- ah, Debug I think -- that was really excellent and well worth listening to.

general_failure 7 days ago 4 replies      
It looks like some people like Steve are charismatic enough to get the complete devotion of very talented people. It's a great personality trait to have and pretty much guarantees success. We all know geniuses in our everyday life like Wozniak, Bob, cook. But how many of us can get these guys be terrified of us, make them change their lives for our visin and make them give us their complete attention... That's the beauty of Steve. Despite flaws in his character, people seem to be feel previliged working for him.
ZeroGravitas 7 days ago 1 reply      
If after working with him for a decade you have to take a deep breath before you can give him your honest opinion on something, then he's not a busy executive who prioritizes efficient information exchange, he's an asshole.
exodust 6 days ago 0 replies      
This story says more about the insecurity of the Safari guy than it does about Jobs.

Sounds like people at Apple spent too much time worrying about what Steve thought of them, whether he'd remember their names or invite them to meetings.

While everyone is worried about what one man thinks, the man himself was thinking about design and business issues, trying to solve problems.

Funny how bookmarks was never really solved in Safari. On my iPad, I hate the bookmarks functionality, it confuses me pretty much every time. When I try to find a bookmark, or add a bookmark, every time it seems I have to "figure out" and remember how to do that. It's not intuitive or snappy. And now with iOS7 flat design, all your bookmarks and history appears as one big list - black text on white background. The lack of interface delineation mean elements bleed into other elements and make it harder to mentally remember where things are found.

If Steve were still around, he'd be kicking someone's ass over the half-baked iOS7 flat design.

mildtrepidation 7 days ago 0 replies      
It's certainly interesting to read this sort of reflection. The author discusses Jobs' mannerisms without either worshiping or demonizing him, which is refreshing.
xcntktn 7 days ago 0 replies      
Stories like this one and Glenn Reid's essay[1] about working with Steve on iMovie seem to be vastly more informative than any movie or book on SJ.[2] One of the biggest takeaways from both of these essays is that working with Steve was an iterative process. Pop culture always highlights "eureka" moments where a problem is solved all at once in a brilliant flash of insight, yet when you read these first-hand accounts, the story is the opposite: that making something great is a slow and repetitive process, with lots of follow-up meetings and gradual improvement towards the final product. Eureka moments look good on TV, but in the real world, great things are built by long-term focus and hard work from highly talented people with uncompromisingly high standards. I have no idea how or even if that could be shown in a movie, but I'm very thankful we have these accounts. I hope more people who worked with Steve during his second tenure eventually put their thoughts down in writing and share them so that we can all gain more of these types of insights.


[2]There's also Andy Hertzfeld's folklore.org, however that is focused on Steve's original tenure at Apple, not the "comeback" from the late-90s on.

gdonelli 7 days ago 0 replies      
Don has always been such a positive person to be around. Great memories. Thanks for sharing.
ghiculescu 7 days ago 1 reply      
Some great stories there. Wasn't sure on the Apple stores presentation joke though, can anyone explain the reference?
ksec 7 days ago 3 replies      
I was reading and hoping there was an explanation why Safari for Windows discontinued. It is the only popular WebKit browser ( after Chrome fork to Blink ) on Windows.

Otherwise another great piece.

tareqak 7 days ago 2 replies      
I enjoyed the recollections. I probably would have been afraid of his shadow if I was there.

On another note, it would be interesting to see if a website containing all these memories of Steve Jobs ever comes about. A crowdsourced biography if you will: storiesabout/stevejobs .

hubtree 6 days ago 2 replies      
This part sums up why I quit using OS X for my personal projects: "And if your software crashed, you didnt make excuses. You just made damn sure that particular scenario didnt happen again. Ever."

In making sure nothing ever crashes, Apple has moved more and more to an OS that is too restrictive for my taste.

mathattack 7 days ago 0 replies      
Great stories. It says a lot about Apple that time, in addition to Steve. The personal side is good too.

Yes, Steve could be intense at times. But he was also a real person. He had to deal with the ordinary and mundane aspects of life like everyone else. Maybe even enjoy them.

throwaway7548 7 days ago 5 replies      
According to Wozniak, Jobs told him that Atari gave them only $700 (instead of the offered $5,000), and that Wozniak's share was thus $350.[65] Wozniak did not learn about the actual bonus until ten years later, but said that if Jobs had told him about it and had said he needed the money, Wozniak would have given it to him.[66]---

End of story. Before continuing celebrating Jobs, ask yourself a question, do you want to promote that kind of behavior in the Valley?

theRhino 7 days ago 0 replies      
this is hilarious
pskittle 7 days ago 0 replies      
Thanks for posting this!
SimHacker 7 days ago 0 replies      
At the National Air and Space Museum reception during Washington DC EduCom in 1988, I took a big bite out of one lobe at the bottom of a three lobed red bell pepper so it looked like an alien's face, and held it up to Steve Jobs, and said "Earthman, give me your seed!"

He looked at me funny, but I couldn't tell if he got the reference to Bizarre Sex #10: http://silezukuk.tumblr.com/post/3151672333 [NSFW]

luser 7 days ago 1 reply      
Alternative title: Hagiography of a Dead Psychopath CEO
jayvanguard 7 days ago 0 replies      
Sounds like you have to be a sycophant to work for him.
jmnicolas 7 days ago 2 replies      
Am I the only one fed-up with Steve Jobs stories ?
misingnoglic 7 days ago 0 replies      
Lol, some of it seems a bit stockholm syndrome-y, but hilarious nonetheless.
normloman 7 days ago 1 reply      
Why are we still talking about this guy. I'll bet my life savings that when Woz dies, we'll talk about it for around 2 months.
They say nothing will change medium.com
371 points by jonsuh  2 days ago   115 comments top 31
gnu8 2 days ago 10 replies      
Those who are defending this as a reasonable and commonplace policy are dissembling at best. This is another example of the emerging electronic class system. Those who are members of the Silicon Valley clique are privileged to take what they want from those who are not. Recall the Googler who was able to have a web page he didn't like shut down, just by calling his connection at Digital Ocean.

One might argue that a thing such as an Instagram account is just a service provided by a business and the business can do as it likes, but this isn't the case. A social media account is a vehicle for the user to interact with the entire world, and it shouldn't be able to be unilaterally revoked, especially if the only reason is to give it to a"more deserving" insider. We need a system of due process for situations like this.

josefresco 2 days ago 3 replies      
Before we all seemingly jump on the "she should have updated her account" bandwagon, it would help to see actual evidence of her inactivity, or at least evidence/statements in Instagram's TOS that state what "inactive" really means.

This doesn't cut it: "We encourage people to actively log in and use Instagram once they create an account."

How long can I go idle before Instagram takes my account back?

Also, as someone else stated in this thread the very least Instagram could have done was to email her and inform her that she was about to lose her account due to inactivity.

Lastly, it's important to note that Instagram didn't just "prune" her account, they renamed it and gave her original account name to an employee. If they were concerned with squatters or dormant accounts they would have actually nixed the account, not renamed it to something else.

simonsarris 2 days ago 5 replies      
Oh guffaw. Even our beloved Github has a means to let you unseat inactive account names.


(And they should, I think.)

Since at least 2012 Instagram has had this in their terms:

> 4. We reserve the right to force forfeiture of any username that becomes inactive, violates trademark, or may mislead other users.

So whine about the policy if you don't like it, but don't whine that Instagram has materially changed.

brandon272 2 days ago 0 replies      
I think it's in extremely bad taste to remove an account that's ever had content uploaded to it. Person registered two years ago and hasn't uploaded anything? Sure, prune the account. User creates an Instagram account and uploads some nice family photos and doesn't sign in for a year? Leave it alone!
steven2012 2 days ago 0 replies      
It's clear that Facebook etc employees are higher on the virtual caste system than the rest of us peons. The more and more they make this evident, the less interested regular people will be in participating in their virtual world.
drgath 2 days ago 1 reply      
As others have mentioned, this was probably due to inactivity. I stopped using Instagram years ago, but still had 'instagram.com/derek', and just checked to see if that was still my username. Nope, it is now 'derek______________', just like '_____kathleen'. The fact that a FB employee now owns the 'kathleen' user means they probably have an internal reservation system for expired accounts, which is a nice perk.
lazerwalker 2 days ago 3 replies      
Whoever you think is in the wrong here, the real takeaway is a reminder that when you use a VC-funded for-profit service, you don't "own" anything.
avree 2 days ago 4 replies      
This isn't actually an uncommon policy. For example, Twitter lets (or used to let?) you take a username that's inactive for 9 months.

Source: http://sarahwallace.wordpress.com/2010/09/23/how-to-request-...

The Facebook stuff is probably a red herring here. If there was activity on the account, I bet this would never have happened.

klenwell 2 days ago 1 reply      
Worried about having someone steal your invaluable Twitter or Instagram username?

The solution is obviously to immediately litter all your social media accounts with such foul loathsome toxic content that no one else would want to touch them again for at least the next 1000 years.

jonsuh 2 days ago 4 replies      
Taken straight from Instagram's policy:

> "We encourage people to actively log in and use Instagram once they create an account. To keep your account active, be sure to log in and share photos, as well as like and comment on photos. Accounts may be permanently removed due to prolonged inactivity, so please use your account once you sign up!"

Source: https://www.facebook.com/help/instagram/294919817276863

The wording is terribly obtuse and seems targeted more for username squatters.

Would be helpful if Instagram defined what a period of prolonged inactivity is. Shady nonetheless, considering they didn't even notify her informing her that her username was revoked due to inactivity.

tensafefrogs 2 days ago 0 replies      
"A few months ago while tagging my wife"

"This morning I told her I Instagrammed a photo of our kids that she should see."

Instagram names are not domain names, and it sounds like she doesn't use the account. Most services have a clause that lets them reclaim inactive accounts after a set period of time.

ampersandy 2 days ago 1 reply      
What does this have to do with Facebook and the acquisition? Anyone working at Instagram pre-acquisition would also have been able to reclaim inactive handles.

Twitter does this as well and that's how I got my current username. There are a couple of things that are required before you could reclaim a handle (I forget the exact timespans, but it was close to this):

    * Has not logged in for one year    * Has not tweeted in a year and half    * Does not any have applications linked to Twitter
If Instagram has a similar policy, I really don't have any sympathy that the username was taken.

uptown 2 days ago 0 replies      
Update Apr 16, 2014 @2:34pm: Im very pleased to announce that Facebook / Instagram did the right thing and delivered my wifes Instagram handle back to its rightful place: http://instagram.com/kathleen
gordaco 2 days ago 0 replies      
This looks like an employee acting on her own, thinking (wrongly) that the account was not active and nobody would notice if she took over the username. Still, it's a disturbing issue that shouldn't have been allowed to happen, so if this is the case I hope the employee gets some penalty. And the fact that this was possible, or maybe even legal (I don't know Instagram's terms of service), doesn't make it less of a dick move.

I was an employee for a local social network with about ~10mil registered users (~5mil daily users). It was much smaller than Instagram, but despite that (or precisely because of that) things like this were completely forbidden.

raesene3 2 days ago 0 replies      
What I think is interesting about this is more the general case than this specific example. I'd say that people's social media handles are becoming more and more important to them, so loss of them becomes increasingly bad.

A lot of people in the tech world are probably more known by things like their twitter handle than their real name.

With free services (and indeed perhaps with paid for) there's not a lot to stop a company changing the ToS to allow for usernames to be transferred as they like(assuming it's not already in the ToS).

Now if your chosen handle is pretty niche (no one who's not a fan of 90's ADnD settings is likely to want mine), it's probably not a big risk, but for other ones it seems plausible to suggest that a company might start seeing them as a valuable asset, to be monetized..

owenversteeg 2 days ago 0 replies      
This happened to me (employee of the company took my username) with a different service, and a quick tweet to the founder had my account restored.

I'm not going to identify the website because the person that made it is a nice guy in general and he restored my account right after I asked.

dmschulman 2 days ago 0 replies      
This is the new norm now that these web services are no longer a niche product. Some kind of set standard for inactivity would be nice so users are aware of when they are in danger of losing their username.

I know many who set out to register popular Twitter and Soundcloud names when those services launched just so they could sit on them and possibly make a buck. Those username policies are out there to combat this kind of behavior but it's crummy to see when those policies actually affect legitimate users.

thehme 2 days ago 0 replies      
I read "..she opened up Instagram on her phone (shes not a regular on the service anymore)", and wondered, does he mean that @kathleen has not been using it for a while (months)? There is no justification for stealing a handle, but I was just wondering. I recall once I wanted to have a specific handle on twitter for an idea I had, so I contacted the owner via a private message. He/she has no tweets and to this day, I have not heard from him/her yet. Would anyone be open to perhaps having an "expiration" date on our accounts? Sometimes I feel like there are robots out there claiming every possible handle, so that, idk, they can sell it later?
dublinben 2 days ago 1 reply      
You have no ownership over a username in a private service. Your access can (and will) be terminated at any time in accordance to their Terms of Service. If you want to maintain control over your identity and presence online, you ought to use self-hosted services like Pump.io or Diaspora.
xacaxulu 2 days ago 0 replies      
When can we start taking accounts of deceased persons?
rch 2 days ago 4 replies      
Why don't new services default to using a random string as an identifier, along with an alias for display, instead of a requiring a unique username?

Managing overlapping names among friends is something most people know how to do well enough already.

yankoff 2 days ago 0 replies      
This is just unbelievable.. Have you tried to email their support? It's hard to believe that that could be an acceptable practice at any company, I would assume it's just some employee being a jackass.
reshambabble 2 days ago 0 replies      
There are two interesting groups at play here - the tech companies that own all data, usernames, etc. on their platform and the user that needs to be on their platform for the company to exist and be successful. Our private information becomes public information when we share it with some of these companies, and they are given permission to own and use the information to a certain extent. They promise us security and stability at first because they need us, but when they don't depend on us anymore they can get away with sacrificing those users who don't contribute enough in order to serve their own interests. Because what does losing one person do to them? Are we all going to boycott Instagram now? Probably not. There definitely needs to be some regulation on how internet-based businesses can use and change a user's information because our public/internet identity has become so integrated into our lives that an incident like a sudden change in username can feel like a violation of privacy (even when it's not really one).
emsy 2 days ago 0 replies      
So what's next? Facebook employees breaking into houses and stealing Occulus Rift DevKits that haven't been used for a while? SCNR
qwerta 2 days ago 0 replies      
Is not there some 'anti hacking' law in US? Aaron S. got like 30 years for downloading a few documents.

Call FBI and see what happens.

centizen 2 days ago 0 replies      
Instagram has done this in the past as well, and IIRC; before the merger. But by all means - jump on the Facebook hatewagon and take a ride.
Im_Talking 2 days ago 0 replies      
I hate Facebook and, by association, I hate every Facebook subsidiary. They are monetizing your privacy.
logfromblammo 2 days ago 0 replies      
I feel as though this would be a good opportunity to remind people that choosing an Internet handle that has any connection to your public identity name is not necessarily a good idea. The potential name space for memorable, usable, easily-typed handles is much larger than the list in the baby names book, and there is value in avoiding collisions.

As my own public name is two of the most common first names and one of the most common last names in the Anglophone world, I am not altogether unfamiliar with the disutility in using a common name.

Aside from that, in the real world, we have a host of disambiguators available to tell the difference between two individuals with similar names. There is no particular reason why a site's user handle would need to be unique. The data store should probably be keying everything on a serial ID number anyway. Just as the DNS exists to associate names with IP numbers, a handle resolver could use disambiguators as needed to minimize disruption of the user experience due to non-uniqueness.

If you log in from a new device with a new IP address, you might be asked "Which 'kathleen' are you?" once, and get a small "I'm a different 'kathleen'" link thereafter. If you're a giant like Facebook, there is probably more utility in allowing people to have short, non-unique user handles with an on-demand disambiguation system than in a system required to enforce user handle uniqueness.

geldedus 2 days ago 0 replies      
glad I have deleted my Instagram account back when the policy change scandal; this incident confirms Instagram is a BS site
fbndki 2 days ago 0 replies      
Welcome to the nightmare
bichiliad 2 days ago 0 replies      
I wonder if this is just really, really clever PR to get people to use their accounts more.
Ask HN: CTO wants me to leave
370 points by cantlookaway  6 days ago   272 comments top 122
Bluestrike2 5 days ago 10 replies      
You need to hire an attorney, one who works in business litigation (if you can find someone specializing in minority shareholder disputes, that much the better). Right now. If you're delaying on this point out of some idea of wanting to "try to fix things first" or "not wanting to be the bad guy," you're just shooting yourself in the foot and downing blood thinners to keep the wound from clotting. Working with an attorney is not the same as filing suit, and you will never be worse off in this sort of situation for having sought outside counsel. You also need to find your own attorney; the company's counsel works for the company itself, not for any of its investors, executives, or employees.

Judging from your story, your situation is pretty clear: you're being squeezed-out. Sadly, it's not uncommon. Though he might not be asking you to leave right now, framing it as in a few months is just an effort to (i) get some additional benefit out of you, and (ii) give them the time they need to break you.

There are two possibilities right off the bat: (i) the CEO is involved, which is likely given the difficulty involved in squeezing-out a shareholder + 50% co-founder; (ii) the CTO is working alone, hoping to push you out the door and benefit in some way from the resulting vacuum. In either case, you can't move forward without speaking to an attorney. And don't you dare think for one second that you can "just talk to the CEO first."

Already, you're talking about things as an employee rather than an owner. That's your first mistake. An employee might be able to be kicked to the curb, but you're not just an employee. You've already made a significant investment into the company, and from their perspective, an ideal/successful squeeze-out is one that deprives you of that ownership interest entirely. Most of these efforts are successful because they manage to position the person being targeted in a position where they just roll over. Ideally, they force the person being squeezed out to choose to quit rather than actually be fired. It seems like that's the CTO's goal in your situation.

That said, there are few programmers, in my opinion, whose work is so bad that there is zero potential for future improvement. Considering the costs of pushing you out, you'd have to be doing a hell of a lot more than just writing shit code to justify termination. Given that they want to wait until after additional fundraising rounds are completed, I doubt that your involvement with the company is nearly so problematic. Besides, you already stated that there's been a clear improvement in your code.

I was in a similar situation, once. I was foolish, stupid, and trusted a friend I've known for years. I did the development work, partner A brought his business skills and industry contacts to the table along with his money (and a third partner, B, as well). Did the work, but during that time, there was no sight of their money. One of the earliest clues I was going to be screwed was, when discussing fundraising, A mentioned his own deferred pay. Something I thought slightly peculiar given that he was supposed to be investing his own, significant funds along with B. Plus, I don't believe that he actually did any measurable work during the time period that would justify it based on what I knew at the time. Investors are rightly finicky about deferred salaries, and the bar is pretty high to justify them.

When we were at the end, I found myself being squeezed-out: in the end, they apparently figured that it'd be cheaper to outsource to some ridiculous "startup in the box" type of company rather than deal with my deferred pay and the long-term consequences of a third founder's ownership interests) even though doing so would delay things by a couple of months. They even managed to time things well: the weekend of my grandmother's funeral, after A had been told about it, they dropped their little bomb on me. The only good thing was that they walked away without getting a single line of code that I'd written.

My parting was anything but on good terms. Eventually, I wound up not pursuing the matter in court--talking it over with my attorney, it became quite clear that the legal fees of fighting them would be ruinous. That partner C was a shyster of an attorney, and all evidence suggested that they'd just try to wait out the expensive clock rather than consider settling. After all, the cost of doing so would be pretty minimal. Litigation is uncertain and expensive. Painful though it may be, you never ever litigate on principle. Not if you have any brains at all.

Even though I would have likely prevailed given the facts, I would have come up horribly in the red when it was done. A pyrrhic victory and no more. Choosing not to go down that route was one of the harder decisions of my life, made all the more difficult by the knowledge that they had, quite literally, taken even my grandmother's funeral away from me.

Oddly enough, I'm probably better off for it now that I have some distance and perspective to look back. When they launched, it was unobserved and uneventful. Even now, they're unknown with almost no traffic and engagement. They've also made a number of bad mistakes that I had identified--often through trial and error--that I had told them about. It was a submarine rigged for silent running, deep and quiet, that's never bothered to surface for air. All of partner A's vaunted experience and extensive media contacts in the industry proved for naught in the end. Eventually, they'll simply wither and die on the vine. Had they not squeezed me out, no doubt I'd still be hanging on trying to turn things around. After all, who abandons a friend? It was quite the learning experience, albeit an incredibly expensive one.

Luckily, you can avoid that sort of experience by acting now to protect yourself. Document everything, save all of your emails, chat logs, download and archive all Github comments on everything that you've worked on, as well as everything else you can. Make sure that you're also grabbing copies of emails off any servers/accounts they might have access to. Even though it will create problems if there's any litigation, there's a high likelihood that they'll do something foolish such as delete them.

You have a lot going for you right now that'll help you. First, you're obviously still needed to help their raise funds. Second, investors are scared to death of founder disputes. If any potential investors even sniff the possibility, they'll run and never look back while your current investors will raise holy hell, even if the CEO+CTO were able to find some fig leaf of justification. It also implies a deviousness that will scare investors; if they're willing to screw a friend and risk such a serious dispute, then it's also possible that they'll wander into similar situations in the future. Particularly in the early stages, investors and VC firms don't have to put up with that sort of bullshit.

This gives you an absurd amount of leverage: you have the ability to single-handedly kill their fundraising efforts now and in the future. You need to call your attorney and start using it. At the very minimum, it'll put the breaks on any plans they're currently working on. At best, it'll help you move forward as a company without having these sorts of problems lurking about in the shadows.

gtCameron 5 days ago 5 replies      
The question I would try and answer if I were in your shoes is the following:

Does he want me to leave the company or does he want me to stop writing production code for the product?

If its the first one, there is likely a personal issue between the two of you that needs to be resolved one way or another.

If you think the second option is what he is really trying to communicate, then I would look for other opportunities to contribute to the company. It sucks to grasp your own limitations and admit that you might not be a good enough coder to contribute to the product at this point, but this is a critical time for the future of the product. Any technical debt acquired at this phase of development is going to be very costly to pay off later since you are developing the core of the system.

However, you are a founder of the company, and I am assuming very passionate about the company's mission as well as financially motivated to see this thing through. There are tons of jobs that will need to be done as you guys grow, and each one of those is an opportunity for you to contribute above and beyond what a new hire off the street could accomplish. A lot of those jobs can also take advantage of your coding skills to either automate processes or utilize your deeper understanding of how the product works to better support it.

This is of course assuming that you guys have the cash in the bank to pay you for this work, if that is not the case then the situation is a little trickier and you will have to explore other options.

9oliYQjP 6 days ago 2 replies      
First off, I'm sorry about your situation. Nobody here will be able to judge with any degree of accuracy whether he has a point. I personally would not look at this situation as a technical one; this is a business relationship situation.

Regardless of whether there is any grain of truth, the CTO has lost confidence in you. Not just a little bit. He has asked you to leave. The rest of my advice assumes the CEO (your co-founder) has quite a bit of confidence in the CTO. If that is the case, I'm not quite sure you can come back from having the CTO asking you to leave, nor am I certain you should.

I think it would be advisable to talk to a lawyer to see how you can cleanly and professionally leave on your own terms. Save the emotional stuff for friends and your alone time. You will no doubt need to grieve (this was your baby). But I think it would be better for you to be proactive about leaving and professionally extract yourself from this situation. That said, make sure you know your rights and what your contracts entitled you to in such a situation.

Once extracted, take your hurt pride and prove them wrong.

avenger123 5 days ago 2 replies      
It looks like you have real equity in the company and there is possible traction in the business.

You are a co-founder. That counts for a lot. I am also assuming that your equity stake is significant.

First of all, deal with this right now. Don't wait for the 3-6 months. You are basically being told that once they have raised money, they will find a way to get you out. Right now, it's a fishing expedition between the CTO and the other founder. Will you be a nice gentle person and go along with their approach or are you going to turn into an attack dog.

You likely have tremendous leverage right now due to this funding round coming up. They will not want to rock the boat. But this is exactly when you should be doing it as I don't believe the "we need you" bit means anything other than "we don't want you to fk up our funding round coming up".

At the end of the day, if they really want you out, they'll find a way to do so. The main thing is that you got to get on the offensive and make sure if you do end up leaving the company, you've left on the best financial terms possible for yourself. Make them pay. In fact, throw out a number you are comfortable with and have them pay you out from that in the next funding round.

If you approach this as "what's best for the company", you have already lost because that's not what this CTO and your other founder are approaching this from.

EDIT: You should provide some more detail on the equity position you have and how formalized it is (ie. proper contracts). Being a co-founder isn't about just writing code. As others have said, if you have significant equity, you have a lot of power. Don't underestimate this.

hoodoof 5 days ago 2 replies      
Listen Eduardo Saverin:


The key question here is : do you have equity, and how much equity do you have in percentage terms?

If you are an equal cofounder, then when someone turns up and says "you have to leave cause better people have been employed", you say "fuck off". Think about it - EVERY company that grows will employ people who are better than the cofounders in some way, that is the whole point. You are the FOUNDER, you brought value to the company early. Just because smarter or more experienced people have been employed in no way devalues what you did in the early stages. In fact this is PRECISELY what is meant to happen. Do you think that Zuckerberg is the best developer at Facebook - legend may say so but it's not true - can't be. So should Zuck be fired cause he's not their strongest tech guy?

You also need to think separately about your rights as employee and rights as a shareholder/owner - they are not the same thing. You DO have clear contracts as both employee and shareholder DON'T YOU? Those contracts specify (or should specify) your rights.

And who the fuck does this guy think he is that he can tell a cofounder to leave? You are his BOSS.

DO NOT LEAVE. And if you do leave, DO NOT SELL YOUR SHARES IN THE COMPANY - just say "I want a MASSIVE payout to accept being fired, and I WILL NOT sell my shares as part of settlement". Hang on to those shares because now these guys are going to do all the hard work in growing the company and you can chill out and do other things and when they IPO, you'll take home your share. And if this is the path you take, look out cause some time in the future they will try to play a legal game in which you hang on to your shares but they get diluted down to almost nothing. This cannot happen if you are careful to look out for it.

This is all on the assumption that you do have equity and contracts in place. If you don't, then you should go and watch "The Social Network" repeatedly until you learn your lesson.

carbocation 5 days ago 1 reply      
You have phrased this as an almost apologetic post, focusing on your ability to write code. An analogy to medicine might be worrying about your ability to take a good history and physical exam, but in the meanwhile the patient is bleeding in front of you.

The problem is not your ability to write code - the CTO even admits as much when he says he needs you now but wants to replace you later. Your code is desperately needed. But I don't really care about this.

Assuming a normal situation, the company is yours and your co-founder's (by ownership), and the CTO likely has a small amount of equity (relative to yours). In an early stage company that hasn't yet raised money, your company is basically an extension of yourself. You don't have responsibilities to shareholders or employees because you don't have either yet. You have a responsibility to yourself and your vision. The CTO did not found the company and that alone tells you that you have some amount of vision, ability, or ability to take advantage of chance that he did not have.

If you want to remain involved in the company, and it seems that you do and should, then you need to clarify for the CTO where the boundaries of his responsibilities lie. His job is not to ask you to quit, and he may be beyond the point where you can continue working with him (or not - I don't know enough detail). But if he is to continue working for you (and do recall that he works for you at your pleasure), he needs to focus on solutions that don't involve him trying to fire you.

Most founders don't end up coding very much after their companies grow, and the CTO may be hopeful to get more experienced programmers working for the company. But there are about 10,000 miles in between "we should hire people with deep experience in X" and "I want you to leave the company." The latter is a political gambit that needs to be dealt with after careful consideration in a way that shows teeth.

icambron 5 days ago 3 replies      
Leave. Seriously, walk away. Here are some thoughts:

1. The situation is poisoned. If you stay and force a battle of wills, it will be hugely distracting in a way that adds no value to the company (and remember, building a great company is why you did this in first place), not to mention personally painful for you. That the CEO and CTO have lost confidence in you means it's just going to suck from here on out. Even if you win, that just means disempowering the CTO (or replacement CTO if the current one leaves in frustration, which doesn't seem improbable). Maybe the CTO is wrong, but if he's saddled with someone he doesn't want and can't get rid of because of special cofounder status, it's going to create a pretty shitty working environment for everyone. And if he wins (say, because the CEO votes you out), then that's the same as you sliding out anyway.

2. The CTO definitely hasn't overstepped his boundaries; he's doing his job. He's responsible for running the engineering team and delivering a product. If he thinks you're holding the company back, he'd be being irresponsible not to do something about it. Of course, he could be wrong and there's no way for me (or anyone else here) to determine that. So you have to ask yourself what you really think is best for the company. If it's you leaving, tanking the company in a huge fight (or just dragging it down by sticking around) will just destroy whatever equity you have in it. If it's you staying and you're confident (after putting aside your ego, considering it from other peoples' views, etc), then yeah, convince the CEO and then together fire the CTO for being so terribly wrong. But it's not an issue of boundaries. So: would you hire you?

3. Closely related: what are you doing cofounding companies with that little confidence in yourself? If someone came to you and said, "hey, I haven't coded much and don't have a lot of experience", would you think that was a wise investment? Because you went all in on that investment. Do some work with some guidance and lower stakes and learn your craft. I don't at all mean that as "noob go home" (I have no idea how good you actually are); I mean that your description basically acknowledges you don't think you're the right person for the job of technical cofounder.

4. Your CEO sounds clueless and you should take this opportunity to bail out. If the CTO is wrong about you, the CEO's confidence in him is misplaced and he's also allowing unnecessary complications to destroy his engineering team. If the CTO is right that you don't even belong on the team, then why did the CEO partner with you in the first place? Maybe he thought of you as a temporary pawn to sacrificed at the right time. Maybe he just doesn't know what he's doing. None of those are good. Get out.

5. You say in one of the comments that you don't want to lose your unvested shares and that you've taken on a lot of opportunity cost. The whole point of the vesting is that you get what you've worked for. If you don't think the vested equity you have is commensurate with the work you've done, working more isn't going to fix that. You'll just continue getting screwed, putting in more time and earning the same vesting that you're unhappy with. I know you probably feel pot-committed, but the best thing to do when you have a bad hand is fold your cards and move on.

6. Startups are hard. They're painful work, especially when things go bad, to the point that I wonder why we do it in the best of situations. If you throw in the stress of trying to prove you even belong, it's just shitty. Save your happiness and leave.

7. It's important not to think of these decisions as an affront to your pride. The never-say-die bromide of startup cofounders the world over is mostly bullshit. Make sure you're in a healthy situation with a real chance of success. Quitting isn't shameful, but sabotaging your happiness and the value of your investment because it hurts your ego is very unwise. I don't know whether or not I'd be wise in that situation either--I certainly have plenty of ego--but of course that's why you asked us: we're not involved.

My guess is that once you leave, clear your head, and figure out what you want to do next, you'll look back and say, "wow, I'm glad I got out of that."

anigbrowl 5 days ago 3 replies      
He's trying to fuck you over. Remind him that he works for you, not the other way around. Start looking for his replacement. Check with a lawyer about the security of your own stake and make sure you are good with the business guy, because the CTO has probably been whispering poison in his ear about you.
jw2013 5 days ago 3 replies      
> My question is, does he have a point?

No. He is making the wrong assumption here "that he wouldn't hire me if I wasn't already a founder and not what the company needs". First you ARE a founder- I genuinely do not believe you can't learn the knowledge you needed given how motivated you are. And you are learning. Second, he already admit you are what the company needs (at least during this 3-6 months), so why is he BS you to leave? He's mindset is so wrong for the startup world, just assuming things will take-off and by-then you are not needed anymore. You are desperately needed now; that makes you valuable. Your company probably can't make it to the next milestone in 3-6 months without you, at least it will take longer to hit milestones longer without you. You are valuable, and you feel for the company, just tell him that.

> Is this something that is common?

Yes, but not quite often at this early stage of a startup. I smell some politics of him. Do you two get along well besides tech issues in the company? Since he knows you are still desperately needed now, and he is still making BS about advising you to leave, I can only conclude he probably does not like you (not just in tech realms), and he clearly does not care about the success of the company as much as I do (the company still needs you to be successful at least at this stage of growth).

> Has he overstepped the boundaries?

First thing first, just learn things you need to know fast. You will know when you are making great contributions to the company, and you want that. Don't let your CTO stops you from that. At least when you are working, don't think about the issue with him and grow fast as a coder. I suggest a conversation with him off the work time. If I were you, I would like to know if he had issues with me beyond his doubt in my tech ability.

> It is in my interest however to remain in the company because my equity is vested, the sooner I leave the less I will get in return, apart from my time, and opportunity cost I invested all my personal wealth.

Did you have cliff in your equity vesting? If so have you past the cliff period? I really don't recommend you to leave before all your cliff equity are vested, otherwise you will get next to nothing. Manage to stay with your company at least in the cliff period. Your company wouldn't make this far without you, your company owes you that, and you know through what it should pay you off? Equity. So just manage to get the credit where credit is due.


May the best luck be with you.

jonsterling 5 days ago 1 reply      
I don't know anything about business or founding a startup: but as an engineer in one, if you have hired a CTO who is better at engineering than you (kudos!) and he/she has asked you to stop writing production code, you should listen. Coding "for old times sake" is pretty damaging when a team of actually trained engineers has just got your old broken code-base under control and instituted better engineering practices. This is part of the typical startup lifecycle: the code that got you here isn't going to get you to the next place, and it's your job to find, hire and enable better engineers to get you to the next level.

But if he actually is asking you to leave the company? He can fuck himself. But seriously, if it is clear that you are hurting more than helping by writing code, please stop. Keep learning, and ease into contributing again slowly.

geuis 5 days ago 1 reply      
This is your company, not the CTO's. It's time to fire him.

The ability to code really doesn't have much to do in the long run to the company success. Of the two founders at the company I work for, both could code but one hasn't in a long time and the other only does on occasion. As the team has grown, their responsibilities have shifted. Yours will too.

throwa 5 days ago 0 replies      
Honestly, you need to get some self confidence. You need to man up. Being a nice guy in this scenario doesn't help. If the CTO wants to play dirty and ruthless. You must play dirty and ruthless. How did a guy you hire get the guts to tell you he wants to fire you as a co-founder. This means your other co-founder is probably ganging up with him behind your back. You cannot trust both of them. I don't know who owns more percentage of the company betwen you and your co-founder but I want to believe that your CTO is minority stake holder at this point. Don't leave without a thorough fight. The good thing is that you can code no-matter how terrible, you can build a minimum viable product for any future idea you have. Your CEO cannot which is why it is convenient for him to try and co-operate wit the CTO.

Line of action:

1. Start speaking to a lawyer.2. Transition out of code writing role into product visionary role, so the CTO doesn't see your as someone that reports to him. You played a part in not just formulating the initial idea but in coding a prototype, so in essence you can play the role of product visionary. That is Chief Product Officer.

3. Tell you co-founder you are transitioning into a product visionary role with the title of Chief Product Officer. Read up what this role does.

4. Call for a meeting with just you and your co-founder and test his allegiance. Tell him that if a guy you hired wants to fire you then he can also team up with future investors to fire the CEO, so he is not save in the future. So due to trust issues, you intend to fire your CTO after you get a replacement. Show him a list of possible top people in the open-source world using your technology that you intend to open up communication with as possible replacement for the CTO. Sink it into his head that the CTO is replace-able and that culture fit matters more thank skills as you can get a replacement for skillset easier than getting the person with the right skillset and cultural fit. http://www.bhorowitz.com/programming_your_culture

5. Call a meeting with your CTO and tell him you plan to stop writing code and then tell him you also plan to get a new CTO to replace him because you can't have a guy you hired steal your company. Let him know he is also replace-able as you won't have hired him because of poor culture fit even though he is skillful if you knew about the schemer he is.

6. Now that you have man up to both, call a meeting with the CEO and CTO to address any issues relating to what you discussed with them.

7. Watch the shares during any round of funding, so you are not squeezed out. See the company incorporation details and ensure your name is there and you are not deceived by your other co-founder.

8. CTO's are replace-able, don't don't let someone you hired ask you to leave, so that he can take your shares. He probably overstated his importance behind your back to the CEO and asked for more shares and your co-founder felt that if he gets you out of the way he will get the more shares.

If they were bold and ruthless, you must be bold and ruthless too.

sate your importance to founding the company, idea generation, writing enough code to make the CTO, join since he knew you people were not idea only guys.

Kick that CTO out and henceforth watch your co-founder closely.

thejosh 5 days ago 0 replies      
"EDIT: He's not asking me to leave now, since I'm still desperately needed, but in 3-6 months time after we have raised more funding."

Means they do actually need you, the CTO is waiting for a payday before kicking you out for a higher stake. Tell the CTO to go stick it if they need you before funding but not after.

nashequilibrium 5 days ago 0 replies      
I really don't understand this story, most tech entrepreneurs with successful companies have to hire people better than them, mark zuckerberg, jack dorsey(especially the twitter guys), snapchat etc. You 2 guys are the founders and hired a CTO and the CTO is telling you to leave, imagine the CTO of snapchat telling Evan Spiegal who cannot code to leave, it just doesn't add up.

If i had to guess, your cofounder who is the business guy realizes that the CTO is a better coder than you and is trying to push you out and offer the CTO a better share of the company. You really need to stand up for yourself, do not limit yourself or feel inferior, i mean even Larry and Sergey had to get better programmers than them.

gojomo 5 days ago 0 replies      
That's tough. Your last edit gives me the most pause: if you're good enough to be "desperately needed" for this critical pre-funding period, you should be good enough for after, too.

Don't sell yourself short: simply knowing your limits is a major skill, that will let you contribute where you can, grow where you can, and defer to others where you must. Also, having been involved since the start gives knowledge and perspective that can't necessarily be hired elsewhere.

Ultimately if you want to stay -- and especially if you still have the support of your biz cofounder -- you should insist on having the chance to grow with the company, learning as you go along. And the plan for the future needs to be well understood among the principals, before the fundraising, because that process will tend to firm up roles, equity, vesting, employment agreements, etc.

It's true that sometimes a member of the founding team isn't right the commitment or skills or shared-vision isn't there, and perhaps the original title/status/equity even gets in the way of acquiring what's needed. But it sounds like you're humble and flexible enough that you should be able to retain a key role.

If you are considering leaving from, or think you might be pushed out of, a valuable position, you will likely want to consult with a lawyer, separate from the company lawyer, about how to best protect your rights. (The fundraising process itself, and getting the whole company/team into "standard" documents, could either work to your advantage, or make it very easy for you to be booted with very little, so educate yourself early, to avoid signing away anything valuable.)

If intimidated by the idea of talking to a lawyer, remember that many will give a free 30-60 minute initial consultation, so simply by the act of shopping around, always improving your 'executive summary' of your situation before each discussion, you'll learn a ton at no cost. (No two lawyers will have the exact same analysis, so the 5th or 10th you talk to may still improve your understanding.) And if you find someone you like, they may give you quite a bit of continuing good advice simply in return for the future-chance/option-value of representing you in a future dispute.

balls187 5 days ago 0 replies      
This is your company. Not the CTO's.

It's time to have a frank discussion with your co-founder and decide what is best for you and for the company.

It may ultimately be best for you to step down, but it shouldn't ever be because of your technical abilities, and it shouldn't be because the CTO believes you should.

There are lots of things you can be doing, and the fact that you CAN code (even if it's not high level) is huge.

There is testing, blogging, social networking posts, Google Analytics, SEO/SEM, recruiting, buying office supplies, soda runs, customer outreach, marketing, more testing, design, investor outreach, product management, program management.

You have so much that you can do, that unless you are a liability (past convictions by the SEC), or so caustic that you are the direct cause for the companies failures, that you still have an important role at your company for many years to come.

And if you do stay, it's time to put the CTO on notice, the CTO works for you.

hansy 5 days ago 0 replies      
Provided you're not writing anything that detrimentally impacts the product, there's no reason for you to leave. It's your company.

Now I say this not so you can sit back and let others do the hard work, but for you to figure out how else you can contribute. Every startup, hell every mature company, has issues to deal with on a daily basis. I would be very surprised if there wasn't something else you could be doing for the company.

Worst comes to worst, your job from here on out is to do the tasks nobody else wants to do. From a technical perspective that could mean things like sanitizing the database (if it needs it) or going back and writing some good tests for already-implemented code. From a business perspective, this could mean researching, scraping, generating leads to customers, users, etc. Hell, you can even be the glorified secretary by helping others manage their day-to-day tasks, schedules, appointments. Be the office janitor. Be the guy they send to campus events to talk to students.

If you can no longer contribute to the code for your product, that's OK. There's a million and one things you can do outside that realm to support the product as well as your teammates.

Of course you can always buckle down on your coding game and get better at it. Take online courses. If you (and your company) can afford the time and money, go to one of those schools that teach you to be a better programmer. Tell your CTO that you want to get better and want to learn from him/her.

Be the glue that holds everyone together. Be the swing man that can bounce from activity to activity and ensure everything is running smoothly. Be the founder who's relentlessly resourceful and continues to move the company forward in any shape or form.

WoodenChair 5 days ago 0 replies      
Let's assume that what the CTO says is true: you're not a good enough coder that you're any longer needed on a day-to-day basis in a few months. You're still a cofounder and I assume owner of quite a bit of equity of this company. Can't you talk to your other co-founder and find a different role for you on a day to day basis so that your stock still vests?

Or is this all about money/power? Is the new CTO threatened by you for some reason or trying to consolidate his power? Does the new CTO just not like you?

If you and your other co-founder are even remotely close, you guys need to talk. Sit down and figure out what other roles work for you at the company. Perhaps you will need to move out of management and become something like a "developer evangelist" or "head of support". Anything to keep vesting, right?

marknutter 5 days ago 0 replies      
Uh, you are a founder. Nobody asks you to leave. You took part of the risk to start the company, the new CTO did not. He does not get to tell you to leave. Ever. Period. I'm actually shocked that you're even considering it.
dvirsky 5 days ago 0 replies      
I was once offered the job like this CTO, taking over from a less experienced co-founder, with his consent, while he remains in place. I didn't take the job for other reasons, but I would never have done what this guy is doing to you. And if I had, the CEO would probably fire me.

If you were really that bad, your co-founder CEO should have parted ways with you already. But of course you're not - just the fact that you are aware of your limitations and learning as you go, is evidence of that. I've seen bad technical co-founders, and they are NOT aware of their limitations usually, or don't care about it. And BTW for the quick-n-dirty prototype part of a start-up's life cycle, having crap code is perfectly fine IMHO - as long as you're aware of it and it's a conscious decision.

But if that really is the case (and I doubt it) - and it's for the greater good of the company that you will be fired - you should be very well compensated for your time and effort, as other have mentioned. I've actually seen another situation at a start-up where this was in fact the case, and the company was better off firing a co-founder. It was painful but he was compensated and got to keep most of his shares, so it was probably for his interest as well (though I'm not sure he realized it at the time).

headhuntermdk 5 days ago 0 replies      
It's your company.. If your CTO is approaching you like that, send him packing with a pink slip. Do not pass go, do not collect $200.

There is a hell of lot more to building a company than just code and if he can talk to you any way he wants to without any consequences, then you have truly lost.

As others have said, you are supposed to hire people better than you, but that doesn't mean you have to take shit from them either.

Bottom line is don't be a doormat and be prepared to put "boot to ass" if necessary.

Good luck

the_cat_kittles 5 days ago 1 reply      
It is REALLY stupid to tell someone you want them to leave in 3 months. Why not wait until three months have gone by? My totally uninformed guess is there is some kind of long game / ego thing at play besides just actually ability to contribute. Don't feel ashamed that you aren't the alpha tech. If you are trying your hardest, and especially as a cofounder, you would be more than welcome at any company I have ever worked at.
Paddywack 5 days ago 1 reply      
I had something like this happen to me (on a larger scale) - I folded, and regretted it for years.

Firstly - go straight to see a lawyer. Do not consider anything else before you have done this. Play hard, don't blink!

Secondly. If things don't go your way, play the long game and take your time. Make sure that they know that this will not be resolved quickly, and that having this hanging over them will frustrate their attempts to raise capital.

Behind the scenes this is what I think is going on:

1) The CTO is more experienced, and thinks he is entitled to more than you as a result (you seem to agree that you are relatively inexperienced). He cares little about loyalty and honour as he was not there to see you slogging it out in the early days.

2) What you have set up must be worthwhile and be starting to get valuable, otherwise you would not have attracted a "good" CTO.

3) My thoughts are this is part of the play to attract equity:

- They probably don't want to dilute too much, so would love to grab your shares back before the deal so that they can neaten things out for the new investor

- They probably want the new deal to include shares for the CTO. He is probably niggling for this, and the CEO would prefer to take yours than dilute his.

- They want to put forward a team that has the most value for fund raising. They want solid credentials, and probably feel that yours don't fit the bill.

Good luck hey!

wisty 5 days ago 0 replies      
You'd make a better CTO than him. I'd rather work for a CTO who listens to good advice than one who is really sharp, but fucks people over.

Obviously, you are fairly technically competent (or he wouldn't need you around, and you wouldn't have gotten the prototype working). You're also a competent leader - you are listening to technical advice.

But let's say you hire a few more good coders. The CTO feels threatened. Is he going to listen to them when they challenge him, and possibly even step aside if one of them would be a better CTO, or is he going to fuck them over the same way he's fucking you over?

He sounds like a toxic political player. You can think "He's a snake, but he's our snake. His political skills will give us an edge", but it rarely works that way.

If you can, get rid of him, promote yourself to COO, and make the other good programmer CTO or lead programmer or something.

benologist 5 days ago 0 replies      
Tell him if he'd like a different boss he should work for a different company. It's your company, he's your employee, and he shouldn't have taken the job if he didn't want to work with and for you, and he's not the right person for the job if he can't.
zaidf 5 days ago 0 replies      
The CTO can ask you to improve your coding or to stop coding, afterall he was retained to make those calls. But he cannot ask you to leave the company if you are a proper cofounder. The only person who is in any position to make a request like that is your cofounder or your Board.
DigitalSea 5 days ago 0 replies      
Maybe he is telling you the truth, but you are a founder, he is a CTO. Maybe it is just a simple case if you are currently contributing code to the idea to step back and let this other guy handle the coding aspect for you. Maybe you can better spend your time as a co-founder elsewhere in your company.

Having said that, if he is forcefully advising you to leave, he is overstepping his boundaries and you need to contain that fire now before he starts turning other employees against you. A toxic employee in a company is like a cancer, it will start in one area and if not treated, it will spread throughout every orifice in your body until it kills you.

If it is a simple matter of you're making it hard for the CTO to do his job because you're committing code and continually breaking things, maybe you need to step back and let him do his job. He can't force you out of your own company, but he might have enough collateral (if he is truly instrumental in your company's success) to get other people to listen to him and force them to make a decision. The CTO is either brutally honest, he's an asshole or he's gunning for your spot in the company.

I would be looking at this from all angles. Don't just assume the CTO is acting alone, for all you know the CEO or your business part is instrumental in his push for you to leave. You're not just an employee, you're a co-founder and you have rights and responsibilities. You're acting like the CTO has already one which will be your downfall. Exercise your rights as a co-founder to fix this.

I would seriously fire the CTO. He might have been instrumental in the companies success, but he has overstepped the line. He has gone beyond the point of merely telling someone they're making his job hard, he's asking a co-founder to leave. It's like some manager at Microsoft asking the CEO to step-down, it's just crazy.

Get legal advice ASAP. Explore your options, but without-a-doubt, get legal counsel right away before you do anything else. My first question to your lawyer would be: Can I fire the CTO cleanly without recourse?

linohh 5 days ago 0 replies      
A good CTO would help you improving. I know it's stupid to make assumptions, but I'd assume he's trying to manipulate himself into higher equity in an early stage. Telling someone that he's about to be let go is poison motivation-wise. He may be trying to reduce your performance so he can use your declined output against you.
throawaycofnder 5 days ago 1 reply      
Throwaway here.

I too (like Bluestrike2) was squeezed out of the company I co-founded. I know what its like. And I want to help.

In my situation, I didn't get 3-6 months notice.

There was a "difference of opinion" about the value of work I was putting into the business, and a "difference of opinion" about where the business should go strategically, and one Tuesday morning I entered a grim meeting where I was given an exit contract to consider.

It was a bit of a shock - and they kindly offered me a few days to think about it, letting me go home to cry.

How very kind of them...

...I realised the next day that it was to get me out of the building without incident - and that they'd already begun changing passwords (including my work email password) in the meeting, and continued the rest of the day.

How humiliating

The situation youre in sucks.

For what it's worth (and I say this sincerely), I'm so fucking sorry.

They're assholes. You don't deserve this. And the company never would have got to where it is today without your contribution - and how dare they use the foundation you built (your baby) to screw you.

Then they have the gall to act as if youre "not good enough".

Fuck them.

Youre awesome. Youve done some cool shit. And - as great as the project is youre working on now - I would sincerely hope that it wasnt going to be the crowning achievement of your lifetime. Im absolutely certain that the best for you is yet to come.

I could tell you how good things are going to be in the future, and you probably wouldn't believe me.

I could tell you that the lessons you learn now about control, shareholdership, business politics and more will save you later when friends and colleagues are learning the lessons themselves.

But both of these are cold comfort.

Realistically things are going to get harder for a while (finances, life direction, self confidence, etc), but in a few years as these things get back on track you'll know yourself better, be doing something you love more, and will be much wiser as a result of what you're doing right now.

Now... Let's focus on the next few weeks.

Firstly, ignore the posturing and politics in this thread about whether or not the CTO overstepped his bounds. Realistically, if he has the CEO on-side, it doesnt matter.

Feel free to get up on your high horse about this if you need to, or if it makes you feel better. Or you could wear funny hats. Or do something else equally useless.

When youre ready to do something productive, lets keep going.

cmapes 5 days ago 0 replies      
The biggest question is what was you and your co-founders' legal agreement in the bylaws/operating agreements regarding equity given in exchange for assigning your IP (earlier code hackery) to the entity?

If you don't have any sort of a defined equity arrangement in legal contracts, then you have a problem. It's time to speak with an attorney.

If you have some sort of share vesting schedule which will grant you an equity ownership percentage that you consider "fair" then you should consider moving from your current operational position as a software engineer to somewhere else if you want to stay in operations. Otherwise you can sit it out, keep your equity, and participate at the board level.

There will be lots of advice to just "forget about it and walk away". I believe the advice to essentially just "sit back and take it" to be idiotic. If your original positioning on the team was to be "the guy who programs the first iteration of the software that gets us to market" and you failed at that, I can understand where they're trying to push you out as a co-founder. You essentially were a technical co-founder who only partially fulfilled his/her original promise. No offence. In their eyes, you misrepresented yourself, even if that's untrue because they scope-creeped way past your skill level. But the fact is that there WAS some weight that was pulled by you. So you deserve at least partial compensation, whether or not its in the form of equity (if this was promised to you) or payment, or both.

There's some important variables here that have't been covered (mainly current legal agreements) but the main point I'd drive home is stand up for yourself and don't allow yourself to get power played. Yes the situation is sour, but you should be able to get the rest of your founders to agree that you DID contribute something, (as evidenced by the fact that the CTO wants you to leave in the future, not now) so you deserve some equity/payment even if you end up just leaving with it and participating in a liquidity event in the future.

TL;DR If no legal agreements: attorney. If legal agreements w/vague equity terms: attorney. If legal agreements w/ defined equity program you can live with: leave operations, participate at the board level, get bought out at a premium, or just hold equity and wait for a liquidity event.

Make sure there's some restrictions keeping the board from authorizing 1000000000000000 shares and diluting you out too. Good luck!

webwright 5 days ago 0 replies      
Founder shuffling is not uncommon. Founders aren't always (or even often) great managers, leaders, or recruiters-- which is what you need to transition into if you're going to stay with the company. I'd encourage you to try to put yourself in their shoes. It doesn't feel fair for you, but if a co-founder who owned a huge vesting stake in the company didn't grow/perform like you'd hoped, would you want to negotiate their exit? Or would you keep them on out of loyalty, knowing that it hurt the company's recruiting efforts, culture, and chances of success?

It sounds like you've raised money, have a business co-founder, and have some other employees. All of those people are (rightfully) should be asking what's best for the company. Hopefully you are too. If the stock you're vesting (hopefully you have vesting schedule!) is outsized compared to the value you bring to the company, you need to fix the problem.

I'd ask your co-founder for their thoughts and (potentially) I'd ask your investors. Unless the CTO is going rogue, he's probably already got support on both of these fronts, which means you can't really do much other than make a scene and/or sue if they want to show you the door, which will damage your company, your stock in it, and your soul. No fun.

Assuming your co-founder agrees with the CTO (likely), options:

1) Say you love the company, don't want to leave, but acknowledge there is a problem with your compensation/value ratio. Negotiate to an agreeable role and pile of stock with the caveat that if you can prove yourself invaluable, you'd like to be able to come back to the table. If they push back, saying you aren't good enough, ask for a 3-6 month trial period to prove your mettle. Bust ass and become indispensable.

2) Leave gracefully, with a negotiated severance/stock package (know that they can dilute you and there are ways they can wipe you out at inopportune times: http://www.geekwire.com/2014/redfins-first-cto-shocked-surpr... )... But unless they are bad actors, you'll get a nice payday if there's even liquidity.

3) Pitch a fit. You'll lose this fight unless you guys botched the company setup or you have allies among the investors. This will hurt the company a lot and it's a bad path.

Good luck and (above all) congratulations for being instrumental in creating a viable company!

sergiotapia 5 days ago 0 replies      
I'd immediately fire the guy. He works for you not the other way around. You are the co-founder, the big kahuna - not some engineer they hired along the way. Fire his pompous ass.
peteforde 5 days ago 0 replies      
I think you need to be realistic: this situation has gone toxic and it's not likely that you're going to be involved in a few months time. Once you have internalized this and you're still breathing, it will become easier to see the positives.

As others have said, it's highly likely that the CTO and CEO are working together on this. The best thing you can do is - with the assistance of your lawyer - extract yourself as quickly and cleanly as you can manage. Try not to burn bridges; legitimately hope that they succeed. After all, you will retain a substantial percentage of the company.

I can't know the details but from the way you describe the situation, I'm somewhat empathetic to the position that the CTO finds himself in. Your only claim to power is that you were there at the beginning. While that's not a small detail, it's often true that the people who are vitally important to a company in the beginning end up being minor players in the future. See: Craig Newmark or the early support reps at eBay.

In short: you're a founder who is probably no longer playing an irreplaceable role in your company. The CTO wants a meritocracy, and when you're a small team shooting for growth, a founder with just enough tech chops to be a distraction is a major source of risk. To this end, I am surprised that they didn't give you notice already.

I don't say any of this to be mean, it's just that these relationships are hard and most people let awkwardness keep them from telling the hard truth.

mefistofele 5 days ago 1 reply      
This "enterprise grade" terminology is suspicious. Did this CTO come up with that as a way to sell his value?

Too often in our industry the word "enterprise" is a smokescreen. Did he bring some real value to the table in terms of what the customer is seeing, or just some basic good development practices sprinkled with magic "enterprise" fairy dust?

Regardless, I have to agree with the other commenters. This guy is not your friend, he is not being straight with you, and he is not looking out for your interests. He could be a massive sociopath asshole, or maybe just an aggressive alpha nerd who doesn't know how to deal with personal problems.

Make sure you're protected. Your equity and your relationship with your cofounder are the two most important things to get covered against this guy, in that order.

spidaman 5 days ago 0 replies      
I'm surprised at all of the responses calling for the CTO to be fired. It's very common to have founders who are very good at the very early stage but lack the experience to scale the technology, the team, the culture and the business.

Ask yourself these questions:* Are the CEO cofound and CTO in cahoots, engaged in a malicious equity grab? If so, you chose partners poorly, move on post-funding. If not, then there's probably something important to listen to here. Then ask:* Are your technical and project execution chops going to take the company to the next level of technical, organizational and business scale? If so, you chose a CTO poorly and your CEO co-founder is a fool, move on post-posting. If not, then you have another choice:* Are there other ways you can help the technology, organization and business grow? If so, discuss that transition instead of an exit. Otherwise, be grateful for the lessons learned and move on post-funding.

In all of the "move on" cases, assess that your equity position is aligned with your contribution to where the company will be when it's ultimately profitable or liquid. If it's still very early stage, that proportion may be very small but it will be better to have a small bit of something successful that a large portion of a failed company.

Set aside ego, consult an attorney (as advised elsewhere), don't engage in scorched earth and figure out if these are people you want to continue working with, you can contribute getting the company to the next level and if so, in what role.

tpae 5 days ago 0 replies      
If you are a founder:

- Are you needed?

   - yes: then stay.   - no: Do founders hate me?     - yes: get the legal stuff ready, leave with compensation.     - no: Do you have future plans for contribution?       - yes: then get to work!       - no: Do you like your job?         - yes: then get back to work, make contributions.         - no: then why are you asking this question?
I also think that having a CTO does not mean there can't be a technical founder. You can find other things to do, such as build product roadmaps, and with basic technical understanding, you could make positive contributions, not through lines of code, but through the bigger picture.

Reading your post sounds like you don't have self confidence, but you got to find your edge! It doesn't have to be coding. There's more to a startup than lines of code, and if you were there since Day 1, you've already done much more for the company than the CTO. Feel better about yourself, and take a pivot on your perspectives.

throwaway_again 5 days ago 0 replies      
I've been where you are right now. (But so has Eduardo Saverin, for whatever that's worth, and I'm no Eduardo Saverin. More accurately, the company I co-founded was no Facebook.) I launched something with two good friends in May 2010, got ousted in November 2011, and have watched the damn thing flourish, predictably, ever since... Here's what I think I learned from that experience:

First, you're asking the wrong question. Whether CTO Boy has "a point," and/or is within "boundaries" (whatever that means) is just self-inflicted misdirection. Reflect on these questions later. For now, the important thing is to make sure that you aren't haunted by doubts over whether you were fairly treated, so that your ability to learn and grow from this experience isn't hopelessly tainted by acrimony and distrust.

Second, recognize that once you've lost the confidence of your co-founder(s), for whatever reason(s), it's best to let them go. It's a free world, or at least it ought to be, and nobody should have to work with anybody they don't want to. That being said, your stake as a founder is worth something, and if the others want to take the operation over for themselves, they need to buy you out at a fair price. Regardless of whether you're a 23-year-old n00b or if you're Marc Andreesen (-- say, wasn't he 23 when... never mind --) what you need to be doing right now is tapping every available resource -- every mentor, teacher, counselor, former manager, and experienced friend -- for an outside perspective. Hate to say it, but HN doesn't count. We don't know enough about your business to really understand your situation or know how to respond to it.

Third, don't undermine your short-term position with free concessions. If they intend to cut you loose, but nonetheless can't survive without your help for the next 3-6 more months, that sounds like value that you're uniquely qualified to supply, and if they want you to forego the long-term returns on that investment, they need to compensate you for that in the short term. So, DO consult with an attorney and/or a seasoned entrepeneur to make sure you're not getting screwed.

All that being said, if you can manage to let your co-founders go their own way while being neither a dick nor a pushover, the community will respect you for it further on up the road.

Good luck.

cheetahtech 5 days ago 0 replies      
I say tell him to fuck off. No offense to him or you, but if your willing to keep learning code, then say no and don't look back.

The great thing about being human is our ability to learn. If your willing to learn, then there is nothing to argue about. You want to keep doing this and that is that. It took me 7 years to get where I am now, but I believe I am excellent at coding, where I didn't know anything 7 years ago. So if your willing, tell him to back the f off.

mgolawala 5 days ago 0 replies      
He has overstepped his boundaries. The CTO works for the founders, he cannot really fire you (asking you to leave is just a polite war of phrasing it). Remind him that it is the duty of any smart manager to hire people who are smarter than him. That is what you did.

My guess is that your position with your cofounder is rather weak at the moment. The cofounder is probably stepping back and saying "This CTO guy knows what he is doing and if I have to choose, I would much rather go with him". That is a tough situation to be in. If that is true, it isn't your CTO firing you (he is just the front man), it is your cofounder. In fact, ONLY your cofounder can fire you (or your investors if you have sold them a big enough share).

mintykeen 6 days ago 0 replies      
Wow, that's tough. I have heard that when a biz scales, sometimes the early employees don't fit as well, because the skills needed are different than when first starting out. To get things going you do a lot of everything, and later they need specialists. How passionate are you about this startup? What does your co-founder think? You would think there could be some role you could fit into, maybe COO? Depending on its success I would hold your ground , or they should be willing to buy you out or something. Best wishes!
jf22 5 days ago 1 reply      
I have no idea why people are actually recommending moving on.

You not only own part of the company but can use this experience to grow both technically and professionally.

Don't waste the chance to learn more than you ever could.

Are you taking a salary?

I don't see how you could contribute negatively to the company if you are at least somewhat productive and know the domain.

chrisbennet 5 days ago 0 replies      
I wonder how your co-founder will feel when the VC's ask him to leave because he's "just not what the company needs at this time"?

Whose company is this, you and your co-founder's or the CTO's?

lnanek2 5 days ago 0 replies      
Keep in mind there is a strong conflict of interest. The business guys love to squeeze out the tech after launch or before a funding round to keep a bigger slice of the pie. Often they won't say that's why they are doing it, but bizarre things will happen like they'll promise to do things then not do them just to start a fight, etc..

I used to work for a startup called WorkSmart Labs. They got Google Ventures funding, but when they knew it would close they go me to agree to take a lot more vesting equity for several months. In exchange they were supposed to help with some things to help my wife's green card process - changing addresses I was taxed and paid at to a joint residence, joint health insurance, etc.. They were happy to pay me less cash, never did the paperwork they promised, and ditched me right when the deal closed so the unvested equity was worthless.

You should watch out for similar very dirty behavior. I don't know if you are in SV, but we hear people all the time talking about things like writing every single line of code for the product, then getting kicked out after funding.

kevinpet 5 days ago 0 replies      
Consider the possibility that he's right. The best thing for the company may be that you stop writing code. There also may not be another place for you at the company. Most of the posters seem to assume that whoever posts to HN first is the visionary genius without whom the company will fail. Maybe you're the guy who had the good idea and got it off the ground, but not the best one to make it production ready.

You may want to move into a product management role or you may want to leave. Regardless of what you think is going to happen, you need to clear up all vagueness around your equity and ensure you are going to keep your stake if you leave. You need to review your paperwork and probably talk to a lawyer.

jeffdavis 5 days ago 0 replies      
[Not an expert here, just offering another perspective.]

First of all, the CTO telling you he wouldn't hire you at the company you founded is [can't find a polite term]. It's reasonable to say something specific about you is subpar (like coding), and even that you wouldn't fit in a certain role he's planning to define (like full-time coder).

But this is (partially) your company, and an "experienced" CTO came to you because he saw something there. Unless your other partners did all the useful work, you've got some real value -- don't sell yourself short.

There are a lot of options here and you can really make the path for yourself. What is great about you that helped make the company into something? What kind of a role would allow those capabilities to flourish? You could call yourself a Chief Product Officer and say that you have control over what gets delivered and when, what directions the product will take, etc. (not sure if that's what a CPO does, but it doesn't matter).

If you are still inspired to go forward with this startup, and you see such a role for yourself, go make that case. For example, tell the CTO and the CEO that you intend to shed your coding responsibilities as the CTO builds that organization, and get them excited about what you can do as CPO (or whatever). Demand real responsibilities and control, and say that you have the best understanding of the product and the best vision for the future. You could end up much more influential than the CTO, who might end up just being responsible for delivering on your visions. Their whole perspective of you might change, and they might get behind you.

If you've lost inspiration, then probably a buyout makes sense. Again, don't sell yourself short -- you helped get the company this far, and did something right. Considering the risk you took, and probably low pay, it seems fair to get about 2X a fully-loaded engineer's cost for the time you were working full-time there. If your company is doing well maybe significantly more (again, not an expert, just a gut feel).

nickthemagicman 5 days ago 0 replies      
I hope as a cofounder you signed contracts and have equity.
zaroth 4 days ago 1 reply      
TL;DR; There's nothing wrong with a vesting schedule.

It's an interesting point, how should founder sweat equity versus founder capital contribution vest? And then of course there's investor equity...

Can cash from a VC be treated differently from cash from an employee/founder? Of course it can, you have different shares, with different terms, and a different value per share.

In the end, whatever terms you negotiate for your shares should be used to value those shares. 3 year vesting, for example, sounds like a valuable feature for the company, so you would expect those shares to sell for [much] less than fully vested shares.

So the point is, you should definitely ask for accelerated vesting, and I think it's customary to do this at least for a portion of share to at least cover the cash and the months worked.

The realist part of me says, either you can fix the working relationship and contribute good value, and have a good enough time doing it, or you can't. If you can't, the best thing you can do for your company may possibly be to step aside. By all means fight to change their minds, and find the RIGHT solution for all of you.

In any case, you should be happy to continue to hold some portion of shares. If they want them to be non-voting, that's just another way to decrease their value, so you should ask for a commensurate increase in share count.

overgard 5 days ago 0 replies      
I suppose I'm not clear on the power structure of your company, but to me that seems incredibly insubordinate and I would fire him immediately.

On the other hand, the fact that you're even asking this makes me think you might be too passive of a person to really be in a leadership role. (I don't mean that to be harsh, but you have to be honest with yourself about who you are).

sandGorgon 5 days ago 2 replies      
Sorry to barge in on this thread - but I have a question that turns this on its head.

Let's say you are a brilliant CTO/cofounder, but you are already doing something. Now you had this idea (or someone else had this idea) ... and you want to set them up for seed/series-A round and then you want to leave. assumption - you trust the CEO to not screw you.

How do you structure your equity compensation so that you have some benefit after 5 years? One of the thoughts I had was to show the short-term CTO as an investor with vested stock (in return for some negligible investment ... say 100$). Does this protect you from future investor rounds ?

weixiyen 5 days ago 0 replies      
Why would he ask you to leave unless you were a liability?

It makes no sense as there are so many other positions that become available as a company grows.

Go learn Product. It doesn't take nearly as long, and you can have just as big of a positive impact.

vayarajesh 5 days ago 0 replies      
The CTO has surely overstepped the boundaries.. the project/company is your baby and no one and i mean NO ONE should tell you to leave your baby.. the CTO is just like a 'hired' babysitter for your baby (you want to ensure that your baby is growing in a good and right direction) and you might lack some parenting skills but that doesnt mean you have to give up your baby in the hands of the babysitter.

Even though you may not be a great coder you can and will grow to be one great coder.

CTO should know this clearly that this company is yours and he is just an hired help.. he may be the best CTO out there in the world.. but he cannot even suggest you to leave the company..

jsun 3 days ago 0 replies      
A lot of advice on lawyering up and fighting this tooth and nail, and gotta say, this is extremely childish and a terrible idea.

If you sue your company, you increase its chance to fail by an order of magnitude. If you lose, you can laugh as your former founders and friends struggle to recover to pre-lawsuit levels but probably fail. If you win you would've won worthless shares in a company that's shortly going to fail.

Be pragmatic. You even admitted yourself that you are not a great coder - be the bigger person and do what it takes to help the company succeed.

Oh and when you exit, negotiate for an automatic vest for 25-50% of your remaining unvested shares.

camus2 5 days ago 3 replies      
You founded the company,doesnt matter how bad you are at coding there is more to running a company than coding skills.

I'd fire the CTO,no matter how good he is,you're the boss,he is merely an adviser,he shouldnt be talking to you like that. What matters in business is loyalty, not skills.You'll learn it soon enough.

semerda 2 days ago 0 replies      
Call an early board meeting and aim for disciplinary action against the CTO. Founders don't get kicked out by employees. You also need to establish leadership power within the company as a founder vs being pushed around or treated like a code monkey.

Even CEOs can be removed from their high horse should there be collusion here between the CTO and CEO. If you feel this may be the case, seeking some legal advice so you can throw powerful words at those colluding should rattle the bird cake a bit. Just don't bring emotion in.

Founders are key to any company. Roles change. Part of a growing company. Founders keep the fire burning. Any smart investor will tell you the same.

kshep 5 days ago 0 replies      
Without knowing any of the specifics--how long you've been in business, how much you've raised so far, the number of employees, the market opportunity, competitive landscape, runway, how much experience you and your other founder had, how much experience the CTO had, etc, etc, etc--I can't imagine trying to give you any advice other than to...

1) Ask yourself these questions:

* Did I get into this for a quick payday or to build a business?

* How could I best contribute to the business if I stayed? Is that something I want to do?

* Are these people I'd want to stay and work with indefinitely?

* If I had to walk away today and give up all my stock, what dollar value would I put on my contributions (both assets and effort) to date?

* If I had to walk away today, how much cash would I need to comfortably cover the downtime until I find what's next?

2) Talk to a personal attorney who has some experience working with start-ups, fundraising, etc. Someone who's negotiated founder contracts and separation agreements.

3) If you know them well enough, talk to the board, advisors, and/or investors who participated in your last round and ask their advice.

If they want you to leave after the next round, then that probably needs to be part of the conversations with potential investors. If you're a founder and have a large chunk of stock, it's not unlikely that they'd want to buy most or all of it back from you with proceeds from the next round.

doktrin 5 days ago 0 replies      
One of the privileges of being a founder is that employees don't get to tell you when to "leave".

It's your company. Consult an attorney and stand up for yourself.

hollerith 5 days ago 0 replies      
I always thought that it would be good to have an agreement with my cofounders that if ever a compromise cannot be reached, a "roll of the dice" will be used to decide the question in contention. (By "roll of the dice", I mean the probability that the course of action favored by investor A prevails is proportional to the amount of stock held by that investor.)

But I've never seen any references to a startup that actually uses such an arrangement. (What I have seen a lot is the notion or principle that the investor or coalition of investors with at least 50% of the outstanding stock decides, which does not seem to me to protect the interests of minority shareholders as well.)

Do any lawyers want to offer a guess as to whether a contract between cofounders (or between cofounders and investors) with such a "roll-the-dice" clause in it would be enforceable in the California courts?

P.S. Also, am I completely crazy or are most of the comment authors here wrong in implying that whether the OP will prevail in court has anything significant to do with how good a programmer he is?

late2part 5 days ago 0 replies      
What decision makes you happiest in the rest of your life?

If you measure that by money, go ahead.

Will you be happier staying and contributing? Or happier knowing you got it from first to second gear, and now they will grow what you started?

Practically, a question of ownership and rights comes into play - what does your contract/stock/employment agreement say?

Also pragmatically, since he's asking you to do something after ( after = IF ) you raise more funding, just say sure, let's talk about it then.

No reason to agree to a hypothetical, agree that you will be open minded and review it then.

youngButEager 5 days ago 0 replies      
If you feel that you've been used, you're right. Here's how you know:

1) did your co-founder grasp your skill level when you were both starting the firm? I 100% suspect you were forthright and yet your cofounder/ceo ran with you.

2) I'm sorry to break it to you, but you probably already suspect. For reference, read how Larry Ellison pushed out every one of his cofounders of Oracle in order to get the pie. Zuckerberg: did the same thing. Bill Gates and Ballmer pushed out Paul Allen in the early days of Microsoft. Yet Allen and some of Zuckerberg's 'pressured-out' victims still got paid. You need to get paid to. You got the firm to the point it's at -- your intellect, your creativity, your hard work.

3) You've already agreed to the supposition "the CEO (your co-founder) has quite a bit of confidence in the CTO." Why is the CEO unwilling to do the right thing about you and say 'he stays, he was here first, he laid the groundwork, we got where we are because of him and me together, he stays.' That is not a good sign that your cofounder is not backing you up.

4) My older brother was in your situation, part of the original ownership of the firm, they hired a pro outsider to take the reigns to scale it. That outsider's first objective was to bring in his people and he got my brother fired. The reliable cofounders then fired the outsider. Just as in your situation, my brother had invested in the firm. You may not have a reliable co-founder. OR. The CTO is playing 'divide and conquer.' Try to figure out which is the case. If the CEO/your cofounder hedges, you can't trust him.

5) Some companies keep on cofounders even if they're 100% green about business issues. At first, Sergey and Larry (google) did not want any advertising at all. Advertising made google. Larry and Sergey were too dumb about that part. They got talked into it by pro outsiders. Then Larry waited many years but he finally runs Google. He was a grad student with zero business acumen. But they remained loyal and gave him time to learn business strategy, develop business acumen, etc. Neither Larry nor Sergey got pressured out, and if the investors tried 'divide and conquer' to steal the entire business, they underestimated Sergey and Larry's commitment to each other.

You're probably being 'pushed out' and you may be in for quite a battle -- go see an attorney and tell him what's up and do not sign anything in your startup.

Your minimal objective is 100% vesting of all your equity. If your investors get paid, then you -- most likely owner of common shares, not preferred shares -- might also get paid. But if you allow yourself to be pushed out, you've kissed away a chance at some common shares enrichment -- in a company you started. That's a huge deal. Maybe once in a lifetime. Maybe.

sturmeh 5 days ago 0 replies      
Do you own half/part of the company?

If he wants you to leave you should still be entitled to half/part of the company, feel free to leave.

Do what YOU think is best for the company. <--

If for some reason you've been swindled out of owning half/part (or some portion, equivalent to the start-up split) of the company, I think you have a bigger issue outside the scope of this question.

jwatte 5 days ago 0 replies      
Just like a founder is often not the best runtime CEO, a founder is often not the best programmer."A few months" is short of the required experience for a senior software engineer by an order of magnitude. Engineers without experience cause debt that makes the code cost more to maintain over time. All of this is true.

Why did you start up in the first place? To change the world, or to have a place to hang out, or to learn things? Is there another place you can do that better now, at less cost?

Either find a niche where you are creating significant value in the current state of things, or get out to make room. Ask for a negotiated agreement with accelerated vesting of your options if you're not already owning.

blazespin 5 days ago 0 replies      
It's probably up to the board. If they agree with the CTO there is little you can do unless you can get majority shareholders to side with you.
dmourati 5 days ago 0 replies      
I'd move against him, and quickly. Tell the CEO you need unity not divisiveness. You are all for working with the new CTO but he is trying to force you out of the company you founded. There is only one way to deal with people like this: decisively. The fact that you've come here to ask for opinions on this matter suggests that you may lack the inner confidence to survive in a startup. Take this as a learning opportunity. Bone up on your technical skills, hire people smarter than you. Realize that you've been identified as a less than top-tier software developer and use that information to help you figure out where your skills can best help the company succeed. Good luck, move now and go for the jugular.
dscrd 5 days ago 0 replies      
Well, seems like most of the answers here are repeating pretty much the same mantra of this CTO being a douchebag and the champion founder being obviously correct. Please allow me to offer an alternative viewpoint.

I've seen some founders, especially of the technical variety, who manage to get a business running and then attribute all of that to their personal brilliance, and that they therefore deserve all the power in the company. This means that they will be extremely toxic personalities for everyone else, which in turn can easily stunt a company.

I don't know if this is the case here, since we only hear this from your perspective... but it may be that it's not your coding skill actually that is in question, but your interpersonal skills and attitude.

mikekij 5 days ago 0 replies      
Definitely sounds like poor communication between founders.

As an aside, I've been the founding CEO of a company that raised money and was acquired. I think my gifts make me really effective in running a company from idea stage to first revenue. I'm likely not the right person to run that company once there are 1000 employees. I'm fine with that

I don't think there's anything wrong with the exec team asking you to scale back your contributions if your skill set no longer matches the needs of the company. It just sounds like your partners chose a shitty way to go about it.

mmccaff 5 days ago 0 replies      
You helped build something to a point that a job position was created for the CTO, and if you are passionate about what you're working on and eager to learn, it's unfortunate that he took the approach of telling you that you "are not good enough" rather than mentoring you and helping you grow as a developer. I'm sorry for your situation, it's rough.

That said, is this someone who you want to be working closely with? It could be something in your work relationship that is hard to get past. As others have said, understand what you are entitled to in terms of contracts and equity, and try having an open conversation with the CEO if you haven't already. Handle it professionally, and keep in mind that if you are desperately needed now (as you said) that you have some bargaining leverage. :)

gscott 5 days ago 0 replies      
It is important to deal with this, I would suggest getting a number of people to support you then setting him down because this will only get worse. If you leave you will not get any benefit from the company and your investment will shrink as more investors come on. The only way to keep your investment is to stay in the company (or try to get bought out of the company). You should get him replaced. No matter how good he is, he is trying to ruin your life and that is enough to get rid of him asap.
richardw 5 days ago 0 replies      
Aside from the legal aspect, there are two others I think are important.

1) As a founder, you need to do what's best for the company. Whatever that is.

2) You're one of the owners. If you didn't have all the skills required for every aspect, at least you showed up and it got done. You can hire in whatever skills you need, including bringing in a CTO who knows more than you did. Maybe you aren't the right person to run the technical side, etc, but don't be muscled out just because someone is better than you are. Frankly you and the CEO need to stick together - if it's that easy to separate you what stops him from being thrown to the curb when there's a better business guy?

alien3d 5 days ago 0 replies      
A few question of business.Are you a shareholder of the company and have company equity ?Yes - just ignore him.No - just leave the company.

Is is a startup whom promised equity if the company profit /ipo and no pen paper to prove it Yes -leave the company.No - just ignore him.

Most CTO(Chief Technical Officer) and CEO (Chief Execute Officer) are hired by director /co-founder of the company.So nothing he/she will said will effect you(shareholder of the company) at all.If he /she proceed with firing process,said you're ain't director/co-founder.So please do it.

avifreedman 5 days ago 0 replies      
Are you good at seeing the products that need to be created? Writing 'running specification' code (hacking things up)? Do you understand the product space well? Who owns product? Is this something you do or could do? How good is your relationship with your cofounder? There is a lot more that involves tech understanding to be done in a startup than architecture, coding, and managing architecture and coding.
mikekij 5 days ago 0 replies      
This may be an unpopular sentiment, but I would do three things:

1) Hire an attorney to make sure your equity is safe2) Negotiate for an above-market-rate consulting engagement that will continue to pay your bills in return for ~!0 hours a week of consulting and...3) Start something else.

You have a unique skill set that allows you to start company that go on to raise money, generate revenue, and hire people. This is waaay more valuable than your ability to write code at a growth company.

Just my thoughts.

jfoster 5 days ago 0 replies      
It's your company. Even if one aspect of the company has outgrown your abilities, you could definitely find other ways to contribute. Your cofounder ought to be someone you trust. If so, this is something you should also discuss with your cofounder.
tluyben2 5 days ago 0 replies      
Wow. The lawyering up stuff. It is so depressing that the US works like that. Anyway, as someone who fired himself from his own company twice, I would say that he might have a point. You don't lose your shares (if you do, then arrange that you don't) and he is just making things better. If you are (like I was on occasions) the wrong person for the job, he is just making solid management decisions. The paranoid and lawyer crap could be true but often isn't. So you need to find that out. Sounds like you need to move closer to your co-founder in the business or indeed leave and just enjoy your equity.
ilovecookies 5 days ago 1 reply      
Interesting. I was just thinking, do the CTO and the CEO know each other from before? Was it the CEOs idea to hire this CTO maybe? If that's the case maybe this was planned between the CTO and CEO.

Since you're the founder with the focus on the tech aspect (basically you should be the CTO) what was the reason for hiring the CTO in the first place? A CTO that's obviously not a better software developer than you. Hard facts, but maybe it was your partner who planned this since the very beginning.

After you've talked to your lawyer you could possibly strike a deal with the CTO / CEO and go become an employee if you are interested in just keeping on coding for the company. Maybe getting a bonus that if you decide to leave or still be on the companies payroll provided that the company reach a certain revenue / value etc.

gaius 5 days ago 0 replies      
It takes balls to say to your boss, you are damaging the company. Did you hire a CTO or a yes-man? It's time for you to transition to a new role in the company, not coding hands-on but designing new features.

If you wanted a guy to take care of the details but not the big picture, you would have hired a lead engineer NOT a CTO.

bradhe 5 days ago 0 replies      
> This has little sense to me. A startup think about next week and do no plan like that.

Clearly this CTO has his shit together. Seriously! Thats the job of a CTO for a company that has traction. What you claim is only true if the company doesn't yet have some kind of traction.

matttheatheist 4 days ago 0 replies      
Two ways to look a this problem:

Point of View 1:

Did you hire this CTO to make your company succeed? If so, then listen to his expertise and move the f* out of the way. Do not interfere with those who understand what they're doing. Ever.

Point of View 2:

What exactly does the other guy do? Business? What is that, exactly? Ordering pizza? And why can you not do the same thing? If you don't have a set role, then make one up.

Here's my $0.02 (Similar to POV 1):

In business, there is no room for emotions. You have to do what's right: Leave. If you lack the qualifications to contribute in a productive way, then find other people who can, and your company will have a higher likelihood of success. Just sit back, and relax. Make sure you walk away with a nice chunk of equity though, and you'll live a happy life.

suren 5 days ago 0 replies      
Clearly, you are not being valued in this company. At best they are looking at you as cheap labour for next 3-6 months. At worst, you are a founder and a founder leaving is going to raise questions during funding. (Thats why he wants you to leave after 3-6 months after you have raised and not before).

Did you have a launched product/customers when the CTO joined? From your post, I gather that is a no. If so, then your CTO feels you don't deserve your stock. Him and your CEO are trying to cut you off.

Your CEO has not supported you either. He should have been the one talking to you. Not someone you hired unless the CTO has more stake than you which seems unlikely.

If he really thinks you are no longer the right fit for the company, he should have offered to vest you for your money and the time you have put in. And if your work is "not good enough" they should be asking you to leave immediately and not when it is convenient for them. You can't be both needed desperately and not good enough at the same time. To that end, I feel your CTO's ask immature, short sighted and greedy to say the least.

Talk to a lawyer, figure out a deal you could be okay with, try and get that and leave. Them yet to raise another round is a good bargaining chip for you.

ilovecookies 5 days ago 0 replies      
About you code. Alot of coders use different naming/formatting so that's an NON issue when it comes to your code. Also your the freakin co-founder... that CTO should have more important things to worry about than if the founder is writing camel-case / low-dash variables or functions. Testing is also optional, I know there are lots of coders that has written tons and tons of really useful code with little testing that works flawlessly. The main reason for using testing is maintainability, but since you are in the early stages of development you will usually end up rewriting your system later anyway, to a better / more secure version.
practicalpants 5 days ago 0 replies      
I'm imagining two scenarios. Either...

A) You are in fact inexperienced and are damaging the product with your code. If you have less than a year or two of programming (that includes one of those code "bootcamps" too...), then he's probably right. I would probably view you as dead weight, and would not want you on the team.


B) You actually aren't that bad and could contribute to the product positively... especially if it's something like a RoR or Django app which is not the hardest thing to pickup w/o an extensive programming/CS background. In this case, your CTO is possibly an elitist prick. I've worked for a CTO who had pointlessly high standards, especially it being a pre-funded startup where, for example, he shouldn't be freaking out about a few lines of redundancy. He churned through a lot of programmers, was all very inefficient, and I certainly felt like he was power tripping at times. Even if this CTO guy is really good, if he has an abrasive personality and does stuff like I described above, for the sake of the team he should be the one to go. If your product is going places he shouldn't be too hard to replace.

rlucas 3 days ago 0 replies      
webwright's comments are almost alone in having any real wisdom here, IMO. The nerd brigade of HN (a brigade which I know and love) is failing all over itself.

The truth is that equity in "startups" -- defined as that thing we do where we try to create massive equity value by compounding growth at astounding rates -- is something best held by people who are needed and wanted to work in the company on an ongoing basis.

Any other equity outside of the current exec team -- be it owned by departed founders or by old investors -- is strictly a deadweight loss. (for token amounts to advisors, service providers, partner firms, I would see that differently as its expected their greatest contributions lie ahead)

New money in will see a 50% absentee cofounder (or hell a 25 or even 15%) as rendering the company unfundable. And in any case very "hairy."

This semi-autistic ranting about how OP should lawyer up and tell the others to go to hell is insanely misguided. Most likely if a major shareholder is being eased out and wants to make a huge stink, the result is a dead company.

The sane and grow up thing to do is to talk to the cofounders and figure out who wants what, and if OP really is to leave, he should figure out how to maximize his value subject to a few considerations: 1. The odds he company can survive and thrive (e.g. Attract funding, motivate other execs), 2. The odds that if his deal is too rich he'll just med up inducing a need to engineer a cramdown in a future round, and 3. The reputational cost of being a petulant crazy pants vs being a soldier. Yes, this game is played more than once.

Oh yeah, DO lawyer up, but do so in order to achieve the above.

wowsig 5 days ago 0 replies      
Cannot stress more on the part about writing/archiving everything. Relationships between the founders, during the very early days of a startup can swing between extreme brotherhood to extremely sceptical. Everyone is bearing the brunt of pressure and if things are not moving, it is human to delegate the responsibility of performance onto the other guy. I started a content-based startup in my college, and created much of the content myself. The trust that I bestowed upon my other co-founder was futile though. In the end, when things weren't looking up much, he ended up with not giving back the original content to me at all. Since the content was in the form of hand-drawn cartoon strips, I was just left with nothing. I saved up emails, but they didn't achieve much. In the future, the other co-founder tried to do things his way, but he didn't pursue the idea further, and all my hard work of creating just went down the drain. Make sure it doesn't happen to you.
thailehuy 5 days ago 0 replies      
Many people have already made the bad guy out of the CTO. But in my point of view, he's not.

You do admit that your skill is not up to par yet, so in a sense, you are a dead weight to the company (though you are improving, but it's better if you can just hire another good dev)

Now I'm not saying that you should quit the company (hell, it's your company). Remain as a co-founder, or a member of the board of director, or become product owner, agile master whatever you name it, just not a dev. If you really mean it, you can take a pause in your product development, learn more first, then re-join the team, let the team asset your skills to see if you are up to par.

Take a deep breath, and think about the future of the company. Whatever products you are developing, would it sustain this harsh world with your skills? This is the whole point of your decision.

TL;DR: if you are bad, leave the dirty job to others.

kyleblarson 5 days ago 0 replies      
Tough situation, sorry to hear about it. The comments in the thread are very informative. As I read each comment I'm thinking to myself "is this commenter an engineer / founder / vc / etc" and finding that to be an interesting exercise.
rajacombinator 5 days ago 0 replies      
This CTO sounds like scum. He may be 100% correct but it's not appropriate for him to suggest you leaving. Your CEO should man up and fire this guy for starting political infighting. Otherwise the CEO will be ousted next.
gojomo 5 days ago 0 replies      
Make sure you've seen 'Startup.com' (documentary) and 'The Social Network' (useful for the archetypes even with the fictions). If you do wind up as an early founder out, try to be more like the guy in Startup.com, or Jawed Karim (YouTube), rather than Ron Wayne (Apple).
pepon 5 days ago 0 replies      
Fire. CTO. NOW.

You are a co-founder, not an employee. Remember that. It is you company, he works for you. If you would be hired in an company, would you dare to ask to the owner of the company to leave?? It doesn't matter how good or bad are you for the company, it is your company!

Fire him now.

midas007 5 days ago 0 replies      
Founders need to find more ways to be useful.

If you have the hustle, get going on sales and biz dev.

Because all the coding talent in the world doesn't matter if customers aren't buying or don't know about your app.

allworknoplay 5 days ago 0 replies      
This is a tough situation. I have what I think are some relevant recent experiences, but I've signed some agreements and can't just post on the internet. e-mail me at jackphelps at gmail dot com if you want to talk.
robertschultz 5 days ago 0 replies      
Agreeing with everyone here. He has definitely overstepped the line and he is not acting like a true CTO. Part of his job is to ensure he instills a high level of trust and support with the team in addition to the rest of his role. Assuming you're an overall good guy, he should do what he can to ensure you stay as part of the company you helped build, be it bad code or not. And if things are not working out, at least provide the path of what you need to do to make it better as the clause. But either way, it sounds like he's just being an ass with an ego.
kbruner 5 days ago 1 reply      
I'm confused about your talk of vesting. Founders don't vest, they create the stock and sell/give it to others with a dollar amount or vesting schedule. Are you a founder or an early stage employee?
densone 5 days ago 0 replies      
First question I have. Do you at least have a double trigger in your stock agreement.

New CTO / Wants your out. Some stock option agreements have a double trigger where this can make you vest 100%. Make sure to look over it thoroughly.

joncooper 4 days ago 0 replies      
Are there any of: a legal entity, employment agreements, IP agreements, participation agreements?
Jean-Philipe 5 days ago 0 replies      
Being a CTO myself and having worked with smart people that were not as good coders, I think that in your case, the new CTO is just looking for a bad excuse to kick you out. Kicking out somebody who knows the system, product, infrastructure or code base from the beginning is generally a bad idea. Also, the line of professionalism between somebody like you (producing unstructured code without tests etc.) and genious like him is thinner than you think. He's either very arrogant or up to something. In any case, he definitely stepped over the line.
fluorid 5 days ago 0 replies      
Don't shoot the messenger.

Could it be the CEO/the bizguy who wants you to leave? Could he brought up the idea? I can hardly imagine that a hired CTO dares to say something like you wrote without backing.

rajeevk 5 days ago 0 replies      
IMO, there is no point you try to improve your coding skill at this point of time. As a co-founder, you should try to improve on management skills, try to find replacement of your CTO and then fire him
pyrrhotech 5 days ago 0 replies      
dude, you are the founder, he is an employee. You presumably have a lot more control over what happens at the company than he does. If you aren't a great coder, keep learning.
jmcdowell 5 days ago 0 replies      
Since he's not asking you to leave the company but instead to stop writing code, is there work to be done elsewhere in the company?

You might find this talk from Ian Hogarth (Songkick) at Hacker News London Meetup quite relevant. He talks about how he would fill a role at Songkick before getting a more specialised person in to fill that role which would see him moving to another completely separate role within the company which needed to be filled.


smprk 5 days ago 0 replies      
You should definitely follow the advice of getting a legal counsel and dealing with the issue now as opposed to later.

Also, you should

1. Clear your thoughts around what you want for your company at this point in time, in the near future, and in the long run.

2. Understand what role you envision yourself and your fellow co-founder playing in the above scheme of things.

3. With thoughts around these two areas cleared up, you should sit and talk about this with your co-founder at the earliest.

Im_Talking 4 days ago 0 replies      
I haven't read all comments so excuse me if this has been mentioned, but you should hand in resignation now with minimum of notice period.

You say that you are currently desperately needed now, so your leverage to work-out an equitable legal arrangement with them will never be greater than now. As you said, in 6 months you may not have any leverage.

Just my $0.02.

Im_Talking 4 days ago 0 replies      
Sounds like this CTO will have more support than you. Time to move on.

Don't understand why everyone is talking lawyers. I'm sure that you have an equity stake which value will be helped by this new CTO. If you have no equity and (as you say) are a founder, then you are out-of-luck and no legal magic can solve this. Move on and leave on good terms. You never know.

napolux 5 days ago 0 replies      
Hire an attorney, and leave with all the shitload of money you can grab from these (not thankful) guys. What the other cofounder says about this situation?
Silhouette 5 days ago 0 replies      
EDIT: He's not asking me to leave now, since I'm still desperately needed, but in 3-6 months time after we have raised more funding.

Then you are in a relatively strong bargaining position now, but it will probably get dramatically weaker very soon if you do not act.

I agree with those who said you need to take proper legal advice about how secure whatever stake you have in the company really is if they try to take it from you. For example, it is surprising that you mentioned any problems with vesting; as a co-founder, do you not have a certain share of the equity outright? Remember that you are wearing at least two hats here, one as co-founder/investor/equity holder and the other as original chief geek, and hopefully these are completely separate.

In any case, if they need you to get to the big time, then you are in a good position to negotiate mutually acceptable terms for your future and should take immediate steps to do so. It sounds like the best outcome might be a (hopefully amicable) separation, if the professional relationship doesn't look like it has a future, but in that case you're well within your rights to expect fair compensation for anything you're giving up.

But before you do anything else, talk to a lawyer who specialises in this kind of subject, discuss the details of your exact situation, and take advice accordingly.

YuriNiyazov 5 days ago 0 replies      
Doesn't he work for you? You are a founder, after all.
michaelrhansen 5 days ago 0 replies      
As mentioned I would have a lawyer review your contracts thoroughly. When money starts coming in the door, the game changes completely. Situations can be brutal, don't be one of the sad stories.
BigBalli 5 days ago 0 replies      
He does have a point.It's not common because usually higher-ups always remind people who's in charge.It's up to you, but if you decide to stay you need to be more affirmative and build self-esteem.
jbverschoor 5 days ago 0 replies      
You hired the right guy, he's technically better than you Congrats!

So the second part is basically you getting a new job in the company. If there really is no place for you (which I would doubt) then you still keep some equity and go on.

Thiz 5 days ago 0 replies      
Stop coding.

Secure your equity.

Get a lawyer.

Fire the CTO.

In that order.

hoboerectus 5 days ago 0 replies      
Does the code you write reduce the costs or increase revenue of the business? Get those numbers together and compare them to the rest of development. If they compare favorably, share them with the CTO. If not, find a way to increase them.
crater500 5 days ago 0 replies      
First of all the CTO was hired to fix the shit they were hired for. Secondly, that amount of disrespect from a new employee who did not risk anything to start a start-up should be fired immediately. Kick that a-hole to the curb as they will be a cancer in the company.
randomflavor 5 days ago 0 replies      
Are you and your partner equal partners? Can you do more stuff on the biz side? product management/dev side? He's prob right, you shouldnt be coding enterprise level delivery with hackery crappy code. Be of service elsewhere or it will be a pain in the ass.
bowlofpetunias 5 days ago 0 replies      
And here HN shows it's true colors. It's all about competence and meritocracy until it affects a founder.

I've seen companies being run into the ground because founders remained in positions they weren't competent for. My guess is the CTO has seen the same, and he has no intention of taking the fall for that.

No, he hasn't overstepped his boundaries, if this kind of situation continuous he may as well hand in his own resignation. He's doing what he's been hired to do.

RollAHardSix 5 days ago 0 replies      
He works for you. Tell him to go fuck himself. He's way overstepped his boundaries.
sunny1304 5 days ago 0 replies      
is it possible that you stop writing code for few months, revisit your programming skill and meanwhile remain active on administration level ???If you think ur coding is not good, then there is always a chance to improve.And leaving the company is out of question. You have founded it. So you MUST be there because every story dont end like Steve Job's firing from Apple.
darksim905 5 days ago 0 replies      
He's throwing you out & fucking you over. If you're a founder you stay a founder unless you did something horribly bad.
tuke 5 days ago 0 replies      
It sounds like you're a good coder . . . because you care. Just saying'
beachstartup 5 days ago 1 reply      
there's plenty of other good tactical advice here, but i would like to say something more general:

this is the point in your life where you decide to be a lion, or a lamb. the hyenas are circling and they're not going away.

notastartup 5 days ago 1 reply      
He has NO point. He has no right to mouth you off like this. Take a cue from The Social Network.

    [leans down close to Mark, his voice low and dangerous]     And I'll bet what you hated the most was that they     identified me as a co-founder of Facebook, which I am.     You better lawyer up asshole, because I'm not coming     back for 30%, I'm coming back for EVERYTHING.        [backs away from Mark slowly, still looking at him]
Hint, that is what you should be getting ready to do. If he runs his mouth like this again, fire his ass, he's trying to snake his way in.

whatevsbro 5 days ago 0 replies      
Try and find out if the CTO is the only problem, ie. he's not conspiring with the other founder.

If the CTO is acting alone, get rid of him and continue with the business. If not, ruin their fundraising chances, cut your losses and move on to bootstrap a business on your own.

A prolonged fight won't do you any good.

innocentius 5 days ago 0 replies      
Have you read Kafka's The Trial?
jesusmichael 5 days ago 0 replies      
Wow... now that is a pickle.

Take a step back. Is his criticism sound? If in a perfect scenario, where you had a real development team, would you be the weak link? Is that true?

If the answer is yes... and you still feel passionately about the work the company is doing. Talk to your partner and find a position you can transition into. Don't hold back the company's progress because you want you're own private lesson in enterprise development.

If its not... Discuss firing this guy immediately... Nothing will destroy a company faster than disharmony among the core group. You and your partner have to be on the same page. There cannot be a little birdie sowing the seeds of insurrection. Hand this guy his hat and find someone else. Don't think about it just do it.

Only do this after you've thought thru his comments and objectively come to a conclusion about them. Consultants are paid to deliver the hard truth, and sometimes it may sting, but you'll get over it.

If it's time for you to leave... or that's the direction its headed. Get your equity memorialized fast while you're needed... don't let anyone sleep on that.

Good luck kid...

hackchir 5 days ago 0 replies      
Fire the CTO, asap!

Do not underestimate yourself, you can code and be very helpful to the company. You definitely do not need that type of CTO at this point.

Comments like "your code is not good enough" are completely subjective and if anything show malicious intent to cut you off.

I would talk to a lawyer in terms of what is the best way to do it though, such as you can maintain your equity and influence in the company.

DO NOT let that a-hole take advantage of your hard work and dedication you have put in your OWN company!

Extend Python 2.7 life till 2020 python.org
352 points by oal  5 days ago   278 comments top 36
drewcrawford 5 days ago 4 replies      
There are a lot of comments here from people who aren't on the python-dev list and don't really understand what this diff actually means.

The core developers are not required to maintain 2.7 post-2015, and most of them won't be involved in it. That part hasn't changed.

What is happening is that Red Hat is preparing to cut a RHEL 7 release, which AFAIK depending on how much you pay them they support for 13 years. So they will need to figure out how to support 2.7 themselves at least through 2027.

Here is where I am reading between the lines. RH are well within their right to fork Python and keep their maintenance patches to themselves and their customers (Python's not copyleft). But, they are nice guys and so maybe they are willing to upstream their changes at least for awhile if there is still a Python project willing to accept them. Again, this is my speculation based on the ML discussion, not what RH has actually said they will do.

An analogy can be made to Rails LTS, a commercial fork of Rails 2.x that patio11 was involved in [0]. Inevitably somebody is going to step in to support 2.7, and so let's see what we can do to avoid a situation where the only way to keep running 2.7 is to subscribe to RHEL.

Meanwhile, there are some large companies that use 2.7 extensively on Windows (e.g. Enthought, Anaconda) and the thinking goes that somebody can probably be found to produce a Windows installer once in awhile, assuming that Python.org will still host a download.

So really what is happening here is not very exciting. The core committers aren't doing anything different than leaving the project as originally planned. What is happening is that they will leave the lights on in the source control repository and on the FTP server, so as to capture the free labor from people at large companies who have an interest in continuing to support 2.7.

The alternative is that RH and other vendors create proprietary and expensive forks of Python 2.7. That may end up happening anyway, but it will take longer for your employer to notice you should stop contributing your patches back if binaries still appear on python.org and you don't have to ask IT to set up SCM and a bug tracker, etc.

[0] http://www.kalzumeus.com/2013/06/17/if-your-business-uses-ra...

chimeracoder 5 days ago 7 replies      
This is really disappointing to see - I fear that it will slow adoption of Python 3 even further, when it was just reaching a tipping point[0].

When I first learned Python, I learned Python 3 first because it was newer, and I figured everyone would be using it soon enough. Little did I know that Python 2 would continue to be supported for over ten years after that!

Some people make a big deal about figuring out "which" Python to learn - that's not really much of an issue, because Python 3 isn't so different from Python 2 that it's hard to pick up the other very quickly (especially given how much has been backported to 2.7). But it's unfortunate to see people continuing to write new code in Python 2.

[0] http://python3wos.appspot.com/

Udo 5 days ago 3 replies      
Speaking as a Python outsider, this looks pathological. If backwards compatibility is such a big hindrance in switching from 2 to 3, why not ship a v2 legacy fallback interpreter along with the new stuff? If you wanted to make it fancy, you could even make a 3-to-2 bridge that allows people to run v2 code from v3.

Am I missing something here?

eliben 5 days ago 2 replies      
I think many folks are reading too much into this. "Extended lifetime" is bug-fixes. The final planned release is 2.7.9 in 2015 - beyond that there will be source-only releases for major security problems. No new features, no non-critical bug fixes.

So this isn't really making Python 3 any less appealing. But the Python core developers cannot with a calm heart abandon all the users of 2.x, given the state of adoption today.

yason 5 days ago 3 replies      
How I'm not surprised.

Python 3 didn't offer anything that would have been so useful and desirable that people would've jumped on it the moment it was released. In fact, it was actually a bit worse than Python 2 when it was out and those Python 2 users could continue enjoying loads of libraries to go with, and of course they knew how to navigate around Python 2's quirks so why bother. Sadly, this is still what I think of Python 3: "Why bother?".

Python 3 didn't have enough to warrant a 'v3', really: Python 3 could've just been Python 2.7 if it wasn't for the religious backwards compatility in Python, which, ironically seems to matter a lot. The syntactic and semantic differences weren't big enough that Guido couldn't have worked around the most important improvements into 2.x line and dropped less relevant stuff (like removing 'print' statement etc).

Even if Python 2.7 would've needed some changes to existing libraries, the psychological barrier would've been lower. It's about "Fixing my lib to work with Python 2.7 which is top of the line today" versus "Porting my lib to Python 3.0 which will be the official Python in a few years": guess which one sounds more appealing? Note that the amount of work in both cases wasn't that big.

I think mainstream Python will be 2.x till Python 4 is out.

wirrbel 5 days ago 0 replies      
The best way would be to release a python 2.9 which incorporates most of the changes from 2 to 3 but the unicode change.

The between Python 2 and Python 3 was just too wide. Even with breaking changes, with a small people will just migrate eventually. Migrating projects drag each other over the "barrier" just like water in a hose can be sucked over a wall.

The issue definitely was not the print command, but other things such as ``iteritems()``, etc - by themselves not much to keep you from migrating, but there is a pile of these boring changes next to the big one (unicode).

I think Guido overestimated the appeal of the new unicode handling and underestimated how resentful people are to change. I figure that at least 1/4 of programmers are actually very opposed to each and every migration and a new version has to have enough incentives to counterbalance this built-in conservativeness.

crusso 5 days ago 5 replies      
I just got back into some Python programming after a 2+ year hiatus from the language.

I'm stunned that this 2.x vs 3.x debate is still happening and that 99% of all libraries in use* haven't been converted to 3.x. I like the language, but ... damn... If it weren't for the scikit/numpy stuff, I'd stick with Ruby. The Ruby community seems much less fragmented and wants to see the language move forward. It helps a lot that the 800 pound gorilla, Rails, keeps up with Ruby releases.

edit:* By that, I mean that the conversion rate for commonly used libraries hasn't hit 99%.

makmanalp 5 days ago 5 replies      
I see many comments talking about how this will slow down the migration process. But I don't think the situation is that bad.

Most of the py3 wall of superpowers is now green (https://python3wos.appspot.com/) with boto, mysql-python, nltk, python-openid being some of the rare few in terms of not having great py3 alternatives. And most of these have ports on the way already.

So one interesting effect of this is that now that there is some critical mass and people are starting new projects in python3, there is now pressure on package maintainers to have py3 ports. So it's users dragging the packages forward now rather than the packages dragging the users backwards.

overgard 5 days ago 2 replies      
The lesson here is that it's important to "sell" new versions of anything. You can't just expect people are going to upgrade because it's the new hotness. Older versions of your own software are often your biggest competitor. (See also: Microsoft and Windows 8).
TazeTSchnitzel 5 days ago 4 replies      
Oh for god's sake. Kill the damn thing already.

PHP 4 to 5 was a massive leap compared to Python 2 to 3, but they actually made that leap!

shadowmint 5 days ago 0 replies      
To be fair, what was the reasonable alternative?

Cede control of python 2.x to vendors who continue to demand support and bug fixes?

That would be a disaster; it'd be a moment away from new features and a 2.8 'cant believe its not python'.

reality_czech 5 days ago 3 replies      
This is the path that all dynamically typed scripting languages must follow. Over time, change becomes impossible because the lack of typechecking or static analysis tools means that any change might break something in a subtle and hard-to-diagnose way. And so the language grows by accretion. You end up with something like bash or perl, where there are a million ways to do any one thing. Each way was added at a particular phase of the language's life, and it could never be removed after that. And so the language becomes difficult to learn and unattractive to newcomers, so another scripting langauge pops up, and the cycle of life begins again.

Compare this to a language like golang, where you can just run "go fix" on your code to update it to the latest version. And you don't have compatibility hell, because when you distribute your application, it's a standalone binary. Stuff like go is the future. Get off the dynamic language hamster wheel.

username223 4 days ago 0 replies      
Good news. They have another 5-6 years to recognize their mistake and cut Python 3 loose from Python, like Perl did with Perl 6. It's interesting how the same underlying mistake manifests itself in different cultures: Perl 6 was "we'll break all your code, but give you gonzo new features that we hope are useful." Python 3 was "we'll break all your code, but soothe some pedants and browbeat you into accepting the result."
borplk 5 days ago 2 replies      
Damn. I hope my grandchildren see the day when Python 3 is commonplace.
Ellipsis753 4 days ago 1 reply      
I just thought I'd like to know what Hacker News thinks.Will Python 2.x ever die?

I'm still writing lots of code with it and even quite a lot of new code. It's been around for ages and it feels like almost no libraries have been ported to 2.x yet. On a couple of occasions I've started a project with Python 3.x just to drop it or move to Python 2.x as a library I need doesn't seem to exist for Python 3.x and I don't want to port it over myself. I've never had this issue with 2.x (no libraries support 3.x only.)

Most Python 3.x "killer features" have been back-ported to Python 2.x and I honestly feel little reason to upgrade myself now. When support for Python 2.7 is officially dropped we could fork it and continue. I would hope it wouldn't take huge amount of effort for some people to support it? Just fix bugs and security issues and take pull requests? In that way might Python 2.x even outlive Python 3.x or at least remain more popular?

PythonicAlpha 5 days ago 1 reply      
This is a result of some not so optimal design decisions in the past.

I remember, when Py3 first came out, everything was incompatible -- unnecessary incompatibilities like the u" notation for Unicode string literals that was dropped. Unnecessary incompatibilities in the C-extension-module implementation layer. And so on. The list of incompatibilities was just huge.

Later several of them where dropped, like the string literal trouble ... But than the trouble was already done. Many extension modules where not lifted to the new version, since the overhead was to big.

I think, many more projects would have adopted Py3, if more extension modules would support it.

The huge library of extension modules was always the strength of Python. Now we have many projects still running on Py2, because Py3 did ignore this strength.

piokuc 4 days ago 0 replies      
Years ago, when I first heard about Python 3 and plans to improve the language my first thought was "Yes! Multi-line lambdas are coming!", then I started reading more and found out that Guido actually wanted to _remove_ lambdas all together. I still remember the state of shock I was in after reading that, and a sinking feeling.

The lambdas stayed, fortunately, but, unfortunately, I'm still convinced the whole project was a bad idea. The cosmetic changes which make Python 3 incompatible with Python 2.7 are just not worth the trouble of breaking the compatibility. Has anybody ever tried to estimate the man-hours needed to port the myriads of great Python 2.7 libs to Python 3 and weight it against the advantages of subtle language improvements? I don't think so. Plus, the big Python's problems like GIL are still there in Python 3...

If it was up to me I would drop Python 3 and focus the development effort of the community on improving PyPy and porting libraries to it.

andr 5 days ago 3 replies      
Since there still won't be a Python 2.8, I read this as the mainstream Python not evolving one bit for the next 6 years. For me, this would be grounds for moving to a different language.
undoware 5 days ago 0 replies      
...also, he's renamed it "Python XP"
dehrmann 5 days ago 0 replies      
The Python shop I used to work at, and this is a shop with some pretty big fanboys and apologists, wasn't able to upgrade because of library support, and these are people who would like to.
bmoresbest55 5 days ago 1 reply      
I understand that changing to Python 3 can be expensive but really all that any company or person is doing is prolonging the inevitable. If they have a good product/app/etc. that will last it will have to change to Python 3 and sometime in the future, right? Why keep waiting? Why support something that is considered by it's makers to be inferior? I really would like answers to these questions, if someone is willing.
gaius 5 days ago 1 reply      
By 2020 everyone will have moved onto OCaml anyway.
danso 5 days ago 1 reply      
For reference's sake:

Python 2 was released Oct. 2000 and so will have a 20-year lifetime now. http://en.wikipedia.org/wiki/Python_(programming_language)#H...

Ruby 1.8, which was retired last year, had 10 years of life:https://www.ruby-lang.org/en/news/2013/06/30/we-retire-1-8-7...

Obviously, version numbers don't mean the same thing...and Ruby 1.8.x to Ruby 1.9.x (or even 2.x) seems less of a jump than 2.x to 3.x.

ishbits 5 days ago 2 replies      
Anyone know if RHEL 7 will ship with Python 3 in the base, even if not default? That could go a long way to boosting Python 3 adoption.

I know it's in SCL, but that lacks convenience for a lot of users.

lucb1e 5 days ago 4 replies      
This seems weird to me. Won't this cause a fork in Python at some point, where the 2.7 developers continue on 2.8 or rename it entirely, and another fork continues on what is now Python 3?
Walkman 5 days ago 0 replies      
I just purged Python 3 from my computer. Will not serve much in the next 5 years I guess...
stefantalpalaru 5 days ago 1 reply      
I still want to see a Python 2 fork getting the care it deserves. I don't trust the motivations of its current developers.
andhess 5 days ago 2 replies      
Wow I'm very disappointed. I keep making the effort to transition more to 3, but am frustrated to see so many dependencies only work with 2.7, and thus maintain both libraries. I am tired of this limbo.
estebanrules 4 days ago 0 replies      
Can anyone point me in the right direction of an article that sums up how this whole fragmentation started? I'm curious to know the history.
gkya 5 days ago 0 replies      
Which kind of means forever?
sigzero 5 days ago 0 replies      
That is a huge mistake.
estebanrules 5 days ago 0 replies      
I really thought this thread was a prank or joke when I saw the title. Sadly, it's not. The whole 2.7 / 3.x debacle is a large part of why I I have more or less stopped coding in Python and moved on to Ruby. The community is a large part of it as well.
crimsonalucard 5 days ago 0 replies      
This is like windows XP.
ssweens1 5 days ago 1 reply      
Viva la 2.7!!!
mirsimiki 5 days ago 0 replies      
open a shell and type 'import antigravity'
SEJeff 5 days ago 3 replies      
Python 2.7.7 aka the Duke Nukem Forever edition!
How Americans Die bloomberg.com
350 points by minimax  1 day ago   140 comments top 31
tokenadult 1 day ago 3 replies      
About three or four slides in you get the take-away message, which is often missed in discussions about mortality here on Hacker News: "If you divide the population into separate age cohorts, you can see that improvements in life expectancy have been broad-based and ongoing." And this is a finding that applies not only to the United States, but to the whole developed world. I have an eighty-one-year-old mother (born in the 1930s, of course) and a ninety-four-year-old aunt (born in the 1920s) and have other relatives who are quite old and still healthy. Life expectancy at age 40, at age 60, and at even higher ages is still rising throughout the developed countries of the world.[1] An article in a series on Slate, "Why Are You Not Dead Yet? Life expectancy doubled in past 150 years. Heres why."[2] explains what incremental improvements have led to better health and increased life expectancy at all ages in the United States. The very fascinating data visualizations in the article submitted today highlight the importance of research on preventing suicide, reducing drug abuse, and preventing senile dementia such as Alzheimer disease, which is where some of the next progress in prolonging healthy life will have to come from.

Professional demographers try to think ahead about these issues, not least so that national governments in various countries can project the funding necessary for publicly funded retirement income programs and national health insurance programs. Demographers have now been following the steady trends long enough to make projections that girls born since 2000 in the developed world are more likely than not to reach the age of 100,[3] with boys likely to enjoy lifespans almost as long. The article "The Biodemography of Human Ageing"[4] by James Vaupel, originally published in the journal Nature in 2010, is a good current reference on the subject. Vaupel is one of the leading scholars on the demography of aging and how to adjust for time trends in life expectancy. His striking finding is "Humans are living longer than ever before. In fact, newborn children in high-income countries can expect to live to more than 100 years. Starting in the mid-1800s, human longevity has increased dramatically and life expectancy is increasing by an average of six hours a day."

I was in a local Barnes and Noble bookstore back when I was shopping for an eightieth birthday gift (a book-holder) for my mom, and I discovered that the birthday card section in that store, which is mostly a bookstore, had multiple choices of cards for eightieth birthdays and even for ninetieth birthdays. We will be celebrating more and more and more birthdays of friends and relatives of advanced age in the coming decades.

[1] http://www.nature.com/scientificamerican/journal/v307/n3/box...

[2] http://www.slate.com/articles/health_and_science/science_of_...

[3] http://www.prb.org/Journalists/Webcasts/2010/humanlongevity....

[4] http://www.demographic-challenge.com/files/downloads/2eb51e2...

wtvanhest 1 day ago 1 reply      
The data is interesting, but somewhat difficult to draw conclusions from without considering how different rates are impacting other rates. What is really noteworthy here is the approach to showing the data. Its effortless to scroll through.

Here are some things I noticed after the fact:

1. I naturally wanted to finish the presentation and was compelled to click to see if there were any amazing insights.

2. After the fact, I have no idea how I even advanced the presentation, all I knew was that I clicked something. It was 100% natural.

It fully pulled me in. I can't remember if there were ads on the sides or more information.

[added] I went back and looked at it again and I think what made it so flawless is that the first page gave me no option but to click the right hand arrow which taught me what to look for. I clicked the right arrow, and then I knew to click it again to advance. The progress dots on the top let me know that I didn't have much time left. Really amazing work here.

webwright 1 day ago 3 replies      
Ugh, the fact that many of these charts show raw # of deaths versus deaths/100k really masks how much things have improved. In 1968, the population was 64% of our current population... So a flat line is actually a pretty massive improvement.
minimax 1 day ago 0 replies      
If you liked this, you might enjoy some of their previous articles. It's interesting to see them iterating on the technique.

Consumer spending (from last December): http://www.bloomberg.com/dataview/2013-12-20/how-we-spend.ht...

Housing prices (from February): http://www.bloomberg.com/dataview/2014-02-25/bubble-to-bust-...

brudgers 1 day ago 4 replies      
"And, how do suicide and drugs compare to other violent deaths across the population? Far greater than firearm related deaths, and on the rise

In 2010, 19,392 of the 38,364 suicides were "by discharge of firearm" [the same term used for classifying 11,078 homicides and 606 accidental deaths]. Seems a bit odd that the report classifies the accidents and homicides as "firearm related deaths" but the suicides as unrelated.

From a public health perspective, a 50% reduction in suicide by firearm would save more lives than the complete elimination of HIV deaths or cervical cancer deaths or uterine cancer deaths.


ef47d35620c1 1 day ago 2 replies      
I heard once that one cigarette a day as a stress relief may actually extend your life. I'm not sure about that, but I do think we need to be mentally and emotionally healthy too. Our health and well-being is not purely physical.

I would think that happy people who are not constantly under stress live longer.

mberning 1 day ago 6 replies      
Any info on how they create these visualizations? Are they using any particular libraries or frameworks?
imgabe 1 day ago 1 reply      
So in 1968 all age cohorts had the exact same mortality rate of 100 per 100,000? Why is that?
ABNWZ 1 day ago 4 replies      
"This is particularly striking since cancer and heart disease - the two biggest killers for 45-54 yr olds - have become much less deadly over the years"

Except your graph shows that cancer death rates have increased by almost 20% from 1968-2010... Am I missing something here?

richev 1 day ago 4 replies      
Very nice graphs and visualisations, but am I alone in finding most of them hard to understand?
rpedela 1 day ago 4 replies      
The part about suicides is pretty interesting and perplexing. Are there any insights into why the rate has increased?
Pxtl 1 day ago 0 replies      
Maybe we should have a war on drugs, then. I'm sure that would work.

Getting guns out of our communities is probably easier than getting drugs out of them, not to mention mental conditions that lead to suicide.

drinkzima 1 day ago 0 replies      
Pretty incredible user experience on mobile, haven't seen graphs that look that good in a mobile web browser (and interactive no less).
kafkaesque 1 day ago 1 reply      
I got the presentation's/graph's main takeaway, but did anyone else notice that women's mortality rate hardly changed since 1968? Why was this, I wonder? Is this a population thing or because women were mostly kept inside doing safer house duties or what?
infosample 1 day ago 4 replies      
Black males die at such a higher rate from AIDS. Are they having that much more unprotected sex, taking that many more drugs from dirty needles, or getting that much inferior treatment than the general population?
cheetahtech 1 day ago 3 replies      
It interesting to see that drugs and suicide are the highest causes of death, well over that of guns. But we seem to be progressing more towards a drug open world and gun closed world. Do you see the Irony?
dclowd9901 1 day ago 0 replies      
If whomever contributed to the code on this is around, could you give us some insight into building this app, or do a writeup? I'd be super interested to see how you designed/architected such a smooth and experience.
jmnicolas 17 hours ago 0 replies      
I don't care much about the topic, but I thought this is a great way to present data !
dmritard96 1 day ago 0 replies      
"progress stopped in the mid 1990s"maybe i am missing something but it seems like the mortality rate would be a lagging indicator progress hence progress would have "stopped" earlier?

Not that I necessarily would say it stopped at all...

bittercynic 1 day ago 1 reply      
I couldn't figure out any way to navigate without using the mouse.
matthewisabel 1 day ago 1 reply      
I created a visualization on a similar topic that looked at mortality rates state-by-state using the 2010 census data. It was on HN about six months ago.


devanti 1 day ago 0 replies      
Surprised how nice the visualization looks, given how ugly the Bloomberg terminal is
0003 1 day ago 1 reply      
Any reason why the 75-84 group was out living the 85+ group until recently?
RobotCaleb 1 day ago 0 replies      
That's neat, but it's very hard to tell the colors apart.
fophillips 1 day ago 0 replies      
Need some error bars on that data.
brokenrhino 1 day ago 0 replies      
I wonder is the drop in car accident death caused by;1) Cash for clunkers taking old dangerous cars off the road so the fleet consists of more newer safer carsor;2) People driving less since the recession and the gas price increases
jon_black 1 day ago 1 reply      
Everyone knows that the most Americans actually die in terrorist attacks. How else can you justify such emphasis on fighting it? Hmmmmmmmm.
dragontamer 1 day ago 0 replies      
<script src="global/js/jquery-1.8.3-min.js" charset="utf-8"></script>

<script src="js/modernizer.2.7.1.js" charset="utf-8"></script>

<script src="js/underscore.1.5.2.js" charset="utf-8"></script>

<script src="global/js/less.js" charset="utf-8"></script>

<script src="global/js/d3.v2.js" charset="utf-8"></script>

<script src="js/jquery.cycle.all.js" charset="utf-8"></script>

It looks like the majority of this visualization was from the D3.js library. I've been seeing more and more web-documents of this style, it must be because of the rise of D3.

EGreg 1 day ago 0 replies      
"That's why total deaths in the 75+ category has stayed constant"

I thought that was a particularly funny statement. Reminded me of the onion: http://www.theonion.com/articles/world-death-rate-holding-st...

joshuak 1 day ago 4 replies      
So to achieve longevity escape velocity [0]

1. Don't have unprotected sex if you're less than 44 years old.

2. Don't kill yourself, or do drugs, if you're less than 54 years old.

3. Invest heavily in heart disease, cancer, and alzheimer's research.

[0] http://en.wikipedia.org/wiki/Longevity_escape_velocity

ihodes 1 day ago 5 replies      
Probably the four most important things you can do to change your odds of making it past 80 are:

    1. Not smoking.    2. Eating healthily (fiber, vitamins, low sugar; this is a nascent field).    3. Exercising regularly.    4. Wearing sunscreen and minimizing sun exposure.
These will collectively reduce your risk of common cancers significantly, as well as protect against heart disease. Additionally, they can help strengthen your immune system and body against other diseases that e.g. the malnourished or obese would be more likely to succumb to.

Ask HN: What source code is worth studying?
346 points by SatyajitSarangi  1 day ago   160 comments top 74
sillysaurus3 1 day ago 11 replies      
== Vim or Emacs ==

Just pick one and force yourself to use it to the exclusion of other editors. Future you will thank you later, because you'll still be using it 20 years from now. "We are typists first, programmers second" comes to mind. You need to be able to move chunks of code around, substitute things with regexes, use marks, use editor macros, etc.

== 6.824: Distributed Systems ==

http://pdos.csail.mit.edu/6.824-2013/ Do each lab. Read the discussion and rtm's course notes.

== Tarsnap ==

https://www.tarsnap.com/download.html How to write C. Study the "meta," that is, the choice of how the codebase is structured and the ruthless attention to detail. Pay attention to how functions are commented, both in the body of the function and in the prototypes. Use doxygen to help you navigate the codebase. Bonus: that'll teach you how to use doxygen to navigate a codebase.

== xv6 ==




Read the book. Force yourself to read it in its entirety. Use the source code PDF to study how to turn theory into practice.

== Arc ==


You're not studying Arc to learn Arc. You're studying Arc to learn how to implement Arc. You'll learn the power of anaphoric macros. You'll learn the innards of Racket.

Questions to ask yourself: Why did Racket as a platform make it easier to implement Arc than, say, C/Golang/Ruby/Python? Now pick one of those and ask yourself: what would be required in order to implement Arc on that platform? For example, if you say "C," a partial answer would be "I'd have to write my own garbage collector," whereas for Golang or Lua that wouldn't be the case.

The enlightenment experience you want out of this self-study is realizing that it's very difficult to express the ideas embodied in the Arc codebase any more succinctly without sacrificing its power and flexibility.

Now implement the four 6.824 labs in Arc. No, I'm not kidding. I've done it. It won't take you very long at this point. You'll need to read the RPC section of Golang's standard library and understand how it works, then port those ideas to Arc. Don't worry about making it nice; just make it work. Port the lab's unit tests to Arc, then ensure your Arc version passes those tests. The performance is actually not too bad: the Arc version runs only a few times slower than the Golang version if I remember correctly.

== Matasano crypto challenges ==

http://www.matasano.com/articles/crypto-challenges/ Just trust me on this one. They're cool and fun and funny. If you've ever wanted to figure out how to steal encrypted song lyrics from the 70's, look no further.

== Misc ==

(This isn't programming, just useful or interesting.)

Statistics Done Wrong http://www.statisticsdonewrong.com/

A Mathematician's Apology http://www.math.ualberta.ca/mss/misc/A%20Mathematician's%20A...

Surely You're Joking, Mr. Feynman http://web.archive.org/web/20050830091901/http://www.gorgora...

Zen and the Art of Motorcycle Maintenance http://www.arvindguptatoys.com/arvindgupta/zen-motorcycle.pd...

== Above All ==

Don't fall in love with studying theory. Practice. Do what you want; do what interests you. Find new things that interest you. Push yourself. Do not identify yourself as "an X programmer," or as anything else. Don't get caught up in debates about what's better; instead explore what's possible.

stiff 1 day ago 1 reply      
I think you get more benefit from reading code if you study something very close to what you are working on yourself, something in the same domain, in the same framework perhaps, or at least in the same programming language, at best something you are deeply involved in currently.

I never seem to get enough motivation to read deeply into random "grand" code bases like Lua or SQLLite, but some months ago I got into the habit of always studying a bunch of projects that use a given technology before I use this technology, and it greatly decreased the amount of time it takes me to get to a "idiomatic" coding style. So instead of diving in a random, I would recommend making researching existing code-bases related to what you are currently doing an integral part of your workflow.

willvarfar 1 day ago 1 reply      
Fabien Sanglard http://fabiensanglard.net has some excellent code reviews on his website, particularly games.

You could read some of the code-bases he reviews, and then read his review. You'll be able to compare and contrast your opinions with his, and if there's interesting variation you can blog about it ;)

robin2 1 day ago 0 replies      
Slightly off topic, but Peter Seibel's take on the idea of code reading groups, and the idea of code as literature, is interesting: http://www.gigamonkeys.com/code-reading/

"Code is not literature and we are not readers. Rather, interesting pieces of code are specimens and we are naturalists. So instead of trying to pick out a piece of code and reading it and then discussing it like a bunch of Comp Lit. grad students, I think a better model is for one of us to play the role of a 19th century naturalist returning from a trip to some exotic island to present to the local scientific society a discussion of the crazy beetles they found."

The reason this is off topic is that it sounds like you were after interesting specimens anyway. I don't have any code examples as such, although if algorithms count I'm particularly fond of Tarjan's algorithm for finding strongly connected components in a directed graph, and the Burrows-Wheeler transform (as used in bzip).

fotcorn 1 day ago 2 replies      
The Architecture of Open Source Applications book[0] gives a high level overview on many open source projects. It's a good starting point to dive into the code of these projects.

[0] http://aosabook.org/en/index.html

oneeyedpigeon 1 day ago 1 reply      
To mix things up a bit, I'm going to give two very small examples of code that can be understood quickly, but studied diligently. Both are in JavaScript, which I notice you mention specifically in another comment:

[1] Douglas Crockford's JSON parser. Worth a look because it is excellently commented and is easily understandable https://github.com/douglascrockford/JSON-js/blob/master/json...

[2] Bouncing Beholder. A game written in 1K of highly obfuscated code, which the author expands upon here. Worth it because it teaches some crazy optimisation techniques that are applicable to all programming, but also includes plenty of javascript-specific trickery. http://marijnhaverbeke.nl/js1k/

dailo10 1 day ago 1 reply      
Python Sudoku Solver by Peter Norvig -- an elegant solution in one page of code. When I read this, I felt like code is art.


davidw 1 day ago 0 replies      
I'm partial to the Tcl C code:


It's very nicely commented and has a nice, easy to read style throughout (except for the regexp files).

pcx 1 day ago 0 replies      
I've heard lots of people sing praises for Redis source - https://github.com/antirez/redis. A cursory look into the source shows a very well documented code-base. It's one of the top items in my to-read-some-day list. Salvatore is an excellent C programmer and takes a lot of pain in writing good documentation, despite his not so great English skills. A shout out for him, thanks for setting an example.
raverbashing 1 day ago 0 replies      
The Linux Kernel

Very clean (mostly) and very revised C code, following a strict code convention

(Of course it's kernel code, so some things don't apply to userspace, still)

pavlov 1 day ago 0 replies      
I learned a lot from the Cocotron source:


It's a free cross-platform implementation of Apple's Cocoa, so there's a lot of stuff there. But the project is well organized, and almost everything is written in a minimalist oldschool Objective-C style.

I've looked at some other cross-platform frameworks, and they are often hard to understand because they have been developed by a large group of developers and include lots of complex optimizations and platform-specific code paths. Cocotron is not as finely tuned as Apple's CoreFoundation (for example), but much more readable.

spacemanmatt 1 day ago 1 reply      
Please enjoy the source code of PostgreSQL (any version, but latest is generally recommended) core. It is very well factored, and typically also very well commented. This community cares a great deal about code quality, because they are so clear on the relation between readability, diagnosability, and execution correctness.
biscarch 1 day ago 1 reply      
Erlang: Riakhttps://github.com/basho/riakRiak is actually a layering of a few different projects including Riak KV, Yokozuna (Solr), Riak Core, etc. It was grown out of the Dynamo paper.

Haskell: Snaphttps://github.com/snapframework/snapSnap is another project built in layers (snap-server, io-streams, snaplets, snap-core). The 1.0 release makes some pretty massive structural changes behind the scenes changes with minimal breakage of the public api and io-streams is a very nice api to work with.

JavaScript: Underscore.jshttp://underscorejs.org/docs/underscore.htmlUnderscore is a utility library that gives a nice overview of various techniques in JS, such as how to handle equality, use of apply, ternary operators, etc. Many functions have fallbacks to ECMAScript 5 native functions.

SixSigma 1 day ago 0 replies      
The plan9 operating system

* The lack of ifdef's that make cross compiling a breeze

* It is easy to understand, compare to reading the Linux kernel


oscargrouch 1 day ago 0 replies      
My personal list (mostly imperative languages)

C++: (Complex software with elegance + performance )

  Dart source code  V8 source code (Same people as Dart)  LevelDB  Chrome (the only downside: too much virtual dispatch ->   "javism")

  SQLite  Redis  Nginx  Solaris and Freebsd

  Rich Hickey implementation of the clojure runtime in Java  (it was there in 2009.. maybe now this is in clojure itself??)

  The Go standard libraries

fit2rule 1 day ago 2 replies      
The sources to Lua are pretty darn great:


lamby 1 day ago 0 replies      
"Beautiful Code" is worth a read-through, particularly for the commentary.

(One thing that I still remember years on is the "drop of sewage" example.)

olalonde 1 day ago 0 replies      
Javascript/Node.js: pretty much anything written by https://github.com/visionmedia his less popular libraries are not very well commented though) https://github.com/jashkenas/underscore

Scheme (and functional programming in general): examples/exercises from the SICP book

AhtiK 1 day ago 2 replies      
Python => SQLAlchemy

Very clean, feature-rich yet pragmatic and well documented. https://github.com/zzzeek/sqlalchemy

Locke1689 1 day ago 0 replies      
http://source.roslyn.codeplex.com/ for high performance, immutable C# code.

You'll see some differences from more relaxed C# projects (e.g., we avoid allocations like the plague), but I'd say we have pretty good style. ;)

projectileboy 1 day ago 1 reply      
I'd echo the advice to read the Arc source, and I'd add the various versions of Quake (C, C++). I learned a lot reading John Carmack's code.
rch 1 day ago 0 replies      
Take a look at Redis sometime. You might want to actually work on it a bit to help internalize what you're reading. Here are a couple of articles that might help get you started:



DonHopkins 17 hours ago 0 replies      
I highly recommend checking out http://voxeljs.com for some beautifully factored JavaScript npm packages, that implement a lot of Minecraft and more in the browser.

Max Ogden's talk (the first video on that page, also here: https://www.youtube.com/watch?v=8gM3xMObEz4 ) about how voxeljs and browserify work is inspirational, and his energy, motivation, deep understanding and skill, thirst for learning, reading other people's code, building on top of it, and sharing what he built and learned, is extremely contagious!

You may want to pause the video frequently and take notes -- there is so much great information in there, and he covers a hell of a lot of amazing stuff.

And the source code is really nicely broken up into lots of little npm modules that you can plug together to make all kinds of cool stuff.

This stuff is a great fun starting point for teenagers or students to learn how to program and create their own games and web applications, or master programmers to learn the node.js / npm ecosystem and idioms. There are some great ways for new and non-programmers to get into it.

He says "Everyday I work on it I get more motivated to work on it" -- and you will too!

What you will be benefitting from by watching his video and reading his code, is the fact that he actually did a survey of a HUGE amount of code, and took the best, read it, learned from it, rewrote it, and built on top of it.

"So many people have written voxel stuff, that I should just copy them." He used github search, and searched for minecraft, filtered by javascript, and went through ALL 23 PAGES of projects! He cloned ALL the repos he found, and read the ones that seemed promising, cloned them, got them running, understood how they worked.

A lot of them were the classic genius programmer projects, really impressive visually, super hard to understand, a giant lib folder with 50 files, everybody writing their own 3d engine.

Then he found out about three.js, and learned that, and combined all the stuff he had seen on top of it, including a PhD project in computational geometry that showed how to efficiently implement minecraft with three.js, for removing interior faces, etc.

So he learned from and built on top of all that great stuff, and made voxel.js and an insane amount of demos. Now the community has written a whole bunch of nice modular node.js npm modules and demos, that browserify can combine them together into a package that runs in the browser.

My only trivial beef with it is that their style guide says not to use trailing semicolons! That makes emacs very irritated and it breaks out in a rash.

But other than that, the code is very clean and modular and comprehensible, and opened my mind to a lot of stuff that I didn't realize was possible.

DalekBaldwin 1 day ago 1 reply      
Honestly, aside from learning to express a few extremely specific patterns in your language of choice concisely and elegantly and reminding yourself of the existence of certain libraries and utility functions so you don't accidentally waste time reinventing them, I think reading source code is a pretty useless exercise unless you also have a detailed record of how that source code came to exist in its present form. Until there is some revolutionary new tool for generating a human-understandable narrated history of large-scale design decisions from a source control history, your time will almost certainly be better spent reading textbooks that incrementally develop a piece of software over several chapters. Even that is cheating -- the authors know exactly where they want to end up and they won't include all the missteps they made when they first started writing similar programs. But it's still loads better than the alternative. Just as sitting in a law school library absorbing an encyclopedic knowledge of the law won't really train you to make arguments that will fly in front of a judge, reading a code base as a dead, unchanging document won't teach you what it is to live in that code.
paulrademacher 1 day ago 1 reply      
Any suggestions for smaller codebases? A lot of these are great and you'll pick up idioms here and there, but they're massive.
agumonkey 1 day ago 0 replies      
I really enjoyed skimming through Ian Piumarta's Maru, a Lisp in C, very pretty code, very concise. (I already mentioned it in other topics)


agentultra 1 day ago 0 replies      
Anything you find interesting or find yourself using frequently.

A less glib answer try Brogue: https://sites.google.com/site/broguegame/

A very interesting roguelike with interesting constraint-based features.

betterunix 1 day ago 0 replies      
SBCL or CMUCL -- Lisp compilers written in Lisp.
twelvechairs 1 day ago 0 replies      
The most interesting things to read are those where a programmer has done something cleverly, but this only needs to happen when your language or libraries make it hard for you to begin with. Aside from low-level performance intensive functions, the best code is not interesting to read - it just reads like statements of fact.
hiisi 1 day ago 0 replies      
C -> Redis

I haven't written any C for years, but really enjoyed skimming through Redis codebase, it's so clean, easily understandable and extensible.

kjs3 1 day ago 0 replies      
I learned a huge amount about how real operating systems are put together and the compromises that get made by reading the V6 Unix source via John Lions Commentaries (yes...I had a photocopied copy). Made exploring the BSD 4.2 and 4.3 source trees (another worthwhile exercise) much easier. I suppose if I was starting out today and not in 1985 I'd look at xv6 or Minix.
villek 1 day ago 2 replies      
I found the annotated source code of the underscore.js to be very educational: http://underscorejs.org/docs/underscore.html
riffraff 1 day ago 0 replies      
Not a specific codebase, but I went through "Code Reading"[0] many years ago, I found it interesting. Most reviews are not very positive though, so maybe it was just at the right point for me.

[0] http://www.amazon.com/Code-Reading-Open-Source-Perspective/d...

budu3 1 day ago 0 replies      
The old jQuery 1.6.2 code by John Resig is a good start for studying good JavaScript coding practiceshttp://robflaherty.github.io/jquery-annotated-source/
nicholassmith 1 day ago 0 replies      
I had a read through the PCSX2 emulator recently, that was quite interesting: https://github.com/PCSX2/pcsx2 it's a complex project in what was surprisingly readable C++ code.
patrickg 1 day ago 0 replies      
I suggest the source code of TeX. Not new, but still very interesting to read.

source that needs some postprocessing (tangle/weave):


PDF from the source (including hyperlinks)


jacquesm 1 day ago 5 replies      

  C -> Varnish  PHP -> Yii   Ruby -> Merb  Scheme -> Arc  Clojure -> Core  JavaScript -> Multeor
Any languages in particular that you're interested in not covered above?

davedx 1 day ago 1 reply      
* BackboneJS

* UnderscoreJS

tlrobinson 1 day ago 2 replies      
Lots of great suggestions here, but I'm interested in how you go about reading source code, especially very large codebases?
tuxguy 11 hours ago 0 replies      
There is a good book on this themehttp://aosabook.org/en/index.html

, where the authors actually go deep into the design & architecture of selected well designed open source projectse.g. llvm, git, freeswitch, etc.

Highly recommended !

pincubator 1 day ago 1 reply      
Also can someone suggest what is the best way to approach code reading? When I open a library in Python, I am not sure where to start reading, just a bunch of files. Should I randomly pick one file and start reading from there? Is there any common strategy?
nextos 1 day ago 0 replies      
I think 2 suggestions by plinkplonk in the original thread would be still relevant:

Common Lisp - "Paradigms of Artificial Intelligence Programming" by Peter Norvig and "On Lisp" by Paul Graham

C - "C Interfaces and Implementations"

Minix 1 and XMonad are also very good suggestions too.

rasur 1 day ago 0 replies      
Anything by Fabrice Bellard (Google him, it's worth it).
chris_wot 1 day ago 0 replies      
It's not great code (though I'm working to make it so), and perhaps not the intent of this question - but if you want to looking at a 25+ year old codebase that's being refactored, check out LibreOffice, especially the VCL component:


redox_ 1 day ago 0 replies      
For all low-level I/O details (fflush/fsync/fsyncdata on files/directories after creation/renaming), I've used to read MySQL routines, pretty simple to understand: https://github.com/twitter/mysql/tree/31d6582606ddf4db17ad77...
entelect 1 day ago 0 replies      
collyw 1 day ago 1 reply      
Slight tangent to your question, but one thing I have noticed recently is that having to deal with really crap code inspires me to do my own better.

I inherited a colleagues work after she left, and it was horrible. But I thought about why it was horrible, and how to make it better. What would it look like if it was done well?

Even with my own code, if I look at something I did 6 months ago, and it doesn't make sense straight away, the it can usually be improved.

DonHopkins 16 hours ago 0 replies      
The original source code to Zork in MDL. It doesn't matter if you don't know MDL. It's such beautiful code that it just explains itself to you. And if you've played Zork, it's like being invited to explore the underground backstage areas of Disneyland.


laichzeit0 1 day ago 1 reply      
Eric S. Raymond wrote a book The Art of Unix Programming [1] that has many "case studies" as well as recommendations of which software/RFCs are particularly worthy of study.

[1] http://www.faqs.org/docs/artu/

rabino 1 day ago 0 replies      

To learn how to document code.

j_s 1 day ago 0 replies      
In the .NET world, shanselman has a series of Weekly Source Code blog posts and most recently posted a list of seven 'interesting books about source and source code'.


zengr 20 hours ago 0 replies      
If you are into java, ElasticSearch is very nicely written by Shay Banon.


lightyrs 1 day ago 0 replies      
I find anything by https://github.com/jashkenas to be transparent and enlightening.
maccard 1 day ago 0 replies      
I'm interested in Game Development, specifically physics simulation and graphics programming. The box2D code (C) is fantastic.
borntyping 1 day ago 0 replies      
Python: Flask (and related projects
twunde 1 day ago 1 reply      
For PHP, I've been very impressed by Phabricator's code (and the related phutils library). It's worth looking at the git commits as well to see just how clean and structured commits can be.I'm much more impressed by it than by any PHP framework code I've read (and I've read Zend, Symfony2, li3, codeigniter as well as custom frameworks)
diegoloop 1 day ago 0 replies      
I made this tool: http://codingstyleguide.com to improve the way I code for different languages and not get lost with too much programming information and it's helping me a lot.
vishnugupta 1 day ago 0 replies      
I'm fascinated by concurrent programming. I find that reading classes from Java's java.util.concurrent package gives me very good practical insights as to what goes into building a concurrent class. My all time favorite is ConcurrentHashMap :)
qwerta 1 day ago 0 replies      
For Java I highly recommend H2 SQL DB. It has everything (parsers, sockets, webui...) in very tight and nice package.
raju 1 day ago 1 reply      
Any suggestions for Clojure projects?

[Update: Oops. I missed the "Clojure -> Core" by jacquesm]

snarfy 1 day ago 0 replies      
If you are interested in rendering engines I suggest Irrlicht. It's fairly clean and easy to understand.
Hydraulix989 1 day ago 1 reply      
C -> nginxC++ -> Chrome
dfkf 1 day ago 0 replies      
ddz 1 day ago 0 replies      
Find yourself a copy of this. Not only did it play a crucial role in the history of the UNIX/Linux world, it is a gold mine for understanding operating systems.http://en.wikipedia.org/wiki/Lions%27_Commentary_on_UNIX_6th...
dschiptsov 1 day ago 1 reply      
db48x 1 day ago 0 replies      
TeX the Book is good, even if it is in Pascal.
s_dev 1 day ago 0 replies      
I've heard that reading the Git source code is very beneficial but haven't done it myself yet.
eadler 1 day ago 0 replies      
FreeBSD kernel & userland
willvarfar 1 day ago 1 reply      
(You say the 'naive' way; how can it be compressed better?)
visualR 1 day ago 0 replies      
RhysU 1 day ago 0 replies      
marincounty 1 day ago 0 replies      
Get to know the command line before you start any language.
plicense 1 day ago 0 replies      
Everything at Google.
Learn CSS Layout learnlayout.com
346 points by ScottyE  6 days ago   25 comments top 16
asb 6 days ago 0 replies      
I've also found The Magic of CSS useful: http://adamschwartz.co/magic-of-css/
olegkikin 6 days ago 0 replies      
You need to explain what things do.

This page, for instance, doesn't explain what flexbox does.


alanfalcon 6 days ago 1 reply      
I'd like to give a big sloppy wet kiss (or just a high five) to ScottyE for linking this. I always felt like I walked in halfway through the CSS story and like I just needed to play catchup through trial and error because try as I have, I've failed to find a resource as clear as this. In short, as a designer who never really learned CSS properly before today, this is a godsend. Thanks.
rafeed 6 days ago 0 replies      
Well done. Everything is accurately explained using simple terminology. I'd love to see this expand beyond just layouts. CSS is overwhelming to beginners, but this is dead simple while still delving into deeper, more complex topics.
MCarusi 6 days ago 0 replies      
I don't know where I'd be without http://css-tricks.com/ - great site and super helpful forums.
subir 6 days ago 1 reply      
This was on HN some time last week: https://news.ycombinator.com/item?id=7521180

Good site, though.

nebulous1 6 days ago 1 reply      
Page 2: "it wouldn't make sense to make an inline div"

Page 15: makes inline divs.


Ellipsis753 6 days ago 0 replies      
This is a great tutorial and helps me a lot by just reminding me of things.

There's a mistake at http://learnlayout.com/float-layout.html though were they talk about clearfix and how they are using it without actually using it on that page.I just thought I'd say that here in case the author reads it.

owenversteeg 6 days ago 0 replies      
This site is great for teaching CSS layout skills. Next time someone asks me, I'll refer them here.

I especially like how it references caniuse for each property it discusses. Nice work!

geekam 6 days ago 1 reply      
I really like CSS Mastery: Advanced Web Standards Solutions by Collison, Budd, Moll.
prohor 6 days ago 0 replies      
I wish I had this when I was figuring out how it all works. I'll definitely point it friends who start with CSS.
rduchnik 6 days ago 2 replies      
For the clearfix can't you just use `clear:right` or `clear:both`? Also for inline-block you can also use the ie7 hack `display: inline-block;*display: inline;zoom: 1;`. Nice tutorial though.
Rzor 6 days ago 0 replies      
If anyone wants a complete view of the picture, there is htmldog[1], which covers CSS, HTML and JS.

[1] - http://htmldog.com/guides/

guh_me 6 days ago 1 reply      
Really cool, another quality resource to help kill W3Schools.
mfeldheim 6 days ago 0 replies      
Awesome work, thanks for sharing that link
In a typical year the OpenSSL project receives about US $2000 in donations groups.google.com
345 points by blazespin  7 days ago   161 comments top 22
AaronFriel 7 days ago 3 replies      
What other people have said in comments is completely right: OpenSSL, or maybe just this Steve Marquess guy, is missing the forest for the trees. Or in this case, the six figure donations for the pennies. OpenSSL could raise more money in a few months of pan handling in a major city than they raise in a year[1].

A student group that I will soon be President of at the University of Northern Iowa[2] received more in donations and financial support. Our student group is not the best managed, but we care a lot about large sponsors, keeping good relations with them, and making asks that matter.

If someone told me that panhandlers and Midwest student organizations are out-fundraising OpenSSL, I would scoff and laugh. OpenSSL? That's mission-critical software running on nearly every PC and post-PC device in the world. You know what OpenSSL reminds me of in this respect? SQLite.

SQLite charges $75,000 for consortium members[3] to have 24/7 access to phone support direct to developers, guaranteed time spent on issues that matter to them, and so on.

The fact that this doesn't exist for OpenSSL is an embarrassment to project management. I made an offer in that email thread to try to raise $200,000 for OpenSSL by the end of 2014, and I'm repeating it here for visibility:

If you are an employee of a corporation that wants to donate to directly support OpenSSL development by funding staff time, send me an email right now: friela@uni.edu

If you are in the OpenSSL foundation, send me an email right now and I will try to solve your problem by finding a phone number at every major OpenSSL using corporation and making an ask. Want me to do that? Send me an email right now: friela@uni.edu

[1] http://www.ncbi.nlm.nih.gov/pmc/articles/PMC121964/

[2] http://www.unifreethought.com

[3] http://www.hwaci.com/sw/sqlite/prosupport.html

[4] https://sqlite.org/consortium.html

patio11 7 days ago 4 replies      
Note the almost painfully predictable response to the thread. Instead of focusing how OpenSSL can pull in, let me pick a number, $800k in revenue in the next year, they immediately zero in on $70 of Paypal fees as the organization's leading financial problem.
tptacek 7 days ago 5 replies      
A sponsored bug bounty might be just as useful as more money directly to the project (especially if Google is porting Chromium to it). The nice thing about sponsoring a bug bounty is that anybody can do it; it doesn't require coordination with the project.
Nelson69 7 days ago 0 replies      
The donations are one aspect. I'm on the dev mailing list, been lurking for a few years, I've used openssl for various things for years and I have had an interest in when some newer TLS standards were going to be supported. It's a pure bazaar as best I can tell. It's nearly magical how releases happen. I don't know if there is a secret mailing list for the core developers or some IRC channel or something, people post patches to the list, there are some occasional questions and answers, it's insanely low volume for a project as popular as it is. Every now and again some big patches with a lot of new stuff drop. Every now and again someone ponys up some big money and FIPS certification happens. It just sort of keeps meandering a long without a a benevolent dictator.
kenrikm 7 days ago 2 replies      
Wow, I'm surprised that someone that's so crucial to the well being of so much of our internet security is funded on $2000/year in donations. I think I'm going to start donating more to stuff like this.
saurik 7 days ago 3 replies      
So, first: I agree with patio11. But past that, this thread also bugs me because it is so ill-informed: the very first question that has to be asked is "what is the distribution of donation amounts", as the way to minimize processing fees of "we got one donor who gives almost $2k, and then a handful of people we choose not to turn away who give a few dollars each" is very different than how you handle "we have $2k donors, they all give a dollar". PayPal's micropayment fees are $0.05+5%, which is a massive difference from the default $0.30+2.9% quoted.

And if you have only one really large donors, you get them to give you a check. And then you put their name somewhere. And you send them some thank you letters. And you ask for their advice on how to talk to their friends, as maybe they might also want to donate. Because patio11 is just dead-on right: it is more useful to increase the incoming money here, not avoid losing some fees :/. But again: even if we choose to nitpick fees... this conversation is still going nowhere if the distribution of donations and the process of receiving them (if you have mostly random donations, having them do bank transfers is going to massively increase the loss rate ;P) is not where the discussion started.

paulbaumgart 7 days ago 7 replies      
Soo, throwing a little bit of economics out there: BSD-licensed open source software is pretty much a Public Good (http://en.wikipedia.org/wiki/Public_good). There are basically two ways we've figured out how to create public goods: taxation and assurance contracts (like Kickstarter).

Thoughts on the pros and cons of either approach with respect to improving information security infrastructure?

socalnate1 7 days ago 0 replies      
I'm surprised I haven't seen anyone mention the "tragedy of the commons" economic theory yet. Though in this case it seems to be happening in reverse, rather than depleting the common resource, we are all neglecting to invest in it.


wnoise 6 days ago 0 replies      
That's unfortunately still too much. Raising any more money will only delay the death of a project that has suppressed the use of better written projects by dominating that niche in the ecosystem due to first-mover advantage.
higherpurpose 7 days ago 1 reply      
Shameful that so many billion dollar corporations rely on it in such a vital way, and only so little is being donated to it.

I think we need a score card for donating to open source projects, in the same way we have score cards for using green materials in devices, or using renewable energy for data centers. We should see periodic reports of how much money these companies donated to open source projects.

dpweb 7 days ago 0 replies      
The OpenSSL debacle exposes a real problem with Open source sw. There is massive financial incentive to break it, none to make it safe. Funding its dev does little. Fund guys to break it who will tell you how they did it.
mercurial 7 days ago 0 replies      
My usual suggestion would be "that's part of the infrastructure, so governments should get together and foot the bill", but this approach doesn't work for this particular use case.
btbuilder 7 days ago 0 replies      
I'm interested in how the payments by third-party companies to OpenSSL foundation for white labeled FIPS-mode OpenSSL are accounted for. Maybe it's a seperate entity?
lazylizard 6 days ago 0 replies      
i think, generally, the tendency to think openssl needs help right after seeing openssl need help is..ignoring the problem that there might be other projects similiar to openssl, who need help. its like donating to 1 disaster victim because she appeared in a news story.this thing should be left alone and looked into after a few months(i dont know how long it takes for people to forget,actually) of no stories in the press about openssl.

otoh, if there were a foundation that collected money and funded many projects..it'd look like apache perhaps..

personally, i wouldn't mind an option to donate to apache or openssl in a humblebundle, nor do i mind an option to stick a donate button/widget on my website..or even better, have the widget rotate recipients..

betadreamer 7 days ago 0 replies      
I'm very surprised how low the donation is. This proves that OpenSSL was maintained more from contribution / volunteer rather than professionally. No wonder why they were not the first one to find the heartbleed bug...
dalek2point3 7 days ago 0 replies      
this might not necessarily be a good thing. see: http://en.wikipedia.org/wiki/Motivation_crowding_theory
jokoon 7 days ago 1 reply      
Why not rewrite the whole thing ?
keithgabryelski 7 days ago 0 replies      
it's time for the community (and possible all major opensource projects) to have code review parties.

1 week before, a module is declared the subject. at the time of the party, the major owners are on the hook for function by function questions, and line by line when it merits.

reddit? or even a special github community service.

nobodyshere 7 days ago 2 replies      
Is it so vaguely undervalued or does it just work so well that it does not need too much improvement?
teemo_cute 7 days ago 1 reply      
OpenSSL is like a guardian angel who's invisible to a person. The guardian angel has been helping the person all the time even though he/she doesn't know it. Then the time came that the guardian angel made a little unintentional mistake that led to large consequences. The person then starts blaming the guardian angel, forgetting all the good things the angel has done for him/her.
ry0ohki 7 days ago 6 replies      
Dumb question perhaps, but what do they need money for? What would they use it for? It says they pay it out to team members, but if people are doing this work for the money, doesn't that defeat the point?
raverbashing 7 days ago 2 replies      
Underfunding is not an excuse for a code that gives headaches to people, lack of testing and blind acceptance of "new features" just for the sake of it.
The Worst Part of YC samaltman.com
325 points by dmnd  3 days ago   107 comments top 26
zt 3 days ago 5 replies      
While I was in college, I was put on a committee to choose a new Director of Admissions. One of the internal candidates said during his interview: "There is a good reason that everyone who is accepted gets in, but there is not a good reason why people are rejected."

It many ways that seems obvious. To get in you have to have something going for you. To not get in you don't have to do anything wrong, you just have to not have a thing that does get you in. It would be just as hard for my college to write high school seniors a letter saying, well, you were 2nd in your class and had a 1500 but noting stood out as would be for YC to write people direct feedback at scale. What would it really mean? How do you action that? No special sauce isn't really feedback. You can't point to anything wrong other than you can't point to anything great.

This has proven true for me in the admissions processes I've gone through on the other side: whether at a consulting firm, or Stripe, or Standard Treasury, or Echoing Green (I read semi-finalist apps). Most people self-select to apply for good and just reasons but some people really excite you and some people don't. Some people just have that something special, and the people who don't don't really have anything wrong with them.

So to me this commentary rings true and is honestly put.

wildermuthn 2 days ago 6 replies      
At West Point, I was one of ten cadets in my class of one thousand to make the parachute team. For some reason, the parachute team had become a symbol-status and a fast track to cadet success.

What's interests me the most is that I had no idea, no clue, that the skydiving team was a fast-track to promotion. I just wanted to jump out of planes. That wasn't the case with many of my teammates. We had some great talent on the skydiving team the most talented men and women at West Point. But some of them hated jumping out of planes, and they did poorly.

Sama writes that the number and quality of YC applications has risen. That might not be a good thing. Talent and ambition aren't the greatest indicators of startup success.

I don't think its a coincidence that Dropbox, Reddit, AirBnb, Justin.tv, Loopt, and Stripe all came within the first few years of YC's existence, and that YC's more recent companies haven't taken off in the same way. It might be because immensely talented people see YC as their avenue to success.

If being immensely talented and ambitious was the prime requisite for startup-success, then YC would be in a great position. But as I understand it, having talent and ambition don't matter as much as having a determined, cohesive, and visionary team.

tdullien 2 days ago 1 reply      
Perhaps as a "cheer up" story: We applied to YC in their very first batch and got rejected. It is unclear what the reasons were -- but there were many reasons why it was understandable for YC to reject us. Among other things, the company had already been incorporated in Germany, we already had a few customers, we had decidedly nonexistent mass-market potential, the entire company was a bad idea from a purely business perspective, and just in almost every imaginable way did not fit the mold.

This did not deter us from continuing; our company was profitable already, and we worked our butts off for the next few years (without any reasonable perspective of ever getting acquired, or even growing the company to be big). The work was interesting, and for a company that size, we had a surprisingly large impact (indirectly) on the wider world, but it was heavy toil with little reward.

Either way - history then shifted under our feet, and it turned out in 2010/2011 that we had the combination of technology and team that out of a sudden had become pretty important to Google, and then after a long and painful negotiation process, we got acquired in 2011. Not a gangbusters acquisition by any stretch of the imagination, but one that worked out nicely for everyone involved.

So perhaps the takeaway from this is: YC is great, but perhaps the great redeeming quality of modern capitalism is that you do not require gatekeepers in order to be successful. "You play shit that they like, and people will come, simple as that." - e.g. if you build a product that people like, people will give you money to build more of that product. Decentralized decision-making and the ability to bootstrap with nothing but a compelling product may be the one thing that led to our current economic system to out-compete the others.

When we started the company, I wanted to build X. This was a huge endeavor, and I knew that on the way to X I'd need to build Y and Z; so I ended up building Z first, then used income from Z to bootstrap development on Y, then I got sidetracked a bit on B because we found a surprising application of our technology to a different field, and just when I was about to get back to X, we got acquired principally for B and Z. So up until today, we have made very little progress on X itself, but that doesn't matter :-)

So if you're rejected from YC, don't despair. Use it to re-examine what you're doing, understand that investment is like dating (some people are just not made for each other, and it will end in horror if you pretend to be someone you are not), and then channel your disappointment into velocity :-P

(PS: pg, if you folks have any notes whatsoever on reasons for rejection in the first YC batch, I would love to have more background info - but it is also pretty understandable if no memory at all exists ;)

zbruhnke 3 days ago 1 reply      
It's nice to see the side of investors that still have a passion for startups so much so that they feel sad when they reject people.

It often feels like noone in that world has empathy.

For the ones getting rejection emails tonight don't sweat it. I got into YC on my Third try and it was worth every rejection.

We're building a company now and spent months getting rejected about raising a seed round before suddenly becoming one of the "hot" companies with investors and being in a position to turn the same people who were turning us away down for a change.

All this to say Sam is right. If you're working on something, there is traction and/or you truly believe in it don't give up.

The only validation to worry about at this stage of the game is user validation.

Talk to Users. Write Code.

Best of luck with whatever you're building and if I can ever be of help feel free to email me (email in profile)

rafeed 3 days ago 1 reply      
Rejection is inevitable. If you're not rejected now, somewhere down the road you will be. If you haven't been rejected, get practice in getting rejected. If you have been rejected, feel the frustration and use it as motivation to prove whoever rejected you wrong.

The best analogy I can find for this is that applying to YC is like trying to pick up a girl or asking her out on a date. (I know many of us have yet to try, too). Get over the fear of rejection, and put yourself out there. Will your way to success. YC is like the smartest, most beautiful woman with the amazing personality everyone falls in love with (well, there's always the haters). Don't give up. Exercise, eat right, sleep, and strive to be better. You never know, one day that beautiful woman might actually say yes.

(To all the women on HN, replace girl/woman with guy/man and beautiful with handsome.)

eggbrain 2 days ago 0 replies      
Back about 5 years ago, a prominent VC behind TechStars came to my college and talked about entrepreneurship. I was so enamored that I decided I wanted to be an entrepreneur and apply to their incubator program.

I applied about 5 times with various ideas to various programs (Boulder, Seattle, New York). I got close once -- I was a "finalist" for the Seattle program (Top 30), but didn't get chosen as the top 10.

Each time left me pretty crushed. But I decided early on that I could sit around and feel bad about myself, or I could use it to become better. After each time I was rejected, I contacted the head of the incubator and thanked them for their time, and if they could give me any tips towards success. And more often than not, I got responses that helped me become a better entrepreneur.

The first rejection is always the hardest. And so is the second, the third, the fourth, and the fifth. But Edison is widely quoted as saying:

  "I have not failed 1,000 times.  I have successfully discovered 1,000 ways to NOT make a light bulb."
Despite what you may think of Edison, I try to take the same mentality. To those who got rejected -- think of it not as the end, but as the beginning. You'll enjoy the ride if you do.

rvivek 2 days ago 1 reply      
We got into YC only the 3rd time in summer 2011; applied for the two earlier batches. Both of our earlier applications had bad ideas and very little traction.

So, don't give up.

dctoedt 2 days ago 0 replies      
FTA: [I]t was really striking how much higher the average quality of applications was for this batch compared to any previous batch. Most of the partners independently mentioned this to me.

To me that was the most interesting part of the article.

VaedaStrike 2 days ago 1 reply      
As I go through the rest of my life I'll likely be applying just about every cycle simply for the way applying focuses my mind and energies.

And the funniest thing...I get more excited each time. Rejection after rejection, I get more and more certain that I'm getting closer and closer. Totally counter-intuitive from what I thought, both the excitement side of it and the applying for the 4th or 5th time... :) "Y" I ask you...

ipince 2 days ago 4 replies      
It's hard (or impossible) to give detailed feedback to every applicant. But maybe telling them roughly in which bucket they fell ("shortlist", "pretty good", "okay", "stopped reading after 30s") would be useful.
davidw 2 days ago 0 replies      
Just as the ever-increasing low cost accessibility of technology has made YC possible in that you can give someone just a little bit of money to build something, self-funded startups are also becoming possible for more and more things. Here are some resources:


https://twitter.com/search?src=typd&q=%23microconf - lots of information on the recently concluded MicroConf with patio11 and many others from HN.


And Rob's book, which is a great starting point: http://www.amazon.com/Start-Small-Stay-Developers-Launching/...

Granted, bootstrapping is not viable for some things, but for many others, it's a good path.

pincubator 2 days ago 1 reply      
We all know that it's almost impossible to provide custom feedback to those who are not selected. But is it also impossible to point out what portion of our application went wrong?

E.g. there might be 4-5 checkboxes for reviewers:

- Ideas are not clear

- Ideas are not profound/original

- Not profitable

- No demo


So at least we could know what went wrong. As most of the applicants, I think my idea was pretty cool and I am not sure what part I screwed up.

hyp0 2 days ago 0 replies      

  If youre working on something that users love,  you like working on it, and  you have a plan for how to build a business around it
Even with the mad hiring of new partners, there still aren't enough to take on all the applicants they'd like to (I assume that's the key resource bottleneck, not funding or space etc) - and the number and quality of applicants are increasing. It sounds like the YC we know so far may have just been the beginning.

A great release, both in facts and vibe; Elon standard.

maximgsaini 1 day ago 0 replies      
That is the Best Part of YC!!! If Albert Einstein had not been 'rejected' for 2 years, we might not have had that revolutionary glimpse into our own world (just saying). He might've accepted those stale old ideas by joining the academia of the time. Rejections force you to improve, rejections liberate you from previously held ideas, rejections force you to jump higher.

Inside YC, you help 50 companies. Outside YC, you help 2950 companies by giving your opinion on their performance. Some of these 2950 companies will someday blow everyone away!! They will give everyone a glimpse into a new world, just like the greats of the past did. And the likes of YC will be thanked, because every rejection will have some contribution in shaping them.

exo_duz 2 days ago 0 replies      
Whilst not everyone can get in. Best of luck to all that were accepted. We'll try again in 6 months.
sbuccini 3 days ago 1 reply      
Will we be notified regardless of our application's status?
fayyazkl 2 days ago 0 replies      
The best I think that can be done is to tell objectively why you didn't fund a company so either they focus on resolving those issues or at worst quit asap or move to a new idea. I dont know how much feedback is provided currently but it is immensely important even to those who got selected so they can focus on their strengths and fix their issues
mfrank 1 day ago 0 replies      
Interesting that this is pretty different than what other VCs say is the worst part of their job: http://www.quora.com/Venture-Capital/What-is-the-worst-part-...
jameshk 2 days ago 0 replies      
For everyone who get rejected: don't give up. keep working on your startup and apply next batch, even Drew Houston got rejected the first time.
hotpockets 3 days ago 0 replies      
I always think about the bubble groups. Darn it would suck to right on the bubble. Maybe they could create a separate, remotely managed cohort of bubble groups, that are adopted by HN.
650REDHAIR 3 days ago 0 replies      
How many companies that reapply get accepted during the next batch?
tpae 2 days ago 0 replies      
This. This is one of the biggest reasons why I want to get in so bad. Never give up. Thank you for this!
notastartup 2 days ago 1 reply      
What is the benefit of joining YC? If you are just making a profit and reinvesting some of that into the business, do you have an advantage of joining YC? Why should you give up a piece of your action?
datamingle 3 days ago 1 reply      
15 minutes old, with 1 comment: #1 post on Hacker News.
cynic2 2 days ago 0 replies      
Pass me a bucket. Fund or don't fund. You didn't pick the companies you didn't pick for a reason. Don't be warm and fuzzy about it. Having a Kumbaya moment is just patronising -- and I'm sure you didn't mean it that way, but that's how at least one person perceives it.
mempko 2 days ago 0 replies      
The worst part of YC is that they make groups of people compete with each other, instead of cooperate. The results are startups that have mediocre ideas that fill the needs of people who have money. If the phrase "vote with your dollar" is true, then it becomes obvious that the services and products society creates will cater to those with the most money.
Google's Street View computer vision can beat reCAPTCHA with 99% accuracy googleonlinesecurity.blogspot.com
317 points by apawloski  2 days ago   145 comments top 45
zwegner 2 days ago 13 replies      
This particular issue (AI performance on captchas) is really quite fascinating. It's an arms race, but the problem is, only one side can win. Google is claiming they have improved their system in some (understandably) unspecified way, but there's only so far this can go. Captchas need to detect whether someone is human, but it has to work for everyone, ideally, even those with disabilities. Any simple task a human can do will eventually be able to be automated. Tasks that aren't currently feasible to be automated, say some natural language processing tasks, have another problem: scalability. To prevent simple databases of problems -> solutions, the problems need to be generated en masse, and for cheap, which means a computer needs to generate the solutions in the first place. And of course, paying people to just do captchas all day already happens.

The street address/book scan approach that Google uses is interesting in that the exact solution is not known, so they presumably have to be somewhat forgiving in accepting answers (as their machine learning might have gotten it wrong). Perhaps this is what their "risk analysis" refers to--whether their response seems "human" enough according to their data, not necessarily whether it's correct.

I don't see a way around this problem for free services that still preserves privacy (so directly using some government-issued ID is off the table). Maybe some Persona-like digital signature system, where a person can go to a physical location with a government ID, and get a signature that says "Trusted authority X affirms that person Y is in fact a person". Obviously this still has problems, as you need to trust X, and it's a big pain in the ass.

There are parallels to the realm of passwords, which are also becoming obsolete (not that there's a good replacement...). Anything that a human can feasibly remember for a bunch of sites is becoming easier and easier for computers to guess.

So basically, computers are taking over the world, and we can't do anything to stop it. God help us all.

josho 2 days ago 2 replies      
Interestingly I activated a new gmail account today and during the signup process I experienced the obligatory captcha. It was in two parts, the first looked strikingly like a street view picture of a house number, while the second looked like a traditional captcha.

I suspect that google has been using techniques like this to validate their computer vision conclusions. Which makes their 99% assertion even more interesting, because it's likely 99% confirmed by a very large crowd sourced data set, not simply a staff member going through several hundred samples to come up with the success rate.

jrochkind1 2 days ago 2 replies      
From that caption "CAPTCHA images correctly solved by the algorithm", there are at least two of them that I'm not sure _I_ can correctly solve on the first try.

Which is generally my experience with captcha's these days, I only have about a 50% success rate.

CAPTCHA is a failed strategy, time to give it up.

adyus 2 days ago 4 replies      
In effect, Google computer vision got so good that they made their own system obsolete. This is a good thing.

I still think the only reliable way to confirm identity (or humanity) online is an email or SMS verification. Recently, receiving a 2-factor SMS code took less time than the page refresh prompting me to enter it.

zobzu 2 days ago 1 reply      
The program solves captcha that I, as a human, cannot solve.Pretty sure that means captcha of that type are definitely dead.
frik 1 day ago 0 replies      
Google's reCAPTCHA showed street numbers as one of the two catcha-"words" for more than two years.

For me this was quiet annoying to input street numbers of others. It's a privacy issue, it was like helping the NSA spying and one feels bad entering Google's captcha.

What is even more astouning is that Google does not even mention all the croud sourced "volunteers" that trained their OCR database. As Google use an open OCR software (former HP OCR app from '95) it would be a good choice to publish their data back to the community.

I removed Google captcha on my own sites and implemented my own traditional captcha (on the first sight of it about two years ago).

jere 2 days ago 3 replies      
>In this paper, we show that this system is able to accurately detect and read difficult numbers in Street View with 90% accuracy.

> Turns out that this new algorithm can also be used to read CAPTCHA puzzleswe found that it can decipher the hardest distorted text puzzles from reCAPTCHA with over 99% accuracy.

Am I missing something or could we improve CAPTCHAs by mimicking street numbers?

dnlbyl 2 days ago 3 replies      
99% is probably better than my success rate with reCAPTCHA...
pacofvf 2 days ago 0 replies      
well there are a lot of Resolve CAPTCHA as a Service sites like http://www.9kw.eu/
ilitirit 1 day ago 0 replies      
To be honest, I can't even solve those reCAPTCHAs on that page (that's one of my biggest gripes about reCAPTCHA). I think we're nearing a point in time where if some(thing) can solve a particularly hard CAPTCHA, we can safely assume that it's not human.
dlsym 2 days ago 0 replies      
"CAPTCHA images correctly solved by the algorithm" - Ok. Now I have to consider the possibility of being a machine.
msvan 1 day ago 1 reply      
Here's a captcha idea: make people write a 100-word essay on a specific topic. If it's good, you're accepted and you won't have to do it again. If it's bad, you're either a computer or cheap Nigerian labor. When we get to the point where we can't distinguish a computer from a human, we'll just let them be a part of the community.
rasz_pl 1 day ago 0 replies      
Does google aggregate&correlate data in vision algo?

For example for street numbers they not only have picture of a number, they also have knowledge of all the other numbers on that street and guesses for those other numbers. Easy to guesstimate order of a number by checking neighbouring ones.

Same for book words, they have n-gram database.http://storage.googleapis.com/books/ngrams/books/datasetsv2....

Thats a lot of useful MAP/ML data.

But the example they give for the new captchas all look like random crap, "mhhfereeeem" and the like. Its like they are not interested in structure, just pure geometry of letters/numbers.

zatkin 2 days ago 1 reply      
But can it beat CRAPCHA? http://crapcha.com/
shultays 1 day ago 0 replies      
My accuracy is way below 99%, good job Google!

Seriously though, I hope this does not mean there will be harder captchas, current ones are already stupidly hard

spullara 1 day ago 0 replies      
Reminds me of a hack day at Yahoo where one team made a captcha where you had to match a photo with its tags and another team made an algorithm that would assign tags to a photo. Both based on Flickr humans meant that the captcha was easily solvable by the algorithm.
pestaa 1 day ago 0 replies      
Folks, I figured it out! Let's use captcha so that visitors can prove they are robots! If you fail these captchas, you must certainly be a human!
drawkbox 2 days ago 0 replies      
99% is better than most humans captcha accuracy. Back in my day humans could still beat computers at Chess but nowadays computers can beat humans at Jeopardy and drive. Interesting to see when it fully crosses over.
infinity0 1 day ago 0 replies      
Ironic how the HTTPS version force-redirects you to HTTP. (Amazon.co.uk started doing this a few days before and it's pissing me off no end.)
aaronbrethorst 2 days ago 0 replies      
I'm impressed that their address identification algorithm can solve those CAPTCHAs. I can't make heads or tails of them.
spullara 1 day ago 0 replies      
So, now if you get the captcha right you're a computer, otherwise you are a human?
mrsaint 2 days ago 2 replies      
Captchas were meant to keep spammers at bay. Unfortunately, that's no longer the case. Thanks to "cloud technology" like DeathByCaptcha - that is, people in countries where labor is cheap solving captchas all day - spammers have no problem getting through reCaptcha-protected sites and forums to do their mischief.

As a result, reCaptcha & co tend to be more of an annoyance to honest visitors than to spammers.

aviraldg 1 day ago 0 replies      
Isn't this expected (and a natural consequence of the fact that it's trained on huge volumes of reCAPTCHA data?)
daffodil2 2 days ago 1 reply      
Wait, it's not clear to me from the blog post. Did they make a system that obsoletes reCAPTCHA? If so, it's just a matter of time before the spam systems catch up, correct? If so, what's the successor to CAPTCHA? Or is the web just going to be full of spam in the future?
plg 2 days ago 1 reply      
Why isn't google releasing the full algorithm?
rasz_pl 1 day ago 0 replies      
>CAPTCHA images correctly solved by the algorithm

well, isnt that great? Because I, HUMAN, can maybe solve _one_ of those (lower right one).

I frickin HATE google Captchas and simply close the page if it wants me to solve one, they are too hard for me.

varunrau 2 days ago 0 replies      
I've always felt that it would be only a matter of time before computer vision would be able to solve the (re)CAPTCHA problem. Especially since digit classifiers are able to match the performance of humans.

One approach that I enjoyed seeing was the use of reverse captchas. Here you pose a problem that a computer can easily solve, but a human cannot. For instance, if you ask a simple question (1+1=?), but you place the question box off the screen so the user can't see it. A computer would be able to easily answer the question, but a human user would have no way of doing so.

aljungberg 1 day ago 0 replies      
Google software could use their 99% successful algorithm to filter potential captchas. Then show the 1% they can't crack to humans.

Now the race becomes who can write the better captcha solver, Google or the spammers? As spammers learn to identify things in the 1%, Google will hopefully improve faster and continue to narrow the "hard to solve" band.

pavelrub 2 days ago 0 replies      
This is essentially the technology that was discussed here 3 months ago [1], and it links to the exact same article on arxiv, titled: "Multi-digit Number Recognition from Street View Imagery using Deep Convolutional Neural Networks". [2]

They new addition to the article is that now they have tested the same type of NN on reCAPTCHA, and (perhaps unsurprisingly) it works.

[1] - https://news.ycombinator.com/item?id=7015602[2] - http://arxiv.org/abs/1312.6082v4.

tsenkov 1 day ago 0 replies      
It's fascinating how, arguably simple software now, which is the captcha, would inevitably become more and more complex as AI develops.
northisup 2 days ago 0 replies      
Yet it says I'm a robot a good two of three times.
leccine 2 days ago 0 replies      
stuaxo 2 days ago 0 replies      
I'm sorry, as a human I have had to fill these street view style captchas in all the time for google, so this is hardly a completely artificial intelligence, humans have done it many many times, in fact I'm sure some of the pictures in the articles have come up.
blueskin_ 1 day ago 0 replies      
Great... now they are going to get even harder to actually do.
exadeci 1 day ago 0 replies      
You're welcome google (we are the rats labs that teached their system how to read)
peterbotond 1 day ago 0 replies      
what if someone has bad eyes of some rare eye problem and can not solve captcha problems at all? in other words fails captcha 90% of times.
vfclists 1 day ago 0 replies      
Google are getting too creepy for any sensible persons liking. Addresses which are off the street in apartment complexes are now getting recognized as well.

Whenever I see these kind of captchas I switch to audio captchas. It is rather unethical for Google to use recaptchas in this way.

EGreg 1 day ago 0 replies      
Basically consider why we want to eliminate computers from accessing the sites -- because we want to make account creation expensive, to prevent sybil attacks and giving away scarce resources.

What is expensive? Reputation. That's where credit money's value comes from.

I wrote a more comprehensive piece here, in case anyone's interested: https://news.ycombinator.com/item?id=7601690

Keyframe 2 days ago 2 replies      
Now that programs are better and better at solving CAPTCHA - that means that correct CAPTCHA input will mean the opposite from what it means now. Since programs are better at solving CAPTCAH than humans, correct input (3/3 for example) will mean it's a robot. Thus, CAPTCHA becomes relevant again.
knodi 1 day ago 1 reply      
I just came here to say fuck reCAPTCHA! I hate it, I can't read it with my human eyes.
sajithdilshan 2 days ago 0 replies      
conectorx 2 days ago 0 replies      
this is also can be done with tesseract or encog framework... i dont know whats news about this
maccard 2 days ago 0 replies      
Damn, that's better than me!
spcoll 1 day ago 0 replies      
It's a new success for Deep Learning. It seems to be actually 99.8% accuracy according to their paper: http://arxiv.org/abs/1312.6082

That's one order of magnitude higher.

techaddict009 2 days ago 0 replies      
This is really Great. AI is getting really smarter and smarter day by day!
Show HN: Super Planet Crash stefanom.org
317 points by CarolineW  3 days ago   123 comments top 47
todayiamme 3 days ago 5 replies      
I am usually quite resistant to games - even 2048 bounced off of me with little affect - but something about the idea of creating solar systems and playing around with nature's laws is deeply appealing and I just spent 15 minutes figuring out how to construct a system which can get as many points as possible without imploding. (hint: large multipliers. Here's an initial attempt that I intend to refine once I'm done with work; http://www.stefanom.org/spc/?view=2823906 )
stefanom 3 days ago 10 replies      
I am the developer of the game (StefanoM). I'm glad people are enjoying the game, and I'm sorry for the downtime -- I did not expect it to become this popular.

If you have any improvements or suggestions (especially on the programming side!), please email me directly.

Update: As an astronomer (and not a professional programmer), being on HN makes me super proud. Thank you!

oldmanjoe 3 days ago 0 replies      
Nice. Unfortunately my solar system was stable for about 40 years and then descended into a nightmarish world of Earth bouncing around the solar system in what would have been a horrific experience for the citizens of the planet. On the plus side the visuals from the multiple planets veering close to destroying it would have been a sight to remember. Well, remember for the short while that remained before the atmosphere either froze, was burned away by the sun or stripped by the gravitational field of a giant planet.
brownbat 1 day ago 0 replies      
Not sure how much of an achievement this is, but I was a little proud of my co-orbital pair, introduced at around 37 years:


wintersFright 3 days ago 5 replies      
does this imply that most solar system arrangements are unstable and we are lucky in ours?
lmm 3 days ago 0 replies      
Is there any way to delete the first planet? It seems like there's a motivation to keep refreshing until it spawns somewhere convenient.
kylec 3 days ago 1 reply      
3 bodies, 94.9 million, 500 years:


Surprisingly stable, given the Earth-sized planet's erratic orbit.

guard-of-terra 3 days ago 0 replies      
Start with an accreation disk, it will evolve into a stable system in a few My.
devinmontgomery 3 days ago 0 replies      
So I used this to answer the obvious question: life would suck on Tatooine, with an earth-sized planet shooting in and out of the habitable zone. Then I found this: http://www.newscientist.com/article/dn23051-only-the-toughes....
TwoBit 3 days ago 0 replies      
It doesn't work for me with the latest FireFox. The interface won't let me do anything. Maybe the server is simply overloaded, because it's almost unresponsive and takes minutes to load the "high scores." It seems to work under Internet Explorer though.
supahfly_remix 2 days ago 0 replies      
Looks cool. How does the program keep errors from numerical approximations to the inverse square gravity law from blowing up?
munchor 3 days ago 0 replies      
This needs a few "overflow-x/y: hidden", but other than that it's a great game.
owenversteeg 3 days ago 0 replies      
I put 11 Earths in a row in very similar orbits. For some strange reason, some of them went out after ~100 years and made new, stable orbits. http://www.stefanom.org/spc/?view=2980198
Kiro 3 days ago 2 replies      
137,479 points over 500.2 years by just clicking out 12 earths randomly in the habitable zone and then set speed to max. Not sure I understand this.
higherpurpose 3 days ago 1 reply      
I put a dwarf star in the middle of the Sun (it placed it right next to it), and while it does destabilize the sun a bit, the rapid rotation of the dwarf star stabilizes it overall. The planet doesn't rotate in an uniform way around the two stars either, but it also seems stable overall, thus breaking the 500 year limit, at least:


phaemon 3 days ago 1 reply      
My best after a few attempts is:

500 Years, Score: 33,445,876, 7/12 bodies

See http://www.stefanom.org/spc/?view=2850139

m_mueller 3 days ago 1 reply      
I always wanted to know how it's possible to have a dual star system with planets in between the stars. It's easier than I thought[1]. I guess the heavier the second star, the further it must be from the inner planets.

[1] http://www.stefanom.org/spc/?view=2843935

metaphorm 3 days ago 1 reply      
LOVE THIS. still trying to do 2 dwarf stars. is it even possible?
golergka 3 days ago 0 replies      
I've managed to do that with a system that I was trying to create to break it: http://www.stefanom.org/spc/?view=2830379
rajahafify 3 days ago 1 reply      
2 suggestion.1) Make the new game not a full page refresh.2) Remove the first planet.
gojomo 3 days ago 0 replies      
Can't load but the mere chance it's anything like either the ancient coin-op arcade game, 'Mad Planets', or the recent Flappy Bird variant, 'Flappy Space Program', makes me like it already.
jpasden 3 days ago 0 replies      
So in "Super Planet Crash" the planets can't actually collide? I pumped 11 super-Earths into essentially the same orbit (in the habitable zone), and they seemed to just overlap and do just fine. When I lose, it's always because a planet flies off.
rootlocus 3 days ago 0 replies      
According to Kepler's law of planetary motion, the orbit of a planet is an ellipse with the Sun at one of the two foci. Although circles are ellipses, having the planets start with a circular motion makes the system simpler but somewhat unrealistic.
morganherlocker 3 days ago 1 reply      
Got to 1.2 billion 500 years, but it took forever. Next challenge: fastest possible completion with the highest score possible.
guybrushT 3 days ago 1 reply      
137 million fake points, 500 years, 1 addictive game. http://www.stefanom.org/spc/?view=3032407

A very simple and elegant idea. Well done.

Shivetya 3 days ago 3 replies      
looking at the high scores they all seem to be just exploiting the rules or a bug. Can those types of attempts be filtered?
notduncansmith 3 days ago 0 replies      
I found a bug: http://puu.sh/8arsr.png

The very first planet started on the absolute edge, then when I added a Dwarf Star pretty close to the Sun, it altered the orbit such that the planet went out of bounds but it didn't kill me.

dpeck 3 days ago 0 replies      
Looks like something that would translate over to ipad/iphone really well.
thix0tr0pic 3 days ago 2 replies      
srg0 3 days ago 1 reply      
It seems that running on the fastest possible setting helps to avoid (skip) most collisions by making them near-collisions.

P.S. Got to 430 years.

piyush_soni 3 days ago 0 replies      
Has someone created a mirror of the site yet which works? It's not opening up for me as usual, the HN effect.
ch4s3 3 days ago 1 reply      
dumping a bunch of super-earths into the same orbit around a dwarf star seems to work well. 125.8 years


reshambabble 3 days ago 1 reply      
This is great, but I'd suggest having an instructional module as soon as a user signs on with more details about the different planet sizes, what they mean, and what the "actual" distance would be between the center and the 2AU barrier.
z3phyr 3 days ago 0 replies      
I always get carried away, and disrupt the equilibrium of earth like planets in the habitable zone with a brown dwarf :(
personjerry 3 days ago 0 replies      
I have found that starting a new game takes a significant amount of time due to load. One way to remedy this is by enabling Work Offline on your browser and simply refreshing the cached version.
FrejNorling 3 days ago 0 replies      
Got 7 bodies and 500 points... =)


easy_rider 3 days ago 1 reply      
Omg this is so awesome, and framestyle style website with retro coloring <3
pikipupiba 20 hours ago 0 replies      
I wonder if there is a way to perpetuate the "Star-Switching" feature of this one


ycui1986 3 days ago 0 replies      
simonhorlick 3 days ago 0 replies      
jgeorge 3 days ago 0 replies      
This is great, fantastic work stefanom! I'm already addicted to it.
honksillet 3 days ago 0 replies      
Doesn't seem to be working on any of the browsers on my mac
cos2pi 3 days ago 1 reply      
I get NaNs when I put a Dwarf star as close as I can to the parent star. Perhaps a black hole is generated? :) http://www.stefanom.org/spc/?view=3069947
Crito 3 days ago 0 replies      
What physics model is being used for this? I can't seem to get tidal acceleration to work properly (it seems to for the first orbit, then it doesn't change.)
ch4s3 3 days ago 0 replies      
and we broke it
bagels 3 days ago 1 reply      
If you don't want to kill your site, you should make it possible to start a new game without reloading the whole page.
Cheap microscopes: Yours to cut out and keep economist.com
313 points by feelthepain  3 days ago   56 comments top 13
dm2 3 days ago 3 replies      
How do I purchase one?

Is it possible to attach to a phone to take a picture?

Here is their website: http://www.foldscope.com/

Why would the initial test to 10,000 if it only costs $1. I would gladly pay $5 (if that includes shipping). If there is a version 2, I would gladly pay $5 to purchase that one also.

This reminds me of the Cartmanland commercial, "awesome new themepark, and you can't come!"

chrisBob 3 days ago 2 replies      
I think it is a great product, but the numbers are a little misleading. In microscopy the most important number is usually the resolution not the magnification, and 1m is what you expect from a 20x objective. The 2100x specification doesn't help much and confuses people, but to be fair, a good 20x objective starts in the $200-400 range.
dm2 3 days ago 1 reply      
I found this DIY microscope for smartphones if anyone is interested: http://www.instructables.com/id/10-Smartphone-to-digital-mic...
cheetahtech 3 days ago 1 reply      
Here is the Ted Talk on the Microscope.

Its quite incredible.


nathancahill 2 days ago 0 replies      
This is based on a ball lens. There are several ball lens hacks floating around the internet, like this "iPhone Microscope" research paper[0] and this DIY[1] to build your own. Ball lenses are cheap and you can attach it to cellphone camera lens with a little M3 tape.

The cutout paper part seems to just hold the slide, and pane it in front of the lens.

[0] http://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjourna...

[1] http://www.instructables.com/id/Cheap-and-easy-iPhone-micros...

zafka 3 days ago 3 replies      
I did a quick search on the glass spheres, and the only place I could find to buy them was Edmund Optics for $15.00 each. Does anyone have a decent source for the lenses?
netcraft 3 days ago 1 reply      
Did anyone get in the initial test that can comment on the quality and performance?
davexunit 3 days ago 1 reply      
Please tell me that the specifications will be released under a free culture license.
gradi3nt 3 days ago 1 reply      
Can anyone comment on the more technical optical properties of this instrument? How does it perform compared to a traditional microscope with the same magnification and resolution?
RankingMember 3 days ago 0 replies      
Wow, this is awesome. I've been looking for a cheap microscope to just have around the house and noticed that they indeed haven't changed a lot in cost/features in quite some time.
VLM 3 days ago 1 reply      
Note that this is a different meme than the popular "you can make your own working general purpose camera out of cardboard". That meme is moderately popular and has been successfully implemented many times.

This is a different concept, of a precision manufactured, very cheap, single use, very specific medical test microscope generally revolving around a projection display technology.

I'm not saying its not cool. It is cool and is a net gain to humanity etc. Its just probably not what you're thinking it is based on the short description.

I think a general purpose "print/fold at home" microscope for educational purposes would be interesting, along the lines of numerous successful cardboard photographic cameras, and maybe even useful. The linked article, although also cool, has nothing to do with that meme, and is almost the precise opposite other than common construction material.

Also this is an old story, even if newly reported. I remember watching the TED talk from the TED RSS feed during a blizzard some months ago. As per Colin's post this is the 12th time its been featured on HN.

neals 3 days ago 1 reply      
Are there any images of what a 2100x magnification looks like?
Excerpt from Flash Boys about Serge Aleynikov and Goldman Sachs cryptome.org
311 points by peterbotond  6 days ago   200 comments top 35
ntakasaki 6 days ago 4 replies      
Continuing the story from his Wiki page:

In March 2011, Aleynikov appealed the conviction, asking the Second Circuit to review the District Court's decision denying his original motion to dismiss the indictment for failure to state a claim.[9]

On February 16, 2012, the United States Court of Appeals for the Second Circuit heard oral argument on his appeal and, later that same day, unanimously ordered his conviction reversed and a judgment of acquittal entered, with opinion to follow.[10] Aleynikov was released from custody the next day.

On April 11, 2012, Dennis Jacobs, Chief Judge of the United States Court of Appeals, published a unanimous decision in a written opinion[10] stating:

On appeal, Aleynikov argues, inter alia, that his conduct did not constitute an offense under either statute. He argues that: [1] the source code was not a "stolen" "good" within the meaning of the NSPA, and [2] the source code was not related to or included in a product that is produced for or placed in interstate or foreign commerce within the meaning of the EEA. We agree, and reverse the judgment of the district court.[9]

In the course of these events, Aleynikov has spent 11 months in prison. Aleynikov has divorced, lost his savings, and his career is ruined.[11]

The government did not seek reconsideration of the Second Circuit's ruling, thus ending federal action against Aleynikov.[12]

rdtsc 6 days ago 1 reply      
For those that don't know, Serge is a great Erlang and C++ programmer and he contributes to open source (had some pull requests to Erlang itself).

Here is his Github account:


You can find his posts on Erlang's mailing list once a while.

Two of his interesting project I am following:

https://github.com/saleyn/erlexec -- a utility to control OS process from Erlang.

https://github.com/saleyn/eixx/ -- Erlang to C++ interface.

yukichan 6 days ago 2 replies      
This sucks, but seriously never talk to the police. Don't write anything down. Don't say anything. Don't sign anything. Tell them your name and otherwise just stay silent. They are never trying to help you, they're trying to close their case.
Mikeb85 6 days ago 3 replies      
Read the GPL carefully, very carefully...

An organisation counts the same as an individual, and as long as code stays within the organization that doesn't count as 'distribution', and Goldman Sachs is under no obligation to release the code. They even retain the rights to prevent the code being released.

It's easy to hate on Goldman Sachs for many things, but in this case they didn't violate the GPL, and Aleynikov did commit a crime.

zx2c4 6 days ago 2 replies      
> He deleted his bash history the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password . If he didnt delete his bash history, his password would be there to see, for anyone who had access to the system.

Wait, what?

muyuu 6 days ago 2 replies      
Sounds to me like it was Aleynikov who didn't understand the severity of the crime he committed.

I work in a similar environment and I'm fully aware that if I do something remotely like bringing my code from work home, holy crap I'm committing a very VERY serious crime and my employer would go after me as viciously as they could. Very especially if I were to be going somewhere else where this code would set me up to make a new competing engine.

Pushing stuff to SVN and mailing seem innocuous... but depending on what you are actually passing around they can be extremely serious crimes.

mcv 6 days ago 0 replies      
Old story. Definitely sucks for him, but mailing yourself proprietary code of a very secretive and ruthless bank is not exactly the smartest thing to do.
infinotize 6 days ago 0 replies      
Amazing how naive in some regards a very smart person can be. You don't send yourself source code, and you definitely don't talk to police without a lawyer, or invite them into your house.
dfc 6 days ago 0 replies      
I don't understand this bit about the DNI:

  US master  spy Clapper says  spies steal open source,  then immediately  claims ownership and  classifies it, and prosecutes if  the material is  disclosed, like Goldman Sachs.
What did Clapper do?

artellectual 6 days ago 0 replies      
Seems to me here, the biggest lesson one can learn from this story is don't work for companies like Goldman Sachs. if they don't want to get with the times and understand how the world they don't understand works then they deserve to be technically behind. So on top of not understanding your work as a developer instead of learning how things work, they choose to abuse the law. Worse part is the law is like a big spider web where it traps the small guys while the tigers and elephants walk right through, there is no justice here no matter how many sections you quote or how many laws you read. Best thing is to just be smart and not get involved. There are many opportunities out there for talented developers.
crystaln 6 days ago 0 replies      
So, he emailed source code to himself (yes that was illegal and violated his employment contract,) deleted the bash history (there are plenty of other ways to prevent your password from showing up in history,) waived his right to a lawyer, talked endlessly with an FBI agent and was surprised (?!) that the agent was not a computer expert, then signed a confession.

Sorry if I fail to have much sympathy. If you play in the big leagues, you should at least have some sense of self preservation.

bayesianhorse 6 days ago 1 reply      
Moral of the story: If you don't want to be thrown in jail for stealing something you didn't steal, don't sign a confession...

In fact it sounds as if the defendant actually phrased most of the confession himself...

FD3SA 6 days ago 1 reply      
The programmer types were different from the trader types. The trader types were far more alive to the bigger picture, to their context. They knew their worth in the marketplace down to the last penny. They understood the connection between what they did and how much money was made , and they were good at exaggerating the importance of the link. Serge wasnt like that. He was a little-picture person, a narrow problem solver. I think he didnt know his own value, says the recruiter.

This infuriates me to no end. These engineers need to be rounded up, and given a serious life lesson on the reality of markets. Knowing your product/service's worth is step 1 of any free market activity.

Engineering is the only profession where the most talented engineers occupy the lowest compensation brackets with respect to their worth. All sorts of bullshit excuses are made up for this (my favorite - they're "Specialists"), but the bottom line is they are not being compensated at anywhere near what they're worth.

This is why startups, and consulting firms, are so key. If the market you're trying to enter is too big for a small operation (like Wall St.), then just consult. Those 20 superstar programmers need to meet up and start a consulting firm. Then, they sell their services to these banks and charge them whatever they want (read: a lot).

They then use this compensation to hire the best engineers from across the world, and keep them out of Wall St's hands. This wouldn't be too difficult, because Wall St would never match salaries because they are traders, and would die before they paid an engineer more than themselves.

To all of HN: please don't underestimate your worth. It hurts everyone, including yourself.

gflateman 6 days ago 0 replies      
flash boys also talks about the FBI's suspicion when they heard Aleynikov was using software called 'subversion', and assuming he was thus doing something 'subversive'

that cracked me up!

Natsu 6 days ago 0 replies      
> On the night of his arrest, Serge waived his right to call a lawyer. [...] Then he sat down and politely tried to clear up the confusion of this FBI agent who had arrested him without an arrest warrant.

These are things no sane person should do, especially if they're innocent.

doktrin 6 days ago 0 replies      
What repeatedly stands out every time I read of this account is the relative ineptitude of the federal agents handling the investigation.

There appears to be every indication that agent McSwain did everything short of taking explicit marching orders from GS.

The FBI either lacked the will or ability to understand the crimes they were tasked with investigating. I find that disturbing.

auggierose 6 days ago 4 replies      
There is a simple solution to this. When you publish open source software, make sure that in your license it says that Goldman Sachs is not allowed to use this code for any purpose whatsoever.
ececconi 5 days ago 0 replies      
The original link didn't mention this was an excerpt from Flash Boys so I had no clues Michael Lewis wrote it. I've never read any of his books. Now I want to because he actually writes pretty well.
fredgrott 6 days ago 0 replies      
the problem I have with the article is that FOSS/OSS used internally and modified for that use and not distributed would mean under normal copyright and work rules that yes GS did own the changes to OSS/FOSS used internally but never distributed.
ig1 6 days ago 4 replies      
Flagged because article completely misunderstands how GPL works. GPL doesn't apply if you modify source-code to use internally, it only applies if you distribute it externally to third party users.

[GPL not mentioned in article; my recollection from the original court documents is that the code was largely LGPL and GPL code]

ithought 6 days ago 0 replies      
His federal conviction was overturned then they later recharged him for the same incident in state court. Also Congressman Lamar Smith, who sponsored SOPA, amended the Economic Espionage Act of 1996 with the Theft of Trade Secrets Clarification Act of 2012 specifically related to this case.

Sergey's Legal Defense Fund - http://www.aleynikov.org/

hynahmwxsbyb 6 days ago 2 replies      
I wonder how much this cost Goldman from a talent perspective.
kylemaxwell 6 days ago 1 reply      
I thought the policy here was to use the actual title of the article, not to edit it. Why did the moderators change it?
yoamro 6 days ago 0 replies      
Trying to sympathize with the guy, but signing a confession?....just doesn't make sense
leccine 6 days ago 0 replies      
Lesson learned, don't ever work for Wall Street.
eriktrautman 6 days ago 0 replies      
I don't normally bring this up but in this case the site formatting is essentially unreadable for someone with poor eyesight who needs to expand the text and make the container narrow to avoid constant left/right scrolling.
kayoone 6 days ago 1 reply      
"Aleynikov was employed for two years, from May 2007 to June 2009, at Goldman at a salary of $400,000.[1] He left Goldman to join Teza Technologies, a competing trading firm which offered to triple his pay.[5]"

jeez, those banks pay a pretty penny.

james-bronze 6 days ago 0 replies      
(I'm sorry if I do this incorrectly; first time posting plus I'm on an app)

"Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. The way he did it seemed nefarious, the FBI agent would later testify."Whom is the FBI agent referring to, McSwain or Serge?

zenbowman 6 days ago 1 reply      
Goldman is a nest of parasites and vultures, do we really expect anything more from them?
PythonicAlpha 6 days ago 0 replies      
That is the problem with invention vs. "intellectual property". Inventions belong to the inventor -- property belongs to the owner.
caycep 6 days ago 1 reply      
probably OT...but Cryptome posting an excerpt from a Michael Lewis book? that's a bit out of character...
senthilnayagam 6 days ago 0 replies      
so effectively Goldman Sacks killed the potential competing high performance trading platform
notastartup 5 days ago 0 replies      
This is batshit insane. Wall Street is fucking insane. I hope Serge wins a huge lawsuit.
zorbo 6 days ago 4 replies      
Okay, so.

* misleading title. Goldman Sachs stole nothing.

* This guy steals code from Goldman Sachs.

* Covers his tracks. There is almost no reason why your password ever ends up in your bash history. If it does, you edit out only the password. Or you put a space before the command you run. At any rate, this guy should have known how to prevent his password from getting in the shell history and had no reason to delete his history.

* The guy talks to the cops

* Waves his rights to a lawyer

* Signs a confession

* Lets cops into his house without a search warrant.

* Doesn't testify at this trial.

This guy fully deserved what was coming to him. Goldman Sachs did nothing wrong here.

Employee Equity samaltman.com
307 points by dko  7 hours ago   212 comments top 49
jstrate 5 hours ago 11 replies      
I've worked at two startups, including one YC. Both were acquired by larger tech companies. I was employee #3 at one and rebuilt most of a broken codebase in the other. I got nothing out of either WRT options. I agree with the author on point 4 but I don't think more options are the answer, I should have just asked for a higher salary I would have been better off. Startup-bucks are even worse than a lottery ticket, because of tax complications and money required to cover strike price.

Now I work at a large tech company in SV and wont be involved in another startup unless I'm a founder.

birken 7 hours ago 4 replies      
The problem with the 10%/20%/30%/40% thing is that if the company shoots way up in value, an employee could theoretically be fired after two years and not capture much of the value they helped to create. It also doesn't necessarily need to be malicious [1], sometimes companies change and a person's skills aren't as valuable anymore.

If I were a prospective employee I would never take a deal like this, because it is really difficult to have that much trust in a company and founders that you likely don't know that much about. I can't say the standard 4-year vest with a 1-year cliff is the most optimal situation, but from an employee perspective it is way better than 10/20/30/40.

1: Though it could be, I know there was a story about something happened at Zygna like this

skrebbel 5 hours ago 5 replies      
Completely off topic, but I'm this post made me realise that Sam Altman went from programmer to enterpreneur to financial guy. This post has very little ado with what he once started doing. He's a partner (and president) of an investment fund now, a pretty odd career move once you take the pink Silicon Valley glasses off.

This entire post is about finance. Not about business, not about products, not about customers, just finance. Personally, I understand just about half of the entire post.

To be clear, I don't think this is a bad thing. I envy Altman for understanding this (and for running YC at an age younger than mine, but that's another thing). But that's not my point. What I wonder about, is whether this is inevitable for successful enterpreneurs.

Is the path programmer->enterpreneur->finance the obvious one? Sam's path might've been odd, given that his startup wasn't the next Facebook, but you see the same in startups that are the next Facebook, such as Facebook. Zuckerberg used to be a PHP hacker and now he's this NASDAQ CEO. I'm not sure about Drew Houston but all I read about Dropbox recently were acquisitions.

Does growing business make you a finance guy, or do you need to be somewhat of a finance guy to grow a business? I'm really curious which is the chicken and which is the egg here.

mikepurvis 1 hour ago 0 replies      
I'm curious about this bit:

"It causes considerable problems for companies when employees sell their stock or options, or pledge them against a loan, or design any other transaction where they agree to potentially let someone else have their shares or proceeds from their shares in the future in exchange for money today."

What are the problems with these schemes? I'm presently employee #1 at a startup, and 99.9% of my present net worth is tied up in illiquid paper therethe rest is a 10 year old station wagon and some Ikea furniture.

I'd really like to be able to pledge my options for a loan to buy a house, so I'm curious to know the issues which may arise from such an arrangement.

x0x0 7 hours ago 3 replies      

   The best solution I have heard is from Adam DAngelo at Quora.  The idea is    to grant options that are exercisable for 10 years from the grant date,    which should cover nearly all cases 
That is an awesome idea, and really classy on Adam's part.

andrewfong 7 hours ago 6 replies      
I've been thinking of putting together something simple to analyze employee option paperwork and add some plain English annotations to help employees understand exactly what they're signing. Based on my experience, there's something like 5 or so templates that cover 90% of the startups in the valley, so shouldn't be too hard. Is there any interest in something like this?
DanielRibeiro 2 hours ago 0 replies      
Great post by Sam. For employees, I'd also refer to Alex MacCaw's An Engineers guide to Stock Options[1]. Alex used to work at Stripe, and at the end of his article he shares some intersting bits of stock tax alternative not covered by Sam:

If you cant afford to exercise your right to buy your vested shares (or dont want to take the risk) then theres no need to despair there are still alternatives. There are a few funds and a number of angel investors who will front you all the cash to purchase the shares and cover all of your tax liabilities

And he goes further:

If youre interested in learning more about financing your stock options then send me an email[2] and Ill make some introductions. Ive set up an informal mailing list, and have a group of angel investors subscribed who do these kinds of deals all the time.

[1] http://blog.alexmaccaw.com/an-engineers-guide-to-stock-optio...

[2] the link is to alex at alexmaccaw.com

sparkzilla 56 minutes ago 0 replies      
As a founder I looked into paying vendors/employees with options, but have found they are too brittle. Because option deals are created at the start of employment they require a lot of faith on the part of the founder, who does not know the employee's abilities or temperament. Options do not track well with performance and cannot be adjusted easily. I also do not want to be in the position of considering terminating an employee because they have more options than what I think they are worth, and employees should not have that fear either.

Instead I am working on giving vendors and employees a convertible note that is based on their performance month-by-month. Let's say an employee or vendor is taking $5000/month less than they should be because it's a startup. The company credits them $5000 to their note each month (this can be more if there's a risk premium), and adds any performance bonuses as well as they come up. This lets management clearly track performance against the shares they are giving, and lets the employee know that if they work more they can get more. As time goes on the value of the note increases and the employee can converts their note to shares at the current valuation (or a discounted valuation).

This seems a lot more flexible to me than options, and is less stressful for the founder and the employee. Am I missing something?

gibybo 36 minutes ago 0 replies      
Vesting options at a startup are really like second-order options. If they were granted to you immediately they would just be ordinary options: you have the option to buy the stock at the strike price. However, since they must vest over a period of time in which you are sacrificing a higher salary, you are also given the option of whether to continue vesting those options (by staying at the company) or not (leaving the company).

The second-order option is what makes them valuable. Most startups either grow aggressively during those 4 years or they die. If they fail early, you don't have to sacrifice much salary for the now worthless options. If they are doing well, the options are now worth much more yet you are still only sacrificing the same amount of salary for them.

The problem is that the value of this presents a direct conflict between the company and employee. When the value of the unvested options grow, the company can reduce the unvested amount (or fire them if they don't agree)[1] because it will be disproportionate to the value the employee is providing. Note that they don't actually have to go after the unvested shares to recapture this value. They can go after any other form of compensation they are providing since it will still be more than the employee can get elsewhere. Essentially, this means the employee's upside potential is severely limited. Since the value of a share in a startup is based almost entirely on a massively higher future value, this tremendously reduces the value of typical startup vesting options.

If I worked for a startup I'd want straight equity. Find the value of the common stock and pay 10-30% of my salary in common stock. The amount of shares will float as the value of the company does, but this is required in order to keep incentives aligned. I'll pay the tax out of my salary (at ordinary income rates). If the company succeeds, almost the entire value derived from the equity will still be taxed at capital gains rates.

[1] See Zynga, Skype, and probably many others we never hear about.

diziet 7 hours ago 5 replies      
It's quite difficult to compete with Google and their revenue/cash hordes when it comes to salary / total comp. Especially if you price the options at the last round's price and discount them some more.

Imagine a well to do company of 2 founders (in SF/Bay Area) and a team of 3-4 others that raised a seed at 10m cap. They want to grow their team headcount to 15 and are busy hiring, running servers, etc. They can offer a 100k salary (more than enough to live on) to a sort of senior engineer or PM and want to compete with Google on total comp. Let's say they need to make up the other 100k difference in comp & salary with options. Over 4 years, you're looking at a 4% equity chunk to one employee, the 6th person joining the company.

Not that I think numbers in line with this aren't realistic (I do agree with Sam that more generous equity grants are better), but for most companies that make a 15% option chunk for employees it's difficult to rationalize a number like that.

Edit: Also, that puts the equity comp of that 6th employee (or 10th, because in most cases you will have a similar equity bracket for those people) at about 1/8th of the founders, not the 1/200th that Sam mentioned. I wonder how many people have made offers to employees with a similar comp plan.

lpolovets 7 hours ago 2 replies      
This is a great post, and I agree with almost everything Sam wrote. I think problems #1 and #4 are unfair (you might get less than you deserve, or less than you thought you were getting), but problems #2 and #3 are extremely unfair (you can't take what you've earned with you if you leave the company, or you have to pay taxes on something that has no liquid value and might not have any value in the long run).

I'd love to get Sam's (or anyone else's) thoughts on the 10%/20%/30%/40% 4-year vesting schedule that was mentioned. I don't like this schedule for two reasons:

1) It creates larger discrepancies in what employees earn over time relative to each other. If employee #1 joins today and gets a 2% grant, and employee #20 joins in 2 years and gets a 0.2% grant, then in year 3 of the company, employee #1 will vest 30x as much as employee #20, instead of 10x with the current 25%/25%/25%/25% scheme.

2) This scheme seems to replace and/or ruin refresher grants. Currently, if you do a good job, you get refresher grants every year or two. With the 10/20/30/40 system, you're already getting higher and higher compensation over time, regardless of performance, and the bump from refresher grants while you are vesting your original grant becomes minor. Furthermore, the drop from what you vest in year 4 to what you'd vest from just refresher grants in year 5 becomes much more dramatic and much more likely to push someone to look for other work.

What do others think?

ChuckMcM 6 hours ago 1 reply      
I am a fan of giving options every year with a performance multiplier. That way the high performers are rewarded with more options and your available options are more accurately divided amongst the employees who have made the most impact.

When you are not yet cash flow positive as a startup you can give 'bonuses' in options rather than in cash.

I don't know if we could figure out a portion that employees could contribute to additional investment rounds if they wanted to take some money off the table.

mikeleeorg 7 hours ago 1 reply      
Very interesting. I like this train of thought. I have a lot of developer friends that would rather (and are) pursuing their own entrepreneurial ideas than join an existing company. While I wholeheartedly support that, the flip side is fewer startup-savvy developers available to join other startups.

There are a lot of reasons why they are pursuing their own ventures. A common one is: "It's not worth it to be an employee of a startup. You need to be a founder. (Or maybe employee #1-5.)" You may disagree with that belief, but it's certainly a belief many hold. Sam's suggestions may take this reason off the table.

philovivero 3 hours ago 1 reply      
I worked as one of the very early founders of Digg. I bought my options. Obviously they're worth nothing, yet I owe the IRS about $120k. This threatens to destroy all my savings, retirement, and credit for 10 years.

ISOs are not only worthless 95% of the time, they're also actively EXTREMELY DANGEROUS 50% of the time if they're not simply worthless.

My suggestion: get a salary, and buy just-IPO'd stocks from companies you believe in.

If you find yourself ready to buy some ISOs, I further recommend you IMMEDIATELY sell them, as in have the buyer sitting there with you as you purchase the ISOs, and do the trade instantly thereafter. Take the short term capital gains hit. Do not hold onto them no matter what any CPA or tax attorney tells you unless they can talk at length about ISO+AMT Tax Trap and assure you you cannot possibly have that happen to you.

fragsworth 1 hour ago 0 replies      
> startups try to have very small option pools after their A rounds, because the dilution only comes from the founders and not the investors in most A-round term sheets.

Why is this the case? If you try to align the interests of the investors with the interests of the founders, you'd find that this would put you at odds with your investors.

A company's total value might be quite a bit higher by having the ability to offer large amounts of employee options (just as an example, the ability to easily hire media personalities with a big followings without breaking your bank), which is good for both the founders and the investors.

I understand the investors are trying to protect themselves from the founders deciding to give a ton of shares to their friends (and then potentially back to the founders, in other ways), but I wonder if there is a better solution to this.

rdl 7 hours ago 1 reply      
I don't think the 4/1 aspect of vesting is a particularly big problem. If you are enjoying your job at 4 years, the job has probably changed substantially, and you can renegotiate for a refresher grant.

I don't see any problem with restricted stock pre series A, when equity is the biggest consideration for employees. As long as financing is notes, the common hasn't yet been priced, so you can just use a very low value.

Willingness to issue refresher grants is easy for CEO and board to change.

I don't think you need to be as open as buffer, but being open with percentage ownership and financials seems obvious.

RSUs with a performance modifier already cover most of this for larger companies. Something like that for startups probably wouldn't work since so much of the risk is company-wide vs. individual.

semerda 2 hours ago 0 replies      
Mary Russell & Chris Zaharias are trying to do that here http://stockoptioncounsel.com/ with a bill of rights endorsement by educating folks on stock options and their rights. There are all sort of clauses and tax implications around given options that confuse people. Most end up believing the % they got will make them a millionaire.

This is a great opportunity for Freakonomics to dig into the state of stock options in startups.

When I was in my 20s I was more gullible by all the talk of stock options and becoming a millionaire from them. However I never stopped investing in property and after 10 years I am happy I continued investing into tangible assets that I was in control of. Stock options is a lottery at best. And as you get older, and learn the value of money and your time, you see the opportunity costs clearer.

As a side note, I've been through an IPO and fed all the brain wash leading up to it. Reality is always far from the dream. Many people don't like to talk about their failures only successes hence you hardly ever hear about this.

Now saying all that, there are the minority that strike it rich either by being an early employee of a startup that goes big (small % of something large) or are a founder of a successful startup when the stars align.

Employee compensation in startups will need to change as more folks start to realize the opportunity costs.

My word of advise, invest in yourself and stuff "you are in control of".

applecore 6 hours ago 3 replies      
> Founders certainly deserve a huge premium for starting the earliest, but probably not 100 or 200x what employee number 5 gets.

When the founders started the company, their equity was pretty much worthless. When employee #5 is hired and gets 0.50% of the company, her equity presumably has some dollar value. Employee #5 gets a better deal than the founders, even though the founders have 100x more equity.

The only thing that matters is the dollar value of the equity at the time it's awarded.

awicklander 7 hours ago 2 replies      
There's another option that people never seem to talk about. Treat people well, give them a good working environment, and give them a fair salary based on the fact that they don't have any equity.

Most engineers I know with stock options and a discounted salary would have been much better with a higher annual salary and no stock options at all.

leccine 3 hours ago 0 replies      
I have calculated my hourly rate including the money I would get after the IPO with 40USD share price and it came out around 100 USD. This is extremely sad given that I am senior engineer, imagine what somebody in a lower paid position gets. I think generally speaking, it is not worth it to work for 12 hours a day for a startup and get 10K shares over 5 years. If you actually work 8 hours and in your spare time doing a side project you might end up way better. You could get the ideas from the 4hour work week book.
aetherson 6 hours ago 2 replies      
I don't understand why options are taxed at exercise. You aren't getting money out of the transaction. If you have an option to buy a share at $1 (when the share is valued at $10), and later you sell at $50, why isn't the tax treatment just that you have a $49 capital gain? Why do we instead do a $1 -> $10, and then a $10 -> $50 tax thing?
johnrob 7 hours ago 1 reply      
The easiest would be if the IRS would agree to not tax illiquid private stock until it gets sold, and then tax the gain from the basis as long-term capital gains and the original value as ordinary income.

I think employees would be more than happy to treat all of this as ordinary income, if that would make it more appealing to the IRS.

zck 5 hours ago 0 replies      
There's another effect of the ten-year exercise window.

Remember how Facebook was "forced" to go public because so many people owned stock? (http://www.businessinsider.com/why-the-sec-will-force-facebo...). Well, if there's a ten-year exercise window, some of the people will hold their options and not exercise them. My -- albeit limited -- understanding of the situation is that those people are not counted as stockholders. They have options, not stock.

So the ten-year exercise window is also good for the startup, because it delays the time until the startup has to publicly disclose its financials.

porterhaney 7 hours ago 3 replies      
Adding to Sam's post I'd like to see employees made aware about tools like 83(b) elections to decrease their tax liability.
runT1ME 7 hours ago 1 reply      
>Perhaps the best way to think about it is to try to come up with a total compensation package with the same expected value (using the company valuation of the last round, or a best-efforts guess if its been a long time since the round) as the employee would get at a big company like Google

Am I missing something or is this saying people should be offered an 'expected' equal compensation package to what they would get at Google? What would the incentive be? Google is a company with quite a bit of projected longevity, career progression, and very good perks. Why would I choose a startup with inherently greater risk for only the same reward?

emocakes 2 hours ago 0 replies      
I worked at a startup, was employee number 4, and the 2nd lead developer after the CTO, I got offered a pathetic 0.025% over 4 years. Options like that are disheartening and really don't make you want to stick around for 4 years getting paid dirt to eventually be able to claim your $20k worth of options.

I left and now am getting paid close to triple my old salary with options getting close to 10% in a business model that is far more profitable than the previous. I think lots of people just starting out in the startup scene get taken advantage of and taken for a ride.

lectrick 3 hours ago 0 replies      
Maybe startups should abandon the stock market process entirely and issue a new cryptocurrency instead. The founders can pre-mine whatever percentage they wish and then pay employees in part in that currency, which would be traded on an exchange the same way stocks currently are.
STRML 2 hours ago 1 reply      
I'm starting to see companies tossing around the idea of "Phantom Stock Options"; that is, shares kept purely on paper that are never issued to the employee. Upon a liquidity event, the employee can exercise the shares and be paid their value as regular income.

This has some tradeoffs, some of them positive, some of them negative, but I am far from an expert I would love some input from somebody who knows more.

It does appear to be vastly simpler for all parties, and completely eliminates any possibility of a tax trap. However it seems to guarantee that you will be paying income tax on the sale, which can be quite sizable. And the specifics of what happens after you leave, voluntarily or otherwise, is incredibly important considering that you are never granted any actual stock.

filmgirlcw 6 hours ago 0 replies      
This is a fantastic article.

Sam is dead-on that the current situation isn't fair and often offers employees little to no information about how the options work.

The 90 days to exercise thing is a real bummer -- for lots of reasons. As Sam says, not every employee is in a position to relinquish that kind of money for the options and taxes. I would say that if you are looking to go someplace else, depending on the size of the company and the situation, it's not out-of-line to try to value the options you won't get to exercise (or even the exercise price) into your new salary. Most companies aren't going to be willing to give you what you need to vest-out upfront, but it is a good way to negotiate either a one-time bonus or higher salary.

jbkp 6 hours ago 2 replies      
You know, it's funny, I read things like this from time to time: "so if I have 0.5% of company and it gets acquired tomorrow for $100 million dollars, will I get $500,000?" and I remember that I am in this exact scenario, and have no idea what the answer is. I've been an employee at a startup for 2 years now. I joined when I was young, naive, and broke I don't even remember if I read the paperwork before signing it.

Does anyone have any advice for how to go about learning more about employee options? I realize I sound dumb, but better late than never.

Some questions I've always had but have been too afraid to ask:

- How does one exercise their options?

- What taxes are there and when do you have to pay those?

- In the above scenario, what factors are involved in me actually getting that $500k?

- What questions aren't I thinking of because I don't know enough about any of this? For example, I've never asked about my options since signing the paperwork: was there something I would have had to do already that I haven't, and will likely screw me in the future?

P.S. Throwaway for anonymity (because I am embarrassed to have to ask!).

jpasmore 2 hours ago 0 replies      
Tax laws make this more complex than it needs to be. It would be ideal to eliminate options altogether and compensate employees with stock.

Take the market value of a job minus the amount the employee is actually paid (the startup discount) and pay the discount in stock -- common shares (VC's will be in preferred). All employees should get 2% of salary as a starting point in shares. Allow employee's to buy additional shares by forgoing comp or simply investing. Peg share price and timing of share grants to Rounds or any investment (Notes).

Perhaps have repurchase rights only if terminated for cause. Doesn't matter if someone comes in for 8 months but adds value during that period, so vesting concept is eliminated.

Would need IRS to change grant from ordinary income to capital gain type of treatment where taxes are paid when some actual liquidity/transaction occurs.

mrmch 5 hours ago 0 replies      
Would it be within the YC wheel house to provide standard employee equity agreements (just like the YC note)?
aferreira 7 hours ago 4 replies      
Regarding the question of knowing what percentage of total equity your stock grant represents, most companies that are not incredibly early stage will simply not tell you.

Pushing the subject further will make you look like you're nosing around where you shouldn't, often leading to the offer being dropped (this has happened to me).

Not to say it wasn't a not-so-great company to start with, but a dropped offer is a dropped offer.

zosegal 6 hours ago 0 replies      
I think the Wealthfront Equity Plan is pretty interesting: http://firstround.com/article/The-Right-Way-to-Grant-Equity-...
DavidWanjiru 4 hours ago 1 reply      
The thing I try to think about in the context of me being the owner of a successful business, and not necessarily in software, is profit sharing, as opposed to equity sharing. Profit is a degenerate case of equity, in the sense that a large (albeit not whole) part of why you want to own equity is to own a share of the profit. At any rate, at the level of employee options, you want own enough equity to play the decision making role that holding equity enables you to. Beyond that, the value a market assigns to equity you own is (should be!) ultimately dependent on the profit that will accrue to that equity. At the same time, profit sharing is a lot less messy and much more rewarding to employees than equity. Sure, you're not getting a share of this asset that you've helped build, but from what I'm hearing, the story is the same with options. And profit should be easier to "give away" than equity from the founders' perspective, I think. I realize that sharing profit is complicated when businesses are in the red, but on the whole, I suspect there might be better value in the idea for all involved. Not that I have any idea about how exactly to go about sharing this profit, assuming it exists, I don't. I just happen to think it might be a more satisfactory path to take, assuming the fork on the road reads "Equity Sharing" this way, "Profit Sharing" that way.
sskates 6 hours ago 1 reply      
I'll be forwarding this to our lawyer when we implement the legal paperwork on our stock option plan. We already do 1) and 4) as much as we can.

If anyone here has any ideas of how else we can be more friendly to employees with regard to equity I'm all ears.

d2ncal 4 hours ago 0 replies      
Great article. One thing that he forgets to mention is to let employees "Pre Exercise" the options.

For a very young startup (even for Series A), the shares are still worth pennies per share, and letting employees pre-exercise the shares not only saves them from AMT but also lets the long term capital gains kick-in sooner.

Only a few startups that I've seen do this, and its really effective specially for employees.

7Figures2Commas 6 hours ago 0 replies      
There are a lot of things in this post that deserve to be addressed, like the fact that the 90 day exercise period for ISOs after termination is based on IRS rules, not arbitrary company policy.

But what really needs to be addressed is the fact that employee startup equity rarely produces the kind of reward that one would expect it to given the outsize attention that is paid to it. Sam writes:

> As an extremely rough stab at actual numbers, I think a company ought to be giving at least 10% in total to the first 10 employees, 5% to the next 20, and 5% to the next 50. In practice, the optimal numbers may be much higher.

It's worth testing these numbers against real-world data. For this, I'll use CB Insights' 2013 Global Tech Exits Report[1], which shows that:

1. 1,825 private tech companies exited in 2013.

2. Only 19 of them exited at a $1 billion-plus valuation.

3. 45% of exits were under $50 million, and 72% of exits were under $200 million.

If you assume that the first 10 employees receive 10% of a company's equity, and that each employee in that group receives 1%, a $200 million exit produces up to $2 million before taxes for each of the early employees. A $50 million exit produces $500,000. If you're making $125,000/year as a senior engineer, $500,000 gross after 4 years is the equivalent of what you earned in salary over the past 4 years. That's a nice bonus, but not life-changing wealth. $2 million is nicer, but if you plan to stay in the Bay Area, you might spend half or more of that on a modest house or condo.

Once you factor in the cost of exercising your options, taxes, dilution, liquidation preferences, lack of acceleration and the fact that a good portion of employees leave before fully vesting, you can see that even in a scenario where 10% of the company is given to the first 10 employees, employees aren't likely to see the type of compelling returns that Silicon Valley dreams are made of. Facebook and Twitter-like exits, where thousands of employees become paper millionaires overnight and the earliest gain tens or hundreds of millions of dollars, are the exception, not the rule.

What's worth considering further is the fact that 66% of the companies that exited in 2013 had raised no institutional capital according to CB Insights. So, as a prospective employee, in joining a venture-backed company (or a company coming out of a prominent accelerator), you may be putting yourself at a disadvantage even before you take into account the fact that employee equity is most vulnerable to dilution and liquidation preferences at these companies.

Final note: CB Insights' 2012 Global Tech Exits Report[2] shows similar trends to the 2013 report. In fact, in 2012, over half of exits were under $50 million and 76% of the companies that had an exit had not raised institutional capital.

[1] https://www.cbinsights.com/blog/global-tech-exits-report-201...

[2] https://www.cbinsights.com/blog/tech-mergers-acquisitions-de...

sscalia 4 hours ago 0 replies      
Great article. It should read "How not to get fucked at a startup"

This coming from someone who got bent over a barrel.

spo81rty 6 hours ago 3 replies      
This is where having a startup outside of the valley is nice. Nobody where we are (KC) really even expects stock options. We just pay a good competitive salary and don't have to compete with someone like Google paying 2x as much. We have given some people stock incentives but because we pay well and competitively it isn't the primary compensation. The costs of running a startup are so much lower here.
PabloOsinaga 7 hours ago 0 replies      
I totally dig these ideas - is there any consensus docs floating around we can use for our employees? and/or is anybody implementing these ideas today? ( perhaps we can borrow their docs ). Thx
practicalpants 5 hours ago 2 replies      
This is probably not the right vehicle to ask 'Am I being treated fairly?', but I think I will anyways. The startup is pre Series A, I'm the first non founding/non executive level engineer, I'm technically a contractor but treated pretty much exactly like an employee (I know that's a whole separate thing), I'm not the most experienced engineer, i.e. last year at my prior job I was an intermediate level but this year I would be considered senior at most organizations, I get a decent hourly rate, it's 95% remote, and my equity percentage is... .25% with four years of vesting.

I could be wrong, but I've come to the conclusion that after dilution and taxes, any thing short of a billion dollar exit isn't going to be compensatory for my efforts. I don't know how correct my conclusion is, and whether I should try negotiating for more.

dalef 2 hours ago 1 reply      
Great article, but I am still not really understand some of the part of the whole picture. Can someone help here?

I am now working in a series A company, taking 0.13% of the company, 13,000 shares (options). At the other side, Pinterest offers me 30,000 RSUs which I turned down because I thought Pinterest was already a late stage company.

But after I did these researches (including this post), I am wondering if I made a right decision? my 13,000 shares will always be 13,000 shares, no matter how much dilution we have in future, right? so does it mean even if my company grew to the size of Pinterest in future, I still only have that 13,000 shares instead of 30,000 I could get from Pinterest easily with less risk?

Or all late stage startup companies have split their stocks otherwise I don't see how joining a early startup for 13,000 would be any better

mathattack 5 hours ago 0 replies      
I've seen companies strategically fire people to get out of option awards. Or grant very generous options, only to plan on firing the folks later. Very shady business.

I've become a bigger believer in cash. Unless you TRULY believe the vision.

bankim 5 hours ago 0 replies      
Kudos for a post focusing on startup employees and not founders!
bambam12897 3 hours ago 0 replies      
I wonder what the author thinks of ESOPs and cooperatives.
logfromblammo 4 hours ago 0 replies      
I can only speak for my own experience, but everyone I have ever known has always been screwed by options. As such, I automatically assign a value of $0 to any options attached to an employment offer. You can pretend that yours are worth more thanks to your unique structuring as much as you like, but thanks to everyone else in the industry, you will still have to convince your employee that you are not just spewing delusion at him.

While I can't prove it, I believe I was once fired just to prevent my options from vesting.

As an employee, you're really better off with zero options and a higher salary 99.9% of the time. But that means the owners have to sell more of their equity to make payroll.

If you want to be a nice guy and keep the early employees eligible for big payouts, take your share of the buyout/IPO and give them bonuses out of that. No one trusts the option plans any more.

derekrazo 5 hours ago 0 replies      
You could run your start up as a co-op.
ironhide 6 hours ago 0 replies      
You either own the company or you're nothing.
GoDaddy Released My Personal Information to a Spammer Troll skepchick.org
307 points by kmfrk  2 days ago   141 comments top 29
jxf 2 days ago 7 replies      
While GoDaddy has a point about the opt-in component being important for deciding whether spamming took place, they certainly didn't need to release her personal information to the spammer. That's a terrible, serious breach of privacy.

A naive approach that might work without either party needing to divulge emails:

GoDaddy: "We have received complaints that you've been spamming. Give us a list of SHA-1 hashes of addresses of the people that opted in and show us how they opted in."

Customer: "Here's the list."

GoDaddy: "At least one complaint email we received does not match the SHA-1s on this list."

filmgirlcw 2 days ago 0 replies      
I'm loathe to defend GoDaddy, but I don't know if they can be "blamed" in this case, if only because what happened here was not the typical spam scenario.

If I'm understanding the situation correctly (and if I'm not, please let me know), a crazy person with an agenda sent a mass-mailing to about hundreds atheists/bloggers in an attempt to push his POV. Skepchick reports him to his email host (in this case, GoDaddy), under their spam terms.

GoDaddy does their standard process, which includes asking for opt-in proof, and revealing the email. Crazy guy goes crazy and makes a website dedicated to trying to defame Skepchick, using info he found about her online.

The problem is, this wasn't typical spam. Meaning, this wasn't some bot sending out Viagra sales pitches or the "great investment leads" people that send me 30 messages a day. This was unsolicited mail, yes, but it was with an agenda. Basically, I'd classify it more as harassment.

I'd imagine the situation would have been handled differently if it was flagged/seen/filed as harassing messages, rather than spam. I don't know, but I have to assume GoDaddy has an abuse team and that their methods of handling this sort of thing would be different.

Please understand, I'm not putting the onus on Skepchick to correctly know how to classify the message. It stands to reason she thought this was spam. But at the same time, I don't know if this sort of edge case is common enough to require a more complex method such as SHA-1 hashes.

Shitty situation all the way around, but I think the biggest problem was this was treated as a normal case of spam, when really it was a case of abuse/crazy.

masklinn 2 days ago 2 replies      
So GoDaddy is utterly terrible both when you're their client and when you're not their client. Great. Could that company be burned to the ground already?
tomp 2 days ago 5 replies      
TL;DR: User got spam from a website hosted by GoDaddy. User reports spam. GoDaddy wants to be good guy and asks spammer if user opted in (by providing spammer with the user's email). Spammer stops spamming, but harasses user by posting her photo online, which s/he probably got using the email address GoDaddy provided.

In retrospect, I'm sure there are better ways for GoDaddy to investigate such complaints, but I think they didn't do something very evil - an email address is hardly "personally identifiable information". On the other hand, if you don't want your photo to be posted online, don't post your photo online.

billyhoffman 2 days ago 1 reply      
Yet another reason to not use GoDaddy!.

I highly recommend Hover as a domain Registrar. Tried them with a few new domains, and loved it so much I migrated everything there.

josefresco 2 days ago 1 reply      
To contrast this with a real world example, if your neighbor is having a party and you call in a noise compliant to the police, I don't think they tell the party host "we got a noise complaint from your neighbor at 123 My Street".
DEinspanjer 2 days ago 0 replies      
I think all this just goes to reinforce the complete brokenness of e-mail to date.

While the proposals for requesting proof of opt-in via SHA hashes and such seem technically feasable, I think it pretty quickly breaks down when you think about how much cost and overhead that would put on GoDaddy (or law enforcement) to manage.

Think about the volume of spam out there. Then imagine a very tiny fraction of that being reported. Each one of those would require validation. While you could automate all the SHA sum comparison stuff, I don't think you could easily automate the validation of whether the opt-in mechanism was appropriate. If the sender indicates there was an opt-in, the validator must still confirm with the complainant whether that is a true claim. Without that, the system is useless because the spammer just keeps a SHA sum for each of the addresses they've purchased and supplies them along with an "Yes they opted in!" claim.

Manually validating the opt-in mechanism would require lots of manpower, and more importantly, a common and universally agreed upon set of rules for how opt-in should work. There are all sorts of nuance in the way there. Should it be a double confirmation? Does existing business relationship count? If so, what are all the rules regarding what constitutes such a relationship? What about unsubscribing afterward?

Edit: Removing the pessimistic and un-useful concluding paragraph on the hunch that was what warranted downvotes.

alandarev 2 days ago 2 replies      
Despite all my hate towards GoDaddy, I cannot see the happening being their fault.

As tomp pointed out, disclosing email address is part of the process, probably not clearly stated, but GoDaddy handled it well. They issued a fine to a spammer, resolving the initial spamming case.

Worse would be if they have not carried out any actions at all.

Now, concerned the harrassment, how come GoDaddy is responsible for trolls being trolls? As Company pointed out, report him to law enforcement. Sue him, or anything, victim has got the spammer's domain, thus all the private information needed to escalate the problem further.

lettergram 2 days ago 1 reply      
I would report GoDaddy and the spammer to the police. If the spammer went through all that trouble he's probably nuts.
devicenull 2 days ago 1 reply      
Forwarding a complaint onto the end user is standard practice these days. It seems that every few months there is a story like this where someone sends an abuse complaint then is surprised when the hosting company sends it to the end user. For any large enough company it's unlikely a person will even read your complaint before it gets forwarded on. Most complaints are designed to be sent to the end user so it's no surprise companies automate this process.
MCarusi 2 days ago 1 reply      
Welcome to GoDaddy's customer service. I don't even let them have my domain names. Use NameCheap (and no, I'm not being paid to endorse them).
ooobo 2 days ago 1 reply      
There is a similar, perhaps more significant problem with Twitter's abuse reporting tool[0]. To submit the form, users are required to tick the box that notes they accept the following:

"I understand that Twitter may provide third parties, for example the reported user, with details of this report, such as the reported Tweet. Your contact information, like your email address, will not be disclosed."

I think it highly likely that would encourage further abuse. This has prevented me using the tool in the past, and makes me think Twitter doesn't quite understand the issue.

[0]: https://support.twitter.com/forms/abusiveuser

maccard 2 days ago 3 replies      
Well, I struggled to get through the first half of that article. Enough banner ads?
vannevar 2 days ago 0 replies      
There's no reason to expect professionalism from a company that proudly portrays itself as a gang of leering adolescents.
mathattack 2 days ago 0 replies      
Was their response really just "Go call the cops"?
devicenull 2 days ago 0 replies      
Released the same personal information that is widely available via WHOIS, it seems..
higherpurpose 2 days ago 0 replies      
Please tell me nobody here is actually using GoDaddy anymore. How many lessons does one need to learn before they realize GoDaddy is an awful company?
D9u 2 days ago 0 replies      
The spammer appears to be a religious hypocrite, so why not spam the spammer with religious hypocrisy right from their own playbook?

I would begin with Isaiah 45:7 "I form the light, and create darkness: I make peace, and create evil: I the LORD do all these things."

leccine 2 days ago 0 replies      
This is the 3rd article on HN about GoDaddy being an absolute shit-show. I am curious how long they gonna keep up.
chris123 2 days ago 0 replies      
Not surprising. GoDaddy does not have a good reputation among anyone I know, and I've been involved with domain names since the mid 1990s. I recommend you research other registrars and consider taking your business to them. I know Namecheap has good prices, 2FA, low prices, and discount codes for people leaving GoDaddy. Best wishes.
bmoresbest55 2 days ago 0 replies      
I am not hating on Go Daddy but I will say that articles like these do not come out of left field. There was the incident about two months ago with the @N twitter name that involved them and I have heard other grumblings about them. Then when you have other registrars that offer competitive services and do not have those grumblings, you switch. I did. (namecheap.com) Just sayin'...
Ihmahr 2 days ago 0 replies      
They are also elephant killing [1] sopa / pipa supporters [2].

[1] http://gawker.com/5787676/meet-godaddys-ridiculous-elephant-...

[2] http://godaddyboycott.org/

LazerBear 2 days ago 6 replies      
So which registrar does HN recommend?

I've used Namecheap before and they were decent, though the dashboard looks like it was built in the 90's.

I checked out Hover but they seem to charge a lot for email.

rajbala 2 days ago 2 replies      
"I noticed that the email address it came from as well as the link went to a GoDaddy registered domain."

Who does a whois lookup on domains from spam emails?

xroche 2 days ago 2 replies      
I'm still puzzled that people are still using companies like Godaddy, Network Solutions etc.. which collect more horror stories than any other ones. Are customers really that stupid ?
mirsimiki 2 days ago 0 replies      
I've lost several domains that simply got deleted from my account. Every time I tried contacting them about the subject they refused to answer.
chloratine 2 days ago 0 replies      
Time to switch to proxy email id's, which do not give out the first name or the last name.

From now on, I'll be known as wHzqbUWp at gmail.com

chatman 2 days ago 2 replies      
Who on earth reports spam to originating server administrators? It might seem contrary to general sentiments here, but really, why not handle your own problem (and adjust your spam filters) instead of troubling GoDaddy?
microcolonel 2 days ago 1 reply      
With Skepchick involved, this seems sketchy.

I'm not going to spend today defending GoDaddy, as they've been a fair fly in the ointment to me. However I would not suggest burning them at the stake because of somebody on this particular blog posted an inconclusive statement about a breach which was, as far as we can tell, dealt with already.

As a customer of theirs, I'll probably be contacting them about this to make sure I don't have any similar issues, and suggesting a remedy (probably something like the cryptographic hash based verification method suggested elsewhere on this page) for the future.

An Update on HN Comments
305 points by sama  1 day ago   251 comments top 43
bravura 1 day ago 6 replies      
I appreciate the changes. But while we're on the topic, could I throw out a thought?

It should be easier for a late-arriver on a post to add a useful comment, and have it be promoted. Have you considered using randomization to adjust the score of certain comments?

HN comments seem to exhibit a rich-get-richer phenomenon. One early comment that is highly rated can dominate the top of the thread. (I will note that, qualitatively, this doesn't seem as bad as a few months ago.)

The problem with this approach is that late commenters are less likely to be able to meaningfully contribute to a discussion, because their comment is likely to be buried.

One thing interesting about the way FB feed appears to work is that they use randomization to test the signal strength of new posts.

Have you considered using randomization in where to display a comment? By adding variation, you should be able to capture more information from voters about the proper eventual location for a comment. It also means more variation is presented to people who are monitoring a post's comments.

alain94040 1 day ago 10 replies      
I'd love to able to fold a nested conversation once I think that particular branch is going nowhere. HN should treat the folding as a signal similar to a down vote on that particular sub-thread. I often don't think any particular comment warrants a down vote, so I have no way to tell HN that the thread should be pushed back.

Plus everyone has been asking for a way to collapse sub-comments (and many plugins do it already).

jseliger 1 day ago 5 replies      
dang and kogir tuned the algorithms to make some downvotes more powerful. We've been monitoring the effects of this change, and it appears to be reducing toxic comments.

That's interesting to me because I find myself downvoting much more often than I used to. But the comments I downvote are not that often toxic in the sense of being nasty. They're more often low-content or low-value comments that don't add to the conversation.

The jerks and trolls are out there but I'm not positive they're most pernicious problem.

rdl 1 day ago 6 replies      
I wish there were multiple kinds of downvotes. "This is actually bad" (spam, etc.) vs. merely useless, vs. factually incorrect but reasonably presented.

I mostly only downvote spam or abuse; I try to ignore "no-op" comments, and would rather reply to someone with information about why they might be wrong vs. downvote, but I'm not sure if this is universal.

codegeek 1 day ago 3 replies      
"make some downvotes more powerful."

Yes this will be great. Any comment that has personal attacks,abusive language, racial slurs, trolling, off-topic self-promotion/marketing etc. should allow downvotes to be more powerful. Usually, comments like these get a lot of downvotes pretty quickly but I am sure there are a few who upvote those comments as well for their own reasons.

May be comments like those should not be allowed upvotes once it reaches a number of downvotes ? Also, not sure if you guys already do this but really bad comments should be killed automatically once downvoted a certain number of times within a short time span ?

Now, when it comes to unpopular comments which are not necessarily outright bad, I am sure those are tough to program because how do you handle the sudden upvotes and downvotes at the same time ?

minimaxir 1 day ago 9 replies      
While on the subject of HN comments, I have a request: could the "avg" score for a user be readdressed?

The avg score is the average amount of points from the previous X comments a user has made. However, this disincentivizes user from posting in new threads which are unlikely to receive upvotes. I've lessened my own commenting in new threads because of this.

stormbrew 1 day ago 1 reply      
Something that I've been finding lately is that replies to my posts have been downvoted when to me they're fairly reasonable disagreements with what I said. I've actually taken to upvoting replies to me that go grey a lot of the time, even though I don't particularly agree with what they're saying.

To me it seems like a lot more stuff is getting downvoted than used to, and I'm not sure I see a meaningful pattern in the places I see it happening.

biot 1 day ago 3 replies      
Will there ever be the ability to upvote a story without it going into your "Saved stories" section? 99% of the time I upvote a story it's because I want to save it for future reference. I'd like the ability to upvote (and downvote) stories based on whether they're HN-worthy without it impacting the "Saved stories" section.
chimeracoder 1 day ago 2 replies      
> The majority of HN users are thoughtful and nice. It's clear from the data that they reliably downvote jerks and trolls

I have to say, I'm a bit confused now. Aren't "trolls" the sorts of comments that are supposed to be flagged[0]? (I understand that spam is meant to be flagged, but HN gets very few true spam comments[1]).

What is the difference between downvoting and flagging for comments specifically - and more importantly, what comments should be downvoted?

I've read conflicting arguments (both sides quoting pg, incidentally) that disagree on whether or not downvotes should be used to signify disagreement, or whether one should downvote comments that are on-topic but have little substance (ie, most one-liners).

[0] I guess this depends on your definition of "troll", but I think a well-executed troll is similar to Poe's law: the reader can't tell whether the commenter is being flippant/rude or sincere. In other words, it's just enough to bait someone into responding, without realizing immediately that it's a worthless comment.

[1] eg, ads for substances one ingests to change the size of a particular masculine organ, or (less blatantly) direct promotions for off-topic products.

kposehn 1 day ago 5 replies      
I'm glad to hear that these changes seem to be working. One thing I am (slightly) concerned about is the occasional funny/witty/hilarious comment that will get downvoted into oblivion rapidly. It isn't necessarily that it is a troll posting, but maybe someone injecting a bit of humor.

That said, I do understand if the mods/community do not feel that witticisms have as great an importance on HN - yes, seriously - so this is not a criticism, just an observation.

Serow225 1 day ago 1 reply      
Dang and friends, any chance of tweaking the layout so that it's not so easy to accidentally click the downvote button when using a mobile browser? This is commonly reported. Thanks!
mbillie1 1 day ago 1 reply      
> The first is posting feedback in the threads about what's good and bad for HN comments. Right now, dang is the only one doing this, but other moderators may in the future.

I've seen dang do this and I think it's actually quite effective. I'd love to see more of this.

maaaats 1 day ago 0 replies      
I like the new openness.
specialk 1 day ago 1 reply      
I find the idea that commenters with higher karma having more powerful down-votes slightly disconcerting. My fear is that if people down-vote comments that are well meaning and relevant but they disagree content we will only ever see one train of thought rise to the top of comment threads.

This could start a vicious cycle where voting cabals of power-users form. For example if Idea X becomes popular among some members of HN they will be able to always steer the discussion to talk about Idea X or down-vote a competing valid Idea Y into oblivion. Comment readers could be converted to Idea X, as it is always appearing at the top of relevant comment threads. So now the voting cabal as even more members. Growing the dislike of Idea Y. The cycle then repeats. The discussion is then steered over time by the thoughts of a select few power-users.

Maybe this is just the natural order of things and I'm subconsciously afraid of change. Thoughts?

joshlegs 1 day ago 0 replies      
Wow. I am overly happy that you guys have figured out a way to give commenting feedback. i had an account way back when shadowbanned for i never knew what reason. Still dont. I feel like if this system had have been implemented back then I would have had a better idea of what was wrong that I said.

Also, I'm pretty sure you've found the secrets to good Internet moderatorship. So many forums went offcourse from ban-happy moderators that didnt want to actually take the time to moderate the community, instead just banhammering people. Kudos to you guys

tedks 18 hours ago 0 replies      
>(and specifically, they dont silence minority groupsweve looked into this)

How have you looked into this, and what have the results been?

What efforts are you going to take to ensure it stays true in the future?

There are other comments asking these questions that have so far not been answered; it would be good to answer them. It's very unsettling when people (primarily from a privileged/majority standpoint) proclaim that things "don't silence minority groups" and handwave the justification.

In general I've found HN to be much more positive towards feminism in particular than similar communities like Reddit or others that I won't name, but the tech industry has large issues in this area and it's surprising to me that this would be the case.

In particular, it seems likely to me that HN will selectively not-silence minority voices that tend to agree with the status quo or pander to majority voices. I'd be surprised if your analysis accounted for that, but I'd be very, very happy to be wrong.

User8712 1 day ago 1 reply      
Are comments ever deleted or hidden from view completely? I've been reading HN for a year or two, and I've never noticed an issue with comment quality. In topics with a larger number of comments, you get one or two heavily downvoted posts, but that's it.

My question, is there an issue with comments I'm not seeing? Do the popular topics on the homepage have dozens of spam or troll comments that are pruned out constantly, so I don't notice the problem? Or is the issue those 1 or 2 downvoted comments I mentioned earlier?

HN receives a small number of comments, so fine tuning algorithms isn't a big deal in my opinion. This isn't Reddit, where the number one post right now has 4,000 comments. That presents a lot of complications, since they need to try and cycle new comments so they all receive some visibility, allowing them a chance to rise if they're of high quality. On HN, you have 20 comments, or 50 comments, so regardless of the sorting, nearly everything gets read. As long as HN generally sorts comments, they're fine.

Thrymr 1 day ago 1 reply      
> posting feedback in the threads about what's good and bad for HN comments.

Am I the only one who thinks that posting more meta-discussion directly in comments reduces the overall quality rather than increases it?

Maybe a downvote should come with a chance to add an explanation that can be seen on a user's page or on a "meta" page, but not dilute the discussion itself.

olalonde 18 hours ago 0 replies      
I know it would be a pretty big experiment both technically and conceptually, but I will propose it just in case.

I have noticed that usernames might influence the way I vote. What if usernames were not displayed in comments? Now this leads to two problems: 1) it makes it hard to follow who replied to what in threads 2) it makes it more tempting to post bad comments given the lack of accountability. I think the first problem could be solved by assigning users a per-submission temporary username picked at random from a name/word list. The second problem could be solved by linking those random usernames to the actual profile page of who posted (just like HN currently does). It wouldn't stop deliberate attempts at up/down voting specific users, but it would remove the unintentional bias.

aaronetz 1 day ago 0 replies      
I have noticed that people oftentimes downvote because of disagreement, even when the comment seems to be okay (to my eyes at least). How about eliminating the downvote, leaving only the "flag" which makes it clearer that it should not be used for disagreement? It would also make comments more consistent with top-level stories (which I sometimes think of as "root-level comments".)
raverbashing 12 hours ago 0 replies      
I had a moderator intervention happen in one thread, however, I think the moderators, when speaking "on behalf of HN" should have a way to indicate that (like an indication on their username, or something similar)

Otherwise it looks like anyone just decided to intervene.

camus2 1 day ago 1 reply      
In my opinion,just like SO, downvotes should actually cost Karma. Yes sometimes some messages are just bad and trolling but sometimes people get downvoted just because they dont "go with the flow",and they have unpopular ideas. So if a downvote cost 2 , the downvoter should lose 1 for instance. And please dont downvote me just because you disagree.

EDIT: just proved my point,why am I being downvoted? it was a simple suggestion yet,someone downvoted me,just because he can and it's free. I was not trolling or anything... I just wanted to participate the debate.

Bahamut 1 day ago 1 reply      
I've seen plenty of downvotes around from people who didn't understand what was being said/wanting to exert opinions. To be honest, that partly gets me to just not want to contribute thoughts since they may be unpopular/do not jive with a hive mentality, and has gotten me to visit the site less for the comments, especially with the recent tweaks.

It'd be nice if something could be figured out to discourage this behavior through reduction of the value of the downvotes of such, especially if a comment has not had a response to explain the downvote.

chrisBob 13 hours ago 0 replies      
The biggest problem I see is that the combination of a threaded discussion and the strong ranking provides an incentive for replying to a another comment even if a new comment would be more appropriate.

This, for example, is much more likely to be buried than if I replied a few comments down on the thread from bravura.

mck- 1 day ago 0 replies      
May I also suggest an update to the flamewar trigger algorithm? Or at least this is what led me to believe it is a flamewar trigger [1]

Oftentimes a post is doing really well [2], accumulating a dozen up votes within 30 minutes, jumping up the front-page, but then because of two comments, it gets penalized to the third page. I can see it being triggered when there are 40 comments, but there seems to be an awfully low first trigger?

[1] https://news.ycombinator.com/item?id=7204766

[2] https://news.ycombinator.com/item?id=7578670

lettergram 1 day ago 0 replies      
"We believe this has made the comment scores and rankings better reflect the community."

It would be interesting to see how you could actually change the community via comment filtering.

For example, if some individuals are always posting negative comments and were previously not silenced. I wonder if now that they are being silenced if they would leave the community entirely, just keep posting and ignoring the results, or change their comments to fit the community.

zatkin 1 day ago 3 replies      
I recently joined Hacker News, and actually read through the guidelines before making an account. If there was one area where I feel that anything convinced me to be smart about what I post, it would be those guidelines.
rickr 12 hours ago 0 replies      
Is there a template or example post for the first item?

I've thought about doing this in the past but I didn't want to seem too elitist.

abdullahkhalids 1 day ago 0 replies      
It would be interesting if you published stats for each user: how often they upvote and downvote compared to the average for starters.

It would also be useful to know how often other people upvote (downvote) the comments I upvote (downvote).

These stats should only be privately viewable.

gautambay 19 hours ago 0 replies      
>> and specifically, they dont silence minority groupsweve looked into this

curious to learn how this analysis was conducted. e.g. how does HN determine which users belong to a minority groups?

onmydesk 1 day ago 3 replies      
"We believe this has made the comment scores and rankings better reflect the community."

Is that desirable? A better debate surely entails more than one opinion. I also don't know what a 'jerk' is, someone that disagrees with the group think?

I just don't think its that big a problem. But thats just one opinion that might differ from the collective and therefore must have no merit? An odd place. Over engineering! To be expected I suppose.

ballard 23 hours ago 0 replies      
Definitely gotta give you guys a standing ovation for yeomen's work.
mfrommil 1 day ago 0 replies      
I've always thought of upvote/downvote as a "thumbs up" or "thumbs down" - do I like your comment?

Sounds like the new algorithm penalizes disrespectful/spammy comments, rather than the "difference in opinion" comments (which is good). Could a 3rd option be added to differentiate this, though? Have option for upvote, downvote, and mark as spam (I'm thinking a "no" symbol).

darkstar999 1 day ago 1 reply      
When (if ever) do I get a downvote button?
dkarapetyan 1 day ago 0 replies      
Awesome. Keep up the good work. I am definitely enjoying the new HN much more. The quality of articles is way up and the comment noise is way down.
brudgers 1 day ago 0 replies      
It might make sense to increase the amount of time in which a negativemy scored comment can be edited or deleted.
robobro 1 day ago 0 replies      
Thanks, guys - didn't come to say anything more
bertil 1 day ago 0 replies      
> specifically, they dont silence minority groupsweve looked into this

I would love to have more details about that: what do you define as minority, and how do you measure silencing.

borat4prez 1 day ago 0 replies      
Can I use the new HN comments algorithm on my new website? :)
Igglyboo 23 hours ago 0 replies      
Could we please get collapsible comments?
darksim905 21 hours ago 0 replies      
Wait, you can downvote?
larrys 1 day ago 1 reply      
"It's clear from the data that they reliably downvote jerks and trolls"

Most people know what a jerk is. Perhaps though you (and others) could define what a troll is for the purpose of interpreting this statement. (Of course I know the online definition [1] but think that there seems to be much latitude in "extraneous, or off-topic messages" or "starting arguments".)

Specifically also from [1]:

"Application of the term troll is subjective. Some readers may characterize a post as trolling, while others may regard the same post as a legitimate contribution to the discussion, even if controversial."

While as mentioned I know what a jerk is, I can also see very easily someone throwing out "troll" to stifle someone else in more or less a parental way. That is to nominalize something as simply not important or worth even of discussion.

[1] http://en.wikipedia.org/wiki/Troll_%28Internet%29

pearjuice 1 day ago 3 replies      
Can anyone explain to me how this is not putting the common denominator in more power even further? At this point, unless you extensively agree with the majority of the echo circle, I doubt you will be able to have any impact on discussions.

Every thread is a rehearsal with same opinions at the top over and over and non-fitting opinions float to the bottom. In which turn, they get less "downvote-power" so they will stay low and can't get their peers above. I am not saying that the current flow of discussion is bad, I am just saying that participation is flawed.

We are simply in a system where you get awarded to fit to the masses and you get more power once you have been accepted into the hive-mind. A circular-reference at some point.

       cached 19 April 2014 02:11:01 GMT